WORKGROUP REMOTE ACCESS SWITCH USER’S GUIDE Release 7.2 Cabletron Systems (603) 332-9400 phone (603) 337-3075 fax support@ctron.
USER’S GUIDE ! Only qualified personnel should perform installation procedures. CAUTION NOTICE You may post this document on a network server for public use as long as no modifications are made to the document. Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made.
TRADEMARKS Cabletron Systems, CyberSWITCH, MMAC-Plus, SmartSWITCH, SPECTRUM, and SecureFast Virtual Remote Access Manager are trademarks of Cabletron Systems, Inc. All other product names mentioned in this manual are trademarks or registered trademarks of their respective companies. COPYRIGHTS All of the code for this product is copyrighted by Cabletron Systems, Inc. © Copyright 1991-1997 Cabletron Systems, Inc. All rights reserved. Printed in the United States of America.
USER’S GUIDE WARNING: Changes or modifications made to this device which are not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. DOC NOTICE This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.
CONTENTS Using this Guide 23 Documentation Set 24 Guide Conventions 25 SYSTEM OVERVIEW 26 The CyberSWITCH 27 The CyberSWITCH Network 27 Unique System Features 28 Interoperability Overview 30 Interoperability Protocols 30 Interoperability Devices 31 Security Overview 32 Network Interface Overview 32 System Components 33 Remote ISDN Devices 34 Switches Supported 35 Hardware Overview 36 Safety Considerations 36 System Platforms 37 The CSX1000 and NE Link 1000 (a Network Express Product) 37 Platform Descripti
USER’S GUIDE SYSTEM INSTALLATION 54 Ordering ISDN Service (US Only) 56 Overview 56 Ordering NI-1 Lines Using EZ-ISDN Codes 56 Ordering NI-1 Lines Using NI-1 ISDN Ordering Codes 56 Ordering BRI ISDN Lines using Provisioning Settings 56 Provisioning Settings for AT&T 5ESS Switches 57 AT&T 5ESS NI-1 Service 58 AT&T 5ESS Custom Point-to-Point Service 59 Provision Settings for Northern Telecom DMS-100 Switches 60 Northern Telecom DMS100 NI-1 Service 60 Northern Telecom DMS100 Custom Service 61 Basic Information
BASIC CONFIGURATION 82 Configuration Tools 83 Overview 83 CFGEDIT 83 Executing CFGEDIT 83 Saving CFGEDIT Changes 84 Dynamic Management 84 Executing Dynamic Management 84 Utility Dynamic Management Commands 85 Saving Dynamic Management Changes 85 Default Configuration 86 Using the Network Worksheets 86 Using the Configuration Chapters 87 Configuring Resources and Lines 88 Overview 88 Resources 88 Configuring Resources 88 Resource Configuration Elements 90 Resource Background Information 90 Lines 92 Configur
USER’S GUIDE IP Network Interfaces 105 Configuring Interfaces 105 Network Interface Configuration Elements 107 IP Network Interface Background Information 112 IP RIP and the IP Network Interfaces 117 IP RIP over Dedicated Connections 120 IP Host Operating Mode and the IP Network Interfaces 122 Using Multiple IP Addresses 122 Static Routes 124 Configuring Static Routes 124 Static Route Configuration Elements 126 Static Route Background Information 128 Default Routes 129 Configuring Default Routes 129 Defaul
Configuring System Options and Information 146 Overview 146 System Options 146 Configuring System Options 146 System Options Configuration Elements 147 System Options Background Information 149 System Information 150 Configuring System Information 150 System Information Configuration Elements 150 System Information Background Information 151 Administrative Session 151 Configuring Administrative Sessions 151 Administrative Session Configuration Elements 152 Administrative Session Background Information 153 A
USER’S GUIDE Configuring Off-node Server Information 178 Overview 178 Multiple Administration Login Names 178 VRA Manager Authentication Server 179 Configuring VRA Manager Authentication Server 179 VRA Manager Authentication Server Configuration Elements 180 VRA Manager Authentication Server Background Information 180 RADIUS Authentication Server 180 Configuring a RADIUS Authentication Server 180 RADIUS Authentication Server Configuration Elements 182 RADIUS Authentication Server Background Information 182
X.25 Configuration Elements 201 X.25 Line Configuration Elements 201 LAPB Configuration Elements 202 X.25 Access Configuration Elements 203 PVC Configuration Elements 206 X.25 Access Background Information 207 Current X.
USER’S GUIDE Configuring Advanced IP Routing 237 Overview 237 Static ARP Table Entries 238 Configuring Static ARP Table Entries 238 Static ARP Table Entries Configuration Elements 238 Static ARP Table Entries Background Information 238 The Isolated Mode 239 Configuring the Isolated Mode 239 Isolated Mode Configuration Elements 239 Isolated Mode Background Information 239 Static Route Lookup via RADIUS 239 Configuring Static Route Lookup via RADIUS 239 Static Route via RADIUS Configuration Elements 240 Stat
Configuring IPX 269 Overview 269 Configuring IPX Information 270 IPX Routing Option 271 Enabling/Disabling IPX 271 IPX Option Configuration Element 271 IPX Option Background Information 272 IPX Internal Network Number 272 Configuring the IPX Internal Network Number 272 IPX Internal Network Number Configuration Element 272 IPX Network Number Background Information 273 IPX Network Interfaces 273 Configuring IPX Network Interfaces 273 IPX Network Interface Configuration Elements 275 General IPX Network Interfa
USER’S GUIDE IPX-Specific Information for Devices 292 Configuring IPX Devices 292 WAN Devices 292 Remote LAN Devices 295 IPX Configuration Elements for Devices 296 IPX Background Information for Devices 297 IPX Triggered RIP/SAP Device Background 297 Configuring SNMP 298 Overview 298 Configuring SNMP 298 SNMP Configuration Elements 300 SNMP Background Information 301 Configuring AppleTalk Routing 305 Overview 305 AppleTalk Routing Option 305 Enabling AppleTalk Routing 305 AppleTalk Routing Option Configu
Call Interval Parameters 318 Configuring the Call Interval Parameters 318 Call Interval Configuration Elements 318 Call Interval Background Information 318 Monthly Call Charge 319 Configuring Monthly Call Charge 319 Monthly Call Charge Configuration Elements 319 Monthly Call Charge Background Information 319 Call Restrictions 320 Configuring Call Restrictions 320 Call Restriction Configuration Elements 320 Call Restrictions Background Information 322 Bandwidth Reservation 323 Configuring Bandwidth Reservati
USER’S GUIDE TFTP 348 Configuring TFTP 348 TFTP Configuration Elements 349 TFTP Background Information 349 File Attributes 350 Configuring File Attributes 350 File Attributes Configuration Elements 350 File Attributes Background Information 350 TROUBLESHOOTING 352 System Verification 353 Overview 353 Verifying Hardware Resources are Operational 353 Verifying WAN Lines are Available for Use 354 Verifying LAN Connection is Operational 354 Verifying Bridge is Initialized 355 Verifying IP Router is Initialize
Verifying the AppleTalk Routing Feature 372 Verifying AppleTalk Routing is Initialized 372 Verifying AppleTalk Routing is Operational 373 Verifying AppleTalk Routing Operational over the LAN connection 374 Verifying AppleTalk Routing Operation over a WAN connection 374 Verifying SNMP is Operational 375 Verifying the Dial Out Feature 376 Verifying Call Detail Recording 376 Verifying Compression is Operational 377 Verifying Reserved Bandwidth is Operational 377 Verifying PPP Link Failure Detection is Operatio
USER’S GUIDE IP RIP 397 IP RIP Initialization 397 IP RIP Output Processing on a LAN Interface 398 IP RIP Input Processing on a LAN Interface 398 IP RIP Output Processing on a WAN Interface 399 IP RIP Input Processing on a WAN Interface 399 IPX Routing 400 IPX Routing Initialization 400 IPX Routing over the LAN Connection 400 IPX Routing over the Remote LAN Connection 401 IPX Routing over the WAN Connection 402 IPX Routing and Service Tables 403 Triggered RIP/SAP Start Up 404 Triggered RIP/SAP Operation 404
System Messages 426 Overview 426 Informational Messages 426 Boot Messages 427 Initialization Messages 427 Normal Operation Messages 427 Status Messages 427 Spanning Tree Messages 428 Warning Messages 428 Error Messages 428 System Message Summary 428 Trace Messages 487 Overview 487 Call Trace Messages 488 Call Trace Message Summary 489 IP Filters Trace Messages 494 PPP Packet Trace Messages 495 WAN FR_IETF Trace Messages 497 X.25 Trace Messages 497 X.25 Trace Message Summary 497 X.
USER’S GUIDE Clearing Operational Information 522 Configuration-Related Commands 522 Restarting the CyberSWITCH 523 Setting the Date and Time 523 File Utility Commands 523 Terminating Administration Sessions 524 AppleTalk Routing Commands 525 Bridge Commands 530 Call Control Commands 531 Call Detail Recording Commands 534 Call Restriction Commands 534 Compression Information Commands 535 DHCP Commands 535 Frame Relay Commands 535 IP Routing Commands 537 IPX Routing Commands 542 ISDN Usage Commands 544 LAN
DHCP Statistics 569 Common DHCP Statistics 569 DHCP Relay Agent Statistics 570 DHCP Proxy Client Statistics 571 Frame Relay Statistics 572 Access Related Statistics 572 PVC Related Statistics 574 LAN Statistics 575 IP Statistics 576 IP Group Statistics 576 ICMP Group Statistics 577 IPX Statistics 579 IPX General Statistics 579 IPX Basic System Table Statistics 579 IPX Advanced System Table Statistics 580 IPX RIP Statistics 581 IPX Triggered RIP Statistics 582 IPX Route Statistics 582 IPX SAP Statistics 583
USER’S GUIDE APPENDICES 599 System Worksheets 600 Network Topology 601 System Details 602 Resources 602 Lines 602 Accesses 603 Device Information 604 Bridging and Routing Information 605 Bridging 605 IP Routing 605 IPX Routing 606 AppleTalk Routing 607 CFGEDIT Map 608 Overview 608 Main Menu 608 Physical Resources Menu 609 Options Menu 610 Security Menu 613 Getting Assistance 616 Reporting Problems 616 Contacting Cabletron Systems 616 Administrative Console Commands Table 618 Manage Mode Commands Table 6
USING THIS GUIDE The User’s Guide is divided into the following parts: SYSTEM OVERVIEW We begin with an overview of bridging, routing, and specific CyberSWITCH features. Next, we provide an overview for both the system software and hardware. SYSTEM INSTALLATION In this section of the User’s Guide we provide guidelines for ordering ISDN service in the US, and a step-by-step description of installing hardware and upgrading software.
USER’S GUIDE APPENDICES The User’s Guide provides the following appendices: NETWORK WORKSHEETS These worksheets are provided to help you gather pertinent information for configuring your system. We recommend that you print copies of these blank forms and fill in the appropriate information before you begin configuring your system. CFGEDIT MAP This map provides a guide through the Configuration Editor structure, and may be a helpful reference when configuring the CyberSWITCH using the CFGEDIT utility.
USING THIS GUIDE Guide Conventions systems central database access for security authentication purposes. Instructions for obtaining this electronic document can be found in Configuring Off-node Server Information. If you have Internet access, you may obtain this guide by following the steps outlined below: • Use your Web browser to get to the following address: http:// service.nei.com • From the resulting screen, click on Public. • Click on the Radius directory. • Click on the Docs directory.
SYSTEM OVERVIEW We include the following chapters in the System Overview segment of the User’s Guide. • The CyberSWITCH Provides the “big picture” view of a CyberSWITCH network. We include an overview of unique system features, interoperability, security, interfaces, system components, remote devices, and switches supported. • Hardware Overview A description of system platforms. • Software Overview A description of the CyberSWITCH’s system and administrative software.
THE CYBERSWITCH Because of the strong personal computer presence in the business environment, a move to graphical user interfaces, and the need to make the best use of available resources, there is a growing demand for high speed LAN access for remote devices. PC users need to be part of a workgroup or enterprise LAN, and remote access from home, field offices, and other remote locations has become a necessity.
USER’S GUIDE File Server Host CSX5500 CSX1200 Remote ISDN Bridge BRI WORKGROUP REMOTE ACCESS SWITCH BRI B-CHANNELS POWER SERVICE TX LAN RX 10BASE-T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 T1 D B25 B27 B29 B31 B26 B28 B30 L1 ISDN BRI Workstation BRI Workstation Workstation Workstation Workstation PC (with BRI ISDN TA) UNIQUE SYSTEM FEATURES The CyberSWITCH combines unique features that improve cost-effectiven
THE CYBERSWITCH Unique System Features automatically adjust the number of network connections. Thus, your network costs will reflect the actual bandwidth being used. • Filtering Allows you to control the flow of frames through the network. Filtering becomes necessary if you need to restrict remote access or control widespread transmission of sporadic messages. Customer-defined filters can forward messages based on addresses, protocol, or packet data.
USER’S GUIDE • Protocol Discrimination It is possible for multiple types of remote devices to use the same line. The system can determine the device type and the protocol encapsulation used by remote devices. • RS232 Port: Dual Usage If your installation requires you to process PPP-Async data, this feature allows you to use the RS232 port for either console access or a serial data connection.
THE CYBERSWITCH Interoperability Overview The CyberSWITCH supports the following PPP protocols: • Link Control Protocol (LCP) • Multilink Protocol (MLP) • Authentication Protocols Challenge Handshake Authentication Protocol (CHAP) Password Authentication Protocol (PAP) • Network Control Protocols (NCP) Internet Protocol Control Protocol for TCP/IP (IPCP) Internetwork Packet Exchange Control Protocol for IPX (IPXCP) Bridge Control Protocol for bridges (BCP) • Compression Control Protocol (CCP) • AppleTalk C
USER’S GUIDE SECURITY OVERVIEW The system provides several options for validating remote devices and for managing network security. The security options available are dependent on the remote device type, type of access, and the level of security required. Levels of security include no security, device level security, user level security, and multi-level security. Device level security is an authentication process between devices, based on protocol and preconfigured information.
THE CYBERSWITCH System Components The variety of network interfaces allows the installation of a wide range of devices at remote sites. As illustrated below, you can simultaneously choose bridges, routers, or host devices based on the specific remote site requirements. 192.1.1.2 Host (or Router) 192.1.1.3 Router 100.1.1.2 (or Host) 128.1.1.3 Host Remote Bridge 100.1.1.3 ISDN 128.1.1.2 Host WAN Interface 192.1.1.1 WAN Direct Host Interface RLAN Interface 100.1.1.
USER’S GUIDE REMOTE ISDN DEVICES The CyberSWITCH provides a centralized concentrator function for remote ISDN devices. The devices can be separated into the following categories: • remote ISDN bridge devices • PC based terminal adapters • ISDN enabled workstations • other ISDN routers Typical remote ISDN bridges provide one Ethernet port and one basic rate ISDN port. The basic rate port is connected to the switched digital network and is used to make connections to the CyberSWITCH.
THE CYBERSWITCH Switches Supported SWITCHES SUPPORTED Switch types supported by the CyberSWITCH’s basic rate and primary rate ISDN adapters: Type of Switch Basic Rate Primary Rate AT&T # 4ESS NA Yes AT&T # 5ESS Yes Yes AT&T Definity Yes Yes AT&T Legend Yes NA NET3 Yes NA NET5 NA Yes NT DMS 100 Yes Yes NT DMS 250 NA Yes NT SL-100 Yes Yes NTT Yes Yes NI-1 Yes NA TS013 Yes NA TS014 NA Yes 1TR6 Yes Yes Switch support may vary from country to country.
HARDWARE OVERVIEW The CyberSWITCH is an embedded communications platform. It uses a flash file system (instead of a hard disk) and a two-stage boot device to initialize the platform and download system software. System software is preconfigured to allow immediate connection via a Local Area Network (LAN) or Wide Area Network (WAN) with Telnet and/or TFTP access. The software can also be accessed via the RS232 port on the system, and a terminal-emulation software package. The CyberSWITCH offers flexibility.
HARDWARE OVERVIEW System Platforms SYSTEM PLATFORMS THE CSX1000 AND NE LINK 1000 (A NETWORK EXPRESS PRODUCT) The following table summarizes the CSX1000 and NE Link 1000 platform options. Model # Ports # Connections CSX1001 one BRI port two connections NE Link 1000-B2 one BRI port two connections NE Link 1000-B4 two BRI ports four connections NE Link 1000-B8 four BRI ports eight connections The platform shown below, the NE Link 1000 B8 platform, supports four BRI ports or eight connections.
USER’S GUIDE The CSX1001, shown below, is equivalent to the NE Link 1000 B2. WORKGROUP REMOTE ACCESS SWITCH POWER SERVICE TX LINE 1 LAN RX 10BASE-T CH-1 CH-2 SYNC D-CH AGI ! CAUTION FOR CONTINUED PROTECTION AGAINST RISK OF FIRE, REPLACE ONLY WITH SAME TYPE AND RATING OF FUSE. INPUT 85-250V 47-63 - 1.6A MAX BRI (Termination switches behind plate; see diagram AUI 10Base-T CONSOLE FUSE TYPE: IEC 127/ III RATED F1.
HARDWARE OVERVIEW System Platforms The two connectors available for LAN access are the AUI Ethernet and the 10Base-T. Only one of the two ports may be activated at a time. If you attempt to use both, the system hardware automatically defaults to the 10Base-T port. Note that the AUI port has a slide-latch mechanism to lock that connection into place. The back panel also provides connectors for BRI lines.
USER’S GUIDE Refer to the following figure, which illustrates a BRI Point-Multipoint configuration.
HARDWARE OVERVIEW System Platforms Regulatory Compliance: Meets or exceeds the following: Safety: UL 1950, CSA C22.2 No. 950, EN 60950, IEC 950, and 72/23/EEC EMI: FCC Part 15, EN 55022, CSA 108.
USER’S GUIDE THE CSX1200 The following table summarizes the CSX1200 platform options. Model # Ports # Connections CSX1201 one BRI port 2 connections CSX1204 four BRI ports 8 connections CSX1223 one PRI port 23 T1 connections or 30 E1 connections The platform shown below is the PRI version of the CSX1200 (the CSX1223). Note that all CSX1200’s back panels have two slots for future add-on modules.
HARDWARE OVERVIEW System Platforms Below we illustrate the front panel of the CSX1204 - the four port BRI version of the CSX1200. WORKGROUP REMOTE ACCESS SWITCH POWER SERVICE TX LAN RX 10BASE-T LINE 1 LINE 2 LINE 3 LINE 4 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH AGI CSX1204 - BRI Version PLATFORM D ESCRIPTION The CSX1200 platform was designed to provide distributed network access for a branch office or small central site.
USER’S GUIDE Electrical Characteristics Voltage: Frequency: Fuse: Power: Note: AC Power Input: 100-125 VAC/200-240 VAC 50/60 Hz 1.0/0.5 amps, 250V 50 watts maximum Main circuit card fuse labeled F1 is rated at 0.5A 63V. This fuse protects the 12V AUI circuitry on the main board. This fuse is a factory serviceable item only. Regulatory Compliance Meets or exceeds the following: Safety: UL 1950, CSA C22.2 No. 950, EN 60950, IEC 950, and 72/23/EEC EMI: FCC Part 15, EN 55022, CSA 108.
HARDWARE OVERVIEW System Platforms For informational purposes, here are the pin list and signal assignments for the 10Base-T LAN connector: Note: Pin Signal Function 1 Transmit + 2 Transmit - 3 Receive + 4 NC No Connect 5 NC No Connect 6 Receive - 7 NC No Connect 8 NC No Connect The 10Base-T connector and the WAN connector are both RJ45 connectors. However, they do have different electrical interfaces. Take care to keep these separate.
USER’S GUIDE WAN ACCESS Since the CyberSWITCH is a factory-customized product, there is no need to install specific adapter boards in order to access the WAN. Connections for the internal BRI interface are made at the system’s back panel. On the B2, a basic rate line will connect to the RJ-45 connector labeled 1. On the B4, up to two basic rate lines will connect to the ports labeled 1 and 2. On the B8, up to four basic rate lines will connect to the ports labeled 1 through 4.
HARDWARE OVERVIEW System Platforms ADMINISTRATION CONSOLE ACCESS The Console connector is an RS232 connector which provides dedicated asynchronous connection. This async connection is available for administration console management or PPP-Async data transfer. The internal RS232 interface is preconfigured for DTE, providing a male 9-pin port connector for the administration console hook-up. The default baud rate is 9600.
USER’S GUIDE SYSTEM MODULES THE CSX1200-E11-MOD The CSX1200-E11-MOD is an internal 11 port Ethernet hub option card for the CSX1200 family. The CSX1200-E11-MOD is available for both the BRI (CSX1201, CSX1204) and PRI (CSX1223) models. The CSX1223 is shown below.
HARDWARE OVERVIEW System Modules 11 10 9 8 7 6 5 4 3 2 1 S L O T 4 S L O T 3 SLOT 2 SLOT 1 AIS RAI LOF LOS AUI 10Base-T CONSOLE LAN Connectivity PC Connectivity The hub is equipped with LANVIEW LEDs. These LEDs are comprised of three types: receive, link, and collision. Refer to the LED Indicators chapter for further information. For installation instructions refer to the Hardware Installation chapter.
USER’S GUIDE THE CSX1200-U4-MOD The CSX1200-U4-MOD is a U-interface option card for the CSX1200 family. This module is only relevant for applications in North America, since North American telephone companies typically do not provide the needed U-interface conversion. The CSX1200-U4-MOD performs the function of an external NT1, and is available for the BRI (1201, 1204) CSX1200 models. Below, we show the module installed in a CSX1223.
SOFTWARE OVERVIEW OVERVIEW The CyberSWITCH software provides: • system software for the CyberSWITCH, LAN and WAN interfaces, and administration functions • system files containing configuration and operational information This chapter provides an overview for each of the above software categories. SYSTEM SOFTWARE Included with each CyberSWITCH is a CD containing upgrade software and utility software. (Note that initial system software is factory-installed).
USER’S GUIDE node.nei This configuration file contains node-specific information like resources, lines, CyberSWITCH operating mode and security options, along with the Throughput Monitor Configuration information. If enabled, SNMP configuration information is also in this file. lan.nei This file contains configuration information used when the bridge is enabled. This file also contains information for the Spanning Tree protocol used for the bridge.
SOFTWARE OVERVIEW System Files The system stores the tables in ASCII format files on the System disk. When the system writes system messages to disk, it stores them in the following location: Directory: \log File Name: rprt_log.nn Where “nn” is an integer that is incremented each time a new file is written. When the system writes system statistics to disk, it stores them in the following locations: Directory: \log File Name: stat_log.
SYSTEM INSTALLATION We include the following chapters in this segment of the User’s Guide: • Ordering ISDN Service Provides guidelines for ordering ISDN service in the United States. • Hardware Installation Step-by-step instructions for installing hardware components. • Accessing the CyberSWITCH Provides a description of the possible ways to access the CyberSWITCH (for diagnostic purposes, or for software upgrade). • Upgrading System Software A description of the software upgrade process.
Workgroup Remote Access Switch 55
ORDERING ISDN SERVICE (US ONLY) OVERVIEW This chapter was designed to be a guideline for ordering ISDN service in the United States. For BRI ISDN Service: If you are using NI-1 lines, try using EZ-ISDN Codes to order BRI service. If your service provider does not support EZ-ISDN Codes, try using the NI-1 ISDN Ordering Codes. If your service providers does not support either types of codes, or, if you are using a non-NI-1 line, refer to Ordering BRI ISDN Lines using Provisioning Information.
ORDERING ISDN SERVICE (US ONLY) Ordering BRI ISDN Lines using Provisioning Settings If the AT&T 5ESS switch type is available, the ISDN services available will be one of the following: • NI-1 • Custom Point-to-Point If Northern Telecom DMS-100 switch type is available, the ISDN services available will be one of the following: • NI-1 • DMS-100 Custom 3. Refer to section in this document that applies to your service type. 4. Order your ISDN service.
USER’S GUIDE AT&T 5ESS NI-1 SERVICE Note that some of the elements below are set per directory number. With NI-1 Service, you will typically have two directory numbers.
ORDERING ISDN SERVICE (US ONLY) Ordering BRI ISDN Lines using Provisioning Settings AT&T 5ESS CUSTOM POINT-TO-POINT SERVICE Note that some of the elements below are set per directory number. With Custom Point-to-Point Service, you will have two directory numbers.
USER’S GUIDE PROVISION SETTINGS FOR NORTHERN TELECOM DMS-100 SWITCHES The ISDN services supported by Northern Telecom DMS-100 switches are as follows (in order of preference of usage): 1. NI-1 2. Custom Service The sections below provide the settings for each DMS-100 service type. Note that your service provider may not be able to offer all of the features listed. NORTHERN TELECOM DMS100 NI-1 SERVICE Note that you must set either EKTS or ACO to yes. You may not set both of them to yes.
ORDERING ISDN SERVICE (US ONLY) Ordering BRI ISDN Lines using Provisioning Settings NORTHERN TELECOM DMS100 C USTOM SERVICE Note that you must set either EKTS or ACO to yes. You may not set both of them to yes.
USER’S GUIDE premise equipment. At the time that the line is ordered, the customer may be asked for the FCC registration number for the CyberSWITCH that is being used. The cabling between the wall jack and the CyberSWITCH is very important, and is also where most problems occur. The system’s PRI RJ-45 adapter uses the international standard of pins 3, 4, 5, and 6 for transmit and receive. Most T1 lines in the United States use the traditional 1, 2, 4, and 5 pins.
HARDWARE INSTALLATION PRE-INSTALLATION REQUIREMENTS Before you begin the installation process, be sure to: • Choose a suitable setup location Make sure the location is dry, ventilated, dust free, static free, and free from corrosive chemicals • Verify system power requirements Voltage Range Current and Frequency 85-264 V .6 A 47-63 Hz The appropriate standard power cord is supplied with the system.
USER’S GUIDE INSTALLING THE CSX1200-E11-MOD The CSX1200-E11-MOD (E11) is an internal 11 port Ethernet hub option card for the CSX1200 family. The CSX1200-E11-MOD can be installed in the BRI (1201, 1204) and PRI (1223) CSX1200 models. To help eliminate any potential problems during or after installation, please be sure to read and understand all instructions in this section and in the release notes supplied with the E11. Only qualified personnel should perform installation procedures.
HARDWARE INSTALLATION Installing the CSX1200-U4-MOD INSTALLING THE CSX1200-U4-MOD The CSX1200-U4-MOD (U4) is a U-interface option card for the CSX1200 family. The CSX1200-U4MOD can be installed in the BRI (1201, 1204) CSX1200 models. To help eliminate any potential problems during or after installation, please be sure to read and understand all instructions in this section and in the release notes supplied with the U4. Only qualified personnel should perform installation procedures.
USER’S GUIDE CABLING Note that the module consists of four pairs of numbered RJ45 ports; you must properly connect the CSX1200 BRI ports to the corresponding U4 S/T interface ports of each pair on the module. We provide four 6-inch, category 5, twisted-pair cables (with RJ45 connectors) for this purpose: 1. 2. Using the twisted-pair cables, connect BRI port 1 to the S/T interface port labelled number 1, BRI port 2 to S/T interface port number 2, and so on.
ACCESSING THE CYBERSWITCH OVERVIEW This chapter describes accessing your CyberSWITCH, which includes: • making proper connections • establishing an administration session • powering on the system • accessing Release Notes MAKING CONNECTIONS There are a number of ways to make a connection to the system, which include: • direct connection using a terminal • null-modem connection using a null-modem cable and a PC • remote connection using Telnet • remote connection using modems and a remote PC All connection
USER’S GUIDE Using the provided RS232 null modem cable, attach an administration console to the system. The administration port is a 9-pin, male RS232 serial adapter as shown below: ! CAUTION FOR CONTINUED PROTECTION AGAINST RISK OF FIRE, REPLACE ONLY WITH SAME TYPE AND RATING OF FUSE. INPUT 85-250V 47-63 - 1.6A MAX BRI (Termination switches behind plate; see diagram AUI 10Base-T CONSOLE FUSE TYPE: IEC 127/ III RATED F1.
ACCESSING THE CYBERSWITCH Making Connections REMOTE CONNECTION USING TELNET You can access the CyberSWITCH with Telnet. To do this, you must use Telnet client software.The CyberSWITCH has default IP addresses configured to allow Telnet access. The default LAN IP address is 1.1.1.1. To access the CyberSWITCH you must set the device’s IP address to be on the same subnet as the CyberSWITCH. We recommend that you use 1.1.1.2 and do this on a LAN that is not connected to the internet.
USER’S GUIDE ESTABLISHING AN ADMINISTRATION SESSION If a login prompt is displayed after the power-on initialization, the system software was preinstalled. Complete the login: 1. The login controls which class of commands the user can access. Each access level (guest or administrator) is protected by a unique login password. This allows managers to assign different responsibility levels to their system users.
ACCESSING THE CYBERSWITCH Powering On 3. Plug the system’s power cord into a grounded electrical outlet. An appropriate standard power cord is supplied with the system for your specific country. 4. Turn on the administration console, and execute the communications program so that your terminal emulator accesses the RS232 port connected to the system. 5. Turn on the system by pressing the POWER-ON switch located on the back of the machine.
USER’S GUIDE ACCESSING THE RELEASE NOTES The Release Notes provide release highlights and important information related to this release that should be reviewed before you begin the system’s installation and configuration. The Release Notes are located on CD, and they are also located on the system’s FLASH file system. The Release Notes on CD are located in the REL_NOTE.TXT file. This file is a DOS text file you can read on a DOS machine.
UPGRADING SYSTEM SOFTWARE OVERVIEW This chapter describes how to install system software onto the CyberSWITCH. Instructions are included for the following actions: • upgrading system software • changing defaults to secure system • returning configuration to factory defaults • accessing Release Notes The following sections provide instructions to help you complete each of these actions.
USER’S GUIDE For system upgrade, you will need to follow a specific upgrade path (\product name\country or switchtype\protocol or access package). This path not only depends upon product, but also the ISDN Standard you will be using, the software options you have purchased, and in many cases, the switch type.
UPGRADING SYSTEM SOFTWARE Upgrading Software CSX1204 USA csx1204\us\ipipx \ipipx.fr \ipipx.x25 \ipipxat \ipipxat.fr \ipipxat.pkt \ipipx.pkt \ipipxat.x25 CSX1204 NET3 csx1204\intnet3\ipipx \ipipx.fr \ipipx.x25 \ipipxat \ipipxat.fr \ipipxat.pkt \ipipx.pkt \ipipxat.x25 CSX1204 1TR6 csx1204\int1tr6\ipipx \ipipx.fr \ipipx.x25 \ipipxat \ipipxat.fr \ipipxat.pkt \ipipx.pkt \ipipxat.x25 CSX1204 TS013 csx1204\intts013\ipipx \ipipx.fr \ipipx.x25 \ipipxat \ipipxat.fr \ipipxat.pkt \ipipx.pkt \ipipxat.
