Specifications

ManualsBrandsCabletron Systems ManualsSwitchDLE33-MA

9032859

Network Access

Software Management Guide

Summary of content (522 pages)

PAGE 1
Network Access Software Management Guide 9032859
PAGE 2
PAGE 3
Notice Notice Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
PAGE 4
Notice OS/2 is a registered trademark of International Business Machines Corporation. OSF/1 is a registered trademark of Open Software Foundation, Inc. PostScript is a registered trademark of Adobe Systems, Inc. SecurID is a registered trademark of Security Dynamics Technologies, Inc. SCO is a trademark of Santa Cruz Operations, Inc. Sun is a registered trademark of Sun Microsystems, Inc.
PAGE 5
Notice FCC Notice This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules.
PAGE 6
Notice iv
PAGE 7
Contents Preface Overview ......................................................................................................................xxiii Purpose..................................................................................................................xxiii TSM Users .............................................................................................................xxiii Using This Manual ...........................................................................................
PAGE 8
Contents Help................................................................................................................................. 2-5 Introduction ............................................................................................................ 2-5 HELP TUTORIAL Command............................................................................... 2-5 HELP Command .................................................................................................... 2-5 Console Port ..
PAGE 9
Contents Chapter 4 Managing Load Hosts Overview ........................................................................................................................ 4-1 Introduction ............................................................................................................ 4-1 In This Chapter....................................................................................................... 4-1 Load Host Procedures ...................................................................
PAGE 10
Contents Updating Flash RAM............................................................................................. 6-5 Specifying a Delay Value with INITIALIZE....................................................... 6-5 Using the DIAGNOSE Option with INITIALIZE ............................................. 6-6 INITIALIZE DIAGNOSE Option Tests............................................................... 6-6 Specifying the DISABLE OPTION with INITIALIZE.......................................
PAGE 11
Contents ACCESS SERVER NAME Characteristic ................................................................. 7-10 Introduction .......................................................................................................... 7-10 Default Access Server Name .............................................................................. 7-10 Changing the ACCESS SERVER NAME .......................................................... 7-10 NODE LIMIT Characteristic........................................
PAGE 12
Contents Changing the Time Limit .................................................................................... 8-10 Changing the Retry Limit ................................................................................... 8-11 Changing the Name Resolution Mode ............................................................. 8-11 Configuring a List of Commonly Used Internet Hosts .................................. 8-12 Configuring a List of Internet Name Servers.......................................
PAGE 13
Contents Chapter 9 Managing AppleTalk Overview ........................................................................................................................ 9-1 Introduction ............................................................................................................ 9-1 In This Chapter....................................................................................................... 9-1 Configuring AppleTalk on an Access Server ...............................................
PAGE 14
Contents Configuring the ACCESS Characteristic.................................................................. 10-5 Description............................................................................................................ 10-5 Command.............................................................................................................. 10-5 Defining the ACCESS Characteristic Example ................................................ 10-5 Matching the Port and Device Characteristics....
PAGE 15
Contents Specifying DTRWAIT ............................................................................................... 11-10 Description.......................................................................................................... 11-10 Enabling DTRWAIT Example .......................................................................... 11-10 Specifying RING ........................................................................................................11-11 Description..............
PAGE 16
Contents Configuring an Interactive Device for Telnet Sessions ........................................ 12-11 Introduction ........................................................................................................ 12-11 Configuring a Device on Port 6 for Internet Hosts Example....................... 12-11 Reference ............................................................................................................. 12-12 Configuring a Session Management (TD/SMP) Terminal .............
PAGE 17
Contents Specifying a Key to Switch to Local Mode..................................................... 12-35 Specifying BROADCAST.................................................................................. 12-36 Specifying LOSS NOTIFICATION .................................................................. 12-37 Specifying Message Codes ............................................................................... 12-38 Specifying VERIFICATION.........................................................
PAGE 18
Contents Displaying Services Status................................................................................ 13-19 Displaying Services Summary ......................................................................... 13-21 Chapter 14 Configuring and Managing Telnet Servers Overview ...................................................................................................................... 14-1 Introduction ..................................................................................
PAGE 19
Contents Chapter 15 Configuring LPD Printers Overview ...................................................................................................................... 15-1 Introduction .......................................................................................................... 15-1 In This Chapter..................................................................................................... 15-1 LPD Operation........................................................................
PAGE 20
Contents Compressed SLIP ...................................................................................................... 16-13 Introduction ........................................................................................................ 16-13 Enabling CSLIP .................................................................................................. 16-13 Disabling CSLIP .................................................................................................
PAGE 21
Contents Checking LAT Service Accessibility.................................................................. 18-2 Reducing Memory Usage ................................................................................... 18-3 Viewing LAT Node Status Information............................................................ 18-3 Viewing LAT Node Counters Information ...................................................... 18-5 Viewing LAT Node Summary Information .................................................
PAGE 22
Contents ASCII-to-EBCDIC and EBCDIC-to-ASCII Translation Tables ............................ 19-16 Commands .......................................................................................................... 19-16 Guidelines for Managing the Use of NVRAM for TN3270................................. 19-17 Introduction ........................................................................................................ 19-17 Storage Requirements for TN3270 Definitions in NVRAM.......................
PAGE 23
Contents IPX Description ........................................................................................................... 21-3 Introduction .......................................................................................................... 21-3 Access Server Configuration .............................................................................. 21-3 Getting Started.............................................................................................................
PAGE 24
Contents Displaying IPX Counters.......................................................................................... 21-27 Use the SHOW IPX COUNTERS command .................................................. 21-27 IPX Counters Display ........................................................................................ 21-27 IPX Counters Display Fields ............................................................................ 21-27 Displaying IPX Routes...........................................
PAGE 25
Contents Chapter 23 Managing Access Server Security Overview ...................................................................................................................... 23-1 Introduction .......................................................................................................... 23-1 In This Chapter..................................................................................................... 23-1 Security Type Descriptions ...................................................
