Specifications

ManualsBrandsCabletron Systems ManualsSwitchDLE33-MA

9032860

Network Access

Software Command Reference

Summary of content (300 pages)

PAGE 1
Network Access Software Command Reference 9032860
PAGE 2
PAGE 3
Notice Notice Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
PAGE 4
Notice The following copyrights apply to the CMU BOOTP implementation: © Carnegie Mellon 1988 Permission to use, copy, modify, and distribute this program for any purpose and without fee is hereby granted, provided that this copyright and permission notice appear on all copies and supporting documentation, the name of Carnegie Mellon not be used in advertising or publicity pertaining to the distribution of the program without specific prior permission, and notice be given in supporting documentation that c
PAGE 5
Notice FCC Notice This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules.
PAGE 6
Notice iv
PAGE 7
Contents Preface About This Manual ........................................................................................................ xv Using This Manual ................................................................................................. xv Associated Documents........................................................................................... xv Conventions............................................................................................................
PAGE 8
Contents CONNECT PORT (privileged)............................................................................ 2-7 CONNECT PPP (secure) ....................................................................................... 2-7 CONNECT RLOGIN (secure) .............................................................................. 2-8 CONNECT SLIP (secure) ...................................................................................... 2-9 CONNECT/OPEN TELNET (secure) ..................................
PAGE 9
Contents INTERNET NAMEserver (privileged) ............................................................... 3-8 IPX (privileged) ...................................................................................................... 3-9 KERBEROS REALM (privileged) ........................................................................ 3-9 MENU (privileged).............................................................................................. 3-10 MENU LINE (privileged) ................................
PAGE 10
Contents KERBEROS [TIMEOUT] (privileged) ............................................................... 4-28 KERBEROS USER PASSWORD (KPASSWD) (secure) ................................... 4-28 MENU ........................................................................................................................... 4-30 MENU (privileged) .............................................................................................. 4-30 MENU LINE (privileged) ...........................................
PAGE 11
Contents PORT PPP IPCP.................................................................................................... 4-61 PORT PPP IPCP ADDRESS ................................................................................ 4-62 PORT PPP IPCP COMPRESSION ..................................................................... 4-63 PORT PPP IPCP COMPRESSION STATES ...................................................... 4-63 PORT PPP IPCP HOST ADDRESS (nonprivileged) ......................................
PAGE 12
Contents PORT TELNET SERVER EOR INDICATION (privileged) ............................ 4-89 PORT TELNET SERVER HOTKEY (privileged).............................................. 4-89 PORT TELNET SERVER IP INDICATION (privileged)................................. 4-90 PORT TELNET SERVER NEWLINE FROM HOST (privileged) .................. 4-90 PORT TELNET SERVER NEWLINE FROM TERMINAL (privileged) ........ 4-91 PORT TELNET SERVER NEWLINE TO HOST (privileged).........................
PAGE 13
Contents SERVER MAINTENANCE PASSWORD (privileged).................................. 4-123 SERVER MULTICAST TIMER (privileged) ................................................... 4-123 SERVER NAME - SERVER SOFTWARE................................................................ 4-124 SERVER NAME (privileged)............................................................................ 4-124 SERVER NODE LIMIT (privileged) ................................................................
PAGE 14
Contents SESSION TELNET SYNCH REQUEST (secure)............................................ 4-147 SESSION TELNET TERMINAL (privileged) ................................................. 4-148 SESSION TELNET TOGGLE ECHO (secure) ................................................ 4-148 SESSION TELNET VERIFICATION (secure)................................................. 4-149 SESSION TN3270 FLOW CONTROL - SYSTEM.................................................. 4-150 SESSION TN3270 FLOW CONTROL (secure).........
PAGE 15
Contents PORT PPP - PORT SECURITY COUNTERS ........................................................... 5-20 PORT PPP (secure)............................................................................................... 5-20 PORT PPP LCP/IPCP/ATCP/IPXCP (secure)................................................ 5-21 PORT RLOGIN (secure) ...................................................................................... 5-22 PORT SECURITY COUNTERS (nonprivileged) ..........................................
PAGE 16
Contents xiv
PAGE 17
Preface About This Manual The Cabletron Network Access Software Commands manual is written for the person who sets up, maintains, and manages any one of the supported families of network access servers. This individual must be familiar with the use of a terminal on an Access Server. Using This Manual This manual details the commands you need to operate and manage your access server, and should be used with the Cabletron Network Access Software Management guide.
PAGE 18
Preface Conventions This book uses the following conventions: xiv • The Return key, which you must press to execute all commands, is not shown in command line displays. • The Local> prompt, which appears in most examples, is the default access server prompt. You can change this prompt to something other than Local> with the SET/DEFINE/CHANGE SERVER PROMPT command. • All numbers are in decimal notation unless otherwise noted. • All Ethernet addresses are shown in hexadecimal notation.
PAGE 19
Chapter 1 Using Access Server Commands Overview Introduction This chapter briefly describes features of the access server that you should be familiar with to effectively use the access server commands. Reference For more information about using the commands in this manual to manage your access server, refer to the Cabletron Network Access Software Management guide.
PAGE 20
Using Access Server Commands Online Help Introduction You can display brief descriptions of all access server commands and characteristics available for the security level of your port by typing HELP at the access server prompt. The access server also offers tutorial help, which describes various end-user tasks.
PAGE 21
Using Access Server Commands Naming Conventions Naming Conventions for Access Servers and LAT Services Some commands require you to enter an access server, node, port, or service name. All of these names must be a string of 1 to 16 characters and cannot be abbreviated. Allowable characters are A to Z, 0 to 9, $, - (hyphen), _ (underscore), and . (period). The access server converts all lowercase letters to uppercase letters. The exception is DECnet node names.
PAGE 22
Using Access Server Commands Domain names can be of two types, either absolute (fully qualified) or relative. An absolute domain name has all the labels from the host to the root present in the name. A relative domain name has fewer labels, and is a domain name prefix. For example, falcon.nac.tmp.com is a fully qualified domain name for the host falcon, and falcon is a relative domain name for the host falcon.
PAGE 23
Using Access Server Commands Naming Conventions for Other Authentication Services The Access Server uses the Kerberos realm name concept for other supported authentication services, for example, RADIUS, SecurID, and the Local User Database. The realm name selects the available authentication protocols and servers.
PAGE 24
Using Access Server Commands Specifying Passwords Conventions for Specifying Passwords Unless Chapter 2 states otherwise, all passwords have 1 to 16 ASCII characters. When specifying passwords in access server commands, either enclose the password in quotation marks and include it in the command line, or enter the command without the password and let the access server prompt you for it.
PAGE 25
Using Access Server Commands Specifying a Port List Conventions for Specifying a Port List When specifying a port list in an access server command, the port-list line can contain either a single port or a port range (low to high or high to low). Use the DEFINE PORT command to change the port characteristics that take effect when the port is logged in to next time. Use the SET PORT command to change the port characteristics that you wish to take effect immediately, but stay in effect only until you log out.
PAGE 26
Using Access Server Commands Entering Commands Entering Commands This section describes command line editing features for entering access server commands. Command Prompting If you type a question mark (?) at any point in a command, the access server will display a list of all the legal keywords or data types at that point in the command. In the following examples, the words that start with capital letters are KEYWORDS. The capital letters indicate the minimum abbreviation for the keyword.
PAGE 27
Using Access Server Commands Command Line Editing and Recall The access server supports command line editing and recall. NOTES For command line editing and recall to work on a particular port, the port type characteristic must be set to ANSI (this is the default). For more information, refer to the SET/DEFINE/CHANGE PORT TYPE command.
PAGE 28
Using Access Server Commands Special Keys Special Keys Table The following table describes the special keys that you can use when entering commands: 1-10 Key Function Delete Deletes the last character entered in the current command line. Ctrl/U Deletes the entire current command line. Ctrl/Z Operates like Ctrl/U except when entered in response to a password prompt or password verification prompt. In that case, it cancels the password processing and causes the access server to return to local mode.
PAGE 29
Chapter 2 Command Descriptions Command Descriptions Overview Introduction This chapter describes the access server commands that are not explained in one of the following command categories: Clear/Purge, Set/Define/Change, or Show/Monitor/List. Reference For more information about the commands used in this chapter, refer to the Cabletron Network Access Software Management guide. Getting Help To get help at any time with commands, enter a question mark (?) at the prompt.
PAGE 30
Command Descriptions Commands BACKWARDS - CRASH BACKWARDS (secure) Syntax BACKWARDS Description This command (available to all users) resumes the session preceding your current session in the list produced by the SHOW SESSIONS command. Your preceding session is the one with the next lower number to your current session. If your current session is 1, your preceding session is the one at the end of the SHOW SESSIONS display.
PAGE 31
Command Descriptions ALL Is a privileged parameter specifying that the message is sent to all ports on the access server. message-text Is the text of the message (maximum of 115 characters, as space permits on the command line). The access server broadcasts the message in uppercase letters unless you enclose it in quotation marks. You cannot embed quoted text within the message.
PAGE 32
Command Descriptions CONNECT (secure) Syntax Description This secure command requests a connection to the LAT service. For more information, refer to the CONNECT ANY (secure), CONNECT AUTOLINK (secure), CONNECT [DIAL] (secure), CONNECT PORT (privileged), CONNECT PPP (secure), CONNECT SLIP (secure), and CONNECT/OPEN TELNET (secure). Keywords service-name Specifies the named service on an access server to which you want to connect (default: your preferred service if defined).
PAGE 33
Command Descriptions The first command connects the port to its preferred service, provided one is defined. The second command connects the port to the service SALES. The last command connects the port to the service METDATA at PORT_6 on the access server DATA-server. CONNECT ANY (secure) Syntax CONNECT [ANY] [host-name] Description This command (available to all users) determines whether a specified host is using the LAT or Telnet protocol.
PAGE 34
Command Descriptions Restrictions • The port must have SLIP or PPP enabled. • Only one SLIP or PPP session per port is allowed at any given time. • The incoming data must use either PPP or SLIP protocol, or be an interactive terminal session. • Both Multisessions and ODL must be disabled. Example: CONNECT AUTOLINK Local> CONNECT AUTOLINK This command examines incoming data. If a PPP or SLIP packet is detected, the session attempts to change itself into a PPP or SLIP session.
PAGE 35
Command Descriptions Example: CONNECT [DIAL] Local> CONNECT [DIAL] AT_TRADESHOW This command connects the dial service AT_TRADESHOW. CONNECT PORT (privileged) Syntax CONNECT PORT {port-number} Description This privileged command connects a dedicated port on your access server (a port other than your own) to a host system. For example, you can use this command to connect a printer to a host system. Once connected, the host could then send print jobs to the printer.
PAGE 36
Command Descriptions Example: CONNECT PPP Local> CONNECT PPP This command starts a PPP session on the current port. CONNECT RLOGIN (secure) Syntax Description This command (available to all users) requests a connection to the specified target. The target can be an Internet address or an Internet host name. Before granting the connection, the access server checks to see if the protocol is authorized for the requested port. (This command is functionally the same as RLOGIN.
PAGE 37
Command Descriptions CONNECT SLIP (secure) Syntax CONNECT [SLIP] Description This command (available to all users) specifies that a SLIP session will be started on the port. If SLIP is not the default protocol, you must specify SLIP in the command. NOTE If a HOST ADDRESS has not been set prior to entering the CONNECT SLIP command, the access server will determine the address from the first Internet packet received on the port. Restrictions • The port must have SLIP enabled.
PAGE 38
Command Descriptions When making connections, use either of the following methods: • Specify the host either by host-name or inet-address, and specify the tcp-port. • Specify only the host either by host-name or inet-address. The default tcp-port 23 is assumed. Keywords CONNECT, OPEN, or TELNET Specifies that only Telnet will be used to attempt the connection. If Telnet is missing from the command line, the access server will use the port’s default protocol. LAT is the factory-set default protocol.
PAGE 39
Command Descriptions CRASH (privileged) Syntax This privileged command shuts down the access server and initiates an upline dump. When this command is entered, users cannot access the access server until the upline dump completes and the access server reinitializes. Restriction If DUMP is set to DISABLED, the CRASH command will only reboot the access server (no upline dump will be performed).
PAGE 40
Command Descriptions Commands DIAL - FORWARDS DIAL (secure) Syntax Description This command establishes a session using a dial service offered on the server. The DIAL command is a synonym for CONNECT DIAL. Keyword dial-service-name The name of the dial service to which you wish to connect, or the phone number to be dialed. If a phone number is specified, the port must have a preferred dial service name set.
PAGE 41
Command Descriptions Keywords ALL Terminates all sessions on a port. SESSION session-number Terminates a particular session. (The default is your current session.) Examples: CLOSE/DISCONNECT SESSION Local> CLOSE SESSION 1 This command disconnects session 1. Local> DISCONNECT ALL This command disconnects all sessions on the port. DISCONNECT/CLOSE PORT (privileged) Syntax Description This privileged command is used to terminate a session to a dedicated service on another port.
PAGE 42
Command Descriptions DO command_group Syntax Description The DO command is used by the access server user to execute a set of commands contained within the command group. The user can enter this command from the Local> prompt, if privileged, or from one of the ports associated with the command group port-list. command_group [p1, p2, p3,...p8] The command group is created using the SET/DEFINE/CHANGE COMMAND GROUP command and one or more SET/DEFINE/CHANGE COMMAND GROUP LINE commands.
PAGE 43
Command Descriptions ENTER MENU Syntax Description If this command is entered in response to the Local> prompt, the specified menu must have previously been enabled for the port or the user must be privileged. When executed, this command puts the user’s port into menu mode, displays the specified menu, and positions the cursor at the first choice of that menu. Keywords [menu_name] Allows the user to select the specific menu to be displayed.
PAGE 44
Command Descriptions Commands HELP - MONITOR HELP (secure) Syntax Description This command displays conventional online HELP for the access server. Chapter 1 provides an overview of the most common form of online help. Help displays differ for privileged, nonprivileged, limited view and secure users. For example, if you enter HELP at a nonprivileged port, the resulting displays include only those commands and characteristics that can be specified by a nonprivileged user.
PAGE 45
Command Descriptions INITIALIZE (privileged) Syntax Description This privileged command reinitializes the access server. By default, the access server delays initialization for about 1 minute after it processes this command. You can specify no delay, or you can delay initialization for a longer time in order to perform an orderly shutdown. You can also execute a diagnostic test on the access server. Keywords FROM The optional FROM command allows the user to specify which device is to be used for loading.