USER’S GUIDE CSX1223 1TR6 csx1223\int1tr6\ipipx \ipipx.fr \ipipx.x25 \ipipxat \ipipxat.fr \ipipxat.pkt \ipipx.pkt \ipipxat.x25 CSX1223 TS014 csx1204\intts014\ipipx \ipipx.fr \ipipx.x25 \ipipxat \ipipxat.fr \ipipxat.pkt \ipipx.pkt \ipipxat.x25 If you choose to install this CD information onto your hard drive, it will be placed under the following base directory: ([drive]:\Program Files\Cabletron Systems, Inc.
UPGRADING SYSTEM SOFTWARE Upgrading Software LOCAL UPGRADE OF THE OPERATIONAL SOFTWARE (OSW) To locally upgrade the operational software (OSW) of your system, follow these steps: 1. Change the CyberSWITCH system’s baud rate to be the fastest baud rate supported by your communications package (up to 115.2 Kbps). Use the autobaud boot device command to change the baud rate. 2. Login to the CyberSWITCH as admin. 3.
USER’S GUIDE To perform a remote upgrade, first upgrade to the latest SSB, if required, then upgrade the OSW. The Release Notes will indicate whether or not the SSB needs to be upgraded. Note: If, during a remote upgrade, the compressed file set cannot be uncompressed into the Flash File System due to a lack of space, the compressed file set will not be deleted from the Flash File System and the previous version of the OSW will be booted.
UPGRADING SYSTEM SOFTWARE Upgrading Software 5. After the recovery, delete the file by issuing the command: del \system\recover1 6. Recover lost space with the command: flash reclaim Console Messages during SSB Upgrade: Message Suggested Action can’t open recover file If you entered a filename after the flash recover command, makes sure that the file exists on the system. If you did not enter a filename, make sure that \SYSTEM\RECOVER 1 exists on the system.
USER’S GUIDE If you experience a problem transferring the file with TFTP, wait about three minutes for the TFTP to fail, delete the incomplete file, and try again. 4. Using Telnet, reboot the system by issuing the command: restart It should take approximately 3 minutes for the system to restart and install the upgrade. 5. Login via Telnet and type the ver command to confirm that the system software upgraded correctly.
UPGRADING SYSTEM SOFTWARE Return Configuration to Factory Defaults 3. Change the admin and guest system passwords. If your system was previously accessed by your distributor, the preconfigured password will be admin (in lower case). Change this password to secure your system. To make this change, enter the following command at the system prompt: pswd Then follow the prompts to enter a new password. Your password must be a 3 to 16 nonblank character string.
BASIC CONFIGURATION We define basic configuration as the configuration needed by most users. Basic configuration will get your system up and running. Note that not all configuration steps in this part are required. For example, if you are only using bridging, you will have no need to complete the configuration steps included in Configuring Basic IP Routing.
CONFIGURATION TOOLS OVERVIEW We provide the following configuration tools to set up and/or alter your configuration: • CFGEDIT, the configuration utility • Manage Mode, the dynamic management utility Your CyberSWITCH is shipped with a default set of configuration files that are preinstalled. These configuration files provide basic functions which will allow you to perform initial installation tests with no additional configuration.
USER’S GUIDE As long as there is no other “change” session active (CFGEDIT or Manage Mode), access is granted, and the following menu is displayed: Main Menu: 1) 2) 3) 4) Physical Resources Options Security Save Changes Select function from above or to exit: From this screen you will begin the configuration process. Refer to Basic Configuration and succeeding chapters for details on using this utility to perform specific configuration tasks. Remember, changes to CFGEDIT are NOT dynamic.
CONFIGURATION TOOLS Dynamic Management Once Manage Mode is entered, the prompt changes from [system name]> to [system name]: MANAGE>. While operating in Manage Mode, only Dynamic Management commands are available. All other system commands are ignored until you exit Manage Mode. The key sequence will terminate the current command and return you to the MANAGE> prompt.
USER’S GUIDE DEFAULT CONFIGURATION Your CyberSWITCH is shipped with a default set of configuration files that are preinstalled. These configuration files provide basic functions which will allow you to perform initial installation tests with no additional configuration. The default configuration files will allow IP access over both the LAN and the WAN interfaces. This will allow you to PING, TELNET and TFTP into the CyberSWITCH.
CONFIGURATION TOOLS Using the Configuration Chapters These worksheets will be helpful in configuring and managing your system. They capture important network information. To see examples of completed worksheets, refer to the Example Networks Guide. USING THE CONFIGURATION CHAPTERS The configuration chapters follow a basic format for explaining the configuration process of each system feature. The format is: 1. A brief outline of the configuration procedure using CFGEDIT (if applicable).
CONFIGURING RESOURCES AND LINES OVERVIEW Resource refers to the computer resources that are part of the CyberSWITCH. A WAN resource is the physical interface for the attachment of lines (i.e., connections) to your system. Lines are communication facilities from the carriers. These lines directly attach to your system. From the system perspective, lines provide the physical connection to switched networks. Lines are not required for LAN connections.
CONFIGURING RESOURCES AND LINES Resources United States: For the U.S. resource configuration, switch type is configurable, but Ethernet Resource or COMMPORT is not. Select Resources to display a screen similar to the following: id 1 2 3 Name Basic_Rate Ethernet_1 COMMPORT Slot 1 2 Switch Type BRI_5ESS Enter(1)to Change a Resource or press for previous menu: To configure a different switch type, first select (1) to change the Basic Rate or Primary Rate resource.
USER’S GUIDE USING MANAGE MODE COMMANDS resource Displays the current resource configuration. RESOURCE CONFIGURATION ELEMENTS RESOURCE TYPE The type of adapter (resource) that plug into the system. WAN adapters are the physical interface for the attachment of lines (i.e., connections) to your system. RESOURCE SLOT The slot number into which the resource is plugged. INTERNAL SWITCH TYPE For ISDN resources (BRI and PRI) only. The switch type you wish to configure. REGION For NET3 and NET5 switchtypes.
CONFIGURING RESOURCES AND LINES Resources The T1-E1-PRI can be used for any T1, E1, or PRI resource, and directly terminates a standard USOC RJ45 connector. It is supplied with a standard S/T interface and supports one port. It also provides support for the following switch types: • NTT • 4ESS • 5ESS • Definity • DMS100, DMS250 • SL100 • NET5 • 1TR6 • TS0-14 The ethernet-1 resource provides direct support for one standard AUI LAN connection.
USER’S GUIDE LINES To parallel the preconfigured serial resource (COMMPORT), there is also a preconfigured serial line named ASYNDMPORT. This line may not be deleted from the CyberSWITCH configuration, but its values (including mode of operation) are changeable. A single WAN line and resource are also preconfigured. To change configuration or configure additional lines, follow the instructions below. CONFIGURING LINES USING CFGEDIT To configure lines, select Data Lines from the Physical Resources menu.
CONFIGURING RESOURCES AND LINES Lines d. parity value e. flow control type f. mode: • Autosense (default): can be either terminal or PPP-async. Requires user interaction (four carriage returns) to get to terminal mode. • Term: terminal mode only. Login prompt automatically sent to remote console. CONFIGURING A LINE FOR A PRI RESOURCE 1. Enter the line name. 2. Select the line’s slot and port combination. 3.
USER’S GUIDE datalink add Allows you to add a data link. The following sample screen shows how a data link is added. Current LINE Configuration: id LINE NAME TYPE SLOT PORT -------------------------------------------------------------------------------1 LINE.BASICRATE1 BR_ISDN 1 1 2 LINE.BASICRATE2 BR_ISDN 1 2 3 DMS100.
CONFIGURING RESOURCES AND LINES Lines CALL SCREENING METHODS For basic rate lines only. If you select a line interface type of point-multipoint, choose one of the following call screening methods: none, subaddress, or telephone number. The paragraphs below define each method. 1. None All calls will be accepted. 2. Subaddress Uses a configured subaddress for this site. If the subaddress method is chosen, and a subaddress has not been configured for this site, an error message will be displayed.
USER’S GUIDE channel). For DMS and NI-1 switches, the BRI line has two SPIDs, and two phone numbers. Note that either SPID can use either bearer channel. There is no one-to-one correspondence. You must enter the number of digits to verify (starting at the right-most digit), so that when the system receives a phone call it can determine on which bearer to accept the phone call. The maximum number of digits should be 7, which is the default value in most cases.
CONFIGURING RESOURCES AND LINES Lines DIGITS VERIFIED The number of digits to verify (starting at the rightmost digit), so that when the system receives a phone call it can determine on which bearer to accept the phone call. The maximum number of digits should be 7, which is the default value in most cases. FRAMING TYPES For primary rate lines only. The normal line transmission method employed on a PRI line is a timedivision multiplexed (TDM) scheme of repeating fixed-length frames.
USER’S GUIDE If you are not using an external CSU, specify a value under Long Haul Build Out. On long hauls, your telephone company will provide you with a decibel attenuation value when they install the lines. The installers may specify option labels A, B, or C during installation. If so, these labels correspond, respectively, to Long Haul Build Out values of -0.0dB, -7.5dB, and -15.0dB. The value is dependent on distance, type and condition of physical line, and other environmental factors.
CONFIGURING RESOURCES AND LINES Subaddresses SUBADDRESSES CONFIGURING A SUBADDRESS USING CFGEDIT 1. To configure a subaddress, select ISDN Subaddress from the Physical Resources menu. 2. Enter the subaddress. The subaddress is supplied by your Carrier Service. SUBADDRESS CONFIGURATION ELEMENTS SUBADDRESS The subaddress for the system. SUBADDRESSES BACKGROUND INFORMATION A subaddress may be configured for a point-multipoint line. This element is a call screening method.
CONFIGURING BASIC BRIDGING OVERVIEW This chapter provides information for configuring basic bridging features. Basic bridging configuration includes: • enabling/disabling bridging A separate chapter, Configuring Advanced Bridging, provides information for configuring advanced bridging features. Advanced bridging features include: • bridge dial out • Spanning Tree Protocol • mode of operation • bridging filters • known connect lists MAC LAYER BRIDGING OPTION ENABLING/DISABLING BRIDGING USING CFGEDIT 1.
CONFIGURING BASIC BRIDGING MAC Layer Bridging Option MAC LAYER BRIDGING BACKGROUND INFORMATION You are given the option of either enabling or disabling the MAC layer bridging feature. When bridging is enabled, the system bridges data packets to the proper destination, regardless of the network protocols being used. The default configuration is bridging enabled. Note: If the bridge and the IP options are both enabled, the system will act as a “brouter.
CONFIGURING BASIC IP ROUTING OVERVIEW This chapter provides information for configuring basic IP routing features. Basic IP routing configuration includes: • enabling/disabling the Internet Protocol (IP) When you enable this option, the system operates as an IP Router. If you also enable bridging, it will route IP packets and bridge all other packet types. • configuring the IP operating mode The operating mode may be either host or router. The router operating mode is the default.
CONFIGURING BASIC IP ROUTING IP Operating Mode IP Configuration Menu: 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) IP Routing (Enable/Disable) IP Operating Mode IP Interfaces Static Routes RIP (Enable/Disable) IP Static ARP Table Entries.
USER’S GUIDE IP Configuration Menu: 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) IP Routing (Enable/Disable) IP Operating Mode IP Interfaces Static Routes RIP (Enable/Disable) IP Static ARP Table Entries Isolated Mode (Enable/Disable) Static Route Lookup via RADIUS (Enable/Disable) IP Address Pool IP Filter Information DHCP Select function from above or for previous menu: b.
CONFIGURING BASIC IP ROUTING IP Network Interfaces Off-node authentication servers are available when IP is enabled regardless of the operating mode. With IP host mode, all traffic is considered bridge traffic, so no IP-specific off-node server lookups are performed.
USER’S GUIDE n. IP RIP v2 authentication key (required only if the IP RIP v2 authentication control has been configured with a value other than “No Authentication” Note: 3. With the Secondary IP Addressing feature, you may add more than one LAN network interface. Upon adding a second LAN interface, you must provide a unique interface name and address. You will also need to specify whether this new interface is to be the primary or secondary LAN network interface.
CONFIGURING BASIC IP ROUTING IP Network Interfaces If IP RIP is enabled, enter the following additional information: h. i. j. k. l. IP RIP send control IP RIP respond control IP RIP receive control IP RIP v2 authentication control IP RIP v2 authentication key (required only if the IP RIP v2 authentication control has been configured with a value other than “No Authentication” 6. For a WAN IP UnNumbered network interface enter the following information: a. MTU size 7.
USER’S GUIDE SUBNET MASK The Subnet Mask value (the number of significant bits for the subnet mask) associated with the IP address specified for this interface. The Subnet mask is specified by entering the number of contiguous bits that are set for the mask. The mask bits start at the most significant bit of the IP address field and proceed to the least significant bit. Subnet Mask applies to LAN, WAN, and WAN RLAN type interfaces only.
CONFIGURING BASIC IP ROUTING IP Network Interfaces entered for the interface. For example, if the IP address of the interface is 199.120.211.98, the portion of the menu displaying the available transmit broadcast addresses would appear as: Transmit Broadcast Address: 1) 199.120.211.255 2) 199.120.211.0 3) 255.255.255.255 4) 0.0.0.0 5) Specify Explicitly Enter Transmit Broadcast Address [default = 1]? 1 In almost all cases, the default transmit address is used (1).
USER’S GUIDE IP RIP SEND CONTROL If IP RIP is enabled for a specific interface (LAN, WAN RLAN, and/or numbered WAN interfaces), an IP RIP send control must be selected. This element controls how IP RIP update messages are sent on an IP RIP interface. There is a different default value depending on the type of interface configured. The default value is automatically preconfigured when IP RIP is enabled. The following tables provide the possible options for IP RIP send control.
CONFIGURING BASIC IP ROUTING IP Network Interfaces The following table provides the possible choices for IP RIP respond control. Switch Meaning Do Not Respond This switch indicates responding to no IP RIP requests at all. IP RIP v1 Only This switch indicates responding only to IP RIP requests compliant with RFC 1058. IP RIP v2 Only This switch indicates responding only to IP RIP v2 requests compliant with RFC 1723.
USER’S GUIDE The following table provides the possible choices for IP RIP v2 authentication control Type Meaning No Authentication * This control type indicates that IP RIP v1 and unauthenticated IP RIP v2 messages are accepted. Simple Password This control type indicates that IP RIP v1 messages and IP RIP v2 messages which pass authentication test are accepted. The authentication test is done using a simple password. * This is the default switch.
CONFIGURING BASIC IP ROUTING IP Network Interfaces An IP Host device has only one network interface that it uses for data transfer. This network interface is assigned an IP address and belongs to one subnet. A remote IP host typically uses an ISDN line for this network interface. All data is sent through this network interface. An IP router device can have multiple network interfaces. Each of these are assigned an IP address and belong to a separate subnet.
USER’S GUIDE The WAN IP Network Interface is used to define remote IP devices (hosts or routers) that require access to the central network. This network interface represents a different subnet than that connected to a LAN network interface. The WAN IP Network Interface is used for both IP Host and PPP remote devices. The WAN (Direct Host) IP Network Interface allows you to extend the LAN subnet to remote devices. The WAN (Direct Host) IP Network Interface is used for IP Host and PPP remote devices.
CONFIGURING BASIC IP ROUTING IP Network Interfaces Host 128.1.1.8 File Server Subnet 128.1.1.0 128.1.1.3 (128.1.1.2 uses WAN Direct Host Interface) Host 128.1.1.1 128.1.1.2 Interfaces: LAN Interface 128.1.1.1 LAN POWER SERVICE TX RX B-CHANNELS 10BASE - T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 B25 B27 B29 B31 B26 B28 B30 T1 D L1 WAN Direct Host Interface 192.2.2.1 WAN Interface 192.2.2.
USER’S GUIDE File Server Host 128.1.1.8 Subnet 128.1.1.0 128.1.1.3 CSX1200 128.1.1.1 Interfaces: LAN POWER SERVICE TX RX B-CHANNELS 10BASE - T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 B25 B27 B29 B31 B26 B28 B30 T1 D L1 LAN Interface 128.1.1.1 131.3.3.1 RLAN Interface 131.3.3.1 Host Bridge WAN UnNumbered Interface both WAN Interfaces use one PRI line ISDN 131.3.3.2 Subnet 131.3.3.
CONFIGURING BASIC IP ROUTING IP Network Interfaces IP RIP AND THE IP NETWORK INTERFACES Routing Information Protocol (RIP) is a protocol used to exchange routing information among IP devices. Using IP RIP can automate the maintenance of routing tables on IP devices and relieve you of having to keep the routing tables up to date manually. IP RIP determines the shortest path between two points on a network in terms of the number of “hops” between those points.
USER’S GUIDE See illustration, Example 1. Because SITE1 is the only CyberSWITCH that is connected to the logical network, it is reasonable for SITE1 to advertise the IP RIP information on Network 3 as subnetwork routes, meaning that SITE1 will always advertise the remote IP devices’ IP RIP information. Network 1 (1.0.0.0) i/f 1 1.0.0.1 R1 i/f 2 2.0.0.1 Network 2 (2.0.0.0) i/f 1 2.0.0.
CONFIGURING BASIC IP ROUTING IP Network Interfaces Network 1 (1.0.0.0) i/f 1 1.0.0.1 R1 i/f 2 2.0.0.1 Network 2 i/f 1 2.0.0.3 i/f 1 2.0.0.2 LAN POWER SERVICE i/f 2 3.0.0.2 3.0.0.11 TX RX B-CHANNELS 10BASE - T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 (2.0.0.0) LAN E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 B25 B27 B29 B31 B26 B28 B30 T1 D POWER SERVICE TX L1 CSX1200 CSX1200 ISDN 3.0.0.
USER’S GUIDE Currently, IP RIP is not supported across an UnNumbered WAN interface. For example, in the following network setup, SITE1 could not advertise IP RIP information across the UnNumbered WAN IP Interface to Router 2 (R2). Therefore, SITE1 would know about Networks 1 and 2, but would not learn anything about Network 3. In this situation, a static route would have to be configured on the CyberSWITCH. For information on the configuration of static routes, refer to Static Routes. Network 1 (1.0.0.
CONFIGURING BASIC IP ROUTING IP Network Interfaces CSX5500 Z 1.1.1.3 CSX1200 LAN POWER SERVICE TX RX B-CHANNELS 10BASE - T E1 ONLY B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 D B17 B19 B21 B23 B18 B20 B22 B24 B25 B27 B29 B31 B26 B28 B30 T1 D L1 ISDN 1.1.1.2 Dedicated Connection 1.1.1.
USER’S GUIDE IP HOST OPERATING MODE AND THE IP NETWORK INTERFACES Only one network interface can be configured when the IP operating mode is host. The network interface configuration is not much different from the others available in router mode except that the following configuration items will not be asked: • Network Interface Type • Network Interface Name • IP RIP Send Control USING MULTIPLE IP ADDRESSES You may use multiple IP addressing for system backup and/or network flattening implementations.
CONFIGURING BASIC IP ROUTING IP Network Interfaces with a remote device on a different subnet, the local device will ARP for the remote host’s MAC address. Since routers do not forward ARP requests across subnets, ARPs sent for hosts which are not on the same physical network segment will go unanswered. The proxy ARP feature will potentially generate an ARP reply for remote hosts.
USER’S GUIDE When a local host ARPs for a remote host, the CyberSWITCH (with Proxy ARP enabled) determines if it provides the best route to the destination. If it does, it will reply to the ARP request with its own MAC address. • Suppose Host A wishes to contact Host D. Since Host A thinks every other host is local, it will broadcast an ARP request. The CyberSWITCH, which is on the same physical wire as Host A, will receive the ARP request on one of its LAN network interfaces.
CONFIGURING BASIC IP ROUTING Static Routes USING MANAGE MODE COMMANDS iproute Displays the current IP static routing configuration data. The meaning of each displayed field for a route entry is: DESTINATION IP address for the destination network or host. SUBNET-MASK Subnet mask value for the destination network or host. A value of 255.255.255.255 indicates that this entry is for a specific IP host.
USER’S GUIDE IP RIP PROPAGATION CONTROL The IP RIP propagation control determines how a static route is propagated via IP RIP. The following table provides an explanation of how a IP RIP propagation control flag is assigned to a static route. Flag Meaning Propagate Always This flag indicates that the route information is always propagated via IP RIP. This flag is available when the next hop is over a LAN or a WAN interface.
CONFIGURING BASIC IP ROUTING Static Routes reachable directly and therefore no intermediate router will be used. The default metric value is 2. The range of metric values for static routes is from 0 to 15. You may manipulate the metric value to promote a certain default route, or to impede a default route from being used.
USER’S GUIDE STATIC ROUTE BACKGROUND INFORMATION You only need to configure Static Routing entries if you need to access a WAN network that is not directly connected to the system, or if you need to access a LAN network through a router that does not support IP RIP. Static Routes specify the IP address of the next hop router or gateway that provides access to this network. The following diagram gives an example of a static route definition. Host 156.1.0.0 Router 192.1.1.2 128.1.1.
CONFIGURING BASIC IP ROUTING Default Routes DEFAULT ROUTES CONFIGURING DEFAULT ROUTES The default route is a form of static route that is useful when there are a large number of networks that can be accessed through a gateway. However, care must be taken when specifying a default route. All IP datagrams with a destination IP address that do have an explicit routing table entry will be sent to the default route.
USER’S GUIDE connection is over a WAN. You may want to assign this route a high number of hops to limit toll charges, in case there is a local route that could be used. IP RIP PROPAGATION CONTROL This controls how a default route is propagated via IP RIP. The following table provides an explanation of how a IP RIP propagation control flag can be assigned to a default route. Flag Meaning Propagate Always This flag indicates that the route information is always propagated via IP RIP.
CONFIGURING BASIC IP ROUTING Routing Information Protocol (RIP) Option USING MANAGE MODE COMMANDS iprip This command tells you if IP RIP is currently enabled or disabled. iprip off If IP RIP is enabled, this command allows you to disable IP RIP. iprip on If IP RIP is disabled, this command allows you to enable IP RIP. IP RIP CONFIGURATION ELEMENTS IP RIP STATUS The status IP RIP may be enabled or disabled.
SECURITY The CyberSWITCH provides a great variety of security options. These options include device level security, user level security, a combination of the two, or if preferred, no security. There are different ways to authenticate, as well as different locations (both local and remote) to store security information. This segment addresses these areas.
SECURITY OVERVIEW OVERVIEW Security is an important issue to consider when you are setting up a network. The CyberSWITCH provides several security options, and this chapter describes the “Big Picture” of how these options work and interoperate. This information will better equip you to proceed with the following phases of security configuration: 1. configuring the level of security 2. configuring system options and information 3. configuring device level databases 4. configuring user level databases 5.
USER’S GUIDE Multilevel security provides both user level security and device level security for local (on-node) database, Radius, and SFVRA. This provides added protection; first, a device will be authenticated, and then a particular user (on the device) will be authenticated. The feature also allows the configuration of an on-node device database at the same time as an offnode device database. Calls first check the on-node database (if enabled) and then the off-node database for the correct device.
SECURITY OVERVIEW User Level Databases These environments include an on-node database and a variety of off-node, central authentication databases. The on-node database contains a list of valid devices that can access the network resources connected to the CyberSWITCH. This list of valid devices is configured and stored locally. A central database allows a network with more than one CyberSWITCH to access one database for device authentication.
CONFIGURING SECURITY LEVEL OVERVIEW The CyberSWITCH offers the following levels of network security: no security, device level security, user level security, or device and user level security. The network security level determines the type of security you want activated on your network. As the name implies, no security is used if you configure your network security level as “no security.
CONFIGURING SECURITY LEVEL Overview LAN POWER SERVICE TX RX B-CHANNELS 10BASE - T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 LAN E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 B25 B27 B29 B31 B26 B28 B30 T1 D POWER L1 SERVICE TX RX B-CHANNELS 10BASE - T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 B25 B27 B29 B31 B26 B28 B30 T1 D L1 ISDN ISDN ISDN Router Plan what level(s) of sec
USER’S GUIDE NO SECURITY CONFIGURING NO SECURITY USING CFGEDIT 1.
CONFIGURING SECURITY LEVEL Device Level Security DEVICE LEVEL SECURITY CONFIGURING DEVICE LEVEL SECURITY USING CFGEDIT 1. Select Device Level Security from the Security Level Menu. If you need guidance to find this menu, refer to the instructions provided in the No Security configuration section. 2. Refer to the chapter Configuring Device Level Databases in order to select and configure the device level database. USING MANAGE MODE seclevel Displays the current security level configuration data.
USER’S GUIDE OVERVIEW OF D EVICE AUTHENTICATION PROCESS When a remote device connects, the CyberSWITCH negotiates the required authentication. It then collects the information which is used to identify and authenticate the remote device. The system compares this collected information against information maintained in a device database.
CONFIGURING SECURITY LEVEL User Level Security The following sections provide information regarding authentication via SecurId cards, system requirements for user level security, and the authentication process with user level security. AUTHENTICATION U SING A SECURITY TOKEN C ARD The CyberSWITCH supports interactive, user level security through the TACACS or ACE server programmed for use with security token cards. Token cards are credit card-sized devices.
USER’S GUIDE Security Server LAN POWER SERVICE TX RX B-CHANNELS 10BASE - T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 B25 B27 B29 B31 B26 B28 B30 T1 D L1 ISDN SYSTEM REQUIREMENTS When providing user level security for the CyberSWITCH, you must establish Remote User-toLAN Connectivity (like terminal servers). You may not establish LAN-to-LAN Connectivity as routers usually do.
CONFIGURING SECURITY LEVEL User Level Security AUTHENTICATION PROCESS WITH USER LEVEL SECURITY Making a Telnet Connection In order to access user level security, you must first establish a Telnet connection to the CyberSWITCH.
USER’S GUIDE TACACS: with PINPAD SecureID Card 1. Enter login Id (remote machine). 2. Enter password onto SecurID card, which generates a dynamic password. 3. Enter dynamic password onto remote machine’s password prompt. 4. Press key when prompted for dynamic password. with non-PINPAD SecureID Card 1. Enter login Id (remote machine). 2. Enter password (remote machine). 3.
CONFIGURING SECURITY LEVEL Device and User Level Security DEVICE AND USER LEVEL BACKGROUND INFORMATION Multi-level security (device and user level) provides you with increased security options for your network. This feature supports device level security for all remote devices. User-level authentication can be performed on top of device level authentication for IP, IPX, AppleTalk and bridge users. Only users configured for user level authentication will be required to do so.
CONFIGURING SYSTEM OPTIONS AND INFORMATION OVERVIEW System options include security options for remote devices. The security required for the authentication of each device will depend on the information you have entered for that device. System information includes a system name, system password, and a system secret. These values are required only if there are remote devices on the network that require this information for system validation.
CONFIGURING SYSTEM OPTIONS AND INFORMATION System Options System Options Menu: PPP Link: 1) PAP Password Security 2) CHAP Challenge Security ENABLED ENABLED HDLC Bridge Link: 3) Bridge MAC Address Security ENABLED IP Host (RFC 1294) Link: 4) IP Host Id Security ENABLED ISDN: 5) Calling Line Id Security ENABLED Id of the Option to change or for previous menu: Notes: It is not necessary to disable a security option, even if you are not using the option.
USER’S GUIDE PAP Authentication CHAP Authentication Yes No Bridge MAC Address Authentication No No Yes No No No Yes No No No Note: Calling Line Id Authentication Optional Duplicates allowed for these Devices. Optional Duplicates allowed for these Devices. Optional Duplicates allowed for these Devices. Required Duplicates not allowed.
CONFIGURING SYSTEM OPTIONS AND INFORMATION System Options The above process applies to the system’s authentication of the remote device. It is also possible that the remote device may wish to authenticate the system itself, a desire that is also negotiated during the LCP initialization of the link. Enabling CHAP via configuration also permits the system to agree to be authenticated via CHAP during LCP negotiation.
USER’S GUIDE The following table summarizes the identifying and authenticating information used by each remote device type to connect to the system: Device Type Identifier Authenticator HDLC Bridge (MAC Layer Bridge) Bridge Ethernet Address or Calling Line Id Bridge Ethernet Address Optional: Password Optional: Calling Line Id IP Host (with RFC 1294 encapsulation) IP Host Id IP Host Id Optional: Calling Line Id PPP Device Name CHAP Secret or PAP Password Optional: Calling Line Id SYSTEM INFORMA
CONFIGURING SYSTEM OPTIONS AND INFORMATION Administrative Session SYSTEM PASSWORD The System Password is a user-defined password that is only required if there are remote devices on the network that require this information for system validation. This is passed in the password field during PAP negotiation. This password can be from 1 to 17 ASCII characters in length.
USER’S GUIDE 4. You may specify an authentication database location for administrative sessions that is different from the user authentication database location. Note: 5. If you select RADIUS, TACACS, or ACE, you must be sure that the selected server is active before you initiate an administrative session. From the Administrative Session menu select (2) Session Inactivity Timeout. The following prompt is displayed: Enter the Session Inactivity Timeout value in minutes.
CONFIGURING SYSTEM OPTIONS AND INFORMATION Administrative Session TIMEOUT V ALUE Allows you to terminate login sessions after the configured “time-out value” length in time. If “0” is entered, the value will be disabled. The time-out will be enabled by entering a number greater than 0. The range is from 0 to 1,440 minutes. NUMBER OF SESSIONS This value disables, or limits the number of Telnet administrative sessions allowed. The default value and the maximum value is 3.
USER’S GUIDE EMERGENCY TELNET SERVER PORT NUMBER BACKGROUND INFORMATION There are some Telnet client programs that do not clear Telnet connections when terminating Telnet sessions. Since they do not clear the Telnet connections, those connections stay alive and soon all Telnet sessions are used up. Once this happens, no more Telnet sessions can be established until the inactivity timer of one of the sessions expires.
CONFIGURING DEVICE LEVEL DATABASES OVERVIEW Device level security is an authentication process between internetworking devices, in which authentication takes place automatically. Both bridges and routers support this form of security.Device level security is available to the network locally through the On-node Device Database or remotely through the VRA Manager or RADIUS Server.
USER’S GUIDE Device Level Databases Menu: 1) On-node Device Database (Enable/Disable) 2) On-node Device Entries 3) Off-node Device Location Select function from above or for previous menu: 1 2. Select option (1) On-node Device Database from the Device level Databases menu. The following screen will be displayed.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries 4. The Device Table menu will then be displayed similar to the example screen shown below: Device Table Menu: (Device = "DAN") 1) 2) 3) 4) 5) 6) 7) 8) 9) ISDN Frame Relay X.25 Authentication IP IPX AppleTalk Bridge Compression Select function from above or for previous menu: 1 We suggest that you first enter the information pertaining to the device’s access type(s).