PAGE 26
Contents Showing the User Port Authorization Profile ................................................ 23-31 Showing Security Counters .............................................................................. 23-31 ManagingDial-UpAccessSecuritywithAUTOLINKandAUTOLINKAuthentication 23-33 Introduction ........................................................................................................ 23-33 Activating AUTOLINK ...........................................................................
PAGE 27
Contents Managing Accounting .............................................................................................. 25-10 Introduction ........................................................................................................ 25-10 Defining the Accounting Log Size................................................................... 25-10 Changing the Accounting Threshold.............................................................. 25-11 Changing the Accounting Console..................
PAGE 28
Contents xxvi
PAGE 29
Preface Overview Purpose The Network Access Software Management guide is written for the person who sets up, maintains, and manages any one of the supported family of network access servers. To use this manual, you must be familiar with using a terminal on an access server. TSM Users If you have the optional network management product, Terminal Server Manager (TSM) software, review the documentation for the product before you read this manual and other access server documents.
PAGE 30
Preface Conventions This manual uses the following conventions: xxiv • The Return key, which you must press to execute all commands, is not shown in command line displays. • The Local> prompt, which appears in most examples, is the default access server prompt. You can change this prompt to something other than Local> with the SET/DEFINE/CHANGE SERVER PROMPT command. • All numbers are expressed in decimal notation unless otherwise noted. • All Ethernet addresses are shown in hexadecimal notation.
PAGE 31
Preface Associated Documents Refer to the following documentation for additional information: • Terminal Server Manager Installation and Use — Provides the procedures to install and use TSM. • DECserver 700 Site Preparation and Maintenance — Provides the procedures to prepare the site before installing the DECserver 700 hardware. • DECserver 90TL/DECserver 90M Owner’s Manual — Provides the procedures to install and operate the DECserver 90TL/DECserver 90M hardware.
PAGE 32
Preface xxvi
PAGE 33
Chapter 1 CNAS Management Overview Introduction This chapter describes the tasks that the following types of users perform when managing the access server: • System administrators who configure and manage the access server • End users of network services and applications In This Chapter This chapter includes the following topics: • Configuration Tasks for System Administrators • Management Tasks for System Administrators • User Tasks • Storage of Configuration Settings and Changes in Memory •
PAGE 34
CNAS Management Configuration Tasks for System Administrators Configuration Tasks The following table lists the tasks that system administrators can perform when configuring an access server and the chapter of this manual that describes each task: To Configure: Refer to: User interface Chapter 3 Network access server on the network Chapter 6 Devices on a port Chapter 9 Interactive devices Chapter 11 LAT services Chapter 12 Telnet listeners Chapter 13 SLIP ports Chapter 15 3270 emulation C
PAGE 35
CNAS Management Management Tasks for System Administrators System Management Tasks The following table lists the tasks that system administrators can perform to manage the access server. This table also lists the chapter that describes each task.
PAGE 36
CNAS Management User Tasks Introduction The access server enables end users to perform tasks such as connecting to network resources and managing sessions. For a description of these tasks, refer to the Specifying the Telnet Client Session Profile section in Chapter 11. Accessing Online Help The tutorial for online help also describes user tasks.
PAGE 37
CNAS Management Storage of Configuration Settings and Changes in Memory Memory Types The access server stores configuration settings in two types of memory: • Permanent data is stored in nonvolatile random access memory (NVRAM). • Operational data is stored in volatile random access memory (VRAM). Power Loss An initialization or power loss has no effect on NVRAM. When an initialization or power loss occurs, the access server overwrites the current settings in VRAM with those from NVRAM.
PAGE 38
CNAS Management Commands to Display and Change Configuration Settings Introduction This section lists the type of commands that operate on the configuration settings stored in VRAM and NVRAM. The CHANGE and SET commands listed in the following chapters have an immediate effect when you enter them. When you use the DEFINE command, however, the changes are delayed: • If you use the DEFINE command to make changes to a given port, these changes take place the next time that a user logs in to the port.
PAGE 39
Chapter 2 Management Tools Overview Introduction This chapter describes the tools for managing the access server.
PAGE 40
Management Tools Access Server Commands Introduction The access server has a command line interface. You enter commands at a prompt on a terminal attached to an access server port. The default for the prompt is: Local> Reference For a complete description of command syntax and use, refer to the Cabletron Network Access Software Command Reference guide.
PAGE 41
Management Tools • SET/DEFINE/CHANGE commands • SHOW/LIST/MONITOR commands In the above list, the command descriptions group includes any command that does not functionally fit into the CLEAR/PURGE, SET/DEFINE/CHANGE or SHOW/LIST MONITOR groups (for example, DIAL, CONNECT, SEND, and LOOP). Command Definitions The following table describes the commands for the CLEAR/PURGE, SET/DEFINE/CHANGE and SHOW/LIST/MONITOR groups: Command Result DEFINE Changes NVRAM (nonvolatile random access memory).
PAGE 42
Management Tools Reference For more information about this command group and its qualifiers, please refer to the Cabletron Network Access Software Command Reference guide. Privileged Commands To manage and configure the network, you use privileged commands. To enable privileged commands, use the SET PRIVILEGED command. The command line interface prompts you to enter the privileged password (which does not appear on the screen).
PAGE 43
Management Tools Help Introduction The access server provides online help about access server commands. This section describes two types of online help that are available on the access server. HELP TUTORIAL Command The command HELP TUTORIAL provides a brief introduction to the access server. You enter this command as follows: Local> HELP TUTORIAL The access server then displays a screen that explains how to use the tutorial.