PAGE 46
Command Descriptions DELAY minutes Specifies that the initialization procedure is delayed by the specified number of minutes (range: 0 to 1440; default: 1 minute). DISABLE Prevents the CONNECT command and the AUTOCONNECT function after an initialization. To enable CONNECT and AUTOCONNECT, enter INITIALIZE without the DISABLE option. DIAGNOSE Specifies that a test is to be done on the access server hardware. You can specify the self-test you want to perform.
PAGE 47
Command Descriptions INITIALIZE CANCEL (privileged) Syntax Description This privileged command terminates a previous INITIALIZE command (provided the initialization process has not yet begun). LEAVE MENU (secure) Syntax Description This command will cause the access server to leave the menu and return the user to the Local> prompt. LOCK (secure) Syntax Description This command (available to all users) prevents unauthorized use of your terminal in your absence.
PAGE 48
Command Descriptions Example: LOCK Local> LOCK Lock Password> FROGS (not displayed) Verification> FROGS (not displayed) Local -019- Port 6 locked Unlock Password> FROGS (not displayed) Local> If a user forgets the unlock password, a privileged user must LOGOUT the port before it can be logged in and used again. LOGOUT (secure) Syntax Description This command logs out a port on the access server and disconnects any sessions associated with the port.
PAGE 49
Command Descriptions ALL Is a privileged option that logs out all ports except the port where the command is entered. CONSOLE Is a privileged option that logs out the port being used as a remote management console port. port-list Is a privileged option specifying the port(s) to be logged out. (The default is your own port.) If your port is not specified in the list, it will not be logged out. For more information on specifying port-list, refer to Chapter 1 for examples and conventions.
PAGE 50
Command Descriptions Commands OPEN/TELNET - ZERO SERVER AUTHENTICATION COUNTERS OPEN/TELNET (secure) For information on this command, refer to the CONNECT/OPEN TELNET (secure) command. PING/TEST INTERNET (nonprivileged) Syntax Description This nonprivileged command tests end-to-end communication between the access server and the specified target over an Internet protocol network. The target can be an Internet address or an Internet domain name.
PAGE 51
Command Descriptions Restriction There can be only one PING/TEST INTERNET session per port. Example: PING Local> PING 195.1.1.60 This command tests Internet connectivity to the Internet address 195.1.1.60. REMOVE QUEUE (privileged) Syntax Description This privileged command removes queued LAT connection requests (for remote access to access server ports) from the access server queue.
PAGE 52
Command Descriptions RESUME (secure) Syntax RESUME [SESSION session-number] Description This command (available to all users) resumes an interactive session from local mode. When a TN3270 session is resumed, the screen will be cleared and the 3270 screen will be displayed with the information that existed when the session was interrupted. Keywords SESSION session-number Specifies the session you want to resume. If you omit this parameter, the access server resumes your current session.
PAGE 53
Command Descriptions SEND TELNET (secure) Syntax Description This command (available to all users) invokes the corresponding Telnet function on the current Telnet session. Keywords AO (Abort Output) Causes any output currently on its way to the user’s terminal to be aborted. AYT (Are-You-There) Solicits a response from the remote Telnet implementation. This causes the remote host to send back a message indicating that it is still up and running.
PAGE 54
Command Descriptions REQUEST STATUS Requests that the peer Telnet implementation responds with the current status of all Telnet options for this session. RESUME OUTPUT Causes a session to resume after an Abort Output signal has been sent and the port hangs. SYNCH Causes all input currently on its way to the remote process to be dropped. This includes input queued both by the local access server and the remote host.
PAGE 55
Command Descriptions Example: SETUP PRINTER Local>SETUP PRINTER ***** PRINTER SETUP ASSISTANCE ***** Port or ports to configure for printer [max port = 16] 16 Printer port speed 4800 Printer character size[7,8] 8 Printer stop bits (D=Dynamic)[1,2,D] D XON/XOFF, CTS/RTS, or None flow control [XON,CTS,None] X LAT, Telnet, or Both protocols[LAT,Telnet,Both] L Announced LAT service?[Y,N] Y LAT printer service name (1-16 characters) OURPRINTER LAT svc identification string (0-40 characters) LAA Printer
PAGE 56
Command Descriptions TEST LOOP (privileged) Syntax Description This privileged command tests the connectivity between your access server and another Ethernet node on the network. For more information about loop node testing, refer to the Cabletron Network Access Software Problem Solving guide. Keywords e-address1 Specifies the Ethernet address of the target node. An Ethernet address is a string of 12 hexadecimal digits in the form nn-nn-nn-nnnn-nn.
PAGE 57
Command Descriptions TEST PORT (secure) Syntax Description This command (available to all users) tests a port on the access server. This command causes the access server to send a stream of characters to the specified port. Irregularities in the rotating ASCII pattern indicate possible problems with the terminal or with the connection of the port to the access server. For more information about this test, refer to the Cabletron Network Access Software Problem Solving guide.
PAGE 58
Command Descriptions Example: TEST PORT Local> TEST PORT 3 COUNT 90 WIDTH 60 LOOP INTERNAL This command directs the access server to loop internally ninety 60-character lines to port 3. TEST SERVICE (privileged) Syntax Description This privileged command tests the end-to-end access servers over the LAT network. The test is performed between the access server and a service node. When the test is completed, the access server displays a report of the test results.
PAGE 59
Command Descriptions LOOPBACK Specifies that test data is looped back from the external target port connector or from the internal target port hardware. If you omit LOOPBACK, the test data is returned by the LAT protocol software on the target service node. Restriction This command is valid only on ports with MULTISESSIONS DISABLED.
PAGE 60
Command Descriptions Keywords ALL Specifies that access server, LAT node, port, port SLIP, port PPP, Internet, Internet name resolution, IPX, and SNMP counters are set to zero (0). NOTE AppleTalk and access server authentication counters are not reset with this command. APPLETALK All current access server-wide AppleTalk counters are set to zero (0). INTERNET Clears the Internet counters associated with the specified entity.
PAGE 61
Command Descriptions AUTHENTICATION Clears the authentication counters associated with the specified port. SECURITY AUTHENTICATION All Security Authentication counters are set to zero. SERVER AUTHENTICATION Clears the server authentication counters. SNMP Clears all SNMP error and access counters. Examples: ZERO COUNTERS Local> ZERO APPLETALK COUNTERS This command specifies that all AppleTalk counters be set to zero. Local> ZERO INTERNET This command clears the access server Internet counters.
PAGE 62
Command Descriptions 2-34
PAGE 63
Chapter 3 CLEAR/PURGE Commands Overview Introduction This chapter describes the CLEAR and PURGE commands. Both the CLEAR and PURGE commands delete whatever is specified by the keyword from the access server databases. Use the CLEAR command to remove information from the operational database. Use the PURGE command to remove information from the permanent database.
PAGE 64
CLEAR/PURGE Commands Commands COMMAND GROUP - INTERNET DHCP COMMAND GROUP (privileged) Syntax Description This privileged command removes the specified command group from the access server database. Keywords ALL Specifies that all of the command groups are to be removed from the access server database. command_group Specifies the name of the command group being removed from the database.
PAGE 65
CLEAR/PURGE Commands DIALER SCRIPT (privileged) Syntax Description This privileged command removes a modem script configuration entry from the permanent or volatile database. DIALER SERVICE (privileged) Syntax Description This privileged command removes a dialer service from the volatile or permanent database. INTERNET ARP ENTRY (privileged) Syntax Description This privileged command deletes existing address resolution protocol (ARP) entries from the access server ARP database.
PAGE 66
CLEAR/PURGE Commands Examples: CLEAR/PURGE INTERNET ARP ENTRY Local> CLEAR INTERNET ARP ENTRY ALL This command deletes all Internet ARP entries from the access server ARP operational database. Local> PURGE INTERNET ARP ENTRY 195.1.1.60 This command deletes the ARP entry for the Internet address 195.1.1.60 from the access server ARP permanent database.
PAGE 67
CLEAR/PURGE Commands Commands INTERNET GATEWAY - MENU LINE INTERNET GATEWAY (privileged) Syntax Description This privileged command deletes existing gateway entries from the access server database. Keywords ALL Specifies all existing gateway entries in the access server database. inet-address Specifies the local network Internet address of the gateway to be deleted. When this option is used, the NETWORK net-address and HOST inet-address options are also available.
PAGE 68
CLEAR/PURGE Commands Restrictions • The CLEAR command does not remove gateway entries with active connections. The PURGE command does remove gateway entries with active connections because it affects only the permanent database. • The HOST and NETWORK characteristics are not valid with the ALL characteristic. Examples: CLEAR/PURGE INTERNET GATEWAY Local> CLEAR INTERNET GATEWAY ALL This command deletes all Internet gateway entries from the access server operational database.
PAGE 69
CLEAR/PURGE Commands domain-name Specifies the domain-name of a host or a domain. HOST This option (the default) is valid only when specifying a domain-name. Only the host specified will be deleted. The domain name for HOST can be an absolute or a relative name. If a relative name is specified, the default local domain will be automatically appended to the host name. The domain name for DOMAIN must be an absolute name. DOMAIN This option identifies the domain-name as a domain name for a domain.
PAGE 70
CLEAR/PURGE Commands INTERNET NAMEserver (privileged) Syntax Description This privileged command deletes existing Internet domain name servers from the access server domain name system (DNS) database. Keywords ALL Specifies that all domain name servers will be deleted. LOCAL Specifies that all local domain name servers will be deleted. NAME name Specifies the name of the domain name server to be deleted. ADDRESS inet-address Specifies the address of the domain name server to be deleted.
PAGE 71
CLEAR/PURGE Commands IPX (privileged) Syntax Description RIP deletes all unique networks from the RIP database that have been learned from RIP protocol requests. Also, all routes associated with these networks are also deleted. SAP clears all SAP service entries in the SAP database that have been learned by SAP Get Nearest Service (GNS) protocol requests (use SHOW IPX STATUS for current entries).
PAGE 72
CLEAR/PURGE Commands MENU (privileged) Syntax Description This privileged command removes a menu or ALL menus from the access server database. MENU LINE (privileged) Syntax Description This privileged command removes a specified line from the specified menu in the access server database.
PAGE 73
CLEAR/PURGE Commands Commands PORT PPP/SLIP HOST ADDRESS USERACCOUNT PORT PPP/SLIP HOST ADDRESS (privileged) Syntax CLEAR PORT ALL port-list PURGE SLIP PPP IPCP HOST ADDRESS Description This privileged command deletes the Internet address of the port’s attached device. Keywords ALL Specifies all access server ports. port-list Specifies one or more ports. For more information on specifying port-list, refer to Chapter 1 for examples and conventions.
PAGE 74
CLEAR/PURGE Commands PRINTER Syntax printer-name CLEAR PRINTER PURGE ALL Description This command deletes the LPD printer name and disassociates the printer from a port. Keywords printer-name Specifies the name of the printer to be deleted. ALL Specifies that all of the printers associated with a port will be deleted. REALM (privileged) Syntax Description This privileged command deletes the various realms used to identify particular administrative domains.
PAGE 75
CLEAR/PURGE Commands SERVER REALM (privileged) Syntax Description This privileged command deletes the various realms used to identify particular administrative domains. This is simply an extension of the existing syntax for setting up and tearing down Kerberos. SERVICES (privileged) Syntax Description This privileged command deletes an entry for one or all local LAT services from the access server database. Keywords service-name Specifies the name of a LAT service to be deleted.
PAGE 76
CLEAR/PURGE Commands SNMP COMMUNITY (privileged) Syntax Description This privileged command deletes an SNMP community name from the access server database. Keywords ALL Specifies all SNMP communities currently defined in the community database, except for the default community PUBLIC. community-name Specifies a community name or a community’s characteristics in the access server community database. The community-name is an ASCII string, maximum length 32 characters, enclosed in double quotes.
PAGE 77
CLEAR/PURGE Commands TCP LISTENER(privileged) Syntax Description This privileged command resets a predefined TCP listener in the access server database to the factory-set defaults. The access server defaults are: Connections: DISABLED, Ports: NONE, and Type: TCP. The listener type will remain RAW TCP. When you enter the CLEAR TCP LISTENER command, you will get an error message if there are sessions active that were established from the specified listener.
PAGE 78
CLEAR/PURGE Commands TELNET LISTENER (privileged) Syntax Description This privileged command resets a predefined Telnet listener in the access server database back to the factory-set defaults. This command sets the Telnet listener’s IP address to 0.0.0.0. When you enter the CLEAR TELNET LISTENER command, you will get an error message if there are sessions active that were established from the specified listener.
PAGE 79
CLEAR/PURGE Commands TN3270 TERMINAL (privileged) Syntax Description This privileged command removes a customized TERMINAL entry. The keymap associated with TERMINAL is deleted unless it is currently used by another TERMINAL. Keywords t-name The name of a terminal type. The CLEAR command is restricted from clearing tname if one or more ports currently have the t-name defined in its operational database. Port definitions must be changed for command operation.
PAGE 80
CLEAR/PURGE Commands 3-18
PAGE 81
Chapter 4 SET/DEFINE/CHANGE Commands Overview Introduction This chapter describes the SET, DEFINE, and CHANGE commands. Use SET commands to change characteristics and options stored in the operational database of the access server. SET commands take effect immediately but continue only until logout occurs (for port characteristics) or until the server is rebooted (for all other characteristics). Use DEFINE commands to change characteristics stored in the permanent database of the access server.
PAGE 82
SET/DEFINE/CHANGE Commands ACCOUNTING - COUNTRY ACCOUNTING CONSOLE (privileged) Syntax Description This privileged command allows you to display accounting events on the access server console port. If ENABLED, every accounting event is displayed on the access server console port as it occurs. If the access server console port is set to NONE, no console logging occurs. For more information and a list of events, refer to the Cabletron Network Access Software Management guide.
PAGE 83
SET/DEFINE/CHANGE Commands ACCOUNTING THRESHOLD (privileged) Syntax Description This privileged command specifies the points at which a notification is sent to indicate that the accounting log has crossed the defined threshold. This command is useful in preventing loss of log entries. NONE indicates that notification is not sent upon reaching the threshold. END indicates to send notification when the end of the log is reached.
PAGE 84
SET/DEFINE/CHANGE Commands Keywords ENABLED/DISABLED If ENABLED, the access server provides AppleTalk functionality. If DISABLED, the access server does not provide AppleTalk functionality. To become effective, the privileged user must DEFINE the characteristic DISABLED and then reinitialize the access server. If you enter any subsequent AppleTalk commands, you receive an error message. If AppleTalk has been disabled, no memory is allocated.