USER’S GUIDE 6. For Frame Relay devices: Note: You must first configure the Frame Relay Access. Instructions for configuring the access is found in the Frame Relay Accesses section of the Configuring Alternate Accesses chapter. Begin by selecting Frame Relay from the Device Table Menu. A screen similar to the following is displayed: Device Frame Relay Menu: (Device = "DAN") 1) PVC Information Access Name DANACCESS DLCI 16 Protocol PPP You cannot change this information from within this menu.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries If you select PVC, the list of available PVCs are displayed. The LCN of the selected PVC and the X.25 Access Name are stored in the Device Table to bind the device to a particular virtual circuit configuration: Select the type of the Virtual Circuit 1) Permanent Virtual Circuit (PVC) 2) Switched Virtual Circuit (SVC) [default 2]: 1 Current Permanent Virtual Circuits defined for X.
USER’S GUIDE For PPP, the ability to enable/disable outbound authentication (selection 3) is available. However, it is generally not necessary to enable outbound authentications on a point-to-point line. If the device is associated with a frame relay virtual circuit, and the PVC name is different than the device name, then outbound authentication is required. In addition, if you want to add user-level security to IP, AppleTalk and bridge devices, you may also enable User Level Authentication.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries a. b. Enable or disable IPX routing. If you enable IPX routing and want dial-out capabilities to this device, enable the Make Calls feature. c. If you enable IPX routing, you may enable or disable IPXWAN protocol. d. If you enable IPX routing, select IPX Routing Protocol. Select a routing protocol of none, RIP/ SAP, or Triggered RIP/SAP. When you select Triggered RIP/SAP, you will need to identify the WAN peer type as either active or passive. e.
USER’S GUIDE For IP Remote LAN networks, you must explicitly configure the IP (Sub)Network number. For IPX Remote LAN networks, you may configure the IPX external network number, or you may leave the value at NONE. The IPX Spoofing Options for IPX Remote LAN devices are not available at this time. For additional information, please refer to the Configuring IPX chapter, Remote LAN Devices.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries ON-NODE DEVICE DATABASE CONFIGURATION ELEMENTS GENERAL CONFIGURATION ELEMENTS DEVICE NAME A 1 to 17-character, user-defined case-sensitive name that uniquely identifies the device to the system administrator. The name may contain any displayable ASCII character except the quote “” character. This name is displayed on the connection monitor window when the device connects to the system.
USER’S GUIDE calls. The system will not accept or make a call when the added bandwidth will exceed the configured maximum. The value is configured as a number from 2,400 bps to 3,072,000 bps. You may configure any value in this range. For example, if you have configured the base data rate at 64,000 bps, and the maximum data rate at 512,000 bps, the system would use a maximum of eight calls (connections) running in parallel to open up bandwidth (512,000 / 64,000 = 8).
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries FRAME RELAY ACCESS CONFIGURATION ELEMENTS Note: These elements are configured for Frame Relay devices only. PVC CONFIGURED Information of the already configured frame relay virtual circuit which will be used for connections to the remote device. Currently, only permanent virtual circuits (PVCs) are provided by frame relay.
USER’S GUIDE OUTBOUND AUTHENTICATION This parameter allows you to enable or disable PPP outbound authentication procedures. When PPP outbound authentication is enabled, PPP (CHAP or PAP) authentication is required at both ends of the connection. When PPP outbound authentication is disabled, the CyberSWITCH does not authenticate the remote device when dialing out. If enabled, the CyberSWITCH will authenticate the remote device.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries compare the incoming CLID with the value configured in the On-node Device Table. If the numbers are identical the connection will be established. Otherwise, the system will reject the incoming call. When two remote devices share the same line (a single point-multipoint ISDN line), they can also configure the same CLIDs if they both also have some other type of authentication configured (for example, PAP, CHAP, or Bridge MAC Address Authentication).
USER’S GUIDE WAN PEER TYPE Specifies an active WAN peer (receives and sends information at all times) or a passive WAN peer (receives/sends information only when a connection is up). In order for an active peer type to work properly, the Make Calls field must also be enabled.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries BRIDGE INFORMATION CONFIGURATION ELEMENTS IP (SUB) NETWORK NUMBER If the CyberSWITCH uses an IP RLAN interface to connect to a remote bridge, you must provide this information. This address associates the bridge with the IP network to which it connects. Enter this address using dotted decimal notation. This parameter applies to the network-portion of the IP address only.
USER’S GUIDE COMPRESSION C ONFIGURATION ELEMENTS DEVICE COMPRESSION S TATUS Allows you to enable or disable compression for the individual device. If this option is enabled, then the CyberSWITCH will negotiate compression with this device. Otherwise, the system will not negotiate compression with this device, leaving the compression resources available for other devices. When adding a new device, this option derives its value from the default device compression option.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries The following table identifies the configuration requirements for possible security options for remote bridge devices.
USER’S GUIDE IP Routing with IP Host Devices (RFC1294) To allow an IP Host device to connect to the CyberSWITCH, you must have IP Routing and IP Host Security enabled. For each IP Host device using this type of connection, you may need to enter the device’s IP address, IP Host Id, and Calling Line Id. The following table identifies the configuration requirements for possible security options for IP Host devices.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries Bridging with PPP Bridge Devices (Using BCP) To allow a PPP Bridge device to connect to the CyberSWITCH, you must have Bridging enabled. For each PPP Bridge device using this type of connection, you may need to enter a PAP Password or a CHAP Secret, and a Calling Line Id. The following table identifies the configuration requirements for possible security options for PPP Bridge Devices.
USER’S GUIDE The following table identifies the configuration requirements for possible security options for IP Routing with PPP Bridge Devices.
CONFIGURING DEVICE LEVEL DATABASES Off-node Device Database Location OFF-NODE DEVICE DATABASE LOCATION CONFIGURATION ELEMENTS DATABASE LOCATION The database location for device level security. The choices for the off-node database location are None (Use on-node), VRA Manager, or RADIUS. Choosing an off-node database location enables the particular database. Note: Enabling VRA Manager as the off-node device database location automatically enables VRA Manager as a Call Control Manager.
CONFIGURING USER LEVEL DATABASES OVERVIEW User level security is an authentication process between a specific user and a device. The authentication process is interactive; users connect to a terminal server and need to interact with it in order to communicate with other devices beyond the server. The CyberSWITCH supports user level security through the RADIUS, TACACS, or ACE server. This chapter provides information for enabling an off-node user level database.
CONFIGURING USER LEVEL DATABASES User Level Authentication Database Location USER LEVEL AUTHENTICATION DATABASE LOCATION CONFIGURATION ELEMENTS DATABASE LOCATION The database location for user level security. Choices are: RADIUS Server, TACACS Server, or ACE Server. DATABASE TELNET PORT NUMBER You must also specify the Telnet port number to be used for authentication with the selected server. This port number is a unique number that identifies the server.
CONFIGURING OFF-NODE SERVER INFORMATION OVERVIEW You can configure both local device entries and remote authentication databases for device authentication. When a device needs to be authenticated, the CyberSWITCH will first look the device up locally, and, if there is no device entry, will then check the remote database for device authentication. This chapter provides information on configuring the CyberSWITCH to be able to communicate with an off-node server to receive authentication information.
CONFIGURING OFF-NODE SERVER INFORMATION VRA Manager Authentication Server VRA MANAGER AUTHENTICATION SERVER CONFIGURING VRA MANAGER AUTHENTICATION SERVER Notes: In order for the CyberSWITCH to reference VRA Manager for device authentication, the following configuration steps must first be completed: • IP Routing must be enabled. If you try to enable the VRA Manager before IP routing has been enabled, an error message will be displayed.
USER’S GUIDE VRA MANAGER AUTHENTICATION SERVER CONFIGURATION ELEMENTS TCP PORT NUMBER The TCP port number used by the VRA Manager. Note that you can assign a device-defined port number, but that the VRA Manager TCP port number must be entered identically on both the CyberSWITCH and the VRA Manager. VRA MANAGER AUTHENTICATION SERVER BACKGROUND INFORMATION When a remote site calls a CyberSWITCH, it sends its identification (such as the system name) and a password (or challenge).
CONFIGURING OFF-NODE SERVER INFORMATION RADIUS Authentication Server USING CFGEDIT 1. Select option (2), RADIUS from the Off-node Server Information menu. If you need guidance to find this menu, refer to the instructions provided in the VRA Manager Authentication Server configuration section. The following screen will be displayed: RADIUS Authentication Server Menu: Primary Server IP Address Shared Secret UDP Port Number is 128.111.011.
USER’S GUIDE RADIUS AUTHENTICATION SERVER CONFIGURATION ELEMENTS IP ADDRESS The IP address in dotted decimal notation for the RADIUS Server. This information is required for the Primary RADIUS Server, and also required if a Secondary RADIUS Server is configured. If a Secondary RADIUS Server is configured, it must have a different IP address than the Primary RADIUS Server. SHARED SECRET The shared secret can be 1 to 16 characters in length. Any ASCII character may be used.
CONFIGURING OFF-NODE SERVER INFORMATION TACACS Authentication Server information from the secondary server if one is configured. The connection will be released if neither server responds to the access requests. The section titled On-node Device Table Security Requirements describes the device authentication information required for each type of remote device.
USER’S GUIDE 3. Optional: configure a secondary TACACS Server with selection (2). In the event that the primary server does not respond to system requests, the secondary server will be queried for device authentication information. The address and port number of the Secondary Server must not be the same as the Primary Server. 4. Select (3) Access Request Retry to finish configuration.
CONFIGURING OFF-NODE SERVER INFORMATION ACE Authentication Server system will send an access request retry if the primary server does not respond. After the configured number of retries, the system will request authentication information from the secondary server if one is configured. The connection will be released if neither server responds to the access requests. Note: For user level security, the CyberSWITCH’s default Telnet port number is 7000, not the normal default (23).
USER’S GUIDE 4. Select Miscellaneous Information to finish the configuration. a. Specify the number of access request retries that the system will send to the Authentication Server. b. Specify the time between retries. c. Choose between the DES or SDI Encryption Method. The algorithm you select must be compatible with the ACE Server setup. d. You will also be prompted for a source IP address. This source IP address should be a valid address for the CyberSWITCH.
CONFIGURING OFF-NODE SERVER INFORMATION ACE Authentication Server NUMBER OF ACCESS REQUEST RETRIES The number of Access Request Retries that the system will send to the ACE Server. The initial default value is 3. The acceptable range is from 0 to 32,767. TIME BETWEEN ACCESS REQUEST RETRIES The time between Access Request Retries sent from the system. The initial default value is 1 second. The acceptable range is from 1 to 10,000.
CONFIGURING NETWORK LOGIN INFORMATION OVERVIEW The CyberSWITCH offers a number of configurable options to control the login process for this system and for off-node authentication servers. These options include: • general network login configuration • network login banners • login configuration specific to RADIUS • login configuration specific to TACACS NETWORK LOGIN GENERAL CONFIGURATION CONFIGURING GENERAL NETWORK LOGIN INFORMATION USING CFGEDIT 1. Select Security from the main menu. 2.
CONFIGURING NETWORK LOGIN INFORMATION Network Login General Configuration Concerning item (9), Authentication Timeout, note the following recommendation: If using the Security Dynamics Ace Server, modify the timeout value to be greater than the change frequency value of the SecurID cards. Refer to the Security Dynamics documentation for more information on this change frequency value.
USER’S GUIDE NETWORK LOGIN BANNERS CONFIGURING NETWORK LOGIN BANNERS USING CFGEDIT 1. Select option (2), Network Login Banners from the Network Login Information menu. If you need guidance to find this menu, refer to the instructions provided in the Network Login General Configuration configuration section. The following screen will be displayed: Device Network Login Banner Menu: The file "\CONFIG\Welcome.NEI" contains the Login Banner. The file "\CONFIG\Motd.NEI" contains the Message of the Day.
CONFIGURING NETWORK LOGIN INFORMATION Login Configuration Specific to RADIUS Server LOGIN CONFIGURATION SPECIFIC TO RADIUS SERVER CONFIGURING RADIUS SERVER LOGIN INFORMATION USING CFGEDIT 1. Select option (3), Login Configuration Specific to RADIUS Server from the Network Login Information menu. If you need guidance to find this menu, refer to the instructions provided in the Network Login General Configuration configuration section.
USER’S GUIDE USING MANAGE MODE netlogin Displays the current network login configuration data. After entering the netlogin command, you will be prompted for the type of login configuration information you want. The prompt will resemble the CFGEDIT screen in which this information was originally configured. You may display: user level security general configuration, login banners, login configuration specific to RADIUS, and login configuration specific to TACACS.
CONFIGURING NETWORK LOGIN INFORMATION Login Configuration Specific to TACACS Server 2. Selection (1) from the TACACS Specific Device Login Menu allows you to change the password control character: Enter control character used to switch from LOGIN to CHANGE PASSWORD mode. Select the control character that you wish to us by typing caret (‘^’) followed by another character (example: ^A), or ‘0’ to disable [Default = ^R]? 3.
USER’S GUIDE netlogin change Allows you to change the current network login configuration data. After entering the netlogin change command, you will be prompted for the type of login configuration information you want to change. The prompt will resemble the CFGEDIT screen in which this information was originally configured. You may change: user level security general configuration, login banners, login configuration specific to RADIUS, and login configuration specific to TACACS.
ADVANCED CONFIGURATION We define advanced configuration as the configuration you may use to fine tune your system, or to configure options that are not necessarily needed by the majority of users. For example, if you would like to configure an alternate access (an alternate to ISDN access); this would be considered advanced configuration.
CONFIGURING ALTERNATE ACCESSES OVERVIEW An access defines the connection details the CyberSWITCH uses to reach the network. The default access is ISDN access, a switched-network access. Configurable accesses are required for dedicated network connections, for packet-switched network connections including X.25 and frame relay connections. Refer to the information below for the alternate access you wish to add. DEDICATED ACCESSES CONFIGURING A DEDICATED ACCESS USING CFGEDIT 1.
CONFIGURING ALTERNATE ACCESSES Dedicated Accesses LINE PROTOCOL Designates the type of line protocol that will be used on the dedicated connection. PPP line protocol is the correct selection for most configurations. HDLC protocol may work for devices that only support HDLC protocol. DEVICE NAME (OPTIONAL) Optional parameter. The device name of the device assigned to this dedicated connection. The device name may be up to 17 characters in length, and is case sensitive.
USER’S GUIDE X.25 ACCESSES CONFIGURING AN X.25 ACCESS Note the following: • X.25 accesses are available only if you have purchased the additional software module for packet switched accesses. • To establish virtual circuits over X.25, you must enable device level security (page 139). • You may only configure one X.25 access per CyberSWITCH, and one line per access. • Bearer channels used by X.25 accesses can not be shared by other access types. • Compression is not available over X.25 connections. • For X.
CONFIGURING ALTERNATE ACCESSES X.25 Accesses 7. Enter a list of bearers (a channel map). For PRI lines, the range of channels is from 1 to 24. For BRI lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/or list a range by using a dash (-). LAPB CONFIGURATION INFORMATION Note: You will not be prompted for this information if you are using X.25 over a D-Channel. The system will “know” what type of X.25 access you are using by the line you selected for the access.
USER’S GUIDE 3. Configure the X.25 Reliability, Windows, and Acknowledgment Facilities. a. Select the type of sequence numbers to be used for X.25: regular or extended. Extended sequence numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128), as opposed to 0-7 (modulo 8). b. Enter the Maximum Window Size. This is the largest possible window size to be supported on any virtual circuit.
CONFIGURING ALTERNATE ACCESSES X.25 Accesses PERMANENT VIRTUAL CIRCUIT INFORMATION Note: 1. SVCs and PVCs are specified in the X.25 Logical Channel Assignments section of the configuration. However, PVCs require additional configuration, which is done in this section. Follow the onscreen instructions to begin the configuration of a virtual circuit. Note: Default values are configured for each PVC when an access is newly created.
USER’S GUIDE DATA RATE The data rate that applies to the line being used for this X.25 access. The configured data rate can be 56 or 64 Kbps. BEARER CHANNELS A list of bearers (a channel map) that will be used on the line associated with this X.25 access. For PRI lines, the range of channels is from 1 to 24. For BRI lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/or list a range by using a dash (-).
CONFIGURING ALTERNATE ACCESSES X.25 Accesses X.25 ACCESS CONFIGURATION ELEMENTS The X.25 Access configuration elements are divided into seven different categories: • X.25 Logical Channel Assignments • X.25 Timer Configuration • X.25 Reliability, Windows, and Acknowledgment Facilities • X.25 Quality-of-Service Facilities • X-25 Charging -Related Facilities • X-25 Restriction Facilities • X.25 Miscellaneous Facilities Each category has multiple configuration elements that must be entered.
USER’S GUIDE X.25 RELIABILITY, WINDOWS, AND ACKNOWLEDGMENT X.25 SEQUENCE NUMBER RANGE The type of sequence numbers to be used for X.25; regular or extended. Extended sequence numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128), as opposed to 0-7 (modulo 8). The default value is modulo 8. MAXIMUM WINDOW SIZE This is the largest possible window size to be supported on any virtual circuit.
CONFIGURING ALTERNATE ACCESSES X.25 Accesses NONSTANDARD DEFAULT TRANSMIT WINDOW SIZE The number of frames that a DTE can send without receiving an acknowledgment. Using modulo 128, the DTEs can send up to 127 frames without receiving an acknowledgment. Using modulo 8, the DTEs can send up to 7 frames without receiving an acknowledgment. The default value for both modulo 8 and modulo 128 is 2.
USER’S GUIDE X.25 RESTRICTION FACILITIES These facilities are used to place restrictions upon incoming and outgoing X.25 calls. BARRING INCOMING CALLS Allows to you bar X.25 calls coming in to the system. The default configuration is to not bar incoming X.25 calls. BARRING OUTGOING CALLS Allows you to bar X.25 calls going out of the system. The default configuration is to not bar outgoing X.25 calls. X.
CONFIGURING ALTERNATE ACCESSES X.25 Accesses NONSTANDARD DEFAULT RECEIVE WINDOW SIZE The number of frames that a DTE can receive without receiving an acknowledgment. Using modulo 128, the DTEs can send up to 127 frames without receiving an acknowledgment. Using modulo 8, the DTEs can send up to 7 frames without receiving an acknowledgment. The default value for both modulo 8 and modulo 128 is 2. NONSTANDARD DEFAULT TRANSMIT PACKET SIZE The size of a packet that a DTE can transmit.
USER’S GUIDE a virtual path, although it appears that a real circuit exits, in reality, the network routes the device’s information packets to the designated designation. Any given path may be shared by several devices. When the virtual circuit is established, a logical channel number is assigned to it at the originating end.
CONFIGURING ALTERNATE ACCESSES Frame Relay Accesses CURRENT X.25 R ESTRICTIONS • • • • • • • • • • X.25 virtual circuits must be two-way logical channels; one-way incoming and one-way outgoing channels are not currently supported. Each system can have only one X.25 access. The X.25 access can use only one line. A maximum of eight virtual circuits can be configured per access. This can be any combination of PVCs or SVCs. Each virtual circuit counts as one of the system’s available 48 connections. X.
USER’S GUIDE 5. Enter a list of bearers (a channel map). For T1 lines, the range of channels is from 1 to 24. For BRI lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/or list a range by using a dash (-). 6. Enter the maximum frame size supported by the network (including the endpoints). 7. Select whether or not HDLC Data is inverted. 8. Enable/disable Link Failure Detection. 9.
CONFIGURING ALTERNATE ACCESSES Frame Relay Accesses 7. Enter the Rate Measurement Interval in msecs. Note: You must restart the CyberSWITCH in order to associate the PVC with a device. After all of the above PVC information is entered, an index number will be assigned to the associated DLCI. This is the index number that should be used when issuing various frame relay access console commands. You may continue to define PVCs on the currently selected line up to the limit available for this system.
USER’S GUIDE LMI Indicates whether or not this frame relay access will support the Local Management Interface (LMI). If this frame relay access supports LMI, LMI information can be displayed by entering the fr lmi command at the system console prompt. For further LMI information, refer to the Local Management Interface Overview. LMI FORMAT The LMI format used by this frame relay access. Available formats include ANSI, and CCITT. The recommended LMI format is CCITT. If this format is unavailable, use ANSI.
CONFIGURING ALTERNATE ACCESSES Frame Relay Accesses PVC LINE PROTOCOL The PVC line protocol determines which type of data encapsulation will be used on the PVC. The options are PPP Point to Point Protocol or FR_IETF. PPP allows PPP authentication for the associated device. FR_IETF is a multiprotocol encapsulation for Frame Relay, currently specified by RFC 1490. FR_IETF protocols include IP, MAC Layer Bridge, IPX, and AppleTalk. The default PVC line protocol is PPP.
USER’S GUIDE FRAME RELAY ACCESS BACKGROUND INFORMATION Frame Relay is a frame mode service in which data is switched on a per frame basis, as opposed to a circuit mode service that delivers packets on a call-by-call basis. This feature will allow the system to efficiently handle high-speed, bursty data over wide area networks. It offers lower costs and higher performance than a X.25 packet switched network for those applications that transmit data at a high speed in bursts.
CONFIGURING ALTERNATE ACCESSES Frame Relay Accesses configured in the device table. It will find the PVC and the line protocol that corresponds to the PVC name and change its PVC name to match the corresponding device name. Notes: VRA Manager is currently the only off-node device database supported by the CyberSWITCH for Frame Relay. The management of Frame Relay permanent virtual circuits requires the use of some form of security.
USER’S GUIDE -- the rate at which data frames may be sent into the network without incurring congestion. This is generally accepted as the end-to-end available bandwidth at which frame relay service devices may enjoy sustained frame transmission. By definition this must be less than the throughput that the actual physical access link can support. However, for short periods of time, service devices may exceed this rate by defined values.
CONFIGURING ALTERNATE ACCESSES Frame Relay Accesses However, under the above stated conditions, the network configuration shown below would not be allowed: DLCI 1 -> NE2 CSX1200 Frame Relay LAN POWER SERVICE TX RX B-CHANNELS 10BASE - T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 B25 B27 B29 B31 B26 B28 B30 T1 D L1 DLCI 2 ->NE 2 "Site1" CSX1200 LAN POWER SERVICE NOT ALLOWED TX RX B-CHANNELS 10BASE - T E1 ONLY B
CONFIGURING ADVANCED BRIDGING OVERVIEW When bridging is enabled, optional advanced features are available. Optional bridging features include: • bridge dial out • Spanning Tree Protocol • mode of operation • bridging filters • known connect lists This chapter includes a section for each advanced bridging feature. BRIDGE DIAL OUT With bridging enabled, bridge dial out is supported. Bridge dial out allows the CyberSWITCH to initiate connections to bridge devices at remote sites.
CONFIGURING ADVANCED BRIDGING Bridge Dial Out CONFIGURING THE DEVICE LIST FOR BRIDGE DIAL OUT Note: The Configuring Device Level Databases chapter contains the information needed to completely configure an on-node device entry. The following section provides instructions for entering on-node device information specific to the bridge dial out feature. USING CFGEDIT 1. Select Security from the main menu. 2. Select Device Level Databases from the security menu. 3.
USER’S GUIDE Device Bridging: (Device = "DAN") 1) 2) 3) 4) 5) IP (sub)network number Bridging Make Calls for bridge data IPX Network Number IPX Spoofing Options None ENABLED None None Id of option to change or press for previous menu? 3 9. Enable Bridging. 10. Enable Make Calls for bridge data. You must have already configured the device’s phone number (Step 6) before the system allows you to enable this feature. Return to the Current Device Table.
CONFIGURING ADVANCED BRIDGING Bridge Mode of Operation BRIDGE MODE OF OPERATION BACKGROUND INFORMATION Selecting the bridge mode of operation allows you to determine the forwarding method that the bridge will use to distribute LAN packets to the remote sites and to the LAN ports of the system. The two possible modes of operation are the Unrestricted Bridge Mode and the Restricted Bridge Mode. Note: If the mode of operation is changed, any previously defined filters will be deleted.
USER’S GUIDE BRIDGE FILTERS CONFIGURING BRIDGE FILTERS Note: Bridge dial out calls can be initiated through the use of a Known Connect list or through the use of bridge filters. For a description of bridge dial out through bridge filters, refer to the section titled Dial Out Using Bridge Filters. USING CFGEDIT 1. Select Bridge Filters from the Bridging menu. 2. Configure any needed protocol definitions. These definitions will be used if you configure any protocol filters.
CONFIGURING ADVANCED BRIDGING Bridge Filters Protocol Definition Commands protdef Displays the current protocol definition configuration data. protdef add Allows a protocol definition to be added to the current configuration. Refer to the Using CFGEDIT section for required configuration elements (page 222). Configure any needed protocol definitions (page 226). protdef change Allows the current protocol definition configuration to be changed.
USER’S GUIDE protfilt add Allows a protocol filter to be added to the current configuration. Refer to the CFGEDIT section for required configuration elements (page 222). protfilt change Allows the current protocol filter configuration to be changed. protfilt delete Allows a protocol filter to be deleted from the current configuration. Packet Data Filter Commands pktfilt Displays the current packet filter configuration data. pktfilt add Allows a packet filter to be added to the current configuration.
CONFIGURING ADVANCED BRIDGING Bridge Filters DISTRIBUTION LIST A distribution list is defined as the WAN and/or LAN ports to which the filter action will be applied. The distribution list is selected from a displayed list of possible choices (LAN, WAN, Device Table, or all destinations). MASK Hexadecimal number up to 80 characters in length that specifies which bits in the data packets are significant. There must be an even number of hexadecimal digits in the number.
USER’S GUIDE MAC address filters reference either the source or destination MAC address fields in a packet. Protocol filters use the protocol Id field in a packet. Packet data filters reference data outside the address and protocol fields in a packet. Each filter has a distribution list that identifies the potential destinations for a filtered packet. For each filter category, there are three filtering actions that the system can perform on a packet: discard, forward, or connect.
CONFIGURING ADVANCED BRIDGING Bridge Filters BRIDGE FILTER DEFINITIONS This section provides the syntax for the bridge filters available for the unrestricted bridge mode and the restricted bridge mode. Unrestricted Mode Bridge Filters Unrestricted Mode Type of Filter available Forwarding Action SOURCE DISCARD SOURCE CONNECT DESTINATION DISCARD DESTINATION CONNECT PROTOCOL DISCARD PROTOCOL CONNECT PACKET DISCARD PACKET CONNECT 1.
USER’S GUIDE 228 4. DESTINATION MAC-address CONNECT< distribution list > This filter allows you to connect MAC frames addressed to the specified MAC address. When the specified MAC address appears in the destination address field of the MAC frame, the frame will be forwarded as specified in the distribution list. 5. PROTOCOL protocol-Id DISCARD < distribution list > This filter allows you to discard packets based on the Ethernet type field or the corresponding 802.3 LSAP field.
CONFIGURING ADVANCED BRIDGING Bridge Filters The following charts summarize the filter actions available for Unrestricted Bridging: Filter Action Distribution List Result DISCARD LAN A packet matching this filter will not be forwarded on any LAN port. The packet will be sent to remote sites connected over the WAN according to the normal learning bridge methods. DISCARD WAN A packet matching this filter will not be forwarded to any remote sites connected on the WAN.
USER’S GUIDE Restricted Mode Bridge Filters Restricted Mode Type of Filter available 230 Forwarding Action SOURCE FORWARD SOURCE CONNECT DESTINATION FORWARD DESTINATION CONNECT PROTOCOL FORWARD PROTOCOL CONNECT PACKET FORWARD PACKET DISCARD PACKET CONNECT 1. SOURCE unicast-address FORWARD This filter allows you to stipulate access privileges of a given device.
CONFIGURING ADVANCED BRIDGING Bridge Filters 5. PROTOCOL protocol-Id FORWARD < distribution list > This filter allows you to restrict packets based on the Ethernet protocol Id field or the corresponding 802.3 LSAP field. You can specify the protocol Id that is to be forwarded. The filtering mechanism will determine if the packet is Ethernet format or 802.3 format. The Ethernet type or LSAP field will be checked based on packet format. 6.
USER’S GUIDE The following chart summarizes the forward filter actions available for Restricted Bridging: Filter Action Distribution List Result FORWARD LAN A packet matching this filter will only be forwarded on the LAN ports. The packet will not be sent to any remote sites connected over the WAN. FORWARD WAN A packet matching this filter will only be forwarded to remote sites connected on the WAN. The packet will not be sent to the LAN ports.
CONFIGURING ADVANCED BRIDGING Bridge Filters DIAL OUT USING BRIDGE FILTERS Each type of bridge filter for each operating mode supports a different set of “forwarding actions.” Your particular set up and device configuration will determine which type of filter and forwarding arrangement will be the most useful. For our purposes, we will illustrate what we feel to be the most commonly used filter arrangement: the Destination MAC Address Filter used in Unrestricted Mode.
USER’S GUIDE Bridge Filter Menu: 1) 2) 3) 4) 5) Protocol Definition Source MAC Address Filter Destination MAC Address Filter Protocol Filter Packet Data Filter Select function from above or for previous menu: 3 Current Destination Address Filter: id DEST ADDRESS ACTION DISTRIBUTION LIST -------------------------------------------------------There are currently no Destination Address Filters configured.
CONFIGURING ADVANCED BRIDGING Known Connect List Current Destination Address Filter Configuration: id DEST ADDRESS ACTION DISTRIBUTION LIST -------------------------------------------------------1 112233445566 CONNECT John (1) Add, (2) Change, (3) Delete a Destination Address Filter or to return to the previous menu? Your filter is now configured for this example. Remember, each type of filter for each operating mode supports a different set of “forwarding actions.
USER’S GUIDE KNOWN CONNECT LIST CONFIGURATION ELEMENTS DEVICE NAME The name of a bridge device that has been preconfigured in the On-node Device Database section of the Configuring Device Level Databases chapter. This is a device to which you want the system to connect and forward bridged unicast packets. KNOWN CONNECT LIST BACKGROUND INFORMATION In Unrestricted Mode, standard bridge processing attempts to forward frames with unknown or broadcast MAC addresses through all available interfaces.
CONFIGURING ADVANCED IP ROUTING OVERVIEW By default, IP routing is disabled when you first install your system software. After IP routing is enabled, there are optional advanced features available. Optional advanced IP routing features include: • Static ARP Table Entries ARP (Address Resolution Protocol) is used to translate IP addresses to Ethernet addresses. As a rule, this translation is handled dynamically. In rare situations, a user may need to manually enter this translation.