PAGE 44
Management Tools Console Port Displaying Port Parameters The console port receives the access server system messages. An access server can have only one console port at a time. The default console port number is 1. To change the console port, use the SET/DEFINE/CHANGE CONSOLE PORT command. To find out the current port number for the console port, use the SHOW SERVER command. Reference The console port helps with troubleshooting as described in the Cabletron Network Access Software Problem Solving guide.
PAGE 45
Management Tools Remote Console Port Description The remote console port is a logical port that enables you to configure the access server from a remote terminal on the network.
PAGE 46
Management Tools OpenVMS Utility — Terminal Server Manager For OpenVMS systems, DIGITAL offers the Terminal Server manager (TSM) to facilitate managing the access server using the MOP remote console. TSM allows the user to store access information such as the maintenance password, Ethernet address, and login password for a server in a local database.
PAGE 47
Management Tools Example: Using NCP to Connect to an Access Server Remote Console Port from a Load Host The following example shows a connection from an OpenVMS DECnet Phase IV load host to an access server that has the DECnet node name SHRIMP. The maintenance password is FEDCBA. The login password is the default, ACCESS. $ MCR NCP NCP> CONNECT NODE SHRIMP SERVICE PASSWORD FEDCBA Console connected (press CTRL/D when finished) # ACCESS (not echoed) Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.
PAGE 48
Management Tools Example: Using MOP to Connect to an Access Server from a DECnet/OSI OpenVMS Node The following example shows a connection from a DECnet/OSI OpenVMS node to an access server remote console port. In this example: • The access server has a DECnet node name of DGD700. • The maintenance password is FEDCBA. On the SET HOST/MOP command line, however, the DECnet/OSI software transposes this password into the string BADCFE. • The access server has a password of ACCESS.
PAGE 49
Management Tools Characteristics of the Telnet Remote Console Port The following table describes the characteristics for Telnet remote console connections on the access server: Characteristic Description Number of connections allowed on the remote console port at one time 1 The port is shared with the MOP remote console port so it will not be accessible to Telnet if the remote console port is active. Default TCP port number 23 By default, the remote console is accessed via TCP port number 23.
PAGE 50
Management Tools Access Server Manager Description The Access Server Manager application is a management tool for access servers. It runs on 32-bit Windows-based operating systems. The Access Server Manager has a graphical user interface that allows you to easily configure some access server features. The Access Server Loader application is integrated with the Access Server Manager. Functions Use the Access Server Manager to: • Download firmware from a PC load host to the access server.
PAGE 51
Chapter 3 User Interface Overview Introduction This chapter describes how to customize and manage the user interface to the access server. The access server provides two features to manage the user interface: • A command group defines a set of commands that a specified group of users can access and execute. • A menu provides a customized selection of commands that a specified group of users can select on the terminal screen.
PAGE 52
User Interface Command Groups and Menus Description In addition to convenience, command groups and menus provide the access server with a security feature. Since command groups and menus both have an associated port list, you can control which users can access them. Command groups and menus can also enable nonprivileged users to access a subset of privileged commands.
PAGE 53
User Interface Using Command Groups Creating a Command Group To create a command group, follow these steps: Step Action 1 Use the CHANGE COMMAND GROUP command to specify a command group name and port list. Example: The following defines the command group called SERVICE_A that is available on ports 2, 3, and 5: Local> CHANGE COMMAND GROUP SERVICE_A PORT 2, 3, 5 2 Enter the individual commands that define the command group.
PAGE 54
User Interface The following example executes the command group SERVICE_A defined in the previous example. When this command executes, it substitutes the value 3 for the port place holder %P1 and SALES for the service place holder %P2. Local> DO SERVICE_A 3 SALES Displaying a Command Group Use the SHOW COMMAND GROUP command to display a command group. Example: Displaying a Command Group The example below shows how to display the SERVICE_A command group.
PAGE 55
User Interface Using Menus Displaying a List of Enabled Menus To display a list of the menus enabled on a port, use the SHOW MENU command. If you are a privileged user, the SHOW MENU command displays the names of all menus available on the access server. To enable a menu on a port, you must use the CHANGE MENU command. See section Defining Menu Choices in this chapter.
PAGE 56
User Interface Local> DEFINE PORT 2 DEFAULT MENU HOSTS Menu Windows Menus are divided into two windows: • The menu choices window appears in lines 1 through 20. • The directions and user input window appears in lines 22 through 24. The current selection appears in reverse video. To make a selection, use the upand down-arrow keys to highlight a selection and press the Return key. You can also make a selection by entering the item number to the left of the selection and pressing the Return key.
PAGE 57
User Interface Defining Menus Introduction This section describes how to define menus and provides examples. Reference For complete information about the commands mentioned in this section, refer to the Cabletron Network Access Software Command Reference guide. Main Menu Whenever the server has its factory-set default settings, it stores the main menu in NVRAM. You can display and modify the default menu using the same commands that you use for any other menu.
PAGE 58
User Interface Access Server Main Menu 1 Open Lat Session 2 Open Telnet Session 3 Show Session 4 Next session 5 Close Session 6 Go to Command Line 7 Quit Use , , or item number to make your choice. Press to execute your choice. LKG-7421-fh8 Figure 3-2.
PAGE 59
User Interface The menu selection defined in this example does the following: 1. The following text displays on line 5 of the menu choices window: OPEN TELNET SESSION 2. When you press the Return key, the following prompt displays in the directions and user input window: ENTER HOST NAME OR IP ADDRESS 3. The next step depends on whether you simply press the Return key or type a host name or address before pressing the Return key.
PAGE 60
User Interface Exiting from a Menu Unless the system manager wants to set up a captive menu (refer to the following section), all menus should have an executable line for LEAVE MENU. To exit from the menu, select this line (which has the display string “GOTO Command Line” on the default menu MAIN). If the port is privileged, it is also possible to exit from the menu by entering Ctrl/C while the menu is displayed.
PAGE 61
User Interface Line 9 Display Logout Line 9 Logout LOGOUT Purging Menu Lines and Entire Menus Use the PURGE MENU command to delete a string from a menu line, an entire menu line, an entire menu, or all menus from the access server database.