PAGE 85
SET/DEFINE/CHANGE Commands COMMAND GROUP (privileged) Syntax Description This command creates a command group with a name and an associated port list. A command group can be invoked with the DO command, provided you have privilege access or are logged in to one of the ports in the associated port list. If the command group already exists, this command can change the port list associated with it, or renumber the lines in it.
PAGE 86
SET/DEFINE/CHANGE Commands RENUMBER If RENUMBER LINES is requested, the line numbers of the lines in the group are modified. The first line is given the number 10, and each line number thereafter is 10 greater than the preceding one. NOTE If a command group is invoked at the user’s menu, neither privilege checking nor port list checking is performed. This results because the access server manager has already given the user permission to use the command group.
PAGE 87
SET/DEFINE/CHANGE Commands COUNTRY Syntax DEFINE COUNTRY country-number Description This command modifies the country code setting for the modems in a DECserver 900MC access server. When you change the country code, you must reinitialize the access server to have the new country code take effect. Restriction Set the country code for the modems before you connect the modems to telephone lines. Keyword country-number A code specific to a country’s modem standards.
PAGE 88
SET/DEFINE/CHANGE Commands DIALER [SERVICE] - KERBEROS USER PASSWORD DIALER [SERVICE] (privileged) Syntax Description This privileged command creates or modifies a dialer service. A dialer service is used to establish a dial-back session. The dial-service-name specifies the name of the service to be created or modified. The length of the dial-service-name must be 16 or fewer characters. Keywords IDENTIFICATION Allows an identifying string (40-character maximum) to be associated with a given service.
PAGE 89
SET/DEFINE/CHANGE Commands PORTS Is a list of one or more physical ports that are to offer this dialer service. Modems are assumed to be connected to these ports. NUMBER Indicates the allowable phone numbers for use with this service. The default is ANY, which means the user may specify any number within security constraints. If a number is specified, this is the only number that may be dialed using this service. The maximum length of a phone number is 80 characters.
PAGE 90
SET/DEFINE/CHANGE Commands DIALER SCRIPT [NAME] (privileged) Syntax Description This privileged command is used to define a modem script/type and its characteristics. The script name may be a maximum of 16 characters. Parameters define the character strings that make up various modem commands. The functions and default values of each string are shown in the table below. Each associated string can be up to 40 characters in length.
PAGE 91
SET/DEFINE/CHANGE Commands INTERNET (privileged) Syntax Description This privileged command modifies the access server Internet address and subnet mask. The Internet address must be defined in the access server database for the access server to function in the Internet environment. You must configure the Internet address in both the permanent and operational databases after downline loading takes place.
PAGE 92
SET/DEFINE/CHANGE Commands net-mask The subnet mask must be of the form n.n.n.n, where n is a decimal number in the 0 to 255 range. (Default: If you do not specify a subnet mask, the access server defaults to either a Class A, B, or C subnet mask depending on the current access server Internet address. The default for a Class A subnet mask is 255.0.0.0; for a Class B, 255.255.0.0; and for a Class C, 255.255.255.0. If an Internet address has not been defined, there is no default subnet mask.
PAGE 93
SET/DEFINE/CHANGE Commands Keywords inet-addr Specifies the Internet address of the Internet ARP entry. (The address must be a valid Internet address of the form n.n.n.n, where n is a decimal number of the 0 to 255 range.) eth-addr Specifies the Ethernet address of the Internet ARP entry. (The address must be a valid Ethernet address of the form HH-HH-HH-HH-HH-HH.) [NOPURGE] Specifies that the ARP entry will not be purged.
PAGE 94
SET/DEFINE/CHANGE Commands Keywords ENABLED/DISABLED Enabling DHCP specifies that the access server uses DHCP to try to autoconfigure its IP parameters (excluding the access server’s IP address). ENABLED is the default. Disabling DHCP means that the access server obtains its IP parameters from other sources (for example, a BOOTP server or access server commands that you enter).
PAGE 95
SET/DEFINE/CHANGE Commands net-address Specifies a network that is reachable through the gateway. This option defines a gateway to a network, rather than to a specific host. The net-address must be a valid network address. [SUBNET] MASK submask When used with NETWORK, determines the exact SUBNET that the user can access through the defined GATEWAY. If the SUBNET MASK option is omitted, the subnet mask in the access server operational database is the default.
PAGE 96
SET/DEFINE/CHANGE Commands Keywords host-name Specifies a name for the Internet host. Valid name length is 1 to 255 characters. inet-address Specifies the Internet address of the Internet host. (The address must be a valid Internet address of the form n.n.n.n, where n is a decimal number of the 0 to 255 range.) Example: SET/DEFINE/CHANGE INTERNET HOST Local> SET INTERNET HOST BAKER ADDRESS 195.1.1.60 This command enters Internet host BAKER into the access server DNS operational database.
PAGE 97
SET/DEFINE/CHANGE Commands MODE Specifies the data retrieval preference. In LOCAL mode, the server queries its own DNS cached database (user-entered data only) for Internet addresses. In REMOTE mode, the server first queries its own cache database (learned data only) and, if it does not find the Internet address there, it queries the name servers.
PAGE 98
SET/DEFINE/CHANGE Commands INTERNET NAMESERVER (privileged) Syntax SET DEFINE CHANGE ROOT INTERNET NAMESERVER name ADDRESS inet-address LOCAL Description This privileged command enters the Internet name server into the access server domain name system (DNS) database. Keywords name Specifies a name for the name server. An absolute domain name is required for a ROOT name server.
PAGE 99
SET/DEFINE/CHANGE Commands INTERNET TCP KEEPALIVE RETRY Syntax SET DEFINE CHANGE INTERNET [TCP] KEEPALIVE RETRY retries Description Specifies the maximum number of probes to send to a remote host with a TCP connection. If the remote host does not respond to any of the probes it receives, the access server closes the TCP connection.
PAGE 100
SET/DEFINE/CHANGE Commands Keywords DISABLED Specifies that the access server sends no TCP keepalive probes to remote hosts with TCP connections. minutes The number of minutes, from 1 to 1440 (one day), to wait before sending the first TCP keepalive probe to a remote host. INTERNET WINS (privileged) Syntax Description This privileged command defines WINS server addresses on the access server. Depending on the client’s configuration, these addresses may be given to a PPP dialup client using IP.
PAGE 101
SET/DEFINE/CHANGE Commands IPX (privileged) Syntax Description This privileged command enables or alters IPX characteristics. Keywords ENABLED Initializes and enables IPX on the access server. DISABLED Use the DEFINE command to disable IPX on the access server and then reboot the access server. IPX will not initialize when the access server is rebooted. If IPX is enabled, you cannot use the SET or CHANGE commands to disable IPX.
PAGE 102
SET/DEFINE/CHANGE Commands LEARN Learn the network number for the FRAME from the network IPX packets. The network number is learned under the following circumstances: • When the access server sends a SAP Get Nearest Server (GNS) request on the LAN. The network number is learned by monitoring SAP GNS responses. This happens when: -The access server is enabled for IPX or a new PPP IPX session is created. Periodic SAP GNS requests are sent for 40 seconds.
PAGE 103
SET/DEFINE/CHANGE Commands KERBEROS PASSWORD SERVICE PORT (privileged) Syntax Description This privileged command specifies the TCP port number to which the access server will send Kerberos messages. Kerberos messages are sent to the master KDC in order to change the user’s Kerberos password. The port number can be from 1 to 1024. The default port number is 751. NOTE The default port number 751 may change in the future to allow for standardization. The probable replacement will be 89.
PAGE 104
SET/DEFINE/CHANGE Commands KERBEROS REALM (privileged) Syntax 4-24
PAGE 105
SET/DEFINE/CHANGE Commands Description The SET/DEFINE/CHANGE REALM command family sets up and tears down the various realms used to identify particular administrative domains. These are privileged commands. [ { { PERMISSIONS ( 2 2 ] [ { { [ 2 2 ] .... ) ] Keywords SECRET The SECRET clause is used to specify a secret that the Access Server shares with security servers from the realm. The Access Server software associates no default secret with any realm.
PAGE 106
SET/DEFINE/CHANGE Commands ACCESS The ACCESS clause sets the realm’s default access mode at connection establishment time. The supported values are: LOCAL Interactive access to “Local >” prompt provided FRAMED AUTOLINK (PPP or SLIP) access provided LOGIN Dedicated connection (Telnet, LAT) to host (only) provided NONE Access determined by PORT characteristics NONE is the default value for this realm characteristic.
PAGE 107
SET/DEFINE/CHANGE Commands Some realms support the following clauses: Realm Clause RADIUS The PROMPT clause specifies an alternate password prompt to display to interactive users when the entered user-id falls within one of these realms. The maximum prompt length is 16 characters. SecurID The ENCODING clause indicates how to encode the user password in authentication requests to the security server. This option is currently valid only for SecurID realms.
PAGE 108
SET/DEFINE/CHANGE Commands KERBEROS [TIMEOUT] (privileged) Syntax Description This privileged command specifies the number of seconds that a key distribution center (KDC) request can be outstanding before being timed out.
PAGE 109
SET/DEFINE/CHANGE Commands Restrictions NOTE • This command affects the master KDCs database. The SET and CHANGE commands are not supported. • The entered passwords must not exceed 40 characters in length. Command KPASSWD is equivalent to DEFINE KERBEROS USER [PASSWORD].
PAGE 110
SET/DEFINE/CHANGE Commands MENU MENU (privileged) Syntax Description This privileged command is used to create a menu with an associated name and a port list. It initializes the contents of the menu, either as an empty menu or as a copy of a previous menu. If the menu already exists, this command changes the associated port list.
PAGE 111
SET/DEFINE/CHANGE Commands ENABLED/DISABLED If ENABLED is specified, the ports specified are added to the list of ports allowed to use this menu. If DISABLED is specified, the ports specified are removed from the list of ports allowed to use this menu. If neither DISABLED nor ENABLED is specified, the list of ports specified becomes the list of ports allowed to use the menu.
PAGE 112
SET/DEFINE/CHANGE Commands n The line number being described. The top line is 1. Display_string A display_string is a text string up to 80 characters long displayed on a specified line. If it contains letters that are to remain lowercase or contains spaces, the display_string must be surrounded with quotation marks (" "). If no string is entered, the access server will prompt you for it. Execute_string This can be a text string up to 80 characters long.
PAGE 113
SET/DEFINE/CHANGE Commands PORT - PORT AUTOPROMPT PORT (secure) Syntax Description This command (available to all users) modifies port characteristics. All of the SET/DEFINE/CHANGE port commands accept a port list or ALL as a parameter. The DEFINE PORT command modifies port characteristics in the permanent database. These changes take effect the next time the port is logged in. The SET PORT command modifies port characteristics in the operational database.
PAGE 114
SET/DEFINE/CHANGE Commands • Secure and nonprivileged users cannot specify all port characteristics. These restrictions are specified with the applicable characteristics. • You cannot change any characteristics for the remote management port. Example: SET/DEFINE/CHANGE PORT Local> SET PORT 8 AUTHORIZED 1,2,6-19,25 ENABLED SESSION LIMIT 3 In this command, the parameters affect the way port 8 can be used in service mode; these settings remain in effect only until the port is logged out.
PAGE 115
SET/DEFINE/CHANGE Commands Restrictions • If any of the ports in the port-list are logged in, you cannot use the SET or CHANGE port-list ACCESS REMOTE or NONE command. • If any port in the port-list is defined REMOTE or NONE, you cannot use the SET or CHANGE port-list ACCESS DYNAMIC or LOCAL command. PORT ALTERNATE SPEED (privileged) Syntax Description A privileged option that specifies a secondary speed for a multi-speed modem.
PAGE 116
SET/DEFINE/CHANGE Commands Restriction Since the AUTHENTICATION command takes effect only when you log in, the SET and CHANGE commands are not allowed. NOTE Interactive (terminal) users or framed (remote network access) users can use this form of user authentication when a login script is used on the remote client. PPP and AUTOLINK authentication are also available for framed users. See PORT PPP LCP AUTHENTICATION and PORT AUTOLINK AUTHENTICATION for more information.
PAGE 117
SET/DEFINE/CHANGE Commands PORT AUTOBAUD (privileged) Syntax Description A privileged option that specifies whether the access server automatically detects the speed, parity, and character size of the port device on login. This option also sets the access server port characteristics to match the port device (default: ENABLED). The AUTOBAUD function works only if the port device’s CHARACTER SIZE and PARITY characteristics are set to either 8 and NONE or 7 and EVEN.
PAGE 118
SET/DEFINE/CHANGE Commands PORT AUTOLINK(privileged) Syntax AUTHENTICATION DEFINE ENABLED DISABLED PORT AUTOLINK TIMER PASS ONE nu TW Description A privileged option that defines AUTOLINK characteristics. Keywords AUTHENTICATION Specifies that the port can support authenticated logins from different types of PPP clients, which may have different LCP capabilities. For SLIP or PPP clients that do not support PAP or CHAP authentication, an interactive or script-based login will be used.
PAGE 119
SET/DEFINE/CHANGE Commands number Indicates the number of seconds the DECserver waits to sense one of the following: • A valid PPP frame • A valid SLIP frame • A single carriage return character If the timer expires, AUTOLINK assumes a character cell terminal. The range for the PASS ONE timer is between 10 and 60 seconds. The range for the PASS TWO timer is between 0 and 60 seconds. The default value is 10 seconds. If you enter 0, character-cell mode is entered immediately in PASS TWO.
PAGE 120
SET/DEFINE/CHANGE Commands PORT BACKWARD SWITCH - PORT DTRWAIT PORT BACKWARD SWITCH (secure) Syntax Description An option (available to all users) that specifies a switch character that allows you to resume the preceding session in your session list without returning to local mode. You can clear an existing switch by specifying NONE (default). This command accepts a port-list or ALL as a parameter.
PAGE 121
SET/DEFINE/CHANGE Commands PORT BREAK (secure) Syntax Description An option (available to all users) that specifies how the Break key is handled during a session. This command accepts a port-list or ALL as a parameter. Keywords LOCAL Causes the access server to interpret a break signal as a local switch character and to return you to local mode. This is the default.
PAGE 122
SET/DEFINE/CHANGE Commands PORT BROADCAST (nonprivileged) Syntax Description A nonprivileged option that specifies whether the port receives messages sent from other ports (default: ENABLED). This command accepts a port-list or ALL as a parameter. PORT CHARACTER SIZE (nonprivileged) Syntax Description A nonprivileged option that specifies the number of bits in data characters exchanged between the port and the access server (values: 7 or 8 [default]).