USER’S GUIDE STATIC ARP TABLE ENTRIES CONFIGURING STATIC ARP TABLE ENTRIES USING CFGEDIT Once IP has been enabled, the full IP Configuration menu will be displayed as shown below: IP Routing Menu: 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) 12) IP Routing (Enable/Disable) IP Operating Mode IP Interfaces IP Static Routes RIP (Enable/Disable) IP Static ARP Table Entries Isolated mode (Enable/Disable) Static Route Lookup via RADIUS (Enable/Disable) IP Address Pool DHCP Configuration IP Filters Security Associations
CONFIGURING ADVANCED IP ROUTING The Isolated Mode THE ISOLATED MODE CONFIGURING THE ISOLATED MODE USING CFGEDIT 1. Select Isolated Mode (Enable/Disable) from the IP menu. 2. Follow the onscreen instructions to either enable or disable the isolated mode. ISOLATED MODE CONFIGURATION ELEMENTS ISOLATED MODE STATUS You may enable or disable the Isolated Mode option.
USER’S GUIDE STATIC ROUTE VIA RADIUS CONFIGURATION ELEMENTS STATIC ROUTE VIA RADIUS STATUS You may enable or disable this option. STATIC ROUTE LOOKUP VIA RADIUS BACKGROUND INFORMATION The Static Routes Lookup via RADIUS option allows you to maintain static routes for devices on the RADIUS Server. When there are multiple CyberSWITCHes at one site, the IP static routes information needs to be duplicated on all systems.
CONFIGURING ADVANCED IP ROUTING IP Filters IP ADDRESS POOL BACKGROUND INFORMATION The IP Address Pool feature allows you to configure a list of IP addresses that can be dynamically assigned to remote IP devices as they connect to the system. This would occur if a remote IP device calls in to the system and has no IP address, and requests to have one assigned.
USER’S GUIDE IP Routing Menu: 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) IP Routing (Enable/Disable) IP Operating Mode IP Interfaces IP Static Routes RIP (Enable/Disable) IP Static ARP Table Entries Isolated Mode(Enable/Disable) Static Route Lookup via RADIUS(Enable/Disable) IP Address Pool DHCP Configuration IP Filter Information.
CONFIGURING ADVANCED IP ROUTING IP Filters The screen identifies the common portion of the packet type, which includes the IP addresses and protocol information. To modify these values, refer to the following section entitled Configuring the Common IP Portion.
USER’S GUIDE CONFIGURING TCP If you have selected TCP as your IP protocol, a screen similar to the following is displayed. Note that the following TCP defaults constitute a wild card match for any TCP packet: PACKET TYPE "Type_One": 1) 2) 3) 4) 5) 6) IP Source Address IP Destination Address IP Protocol TCP Source Port TCP Destination Port TCP Control AND 0.0.0.0 EQUAL 0.0.0.0 AND 0.0.0.0 EQUAL 0.0.0.
CONFIGURING ADVANCED IP ROUTING IP Filters 3. If you have chosen the comparison operator of “RANGE”, you will be prompted for upper-range and lower-range values. If you have chosen a comparison operator other than “RANGE”, you will be prompted for a specific UDP port number. 4. Select UDP Destination Port. Note that the ports are specified in terms of an operator. 5. Select a comparison operator. 6.
USER’S GUIDE CONFIGURING FORWARDING FILTERS The configuration of Forwarding Filters is a two-part process. First you must name the filter, and then you must create a list of conditions for the filter. To add a condition, you must name a previously-created packet type, and then name the action to perform on the specified packet type (i.e., forward or discard). USING CFGEDIT 1. Select Forwarding Filters from the IP Filter menu. 2. Select Add a Forwarding Filter. 3.
CONFIGURING ADVANCED IP ROUTING IP Filters CONFIGURING CONNECTION FILTERS The IP Connection Filter is used at the point when an IP packet attempts to establish an outbound connection in order to continue the forwarding process. Its configuration parallels that of forwarding filters. USING CFGEDIT 1. Select Connection Filter from the IP Filter menu. 2. Enable the Connection Filter. (By default, the Connection Filter is disabled.) 3. Select Edit the Connection Filter.
USER’S GUIDE CONFIGURING EXCEPTION FILTER The IP Exception Filter is intended for temporary, special conditions within an existing forwarding filter. When enabled, it is logically appended to the beginning of each forwarding filter in effect. USING CFGEDIT 1. Select Exception Filter from the IP Filter menu. 2. Enable the Exception Filter. (By default, the Exception Filter is disabled.) 3. Select Edit the Exception Filter.
CONFIGURING ADVANCED IP ROUTING IP Filters MODIFYING THE FINAL C ONDITION FOR A FILTER To change the final condition for a filter, select Change Default Condition (currently selection (5) on the Conditions for Filter menu. APPLYING FILTERS Once you have defined your forwarding filters, you must apply them to selected points in the IP routing process. There are three ways to apply filters: • through a Network Interface • globally • on a per-user basis APPLYING FILTERS TO NETWORK INTERFACES 1.
USER’S GUIDE 5. Select the device to which you want to apply the forwarding filter. 6. Select IP Information. 7. Select either IP Input Filter or IP Output filter. 8. Provide the filter name. IP FILTERS CONFIGURATION ELEMENTS The following elements are described in terms of the individual comparisons which make up the packet types. When an IP packet is subjected to a filter, the following comparisons are executed.
CONFIGURING ADVANCED IP ROUTING IP Filters TCP AND UDP P ORTS These elements allow filtering based on the TCP Source and Destination Port fields, which are treated as 16 bit unsigned quantities (0-65535). These can be used to trap applications that have well-known port addresses, such as Telnet, FTP, etc.
USER’S GUIDE FILTER IP Packet Conditions Discard Type 3 Discard Type 1 Forward Type 4 Action: Discard/Forward Packet Types: Type 1: www,www,www Type 2: xxx,xxx,xxx Type 3: yyy,yyy Type 4: zzz,zzz Final Condition Discard All Other Types FILTER COMPOSITION The IP filtering mechanism is composed of three fundamental building blocks: Packet Types The criteria for describing an IP datagram’s contents: IP Source and Destination Addresses, Protocol (TCP, UDP, etc.
CONFIGURING ADVANCED IP ROUTING IP Filters • • through the Output Network Interface: applies the filter only to packets which are transmitted on a specific attached network (i.e. after the Routing process has determined the next-hop network for the datagram). on a per-Device basis: applies a device-specific filter in addition to any Input or Output filters. This type of filtering is applicable only to WAN Network Interfaces.
USER’S GUIDE Because the Packet Types within the conditions specify both source and destination address information, Global application may often be sufficient to filter IP traffic across the entire system. However, the Input, Output and User-Based application points are defined in case the administrator needs to apply a finer level of filtering which cannot be obtained on a Global basis.
CONFIGURING ADVANCED IP ROUTING IP Filters Common Portion: IP Source Address AND mmm.mmm.mmm.mmm EQ/NEQ ttt.ttt.ttt.ttt IP Destination Address AND mmm.mmm.mmm.mmm EQ/NEQ ttt.ttt.ttt.
USER’S GUIDE EXAMPLE OF AN IP FILTER CONFIGURATION This example provides a simple filtering scenario in which a corporate LAN utilizes a CyberSWITCH to provide WAN access to both dial-in devices as well as the global Internet. A Netserver resides on the LAN to provide configuration support for the CyberSWITCH. Also on the LAN are an anonymous FTP server and a WWW server. Host Host FTP Server SFVRA Manager WWW Server Internet 128.131.25.10 128.131.25.12 128.131.25.11 128.131.25.15 193.57.50.
CONFIGURING ADVANCED IP ROUTING IP Filters FORWARD IP Src 0.0.0.0, 0.0.0.0 IP Dst: 255.255.255.255, 128.131.25.10 IP Prot: ANY Permits any host to access the FTP Server. FORWARD IP Src 0.0.0.0, 0.0.0.0 IP Dst: 255.255.255.255, 128.131.25.12 IP Prot: ANY Permits any host to access the WWW Server FORWARD IP Src 0.0.0.0, 0.0.0.0 IP Dst: 0.0.0.0., 0.0.0.
USER’S GUIDE FORWARD IP Src 255.255.255.255, 201.55.89.100 IP Dst: 255.255.255.255, 128.131.25.11 IP Prot: ANY Allows specific host to access the Netserver. FORWARD All other packet types If no match, let filter execution continue with the existing input filter. Once the offsite maintenance is completed, the Exception filter would be disabled.
CONFIGURING ADVANCED IP ROUTING DHCP Relay Agent DHCP CONFIGURATION ELEMENTS DHCP/BOOTP RELAY AGENT ENABLE/DISABLE FLAG A global flag that indicates whether the system is relaying the DHCP/BOOTP BOOTREQUEST messages or not. The relay agent is disabled by default. RELAY DESTINATION IP ADDRESSES These are the IP addresses to which the system will relay BOOTREQUEST messages.
USER’S GUIDE Bridge to Bridge Environment CSX1200 Using bridging LAN POWER SERVICE TX RX B-CHANNELS 10BASE - T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 B25 B27 B29 B31 B26 B28 B30 T1 D L1 DHCP DHCP Server Remote Bridge DHCP Client DHCP Client As shown in the picture above, when a remote LAN is connected with bridge devices, the DHCP server and clients communicate with each other as if they were on the same LAN.
CONFIGURING ADVANCED IP ROUTING DHCP Relay Agent DHCP CSX1200 Using routing LAN POWER SERVICE TX RX B-CHANNELS 10BASE - T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 B25 B27 B29 B31 B26 B28 B30 T1 D L1 DHCP Server Remote Bridge DHCP DHCP Client DHCP Client EXAMPLE DHCP CONFIGURATIONS Below we have included two of the more common DHCP scenarios. These may help you configure your own DHCP feature.
USER’S GUIDE Routers shown in the diagram above.
CONFIGURING ADVANCED IP ROUTING DHCP Relay Agent Remote Bridge to IP Router (w/Relay Agent) This configuration is useful when requests by a DHCP Client must be “bridged” to an IP Router that is also a DHCP/BOOTP Relay Agent. Our equipment is shown in this example, but any remote bridge device should work. DHCP Client DHCP Server 192.168.1.5 ISDN 192.168.1.168 204.157.42.
USER’S GUIDE Configuration for IP Router "Alex" Configuration for Remote Bridge "Ruby" System Information: System Name = Alex System Password = stone System Information: System Name = Ruby System Password = rubble Security Level = Device Level (On-node Device Database, PAP security) Security Level = Device Level (On-node Device Database, PAP security) Bridging disabled Bridging enabled Bridge Packet Data Filter: offset=1; mask=00;value=00;action=CONNECT; dist list=“Alex” IP enabled (router mode) I/
CONFIGURING ADVANCED IP ROUTING DHCP Proxy Client DHCP PROXY CLIENT CONFIGURING THE DHCP PROXY CLIENT In order to configure the DHCP Proxy Client, you must first enable the client, and then configure client information for a WAN or a WAN (Direct Host) type interface. USING CFGEDIT 1. Select DHCP Configuration from the IP menu. 2. Select DHCP Proxy Client. 3. Follow the onscreen instructions to enable the DHCP Proxy Client. Then return to the IP Routing Menu. 4.
USER’S GUIDE DHCP CONFIGURATION ELEMENTS DHCP PROXY CLIENT ENABLE/DISABLE FLAG A global flag that indicates whether the DHCP Proxy Client feature is enabled or not. The proxy client is disabled by default. MAXIMUM NUMBER OF IP ADDRESSES Refers to the maximum number of IP addresses obtained from DHCP servers for this network interface. This number of IP addresses can be leased from DHCP servers for this interface and placed into the IP Address Pool.
CONFIGURING ADVANCED IP ROUTING DHCP Proxy Client The DHCP Proxy Client feature is not applicable for the CyberSWITCH running in IP HOST mode. DHCP servers must support use of the broadcast bit in order to obtain IP addresses for WAN (Direct Host) interfaces. SAMPLE CONFIGURATION: IP ROUTER WITH DHCP PROXY CLIENT The following illustrates a typical use of the DHCP Proxy Client. This configuration has the DHCP server and the CyberSWITCH located on the same LAN: ETHERNET DHCP Server 192.168.1.5 192.168.
USER’S GUIDE Configuration for IP Router “Chloe” System Information: System Name = Chloe System Password =pets Security Level = Device Level (On-node Device Database, PAP security) Bridging disabled IP enabled (router mode) I/F = LAN (192.168.1.168); LAN port 1 I/F = WAN explicit (192.168.10.168) DHCP related: max addrs to obtain=10 num addrs to pre-fetch=5 LAN port to reach server=1 DHCP configuration: Relay Agent disabled. Proxy Client enabled.
CONFIGURING IPX OVERVIEW IPX protocol accepts data from remote devices and formats the data for transmission onto the network, and conversely, accepts data from the LAN and formats it so it can be understood by remote devices. In short, IPX allows remote devices and their servers to communicate. The CyberSWITCH supports the standard method of routing datagrams over a network.
USER’S GUIDE CONFIGURING IPX INFORMATION Note: IPX is available only if you have purchased the additional software module for our IPX feature. To help you configure your IPX information, we have included an illustration of a sample network. As we explain the steps, we provide sample CFGEDIT screens. The screens include information from the sample network. You may find it helpful to refer to the graphic and to the sample screens for clarification while completing your IPX configuration.
CONFIGURING IPX IPX Routing Option IPX ROUTING OPTION ENABLING/DISABLING IPX Note: The CyberSWITCH does not currently provide IPX data transfer over X.25 links. USING CFGEDIT 1. Select Options from the main menu. 2. Select IPX Routing from the Options menu. The following menu will be displayed: IPX Menu: 1) IPX Routing (Enable/Disable) Select function from above or for previous menu: 1 The IPX Routing feature is currently DISABLED.
USER’S GUIDE IPX OPTION BACKGROUND INFORMATION The Internetwork Packet Exchange (IPX) protocol is a datagram, connectionless protocol in the NetWare environment analogous to the Internet Protocol (IP) in the TCP/IP environment. With the help of Routing Information Protocol (RIP) and Service Advertising Protocol (SAP), the IPX router performs the network layer tasks of addressing, routing and switching information packets, to move packets from one location to another in a complex network.
CONFIGURING IPX IPX Network Interfaces IPX NETWORK NUMBER BACKGROUND INFORMATION Novell NetWare networks use IPX external and internal network numbers. An IPX internal network number is a unique identification number assigned to a network server or router at the time of installation. Servers and routers periodically broadcast their numbers across the network to advertise their presence. Each server/router must have a unique internal network number to distinguish itself from other servers/routers.
USER’S GUIDE 9. If IPX RIP has been enabled for the system, enter the following: a. RIP send control (do not respond or respond) b. frequency (in seconds) of sending RIP updates c. RIP receive control (do not respond or respond) d. time (in seconds) to age RIP entries e. RIP respond control (do not respond or respond) 10. If IPX SAP has been enabled for the system, enter the following: a. SAP send control (do not respond or respond) b. frequency (in seconds) of sending SAP updates c.
CONFIGURING IPX IPX Network Interfaces IPX NETWORK INTERFACE CONFIGURATION ELEMENTS GENERAL IPX NETWORK INTERFACE C ONFIGURATION ELEMENTS INTERFACE TYPE When configuring an IPX Network interface, this parameter specifies the type of network segment to which the network interface connects. The network Interface type of LAN indicates that the system is physically connected to an Ethernet LAN segment. The WAN (Remote LAN) interface allows the system to connect to remote bridge devices.
USER’S GUIDE SEND FREQUENCY Specifies the frequency at which the system will transmit RIP packets, if the Send control parameter is set to send for this interface. This parameter is a decimal value specified in seconds from 1 to 300. The default value is 60 seconds. RECEIVE CONTROL Specifies how the system will process RIP packets received on this network interface.
CONFIGURING IPX IPX Network Interfaces IPX NETWORK INTERFACE BACKGROUND INFORMATION Traditional routing products ask you to define the network interfaces to which the router is directly connected: LAN INTERFACES LAN network interfaces are fixed broadcast media type interfaces. These interfaces are assigned a specific network number and all devices on that LAN must agree on the IPX network number used on the LAN segment.
USER’S GUIDE IPX ROUTING PROTOCOLS CONFIGURING IPX ROUTING PROTOCOLS USING CFGEDIT 1. Select Routing Protocols from the IPX menu. The following will be displayed: IPX Routing Protocol Menu: 1) 2) 3) 4) IPX IPX IPX IPX RIP RIP SAP SAP Processing is currently ENABLED Table maximum is 282141 Processing is currently ENABLED Table maximum number of entries is 282141 Select function from above or for previous menu: 2.
CONFIGURING IPX IPX Routing Protocols RIP/SAP NUMBER OF TABLE ENTRIES Specifies the maximum number of routing entries which can be stored in the route or service table. You may select a number between 20 and 3072. The default value is 141 IPX ROUTING PROTOCOL BACKGROUND INFORMATION Routing Information Protocol (RIP) and Service Advertising Protocol (SAP) are used to automate the exchange of information across a network.
USER’S GUIDE Static services are configured locally on the system. SAP entries are learned from incoming SAP packets. All services are stored, used internally and advertised to other routers. The same factors that affect the maximum number of routes stored also affect the maximum number of services stored. Because of these factors, the maximum number of services for each router must be configurable. Each route or service entry requires memory.
CONFIGURING IPX IPX Static Routes IPX STATIC ROUTES Note: With the availability of Triggered RIP/SAP (page 292), the configuration of static routes is no longer necessary but still supported. Situations may arise in which a remote router does not support our implementation of Triggered RIP/SAP. In this case, it would be necessary to configure a static route to that particular router. CONFIGURING IPX STATIC ROUTES USING CFGEDIT 1. From the IPX menu, select IPX Static Routes. 2.
USER’S GUIDE USING MANAGE MODE COMMANDS ipxroute Displays the current IPX routes (both statically entered and "learned"). ipxroute [add/change/delete] Allows you to add/change/delete an IPX route. IPX STATIC ROUTES CONFIGURATION ELEMENTS DESTINATION NETWORK The IPX network number reachable through this static route entry. This parameter is a hexadecimal value from 1 to 4 bytes in length.
CONFIGURING IPX IPX NetWare Static Services IPX NETWARE STATIC SERVICES Note: With the availability of Triggered RIP/SAP (page 292), the configuration of static services is no longer necessary but still supported. Situations may arise in which a remote router does not support our implementation of Triggered RIP/SAP. In this case, it would be necessary to configure a static service for that particular router. CONFIGURING IPX NETWARE STATIC SERVICES USING CFGEDIT 1.
USER’S GUIDE IPX NETWARE STATIC SERVICES CONFIGURATION ELEMENTS SERVICE NAME Specifies the NetWare service name that is the target of this static service definition. This parameter is a 48 character NetWare service name. SERVICE TYPE Indicates the type of NetWare service that is the target of this static service definition. You may enter the hexadecimal service type value, or request a list of common service types.
CONFIGURING IPX IPX Spoofing IPX NETWARE STATIC SERVICES BACKGROUND INFORMATION This IPX feature allows you to configure service servers that are on networks across the WAN. The IPX NetWare Static Services configuration tells the system which servers are available for access. The static route configuration tells the system how to get to the network on which the servers are located. IPX SPOOFING CONFIGURING IPX SPOOFING USING CFGEDIT 1. Press 7 from the IPX menu to configure IPX spoofing options.
USER’S GUIDE b. 5. Press 2 to select the system serialization packet handling level. The default values for all parameters will be displayed. Enter the Id of any parameters you need to change. Follow the onscreen instructions for changing the default values. Return to the IPX spoofing menu. Press 4 to configure the message packet handling. A message packet handling menu will be displayed. a. Press 1 to select the message packet handling configuration level.
CONFIGURING IPX IPX Spoofing WATCHDOG PROTOCOL Watchdog Protocol is used by NetWare Servers to detect “dead” clients. If no traffic has been seen by a server from an attached client for a configurable amount of time, the server sends a watchdog packet to the client to determine if the client is still alive or merely inactive. If, after a few minutes, a watchdog reply is not received by a server, it is assumed that the client is no longer alive and the connection to the server is terminated.
USER’S GUIDE without generating a keep-alive response. The duration timer T starts when a device is disconnected and is reset each time a new connection is established. Some of these packets are overloaded in that they are not just keep-alive packets but are control packets needed for the application to run successfully and hence have to be routed like regular SPX data packets.
CONFIGURING IPX IPX Isolated Mode IPX TYPE 20 PACKET HANDLING CONFIGURATION ELEMENTS IPX TYPE 20 PACKET HANDLING STATUS You may enable or disable IPX type 20 packet WAN forwarding. When it is enabled, you may specify devices that can use this feature. IPX TYPE 20 PACKET H ANDLING DEVICE CONFIGURATION ELEMENTS Once you enable the feature, you can then enter devices to use the feature. The following configuration elements are entered for each device.
USER’S GUIDE IPX ISOLATED MODE BACKGROUND INFORMATION When operating with isolated mode enabled, the CyberSWITCH does not relay IPX datagrams received from the WAN to other IPX routers/hosts located on the WAN. IPX datagrams received from the WAN will be discarded if they need to be forwarded over the WAN. IPX datagrams received on the LAN interface are forwarded to the proper interface.
CONFIGURING IPX IPX Triggered RIP/SAP CONFIGURING TRIGGERED RIP/SAP GLOBAL TIMERS USING CFGEDIT 1. 2. Select Triggered RIP/SAP from the IPX Routing Menu. Select Global Triggered RIP/SAP Timers. A menu similar to the following will be displayed: Global Triggered RIP/SAP Timers Options: Current Settings 1) 2) 3) 4) 5) 6) Database Timer Hold Down Timer1 Retransmission Timer Poll Timer Over Subscription Timer Maximum Retransmissions 180 20 5 5 180 10 sec. sec. sec. min. sec.
USER’S GUIDE OVER-SUBSCRIPTION TIMER Over subscription is the situation in which there are more next-hop routers on the WAN that need updates than there are channels available. When a WAN circuit goes down, a delay (per the oversubscription timer) is incorporated in marking the routes unreachable. This allows the calls to timemultiplex over the limited channels. Valid range for timer: 1 to 10,000 seconds; default: 180 seconds.
CONFIGURING IPX IPX-Specific Information for Devices 4. Press 1 to add a device. 5. Enter the device’s name and press . You should provide ISDN and Authentication information first. 6. Select IPX. A screen similar to the following will be displayed: Device IPX Configuration Menu: (Device = "remote1") 1) 2) 3) 4) 5) IPX Routing Make calls for IPX data IPXWAN Protocol Routing Protocol Spoofing Options DISABLED DISABLED DISABLED NONE Select function from above or for previous menu: 7.
USER’S GUIDE Device Level IPX Watchdog Spoofing Menu: 1) 2) 3) 4) Default Handling Handling while the connection is up Handling for the special period after disconnecting Special period of time after disconnecting is is Discard is Forward is Spoof 120 Minutes Select function from above or for previous menu: b. c. The screen includes default configuration values. If needed, make changes to the default values. Press to return to the IPX Device Spoofing menu.
CONFIGURING IPX IPX-Specific Information for Devices REMOTE LAN D EVICES Remote LAN devices are configured in a slightly different way than WAN devices. Since the remote device is a bridge and not an IPX router, the IPX options for Remote LAN devices are configured under the bridge-level options, as follows: USING CFGEDIT 1. Select Security from the main menu. 2. Select Device Level Databases from the security menu. 3. Select On-node Device Entries from the device level databases menu. 4.
USER’S GUIDE IPX CONFIGURATION ELEMENTS FOR DEVICES IPX ROUTING Indicates that the remote device is an IPX router and that the system should route IPX datagrams to this device. The system will forward IPX datagrams to this device based on IPX network layer information if this parameter is set to enabled. The system will not forward IPX datagrams to this device based on IPX network layer information if this parameter is set to disabled.
CONFIGURING IPX IPX-Specific Information for Devices BRIDGING Defines the remote device as a bridge and not an IPX router. Since bridges operate at the MAC layer, the system must provide MAC layer emulation for remote bridge devices, while continuing to route the network layer IPX protocol. This field must be enabled for remote LAN devices. MAKE CALLS FOR BRIDGE DATA This feature is not yet supported for IPX Remote LANs. Therefore, leave this element disabled.
CONFIGURING SNMP OVERVIEW A Network Management Station (NMS) is a device that contains SNMP-specific software, giving it the ability to query SNMPAgents using various SNMP commands. If you have purchased an NMS (such as Cabletron’s SPECTRUM® Management Platform), you should enable and configure the CyberSWITCH to be an SNMP Agent. This will allow you to use the NMS to monitor the CyberSWITCH and other remote devices on your network. (Refer to Remote Management: SNMP.
CONFIGURING SNMP Configuring SNMP The steps to configure SNMP are: 1. Enable IP routing if you have not already done so. 2. Select SNMP from the Options menu. 3. Follow the onscreen instructions to enable SNMP. The following SNMP menu will then be displayed: SNMP Menu: 1) 2) 3) 4) SNMP (Enable/Disable) SNMP Community Name SNMP Trap Information MIB-2 System Group Objects Select function from above or for previous menu: 4. Enter the Community Name information. a.
USER’S GUIDE USING MANAGE MODE COMMANDS Currently you cannot configure SNMP using the Manage Mode, but the following command is available: snmp This Manage Mode command displays the current SNMP configuration data. An example output screen is shown below: MANAGE> SNMP The SNMP feature is enabled.
CONFIGURING SNMP SNMP Background Information IP ADDRESS The IP address assigned to the management station that should receive Trap PDUs. COMMUNITY NAME A list of configured Community Names will be displayed. Select the Community Name that should be inserted in the Trap PDUs to be sent to the NMS with the corresponding IP address. AUTHENTICATION FAILURE TRAPS STATUS You may enable or disable the generation of SNMP Authentication Failure Traps.
USER’S GUIDE ASN. 1 File CSX1200 LAN POWER SERVICE TX RX B-CHANNELS 10BASE - T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 B25 B27 B29 B31 B26 B28 B30 T1 D L1 MIB 128.111.1.1 LAN A WAN MIB Formatter 128.111.1.1 Network Management Station MIB Network Management Station The SNMP Agent will process all SNMP Protocol Data Units (PDUs) which are received at a LAN port or which are received at a WAN port.
CONFIGURING SNMP SNMP Background Information Currently, each object in the above MIB-2 groups can be retrieved via an SNMP GetRequest or GetNextRequest PDU. However, only the snmpEnableAuthenTraps object in the SNMP group can be changed via the SNMP SetRequest PDU. Note: Any system object that is changed via an SNMP SetRequest will be returned to its initial value when that system is restarted due to power loss or the action of an system operator.
USER’S GUIDE 304 • authTimeout Trap An SNMP Agent will generate an authTimeout Trap PDU anytime an off-node server times out. • clidDisconnect Trap An SNMP Agent will generate an clidDisconnect Trap PDU anytime there is a configuration problem with a device’s Calling Line Id. • cdrOutOfBuffer The number of times a buffer was unavailable to send a CDR report record. In this case, the intended record is discarded.
CONFIGURING APPLETALK ROUTING OVERVIEW The AppleTalk routing feature allows the CyberSWITCH to efficiently route AppleTalk data as opposed to bridging all data relating to the protocol. With the addition of the AppleTalk Remote LAN feature, the CyberSWITCH can be configured to be a router, bridge or a mix of both when handling AppleTalk traffic. By default, AppleTalk routing is disabled when you first install your system software.
USER’S GUIDE APPLETALK ROUTING OPTION CONFIGURATION ELEMENT APPLETALK OPERATIONAL STATUS You can enable or disable the AppleTalk Routing option. When AppleTalk Routing is enabled, the CyberSWITCH acts as an AppleTalk Router, routing AppleTalk datagrams based on AppleTalk address information. When AppleTalk Routing is disabled, the CyberSWITCH will simply bridge AppleTalk protocol network traffic. By default, AppleTalk Routing is disabled.
CONFIGURING APPLETALK ROUTING AppleTalk Ports 8. If you are configuring your system in the nondiscovery mode (you entered numbers other than 0 or 0-0 for the network range/number), complete the following: a. Enter either the suggested AppleTalk address or the suggested AppleTalk node Id (depending on AppleTalk network type configured). • For extended networks: enter the suggested AppleTalk address (includes the network number and the node’s Id). • For nonextended networks: enter the suggested node Id.
USER’S GUIDE APPLETALK NETWORK RANGE/NUMBER The AppleTalk network range (for Extended network) or the AppleTalk network number (for NonExtended network) of the LAN segment that the port is connected to. Specifying 0.0 (for Extended) or 0 (for NonExtended) places the port in discovery mode (a.k.a., non-seed router), in which the system learns its configuration information from the seed router. Note that there must be at least one seed router on the network.
CONFIGURING APPLETALK ROUTING AppleTalk Ports THE ZONE C ONCEPT A zone is a logical group of nodes on an internet, much like the concept of subnetting with the world of IP. Within the framework of Phase 2 the logical assignment of zones is limited to 255 zone names for a network. Each name can be configured to represent a logical group within that respective internet. An example would be zone 1=Marketing, zone 2=Engineering etc.
USER’S GUIDE correct network/range and begins using the learned network number/range. If the network number/range configured for the Remote LAN port differs from the network number/range that is being broadcasted in RTMP packets by other remote routers, the port becomes unusable.
CONFIGURING APPLETALK ROUTING AppleTalk Capacities APPLETALK ROUTING STATIC ROUTES CONFIGURATION ELEMENTS APPLETALK NETWORK TYPE The AppleTalk network type used by the destination network of this static route. Type can be either Extended Network or NonExtended Network. DESTINATION NETWORK RANGE/NUMBER The remote AppleTalk network range (for Extended network) or network number (for NonExtended network) reachable through this static route entry.
USER’S GUIDE APPLETALK CAPACITIES BACKGROUND INFORMATION This option allows you to control the maximum number of table entries (routing and zone tables) for your network. APPLETALK ISOLATED MODE CONFIGURING THE APPLETALK ISOLATED MODE USING CFGEDIT 1. Select Isolated Mode (Enable/Disable) from the AppleTalk Routing Menu. 2. Follow the onscreen instructions to either enable or disable the isolated mode.
CONFIGURING CALL CONTROL OVERVIEW The CyberSWITCH offers a number of configurable options to control how the system will make and accept calls.
USER’S GUIDE 3. Follow the onscreen instructions to keep the feature enabled. 4. Enter the sample rate in seconds. 5. Enter the overload trigger number. 6. Enter the overload window size. 7. Enter the overload percentage utilization. 8. Enter the underload trigger number. 9. Enter the underload window size. 10. Enter the idle trigger number. 11. Enter the idle window size. 12. Enter the idle percentage utilization. 13. Press "Y" to accept the configuration changes you have made.