PAGE 62
User Interface 3-12
PAGE 63
Chapter 4 Managing Load Hosts Overview Introduction This chapter describes the command procedures that you use to manage hosts that load the access server software image on a LAT network.
PAGE 64
Managing Load Hosts Load Host Procedures Description The specific command procedure that you use to manage the load host depends on the network version, protocol, and operating system of the load host.
PAGE 65
Managing Load Hosts DSV$CONFIGURE Introduction DSV$CONFIGURE is a command procedure that runs on a DECnet Phase IV OpenVMS load host or on a DECnet/OSI OpenVMS load host. This procedure enables you to: • Maintain configuration information about access servers. • Modify the local MOP (Maintenance Operation Protocol) client configuration. • Access the remote console port of the access server. DSV$CONFIGURE is provided as part of the access server software.
PAGE 66
Managing Load Hosts $ DSV %DSV-I-IDENT, executing DSV$CONFIGURE version x.x.x-nnn DSV-I-HELP, type ? any time for help DSV> HELP ADD MODIFY SET DELETE LIST SHOW CONNECT USE HELP EXIT - Add a server to the system Modify an existing server's information Synonym for MODIFY Remove a comm.
PAGE 67
Managing Load Hosts DSV> ADD SERVER _Server Name: DGD700 _Ethernet Address: 08-00-2B-26-AE-32 _Server Type: DS700 _Service Circuit [SVA-0]: _Maintenance Password [none]: FEDCBA _Dump File [MOP$DUMP:DS7DGD700.DMP]: _Load Image [MOP$LOAD:WWENG2.
PAGE 68
Managing Load Hosts DSV> DELETE DGD700 Server: DGD700 Circuit: SVA-0 Address: 08-00-2B-26-AE-32 Maint. Password: FEDCBA Type: DS700 Dump File: MOP$DUMP:DS7DGD700.DMP Image File: MOP$LOAD:WWENG2.SYS Are you SURE you want to delete this server??? [No]: YES Node 0 MOP Client DGD700 at 1992-10-26-13:31:29.378-05:00I0.176 LIST and SHOW Commands The LIST and SHOW commands display information about an access server.
PAGE 69
Managing Load Hosts DSV> USE DGD700 %CCR-I-CONNEST, connection established to remote system 08-00-2B-26-AE-32 Press CTRL/ \ to disconnect, CTRL/] to send break # ACCESS (not echoed) Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.x-x Uptime: 0 00:16:47 (c) Copyright 1999, Cabletron Systems, Inc.
PAGE 70
Managing Load Hosts Using a BOOTP/TFTP Server Introduction A BOOTP/TFTP server is a UNIX host that downloads the access server software using the BOOTP and TFTP protocols. The BOOTP/TFTP server stores the information necessary to downline load the access server software in the /etc/bootptab file. Reference For information about installing and configuring a BOOTP/TFTP server refer to the Cabletron Network Access Software Installation guide.
PAGE 71
Managing Load Hosts Each port enabled for remote or dynamic access, may have its remote password feature individually enabled or disabled. This feature is useful for both reverse LAT services or Telnet listeners. CNAS uses the remote password, in addition to the LAT service password, when the LAT service is password-protected. When a host initiates a login to a remote password-protected port on the server, the server displays the '-' prompt. The customer can use this feature in a variety of ways.
PAGE 72
Managing Load Hosts Upline Dumping Introduction The access server upline dumps its memory when: • An unexpected failure occurs. • You force a crash. The access server always dumps to a load host with the protocol that was used for its download. After an upline dump, the access server automatically reinitializes. Reference To send a dump file to your authorized service provider for evaluation, follow the procedure described in the Cabletron Network Access Software Problem Solving guide.
PAGE 73
Managing Load Hosts Terminal Server Manager (TSM) Introduction TSM is a utility that runs on OpenVMS load hosts. TSM enables you to configure and manage the access servers on the same extended LAN. TSM is not included in the access server software and must be purchased separately. Reference For more information about TSM, refer to the Terminal Server Manager Installation and Use manual. For TSM Users If you use TSM, do not use DSV$CONFIGURE or NCP to update the DECnet database.
PAGE 74
Managing Load Hosts 4-12
PAGE 75
Chapter 5 Managing Directed TFTP Overview Directed TFTP is a feature that allows the Access Server to load from a single, prespecified TFTP server. Once configured for Directed TFTP, the Access Server ROM firmware downloads its operating image from the specified TFTP server rather than soliciting a response from a BOOTP server. Directed TFTP makes it easier for the Access Server to obtain an operating image over the wide area network (WAN).
PAGE 76
Managing Directed TFTP Configuring Directed TFTP on an Access Server Directed TFTP requires a minimum ROM code revision to be resident in the Access Server. The minimum revision of ROM firmware is V5.1 for the DECserver 90M and V7.1 for the DECserver 700, DECserver 900 models, and Cabletron Access Server models.
PAGE 77
Managing Directed TFTP Step Action 3 Define the Directed TFTP server host address using the DEFINE SERVER TFTP HOST nnn.nnn.nnn.nnn command. For example: Local> DEFINE SERVER TFTP HOST ADDRESS 192.444.10.2 4 Ensure that the Access Server load image name matches the filename used at the TFTP server’s default directory location (LIST SERVER). If not, use the DEFINE SERVER SOFTWARE aaaaaaaaa command to modify the filename.
PAGE 78
Managing Directed TFTP Step Action 5 Initiate a boot from using the Access Server’s Ethernet interface, by entering the "B" command at the prompt. For example: >>> b eth:mneng2 (for DECserver 90M) >>> b eth:wweng2 (for DECserver 700 or 900 or Access Server 316) 6 Once the software load is complete, follow the steps listed in the previous table to make the configuration of the DTFTP information permanent.