PAGE 123
SET/DEFINE/CHANGE Commands PORT DEDICATED (privileged) Syntax Description A privileged option that specifies a service to which a local access port is permanently assigned (default: no dedicated service). Entering NONE as the value for service-name, NODE, or DESTINATION cancels any previous value entered for that field. Changes to this characteristic become effective on the next port login.
PAGE 124
SET/DEFINE/CHANGE Commands host-name [PORT tcp-port] Specifies the Internet host name or address, and an optional Telnet/TCP port number. PPP Specifies that the local access port is permanently assigned to a single PPP session. SLIP Specifies that the local access port is permanently assigned to a single SLIP session. AUTOLINK Specifies that the local access port is permanently assigned to a single PPP or SLIP session, or to an interactive terminal session.
PAGE 125
SET/DEFINE/CHANGE Commands PORT DEFAULT PROTOCOL (privileged) Syntax Description An option that defines the default protocol for the port. The factory-set default is LAT. The default protocol is used to resolve ambiguity to commands with no protocol option specified. If a protocol option is specified, it overrides the default protocol. For example, CONNECT PPP host-name is not ambiguous, but CONNECT host-name is. This command accepts a port-list or ALL as a parameter.
PAGE 126
SET/DEFINE/CHANGE Commands DIAL Sets the default protocol to the DIAL protocol. The access server defaults to the DIAL protocol if you do not specify a protocol with the CONNECT command. Restrictions • The default protocol is used with the CONNECT and CONNECT PORT commands only. The TELNET and OPEN commands will override the default and assume Internet connections. The DIAL command will override the default and assume a dialer connection.
PAGE 127
SET/DEFINE/CHANGE Commands NOTE While the DIALUP option works with most LAT service nodes, there may be some LAT hosts that do not support DIALUP. PORT DSRLOGOUT (privileged) Syntax SET DEFINE CHANGE PORT DSRLOGOUT ENABLED DISABLED Description A privileged option that specifies whether the access server should log out a port whose attached device is disabled. You can enable DSRLOGOUT only if the port hardware supports DSR signals. DSRLOGOUT does not work if you have DSR flow control enabled.
PAGE 128
SET/DEFINE/CHANGE Commands Restriction You should set DTRWAIT ENABLED for only those ports that have SIGNAL CONTROL or MODEM CONTROL ENABLED.
PAGE 129
SET/DEFINE/CHANGE Commands PORT FAILOVER - PORT LOSS NOTIFICATION PORT FAILOVER (nonprivileged) Syntax Description A nonprivileged option that specifies whether a port that is disconnected from a LAT service will be automatically connected to another node offering the service. The default is ENABLED. This command accepts a port-list or ALL as a parameter. PORT FLOW CONTROL (nonprivileged) Syntax Description A nonprivileged option that specifies flow control direction.
PAGE 130
SET/DEFINE/CHANGE Commands XON Specifies Transmit On/Transmit Off (XON/XOFF) flow control. XON is the default flow control. DISABLED Specifies no flow control. PORT FORWARD SWITCH (secure) Syntax Description An option (available to all users) that specifies a switch character that allows you to resume the next session in your session list without returning to local mode. You can clear an existing switch by specifying NONE (default). This command accepts a port-list or ALL as a parameter.
PAGE 131
SET/DEFINE/CHANGE Commands PORT GROUPS (nonprivileged) Syntax Description A nonprivileged option that specifies which of the groups authorized for the port (refer to the AUTHORIZED GROUPS command) are currently enabled on the port (that is, your current groups). Use GROUPS to select the nodes and services you want to display for the port. This command accepts a port-list or ALL as a parameter for the PORT keyword.
PAGE 132
SET/DEFINE/CHANGE Commands PORT INACTIVITY LOGOUT (privileged) Syntax Description A privileged option that determines whether the access server automatically logs out a port after a period of inactivity. (The default is DISABLED.) This command accepts a port-list or ALL as a parameter for the PORT keyword. When a port is set to ACCESS LOCAL and the local access user does not use the port, the access server automatically logs out the port after the timeout period.
PAGE 133
SET/DEFINE/CHANGE Commands PORT LIMITED VIEW (privileged) Syntax Description A privileged option that specifies whether a nonprivileged port is prohibited from showing or listing LAT nodes, LAT services, and various Internet databases (for example, Internet hosts, ARP entries, and gateways. (The default is DISABLED.) This command accepts a port-list or ALL as a parameter for the PORT keyword. An example of the LIMITED VIEW ENABLED command would be the SHOW NODES command.
PAGE 134
SET/DEFINE/CHANGE Commands PORT LOCK (privileged) Syntax Description A privileged option that specifies whether a port user can enter the LOCK command. When the LOCK characteristic is ENABLED (the default) on a port and enabled on the access server, the port user can enter the LOCK command to prevent access to the terminal at which the command is entered. The LOCK command prevents any input until a user enters the unlock password at that terminal. DISABLED prevents the use of the LOCK command.
PAGE 135
SET/DEFINE/CHANGE Commands PORT LOSS NOTIFICATION (nonprivileged) Syntax Description A nonprivileged option that specifies whether you are alerted with a beep when a typed character is lost because of data error or overrun. (The default is ENABLED.) This command accepts a port-list or ALL as a parameter for the PORT keyword. Restriction LOSS NOTIFICATION applies only when PORT ACCESS is LOCAL or DYNAMIC.
PAGE 136
SET/DEFINE/CHANGE Commands PORT MESSAGE CODES - PORT PASSWORD PORT MESSAGE CODES (nonprivileged) Syntax Description A nonprivileged option that specifies whether message codes appear with status and error messages (default: ENABLED). This command accepts a port-list or ALL as a parameter for the PORT keyword. PORT MODEM CONTROL (privileged) Syntax Description A privileged option that specifies whether the access server manipulates modem signals.
PAGE 137
SET/DEFINE/CHANGE Commands PORT MULTISESSIONS (secure) Syntax Description An option (available to all users) that specifies whether session management is enabled for the port. (The default is DISABLED.) The port device must be a terminal that supports session management, and the port cannot have a dedicated service. For more information, refer to PORT DEDICATED (privileged).
PAGE 138
SET/DEFINE/CHANGE Commands PORT ON-DEMAND LOADING (nonprivileged) Syntax Description A nonprivileged option that specifies on-demand loading of fonts for those Asian terminals whose fonts are composed of an unusually large number of characters. ON-DEMAND [LOADING] ENABLED affects XON/XOFF flow control processing such that it causes the access server to bypass XOFF (when necessary) to ensure the continuous flow of characters. (The default is DISABLED.
PAGE 139
SET/DEFINE/CHANGE Commands PORT PASSWORD (privileged) Syntax Description A privileged option that specifies whether a password is required for you to log in to the access server (default: DISABLED). You specify the login password by setting the access server characteristic LOGIN PASSWORD. This command accepts a port-list or ALL as a parameter for the PORT keyword. NOTE Changes to this characteristic become effective on the next port login.
PAGE 140
SET/DEFINE/CHANGE Commands PORT PPP - PORT PPP IPXCP PORT PPP (privileged) Syntax Description A privileged command that specifies that a Point-to-Point Protocol (PPP) session may be started on this port. (The default is DISABLED.) If this option is ENABLED, the PPP session startup will prepare for a link startup. Link startup is determined by the LCP ENABLE/DISABLE command and the LCP PASSIVE ENABLE/DISABLE command. PPP and LCP must be ENABLED to bring up a PPP session.
PAGE 141
SET/DEFINE/CHANGE Commands PORT PPP ATCP Syntax Description This option controls whether ATCP (AppleTalk Control Protocol) negotiation will be allowed on the link. This command accepts a port-list or ALL as a parameter for the PORT keyword. Restrictions • The DEFINE and CHANGE commands require a privileged status. The SET command has a secure status. • You must be a privileged user to change a port other than your own.
PAGE 142
SET/DEFINE/CHANGE Commands PORT PPP IPCP ADDRESS Syntax Description Specifies whether the access server should attempt to negotiate the IP address for both ends of this link. This command accepts a port-list or ALL as a parameter for the PORT keyword. If enabled, the access server always attempts to negotiate using IPCP option number 3, ADDRESS, first. This is the preferred method.
PAGE 143
SET/DEFINE/CHANGE Commands PORT PPP IPCP COMPRESSION Syntax Description Specifies whether the access server negotiates the use of a compression protocol. The only compression protocol supported is the Van Jacobson Compressed TCP/IP protocol. If it is used, it must be implemented by each peer in both directions. This command accepts a port-list or ALL as a parameter for the PORT keyword. When enabled, this option allows the peers to compress the TCP/IP headers.
PAGE 144
SET/DEFINE/CHANGE Commands PORT PPP IPCP HOST ADDRESS (nonprivileged) Syntax Description This option associates a host address with the PPP interface. This option allows the access server to know what IP device is directly attached on the other side of the PPP link. The default for this characteristic is address 0.0.0.0 (no address defined). To remove an existing host address, use the CLEAR/PURGE PORT PPP IPCP HOST ADDRESS command.
PAGE 145
SET/DEFINE/CHANGE Commands PORT PPP IPXCP Syntax Description This option controls whether the IPXCP (IPX Control Protocol) negotiation is allowed on the link. With this option, a manager can “bounce” the link to pick up new locally configured parameters. This command is often used to debug IPXCP setups. Restrictions • The DEFINE and CHANGE commands require a privileged status. The SET command has a secure status. • You must be a privileged user to change a port other than your own.
PAGE 146
SET/DEFINE/CHANGE Commands PORT PPP LCP - PORT PPP LCP MRU PORT PPP LCP Syntax Description This option controls whether the LCP negotiation is allowed on the link. This can be done by disabling and enabling LCP for a running PPP session. The LCP characteristic will generally be ENABLED, so that LCP starts the link normally.
PAGE 147
SET/DEFINE/CHANGE Commands Restriction The DEFINE and CHANGE commands require a privileged status. The SET command has a secure status. PORT PPP LCP AUTHENTICATION (privileged) Syntax Description The command specifies whether the access server requires the peer to use the PPP PAP or PPP CHAP protocol to authenticate itself. If NOUSERNAME is specified, the peer must provide the access server with the LOGIN password.
PAGE 148
SET/DEFINE/CHANGE Commands PORT PPP LCP CALLBACK (privileged) Syntax Description This command specifies whether the access server allows the peer to negotiate the use of the PPP callback option. If enabled, the peer is allowed to request the access server to call back the peer. If disabled, the access server will refuse to accept the peer’s connection request if the peer requests a callback.
PAGE 149
SET/DEFINE/CHANGE Commands Restriction The DEFINE and CHANGE commands require privileged status. The SET command requires secure status. PORT PPP LCP MRU Syntax Description This option specifies the size in bytes of the maximum receive units (MRU) that the access server wishes to negotiate for the link. This informs the peer what the server wishes to see as an upper limit to packet size. Setting the MRU size allows you to tune the link performance. The default value for this option is 1500 bytes.
PAGE 150
SET/DEFINE/CHANGE Commands PORT PPP LCP PASSIVE - PORT PPP LCP/IPCP/ATCP/IPXCP RESTART PORT PPP LCP PASSIVE Syntax Description This option controls whether the LCP will attempt to actively open the LCP link on connection, or whether the LCP will passively await packets from the peer to start the link. If LCP PASSIVE is ENABLED, LCP will wait for the peer to begin negotiations.
PAGE 151
SET/DEFINE/CHANGE Commands PORT PPP LCP PFC Syntax Description The keyword PFC is an abbreviation for protocol field compression. PPP uses a twocharacter protocol field to identify the type of packet being sent. This field may be compressed into a single byte and still uniquely identify the protocol type. This option lets you conserve bandwidth for slow serial lines. This command accepts a port-list or ALL as a parameter for the PORT keyword.
PAGE 152
SET/DEFINE/CHANGE Commands PORT PPP LCP/IPCP/ATCP/IPXCP MAXFAILURE Syntax Description This option determines how many times LCP, IPCP, ATCP, or IPXCP will send a negative acknowledgment message (NAK) for the peer’s proposed options before deciding to start rejecting the problem options (the options whose values the LCP/IPCP/ATCP/IPXCP finds objectionable). Once LCP/IPCP/ATCP/IPXCP rejects the problem options, the link establishment will either fail or the options must take on the default value.
PAGE 153
SET/DEFINE/CHANGE Commands Restriction The DEFINE and CHANGE commands require a privileged status. The SET command has a nonprivileged status. PORT PPP LCP/IPCP/ATCP/IPXCP RESTART Syntax Description This option determines how many seconds there will be between a LCP, IPCP, ATCP, or IPXCP configure terminate retransmit while LCP/IPCP/ATCP/IPXCP configuration or link termination is taking place.
PAGE 154
SET/DEFINE/CHANGE Commands PORT PREFERRED - PORT RING PORT PREFERRED (nonprivileged) Syntax Description A nonprivileged option that specifies a preferred network service when you enter a CONNECT command for the port but do not specify a service name. The default is no preferred service. If you specify a value for NODE or for DESTINATION, the access server does not attempt automatic failover for LAT sessions.
PAGE 155
SET/DEFINE/CHANGE Commands port-name You must use the DEFINE PORT command to set the port’s default protocol to match the protocol (LAT, Telnet, or Rlogin) of the preferred service. (The default setting connects you to the first available port that offers the service.) If your access server supports session management, refer to the Cabletron Network Access Software Management guide for details about using session management when a preferred service is defined.
PAGE 156
SET/DEFINE/CHANGE Commands Restriction Enabling this characteristic on a secure port allows the port user to modify the physical port characteristics. To prevent this, do not enable REMOTE MODIFICATION and SECURITY on the same port. PORT RING (privileged) Syntax Description A privileged option used with certain terminal switches and computers that need to detect a Ring Indicator (RI) signal. The RING characteristic is supported only on those access servers that support the DSRS signal.
PAGE 157
SET/DEFINE/CHANGE Commands SET/DEFINE/CHANGE PORT RLOGIN - PORT SIGNAL SELECT SET/DEFINE/CHANGE PORT RLOGIN (secure) Syntax Description This command sets the Rlogin characteristics for the specified ports. The values in effect when a Rlogin session is initiated will remain in effect for the session lifetime. If these values are modified, any subsequent Rlogin connections will use the new values. Keyword escape-character Specifies the ASCII escape character for Rlogin.