CONFIGURING CALL CONTROL Throughput Monitor UNDERLOAD TRIGGER NUMBER The number of samples within the window that must be below the next lowest target capacity for the UNDERLOAD condition to occur. UNDERLOAD WINDOW SIZE The number of sample periods (up to 32) that you should use as the sliding window. IDLE TRIGGER NUMBER The number of samples within the window that must be below the specified utilization for the IDLE condition to occur.
USER’S GUIDE The throughput monitor feature constantly monitors the use of the connections and looks for the following conditions: • The overload condition, which indicates that demand exceeds the current aggregate capacity of the WAN connections. The system can add more bandwidth when this occurs. • The underload condition, which indicates that demand falls below a target capacity that is lower than the current aggregate capacity. The system can release any previously added bandwidth when this occurs.
CONFIGURING CALL CONTROL Throughput Monitor IDLE CONDITION MONITORING The CyberSWITCH monitors for the idle condition when only one connection to another site remains. The system detects when there is no longer a need to maintain connectivity with the other site. An absolute idle condition is defined as a number of consecutive sample periods with zero bytes transferred. Keep-alive type frames may sometimes continue to flow when there is no actual device data flowing.
USER’S GUIDE The average throughput is 40% for the third sample rate period. This is less than the configured utilization, so out of the last 3 samples (a sliding window is in use), 1 out of 3 samples have throughput that is greater than the configured utilization. The overload condition has still not been met. No extra calls are made. After the fourth sample rate period (20 seconds have now passed), the first sample is dropped.
CONFIGURING CALL CONTROL Monthly Call Charge more than 3 call attempts within 2 seconds. This prevents certain model switches from being overloaded. In areas where these low capacity switches are not installed, calls can be made more frequently. Before the system initiates a data connection, it first checks the time at which the last connection was initiated.
USER’S GUIDE CALL RESTRICTIONS CONFIGURING CALL RESTRICTIONS Note: Certain restrictions apply to the use of Call Restrictions and Semipermanent Connections. Refer to the Background Information discussion. USING CFGEDIT 1. Select Call Restrictions from the Call Control Options menu. 2. Follow the onscreen instructions for enabling this feature. 3. The current call restriction configuration will be displayed. 4. Enter the number Id associated with the parameter you want to change. 5.
CONFIGURING CALL CONTROL Call Restrictions The following chart provides the numbers you should use to represent the am and pm hours of the hours calls are allowed: From: To: 12:00 12:59 1:00 1:59 2:00 2:59 3:00 3:59 4:00 4:59 5:00 5:59 6:00 6:59 7:00 7:59 8:00 8:59 9:00 9:59 10:00 10:59 11:00 11:59 am hour 1 2 3 4 5 6 7 8 9 10 11 12 pm hour 13 14 15 16 17 18 19 20 21 22 23 24 The following chart provides example entries for hours calls are allowed: Hours Calls Allowed
USER’S GUIDE CALL MINUTES PER D AY The limit of number of call minutes per day. The default value is 240 call minutes per day. Call minutes will be calculated periodically while calls are active (not when a call is disconnected). Statistics will be kept to track the total number of call minutes made per day. This statistic will be written to the statistics log every half hour, and available through the ds command.
CONFIGURING CALL CONTROL Bandwidth Reservation Notes: It is important to note that the Call Restriction feature only applies to outbound calls from the system. When a condition occurs that triggers a warning to be written to the log, the message will be written only once for the duration of the condition.
USER’S GUIDE the port number. This example shows that there is only one BRI adapter, and it is installed in slot number one, and has four ports. There is a line for each port number. 4. Press 1 to add a device profile. 5. Enter a user-defined unique name to identify the profile. We will use Central_Site for our example profile name.
CONFIGURING CALL CONTROL Bandwidth Reservation 5. Under ISDN information, enter the profile information. This is a profile name you configured in the previous section. Remember from the previous section that each configured profile reserves specific lines. By assigning this profile to the device, you are reserving specific lines for this device. To enable the bandwidth reservation feature: 1. Return to the Options Menu (selection 2 of the main menu). 2. Select Bandwidth Reservation. 3.
USER’S GUIDE BANDWIDTH RESERVATION BACKGROUND INFORMATION This feature allows a portion of the possible connections to always be available to specific devices for both inbound and outbound calls. To increase flexibility, this feature may be configured to either allow or prevent bandwidth overlap.
CONFIGURING CALL CONTROL Semipermanent Connections 6. Determine if the CyberSWITCH should always retry a call. If yes, then configuration for the device is done, the device is entered into the semipermanent device list, and appears as shown below. If no, continue to step 7.
USER’S GUIDE SEMIPERMANENT CONNECTIONS CONFIGURATION ELEMENTS DEVICE NAME Specify the device name (from the Device List) that you wish to make a semipermanent connection. Once specified, the semipermanent feature will (at least) keep the Initial Data Rate active to the specified device, as long as it is not prohibited by call restrictions or a physical or configuration problem. The number of semipermanent devices is limited to the maximum number of calls the CyberSWITCH supports.
CONFIGURING CALL CONTROL Semipermanent Connections Call Restrictions You may wish to disable call restrictions when using semipermanent connections. Call restrictions are mainly intended for use in areas where “per minute” ISDN tariffs are in place. Typically, this in not the case if semipermanent connections are in use. If you decide not to disable Call Restrictions, we recommend that you make the following Call Restriction parameter alterations: • Change the maximum call duration to warn only.
USER’S GUIDE VRA MANAGER AS A CALL CONTROL MANAGER This feature allows you to use the Virtual Remote Access (VRA) Manager for call control management only. This feature allows you to continue to use other authentication servers (e.g., RADIUS, ACE) yet still gain the benefits of VRA call control management. CONFIGURING VRA MANAGER FOR CALL CONTROL USING CFGEDIT 1. Select VRA as Call Control Manager from the Call Control Options menu. 2.
CONFIGURING CALL CONTROL VRA Manager as a Call Control Manager AUTHENTICATION TIMEOUT TIMER This timer represents the amount of time the CyberSWITCH will wait for the Authentication Agent to handle a login attempt before timing out. If VRA is enabled as Call Control Manager, this timeout value must then represent the amount of time for both: • the Authenticating Agent to respond to the login attempt, and • the VRA Manager to respond to the login attempt.
USER’S GUIDE • User Level Security If you use user level security for authentication: configure devices on the VRA manager as well. This will provide access to the following VRA call control management features: call restrictions, maximum bandwidth, and grouping (in addition to the call logging feature). User level security and VRA call control management work together as follows: VRA allows a device to connect under an alias name until the user can be verified by its authentication server.
CONFIGURING OTHER ADVANCED OPTIONS OVERVIEW This chapter provides information for configuring advanced system options that are not covered in the previous chapters. These options include: • configuring PPP • configuring default line protocol • configuring log options • configuring system compression options • configuring TFTP • configuring file attributes PPP CONFIGURATION CONFIGURING PPP Note: A thorough understanding of PPP protocol is required before you attempt to change the PPP configuration.
USER’S GUIDE PPP CONFIGURATION ELEMENTS MAX TERMINATE The number of Terminate-Request packets sent without receiving a Terminate-Ack before assuming that the peer is unable to respond. MAX CONFIGURE The number of Configure-Request packets sent without receiving a valid Configure-Ack, Configure-Nak or Configure-Reject before assuming that the peer is unable to respond. MAX FAILURE The number of Configure-Nak packets sent without sending a Configure-Ack before assuming that configuration is not converging.
CONFIGURING OTHER ADVANCED OPTIONS PPP Configuration LINK FAILURE D ETECTION STATUS You can enable or disable the link failure detection feature. If enabled, there will be a periodic transmission of Echo-Request frames, a maintenance type frame provided by PPP’s Link Control Protocol. Reception of the appropriate Echo-Reply frame indicates a properly functioning connection; incorrect replies or lack of replies indicate a connection failure.
USER’S GUIDE However, the PPP link exists on an end-to-end basis with the remote peer, a domain which exceeds that controlled by the signalling-type entities just cited. Thus, not every end-to-end failure will be detected.
CONFIGURING OTHER ADVANCED OPTIONS Default Line Protocol DEFAULT LINE PROTOCOL The default values for this feature are adequate for most situations. Instructions are included for the rare instance that you need to alter the configuration. Note: This feature does not apply to analog connections (including digital modem). CONFIGURING DEFAULT LINE PROTOCOL USING CFGEDIT 1. Select Default Line Protocol from the Options menu. 2. Change the action on the frame timeout. 3. Change the frame timeout value.
USER’S GUIDE LOG OPTIONS Log options allow you to direct log reports to a specific location. Reports an be directed to a local log file, or to a UNIX-style syslogs server. Currently, only call detail recording (CDR) reports can be directed to a specific location. CONFIGURING LOG OPTIONS USING CFGEDIT 1. Select Log Options from the Options menu. 2. Select Servers from the Log Options menu. a. No configuration is needed for a local log file. The local log file name is preconfigured. b.
CONFIGURING OTHER ADVANCED OPTIONS Log Options one version of UNIX to the next, the system allows you to set the entire priority value as an integer. This integer will be prepended to all messages sent to this Syslog server. Note: You do not have to configure a Syslog Server name. The first Syslog Server configure will be automatically named Syslog1, the second Syslog2, and so on. Up to ten Syslog Servers can be configured. (For storing CDR reports, you can select up to three of these servers.
USER’S GUIDE files and devices depending upon its configuration. Refer to your UNIX system documentation for more information on syslogd. Each log message sent to a syslogd server has a priority tag associated with it. The priority tag is encoded as a combination: facility.level. The facility identifies the part of the system creating the log message and the level describes the severity of the condition which caused the log message to be written.
CONFIGURING OTHER ADVANCED OPTIONS Log Options .2, and so on up to .10. The file extension cycles through the values 1 through 10 with each write command, similar to the current report log file and status log file, so that the ten most recent versions of the CDR log are available on the system disk. There are five ISDN CDR events that are logged: connect, disconnect, reject, system up, and verify. For each type of event that is logged, related CDR information is provided.
USER’S GUIDE servers. The proper logging of the message can then be inspected to verify that CDR configuration is as desired. Event Report Contents A CDR event triggers a report which can consist of one or more records. Each record corresponds to a line in the log file. This alleviates any constraints of having to fit a report in an 80 character string. The reports are sent to some sort of log device; either a local log file or an offnode syslog server.
CONFIGURING OTHER ADVANCED OPTIONS Log Options CONNECTION ID This field is used to correlate all records involving a particular ISDN connection. The field is an unsigned long hexadecimal integer. It begins at zero when the system is loaded and increments by one to 0FFFFFFFF hex, at which point it wraps back to zero. This provides for somewhat over four billion connections before a connection Id is re-used. DATA RATE This field indicates the data rate for a B channel.
USER’S GUIDE example 2: Chicago-Schaumburg 00000001 CONNECT 1 OF 3 MonroeCounty PORT 1/1/1 Chicago-Schaumburg 00000001 CONNECT 2 OF 3 OUT TO 3135551212 Chicago-Schaumburg 00000001 CONNECT 3 OF 3 64Kb 08/16/95 23:11:55 Note: In most cases, a device is identified when a connect event occurs and the device name is included in the connect report. With user level security, the connect event occurs before the user is identified. Therefore, the connect report will contain a name of UNKNOWN.
CONFIGURING OTHER ADVANCED OPTIONS Compression Options Verify Event Report Contents On a Verify event, only record 1 is used. The event type is CDR VERIFY. No data is filled in for the Remote Device Name field or the Port field. The following is an example verify event report: Chicago-Schaumburg CDR VERIFY 1 OF 1 COMPRESSION OPTIONS Compression allows the CyberSWITCH to compress outgoing data and decompress incoming data.
USER’S GUIDE configuration. If this option is disabled, the system will not negotiate compression with any remote device. The default value is enabled. Note that enable/disable applies to all protocols which support compression. DEFAULT PER-DEVICE COMPRESSION SETTING You may enable or disable the per-device compression setting. This is in addition to the global compression enable/disable state described above.
CONFIGURING OTHER ADVANCED OPTIONS Compression Options effect is to increase effective interconnect bandwidth by decreasing transmission time. If negotiation for compression fails, data is transmitted uncompressed. The compression algorithm implemented is STAC-LZS. This algorithm is used in all of STAC’s data compression products. This software version is fully compatible with STAC’s data compression compressor chips including the multi-tasking features.
USER’S GUIDE When using Extended mode, a coherency count is checked to detect lost packets. If a packet loss is detected by the receiver, a Reset-Request is sent to the transmitter. The next compressed data packet transmitted will have a bit set to indicate that the history has been reset. With the use of sequence numbers, the decompressed output of all in-order compressed frames is assumed to be valid.
CONFIGURING OTHER ADVANCED OPTIONS TFTP tftp change This command allows you to change the current TFTP configuration. You can enable or disable the TFTP feature, TFTP Client, and the TFTP Server. You can also change the file access rights for the TFTP Server. TFTP CONFIGURATION ELEMENTS OPERATIONAL STATUS OF TFTP FEATURE You can enable or disable the TFTP feature. OPERATIONAL STATUS OF TFTP CLIENT You can enable or disable the TFTP client feature.
USER’S GUIDE Each device has pre-assigned configurable access rights to the TFTP permissible file types. The access rights are configurable using the fileattr change Manage Mode command. Refer to File Attributes for more information regarding configuring the file attributes. When a device remotely access the TFTP server, it doesn’t matter what level the device is logged in as. What matters is the device level that is configured for the Server on the system that is being logged into.
CONFIGURING OTHER ADVANCED OPTIONS File Attributes Users Report Files StatFiles CfgFiles Other Files GUEST RN RN RN N ADMIN RN RN RWN RWN where: • “R” is for read only file access • “W” is for write only file access • “RW” is for read and write access • “N” is for no access rights for the corresponding file type The file types that fall under the headings shown above are as follows: File category File types included in the category REPORT RPRT_LOG.1 - 5 STATISTICS STAT_LOG.
TROUBLESHOOTING We include the following chapters in the Troubleshooting segment of the User’s Guide: • System Verification After your CyberSWITCH has been configured, and before proceeding with normal system operations, you may want to verify that the system is functional. System Verification provides instructions for verifying the system hardware and system configuration.
SYSTEM VERIFICATION OVERVIEW After your CyberSWITCH has been configured, and before proceeding with normal system operation, it is necessary to verify that the system is functional. This chapter provides instructions for verifying the system hardware and system configuration. You only need to perform the verification procedures for the options that apply to your configuration. For example, if your configuration does not use SNMP, skip the SNMP verification section.
USER’S GUIDE VERIFYING WAN LINES ARE AVAILABLE FOR USE To verify the availability of WAN lines, the WAN resource must already be operational. Also, the WAN lines must already be configured and connected to the CyberSWITCH. To verify the availability of WAN lines: 1. Check the Line SYNC LED for each line. If the operational software determines that Layer One is up, then this indicator light is on.
SYSTEM VERIFICATION Verifying Bridge is Initialized 4. Transmit a test packet onto the Ethernet LAN. At the administration console type: lan test This command will display a message similar to the following: LAN port 1 Transmit was successful If the system displays this message, then the test packet was transmitted correctly. If this message IS NOT displayed, then the LAN connection failed. Refer to LAN Attachment in the Problem Diagnosis chapter.
USER’S GUIDE VERIFYING A DEDICATED CONNECTION To verify a dedicated connection to the CyberSWITCH, the WAN lines that are connected to the system must be available for use, and the routing option must be properly initialized. To verify that you have a dedicated connection: 1. View the system messages by entering the following console command: dr 2.
SYSTEM VERIFICATION Verifying an X.25 Connection VERIFYING AN X.25 CONNECTION To verify an X.25 to the CyberSWITCH, the WAN lines that are connected to the System must be available for use, and the routing option must be properly initialized. Follow the steps below to verify that you have an X.25 connection. Enter the x25 stats command at the administration console. If the statistics display appears, the X.25 subsystem should be operational. If the following message is displayed, X.
USER’S GUIDE Below is an example of a configuration used to verify multi-level security over an IP WAN UnNumbered interface. It uses IP addresses specific to the example. Substitute the IP address of your network when you perform the multi-level security verification steps. It also uses the “ping” command. The “ping” command sends a packet to a specified host, waits for a response, and reports success or failure. Substitute the equivalent command on your network.
SYSTEM VERIFICATION Verifying IP Host Mode is Operational VERIFYING IP HOST MODE IS OPERATIONAL The follow sections provide methods of verifying that the IP Host Mode has properly initialized and that the feature is operational. VERIFYING IP HOST IS INITIALIZED If you have configured the IP feature in the Host mode, follow the steps below to verify that it has initialized properly. 1. Determine if IP Host has been initialized by viewing the system messages.
USER’S GUIDE 2. If a message similar to the following is displayed, the IP host mode feature over the specified LAN port is operational. Repeat this step for each LAN port on your Ethernet resource. 100.0.0.2 is alive 3. If this message is not displayed, then the IP Host mode feature over the LAN connection is not operational. Refer to IP Host Mode Operation over the LAN Interface Connection in the Problem Diagnosis chapter. 4.
SYSTEM VERIFICATION Verifying IP Routing Over Interfaces CSX1200 WORKGROUP REMOTE ACCESS SWITCH POWER SERVICE TX LAN RX 10BASE-T LINE 1 LINE 2 LINE 3 LINE 4 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH AGI 100.0.0.1 100.0.0.0 100.0.0.2 Host A To verify IP Routing over a LAN connection: 1. Determine if the CyberSWITCH can access the local IP host. On the administration console type: ip ping 100.0.0.
USER’S GUIDE 192.100.1.1 ISDN WORKGROUP REMOTE ACCESS SWITCH CSX1200 POWER SERVICE TX LAN RX 10BASE-T LINE 1 LINE 2 LINE 3 LINE 4 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH AGI 100.0.0.1 100.0.0.0 Host B 192.100.1.3 Host A 100.0.0.2 The steps to verify the operation of IP routing over a WAN interface are: 1. Determine if a remote IP host can access the WAN interface of the CyberSWITCH over the WAN connection.
SYSTEM VERIFICATION Verifying IP Routing Over Interfaces VERIFYING IP ROUTING OVER A WAN (DIRECT HOST) INTERFACE To verify that IP routing is properly operational over a WAN (Direct Host) interface, a remote IP Host must be operational and available to initiate connections. Also, a local IP host must be connected to the local LAN port on the CyberSWITCH. Below is an example of a configuration used to verify IP routing over a WAN (Direct Host) interface. It uses IP addresses specific to the example.
USER’S GUIDE VERIFYING IP ROUTING OVER A WAN REMOTE LAN INTERFACE To verify that IP routing is properly operational over a WAN Remote LAN interface, a remote IP Host must be operational and connected to the remote LAN. The remote bridge device must be operational and available to initiate connections. Also, a local IP host must be connected to the local LAN port on the CyberSWITCH. Below is an example of a configuration used to verify IP routing over a WAN Remote LAN interface.
SYSTEM VERIFICATION Verifying IP Routing Over Interfaces If the remote IP host successfully pings to the local IP host, then IP routing over the WAN Remote LAN interface is operational. Repeat the above steps for each WAN Remote LAN interface through which you wish to get access. If the remote IP host CANNOT ping to the local IP host, refer to IP Routing over a WAN Remote LAN Interface Connection in the Problem Diagnosis chapter.
USER’S GUIDE VERIFYING IP FILTERS To verify that IP Filters are functioning, perform the following test: 1. Configure and apply at least one IP filter that contains at least one condition whose action is to DISCARD the matching packet. 2. Perform a trace on discarded packets. On the administration console issue the command: ip filter trace discard 3. Attempt to transfer data that would be affected by the configured filters.
SYSTEM VERIFICATION Verifying IP RIP VERIFYING IP RIP OUTPUT PROCESSING ON A LAN INTERFACE To verify that IP RIP Output Processing (routes advertisement) is properly operational on a LAN interface, the IP RIP processing must be successfully initialized. Also, a local IP host (router) must be connected to the local LAN port on the system and capable of learning routes information via RIP. Below is an example of a configuration used to verify IP RIP output processing on a LAN interface.
USER’S GUIDE VERIFYING IP RIP INPUT PROCESSING ON A LAN INTERFACE To verify that IP RIP Input Processing (routes learning) is properly operational on a LAN interface, IP RIP processing must be successfully initialized. Also, a local IP router must be connected to the local LAN port on the system and capable of propagating routes information via RIP. Below is an example of a configuration used to verify IP RIP input processing on a LAN interface. It uses IP addresses specified to the example.
SYSTEM VERIFICATION Verifying IP RIP perform the verification steps. It also uses the show ip route command. The show ip route command is used by a specific router to display the IP routing table. Substitute the equivalent command for your IP router. CSX1200 Router Dedicated Connection WORKGROUP REMOTE ACCESS SWITCH POWER SERVICE TX LAN RX 10BASE-T LINE 1 LINE 2 LINE 3 LINE 4 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH AGI 192.1.1.1 100.1.1.
USER’S GUIDE VERIFYING IPX ROUTER IS INITIALIZED To verify that the IPX Routing option has initialized properly. 1. 2. Determine if IPX routing has been initialized on the CyberSWITCH by viewing the system messages.
SYSTEM VERIFICATION Verifying IPX Routing is Operational VERIFYING IPX ROUTING OVER A LAN CONNECTION To verify the operation of IPX Routing over a LAN connection: 1. Determine if SITE1 can access the local NetWare Server “local.” On SITE1’s administration console type: ipx diag cc:1 Note: 2. Node address 1 is used by the NetWare servers as part of their internal address.
USER’S GUIDE VERIFYING IPX ROUTING OVER A WAN CONNECTION To verify the operation of IPX Routing over a WAN connection: 1. Determine if NetWare Client A can see the remote NetWare Server “remote.” To do this, activate NetWare Client A’s desktop network neighborhood feature. Then check to see if “remote” is included in Client A’s network neighborhood. 2. If “remote” is included in Client A’s network neighborhood, them IPX over the WAN connection is operational.
SYSTEM VERIFICATION Verifying the AppleTalk Routing Feature AppleTalk routing initialized successfully 3. For the AppleTalk port that has been configured, the following port initialization message should be displayed among the system messages: AppleTalk successfully initialized on with address Note: 4. is either LAN port 1, LAN port 2 or WAN. is the AppleTalk address assigned to this port.
USER’S GUIDE VERIFYING APPLETALK R OUTING OPERATIONAL OVER THE LAN CONNECTION The steps to verify the operation of AppleTalk Routing feature over a LAN connection are: 1. Determine if the local Macintosh can see all zones. Bring up the Chooser on the Local Mac: 2. If a list of all zones (Left Zone and Right Zone) appear in the Chooser as shown above, then the AppleTalk Routing over a LAN connection is operational. Continue with the next step. 3.
SYSTEM VERIFICATION Verifying SNMP is Operational 2. If Remote Mac appears in Select a file server: box, then AppleTalk Routing over the WAN connection is operational. 3. If Remote Mac IS NOT displayed, then AppleTalk Routing feature over the WAN connection is not operational. Refer to AppleTalk Routing Operation Over the WAN Connection in the Problem Diagnosis chapter. VERIFYING SNMP IS OPERATIONAL 1.
USER’S GUIDE VERIFYING THE DIAL OUT FEATURE To perform the Dial Out verification for a remote device, you need to know the configured device name associated with the device’s device table entry. Note that the device name is case sensitive. If you already know the device name, skip to step 4. Otherwise, begin the verification process with step 1. 1. Enter the Manage Mode by typing the following command at the system prompt: >manage 2.
SYSTEM VERIFICATION Verifying Compression is Operational VERIFYING COMPRESSION IS OPERATIONAL 1. Make sure compression is enabled on a system-wide basis. 2. Cause a call to be established with a device for which per-device compression is enabled. 3. To verify that compression is in effect with the device, issue the cmp stats console command while the connection is in place. If compression is in effect, this command will display the current compression counters and ratios.
USER’S GUIDE 1. Set up two systems in a back-to-back, dedicated, BRI scenario where at least one of the systems is a PC-Platform. Configure a dedicated access between the 2 systems. 2. The usage of a PC-platform exploits the fact that the layer 1 of a PC-based BRI board stays active even when you exit the software. This gives us a way to simulate an end-to-end Bchannel failure.
SYSTEM VERIFICATION Verifying DHCP Relay Agent VERIFYING THE RELAY AGENT IS ENABLED If the Relay Agent has been enabled via configuration, it will attempt to open a UDP port for use. A message describing the outcome of this operation will appear in the report log. 1. Examine the report log. Type: dr 2. Look for any messages that begin with [DHCP-R]. 3.
USER’S GUIDE Shortly after a DHCP Client is powered on, it will attempt to get its IP address from a DHCP Server. If it is successful, its IP-related features (e.g., ping, telnet, etc.) will become operational. If the client could not obtain its IP address, it will retry periodically to do so. From the DHCP Client, attempt to ping the Relay Agent (“Ruby”) that is on the same LAN: C:\> ping 204.157.42.168 Pinging 204.157.42.
SYSTEM VERIFICATION Verifying DHCP: Proxy Client If you do not see this message in the report log, the DHCP Proxy Client has successfully performed its initialization processing. If this message is contained in the report log, refer to DHCP Proxy Client Initialization in the Problem Diagnosis chapter. VERIFYING THE PROXY CLIENT IS ENABLED If the Proxy Client has been enabled via configuration, a relevant message will appear in the report log. 1. Examine the report log. Type: dr 2.
USER’S GUIDE IP ADDRESS POOL As IP addresses are obtained from DHCP servers, they are placed into the system’s IP Address Pool. To verify the presence of these DHCP-obtained IP addresses, perform the following: 1. Examine the address pool. Type: ip addrpool 2. Look for addresses with an origin of DHCP. This verifies that IP addresses were obtained from a DHCP server, and the Proxy Client is working correctly. 3.
SYSTEM VERIFICATION Verifying Proxy ARP is Operational 3. If the communication between two IP devices across the WAN is successfully established, then the proxy ARP feature is properly working. 4. If the communication can not be established, display the ARP cache on the IP host devices to see what MAC addresses are mapped to the target IP address. On many operating systems, the arp -a command displays the ARP cache.
PROBLEM DIAGNOSIS OVERVIEW This chapter, when used in conjunction with the System Verification chapter, helps diagnose and correct problems encountered in the verification process. During some of the diagnosis procedures, we ask you to enter an administration console command. To enter these commands, you must have an active administration session. If you need instructions for starting an administration session, refer to Accessing the CyberSWITCH.
PROBLEM DIAGNOSIS Bridge Initialization BRIDGE INITIALIZATION Problem: The system does not display the following bridge initialization messages: LAN Port is now in the LISTENING state LAN Port is now in the LEARNING state LAN Port is now in the FORWARDING state Action: 1. Make sure the LAN Adapter has initialized correctly. 2. Check the configuration to verify the bridge is enabled.
USER’S GUIDE Problem: The system does not display the WAN line availability messages. Instead, the system displays the following message after the status console command is issued: Out Svc 1 (slot #, port #) This means that Layer 1 cannot be established, most likely due to WAN cabling problems. Action: 1. If the system has been operational for longer than 2 minutes, verify that the line is correctly attached to the proper system resource and port.
PROBLEM DIAGNOSIS Dedicated Connections 6. If the above actions fail to correct the problem, then call your phone company (carrier) to check the status of the line. If it is determined that there is no problem with the line, contact Customer Support.
USER’S GUIDE X.25 CONNECTIONS Problem: An X.25 access is configured, but the x.25 stats command response is: No X.25 Access configured Action: Verify that the proper line and port have been selected. 388 1. Enter the er command to erase the report log. 2. Enter the trace lapb on command. 3. Wait 20 seconds, then enter the dr command to display the report log. The status log should display a sequence of the following messages: (I) 17:33:35.38 #1067: Out - LAPB RR, Rx Sequence = 1 (I) 17:33:35.
PROBLEM DIAGNOSIS Remote Device Connectivity REMOTE DEVICE CONNECTIVITY Problem: A remote device is not able to connect to the CyberSWITCH. Set-up: The system software should be up and running. (At the administration console: if you are in the Connection Monitor window, exit to the “[System Name] >” prompt.) 1. Enable the call trace messages with the trace on console command. 2. Erase the current system messages using the er console command. 3.
USER’S GUIDE IP Security Rejection - Digit string wrong length IP Security Rejection - Invalid Security ID Review the system configuration for the Device List. You can also refer to the System Messages chapter for the message meanings and the appropriate actions to be taken. The first two messages indicate that the system did not receive the required protocol data. The second two messages indicate that the security configuration is incorrect. 5.
PROBLEM DIAGNOSIS IP Host Mode IP HOST MODE The following sections provide diagnostic procedures for the IP Host Mode. IP HOST INITIALIZATION Problem: The system does not display the correct IP Host Initialization messages. Or, instead, it displays the following message: [IP] IP Router is initialized successfully Action: 1. Check the configuration. Make sure that the IP feature is enabled. 2. Make sure that the operating mode is set to Host rather than Router.
USER’S GUIDE 7. Verify that the hardware address (MAC address) for the IP Host in the CyberSWITCH’s ARP cache is correct. If it is not correct, verify the configuration in the IP Host. IP HOST MODE OPERATION OVER THE WAN CONNECTION Problem: The remote IP Host connected to a WAN RLAN interface on the CyberSWITCH does not receive a ping response from the WAN RLAN interface. Action: 1. Verify that the WAN connection is up. Use the mc command to check for the connection.
PROBLEM DIAGNOSIS IP Routing Over Interface Connections encapsulations. Correct the IP Host or system configuration (through CFGEDIT) for encapsulation type. 5. Try to ping the Host from another device on the LAN. If this is also unsuccessful, this may indicate a problem with the Host. 6. Verify that the hardware address (MAC address) for the IP Host in the system’s ARP cache is correct. If it is not correct, verify the configuration in the IP Host.
USER’S GUIDE Host, the remote IP Host may need a proper route entry for the local network where the CyberSWITCH is located. Make corrections to the remote IP Host configuration. Problem: The remote IP Host connected to a WAN interface on the CyberSWITCH does not receive a ping response from the local IP Host. Action: 1. Verify that the remote IP Host can access the LAN interface of the CyberSWITCH. If the remote IP Host accesses the LAN interface, then continue with the next step.
PROBLEM DIAGNOSIS IP Routing Over Interface Connections Action: 1. Verify that the remote IP Host can access the LAN interface of the CyberSWITCH. If it can, continue with the next step. If the remote Host is unable to access the LAN interface, refer to the preceding problem and action. 2. The remote IP Host connected to a WAN (Direct Host) interface should be recognized as if it were located on the local Ethernet. Refer to Verifying IP Routing Over a LAN Interface in the System Verification chapter.