PAGE 79
Chapter 6 Initializing the Access Server Overview Introduction This chapter describes how to initialize the access server. Initializing the access server reloads the software image. Initializing the access server does not affect the configuration settings stored in NVRAM. To reset the access server to the factory-set defaults, you need to reboot the access server and press the appropriate switch on the hardware unit.
PAGE 80
Initializing the Access Server Preparing LAT Services for Initialization Do This If the access server offers LAT services, follow these steps before you initialize: Step Action 1 Enter the following command to disable queuing on the access server: Local> SET SERVER QUEUE LIMIT 0 2 Disable additional connections to local services.
PAGE 81
Initializing the Access Server Preparing Telnet Listeners for Initialization Do This If the access server has Telnet listeners, follow these steps before you initialize: Step Action 1 Disable further Telnet connections. The network access server fails to execute the SET TELNET LISTENER CONNECTIONS DISABLED command if a session exists on the specified listener.
PAGE 82
Initializing the Access Server Initializing the Access Server Using the INITIALIZE Command To use the INITIALIZE command, log in to one of the following: • A terminal attached to the access server • The remote console port Login Methods You can use any of the following methods to log into the remote console port: • NCP • SET HOST/MOP • CCR • Telnet remote console Refer to Remote Console Port section in Chapter 2 for additional information about the remote console port.
PAGE 83
Initializing the Access Server Specifying Initialization from a Load Host To specify initialization from a network load host, use the following command: Local> INITIALIZE FROM ETHERNET This command causes the access server to request the image name stored in its NVRAM from a load host. Specifying an Image Name When Initializing You can specify the name of an image when initializing.
PAGE 84
Initializing the Access Server Using the DIAGNOSE Option with INITIALIZE Using the DIAGNOSE option with INITIALIZE enables you to test the access server hardware. You can specify three types of tests as described in the INITIALIZE DIAGNOSE Option Tests. The following example shows the DIAGNOSE option with INITIALIZE: Local> INITIALIZE DIAGNOSE FULL This command initializes the access server in the default mode and performs an extended test.
PAGE 85
Initializing the Access Server Using NCP to Initialize the Access Server NCP Initialization Commands The following table shows the NCP commands used to initialize the access server if you are on a load host: NCP Initialization Commands Description LOAD Ensures that the host at which you issue the command is the node that performs the load. TRIGGER Causes the access server to load the software image from any host on the network.
PAGE 86
Initializing the Access Server Booting from the Network Loading the Software Image If your network server is configured with Flash RAM, but does not have the correct image, the access server performs a network load. Determining Boot Protocols During the network boot sequence, the access server searches for a load host. The access server tries both MOP and BOOTP protocols in a factory-defined order. The boot sequence includes a wait period after passing through all the boot protocols.
PAGE 87
Initializing the Access Server Booting Using Console Commands Introduction Console functions require access server ROM Version 4.0 or greater. If you program Flash RAM with a nonstandard boot image name and a load host is not available, pressing the reset-to-factory button may leave the access server unbootable.
PAGE 88
Initializing the Access Server Boot Command Options The following table lists the command options you can select for the boot command: Option Definition Associated Options B This command, without an argument, starts a new boot sequence to load the access server with an executable image using the default boot parameters. - B name This command and the argument name specifies a nonstandard boot image. The access server looks for the software name; first from Flash RAM, then from the network.
PAGE 89
Initializing the Access Server Option Definition Associated Options B media:name In this command, the media part of media:name specifies which boot media to use. FLA: — Use Flash RAM. For example: B FLA:MNENG2 ETH: — Use the network to find a load host. For example: B ETH:MNENG2 FLA:ETH: — Use Flash RAM first, and if that does not work, then use the network to find a load host. For example: B FLA:ETH:MNENG2 B/M This command boots the maintenance mode software for the access server.
PAGE 90
Initializing the Access Server Option Definition Associated Options R This command resets the factorysettings and initializes the access server. This command requires verification. Enter YES if you want to reset the access server to factory settings. - S This command sets parameters for the current boot cycle only S ip=nnn.nnn.nnn.nnn This command sets the IP address of the access server. Use it with the directed TFTP feature. S gw=nnn.nnn.nnn.
PAGE 91
Chapter 7 Configuring LAT Characteristics Overview In This Chapter This chapter describes how to configure the LAT characteristics for the access server.
PAGE 92
Configuring LAT Characteristics LAT Characteristics Preparing to Change LAT Characteristics Before you change LAT characteristics, make sure to: • Install the latest software image on the access server and all load hosts. • Read the release notes. • Know what devices and cables are connected at the various ports. • Enter the SET PRIVILEGED command for the port. • Check if the current values or default values are appropriate.
PAGE 93
Configuring LAT Characteristics Characteristic Default Range Refer to Section PASSCHECK 200 0 to 200 PASSCHECK Characteristic QUEUE LIMIT 100 0 to 200 QUEUE LIMIT Characteristic RESPONDER Disabled - RESPONDER Characteristic RETRANSMIT LIMIT 8 4 to 120 RETRANSMIT LIMIT Characteristic SERVICE GROUPS 0 ENABLED, 1 to 255 DISABLED 0 to 255 Service Groups 7-3
PAGE 94
Configuring LAT Characteristics Displaying LAT Characteristics Command To Use To display the current LAT characteristics, use the SHOW/LIST/MONITOR SERVER command as shown in the following example. LAT Characteristics Display Example The following example shows a typical display that appears when you use the SHOW SERVER command: Local> SHOW SERVER Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.
PAGE 95
Configuring LAT Characteristics ANNOUNCEMENTS Characteristic Introduction The ANNOUNCEMENTS characteristic determines if the access server sends LAT multicast messages about local services over the Ethernet. The access server does not send any announcements if no local services are defined.