PAGE 158
SET/DEFINE/CHANGE Commands term-type Specifies the type of terminal. May only be "unknown" or VTxxx, where xxx is some integer. DEFAULT Resets the following: ESCAPE, INPUT, IO and TERMINAL to ~, Ctrl/Y, Ctrl/Z, and unknown, respectively. Restrictions • Suspend-input-character and suspend-io-character may not be set to the same character. • To set the terminal-type to unknown, you must use the default option, then reset the escape and suspend characters as desired.
PAGE 159
SET/DEFINE/CHANGE Commands PORT SESSION LIMIT (privileged) Syntax Description A privileged option that limits the number of permitted sessions (range: 0 to 8; default: 4). Specifying NONE permits the maximum number of sessions allowed on the access server. This option accepts a port-list or ALL as a parameter for the PORT keyword.
PAGE 160
SET/DEFINE/CHANGE Commands PORT SIGNAL CONTROL (privileged) Syntax Description A privileged option that specifies whether the access server manipulates modem signals. Specify DISABLED for ports connected to devices or device cables that do not support modem signals. Changes to this characteristic become effective on the next port login. For more details on using SIGNAL CONTROL, refer to the Cabletron Network Access Software Management guide.
PAGE 161
SET/DEFINE/CHANGE Commands PORT SLIP - PORT STOP BITS PORT SLIP (privileged) Syntax Description A nonprivileged option that specifies whether SLIP is enabled for the port. (The default is DISABLED.) To enable SLIP, the attached device on the port must support the SLIP protocol. When you disable SLIP, the SLIP session for the port is disconnected. Restriction You cannot enable SLIP on ports with the MULTISESSIONS command or characteristics enabled.
PAGE 162
SET/DEFINE/CHANGE Commands • AUTOCOMPRESS, SLIP/CSLIP will start out with compression disabled, but if the SLIP receives a compressed packet, compression will started automatically. This command accepts a port-list or ALL as a parameter for the PORT keyword. Restriction The SET PORT SLIP COMPRESSION command is a secure option.
PAGE 163
SET/DEFINE/CHANGE Commands Restrictions • A port list is not allowed; the host addresses must be unique. • The host address must be in the same subnet as the access server Internet address. • You cannot use the SET or CHANGE command if the port already has a SLIP HOST address. To alter an existing address, you must use the DEFINE command with the new address and log out of the port or clear the port SLIP HOST. • A port may have only one IP address. Both SLIP and PPP use the same address.
PAGE 164
SET/DEFINE/CHANGE Commands PORT SPEED (INPUT/OUTPUT) (nonprivileged) Syntax Description A nonprivileged option that specifies the port speed in bits per second (bps). Permissible values include: 75, 110, 134, 150, 300, 600, 1200, 1800, 2000, 2400, 4800, 9600 (the default), 19200, 38400, 57600, and 115200. This option accepts a port-list or ALL as a parameter for the PORT keyword. NOTE Some access servers do not accept all speeds.
PAGE 165
SET/DEFINE/CHANGE Commands PORT TELNET CLIENT - PORT TELNET SERVER NOP INDICATION PORT TELNET CLIENT (secure) Syntax Description An option (available to all users) that modifies the current Telnet client characteristics for the specified ports in the access server database. With this option, you can specify the characteristics to be associated with new Telnet connections established from the specified ports.
PAGE 166
SET/DEFINE/CHANGE Commands PORT TELNET SERVER (privileged) Syntax Description A privileged option that allows you to specify the characteristics to be associated with Telnet connections established to the specified ports. The Telnet access server characteristics are the current user-definable port parameters associated with a Telnet access server connection.
PAGE 167
SET/DEFINE/CHANGE Commands PORT TELNET SERVER AYT INDICATION (privileged) Syntax Description AYT (Are-You-There) defines a character that will be sent to the Telnet server connection’s associated access server port when the remote user generates an AYT request. There is no character defined by default. This command accepts a port-list or ALL as a parameter for the PORT keyword.
PAGE 168
SET/DEFINE/CHANGE Commands PORT TELNET SERVER EC INDICATION (privileged) Syntax Description EC (Erase previous Character) defines a character that will be sent to the Telnet server connection’s associated access server port when the remote user generates an EC request. There is no character defined by default. This command accepts a port-list or ALL as a parameter for the PORT keyword.
PAGE 169
SET/DEFINE/CHANGE Commands PORT TELNET SERVER EL INDICATION (privileged) Syntax Description EL (Erase previous Line) defines a character that will be sent to the Telnet server connection’s associated access server port when the remote user generates an EL request. There is no character defined by default. This command accepts a port-list or ALL as a parameter for the PORT keyword.
PAGE 170
SET/DEFINE/CHANGE Commands NOTE When SLIP or PPP is in use on a port, switch characters are not honored since they are just data to the framed protocol. Therefore, it is legal to define the same character as both a session switch character and a Telnet hot-key character. This command accepts a port-list or ALL as a parameter for the PORT keyword.
PAGE 171
SET/DEFINE/CHANGE Commands PORT TELNET SERVER NEWLINE FROM TERMINAL (privileged) Syntax Description This characteristic defines a 1- or 2-character sequence that, when received from the remote user, is interpreted as a newline. The default is . This command accepts a port-list or ALL as a parameter for the PORT keyword.
PAGE 172
SET/DEFINE/CHANGE Commands PORT TELNET SERVER NEWLINE TO TERMINAL (privileged) Syntax Description This characteristic defines a 1- or 2-character sequence that will be sent to the remote user whenever a NEWLINE FROM HOST sequence is received from the local Telnet server access server port. The default is . This command accepts a port-list or ALL as a parameter for the PORT keyword.
PAGE 173
SET/DEFINE/CHANGE Commands PORT TN3270 - PORT TN3270 MODEL PORT TN3270 (secure) Syntax Description A secure option that modifies the current TN3270 Client characteristics for the specified ports in the access server database. With this option, you can specify the characteristics to be associated with the TN3270 connections established from the specified ports.
PAGE 174
SET/DEFINE/CHANGE Commands PORT TN3270 KEYMAP (nonprivileged) Syntax Description Customized key mappings are allowed. You can enter a command to declare or remove a keymapping to be in effect for any subsequent sessions on a port. Keywords TN3270-function Refer to Table for the IBM TN3270-functions. ALL DEFAULT Changes all previously customized key mappings back to the key mappings for the server-based keymap used at the port (see the SHOW TN3270 KEYMAP command).
PAGE 175
SET/DEFINE/CHANGE Commands DEFAULT Sets the keymap back to the default definition (VT100/VT220) of the defined TN3270 KEYMAP characteristic. Any customized port KEYMAP definition will be lost. ascii-code-mnemonic This is any of the ASCII key code mnemonics in the following table that represent ASCII character sequences. ASCII key code mnemonics should describe the ASCII keyboard keys for terminals VT100 through VT400.
PAGE 176
SET/DEFINE/CHANGE Commands ASCII Code Mnemonics Table The following table shows the ASCII code mnemonics for defining the TN3270function. Each mnemonic represents an ASCII character sequence.
PAGE 177
SET/DEFINE/CHANGE Commands Mnemonic Hexadecimal Sequence ASCII Character Sequence CTRL/S 13 DC3 CTRL/T 14 DC4 CTRL/U 15 NAK CTRL/V 16 SYN CTRL/W 17 ETB CTRL/X 18 CAN CTRL/Y 19 EM CTRL/Z 1A SUB CTRL/3 or ESC 1B ESC CTRL/4 1C FS CTRL/5 1D GS CTRL/6 1E RS CTRL/7 1F US Delete 7F DEL PF1 1B 4F 50 ESC O P PF2 1B 4F 51 ESC O Q PF3 1B 4F 52 ESC O R PF4 1B 4F 53 ESC O S Comments 7-bit control characters 7-bit control characters 7-bit control characters 7-bit
PAGE 178
SET/DEFINE/CHANGE Commands 4-98 Mnemonic Hexadecimal Sequence ASCII Character Sequence ENTER 1B 4F 4D ESC O M KPCOMMA 1B 4F 6C ESC O I KPMINUS 1B 4F 6D ESC O m KPDOT 1B 4F 6E ESC O n KP0 1B 4F 70 ESC O p KP1 1B 4F 71 ESC O q KP2 1B 4F 72 ESC O r KP3 1B 4F 73 ESC O s KP4 1B 4F 74 ESC O t KP5 1B 4F 75 ESC O u KP6 1B 4F 76 ESC O v KP7 1B 4F 77 ESC O w KP8 1B 4F 78 ESC O x KP9 1B 4F 79 ESC O y Comments Numeric-Keypad Keys-Application Mode Numeric-Keypad Keys-Applic
PAGE 179
SET/DEFINE/CHANGE Commands Mnemonic UPARROW DOWNARROW RIGHTARROW LEFTARROW FIND INSERT REMOVE SELECT PREV NEXT F1 F2 F3 F4 F5 F6 F7 F8 F9 F10 F11 F12 F13 F14 F15 or HELP F16 or DO F17 F18 F19 F20 Hexadecimal Sequence ASCII Character Sequence Comments 1B 5B 41 or 1B 4F 41 1B 5B 42 or 1B 4F 42 1B 5B 43, 1B 4F 43 1B 5B 44, 1B 4F 44 1B 5B 31 7E 1B 5B 32 7E 1B 5B 33 7E 1B 5B 34 7E 1B 5B 35 7E 1B 5B 36 7E 1B 5B 31 31 7E 1B 5B 31 32 7E 1B 5B 31 33 7E 1B 5B 31 34 7E 1B 5B 31 35 7E 1B 5B 31 37 7E 1B 5B 31 38 7E
PAGE 180
SET/DEFINE/CHANGE Commands 7-Bit ASCII Graphic Code Table Mnemonic Hex ! QUOTE Mnemonic 21 Hex 4 22 5 Mnemonic 34 G 35 - 23 6 36 $ 24 7 37 H I 25 8 38 K 26 9 39 L : 47 3A Z o q 5F 70 71 r 60 s 73 28 ; ) 29 < 3C O 4F b 62 u 75 * 2A = 3D P 50 c 63 v 76 + MINUS .
PAGE 181
SET/DEFINE/CHANGE Commands TN3270 Function Keys (VT100) Keys (VT2nn, VT3nn, VT4nn) DUP EXT * EXT F12 ENTER ENTER ENTER ERASEEOF EXT KPCOMMA F18 ERASEINP EXT KPMINUS EXT F18 EXIT CTRL/Z CTRL/Z EXT KPDOT KPDOT FIELDMARK EXT; EXT F13 HELP EXT H F15 (HELP) HOME EXT B F13 INSERT EXT PF4 F14 NEWLINE RETURN RETURN NOT EXT N EXT N NUMOVR EXT J REMOVE OR EXT O EXT O PA1 PF4 PF4 PA2 KPMINUS KPMINUS PA3 KPCOMMA KPCOMMA PF1 PF1 PF1 PF2 PF2 PF2 PF3 PF3 PF3
PAGE 182
SET/DEFINE/CHANGE Commands TN3270 Function Keys (VT100) Keys (VT2nn, VT3nn, VT4nn) PF12 KP3 KP3 PF13 EXT PF1 EXT PF1 PF14 EXT PF2 EXT PF2 PF15 EXT PF3 EXT PF3 PF16 EXT KP7 EXT KP7 PF17 EXT KP8 EXT KP8 PF18 EXT KP9 EXT KP9 PF19 EXT KP4 EXT KP4 PF20 EXT KP5 EXT KP5 PF21 EXT KP6 EXT KP6 PF22 EXT KP1 EXT KP1 PF23 EXT KP2 EXT KP2 PF24 EXT KP3 EXT KP3 REFRESH CTRL/W F20 RESET KP0 KP0 STATUS EXT S F17 TAB TAB TAB PORT TN3270 KEYMAP [NVRAM] LIMIT (privileged) S
PAGE 183
SET/DEFINE/CHANGE Commands PORT TN3270 MODEL (nonprivileged) Syntax Description With this nonprivileged option, you must specify if IBM model 2 information is to be emulated on the ASCII terminal. Entering model 2 enables the server to negotiate IBM TN3270 with the IBM host at connection time using Telnet negotiation. Entering model 2 will also set the screen size up for 24 lines and 80 columns. Model 3, 4, and 5 display stations have screens with more than 24 lines.
PAGE 184
SET/DEFINE/CHANGE Commands PORT TN3270 NULLS - PORT TYPE PORT TN3270 NULLS (nonprivileged) Syntax Description A nonprivileged option that determines how the TN3270 treats null characters for transmission to the host. TN3270 assigns null characters in one of two ways: • 3179 mode — Suppresses transmission of nulls. (This is the default.) • 7171 mode — Transmits all non-trailing nulls as spaces. INSERT mode operates with both trailing nulls or spaces.
PAGE 185
SET/DEFINE/CHANGE Commands PORT TN3270 TERMINAL (nonprivileged) Syntax Description A nonprivileged option that tells the access server which terminal type is connected to each port. The parameter t-name can be a customized name defined in the server’s TN3270 TERMINAL LIST. See SHOW TN3270 TERMINAL. Setting a PORT to a VT100 or ANSI terminal will set the TN3270 KEYMAP to a VT100 KEYMAP. Setting a port to either a VT220, VT320, or VT420 terminal will set the TN3270 KEYMAP to a VT220 KEYMAP.
PAGE 186
SET/DEFINE/CHANGE Commands PORT TYPE (secure) Syntax Description An option (available to all users) that specifies the port device type as ANSI (the default), HARDCOPY, or SOFTCOPY. This characteristic affects local mode handling of the delete key and formatting of both the SHOW/LIST and MONITOR displays. HARDCOPY displays deleted characters between backlashes. ANSI clears the screen before each display and causes MONITOR displays to be updated in place, rather than scrolled.
PAGE 187
SET/DEFINE/CHANGE Commands PORT USERNAME - PRIVILEGED/NOPRIVILEGED PORT USERNAME (nonprivileged) Syntax Description A nonprivileged option that specifies 1 to 16 ASCII characters (enclosed within quotation marks) as a user name to be associated with the port. The default is no USERNAME. When you specify user name with the DEFINE PORT command, the USERNAME prompt no longer appears, starting with the next port login.
PAGE 188
SET/DEFINE/CHANGE Commands PRINTER (privileged) Syntax SET DEFINE CHANGE PRINTER printername AUTOCR ENABLED DISABLED CONNECTIONS TYPE ENABLED DISABLED ASCII POSTSCRIPT FLAGPAGE NOTE “textstring” HEADER ENABLED DISABLED OPTIONAL IDENTIFICATION “id-string” PORTS port-number-list TRAILER ENABLED DISABLED OPTIONAL Description This command creates a new LPD printer name or modifies the characteristics of an existing LPD printer.