USER’S GUIDE 3. Verify that the remote bridge device is initiating a call to the CyberSWITCH. Since the CyberSWITCH LAN interface has an IP address assigned with a different network number than the one for the remote IP Host, the remote IP Host may need a proper route entry for the local network where the CyberSWITCH is located. Make corrections to the remote IP Host configuration.
PROBLEM DIAGNOSIS IP RIP a. b. For packet types, it is important to verify that the contents of the packet in question are indeed correctly specified (IP Addresses, Protocol, TCP Ports, etc.). For configured filters, keep in mind that component conditions are executed in the order in which they appear in the configuration. It is possible that a packet is not being discarded as expected if a previous condition matches that packet with an action of forward. 2.
USER’S GUIDE IP RIP OUTPUT PROCESSING ON A LAN INTERFACE Problem: The local IP Host does not display the correct route entry, for example, the IP Host does not seem to be learning route information from the CyberSWITCH via RIP. Action: 1. Using the ipnetif Manage Mode command, verify that the IP RIP Send Control is set to a RIP version that the IP Host can understand. If the command shows Do Not Send, the IP RIP output processing is disabled on the interface.
PROBLEM DIAGNOSIS IP RIP 3. Also look for the IfStatRcvBadPackets and IfStatRcvBadRoutes counters. If these counters are not 0, there may be something wrong with the Router. If these counters are 0, there is an unexpected condition present within the CyberSWITCH software. Contact Customer Support. IP RIP OUTPUT PROCESSING ON A WAN INTERFACE Problem: The Router does not display the correct route entry, i.e., the Router does not seem to be learning route information from the CyberSWITCH system via RIP.
USER’S GUIDE 2. Enter the ip rip stats administration console command. Look for the IfStatRcvResponses counter for the interface. This statistics is the number of RIP update messages received on the interface. If the total number of these counters is 0, check the Router to verify that it is configured to send IP RIP update messages. 3. Also look for the IfStatRcvBadPackets and IfStatRcvBadRoutes counters. If these counters are not 0, there may be something wrong with the Router.
PROBLEM DIAGNOSIS IPX Routing indicate if it is static (L- locally configured) or dynamically learned via RIP (R). If it is learned via RIP, then basic communication between the CyberSWITCH and the local NetWare server is operational, and it is uncertain why the NetWare server does not respond to the ping request. Contact Customer Support. 2. Verify that RIP protocol is enabled by entering the following Mange Mode command: ipxrip Enable RIP if it is not already enabled. 3.
USER’S GUIDE 6. Verify device configuration on remote bridge. Bridge devices should be configured to make calls over the interface defined to go to the router. Problem: The router does not forward typical data (RIP, SAP, Type 20 packets) to the remote bridge. Action: 1. Make sure a call is up. Remember, the router cannot forward data if there is no previous connection (i.e., router currently does not support dial-out). 2. Check IPX device information on the router side.
PROBLEM DIAGNOSIS IPX Routing and Service Tables IPX ROUTING AND SERVICE TABLES Problem: The routing table on the CyberSWITCH is full. Action: The number of entries in the routing table is a configurable entity. This parameter may be between the values of 20 and 3072, and should be based on system need and system memory constraints. We recommend this value be at least 10% more than what you predict to be needed (more than 10% with larger network topologies).
USER’S GUIDE TRIGGERED RIP/SAP START UP Problem: The CyberSWITCH does not display a triggered RIP/SAP starting message for a WAN peer. Action: Verify that the WAN peer is properly configured. Issue the device command in Manage Mode to display the current Device List. Or, you may view the WAN peer list through CFGEDIT, Options, IPX Configuration, Triggered RIP/SAP. Be sure that the device (WAN peer) has IPX routing enabled and triggered RIP/SAP (active) selected as routing protocol.
PROBLEM DIAGNOSIS AppleTalk Routing ISDN CSX1200 "Site2" CSX1200 "Site1" WORKGROUP REMOTE ACCESS SWITCH WORKGROUP REMOTE ACCESS SWITCH POWER SERVICE TX LAN RX 10BASE-T LINE 1 LINE 2 LINE 3 LINE 4 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH POWER SERVICE AGI TX LAN RX 10BASE-T LINE 1 LINE 2 LINE 3 LINE 4 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH AGI Net Range: 10-11 Zone: Left Zone N
USER’S GUIDE If EtherTalk is selected, and no zones are displayed, then contact your Distributor or Customer Support. 4. If you are using Open Transport, verify that Local Mac has chosen a proper AppleTalk address within the valid network range (this would be 10-11 for the example network) by opening the AppleTalk control panel as shown below: If the Network Range is correct and the AppleTalk address is not within that range, then try to close the AppleTalk control panel once, and then reopen it.
PROBLEM DIAGNOSIS AppleTalk Routing If the AppleTalk address for the router is not same as the one displayed when issuing atalk port console command, then the Local Mac is getting the information from another router. Please refer to the document for the router. If the AppleTalk address for Router is the same as the one displayed after issuing the atalk port console command, contact your Distributor or Customer Support.
USER’S GUIDE 4. If the remote resources can not be seen even when the connection is up, then make sure the AppleTalk address of the remote device is valid. If the remote device is on an unnumbered network, then AppleTalk an address of 0.0 must be configured for the remote device in the device table. If it is on a numbered network, the AppleTalk address does not need to be configured for the device in the device table.
PROBLEM DIAGNOSIS SNMP Problem: The CyberSWITCH does not generate SNMP Trap PDUs. Action: 1. Enter the snmp stats command at the administrative console. If an “SNMP is not enabled” message appears, you must first enable the SNMP Agent (using CFGEDIT). 2. If the SNMP statistics are displayed, check the value of the “snmpOutTraps” statistic. If this counter is zero, the SNMP agent has not generated any Traps. Check your configuration setup and ensure that at least one SNMP Trap Receiver is configured.
USER’S GUIDE DIAL OUT Problem: A Dial Out call was not completed successfully. Action: 1. If you issued the call device console command to initiate the call, check to see that you entered the device name correctly. Device names are case sensitive. 2. If you issued the call peer console command to initiate the call, check to see that you entered the correct telephone number and data rate.
PROBLEM DIAGNOSIS Call Detail Recording If there are no problems with actions 1 and 2, proceed to action 3. 3. Check for the following system messages: For BRI resource: In - proceeding <#,#> In - disconnect <#,#> - For PRI resource: In - accept <#,#> In - disconnect <#,#> - If the system reports these messages, then the network disconnected the call attempt. For the disconnect cause meaning, refer to the Cause Code table.
USER’S GUIDE COMPRESSION Problem: Compression is not established for a device for which it is expected. Action: 1. Issue the cmp stats console command then issue the dr console command to check the message report log. A message will inform you if the compression failed due to memory constraints. 2. Verify that the CyberSWITCH has compression enabled. This is done through selecting “Compression Options” from CFGEDIT’s Systems Options menu. 3.
PROBLEM DIAGNOSIS DHCP: Relay Agent • (I) (I) (I) (I) The CyberSWITCH does not have Compression ENABLED In this case, the CyberSWITCH will respond to all attempts by the peer to open CCP with a TERM-ACK frame. The connection will operate uncompressed. (Note: a device that supports compression but has it disabled will typically do the exact same thing). 15:36:40.54 15:36:40.54 15:36:40.54 15:36:40.
USER’S GUIDE 3. If desired, enter MANAGE mode, and use the dhcp change command to enable the Relay Agent. (Note: CFGEDIT can also be used to change the Relay Agent configuration; but the changes will not take effect until the system is restarted.) 4. When Manage Mode is exited, an attempt will be made to enable the Relay Agent. 5. Re-examine the report log for the “Relay Agent Enabled” message. 6. Remember to “commit” the Manage Mode configuration changes to make them permanent.
PROBLEM DIAGNOSIS DHCP: Proxy Client ENABLING THE PROXY CLIENT Problem: The following message appears in the report log (after system initialization, or after the DHCP/ BOOTP Proxy Client has been enabled from MANAGE mode): [DHCP-P] Failed to register with the IP Address Pool Manager, erc= Action: This message indicated that an internal error occurred while the DHCP Proxy Client was trying to register as a provider of addresses for the IP Address Pool.
USER’S GUIDE 2. Make sure that the maximum addresses to obtain for the interface is non-zero. 3. Make sure that the number of addresses to pre-fetch for the interface is non-zero. 4. The DHCP Server must be configured to distribute addresses to clients on the DHCP Client’s subnetwork. Problem: The DHCP Proxy Client is enabled, and it has opened its UDP port, but there aren’t any “DHCPobtained” addresses in the IP Address Pool. Action: 1.
PROBLEM DIAGNOSIS Proxy ARP Operation 3. On both platforms, issue the iproute manage mode command to make sure that each system knows about the IP subnet at the other Ethernet segment. 4. If the two IP host devices still can not communicate with each other, contact your Distributor or Customer Support.
LED INDICATORS OVERVIEW The front panel of the CyberSWITCH has several LED indicators. The POWER indicator will remain lit while the unit is on. There is a series of three LAN indicators: they will light to indicate transmissions, receptions, or good link integrity on the 10Base-T port. The bank of WAN indicators provide you with the status of each WAN line. Detailed descriptions of the indicators follow.
LED INDICATORS WAN LED Indicators D-CHAN LED status One Data Link Multiple Data Links* off no activity no activity flashing (mostly off) trying to bring up data link not all data links are up flashing (mostly on) activity data link is up activity data link is up on solid no activity data link is up no activity data link is up * On DMS-100 and NI-1 switches, more than one data link is possible.
USER’S GUIDE The Sync indicator identifies whether or not the most basic level of the ISDN connection (Layer 1) is established. It verifies that the system is connected to the ISDN network at this PRI port. LANVIEW LEDS (CSX1200-E11-MOD) The LANVIEW LEDs are located on the hub portion of the CSX1200-E11-MOD’s back panel. These LEDs are convenient troubleshooting tools that can help you diagnose power failures, collisions, cable faults, and link problems.
LED INDICATORS WAN LED Indicators Receive LEDs state color port enabled, no activity off port enabled, activity yellow (blinking) Each Ethernet port also has a Link LED. This LED provides connectivity information for a specific Ethernet port. It glows green when the link is up. Link LEDs state color power off or failure off link, active green There is one Collision LED for the hub module. It is located between the 7th and 8th hub ports.
USER’S GUIDE SERVICE INDICATOR The Service indicator comes on normally during system power-up, and then goes off. If the Service indicator remains lit or blinks after power-up, it is signaling that something needs attention in the system. Refer to the section below that pertains to the Service indicator’s activity. Also, you may access your administrative console for further information (issue the dr console command to view system messages).
LED INDICATORS Service Indicator The table below provides an error description corresponding to the number of consecutive LED blinks: Number of Blinks Error Description 1 Failure during erasure of main block during SSB* recovery 2 Failure during programming of main block during SSB recovery 3 Timed out during recovery of SSB 4 Individual record error during recovery of SSB 5 Communications error during recovery of SSB 6 Incompatibility between FSB* and new SSB versions 7 Currently not used
USER’S GUIDE ALARM LEDS (PRI ONLY) If your CyberSWITCH is not functioning properly, check the L1 LED on the front panel. This LED, which indicates Layer 1 capability, should be lit. If it is not lit, there is a problem with Layer 1; now check to see which Alarm LEDs are lit. Alarm LEDs (a bank of four LEDs) are located on the lower left back panel of the CyberSWITCH’s PRI chassis. These LEDs provide specific PRI layer 1 information. Each of these indicators represent the status of a PRI alarm.
LED INDICATORS Alarm LEDs (PRI Only) 1. Bad Signal sent to CSU LAN POWER SERVICE TX RX B-CHANNELS 10BASE - T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 B25 B27 B29 B31 B26 B28 B30 T1 D L1 2. RAI sent from CSU • Intermediate Device (CSU) LOF (loss of frame) Also known as a red alarm. Lights up when layer 1 has detected a qualified loss of frame condition (excluding AIS).
SYSTEM MESSAGES OVERVIEW System Messages provide useful system information. They are listed in the system’s report log, a memory resident table. To manipulate the report log, use the following commands at the administrative console: dr or ds display reports or display statistics er or es erase current messages/statistics from memory wr or ws write reports/statistics to disk When the CyberSWITCH writes system messages to disk, it stores them in the following locations: Directory: \log File Name: rprt_log.
SYSTEM MESSAGES Informational Messages BOOT MESSAGES The system boot is accomplished in two stages: a first stage boot and a second stage boot (FSB and SSB). If the FSB or SSB detects an error, the system’s service LED will light. The first bank of LEDs will blink in a pattern, as described in the LED Indicators chapter. Note the number of blinks in the pattern, and report it along with your problem.
USER’S GUIDE SPANNING TREE MESSAGES The Spanning Tree protocol is only supported by the Ethernet-2 interface card. Spanning Tree protocol messages are prefaced with [STP]. During normal operation, when Spanning Tree protocol is enabled, the system may report informational messages such as: [STP] A new Root Bridge has been detected [STP] LAN Port is now a Designated Port WARNING MESSAGES System warning messages signal events that you should investigate.
SYSTEM MESSAGES System Message Summary 1 port LAN Adapter, operating in remote mode only This is an initialization message. It identifies the Ethernet adapter type (Ethernet-1), and operating mode. Remote bridging is supported. 2 port LAN Adapter, operating in local and remote mode This is an initialization message. It identifies the Ethernet adapter type (Ethernet-2), and operating mode. Both local and remote bridging are supported.
USER’S GUIDE AppleTalk routing RTMP initialization error, AppleTalk disabled AppleTalk is disabled because there is an initialization problem with the Routing Table Maintenance Protocol (RTMP). Contact your distributor or Customer Support. AppleTalk routing ZIP initialization error, AppleTalk disabled AppleTalk is disabled because there is an initialization problem with the Zone Information Protocol (ZIP). Contact your distributor or Customer Support.
SYSTEM MESSAGES System Message Summary [AUTH] ACE Encryption configured for DES: not supported. The ACE server is configured for DES encryption. Only SDI encryption is currently supported by the ACE client. [AUTH] ACE Error receiving server log message acknowledgment. A client syntax error occurred during an authentication attempt via ACE. The server did not respond to the logging of the message. Make sure the ACE server configuration is accurate.
USER’S GUIDE [AUTH] RADIUS IP HOST rejected IP Host id: The remote Authentication server rejected the IP Host id. This indicates that one of the following has occurred: 1. The is not in the remote Authentication server’s database. 2. The is entered incorrectly in the remote Authentication server’s database.
SYSTEM MESSAGES System Message Summary [AUTH] TACACS LOGIN rejected user: The remote Authentication server rejected the named user. This indicates that one of the following has occurred: 1. The is not in the remote Authentication server’s database. 2. The is entered incorrectly in the remote Authentication server’s database. [AUTH] TACACS No server configured for designated database location. TACACS is configured as a database location for security authentication.
USER’S GUIDE [AUTH] Warning code: 0010 Received unexpected authentication response code from server A message was received from an authentication server that contained an invalid response message identifier. [AUTH] Warning code: 0011 An unexpected server responded to the access request An access response message was received from an authentication server that is not configured in the System.
SYSTEM MESSAGES System Message Summary Bridge is operating in RESTRICTED mode Bridge is operating in UNRESTRICTED mode One of the above messages will be displayed to indicate the configured Bridge mode of operation. Calculating CRC’s..... An X-Modem transfer has been completed and the received data is being checked for integrity. Call control detected near end problem - Slot= Port= The system detected a problem when initiating a call over the indicated line.
USER’S GUIDE Call Restriction statistics reset for new day Call Restriction device information. Call Restriction statistics reset for new month Call Restriction device information. Call Restrictions will allow calls to be made this hour Call Restriction device information. Call Restrictions will allow calls, but this hour is restricted Calls are restricted during this hour but the action configured is to “Warn”. Calls are still being allowed.
SYSTEM MESSAGES System Message Summary Capability description processing error - . System is in minimal configuration mode. A problem has occurred during system installation.
USER’S GUIDE Cause received for DLCI A CLLM message was received indicating that the PVC associated with the indicated DLCI is subject to the event denoted by the indicated cause code.
SYSTEM MESSAGES System Message Summary CHANNEL in use in HOST_CALL_REQUEST The system software sent a message to the RBS state machine that the state machine was unable to recognize or the information was incorrect. If this message is displayed in the log messages, contact your Distributor or Customer Support. [CHAP] Authentication Failure of remote device - On-node or off-node (for example, through the RADIUS Server) CHAP authentication has failed.
USER’S GUIDE CNTR-TMR:Timed out waiting for TMR interrupt! The i386s specified timer did not respond during a POST testing its interrupt capabilities. The boot process should continue; however, make note of the error message in the event of a future problem. Configured adapter # ’x’ type does not exist The interface adapter indicated does not match the resource configuration in the system. Correct the configuration on the system.
SYSTEM MESSAGES System Message Summary Dedicated connection down: The dedicated connection is down. Switched backup connections will be used, if available. This message will occur if the other system is down, or if the network interface line is not connected, or if the authentication of the remote device failed. Dedicated connection to device up: , The indicated dedicated connection is operational.
USER’S GUIDE [DHCP-P] Proxy Client disabled This message indicates that the DHCP Proxy Client has been successfully disabled. This message will appear after the DHCP Proxy Client has been disabled from Manage Mode. [DHCP-P] Proxy Client enabled This message will appear whenever the DHCP Proxy Client has been successfully enabled. This could be during system initialization (if configuration values have enabled it), or after the DHCP Proxy Client has been enabled from Manage Mode.
SYSTEM MESSAGES System Message Summary [DHCP-R] Relay Agent enabled The DHCP Relay Agent has been successfully enabled. This could be during system initialization (if configuration values have enabled it), or after the DHCP Relay Agent has been enabled from Manage Mode. [DHCP-R] Relay Agent initialization failed This message indicates that the DHCP Relay Agent did not initialize successfully. The Relay Agent will not be operational. Contact your Distributor or Customer Support.
USER’S GUIDE DM card in slot is not functional The system was unable to initialize the Digital Modem in the specified slot correctly. Check all switch and/or jumper settings on the board to ensure they match the values in CFGEDIT. If the board is configured properly, and this message still appears, contact your Distributor or Customer Support.
SYSTEM MESSAGES System Message Summary DM upgrade success. Board=, Modem= The system has successfully updated the firmware of the specified modem on the Digital Modem card. DM: TimeSlot driver circuit id already in use on CREATE DM: No TimeSlot driver circuits available for CREATE DM: TimeSlot driver circuit id not in use on REMOVE DM: TimeSlot driver circuit id not found on REMOVE There were problems related to the Digital Modem’s use of the TDM bus.
USER’S GUIDE EDS-DES Board Absent EDS-FEAL Board Absent The encryption board is either physically not in the backplane, or the dip switches on the board are set incorrectly. Check for the board; verify the switch settings. Error closing file ’s’ The WAN card initialization subsystem encountered an error while downloading a WAN card. The system could not close the download disk file indicated. Restart the system. If the error continues, Contact your Distributor or Customer Support.
SYSTEM MESSAGES System Message Summary Error mapping WAN adapter # ’x’ into Host memory map The configured memory location of the indicated WAN card conflicts with another WAN card or device. Review the configuration for the indicated adapter. Error opening file Error opening file , section = Error opening file , slot If seen repeatedly, contact your Distributor or Customer Support.
USER’S GUIDE Error reading platform type: couldn’t open file C:\SYSTEM\PLATFORM.NEI Error reading platform type: error reading C:\SYSTEM\PLATFORM.NEI Error reading platform type: there is no “plat name” field Error reading platform type: there was no “=” in the string Error reading platform type: type value is too large Error reading platform type: type was not converted to an int There is a problem with the platform.nei file. Reinstall the system Installation/Upgrade diskettes or CD-ROM.
SYSTEM MESSAGES System Message Summary Failed to obtain Terminal info in smgr_proc_terminal_auth_sess 0 A session control block was not found for this authentication session. Contact your Distributor or Customer Support. Failed to start a Terminal Auth session. Device + User level Security not enabled A terminal mode connection was received and Device + User level security was not enabled. Verify correct security settings and default async protocol settings.
USER’S GUIDE DM rcvd The Network will not allow establishment of the data link at this time. An attempt will be made to re-establish the data link after a switchtype dependent delay. MDL_ERR_RESP rcvd The Network has not responded to TEI requests - no data link was established. An attempt will be made to re-establish the data link after a switchtype dependent delay. rcvd MDL_REM_REQ for TEI The network has removed the specified TEI, terminating the data link.
SYSTEM MESSAGES System Message Summary L The Network sent a Layer 2 frame with a control field error. This is typically an unimplemented frame. M The Network sent a Layer 2 frame with an illegal Info field. N The Network sent a Layer 2 frame with an incorrect length. O The Network sent a Layer 2 frame that was too long. U The Network sent a Layer 2 frame with a control field error. Typically an unknown frame. File Access Err System unable to access file.
USER’S GUIDE Frame Relay PVC connection down: Slot=, Port= The Frame Relay PVC connection is down for the indicated slot and port number. Frame Relay PVC connection up: Slot=, Port=, DLCI= The Frame Relay PVC connection is up for the indicated slot, port, and DLCI index. FrBufFree: error during free The indicated error occurred during an attempt to free a buffer to its memory pool. Contact your Distributor or Customer Support.
SYSTEM MESSAGES System Message Summary Invalid CLLM received on Access An invalid CLLM message was received on the indicated Frame Relay Access. The message had either missing elements or invalid contents. Invalid LAN Adapter identifier The system has detected invalid LAN adapter hardware. Check for proper LAN adapter configuration and hardware installation. Invalid Password given The remote Combinet sent a password that did not match any device table entries.
USER’S GUIDE [IPAP] ResMem returned invalid device maximum value (x) A memory allocation failure was encountered by the IP Address Pool Manager during initialization processing. Contact your Distributor or Customer Support. [IP] Cannot get system memory for xxxx There is not enough system memory available for IP software to operate (“xxxx” is a variable name internally used). Contact your Distributor or Customer Support.
SYSTEM MESSAGES System Message Summary [IP] Invalid RLAN IP Address , RLAN IP Stream Closed The connection from a HDLC Bridge or a PPP device came up and the IP (sub-) network number configured for it is invalid; it does not belong to any of the WAN (RLAN) interfaces. Correct the IP address for the remote device.
USER’S GUIDE [IP] WAN (Direct Host) Interface , invalid associated LAN interface The WAN (Direct Host) type interface could not come up; the associated LAN network interface, specified by configuration, was not found. Use CFGEDIT to delete old WAN (Direct Host) interface. Check for associated LAN interface, and add if necessary. Then add back the WAN (Direct Host) interface.
SYSTEM MESSAGES System Message Summary [IP Host] Security Rejection - Invalid Security ID The system has received an IP Host Id, , from a remote device that is not configured in the Device List. The system has rejected the incoming call. Verify that the IP Host ID in the Device List information is identical to the IP Host Id configured in the remote device.
USER’S GUIDE [IP RIP] Unable to open RIP/UDP port 520 The UDP port for RIP was unable to be opened. There are 63 possible UDP ports, and none are available for use at this time. No RIP information can be transmitted or received. Contact your Distributor or Customer Support. [IP RIP] Unable to register WAN Connection notification The IP RIP protocol was unable to register with the IP WAN interface connection notification system. No WAN connection information will be reflected in the RIP packets.
SYSTEM MESSAGES System Message Summary [IPX RIP] Shutdown complete. The IPX RIP protocol was successfully shutdown via Dynamic Management. No IPX RIP routing information will be transmitted or received. Any routes learned via IPX RIP will soon expire. [IPX RIP] Space available in routing table A route entry has become available in the full route table. [IPX RIP] Unable to add route, routing table full The route table has become full. The maximum number of route entries should be increased.
USER’S GUIDE L3_CallRefSelect Call Reference wrapped Status message indicating that Layer 3’s call reference value has wrapped. If this message is posted frequently, report the problem. LAN Adapter Abort The Ethernet adapter or subsystem is being interrupted as part of the error recovery process. If the system fails to operate normally, or the warning continues to occur, then report the event using the problem reporting form included in Getting Assistance.
SYSTEM MESSAGES System Message Summary LAN Adapter out of receive buffers for the WAN port The LAN adapter is temporarily out of the buffers it uses to receive packets from the WAN port. This condition should clear itself. If the condition persists, contact your Distributor or Customer Support. LAN Adapter port transmit error , check connection The LAN adapter detected an error transmitting a frame on the indicated port.
USER’S GUIDE LAN Port detected shorted LAN media The system detected a problem with the physical LAN on the indicated port. The LAN is not properly terminated or the LAN is not fully connected to the system. Check for proper LAN installation. LAN Port is now in the Forwarding state The bridge LAN port indicated has entered the forwarding state and is now ready for data transfer.
SYSTEM MESSAGES System Message Summary Manage Mode updates have been successfully committed The above message indicates that the Dynamic Management commit command was successfully completed. Manual intervention required: please replace LAN card Older versions of the Ethernet adapter may need to be updated or replaced to run Release 2.3 or greater. If the above message appears in your system log messages, you will need to replace your Ethernet adapter.
USER’S GUIDE Mismatch of configured and installed DM card in slot The switch and/or jumper settings on the specified Digital Modem card are not properly set to match how the card is configured in software. Check the hardware and software configuration and restart.
SYSTEM MESSAGES System Message Summary Network sent Cause - SPID not supported - The indicated line does not support SPIDs; however, a SPID is configured for use on the line. Is the SPID configured incorrectly? Do you have the right switch type? Check the configuration. If the message persists, contact your BRI provider to determine corrective action.
USER’S GUIDE Not enough memory for Security module Not enough system memory available to operate security module. Contact your Distributor or Customer Support. No UA seen in response to SABMEs - Slot= Port= Ces= Layer 2 cannot be established between the system and the switch. This could be a TEI configuration mismatch between the system and the switch for the indicated line. Check the configuration of the system.
SYSTEM MESSAGES System Message Summary Out Svc # ISDN line failure. The line connected to the indicated slot and port is out of service for the reason indicated by # . 1 = No layer 1 sync for 5 seconds This problem normally occurs due to WAN cabling problems. Check your cables to make sure they are connected correctly. If this problem still occurs after you have checked all the cables, call the phone company and report the problem.
USER’S GUIDE [PAP] Remote device rejected System Information The system received the PAP Authenticate-Nak packet with the error message against the previous PAP Authenticate-Request sent by the system. The is from the remote device, and is device-specific. Contact the remote site for assistance. [PAP] Unknown name given by remote device The system received the PAP Authenticate-Request packet with the unknown device name .
SYSTEM MESSAGES System Message Summary PVC for DLCI not ACTIVE A frame was received on the PVC associated with the indicated DLCI which was not active. This is a temporary condition, and results from an asynchronous operation between the network and customer-premise equipment regarding the state of the individual PVCs. If this problem persists, contact your Distributor or Customer Support.
USER’S GUIDE system to start dialing. Contact the telephone company and ensure that the line is configured for wink-start. RBS: Unexpected event chan = , state = An illegal signaling event occurred in the RBS task on the specified channel. Ensure that the line is configured correctly and that it is using the expected RBS protocol. Excess noise on the line may also cause this event.
SYSTEM MESSAGES System Message Summary Resmem_gettotal: Enabled size , greater than Checksize for Internal error that should be reported to Customer Support.
USER’S GUIDE Security Rejection - No Password given by caller A properly formed Bridge Security negotiation packet was received, and the bridge is registered in the system Device Table, but a password is required and none was provided by the calling bridge. Check configuration. If problem persists, contact your Distributor or Customer Support. Security Rejection - No Protocol List supplied A Combinet has attempted to connect to the system without the required Protocol List information.
SYSTEM MESSAGES System Message Summary Semipermanent. Device "x" reconnected by admin. The administrator has issued the call device command after issuing the disc device command. This restarts the semipermanent feature for the indicated device. Severe congestion CLLM received for DLCI A CLLM message was received indicating severe congestion may be expected on the PVC associated with the indicated DLCI.
USER’S GUIDE SPID FSM got unidentifiable INFO msg - Slot= Port= Ces= An unexpected information message was received from the network on the indicated line. If you are having trouble establishing calls on this line, the problem should be reported to your phone company. SSB: Can’t read RTC prior to i960 POSTs The Real Time Clock became inaccessible before invoking the i960 POSTs.
SYSTEM MESSAGES System Message Summary SSB: Post 28 i960lan_82596sx FAILURE The i960 failed its LAN Coprocessor test. The boot process should continue; however, make note of the error message in the event of a future problem. SSB: Post 29 i960lan_82503 FAILURE The i960 failed its LAN transceiver test. The boot process should continue; however, make note of the error message in the event of a future problem.
USER’S GUIDE [STP] A BLAN Topology Change has been detected The system has detected a topology change in the Spanning Tree environment. [STP] A new Root Bridge has been detected The system has detected a new root bridge for the Spanning Tree environment. [STP] LAN Port is now a Designated Port The indicated LAN port has become the designated port for the attached LAN. [STP] LAN Port is now the Root Port The indicated LAN port has become the root port for the system.
SYSTEM MESSAGES System Message Summary [TFTP] Data buffer allocated successfully All parts of the TFTP feature (both Server and Client) were successfully initialized. Note: The following “[TFTP] Local error...” messages generated during client operations will be displayed on the console only and will not be logged to disk. [TFTP] Local error # 2: Feature not initialized The TFTP feature was not initialized properly. No file transfer will be attempted.
USER’S GUIDE [TFTP] Local error # 13: Received unexpected opcode The TFTP protocol received a packet that was not expected. There may be a problem with the specified file; try replacing it. If this message appears consistently, contact your Distributor or Customer Support. [TFTP] Local error # 14: Bad file name The local file (as defined from a remote host) was not recognized as a valid file name. No file transfer will be attempted.
SYSTEM MESSAGES System Message Summary [TFTP] Remote error # 0: (Text from Remote Host) Undefined error. The accompanying text (if any) should describe the error. The file being transferred may be corrupted. [TFTP] Remote error # 1: (Text from Remote Host) The REMOTE HOST could not find the file specified on its system. No file transfer will be attempted. [TFTP] Remote error # 2: (Text from Remote Host) The REMOTE HOST is reporting an access violation of the specified file.
USER’S GUIDE The call is allowed to continue A call has been up longer than the amount of time configured, but it has not been taken down. The compression subsystem is not enabled Check CFGEDIT; verify that compression is enabled. The conformance selection is prior to CCITT 1988 Verify that the facilities provided by the service provider are CCITT 1988. The RADIAC Feature is no longer supported. The RADIAC feature has been replaced by the TACACS Feature.