PAGE 96
Configuring LAT Characteristics CIRCUIT TIMER Characteristic Introduction The CIRCUIT TIMER characteristic defines the interval at which the access server sends virtual circuit messages to the LAT service node. This value is important for balancing fast response time and network utilization against optimal service node performance. The circuit timer value ranges from 30 to 200 milliseconds. The default is 80 milliseconds, which is recommended for normal interactive functions.
PAGE 97
Configuring LAT Characteristics IDENTIFICATION Characteristic Introduction The IDENTIFICATION characteristic is a string that can be up to 40 characters long. This string displays: • Under the welcome banner during a login procedure • In the SHOW SERVER displays The access server also uses the identification string when it multicasts messages about the availability of services.
PAGE 98
Configuring LAT Characteristics KEEPALIVE TIMER Characteristic Introduction The KEEPALIVE TIMER characteristic maintains a virtual circuit between the access server and service node when no messages are exchanged over a period of time. If the keepalive timer expires, the access server sends a message to determine if the service node is still reachable. If the service node fails to respond, the access server can time out the virtual circuit.
PAGE 99
Configuring LAT Characteristics MULTICAST TIMER Characteristic Introduction The MULTICAST TIMER characteristic determines the interval at which a service node sends service announcements. Multicast Timer Default Values You can specify a value from 10 to 180 seconds. The default value is 30 seconds.
PAGE 100
Configuring LAT Characteristics ACCESS SERVER NAME Characteristic Introduction The SERVER NAME characteristic is a string of 1 to 16 characters. This name must be unique on the LAT network. When the access server offers a service, it periodically multicasts the name over the local area network. Default Access Server Name The default access server name is LAT_ethernet-address. This value is the 12-digit hexadecimal Ethernet address of the access server. This address does not contain hyphens.
PAGE 101
Configuring LAT Characteristics NODE LIMIT Characteristic Introduction The NODE LIMIT characteristic specifies the maximum number of LAT service nodes that the access server maintains in its node database. The range is from 1 to 2000, and the default is 200. You can also specify a node limit of NONE. This keyword indicates that the only limit is the available memory of the access server.
PAGE 102
Configuring LAT Characteristics Access SERVER NUMBER Characteristic Introduction Each access server has a number that uniquely identifies it. Access SERVER NUMBER Values This number is a value from 0 to 32,767. The default is 0. When the access server offers a service, it periodically multicasts the number over the network. Changing the Access SERVER NUMBER Use the DEFINE/SET/CHANGE SERVER NUMBER command to change this characteristic.
PAGE 103
Configuring LAT Characteristics PASSCHECK Characteristic Introduction The PASSCHECK characteristic determines whether a host is required to provide a password as part of a host initiated contact (HIC) request to a passwordprotected local service. With PASSCHECK disabled, HIC requests are not required to supply a password. With PASSCHECK enabled, HIC requests are required to supply a password. Changing the PASSCHECK Characteristics The factory default for the PASSCHECK characteristic is DISABLED.
PAGE 104
Configuring LAT Characteristics QUEUE LIMIT Characteristic Introduction The LAT QUEUE LIMIT characteristic specifies the maximum number of outstanding connection requests for remote access to access server ports. The range is from 0 to 200, and the default is 100. Special QUEUE LIMIT Values Two values have special meaning: • The value 0 disables the queue. • The keyword NONE places no limit on connection requests.
PAGE 105
Configuring LAT Characteristics RETRANSMIT LIMIT Characteristic Introduction The RETRANSMIT LIMIT characteristic specifies the number of times that the access server resends a message without an acknowledgment. After the specified time limit, the access server times out the circuit. If other service nodes offer the same service that timed out, the access server attempts automatic failover. RETRANSMIT LIMIT Values The retransmit limit range is from 4 to 120.
PAGE 106
Configuring LAT Characteristics RESPONDER Characteristic Access Server Mapping In order to connect to other nodes on the LAN, the access server must be able to map node names, port names, and services to specific nodes.
PAGE 107
Configuring LAT Characteristics Changing the RESPONDER Characteristic The factory default setting for the RESPONDER characteristic is disabled. To enable it, use the following command: Local> CHANGE SERVER RESPONDER ENABLED Use the SHOW SERVER command to determine the current setting. When the feature is enabled, “RESPONDER” is displayed as one of the enabled characteristics.
PAGE 108
Configuring LAT Characteristics Service Groups Introduction A service group defines the access that service nodes and port users have to the network. Each service group has an identifying number from 0 to 255. Viewing Service Groups To view service groups that have access to services on the access server, use the SHOW SERVER command. (See the LAT Characteristics Display Example section in this chapter.
PAGE 109
Chapter 8 TCP/IP Network Characteristics Overview Introduction This chapter describes the configuration characteristics for a TCP/IP network. To enable the access server to operate on a TCP/IP network, you need to: 1. Configure the Internet address and subnet mask. 2. Configure the TCP/IP characteristics, for example: • List of commonly used Internet hosts • List of gateway addresses • List of ARP entries • TCP keepalive timer 3. Configure domain name characteristics.
PAGE 110
TCP/IP Network Characteristics 8-2 • Displaying the Internet Counters • Setting the TCP Keepalive Timer • Learning IP Information From a BOOTP Server • Learning IP Information From a DHCP Server • Assigning WINS Server Addresses
PAGE 111
TCP/IP Network Characteristics Configuring the Internet Address and Subnet Mask Tasks You can perform the following tasks: • Set an Internet address. • Set a subnet mask. • Display the Internet address and subnet mask. Alternative: Learning IP Information You can configure the access server to learn IP configuration information from a BOOTP server or a Dynamic Host Configuration Protocol (DHCP) server on the network instead of configuring all of the IP information on the access server manually.