PAGE 189
SET/DEFINE/CHANGE Commands AUTOCR Automatically inserts a carriage return. When you enable this option, the access server inserts a carriage return after each line feed character if there is no existing carriage return. The AUTOCR option applies only to ASCII text files. CONNECTIONS Specifies whether a user can queue a print job to the printer. If disabled, the user cannot access the printer.
PAGE 190
SET/DEFINE/CHANGE Commands PRIVILEGED/NOPRIVILEGED (secure) Syntax Description This secure command enables the port you are using to perform privileged operations. When you enter the command, the access server prompts you for the privileged password. The first time you use your access server, enter the default password SYSTEM. Then use the SET server PRIVILEGED PASSWORD command to immediately set your own password so that unauthorized users cannot enter privileged commands.
PAGE 191
SET/DEFINE/CHANGE Commands RADIUS REALM - SECURITY WARNING INTERVAL RADIUS REALM (privileged) The command syntax for RADIUS REALM is identical to that for KERBEROS REALM or SECURID REALM. Please refer to KERBEROS REALM (privileged) or SECURID REALM (privileged) for the complete command description and syntax, being sure to substitute RADIUS for KERBEROS or SECURID in the command line.
PAGE 192
SET/DEFINE/CHANGE Commands RADIUS/KERBEROS/SECURID [TIMEOUT] (privileged) Syntax Description This privileged command specifies the number of seconds that a request can be outstanding before being timed out.
PAGE 193
SET/DEFINE/CHANGE Commands SECURID REALM (privileged) Syntax Description The command syntax for SECURID REALM is nearly identical to that for KERBEROS REALM.
PAGE 194
SET/DEFINE/CHANGE Commands The SET/DEFINE/CHANGE REALM command family sets up and tears down the various realms used to identify particular administrative domains. This is simply an extension of the existing syntax for setting up and tearing down Kerberos. This is a privileged command. [ { { PERMISSIONS ( 2 2 ] [ { { [ 2 2 ] .... ) ] Keywords SECRET The SECRET clause is used to specify a secret that the Access Server shares with security servers from the realm.
PAGE 195
SET/DEFINE/CHANGE Commands ACCESS The ACCESS clause sets the realm’s default access mode at connection establishment time. The supported values are: LOCAL Interactive access allowed FRAMED AUTOLINK (PPP or SLIP) access provided LOGIN Dedicated connection (Telnet, LAT) to host (only) allowed NONE Access determined by PORT characteristics LOGIN is the default value for this realm characteristic.
PAGE 196
SET/DEFINE/CHANGE Commands Some realms support the following clauses: Realm Clause RADIUS The PROMPT clause specifies an alternate password prompt to display to interactive users when the entered user-id falls within one of these realms. The maximum prompt length is 16 characters. SecurID The ENCODING clause indicates how to encode the user password in authentication requests to the security server. This option is currently valid only for SecurID realms.
PAGE 197
SET/DEFINE/CHANGE Commands SECURITY WARNING [INTERVAL] (privileged) Syntax Description SET SECURITY WARNING is a privileged command that allows the security administrator to specify the interval between and number of warnings the DECserver software will issue before a user’s login expires. Expiration is based on the user’s maximum connect time, which may be displayed using the SHOW PORT AUTHORIZATION command. The default is an interval of 1 minute, given four times before the user is forcibly logged out.
PAGE 198
SET/DEFINE/CHANGE Commands SERVER - SERVER MULTICAST TIMER SERVER (privileged) Syntax Description This privileged command specifies access server characteristics. Restriction You cannot change some access server characteristics using a SET command while any sessions are active (or queued) on the access server. Throughout this section, such characteristics are identified with a restriction to that characteristic.
PAGE 199
SET/DEFINE/CHANGE Commands SERVER BROADCAST (privileged) Syntax Description This privileged command specifies whether the BROADCAST is ENABLED (default) or DISABLED for users on port devices. SERVER CIRCUIT TIMER (privileged) Syntax Description This privileged LAT protocol command specifies the interval between messages sent from the access server to LAT service nodes. (The range is 20 to 200 milliseconds; the default is 80.
PAGE 200
SET/DEFINE/CHANGE Commands SERVER DUMP (privileged) Syntax Description This privileged command specifies whether upline dumping of access server memory is performed when a fatal bug check error occurs. (The default is ENABLED.) SERVER HEARTBEAT (privileged) Syntax Description This privileged command specifies whether the access server reports errors found by its Ethernet collision detection circuitry. (The default is DISABLED.
PAGE 201
SET/DEFINE/CHANGE Commands Restriction You cannot use the SET command with this parameter while any LAT session is active. SERVER INACTIVITY TIMER (privileged) Syntax Description This privileged command determines the timeout period for ports having the port characteristic INACTIVITY LOGOUT when ENABLED (range: 1 to 120 minutes; default: 30). The timer determines the length of time that a local access port can be logged in without local user input or output.
PAGE 202
SET/DEFINE/CHANGE Commands SERVER LOCK (privileged) Syntax Description This privileged command specifies whether interactive port users can use the LOCK command. (The default is ENABLED.) SERVER LOGIN PASSWORD (privileged) Syntax Description This privileged command specifies a password that interactive users must enter when they log in to the access server. You must also set the port characteristic PASSWORD to ENABLED for the password prompt to appear at port login.
PAGE 203
SET/DEFINE/CHANGE Commands SERVER MAINTENANCE PASSWORD (privileged) Syntax Description This privileged command specifies a password that must be entered by remote operators and by persons using the DECnet NCP CONNECT, TRIGGER, or LOAD commands to downline load the access server. The default is no password checking. This password can have 1 to 16 hexadecimal characters (values 0 through 9 and A through F only).
PAGE 204
SET/DEFINE/CHANGE Commands SERVER NAME - SERVER SOFTWARE SERVER NAME (privileged) Syntax Description This privileged command specifies a 1- to 16-character name for the access server. The default is LAT_nnnnnnnnnnnn, where each n represents one of the 12 hexadecimal characters in the Ethernet address of the access server. Reference You may need to set the access server name to match the DECnet node name for the access server for networks running DECnet.
PAGE 205
SET/DEFINE/CHANGE Commands SERVER NUMBER (privileged) Syntax Description This privileged command specifies a number for the access server (range: 0 to 32767; default: 0). Restriction You cannot use the SET command with this parameter while sessions are active. SERVER PASSCHECK (priviledged) Syntax Description Determines if local service passwords will affect Host Initiated Connect requests. Keywords ENABLED HIC requests must supply a valid password when accessing a password protected LAT service.
PAGE 206
SET/DEFINE/CHANGE Commands SERVER PASSWORD LIMIT (privileged) Syntax Description This privileged command specifies the number of times a user can try to enter the correct password for any password-protected access server operation. The range is 1 to 10; the default is 3. For more information on specifying passwords, refer to the description in Chapter 1.
PAGE 207
SET/DEFINE/CHANGE Commands SERVER PROMPT (privileged) Syntax Description This privileged command specifies a unique string of characters for the promptstring value that you assign to the access server prompt. This string replaces the default Local> prompt. The prompt-string value is a string of 1 to 16 ASCII characters. You must enclose the string in quotation marks ("prompt-string"). To set the prompt back to the default (Local>), enter the command with a quoted null string (" ").
PAGE 208
SET/DEFINE/CHANGE Commands SERVER REMOTE PASSWORD (privileged) Syntax Description This privileged command specifies a password that remote users must enter when they log in to the access server. You must also set the port characteristic REMOTE PASSWORD to ENABLED for the password prompt to appear at port login. For more information on specifying passwords, refer to Chapter 1. You can omit the password value if REMOTE PASSWORD is the only characteristic in the command line.
PAGE 209
SET/DEFINE/CHANGE Commands DISABLED The access server will respond only to solicit information datagrams requesting local node and service information. DISABLED is the default. NOTE Setting or clearing the access servers RESPONDER characteristic does not affect its ability to respond with local service/node information when it receives a Solicited Information request targeted to itself. Restriction This characteristic is used by the LAT protocol only.
PAGE 210
SET/DEFINE/CHANGE Commands SERVER SERVICE GROUPS (privileged) Syntax Description This privileged command specifies which groups are assigned to all locally defined services and are enabled for the access server when it functions as a service node (the default is 0 ENABLED, 1-255 DISABLED). Use the group-list format with ENABLED or DISABLED to add groups to or remove groups from the existing list.
PAGE 211
SET/DEFINE/CHANGE Commands SERVER SOFTWARE (privileged) Syntax Description This privileged command specifies the filename (1 to 9 characters) of the access server software load image. If you enclose the filename in quotes, you can use both uppercase and lowercase letters in the filename. You can specify a quoted null string (" ") to have no name for the software image (useful for downline loading with some protocols).
PAGE 212
SET/DEFINE/CHANGE Commands SERVER TFTP - SERVICE QUEUE SERVER TFTP (privileged) Syntax DEFINE SERVER TFTP HOST [ADDRESS] {nnn.nnn.nnn.nnn | NONE} Description This command defines the TFTP server host from which Directed TFTP image downloads will be obtained, whenever the Access Server boots. There is no corresponding SET command. This command takes effect on the next Access Server reboot. Keywords TFTP HOST Host from which Directed TFTP image downloads will be obtained.
PAGE 213
SET/DEFINE/CHANGE Commands Example: DEFINE SERVER TFTP HOST Local> DEFINE SERVER SOFTWARE "/tftp/ww" Local> DEFINE SERVER TFTP HOST 192.10.444.6 Local> LIST SERVER Network Access SW V2.3 for DS900TM BLXX.XX ROM V7.
PAGE 214
SET/DEFINE/CHANGE Commands Keywords service-name This privileged command specifies the name of the LAT service you wish to define. You can have a maximum of 20l LAT services defined at one time. Example: SET SERVER PORT Local> SET SERVICE BOSTON PORTS 1,3,6-8 ENABLED QUEUE DISABLED If the LAT service BOSTON does not exist, this command creates this service on ports 1, 3, 6, 7, and 8 with queuing disabled.
PAGE 215
SET/DEFINE/CHANGE Commands SERVICE IDENTIFICATION (privileged) Syntax Description This privileged command specifies a brief description of the LAT service for the access server to transmit in multicast messages to advertise the service (default: no description is sent). The id-string value is a string from 1 to 40 ASCII characters. To clear an identification string, enter the command with a quoted null string (" ").
PAGE 216
SET/DEFINE/CHANGE Commands SERVICE PORTS (privileged) Syntax Description This privileged command specifies ports that offer the LAT service (default: ALL DISABLED). Specify port-list with ENABLED or with DISABLED to add or remove ports from the existing port list. Specify port-list without keywords ENABLED or DISABLED to replace the existing list with a new one. Specify ALL to enable or disable use of the LAT service by all ports.
PAGE 217
SET/DEFINE/CHANGE Commands SESSION LAT - SESSION TELNET IP REQUEST SESSION LAT (secure) Syntax Description This secure command (available to all users) specifies characteristics for your current LAT session (the last LAT session you entered in service mode). Keywords INTERACTIVE Enables special switch characters and messages at the access server port. This is the default. PASTHRU Disables all switch characters and access server messages at the access server port while you are using the affected session.
PAGE 218
SET/DEFINE/CHANGE Commands SESSION TELNET (secure) Syntax Description This secure command (available to all users) modifies the Telnet client characteristics for the current Telnet session. Type SHOW PORT SESSION to view Telnet session characteristics. You must resume a suspended Telnet session before characteristics altered by SET SESSION TELNET commands go into effect.
PAGE 219
SET/DEFINE/CHANGE Commands SESSION TELNET AUTOFLUSH (secure) Syntax Description Automatic Flush specifies that an Automatic Flush of output (same as Abort Output) should occur whenever the keyboard characters defined as IP, SYNCH, or AYT are entered. AUTOFLUSH causes any output currently on its way to the user’s terminal to be aborted. The default is DISABLED for IP, SYNC, and AYT.
PAGE 220
SET/DEFINE/CHANGE Commands SESSION TELNET AYT REQUEST (secure) Syntax Description Are-You-There (AYT) request defines a keyboard character that, when entered, invokes the Telnet AYT function. This function causes the remote host to send back a message indicating that it is still up and running. The default character is Ctrl/T. To define ~~as the keyboard character, you must enter the individual characters, including the left and right arrows.~~
PAGE 221
SET/DEFINE/CHANGE Commands SESSION TELNET BREAK (BRK) REQUEST (secure) Syntax Description The secure BRK or BREAK request defines a keyboard character that, when entered, causes the Telnet Break command to be sent to the remote host. There is no default BRK character. To define ~~as the keyboard character, you must enter the individual characters, including the left and right arrows. To define the Break key, you must type the individual letters.~~
PAGE 222
SET/DEFINE/CHANGE Commands SESSION TELNET ECHO (secure) Syntax Description The secure Echo (ECHO) option specifies whether input on this connection should be echoed locally (by the access server) or remotely (by the remote host). The default is REMOTE. Restriction When ECHO is set to LOCAL, input can be suppressed locally by either of two methods: by setting the PROFILE characteristic to BINARY or by typing the defined TOGGLE ECHO character to suppress local echoing.
PAGE 223
SET/DEFINE/CHANGE Commands SESSION TELNET FLOW CONTROL (secure) Syntax Description This secure command specifies how the access server handles flow control for data transfer between the access server and the port device. Flow control can be set for both directions: from the access server to the port device (OUTPUT), and from the port device to the access server (INPUT). The default is ENABLED in both directions.
PAGE 224
SET/DEFINE/CHANGE Commands SESSION TELNET NEWLINE FROM HOST - SESSION TELNET VERIFICATION SESSION TELNET NEWLINE FROM HOST (secure) Syntax Description The SET SESSION TELNET NEWLINE FROM HOST command defines a 1- or 2character sequence that, when received by the access server from the remote host, is interpreted as newline, translated into the NEWLINE TO TERMINAL character sequence, and sent to the terminal. The default is .
PAGE 225
SET/DEFINE/CHANGE Commands Restriction Same restriction as NEWLINE FROM HOST. SESSION TELNET NEWLINE TO HOST (secure) Syntax Description This secure command defines a 1- or 2-character sequence that the access server sends to the remote host whenever a NEWLINE FROM TERMINAL character sequence is received from the terminal. The default is . To define as the keyboard character, you must enter the individual characters, including the left and right arrows.