SYSTEM MESSAGES System Message Summary Transmit rate increased to : Access , DLCI The effective transmit rate has been increased to the indicated rate for the indicated DLCI under the indicated access. Transmit rate reduced to CIR : Access , DLCI The effective transmit rate has been limited to the Committed Information Rate which is the rate for the indicated DLCI under the indicated access.
USER’S GUIDE Unable to Identify a remote device A device that was not identified by any active security measures (for example, PAP or CHAP) was rejected. Unable to Identify a remote device -
SYSTEM MESSAGES System Message Summary Unexpected error during transmission of LMI frame A system error occurred during the actual transmit request for an LMI frame. Contact your Distributor or Customer Support. Unknown Calling Bridge MAC address security is enabled and the remote Combinet does not match any of the defined devices. Unknown DLCI in CLLM message The network has sent a CLLM message which has referenced the indicated DLCI that has not been configured.
USER’S GUIDE WAN: RBS Not Available on this card. A RBS debugging command was attempted on a PRI card that is not configured for RBS. Check the card configuration and ensure you have the proper type of card. Watchdog timeout detected on DM board in slot The Digital Modem card in the specified slot is not functioning properly. Check the board’s configuration in CFGEDIT, reseat the board in its ISA slot, and check any MVIP bus cabling.
SYSTEM MESSAGES System Message Summary X25 facilities error, reverse charging not accepted The reverse charging facility was selected by the DTE. Verify that reverse charging is enabled by both DTE’s and the service provider. X25 facilities error, fast select not available The fast select facility was selected by the DTE. Verify that fast select is enabled by both DTE’s and the service provider. X25 facilities error, fast select not accepted The fast select facility was selected by the DTE.
USER’S GUIDE X25 facilities warning, NUI not available Network device identification not available. No action required. X25 permanent virtual circuit down: Access=, PVC=, LCN= The indicated X.25 virtual circuit is down. Switched backup connections will be used, if available. This message will occur if the other system is down, or if the network interface line is not connected, or if the authentication of the remote device failed.
TRACE MESSAGES OVERVIEW Trace messages include the following categories of messages: 1. Call Trace Messages 2. IP Filter Trace Messages 3. PPP Packet Trace Messages 4. WAN FR_IETF Trace Messages 5. X.25 Trace Messages 6. X.25 (LAPB) Trace Messages Before trace messages can be logged to the system report log, you must first enable the type of trace you would like to use. Once enabled, the system includes the trace messages in the memoryresident report log.
USER’S GUIDE CALL TRACE MESSAGES A feature of the CyberSWITCH console is the ability to save and display a record of the high level ISDN calls between the system and the local telephone switch. If calls are unable to be completed, this is normally the first area to look. Call Trace puts messages into the Report log that can be read by using the dr command. Call Trace is enabled by using the trace on command, and disabled by trace off.
TRACE MESSAGES Call Trace Messages CALL TRACE MESSAGE SUMMARY Access information discarded cause Call trace message. This message is used to indicate additional details on the received in the “call progress” information message. Alerting off Informational call trace message. The alerting signal information element is off. This indicates additional details on the received in the “call progress” information message.
USER’S GUIDE In - ABNORMAL RPT Call Id= Slot= Port= ConnId= Ces= The system has detected an internal error condition. The are included for your Distributor or Cabletron Customer Support. An error message describing the problem should be reported following this trace message.
TRACE MESSAGES Call Trace Messages In - DISCONNECT Call Id= Slot= Port= Loc= Cause= Ces= ConnId= The system has received a disconnect message from the network. The Call Id and Ces values are for your Distributor or Cabletron Customer Support. The remaining parameters are used to report line details. Refer to the Cause Codes Table for more information.
USER’S GUIDE In - PROGRESS Call Id= Slot= Port= Chans= CauseLoc= Cause= Signal= ProgLoc=
TRACE MESSAGES Call Trace Messages Out - DL CFG Slot= Port= Ces= The system is initializing the indicated data link. Out - DSL CFG Slot= Port= The system is initializing the indicated line. Out - init data link The system is sending a message to the network to initialize a data link on an ISDN line. The are used to report line details.
USER’S GUIDE IP FILTERS TRACE MESSAGES You can trace packets that are discarded as a result of IP Filters. Enable this feature by using the ip filter trace discard command, and disable it with ip filter trace off. Note that when you enable this feature, the report log has the potential of filling quickly. Use the feature wisely, and be sure to turn it off once you’ve completed your troubleshooting. Access the discarded packet information via the report log by using the dr command.
TRACE MESSAGES PPP Packet Trace Messages PPP PACKET TRACE MESSAGES PPP Packet Trace allows you to display the PPP protocol negotiation that takes place when a link is established. This information is useful when diagnosing mismatches in configuration between two systems. PPP Packet Trace puts PPP packet information into the Report log, which can be accessed by using the dr command. Enable this feature by using the trace ppp on command, and disable it with trace ppp off.
USER’S GUIDE 496 • Configure Request The Configure Request is used to indicate the options that are supported by this sending device. The Request contains an option list and the desired values if they are different from the default value. • Configure ACK The Configure ACK is transmitted in response to a Configure Request. It indicates that the sending device supports the options specified in the option list of the Configure Request and that all values are acceptable.
TRACE MESSAGES X.25 Trace Messages • Echo Reply The Echo Reply is transmitted in response to an Echo Request. The Echo Reply packet contains the magic number of the sending device. Until the magic number option has been negotiated the value must be set to zero. • Discard Request The Discard request packet is transmitted by a device to exercise the data link layer processing. This packet is silently discarded by the receiving device.
USER’S GUIDE In - X25 CONNECTION CONFIRMATION ConnId= Access= RemDteAddr= The system has received a connect message from the network. This indicates that a new call is now established. In - X25 CONNECTION INDICATION ConnId= Access= RemDteAddr= The system has received an incoming call from the network. The system will respond with a connect or a disconnect message.
TRACE MESSAGES X.25 Trace Messages Out - X25 Call Accept LCN , bytes The DTE is accepting an SVC call. Out - X25 Call Request LCN , bytes The DTE is attempting to place an SVC call. Out - X25 Clear Ind LCN , bytes The DCE is clearing the X.25 Virtual circuit on the indicated LCN.
USER’S GUIDE Out - X25 DTE RR LCN , bytes The DTE is acknowledging 1 or more data packets received from the DCE. Out - X25 Reset Ind LCN , bytes The DCE is resetting a virtual circuit. Out - X25 Reset Request LCN , bytes The DTE is resetting a virtual circuit. Out - X25 Restart Ind LCN , bytes The DCE is resetting all virtual circuits.
TRACE MESSAGES X.25 (LAPB) Trace Messages In - LAPB SABME The DCE is resetting the link layer. In - LAPB UA The DCE is acknowledging a SABM or SABME from the DTE. Out - LAPB DISC The DTE link layer is going off-line. Out - LAPB DM The DTE is going off-line. Out - LAPB FRMR The DTE has received an invalid frame. Out - LAPB I Frame, Tx Sequence = , Rx Sequence = The DTE has sent a data frame from the DCE.
SYSTEM MAINTENANCE This grouping of information provides information to help you maintain your CyberSWITCH once it is operating. Note that the included system statistics information may also prove valuable in troubleshooting. We include the following chapters in the System Maintenance segment of the User’s Guide: • Remote Management Once the CyberSWITCH is initially configured, you may use methods to remotely manage the CyberSWITCH. This chapter provides information for using each of these methods.
REMOTE MANAGEMENT OVERVIEW Once your system is initially configured (and thus assigned an IP address), you may use a variety of methods to remotely access and manage your system. This chapter describes many of these methods. For information on first-time access (either local or remote), refer to Accessing the CyberSWITCH. The CyberSWITCH has various tools to manage the system remotely. You may combine several of these tools to provide a complete, customized remote network management system.
USER’S GUIDE SNMP SITE.
REMOTE MANAGEMENT SNMP section will describe how to install and configure the SNMP Agent. Refer to the specific NMS documentation for its installation instructions. SNMP must be configured through CFGEDIT. Before configuring the SNMP Agent, you must have the following information: • the Community Name(s) used in SNMP request messages generated by the NMS; • the IP address of the NMS; and • the Community Name to be used in Trap messages received by the NMS.
USER’S GUIDE TELNET IN_A> LAN TEST LAN Test Passed Telnet Client IN_A> LAN TEST LAN Test Passed SITE HQ WORKGROUP REMOTE ACCESS SWITCH WORKGROUP REMOTE ACCESS SWITCH POWER SERVICE TX LAN RX 10BASE-T LINE 1 LINE 2 LINE 3 LINE 4 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH POWER SERVICE TX LINE 1 LAN RX 10BASE-T LINE 2 LINE 3 LINE 4 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH AGI AGI
REMOTE MANAGEMENT Telnet administrator forgot to configure a static route on the remote site, System 2. Because System 2 is not on the same subnetwork as the Telnet client on System 1’s LAN, a static route is needed to allow System 2 to communicate with devices on Network 1. Because the CyberSWITCH had no Telnet client capabilities in previous releases, the only way to fix the problem was to physically go to the remote site and add a static route.
USER’S GUIDE USAGE INSTRUCTIONS To access the CyberSWITCH using Telnet, you must have a Telnet client software package. A Telnet client software package is built into the CyberSWITCH. With the CyberSWITCH acting as the Telnet client, simply enter the telnet command to Telnet into the target host. Refer to the System Commands chapter for a complete listing of available Telnet commands. If you are using a PC or a workstation as a Telnet client, it must have a Telnet client software package.
REMOTE MANAGEMENT TFTP TFTP TFTP Client PC SITE HQ WORKGROUP REMOTE ACCESS SWITCH WORKGROUP REMOTE ACCESS SWITCH POWER SERVICE TX LAN RX 10BASE-T LINE 1 LINE 2 LINE 3 LINE 4 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH POWER SERVICE TX LAN RX 10BASE-T LINE 1 LINE 2 LINE 3 LINE 4 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH AGI AGI ISDN Remote 1 WORKGROUP REMOTE ACCESS SWITCH POWER SE
USER’S GUIDE The default file access for the GUEST user is “read” access to all files. The default file access for the ADMIN user is “read” access to the report and statistics files, and “read and write” access to all other files. The default for the TFTP server is ADMIN file access rights.
REMOTE MANAGEMENT Remote Installation with USER2 REMOTE INSTALLATION WITH USER2 The CyberSWITCH is delivered with a default configuration. This default configuration includes a configured device, USER2. Advanced users may use the default configuration to perform the configuration of a remote CyberSWITCH. The network must be setup as illustrated below to take advantage of remote configuration through USER2.
USER’S GUIDE If you are using an CyberSWITCH as your local ISDN device, you can either configure an outbound phone number for the CyberSWITCH site or use the call peer command to call the CyberSWITCH without configuring the phone number for the device explicitly. Modify the switch type and the line type (point-to-point or point-multipoint) to match your local ISDN line. 2.
SYSTEM COMMANDS OVERVIEW Two classes of system administration commands are available on the CyberSWITCH: guest commands and administrator commands. Guest commands provide current operational information only, and are available to all security levels. Administrator commands allows access to the complete system command set. The log-in to the system controls command access. Each access level (guest or administrator) is protected by a unique log-in password.
USER’S GUIDE logout Terminates the administration session by logging-out the current administrator. You can start another session by using one of the two log-in commands outlined above. pswd Changes the password for the current access level (administrator or guest). Your password must be a 3 to 8 nonblank character string. Be careful, passwords are uppercase and lowercase sensitive.
SYSTEM COMMANDS Accessing Dynamic Management autobaud This command notifies the boot device to check the baud rate. It prepares the boot device to recognize an imminent change. At this time, you should be prepared to set or change the baud rate in your communications package. update This command notifies the boot device that you are attempting a new upgrade. It is preparing the SSB for download of software via the XMODEM.
USER’S GUIDE cs Displays the list of connected devices along with the data rate for each device. The output for this command contains the connection time for each device along with a detailed breakdown (per connection type) of channel usage and available data rates. If there is at least one device connected, the display will look as follows. Note that a “more” mechanism will be used when the number of connected devices exceeds a full screen.
SYSTEM COMMANDS Viewing Operational Information number, and the operational status of each interface (up or down). This information can help to determine system problems by identifying those physical interfaces that are not operating as expected. Refer to the following example: [System Name]> NEIF id Name -- ---1 Ethernet Port 1 2 Ethernet Port 2 3 BRI.LINE.1 4 BRI.LINE.1 5 V.35.LINE Type ---Ethernet Ethernet BRI D-Channel BRI D-Channel V.
USER’S GUIDE sp This command pertains to semipermanent connections. This command will list each semipermanent device, as well as the connection status, initial data rate and current data rate for each semipermanent device. The connection status will be one of the following: CONNECTED The system is connected to the device at the initial data rate or greater. OVERRIDDEN The disc device command was issued on this device.
SYSTEM COMMANDS Viewing Operational Information The ver command also displays a connections table. It displays the connection lines for features that are loaded only. Consider the following example of a connections table: Capacities Physical Connections X.25 Connections Frame Relay Connections Combined Maximum Connections Potential 8 32 48 88 Actual 8 32 33 33 Description: • The first column is the connection type. • The second column is the potential number of connections.
USER’S GUIDE VIEWING THROUGHPUT INFORMATION The Throughput Monitor screen displays the system throughput monitoring feature in action. To enter this screen: 1. Issue the mc command to display the connection monitor screen. 2. Use the to move the cursor down to the specific site for which you would like to view throughput information. 3. Press to display the throughput monitor screen for that site.
SYSTEM COMMANDS Saving Operational Information Note: If data compression is being used, an extra line will be displayed on the Connection Monitor screen that will provide the compression and decompression ratios, and the estimated throughput. The estimated throughput is calculated as follows: est.
USER’S GUIDE ws Writes the current system statistics to disk file. Note: For details on these disk files, refer to the chapter titled Software Overview. CLEARING OPERATIONAL INFORMATION The following commands are used to clear current system operational information: er Erases the current system messages held in memory. es Erases the current system statistics held in memory.
SYSTEM COMMANDS Restarting the CyberSWITCH RESTARTING THE CYBERSWITCH restart Generally used from a remote site (when using Telnet or TFTP), although it is functional from a local console as well. The restart command reboots the system and automatically starts up the system software. Issue this command after making configuration changes with CFGEDIT, in order for these changes to take effect. If you prefer, you can make configuration changes and store them remotely.
USER’S GUIDE flash recover Specific to the remote upgrade of the Second Stage Boot or when recommended by the Release Notes. The SSB update should be performed only upon recommendation of Customer Support personnel. In the event that it is necessary to upgrade the SSB, this command starts the remote upgrade, and bases its update on the \system\recover1 file. For the specific steps to perform a remote SSB upgrade, refer to Upgrading System Software.
SYSTEM COMMANDS AppleTalk Routing Commands Sess-Id The session Id number associated with the session. Date/Time The date and time the session was initiated Idle (sec) The number of seconds the connection has been idle. Command How the administration session was initiated. Initiation methods include: manage - the user is in the Manage Mode session - the user is using a Telnet session Type (from) The type of session.
USER’S GUIDE dnet Required parameter. The destination network number. dnode Required parameter. The destination node Id. timeout Optional parameter. The number of seconds to wait for a reply message. The valid range is from 1 to 60 seconds. The default value is 10 seconds. nnnn Optional parameter. The data size to be included in the ping packet. The valid range for the data size is 5 to 586 octets. The default value is 100 octets. An example atalk ping command could read as follows: atalk ping 1.
SYSTEM COMMANDS AppleTalk Routing Commands get_zones - The port s obtaining a complete zone list for the network. get_routes - The port is requesting routes from another router on the network (if another router is present). up - The port is ready for use. down - The port is not ready for use. unnum_wait_addr - This state will exist with the following scenario: When an UnNumbered WAN port sends a locally generated packet that requires a reply, a return address is needed.
USER’S GUIDE atalk port stats [clear] This command will display or clear current AppleTalk port statistics. Refer to AppleTalk Port Statistics, for a list of available atalk port statistics and their definitions. atalk route This command will display AppleTalk static route information. A sample output screen is shown below: network range ------------225 - 226 distance -------0 state -----good next hop -------0.
SYSTEM COMMANDS AppleTalk Routing Commands atalk stats rtmp Displays the AppleTalk Routing Table Maintenance Protocol (RTMP) statistics. atalk stats zip Displays the AppleTalk Zone Information Protocol (ZIP) statistics. atalk stats nbp Displays the AppleTalk Name Binding Protocol (NBP) statistics. atalk stats atp Displays the AppleTalk Transaction Protocol (ATP) statistics. atalk zone This command will display AppleTalk zone information.
USER’S GUIDE BRIDGE COMMANDS The following commands are used to display bridging information and statistics. pkt mac Enables the MAC address monitor display. The MAC Address Monitor screen displays information contained in the LAN frames that are sent over the ISDN connections. The packets represented by the displayed MAC address pairs will not be captured unless the br pkt capture feature is on (enabled).
SYSTEM COMMANDS Call Control Commands CALL CONTROL COMMANDS The following commands are used to initiate and disconnect calls to devices. call device Initiates a call to the specified device. The entire device name does not need to be entered; only enough letters of the name to distinguish it from any other configured device name. For example, you could enter call device sm if there are no other devices whose names begin with sm.
USER’S GUIDE is not callable Each PPP device in the device database can have one or two phone numbers at which they can be called. This message is displayed if the device has no phone number specified. Re-enter the name, or to cancel The device name must be re-entered. Unable to prompt for device name at this time Indicates that the call command would prompt you for a device name, but the necessary resources are not available. The recommended actions are as follows: 1.
SYSTEM COMMANDS Call Control Commands 4. Display the system log messages by entering the dr command at the system prompt. 5. Check the log report for connect messages relating to the remote device you are testing. In response to the call peer command, you will see the following message echoed back for informational purposes: Calling at , device PPP The phone number will show what is sent to the switch. Any imbedded dashes will have been removed.
USER’S GUIDE with the name Schultz, and a device configured with the name Schmidt, this message would be displayed. You would then need to enter at least call device Schu to successfully initiate a call to the device Schultz. Re-enter the name, or to cancel The device name must be re-entered. Unable to prompt for device name at this time Indicates that the call command would prompt you for a device name, but the necessary resources are not available. The recommended actions are as follows: 1.
SYSTEM COMMANDS Compression Information Commands COMPRESSION INFORMATION COMMANDS Compression statistics are only available for connections that are using a compression protocol. The following commands are used to display current compression information: cmp stats Displays the compression statistics for all active connections. Refer to Compression Statistics, for a list of available compression statistics and their definitions.
USER’S GUIDE Note that this command may be used in conjunction with all other fr commands. For example, fr a 1 lmi would be a valid command, changing the frame relay access to 1 before displaying information relating to the LMI link. fr d Sets an internal variable. will be the default DLCI under the currently-selected access, and therefore the assumed context for all subsequent frame relay system console commands entered.
SYSTEM COMMANDS IP Routing Commands LMI Error State Current LMI alarm condition. When this item is TRUE, the LMI alarm is on, and all associated PVCs are unavailable. When this item is FALSE, the alarm condition is clear. LMI DLCI DLCI value associated with the LMI link. This is the DLCI value contained in all LMI messages and varies according to the LMI format in effect. Note that this is not user configurable. # LMI Frames Received Number of frames received on the LMI link.
USER’S GUIDE • • origin: specifies how the IP address has come to be placed into the IP address pool. If the origin is DHCP, the IP address was obtained from a DHCP server. If the origin is STATIC, the IP address was manually configured via CFGEDIT. in use: specifies whether or not the IP address has been leased to a remote IP host device. ip arp Displays the current ARP cache table.
SYSTEM COMMANDS IP Routing Commands /dnnnn Optional parameter that indicates the data size in bytes for the ICMP Echo message. The valid range for the data size value is 0 to 2020. The default value is 0. Possible Results and their meanings: ddd.ddd.ddd.ddd is alive The valid ICMP Echo Reply was received from host ddd.ddd.ddd.ddd. No response from ddd.ddd.ddd.ddd No response was received from the host within the timeout value number of seconds.
USER’S GUIDE [System Name]> IP RIP ROUTES Active Routes Destination Subnet-Mask Next Hop Mtr P 1/2 TAge ---------------------------------------------------------------------3.2.0.0 255.255.0.0 0.0.0.0 4 A 1/1 A30 3.3.0.0 255.255.0.0 0.0.0.0 4 A 1/1 A30 192.168.5.0 255.255.255.0 0.0.0.0 0 A 1/1 SN/A 4.4.4.1 255.255.255.255 0.0.0.0 0 A 1/1 HN/A Inactive Routes Destination Subnet-Mask Next Hop Mtr P 1/2 TAge ---------------------------------------------------------------------4.0.0.0 255.0.0.0 0.0.0.
SYSTEM COMMANDS IP Routing Commands ip rip send Used to send the IP RIP update messages to a particular interface on demand. The example screen below demonstrates how you use this command. [System Name]> ip rip send 2.2.2.2 Sending IP RIP Update Message to Network 2.0.0.0 ip rip stats Displays global RIP statistics and also statistics for each configured RIP interface. Refer to RIP Statistics, for a list of available statistics and their definitions. ip route Displays the current routing table.
USER’S GUIDE ip stats Displays the current IP related statistics. Refer to IP Statistics, for a list of available statistics and their definitions. IPX ROUTING COMMANDS IPX routing must be enabled before these commands can be used. The following commands are used to display IPX routing information: ipx ipxwan clear Clears IPXWAN statistics.
SYSTEM COMMANDS IPX Routing Commands Note: The ipx diag and the ipx ping commands both test device connectivity (although both send back different types of responses). However, due to the variety of vendors and equipment available to networks, one command may work with a particular vendor or file server, while the other may not. If you are not experiencing success with ipx diag, try ipx ping, and vice versa.
USER’S GUIDE ipx trigreq [device] Generates a triggered RIP/SAP update request to the specified device. You may use this command to initiate an update request to synchronize with the routing database of a particular WAN device. ipx trigrip stats Displays the triggered RIP statistics. Refer to IPX Triggered RIP Statistics. ipx trigsap stats Displays the triggered SAP statistics. Refer to IPX Triggered SAP Statistics.
SYSTEM COMMANDS LAN Commands LAN COMMANDS The following commands are used to display current system LAN diagnostic information: lan stats Displays the current LAN packet forwarding statistics, including the number of frames received and transmitted from LAN and WAN connections. Refer to LAN Statistics, for a list of available statistics and their definitions. lan stat clear Clears the current LAN packet forwarding statistics.
USER’S GUIDE pkt capture [all/idle/reqd/pend/actv/none] Specifies which packets will be captured by the Packet Capture feature. A definition of each possible parameter follows. all All packets will be captured. none No packets will be captured. reqd Only packets causing a connection to be requested will be captured. pend Only packets received while a requested connection is pending will be captured. idle Only packets not causing a connection to be requested will be captured.
SYSTEM COMMANDS Packet Capture Commands The following is an example pkt display screen: Num 0001 0002 0003 0004 0005 0006 0007 0008 0009 0010 0011 0012 0013 0014 0015 0016 Time(mSEC) Len 0000000000 0000000000 0000000000 0000000000 0000001980 0000001980 0000001980 0000001980 0000003190 0000003190 0000003960 0000003960 0000003960 0000003960 0000004670 0000004670 0064 0064 0064 0064 0064 0064 0064 0064 0028 0028 0064 0064 0064 0064 0064 0064 Dest Addr 00004440259C 00004440259C 00AA00302D25 00AA00302D25 000
USER’S GUIDE Banyan Vines Packet Detail Screen (Bridged Packet) Packet Number Received at Time Packet Length 0021 0000022190 mSEC 0060 Destination Address Source Address FFFFFFFFFFFF 02608C9BED38 EtherNet Type is 0BAD, VINES IP Check Sum Packet Length Protocol Type D75D 0x001A 04, ARP Transport Control Hop Count 0 0 Dest Network Dest SubNet Source Network Source SubNet FFFFFFFF FFFF 00000000 0x0000 Packet Type Query Network Number 126697007 Subnetwork Number 0x9183 Hit Escape to EXIT Packet Details I
SYSTEM COMMANDS RADIUS Commands RADIUS COMMANDS The following console commands may be used to diagnose problems with: • connections to the off-node RADIUS authentication server • CyberSWITCH configuration • authentication server device database entries radius chap Attempts an authentication session using CHAP. The following is an example display of the screen. [System Name]>radius chap Enter the device name ( to abort)? doe Enter secret ( to abort)? secret123 Send Radius Authentication Request..
USER’S GUIDE radius ipres Attempts an authentication session using the IP resolution. The following is an example display of the screen. [System Name]>radius ipres IP Address of the Host logging in ( to abort)? 19.63.4.5 Send Radius Authentication Request... Please wait [AUTH] Warning code: 0001 Timeout. radius macres Attempts an authentication session using the MAC resolution. The following is an example display of the screen.
SYSTEM COMMANDS SNMP Commands SNMP COMMANDS When the SNMP Agent is enabled on the CyberSWITCH, the following command is available: snmp stats Displays the current SNMP related statistics. Refer to SNMP Statistics, for a list of available statistics and their definitions. TCP COMMANDS TCP (Transmit Control Protocol) provides a connection-oriented reliable communication for delivery of packets to a remote or on-node device.
USER’S GUIDE telnet ? Displays the help screen for the telnet command. The help screen provides the syntax for the command described below. telnet [port number] Begins a Telnet session for the Telnet host at the indicated IP address. The port number is an optional parameter that can be used to specify the destination port number. Include this parameter if you wish to connect to a port other than the default port number, 23.
SYSTEM COMMANDS Telnet Commands The possible send parameters are defined as follows: send ayt The send ayt command sends the Telnet command function for “Are You There?” to the target host. This can be used to determine whether or not the target host is still responding.
USER’S GUIDE • • • , where is in the range of ASCII 'A' to ASCII '_' , where is in the range of ASCII 'a' to ASCII 'z' (note that lower case letters are converted to upper case before they are used) , where is in the range of ASCII '!' to ASCII '~' To specify the key in the set escape command, use the ’>’ character.
SYSTEM COMMANDS TFTP Commands TFTP COMMANDS The TFTP feature and its commands are only available when IP routing is enabled. The TFTP feature and file access are enabled by default when the system software is installed. Using the Manage Mode, configuration changes may be made that will limit file access. The following TFTP commands are available: tftp get Allows you to perform the “TFTP GET” operation locally from the console through the TFTP Client function.
USER’S GUIDE session information for a TFTP session that has terminated. The screen below illustrates the use of this command. > TFTP SESSION Id Sess-Id Local file Type/Mode Bytes Xmit Retries ---------------------------------------------------------1 5 temp.txt Client/Put 12752 1 2 6 tmp Server/Get 423 0 3 7 text.
SYSTEM COMMANDS UDP Commands trace x25 [on/off] Enables or disables the X.25 packet tracing option. This feature displays up to 15 octets of the packet. To display the log file, issue the dr console command. This option is initially disabled. wan fr-ietf trace [on/off] [in/out] [device/fr_accessname_dlci] [prot] Enables or disables the tracing of incoming and out going frame relay IETF packets.
USER’S GUIDE sentry ace Attempts an authentication session using ACE. The system will report whether the authentication attempted was successful or rejected. WAN COMMANDS The following commands are used to display current system WAN diagnostic information: wan fr-ietf stats [device/fr_accessname_dlci] [prot] Displays the current frame relay IETF related statistics. Refer to WAN FR_IETF Statistics, for a list of available statistics and their definitions. wan stats Displays the current WAN statistics.
SYSTEM COMMANDS X.25 Commands x25 a The “a” option will set the access name specified by as the default access for subsequent commands entered without an explicit access specifier. This access name will remain the current access, until it is changed through issuing another x25 a command. Note: This command may be used with all other x25 commands. For example, x25 a acc1 vc would be a valid command, changing the default X.
SYSTEM STATISTICS OVERVIEW Statistics can either be generated by issuing the ds command to display the set of statistics known as the System Statistics, or by issuing a specific command to display statistics in a specific category. In addition to using the ds command to display the system statistics, they are also automatically written to a statistics log every 30 minutes. The statistics are stored in the following location: Directory: \log File Name: stat_log.
SYSTEM STATISTICS Call Statistics call minutes (month) The total call minutes that have been logged for the month. calls (day) The total number of calls that have been made for the day. calls (month) The total number of calls that have been made for the month. CALL STATISTICS You can access these statistics by issuing the ds console command. Initiated The number of switched calls initiated. Completed The number of switched call attempts that were completed successfully.
USER’S GUIDE APPLETALK STATISTICS You may display AppleTalk protocol statistics (subdivided into six subgroups) and AppleTalk port statistics. You can display all six subgroups of the AppleTalk protocol statistics by issuing the atalk stats command, or you can display the individual subgroups by adding an extra variable to the atalk stats command. You can display the AppleTalk port statistics by issuing the atalk port stats console command. A definition of these statistics begin on page 566.
SYSTEM STATISTICS AppleTalk Statistics ddpTooShortErrors The total number of input DDP datagrams dropped because the received data length was less than the data length specified in the DDP header or the received data length was less than the length of the expected DDP header. ddpTooLongErrors The total number of input DDP datagrams dropped because they exceeded the maximum DDP datagram size.
USER’S GUIDE atechoInReplies The count of AppleTalk Echo replies received. APPLETALK ROUTING TABLE MAINTENANCE PROTOCOL (RTMP) STATISTICS You can display this subgroup of AppleTalk statistics by issuing the atalk stats rtmp console command. rtmpInDataPkts A count of the number of good RTMP data packets received by this system. rtmpOutDataPkts A count of the number of RTMP packets sent by this system. rtmpInRequestPkts A count of the number of good RTMP Request packets received by this system.
SYSTEM STATISTICS AppleTalk Statistics zip ZoneConflctErrors The number of times a conflict has been detected between this entity’s zone information and another system’s zone information. zipInObsoletes The number of ZIP Takedown or ZIP Bringup packets received by this system. Note that as the ZIP Takedown and ZIP Bringup packets have been obsoleted, the receipt of one of these packets indicates that a node sent it in error.
USER’S GUIDE atpRetryCntExceeds The number of times the retry count was exceeded, and an error was returned to the client of ATP. APPLETALK PORT STATISTICS You can display the AppleTalk port statistics by issuing the atalk port stats console command. portInPackets The number of AppleTalk packets received on this port by this system. portOutPackets The number of AppleTalk packets sent out on this port by this system.
SYSTEM STATISTICS Bridge Statistics BRIDGE STATISTICS The system collects bridge statistics for each LAN port and for WAN connections. These bridge statistics include information on the number of frames received, forwarded, discarded or transmitted. If the system is configured for two LAN ports, there is a line of counters for each LAN port. However, the WAN counters are totaled for all WAN ports.