PAGE 112
TCP/IP Network Characteristics Setting an Internet Subnet Mask The Internet subnet mask is used to partition the host section of an Internet address into subnets. The default subnet mask depends on the class of the Internet address that you assigned. The following table lists these defaults: Internet Address Class Default Subnet Mask A 255.0.0.0 B 255.255.0.0 C 255.255.255.
PAGE 113
TCP/IP Network Characteristics Supernetted IP Addresses The CNAS software supports the use of supernetted IP addresses. Supernetting allows you to configure the access server and its ports with a subnet mask shorter than the intrinsic subnet mask (for example, 255.255.255.0 for a Class C address). With supernetting, you can give a Class C subnet mask a range of 255.255.0.0 to 255.255.255.254.
PAGE 114
TCP/IP Network Characteristics Configuring Domain Name System (DNS) Characteristics Tasks This section describes how to display and set the access server characteristics for the Internet domain name system (DNS) to resolve host names into Internet addresses. You can perform the following tasks: • Display DNS characteristics. • Display DNS counters. • Configure the default name resolution domain. • Change the time limit. • Change the retry limit. • Change the name resolution mode.
PAGE 115
TCP/IP Network Characteristics Nameservers (Locally configured): 99.99.99.99 Local name.acme.com (from DHCP) Nameservers (Learned): 99.99.99.99 Local 88.88.88.88 Local name.acme.com secondary.acme.com DHCP server: 16.20.244.250 Local> The following table describes the DNS characteristics that appear in the previous example. (See the Displaying WINS Characteristics section in this chapter for an explanation of the WINS characteristics in the display.
PAGE 116
TCP/IP Network Characteristics Displaying the DNS Counters To display the DNS counters, use the SHOW/LIST INTERNET NAME RESOLUTION COUNTERS command. To reset the DNS counter, use the ZERO INTERNET NAME RESOLUTION COUNTERS command.
PAGE 117
TCP/IP Network Characteristics Field Description Truncated Responses Number of incomplete (truncated) responses from the DNS server. This is not necessarily an error condition. Fail Answers Number of fail answers received. This condition could be caused by a number of events, including: 1. Unable to find a name server to send particular query. 2. Unable to find the Internet address of a particular name server. 3. Sent a query and received more than maximum amount of responses. 4.
PAGE 118
TCP/IP Network Characteristics Step Action 3 In this situation, the access server automatically appends the default name resolution domain to SALES. The access server behaves as if you had typed: Local> CONNECT SALES.FINANCE.ACME.COM 4 Enter a command with a higher level domain name: Local> CONNECT SALES.REVENUE Result: The access server tries a sequence in the following order, using parts of the default domain name: SALES.REVENUE.FINANCE.ACME.COM SALES.REVENUE.ACME.COM SALES.
PAGE 119
TCP/IP Network Characteristics Changing the Retry Limit The domain name resolution retry limit indicates the number of times that the access server resends queries to the same name server when looking for an Internet host. The range is from 1 to 5, and the default is 3.
PAGE 120
TCP/IP Network Characteristics Configuring a List of Commonly Used Internet Hosts You can optionally enter commonly used Internet host names and addresses in the access server cache. The following command shows how to do this: Local> CHANGE INTERNET HOST SALES ADDRESS 195.1.1.
PAGE 121
TCP/IP Network Characteristics You can use a relative domain name if you are defining a local name server for the default domain only. Configuring a Name Server for a Different Domain To enter a locally defined name server for a domain other than the access server default domain, follow these steps: Step Action 1 Use the SET INTERNET NAME RESOLUTION DOMAIN command to change the access server default domain name temporarily.
PAGE 122
TCP/IP Network Characteristics Assigning DNS Server Addresses Automatically The DNS autoconfigure feature on the access server allows dial-up clients to receive DNS configuration information automatically from the access server when establishing a remote PPP connection. The access server assigns a primary and secondary DNS server to the remote PPP client. The access server uses an algorithm to obtain the addresses of the DNS servers from its database.
PAGE 123
TCP/IP Network Characteristics Configuring a List of Internet Gateway Addresses Introduction If the access server users need to access hosts in different networks or subnets, you can define a database of Internet gateways. The access server uses gateways to route traffic to different networks and subnets. Displaying a List of Gateway Addresses To display a list of Internet gateway addresses, use the SHOW/LIST/MONITOR INTERNET GATEWAY command.
PAGE 124
TCP/IP Network Characteristics Default Gateway Definition Example The following example shows how to define the mapping of the default gateway to the network: Local> CHANGE INTERNET GATEWAY 195.1.1.72 NETWORK 197.0.0.0 You can define multiple networks that can be reached through the same gateway with the same address. You must enter a separate command to each network with a gateway.
PAGE 125
TCP/IP Network Characteristics Configuring a List of Internet ARP Entries Introduction The list of address resolution protocol (ARP) entries maps Internet addresses to Ethernet hardware addresses for devices on the same network as the access server. You only need to enter the network hosts that do not support ARP. Displaying the List of Internet ARP Entries To display a list of ARP entries, use the SHOW/LIST/MONITOR INTERNET ARP ENTRY command.
PAGE 126
TCP/IP Network Characteristics Setting the TCP Keepalive Timer What the Timer Does The TCP keepalive timer determines whether a TCP connection with a remote host is active and should remain open. After the access server and a remote host establish a TCP connection, the access server waits a set amount of time and sends a keepalive probe to the remote host. If the access server receives a valid response from the remote host, it waits again and sends a new keepalive probe.
PAGE 127
TCP/IP Network Characteristics Setting Timer Retries Use the SET/DEFINE/CHANGE INTERNET [TCP] KEEPALIVE RETRY command to set the number of keepalive probe retries. The TCP keepalive timer retry number indicates the number of times that the access server sends keepalive probes to the remote host when it does not receive a valid response. The access server sends a keepalive probe every minute until the host responds or it reaches the retry count value.