PAGE 226
SET/DEFINE/CHANGE Commands SESSION TELNET PROFILE (secure) Syntax SET SESSION TELNET PROFILE CHARACTER BINARY Description This secure command selects a set of characteristics for a Telnet connection. This characteristic is intended to prevent you from having to set all of the individual characteristics in just the right way to produce a desired behavior on a Telnet connection. There are two predefined sets of characteristics: CHARACTER and BINARY. The default is CHARACTER.
PAGE 227
SET/DEFINE/CHANGE Commands SESSION TELNET SIGNAL REQUEST (secure) Syntax Description This secure command enables or disables predefined keyboard characters that are mapped to Telnet functions, such as AO, AYT, BRK, EOR, IP, QUOTE, SYNCH, and TOGGLE ECHO. When disabled, these characters are interpreted as ordinary user data. When enabled, they cause the corresponding Telnet function to be invoked. The default is ENABLED.
PAGE 228
SET/DEFINE/CHANGE Commands SESSION TELNET TERMINAL (privileged) Syntax Description This privileged command allows you to specify the terminal type during Telnet client sessions. Keywords VTXXX Denotes numerically any member of the DIGITAL VT family of terminals from VT10 through VT999. ANSI Non-DIGITAL VT terminals that support ANSI. UNKNOWN All other terminal types.
PAGE 229
SET/DEFINE/CHANGE Commands SESSION TELNET VERIFICATION (secure) Syntax Description This secure command specifies the display of information messages by the access server when an existing Telnet client session is started, stopped, or resumed. If you enable verification, the access server displays the session number and the name of the Telnet host. If you disable verification, no session information is displayed. The default is ENABLED.
PAGE 230
SET/DEFINE/CHANGE Commands SESSION TN3270 FLOW CONTROL - SYSTEM SESSION TN3270 FLOW CONTROL (secure) Syntax SET SESSION TN3270 INPUT OUTPUT FLOW ENABLED CONTROL DISABLED Description This secure command option changes the current TN3270 session. Flow control can be set for both directions for the session: from the access server to the port device (OUTPUT), and from the port device to the access server (INPUT). The default is ENABLED in both directions.
PAGE 231
SET/DEFINE/CHANGE Commands SNMP (privileged) Syntax Description This privileged command configures the Simple Network Management Protocol (SNMP) agent for access from SNMP Network Management Stations (NMSs). Community names are used to verify access from NMSs. The members of the SNMP community can access the variables as defined in the access server Management Information Bases (MIBs). For each community, the SNMP GET, GETNEXT, SET, and TRAP operation can individually be enabled or disabled.
PAGE 232
SET/DEFINE/CHANGE Commands AUTHENTICATION [FAILURE] When enabled, the access server can emit authentication failure traps. These traps are sent when an unauthorized host attempts to access the access server or when a host uses an unauthorized SNMP request. The traps are sent to all communities in the access server SNMP database for which TRAP is ENABLED. When disabled, the access server does not emit authentication failure traps. The default is ENABLED.
PAGE 233
SET/DEFINE/CHANGE Commands GETNEXT When enabled, allows members of the community to read values sequentially from the server supported MIBs. The default is ENABLED. SET When enabled, allows members of the community to modify values sequentially from the server supported MIBs. The default is DISABLED. TRAP When enabled, identifies the Internet address as a location that receives traps. The default is DISABLED.
PAGE 234
SET/DEFINE/CHANGE Commands The following command enables Internet hosts that can access the community “MONTY” to use SNMP GET messages to obtain value information from the access server supported MIBs: Local> SET SNMP COMMUNITY "MONTY" GET ENABLED SYSTEM (privileged) Syntax Description This privileged command specifies system-related information, such as the name of the person managing the access server or the location of the access server.
PAGE 235
SET/DEFINE/CHANGE Commands TELNET LISTENER - USERACCOUNT TELNET LISTENER (privileged) Syntax Description This privileged command specifies a Telnet listener or Telnet remote console port on the access server. The listener may be associated with one or more physical access server ports or with the remote console virtual port. You can also assign an Internet address to the Telnet listener. The access server can accept connections that specify the TCP port or listener-identifier as a destination.
PAGE 236
SET/DEFINE/CHANGE Commands PORTS Specifies the access server physical ports or the remote console virtual port with which a Telnet listener will be associated. Enabled associates the port(s) with the listener. Disabled dissociates them. The default is DISABLED. The above defaults apply to tcp-ports 2001 and above only. Tcp-port 23 has the following defaults: Identification: Telnet Console Console Ports: Console Connections: Enabled ALL Associates the listener with all the access server ports.
PAGE 237
SET/DEFINE/CHANGE Commands Examples: SET/DEFINE/CHANGE TELNET LISTENER Local> SET TELNET LISTENER 23 CONSOLE ENABLED Local> SET TELNET LISTENER 23 CONNECTIONS ENABLED These commands enable Telnet listener 23 on the Telnet remote console port. These commands affect the access server operational database. Local> DEFINE TELNET LISTENER 2001 PORTS 1,2 Local> DEFINE TELNET LISTENER 2001 CONNECTIONS ENABLED These commands enable Telnet listener 2001 on access server ports 1 and 2.
PAGE 238
SET/DEFINE/CHANGE Commands TN3270 ATOE (privileged) Syntax Description This privileged command allows you to change an ASCII to EBCDIC translation. An ASCII to EBCDIC translation can be reset to the default value using DEFAULT.
PAGE 239
SET/DEFINE/CHANGE Commands TN3270 ETOA (privileged) Syntax Description This privileged command allows you to change an EBCDIC to ASCII translation. An EBCDIC to ASCII translation can be reset to the default value using DEFAULT.
PAGE 240
SET/DEFINE/CHANGE Commands TN3270 KEYMAP (privileged) Syntax Description This privileged command allows you to redefine a TN3270 function for a customized server keymap. An error will occur if the keymap is predefined. Predefined keymaps are VT100 and VT220. TN3270-function Refer to Table for the IBM TN3270-functions. Keywords k-name An existing customized server keymap.
PAGE 241
SET/DEFINE/CHANGE Commands ascii-code-mnemonic Any of the ASCII key code mnemonics described in the Table , which represents ASCII character sequences. ASCII key code mnemonics should describe the ASCII keyboard keys for terminal servers VT100 through VT400. keystroke-description An optional text description for purposes of describing the keyboard keystrokes on the user’s ASCII keyboard. The network access server emulator will then translate the sequence into a TN3270 function.
PAGE 242
SET/DEFINE/CHANGE Commands TN3270 TERMINAL (privileged) Syntax Description This privileged command creates a customized TN3270 TERMINAL device in the server-wide database or changes the keymap associated with an existing TN3270 terminal. The TN3270 TERMINAL device is available to any port to be used with the SET PORT TN3270 TERMINAL command. Keywords t-name/k-name The names of a terminal type and its associated keyboard map (keymap). The names must be unique in the server-wide database.
PAGE 243
SET/DEFINE/CHANGE Commands USERACCOUNT (privileged) Syntax 4-163
PAGE 244
SET/DEFINE/CHANGE Commands Description This privileged command allows the security manager to manage a small local database to be used for authentication and authorization. While technically required to prevent lockout of the security manager, it can also be used to support a small office. [ { { PERMISSIONS ( 2 2 ] [ { { [ 2 2 ] .... ) ] The SET/DEFINE/CHANGE command permits entry addition and modification. Individual accounts can be enabled and disabled using the ENABLE or DISABLE keywords.
PAGE 245
SET/DEFINE/CHANGE Commands ACCESS The ACCESS clause specifies the default access mode this user is granted.
PAGE 246
SET/DEFINE/CHANGE Commands CALLBACK The CALLBACK clause specifies if mandatory callback is required for this user. The supported values are: ENABLED The user must be called back. (If no callback information is available, the user will be denied access.) DISABLED The user will not be called back at login time. An administrator would specify mandatory callback by configuring an account with CALLBACK ENABLED.
PAGE 247
SET/DEFINE/CHANGE Commands DIALBACK NUMBER The DIALBACK NUMBER is used for Mandatory Dialback as well as for PPP Callback on the same port (where the user is unable to specify a dialback service). DIALOUT NUMBER The DIALOUT NUMBER clause, used in interactive dialout commands, specifies the actual number to dial. The keyword ANY specifies that any number may be used.
PAGE 248
SET/DEFINE/CHANGE Commands 4-168
PAGE 249
Chapter 5 SHOW/MONITOR/LIST Commands Overview Introduction This chapter describes the SHOW, MONITOR, and LIST commands. The SHOW command displays current status or information about various options from the access server operational database. The MONITOR command displays continuously updated access server information on various options. Type any character to stop a monitor display. The MONITOR command displays have the same format as the corresponding SHOW command displays, but requires privileged.
PAGE 250
SHOW/MONITOR/LIST Commands ACCOUNTING - APPLETALK ACCOUNTING (secure) Syntax Description This secure command displays the values of the Accounting characteristics. Restrictions • MONITOR is a privileged command. • When using the MONITOR command, your port type characteristic should be set to ANSI; otherwise, the displayed information will scroll off the screen. ACCOUNTING LOG (privileged) Syntax Description This privileged command displays the accounting log.
PAGE 251
SHOW/MONITOR/LIST Commands APPLETALK (secure) Syntax Description This secure command displays operational information pertinent to AppleTalk. Keywords ARP ENTRY Displays information for every entry in the operational AppleTalk ARP table. COUNTERS Displays all pertinent AppleTalk counters. ROUTES Displays each entry in the operational AppleTalk routing table. STATUS Displays AppleTalk status information, including the acquired AppleTalk address and NBP name.
PAGE 252
SHOW/MONITOR/LIST Commands APPLETALK (secure) Syntax Description This secure command displays the values of the permanent AppleTalk characteristics.
PAGE 253
SHOW/MONITOR/LIST Commands COMMAND GROUP - DIALER SERVICE COMMAND GROUP Syntax Description This command displays the names of the command groups in the access server database or to display the contents and characteristics of those command groups. If this command is entered by a privileged user, then all command groups are available for display. Otherwise, only the command groups enabled for the port entering the command are available.
PAGE 254
SHOW/MONITOR/LIST Commands DIALER SERVICE (nonprivileged) Syntax Description This nonprivileged command produces a display of one or all dialer services. A user on a port with SECURITY enabled would not have access to the STATUS display because it might provide access to unlisted or sensitive phone numbers and other information received from the modem. In the second example below, port 10 is currently available; the last phone number it dialed was found to be busy. Ports 9 and 11 are presently in use.
PAGE 255
SHOW/MONITOR/LIST Commands INTERNET - INTERNET HOST INTERNET (secure) Syntax Description This command (available to all users) displays information in the access server Internet database. Keywords CHARACTERISTICS Displays the current settings of the user-definable parameters associated with the Internet protocol, for example, Internet address. This display also shares the current status of DHCP and TCP keepalive features. This is the default display.
PAGE 256
SHOW/MONITOR/LIST Commands INTERNET ARP ENTRY (secure) Syntax Description This command (available to all users) displays ARP entries in the access server ARP database. Restrictions • MONITOR is a privileged command. • When using the MONITOR command, your port type characteristic should be set to ANSI; otherwise, the displayed information will scroll off the screen.
PAGE 257
SHOW/MONITOR/LIST Commands Example: SHOW/MONITOR/LIST INTERNET GATEWAY Local> SHOW INTERNET GATEWAY This command displays all current gateways in the operational database, along with the corresponding networks, associated subnet masks, and hosts that the user can access. INTERNET HOST (secure) Syntax Description This command (available to all users) displays information about the access server Internet domain name system (DNS) database entries.
PAGE 258
SHOW/MONITOR/LIST Commands DOMAIN Identifies the domain-name as a specific domain name for a particular domain. The domain name for a domain must be an absolute name. If the DOMAIN option is specified, all the hosts with the specified domain and its subdomains will be displayed. This option is valid only when specifying a domain-name. STATUS Specifies the time-to-live (TTL) numbers for each host shown. SUMMARY Displays a summary of information about the host. This is the default.
PAGE 259
SHOW/MONITOR/LIST Commands INTERNET NAME RESOLUTION - MEMORY INTERNET NAME RESOLUTION (secure) Syntax Description This command (available to all users) displays the information in the access server WINS (Windows Internet Naming Service) and DNS (domain name system) databases. When you enter this command, the access server displays its WINS servers and the name servers (both locally configured and learned) that serve the current default domain of the access server.
PAGE 260
SHOW/MONITOR/LIST Commands Restrictions • MONITOR is a privileged command. • COUNTERS is invalid for the LIST command. • Secure users cannot execute the LIST command. • When using the MONITOR command, your port type characteristic should be set to ANSI; otherwise, the displayed information will scroll off the screen.
PAGE 261
SHOW/MONITOR/LIST Commands KERBEROS CHARACTERISTICS (nonprivileged) Syntax Description This nonprivileged command shows all the current settings for Kerberos. NOTE If a realm has no explicitly specified domain, the realm name itself will be used as an implied domain. Restriction LIMITED VIEW ENABLED ports will be prohibited from this display.
PAGE 262
SHOW/MONITOR/LIST Commands Keywords ALL This command option will display the characteristics for all menus. MEMORY (secure) Syntax Description This secure command displays information about the access server memory. Keywords CONFIGURATION Displays the size of memory installed on the access server and the functional status of Flash RAM. CONFIGURATION is the default. STATUS Displays the amount of memory available and the percentage of memory in use.
PAGE 263
SHOW/MONITOR/LIST Commands NODES - PORT AUTHORIZATION [STATUS] NODES (secure) Syntax Description This command displays information about LAT service nodes known to the access server. Reference For a detailed description of the displays, refer to the Cabletron Network Access Software Management guide. For nonprivileged users, the access server displays only those nodes that have at least one of the groups currently selected on the port (as defined by the GROUPS port characteristic).
PAGE 264
SHOW/MONITOR/LIST Commands STATUS Displays full information about the specified node(s), including name, address, identification string, enabled group codes, and services. This is the default display when you specify a node name. SUMMARY Displays a one-line summary of information for the specified node(s), including node name, status, and identification string. This is the default display when you do not specify a node name. Restrictions • MONITOR is a privileged command.
PAGE 265
SHOW/MONITOR/LIST Commands Reference For a detailed description of the displays, refer the to Network Access Software Management guide. Keywords ACCESS {type} Specifies that information is displayed for those ports only with ACCESS set to the type you choose (LOCAL, REMOTE, DYNAMIC, NONE). ACCESS is a port characteristic specified with the SET/DEFINE/CHANGE PORT command. ALL Specifies that information for all ports is displayed.