USER’S GUIDE COMPRESSION STATISTICS The system collects the following compression statistics for each active compression connection. These statistics can be displayed by issuing the cmp stats or the cmp stats command at the administration console. The cmp stats command will display the compression statistics for all active connections. The cmp stats command will display the compression statistics for the specified device. Note that the device name is case sensitive.
SYSTEM STATISTICS DHCP Statistics total dmp reset count The total number of decompressed resets (peer and System sent resets). peer sent resets The number of decompression resets sent from peer devices. system sent resets The number of decompression resets sent from the System. dropped pkts The number of dropped packets that could not be queued. fcs errors The number of frame checksum errors. DHCP STATISTICS Access DHCP statistics by using the dhcp stats command.
USER’S GUIDE DHCP/BOOTP invalid’op’ Stat incremented whenever a DHCP/BOOTP message is received with an’op’ field that is not equal to either BOOTREQUEST or BOOTREPLY. These messages are discarded. DHCP RELAY AGENT STATISTICS BOOTREQUEST msgs rcvd Incremented whenever the system identifies a UDP datagram as a DHCP/BOOTP BOOTREQUEST message. This datagram has passed the initial consistency checks.
SYSTEM STATISTICS DHCP Statistics BOOTREPLY msgs rlyd Number of BOOTREPLY messages that were successfully relayed to DHCP/BOOTP clients. BOOTREPLY bad ’giaddr’: Number of DHCP/BOOTP BOOTREPLY messages that were discarded by the DHCP Relay Agent because the ’giaddr’ (gateway IP address) field could not be mapped to one of the system’s IP network interfaces. BOOTREPLY arp_add0 fail Number of times that the DHCP/BOOTP Relay Agent failed to add a client’s IP address/hardware address pair to the ARP table.
USER’S GUIDE DHCPACKs rcvd Incremented whenever the DHCP Proxy Client has received a DHCPACK message from a DHCP server. DHCPNAKs rcvd Incremented whenever the DHCP Proxy Client has received a DHCPNAK message from a DHCP server.
SYSTEM STATISTICS Frame Relay Statistics # Line Ready Count The number of times the physical link underlying the Frame Relay Access has become “ready” for use. # Line Not Ready Count The number of times the physical link underlying the Frame Relay Access has become unusable. # Frames Received The total number of frames received on the Frame Relay Access. This is the sum of the number of frames received on each PVC associated with this access.
USER’S GUIDE # No Control Block Not currently supported. # NEW & Existing PVC The number of times a NEW PVC was indicated by a LMI STATUS message—but the frame relay software believed the PVC already existed. # PVC Not Configured The number of times a frame was received containing an unknown DLCI value, and hence, an unconfigured PVC. # No NEW Bit Not currently supported.
SYSTEM STATISTICS LAN Statistics # Frames received The total number of frames received on the PVC. # Bytes received The total number of bytes received on the PVC. # Frames sent The total number of frames sent on the PVC. # Bytes sent The total number of bytes sent on the PVC. # Flow Control Events The number of times the PVC was congested due to busy transmit hardware.
USER’S GUIDE IP STATISTICS You can access IP statistics by using the ip stats console command. These statistics are parts of the IP Group and the ICMP Group MIB variables that are defined in RFC-1213:MIB-II. IP GROUP STATISTICS ipForwarding The indication of whether the system is acting as an IP gateway in respect to the forwarding of datagrams received by, but not addressed to, this CyberSWITCH. IP gateways forward datagrams, IP hosts do not (except those source-routed via the host).
SYSTEM STATISTICS IP Statistics ipOutRequests The total number of IP datagrams which local IP device-protocols (including ICMP) supplied to IP in requests for transmission. ipOutDiscards The number of output IP datagrams for which no problem was encountered that would prevent their transmission to their destination, but which were discarded (e.g., for lack of buffer space).
USER’S GUIDE icmpInDestUnreachs The number of ICMP Destination Unreachable messages received. icmpInTimeExcds The number of ICMP Time Exceeded messages received. icmpInParmProbs The number of ICMP Parameter Problem messages received. icmpInSrcQuenchs The number of ICMP Source Quench messages received. icmpInRedirects The number of ICMP Redirect messages received. icmpInEchos The number of ICMP Echo (request) messages received. icmpInEchoReps The number of ICMP Echo Reply messages received.
SYSTEM STATISTICS IPX Statistics icmpOutSrcQuenchs The number of ICMP Source Quench messages sent. icmpOutRedirects The number of ICMP Redirect messages sent. For a host, this will always be zero, since hosts do not send redirects. icmpOutEchos The number of ICMP Echo (request) messages sent. icmpOutEchoReps The number of ICMP Echo Reply messages sent. icmpOutTimestamps The number of ICMP Timestamp (request) messages sent. icmpOutTimestampReps The number of ICMP Timestamp Reply messages sent.
USER’S GUIDE ipxBasicSysInHdrErrors The number of IPX packets discarded due to errors in their headers, including any IPX packet with a size less than the minimum of 30 bytes. ipxBasicSysInUnknownSockets The number of IPX packets discarded because the destination socket was not open. ipxBasicSysInDiscards The number of IPX packets received but discarded due to reasons other than those accounted for by ipxBasicSysInHdrErrors, ipxBasicSysInUnknownSockets, ipxAdvSysInDiscards, and ipxAdvSysInCompressDiscards.
SYSTEM STATISTICS IPX Statistics ipxAdvSysInTooManyHops The number of IPX packets discarded due to exceeding the maximum hop count. ipxAdvSysInFiltered The number of incoming IPX packets discarded due to filtering. ipxAdvSysInCompressDiscards The number of incoming IPX packets discarded due to decompression errors. ipxAdvSysNETBIOSPackets The number of NETBIOS packets received. ipxAdvSysForwPackets The number of IPX packets forwarded.
USER’S GUIDE IPX TRIGGERED RIP STATISTICS You can access IPX triggered RIP statistics by using the ipx trigrip stats command. trigRipUpdateRequestsSent Number of triggered RIP update requests sent. trigRipUpdateRequestsRcvd Number of triggered RIP update requests received. trigRipUpdateResponsesSent Number of triggered RIP update responses sent. trigRipUpdateResponsesRcvd Number of triggered RIP update responses received. trigRipUpdateAcksSent Number of triggered RIP update acknowledgments sent.
SYSTEM STATISTICS IPX Statistics IPX SAP STATISTICS You can access IPX SAP statistics by using the ipx sap stats console command. sapInstance With the CyberSWITCH, the value of this statistic is always 1. With other products, this statistic is useful. Currently, it is not useful for the CyberSWITCH. sapIncorrectPackets The number of times incorrect SAP packets were received. sapState Represents the status of the IPX SAP feature: 1 = disabled, 2 = enabled.
USER’S GUIDE Maximum Services Maximum number of services this router is configured to handle. Available Services Number of services currently available on this router. High Water Mark Peak number of services this router has used. RIP STATISTICS You can access RIP statistics by using the ip rip stats console command. Global RIP statistics and statistics for each configured RIP interface are included. RIP GLOBAL STATISTICS GlobalRouteChanges The number of route changes made to the IP route database by RIP.
SYSTEM STATISTICS SNMP Statistics IfStatSentResponses The number of RIP messages with ‘response’ command code sent on this interface. IfStatSentUpdates The number of triggered RIP updates actually sent on this interface. This explicitly does NOT include full updates sent containing new information. SNMP STATISTICS If the SNMP Agent is enabled, you can access SNMP statistics by using the snmp stats command. Each of the following statistics are counters that refer to an MIB-2 SNMP group object.
USER’S GUIDE snmpInReadOnlys The total number of valid SNMP PDUs that were delivered to the SNMP Agent and for which the value of the error-status field is “readOnly”. It should be noted that it is a protocol error to generate an SNMP PDU that contains the value “readOnly” in the error-status field, as such this object is provided as a means of detecting incorrect implementations of the SNMP.
SYSTEM STATISTICS TCP Statistics snmpOutGetRequests The total number of SNMP Get-Request PDUs that have been generated by the SNMP Agent. snmpOutGetNexts The total number of SNMP Get-Next PDUs that have been generated by the SNMP Agent. snmpOutSetRequests The total number of SNMP Set-Request PDUs that have been generated by the SNMP Agent. snmpOutGetResponses The total number of SNMP Get-Response PDUs that have been generated by the SNMP Agent.
USER’S GUIDE tcpAttemptFails The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN-SENT state or the SYN-RCVD state, plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN-RCVD state. tcpEstabResets The number of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSE-WAIT state.
SYSTEM STATISTICS TFTP Statistics Failed file gets Displays the count of failed gets. (Remote host failed to download a file from the local system.) Total bytes put Displays the total number of bytes successfully put. (Number of bytes uploaded to the local system by remote hosts.) Total bytes get Displays the total number of bytes successfully gotten. (Number of bytes downloaded from the local system by remote hosts.
USER’S GUIDE Data Packets Sent Displays the total number of Data Packets sent. Data Packets Received Displays the total number of Data Packets received. Error Packets Sent Displays the total number of Error Packets sent. Error Packets Received Displays the total number of Error Packets received. ACK Packets Sent Displays the total number of ACK Packets sent. ACK Packets Received Displays the total number of ACK packets received.
SYSTEM STATISTICS WAN FR_IETF Statistics WAN FR_IETF STATISTICS You can access FR_IETF statistics by issuing the wan fr-ietf stats [device/ fr_accessname_dlci] [prot] console command. Protocol The line protocol of the packets transmitted or received. Frames Sent The number of frames sent for the indicated protocol. Octets Sent The number of octets sent for the indicated protocol. Send Errors The number of transmission errors for the indicated protocol.
USER’S GUIDE AIS (Blue) The number of times layer 1 has detected a qualified unframed all ones signal. RAI (Yellow) The number of times layer 1 has detected a qualified RAI (remote alarm indication) signal. LAYER 1 PRI ERROR STATISTICS Note: Layer 1 PRI error statistics apply to the line connected to the indicated slot. Bipolar Violations The number or times there has been either a mismatch between encoding types (B8ZS not selected) or line noise.
SYSTEM STATISTICS WAN Statistics Unknown Events If this counter is ever non-zero, call Customer Support Personnel. Unused Events If this counter is ever non-zero, call Customer Support Personnel. Unknown Mail If this counter is ever non-zero, call Customer Support Personnel. Wrong State If this counter is ever non-zero, call Customer Support Personnel. WAN STATISTICS You can access WAN statistics by issuing the wan stats console command.
USER’S GUIDE call minutes (month) The total call minutes that have been logged for the month. calls (day) The total number of calls that have been made for the day. calls (month) The total number of calls that have been made for the month. X.25 STATISTICS There are two sets of statistics available related to an X.25 access: statistics for the access itself, and statistics for specific Virtual Circuits (VCs) used by the X.25 access. X.
SYSTEM STATISTICS X.25 Statistics # Resets Received The number of resets received. # RR Sent count The number of receive ready packets sent. # RR Received The number of receive ready packets received. # RNR Sent count The number of receive not ready packets sent. # RNR Received The number of receive not ready packets received. # REJ Sent count The number of remote connection requests that have been rejected. # REJ Received The number of locally generated connection requests that have been rejected.
USER’S GUIDE Permanent Virtual Circuit or Switched Virtual Circuit Identifies the type of VC in use. Local Address The local DTE X.121 address. Remote Address The remote DTE X.121 address. # Packets Sent count The number of X.25 data packets sent. # Packets Received The number of X.25 data packets received. # Resets Sent count The number of times the local DTE reset the VC. # Resets Received The number of times the network or remote DTE reset the VC.
ROUTINE MAINTENANCE OVERVIEW The information in this chapter provides instructions for performing routing maintenance on the CyberSWITCH. The information falls into the following categories: • installing/upgrading system software • executing configuration changes • performing a configuration backup and restore • obtaining system custom information INSTALLING/UPGRADING SYSTEM SOFTWARE System software is delivered on a CD.
USER’S GUIDE changes are NOT dynamic. The changes are saved in a temporary copy of configuration data, and will not affect the current run-time operation of the system in any way. To terminate the session, return to the main CFGEDIT menu. Select the save changes option. Then press to exit. Note: This “save” process also includes all unsaved Manage Mode changes which were made prior to the CFGEDIT session, if any. At your earliest possible convenience, reboot the system.
APPENDICES The User’s Guide includes the following appendices: • System Worksheets We have designed a set of worksheets you can fill out before you begin your CyberSWITCH configuration. Once filled out, they will contain information you will need for the configuration process. • CFGEDIT Map A CFGEDIT map you can use as an aid when configuring your system. As you proceed through the configuration process, this map can help you understand where you are in the CFGEDIT structure.
SYSTEM WORKSHEETS The worksheets included in this appendix will be helpful in configuring and managing your system. They capture important network information. To see examples of completed worksheets, refer to the Example Networks Guide. Worksheets included in this appendix are: 1. Network Topology Worksheet. This worksheet identifies the following information: • The Users or Remote Sites in your network. • The telephone numbers associated with the Users or Remote Sites in your network.
SYSTEM WORKSHEETS Network Topology NETWORK TOPOLOGY Workgroup Remote Access Switch 601
USER’S GUIDE SYSTEM DETAILS System Name: _____________________ PAP Password:_______________ CHAP Secret:___________________ RESOURCES Type Slot Switch type Synchronization type LINES BRI Lines Name Slot Port Line type Call screen TEI SPID Directory number PRI Lines Name 602 CyberSWITCH Slot Port Framing type Line coding Sig.
SYSTEM WORKSHEETS System Details ACCESSES Dedicated Accesses Over ISDN: Line name Data rate ❒ 56 Kbps ❒ 56 Kbps ❒ 56 Kbps ❒ 56 Kbps Bearer channels Line protocol Device tied to this access Data rate Line protocol Device tied to this access ❒ 64 Kbps ❒ 64 Kbps ❒ 64 Kbps ❒ 64 Kbps Over Serial connection: Line name Clocking ❒ Internal ❒ Internal ❒ Internal ❒ Internal ❒ External ❒ External ❒ External ❒ External X.
USER’S GUIDE DEVICE INFORMATION Device Name: _____________________________ Calling (ISDN, FR, etc.) Information Line Protocol Base Data Rate Initial Data Rate Max Data Rate Dial-Out Number(s) X.
SYSTEM WORKSHEETS Bridging and Routing Information BRIDGING AND ROUTING INFORMATION BRIDGING Bridging ❒ enabled ❒ disabled Mode of Operation ❒ restricted ❒ unrestricted IP Routing ❒ enabled ❒ disabled Mode of Operation ❒ router ❒ IP host Bridge Filters Bridge Dial Out/ Known Connect List IP ROUTING Network Interface Information LAN Name IP address Mask Unnumbered WAN ❒ need ❒ don’t need Input filters Output filters Remote LAN Name IP address Mask Input filters Output filters Traditional
USER’S GUIDE IP ROUTING, CONTINUED Static Routes Destination network address Mask Next hop ❒ default? ❒ default? ❒ default? ❒ default? IPX ROUTING Routing Information IPX routing Internal network number ❒ enabled ❒ disabled Network Interface Information LAN Name External network number Remote LAN Name External network number Static Routes Destination network number Next hop ❒ Int. ❒ Int. ❒ Int. ❒ Int. ❒ Int. ❒ Int. NetWare Static Services Service name 606 CyberSWITCH Type ❒ Ext. ❒ Ext.
SYSTEM WORKSHEETS Bridging and Routing Information APPLETALK ROUTING AppleTalk Routing/Port Information AppleTalk routing ❒ enabled LAN ❒ disabled Name Port number Network type ❒ extended ❒ nonextended Netwk range/ number AppleTalk address Zone name(s) WAN Name Network type ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextend
CFGEDIT MAP OVERVIEW The following pages provide an outline of the CyberSWITCH CFGEDIT configuration utility. As you configure your system, you may find it helpful to use this outline as a map to help you navigate through CFGEDIT. MAIN MENU Note: All options listed may not be available on your particular system. The availability of these options depends upon the platform and software you have ordered, as well as your configuration choices.
CFGEDIT MAP Physical Resources Menu PHYSICAL RESOURCES MENU RESOURCES • Basic Rate switch type • T1/E1/PRI switch type synchronization • DES, FEAL DATA LINES • Name/Slot/Port/Framing/Line coding/Signalling/Line build out • Datalinks PPP: TEI negotiation PMP: Call Screen Method name subaddress telephone number ACCESSES • Dedicated Data rate Bearers list Line protocol HDLC PPP FR DBU Device name • X.25 Name Data rate X.
USER’S GUIDE OPTIONS MENU BRIDGING • • • • • Enable/Disable Spanning Tree Mode of Operation unrestricted, restricted Bridge Filters protocol definition filters (source, destination, protocol, packet data) Known Connect List IP ROUTING • Enable/Disable • IP Operating Mode (host/router) • Interfaces LAN WAN WAN (Direct Host) WAN (RLAN) WAN (unnumbered) IP Host • Static Routes • RIP (enable/disable) • Static ARP table • Isolated Mode (enable/disable) • Static Route via RADIUS • IP Address Pool • IP Filters
CFGEDIT MAP Options Menu • • • • • • • Routing Protocols IPX RIP, IPX SAP number table entries IPX Static Routes RIP info number of ticks, hops next hop destination IPX number Netware Static Services SAP info number of hops to service service IPX socket number service IPX node number service IPX network number service type service name IPX Spoofing IPX, SPX watchdog serial packet handling message packet handling Type 20 Protocol change devices enable WAN forwarding Isolated Mode (enable/disable) Trig
USER’S GUIDE CALL CONTROL • Throughput Monitor • Call Interval • Monthly call charges • Call Restrictions • Device Profile • Bandwidth Reservation • Semipermanent Connection • VRA Manager for Call Control enable/disable TCP port number DEFAULT LINE PROTOCOL • Action Timeout • Timeout Value LOG OPTIONS • Log Server Definitions • Call Detail Recording COMPRESSION • Enable/Disable • Default-per device • PPP STAC-L25 sequence number FR DBU • • Command/Control DLCI Outgoing data rate DEFAULT ASYNC PROTOCO
CFGEDIT MAP Security Menu SECURITY MENU SECURITY LEVEL • No Security • Device Level Security • User Level Security • Device and User Level Security SYSTEM OPTIONS AND INFORMATION • System Options PAP password CHAP challenge Bridge MAC address IP Host ID Calling Line ID • System Information system name system password system secret • Administrative Session Database Location On-node VRA Manager RADIUS TACACS ACE Inactivity time-outs Telnet admin sessions TCP port number Emergency Telnet port number DEVICE
USER’S GUIDE • Authentication PAP password CHAP secret outbound authentication user level authentication IP host ID bridge Ethernet calling line ID IP information IP address IP enable/disable make calls for IP data IPX enable/disable calls for IPX data IPXWAN IPX routing none RIP/SAP trig RIP/SAP IPX spoofing AppleTalk information AppleTalk address enable/disable make calls for AppleTalk data AppleTalk routing protocol Bridge information IP (sub)network number enable/disable make calls IPX network number
CFGEDIT MAP Security Menu OFF-NODE SERVER INFORMATION • VRA Manager TCP port • RADIUS Primary Server Secondary Server Miscellaneous info number of retries time between retries • TACACS Primary Server Secondary Server Miscellaneous info number of retries time between retries packet format • ACE Primary Server Secondary Server Miscellaneous info number of retries time between retries encryption method (SDI or DES) source IP address Load Server Configuration file NETWORK LOGIN INFORMATION • Network login con
GETTING ASSISTANCE REPORTING PROBLEMS For a fast response, please take the time to fill out the System Problem Report to inform us of any difficulties you have with our products. A copy of this report can be found at the end of this chapter. This report provides us with important information to diagnose and respond to your questions. Please pay special attention to the following areas: FAX Header The System Problem Report has been designed as a FAX form.
DATE: ______________ TO: CUSTOMER SERVICE Cabletron Systems (603) 332-9400 PHONE (603) 337-3075 FAX NUMBER OF PAGES INCLUDING THIS PAGE: ______ FROM: ______________________________________ COMPANY:_______________________________________ ADDRESS: ______________________________________ ______________________________________ PHONE: ______________________________________ FAX: ______________________________________ _____________________________________________________________________________________________ CA
ADMINISTRATIVE CONSOLE COMMANDS TABLE The following table lists all system administration commands. Guest commands are identified in the command column. Command ? Use (GUEST) displays help screen autobaud notifies boot device to check baud rate atalk arp displays the AARP cache atalk ping . {timeout/dnnn] example: atalk ping 1.
ADMINISTRATIVE CONSOLE COMMANDS TABLE Command Use cdr stats clear (GUEST) clears current call detail recording statistics cdr verify (GUEST) verifies call detail recording servers are configured cfg provides information on changes to configuration files cfgedit starts the CFGEDIT configuration utility cls (GUEST) clears administration screen cmp stats displays the compression connection statistics for all active connections cmp stats displays the compression connection stati
USER’S GUIDE 620 Command Use fr clear clears the statistics counters for the selected frame relay access and DLCI fr clearall clears all statistics for the selected frame relay access and DLCI fr cong displays congestion control information for the selected frame relay access and DLCI fr d sets DLCI value to “m” as default DLCI for the selected frame relay access fr dbg level displays the current debug level for frame relay fr dbg level sets the current debug level for fram
ADMINISTRATIVE CONSOLE COMMANDS TABLE Command Use ipx ping sends an ICMP echo message to the specified host ipx rip stats displays IPX RIP statistics ipx route displays the current IPX routing table ipx route stats displays IPX routing table statistics ipx sap stats displays IPX SAP statistics ipx service displays routes to IPX services ipx service stats displays current service table statistics ipx sap stats displays IPX SAP statistics ipx spoof stats displays IPX spoofing statis
USER’S GUIDE Command Use neif displays the interface table pkt capture specifies which packets will be captured by the packet capture feature (all, reqd, pend, actv, idle, or none) pkt mac enables the MAC address monitor display pkt [on/off] enables or disables the Packet Capture feature pkt display displays captured packets pkt load loads previously saved Packet Capture file into memory pkt save saves captured packets to a disk file pswd changes pas
ADMINISTRATIVE CONSOLE COMMANDS TABLE Command Use telnet puts you in the Telnet command mode see telnet mode commands for available commands telnet [port # ] begins a Telnet session for the indicated Telnet host telnet mode commands: close exit open [target host][port # ] send [send parameter] set status toggle closes the current Telnet connection to a target host closes the current Telnet session establishes a Telnet session with a target host sends special Telnet control
USER’S GUIDE 624 Command Use wan fr-ietf trace [on/off] [in/out] [device/fr_accessname_dlci] [prot] enables or disables the tracing for WAN FR_IETF packets wan stats displays current WAN connection information wr writes current system messages to disk ws writes current system statistics to disk x25 clear clears the statistics counters for the currently selected X.25 access x25 clearall clears all statistics for the currently selected X.
MANAGE MODE COMMANDS TABLE The following table displays the available Dynamic Management commands: Command Use ace displays ACE off-node server configuration ace change allows changes to the ACE off-node server configuration ace reinit reinitializes the CyberSWITCH ACE client admlogin [change] displays [or allows you to change] the current administrative session configuration information alarm displays the current enabled status of the call restriction alarm alarm [off/on] disables/enables the
USER’S GUIDE 626 Command Use fileattr displays the current user file access rights (guest or admin) fileattr change allows the current file access rights configuration data to be changed help displays a list of the valid Manage Mode commands ipfilt updates the IP filter configuration ipnetif displays the current IP network interface configuration data ipradius displays current enabled status of IP route lookup via RADIUS ipradius off disables lookup of IP routes via RADIUS ipradius on ena
MANAGE MODE COMMANDS TABLE Command Use ipxt20 allows you to configure IPX type 20 information line displays the current line configuration data lineprot displays the current default line protocol configuration lineprot change allows changes to default line protocol configuration log presents all configuration options for log options netlogin displays network login parameters netlogin change allows changes to the network login parameters options displays the current operating mode, security
USER’S GUIDE 628 Command Use tftp displays the current TFTP configuration tftp change allows the current TFTP configuration to be changed thruput displays the current throughput monitor configuration data thruput change allows the current throughput monitor configuration data to be changed vra displays current VRA manager configuration data vra change allows you to change the VRA TCP port number CyberSWITCH
CAUSE CODES TABLE The following table provides Q.931 cause codes and their corresponding meanings. Cause codes may appear in Call Trace Messages. Dec Value Hex Value Q.931 Cause 0 0 valid cause code not yet received 1 1 unallocated (unassigned number) Indicates that, although the ISDN number was presented in a valid format, it is not currently assigned to any destination equipment.
USER’S GUIDE Dec Value 630 Hex Value Q.931 Cause 19 13 no answer from device (device alerted) Indicates that the destination has responded to the connection request but has failed to complete the connection within the prescribed time. Problem at remote end. 21 15 call rejected Indicates that the destination was capable of accepting the call (was neither busy nor incompatible) but rejected the call for some reason.
CAUSE CODES TABLE Dec Value Hex Value Q.931 Cause 34 22 no circuit/channel available Indicates that the connection could not be established because there was no appropriate channel available to handle the call. 35 23 destination unattainable 37 25 degraded service 38 26 network (WAN) out of order Indicates that the destination could not be reached because the network was not functioning correctly and that the condition is expected to last for a relatively long time.
USER’S GUIDE Dec Value 632 Hex Value Q.931 Cause 52 34 outgoing calls barred 53 35 outgoing calls barred within CUG 54 36 incoming calls barred 55 37 incoming calls barred within CUG 56 38 call waiting not subscribed 57 39 bearer capability not authorized Indicates that the device has requested a bearer capability that the network is able to provide, but that the device is not authorized to use. This may be a subscription fault.
CAUSE CODES TABLE Dec Value Hex Value Q.931 Cause 81 51 invalid call reference value Indicates that the remote equipment has received a call with a call reference that is not currently in use by the device-network interface. 82 52 identified channel does not exist Indicates that the receiving equipment has been requested to use a channel that is not activated on the interface for calls.
USER’S GUIDE Dec Value 634 Hex Value Q.931 Cause 97 61 message type non-existent or not implemented Indicates that the receiving equipment received a message that was not recognized either because the message type was invalid, or because the message type was valid but not supported. This is either a problem with the remote configuration or a problem with the local D-channel.
CAUSE CODES TABLE Dec Value UNKNOWN Hex Value Q.931 Cause Indicates that an event occurrent but that the network does not provide causes for the actions that it takes, therefore the precise nature of the event cannot be ascertained. This may, or may not, indicate the occurrence of an error.
USER’S GUIDE INDEX A access request retries 184, 187 accesses alternate accesses 196 X.
CFGEDIT 83, 597 map 608 cfgedit 83 CHAP secret 165 CLID 166 cls 85, 515 cmp 535 commands administration services 513 AppleTalk 525 call control 531 call detail recording 534 call restriction 534 compression 535 dynamic management 625 frame relay 535 IP routing 537 IPX 542 ISDN usage 544 LAN 545 log 545 operational information 515 packet capture 545 RADIUS 549 security (user-level) 557 set date and time 523 SNMP 551 summary 618, 625 TCP 551 Telnet 551 terminal 554 terminating and restarting 524 TFTP 555 thro
USER’S GUIDE device 162, 295 device add 162 device level databases 155 device level security 133, 139 device profile 323, 325 DHCP commands 535 diagnosis 413 example configurations 261 in a bridge to bridge environment 260 in a router to bridge environment 260 proxy client 265 proxy client verification 380 relay agent 258 relay agent verification 378 statistics 569 verifying 378 dhcp 258, 265, 535 dial out 29, 167 number 164 problem diagnosis 410 using bridge filters 233 verification 376 dir 524 directory
interfaces 102, 105 LAN 105 WAN 106 WAN direct host 106 WAN IP UnNumbered 107 WAN RLAN 106 internal network number 273 ip 538 IP addresses 105, 107, 514 IP filters 250 ip addrpool 535, 537 IP filters 241, 251 applying filters 249 configuration elements 250 connection filters 247 example 256 exception filter 248 forwarding filters 246 global 249 ICMP configuration 245 network interfaces 249 packet type configuration 242 per-device 249 problem diagnosis 396 TCP configuration 244 trace messages 494 UDP configu
USER’S GUIDE ISDN 27 configuration elements 163 ordering 56 profile information 325 provisioning settings 56 isdn 544 isolated mode 239 K known connect list 235 M L lan 545 LAN adapter problem diagnosis 384 verification messages 355 LAN connection operation verification 354 LAN IP interface 105 LAN LED indicators 418 LAN statistics 575 lan test 355 LANVIEW LEDs 420 LAPB 202 LED indicators 418 alarm 424 LAN 418 LANVIEW 420 NT1 status 421 service 422 WAN 418 led status 518 line 93 line build out 97 line
network security configuring device and user level security configuring device level security 139 configuring no security 138 configuring user level security 140 network topology worksheet 601 next hop 125, 126, 129 NI-1 95 normal operation messages 427 NT1 status LEDs 421 NTT INS 86 144 O off-node server information 178 on-node device table configuration elements 163 operational files 52 outbound authentication 166 overload condition 316 over-subscription timer (triggered RIP/SAP) P packet data filter c
USER’S GUIDE remote LAN 114, 273, 277, 295 problem diagnosis 401 verification 371 remote management 503 SNMP 504 Telnet 506 TFTP 509 reporting problems 616 requirements verification procedures 353 resource 90 resources 88, 90, 91 See also adapters restart 523 restore 522 restoring configuration 598 restricted bridge mode 221, 230 retransmission timer (triggered RIP/SAP) 291 RIP (IP) 130 and dedicated connections 120 and interfaces 117 commands 539 enabling 102, 130 host routes propagation scheme 112 operat
static routes 102 AppleTalk routing 310 statistics AppleTalk routing 562 bridging 567 call detail recording 567 call restriction 560 call statistics 561 compression 568 connectivity 560 DHCP 569 IP 576 IPX 579 IPX route 582 LAN 575 SNMP 585 TCP 587 TFTP 588 throughput monitoring 561 triggered RIP/SAP 582, 583 UDP 590 WAN 591 writing to disk 53 status 518 subaddress 92, 99, 164 subnet mask 108, 125, 126 SVCs 208 switch types 86 switches 35, 74, 89 SYNC indicator 418 synchronization type 90 sysContact 301 sys
USER’S GUIDE underload condition 316 unrestricted bridge mode 221 update 515 upgrade path directories 74 upgrading software 597 user level authentication 166 user level databases 176 user level security 133, 140 configuration 140, 177 configuration specific to IPX 292, 295 device and user level security 144 login banner files 53 utility commands 85 V VCCI notice 4 ver 518 verification module installation 353 requirements 353 verifying the installation bridge initialized 355 CDR 376 compression 377 dedicat