PAGE 266
SHOW/MONITOR/LIST Commands Examples: SHOW/LIST/MONITOR PORTS Local> SHOW PORT ACCESS REMOTE SUMMARY This command displays a one-line summary of information for each access server port that has its ACCESS characteristic set to REMOTE. Local> SHOW PORTS ALL This command displays a summary, from the operational database, for all the ports on the access server.
PAGE 267
SHOW/MONITOR/LIST Commands PORT AUTHORIZATION [STATUS] (nonprivileged) Syntax Description This command shows the user profile being used for the specified ports. This command displays information only when the port is already logged in. The following example shows the port authorization status display. Restrictions Nonprivileged users may show authorization status for their own port only.
PAGE 268
SHOW/MONITOR/LIST Commands PORT PPP - PORT SECURITY COUNTERS PORT PPP (secure) Syntax SHOW PORT PPP ALL port-list COUNTERS STATUS Description These commands display the PPP counters and status. Keywords ALL Specifies that information for all ports is displayed. port-list Specifies one or more ports for which information is displayed (default: the port you are using). For more information on specifying port-list, refer to Chapter 1 for examples and conventions.
PAGE 269
SHOW/MONITOR/LIST Commands PORT PPP LCP/IPCP/ATCP/IPXCP (secure) Syntax SHOW MONITOR LIST ALL PORT port-list PPP LCP IPCP ATCP IPXCP CHARACTERISTICS COUNTERS STATUS Description These secure commands display information associated with PPP LCP, IPCP, ATCP, or IPXCP ports from the access server database. Keywords ALL Specifies that information for all ports is displayed. port-list Specifies one or more ports for which information is displayed (default: the port you are using).
PAGE 270
SHOW/MONITOR/LIST Commands Restrictions • MONITOR is a privileged command. • When using the MONITOR command, your port type characteristic should be set to ANSI; otherwise, the displayed information will scroll off the screen. • Secure users can specify their own port only. PORT RLOGIN (secure) Syntax SHOW/LIST Description This command (available to all users) displays information associated with Rlogin ports from the access server database.
PAGE 271
SHOW/MONITOR/LIST Commands PORT SECURITY COUNTERS (nonprivileged) Syntax Description This command displays all port-related security counters. The display is very similar to the one that results from the existing SHOW PORT AUTHENTICATION COUNT command. The existing display will also be updated to include port authorization counters.
PAGE 272
SHOW/MONITOR/LIST Commands PORT SESSION - PORT SESSION TN3270 KEYMAP PORT SESSION (secure) Syntax Description This command (available to all users) displays information from the operational database for one or all sessions on the access server. Unlike the SHOW/MONITOR SESSIONS command that displays all sessions only, this command can display one session at a time. Reference For a detailed description of the displays, refer to the Cabletron Network Access Software Management guide.
PAGE 273
SHOW/MONITOR/LIST Commands STATUS Displays the current session status. For the SHOW PORT SESSION command, the field will display the port setting read from dynamic memory at the time the Telnet connection was initiated. This may or may not be the same as the final terminal type negotiated between the host and the client. The SHOW PORT SESSION STATUS command shows the results of the negotiation. TN3270 KEYMAP Allows the user to display a current TN3270 session keymap.
PAGE 274
SHOW/MONITOR/LIST Commands Example: SHOW/MONITOR PORT SESSION Local> SHOW PORT 1 SESSION ALL STATUS Port 1, session 1, Protocol Ping (no status information available for PING sessions) Port 1, session 2, Protocol TELNET Do-Binary Will-Binary Do-Echo Will-Echo Do-SGA Will-SGA Do-Status Will-Status Do-End of Record Will-End of Record Do-Remote Flow Control Will-Remote Flow Control Will-Terminal Type Enabled Disabled Disabled Disabled Enabled Disabled Enabled Enabled Disabled Disabled Disabled Disabled Dis
PAGE 275
SHOW/MONITOR/LIST Commands Local> SHOW PORT SESSION STATUS Remote Console, Session 1, Protocol TELNET Do-Binary Will-Binary Do-Echo Will-Echo Do-SGA Will-SGA Do-Status Will-Status Do-End of Record Will-End of Record Do-Remote Flow Control Will-Remote Flow Control Will-Terminal Type Enabled Disabled Disabled Enabled Disabled Enabled Enabled Disabled Disabled Disabled Disabled Disabled Disabled DEC-VT100 Local> In this example, the command displays the status of all the current sessions on port 1.
PAGE 276
SHOW/MONITOR/LIST Commands NOTE Changes to a port’s keymappings do not affect an established session’s keymappings. Keywords PORT ALL Specifies that the information for all ports session keymap be displayed. PORT port-list Displays sessions for the specified port (default: displays sessions for your current port). SESSION session-id Identifies the session number to be displayed for the specified port. The current session is the default if none is specified.
PAGE 277
SHOW/MONITOR/LIST Commands Example: SHOW PORT SESSION TN3270 KEYMAP Local> SHOW PORT 1 SESSION 1 TN3270 KEYMAP PORT 1, SESSION 1, Protocol TN3270 KEYMAP TN3270 Function ASCII Mnemonic Keystroke Description BACKTAB F12 "" CENT KPDOTC "" CLEAR KPDOT F20 "" CURSUP UPARROW "" CURSDOWN DOWNARROW "" CURSLEFT LEFTARROW "" CURSRIGHT RIGHTARROW "" DELETE DELETE "" DUP KPDOT F12 "" ENTER ENTER "" ERASEEOF F18 "" ERASEINP KPDOT F18 "" EXIT CTRL/Z KP "" EXT DOT "" FIELDMARK
PAGE 278
SHOW/MONITOR/LIST Commands 5-30 TN3270 Function ASCII Mnemonic Keystroke Description PF1 PF1 "" PF2 PF2 "" PF3 PF3 "" PF4 KP7 "" PF5 KP8 "" PF6 KP9 "" PF7 KP4 "" PF8 KP5 "" PF9 KP6 "" PF10 KP1 "" PF11 KP2 "" PF12 KP3 "" PF13 KPDOT PF1 "" PF14 KPDOT PF2 "" PF15 KPDOT PF3 "" PF16 KPDOT KP7 "" PF17 KPDOT KP8 "" PF18 KPDOT KP9 "" PF19 KPDOT KP4 "" PF20 KPDOT KP5 "" PF21 KPDOT KP6 "" PF22 KPDOT KP1 "" PF23 KPDOT KP2 "" PF24 KPDOT KP3 ""
PAGE 279
SHOW/MONITOR/LIST Commands Restrictions • Entering this command for a non-TN3270 session results in an error message. • This command does not support LIST commands. • User needs privileged status to show keymaps for other ports. • For undefined keymaps, the ASCII mnemonic column will be blank. • IBM applications requiring display stations that have screens other than 24x80 are not supported.
PAGE 280
SHOW/MONITOR/LIST Commands Restrictions • When using the MONITOR command, your port type characteristic should be set to ANSI; otherwise, the displayed information will scroll off the screen. • Secure users can specify their own port only. Example: SHOW/LIST/MONITOR PORT SLIP Local> SHOW PORTS ALL SLIP This command displays all characteristics of SLIP-specific ports in the operational database.
PAGE 281
SHOW/MONITOR/LIST Commands CLIENT Displays Telnet client characteristics. This is the default. For the SHOW PORT TELNET CLIENT command, this field will display the current port setting as read from dynamic memory. For the LIST PORT TELNET CLIENT command, the field will display the value stored in NVRAM. This change also adds a new field to the {SHOW | LIST} PORT TELNET CLIENT and SHOW PORT SESSION commands.
PAGE 282
SHOW/MONITOR/LIST Commands PORT TN3270 CHARACTERISTICS (secure) Syntax Description This command displays current values for TN3270 port characteristics. This includes the characteristics that you assign with the SET/DEFINE/CHANGE PORT TN3270 command. Reference For a detailed description of the displays, refer to the Cabletron Network Access Software Management guide.
PAGE 283
SHOW/MONITOR/LIST Commands Restriction Only a privileged user can view the keymap for another port. Example: SHOW/MONITOR/LIST PORT TN3270 KEYMAP Local> SHOW PORT 1 TN3270 KEYMAP PRINTER Syntax Description This command displays characteristics of a specific printer or all printers configured on the access server. Keywords printer-name Displays characteristics for the specified printer. ALL Displays characteristics for all configured printers.
PAGE 284
SHOW/MONITOR/LIST Commands QUEUE - SECURITY SUMMARY QUEUE (nonprivileged) Syntax Description This nonprivileged command displays information about entries in the LAT access server queue. The MONITOR command provides a continuous display that is updated as changes are made. Reference For a detailed description of the displays, refer to the Cabletron Network Access Software Management guide. Keywords ALL Displays information for all LAT queue entries on the access server.
PAGE 285
SHOW/MONITOR/LIST Commands Example: SHOW/MONITOR QUEUE Local> SHOW QUEUE NODE NELSON RADIUS/SERVER REALM/KERBEROS CHARACTERISTICS (nonprivileged) Syntax Description This command shows the various realms of the specified type that are configured for the access server; it is a privileged command. NOTE The Server Realm is the realm for User Accounts. You must enter the keyword REALM because SHOW SERVER is an entirely different command.
PAGE 286
SHOW/MONITOR/LIST Commands Example: SHOW SECURID Local> SHOW SECURID Retransmit Interval: 00:00:02 Retransmit TimeOut: Service Port: Realm: AAA.BBB.CCC.COM Realm Inclusion: NOINCLUDE Encoding Format: Prompt: Enter Passcode> Secret: Entered) Primary Host: 16.20.55.
PAGE 287
SHOW/MONITOR/LIST Commands Realm: kerberos.realm.somewhere Secret: (Entered) Host: foo.bar.foo.
PAGE 288
SHOW/MONITOR/LIST Commands Example: SHOW SECURITY COUNTERS Local> SHOW SECURITY COUNTERS User authentication (all realms): Realm: 33H.LKG.FOO.COM Realm: XXX.YYY.XXX.COM Realm: AAA.BBB.CCC.COM Realm: kerberos.realm.somewhere Realm: local.
PAGE 289
SHOW/MONITOR/LIST Commands SERVER - SESSIONS SERVER (nonprivileged) Syntax Description This nonprivileged command displays service information about the access server. For a detailed description of the displays, refer to the Cabletron Network Access Software Management guide. Keywords CHARACTERISTICS Displays definable characteristics for the access server, including a list of LAT group codes groups offered by the access server (as specified by the SET/DEFINE/CHANGE server SERVICE GROUPS command).
PAGE 290
SHOW/MONITOR/LIST Commands Example: SHOW SERVER COUNTERS Local> SHOW SERVER COUNTERS This command displays the access server counters from the operational database. SERVER AUTHENTICATION COUNTERS (nonprivileged) Syntax Description This command shows all the current access server counters for the security features. Restrictions • The LIST command is not allowed for counters. • LIMITED VIEW ENABLED ports will be prohibited from this display.
PAGE 291
SHOW/MONITOR/LIST Commands Keywords ALL Displays information for all LAT services (whether available or unavailable) in the database that match your current group codes. Privileged users refer to all LAT services in the database. ALL is the default selection displayed on SHOW commands. However, if you do not specify ALL in the command, the access server displays only the available LAT services.
PAGE 292
SHOW/MONITOR/LIST Commands Examples: SHOW SERVICE Local> SHOW SERVICE DEVELOP This command displays status information about service DEVELOP, including all service nodes offering the service. Local> SHOW SERVICES LOCAL This command displays summary for all local services from the operational database. SESSIONS (secure) Syntax Description This command (available to all users) displays session information from the operational database for one or all ports on the access server.
PAGE 293
SHOW/MONITOR/LIST Commands SNMP - TELNET LISTENER SNMP Syntax Description These commands display SNMP-related information, such as SNMP characteristics, error and access counters, and operational status. Reference For a detailed description of the displays, refer to the Cabletron Network Access Software Management guide. Keywords CHARACTERISTICS Displays current values for SNMP community names and Internet addresses.
PAGE 294
SHOW/MONITOR/LIST Commands Examples: SHOW SNMP Local> SHOW SNMP STATUS This command displays whether the SNMP protocol is running or not running. Local> LIST SNMP CHARACTERISTICS This command displays SNMP community names, Internet addresses, and whether SNMP characteristics GET, GETNEXT, SET, and TRAP are enabled or disabled.
PAGE 295
SHOW/MONITOR/LIST Commands TCP LISTENER (secure) Syntax SHOW MONITOR LIST TCP LISTENER ALL tcp-port CHARACTERISTICS Description This command (available to all users) displays information about TCP listeners on the access server. Keywords ALL Specifies that all TCP listeners are to be displayed. tcp-port Specifies that information only about the TCP listener associated with the specified TCP port is to be displayed.
PAGE 296
SHOW/MONITOR/LIST Commands TELNET LISTENER (secure) Syntax Description This command (available to all users) displays information about Telnet listeners on the access server. Keywords ALL Specifies that all Telnet listeners are to be displayed. tcp-port Specifies that information only about the Telnet listener associated with the specified TCP port is to be displayed. CHARACTERISTICS Specifies that the characteristics of the Telnet listener(s) are to be displayed.
PAGE 297
SHOW/MONITOR/LIST Commands TN3270 ATOE/ETOA - USERS TN3270 ATOE/ETOA (secure) Syntax Description This command allows you to display the current translation table. Codes are in hexadecimal. Refer to the TN3270 ATOE/ETOA (secure) commands for more information. Keywords ATOE The ATOE option allows you to display the ASCII to EBCDIC translation table for ASCII codes. These translations are used to translate user data from ASCII based terminals to EBCDIC data sent to the host.
PAGE 298
SHOW/MONITOR/LIST Commands KEYMAP This command shows the current mapping of IBM functions to DEC key sequences for the specified k-name. USERACCOUNT (privileged) Syntax Description SHOW USERACCOUNT is a privileged command, and will allow the security administrator to view the local database. The password field value will not be displayed for any database entry. Keywords username Designates an individual account name that the security manager wishes to view.
PAGE 299
SHOW/MONITOR/LIST Commands Example: SHOW USERACCOUNT Local> SHOW USERACCOUNT ALL Server Realm: NAS700.LKG.FOO.
PAGE 300
SHOW/MONITOR/LIST Commands Example: SHOW USERS Local> SHOW USERS This command displays user names affiliated with ports that have permanent user names.