PAGE 128
TCP/IP Network Characteristics Displaying the Internet Counters Using the SHOW Command Use the SHOW/LIST/MONIITOR INTERNET command to display the Internet counters. To reset the Internet counters, use the ZERO INTERNET COUNTERS command. To reset the Internet counters, use the ZERO INTERNET COUNTERS command.
PAGE 129
TCP/IP Network Characteristics Internet Counter Display Fields The following table describes the fields in a typical Internet counters display: Field Description TCP Segments The following counters contain statistics on TCP segments: Transmitted: Total number of TCP segments transmitted by the access server. The following counters are a breakdown of this total: Data: Number of transmitted segments that contained data.
PAGE 130
TCP/IP Network Characteristics Field Description Accepted: Number of incoming TCP connections accepted by Telnet. This count includes those connections accepted by Telnet then dropped due to no physical port available. Established: Number of connections established by TCP. This count includes those connections accepted by Telnet then dropped due to no physical port available.
PAGE 131
TCP/IP Network Characteristics Learning IP Information From a BOOTP Server Introduction Instead of manually configuring IP information, you can have the access server learn its IP address and other IP configuration information from a BOOTP server on the network. If you use the BOOTP server to load the CNAS software on the access server, it can also learn its IP configuration from the BOOTP server during the load operation.
PAGE 132
TCP/IP Network Characteristics Setting Up IP Configuration Learning Do the following to set up your access server to learn IP configuration information from a BOOTP server on the network: Step Action 1 Set up the BOOTP server: a. Add an entry for the access server’s Ethernet address. b. Associate the Ethernet address with an IP address. c. Optionally, associate the Ethernet address with a subnet mask and default gateway.
PAGE 133
TCP/IP Network Characteristics Learning IP Information From a DHCP Server Description You can use the Dynamic Host Configuration Protocol (DHCP) to automatically configure TCP/IP characteristics on the access server and remote clients. DHCP provides dynamic assignment of IP addresses and discovery of IP configuration parameters (for example, subnet mask or default gateways). A DHCP client requests and receives this information from a DHCP server on the network.
PAGE 134
TCP/IP Network Characteristics BOOTP and DHCP Differences DHCP is an extension of BOOTP; however, using a DHCP server to obtain IP information differs from using a BOOTP server in the following ways: Using a BOOTP Server Using a DHCP Server The access server can learn its IP address from a BOOTP server (or you can configure it directly on the access server). The access server does not learn its IP address from a DHCP server.
PAGE 135
TCP/IP Network Characteristics Figure 8-1 shows what occurs when the access server acts as a DHCP client: Access Server (DHCP Client) 1. Requests IP configuration parameters (IP address not requested). 3. Receives acknowledgement; operation complete. DHCP Server 2. Receives request and sends packet with IP configuration information. LKG-10495-fh8 Figure 8-1.
PAGE 136
TCP/IP Network Characteristics Remote Client (DHCP Client) 1. Begins PPP negotiations and requests IP address. Access Server 2. Receives address request and sends a DHCP Discover packet to DHCP server. 4. Receives IP addess offer and sends a request to use the offered address. 7. Receives IP address; PPP negotiations complete. 6. Resumes PPP negotiation with remote client and assigns the acknowledged IP address. DHCP Server 3. Receives DHCP Discover packet and offers an IP address. 5.
PAGE 137
TCP/IP Network Characteristics Displaying the DHCP Setting Use the SHOW/LIST/MONITOR INTERNET command to display the current DHCP setting. The example in the Displaying the Internet Address and Subnet Mask section in this chapter shows a typical display. Configuring Default Values If you enable DHCP but also want the access server to function in the event that a DCHP server is not available, you can define default values for some of the DHCP-learned IP information in NVRAM using DEFINE commands.
PAGE 138
TCP/IP Network Characteristics Assigning WINS Server Addresses What Does WINS Do? Windows Internet Naming Service (WINS) performs NetBIOS name and IP address resolution, similar to the Domain Name Service (DNS). WINS allows systems that use NetBIOS to communicate with each other over TCP/IP.
PAGE 139
TCP/IP Network Characteristics Dial-Up Client 1.Client requests WINS server addresses during PPP negotiation. 3. Client sends new request using the addresses it recieved from the access server. 5. Client receives acknowledgement. PPP negotiation continues. Access Server 2. Server receives request. Sends addresses stored in VRAM. 4. Access Server compares request to addresses in VRAM. If they match, sends an acknowledgement. If no match, sends new addresses. LKG-10497-97MF Figure 8-3.
PAGE 140
TCP/IP Network Characteristics WINS Display Example The following shows a typical example of the WINS display: Local> SHOW INTERNET NAME RESOLUTION NetBIOS (WINS) Name Resolution: Primary WINS server: Secondary WINS server 6.20.44.55 16.125.14.235 (from DHCP) Domain Name Resolution: Domain Name: finance.acme.com (from DHCP) Resolution Host Limit: Resolution Mode: 32 Resolution Time Limit: 4 Ordered Resolution Retry Limit: 3 Nameservers (Locally configured): 99.99.99.99 Local name.acme.
PAGE 141
Chapter 9 Managing AppleTalk Overview Introduction This chapter explains how to configure and manage the AppleTalk protocol suite on an access server.
PAGE 142
Managing AppleTalk Configuring AppleTalk on an Access Server Introduction You can configure an access server to act as an AppleTalk node on the network and many different components can then be monitored. The configuration of the AppleTalk characteristics can be done only in the NVRAM database. This means that the manager has to reinitialize the access server after making a change to any of the AppleTalk characteristics before the changes take effect.
PAGE 143
Managing AppleTalk Disabling AppleTalk If you decide that your access server should no longer act as an AppleTalk node, all AppleTalk capabilities can be turned off using the following privileged DEFINE command: Local> DEFINE APPLETALK DISABLED Reinitialize the access server to have this command take effect. Upon reinitialization, the access server no longer functions as an AppleTalk node.
PAGE 144
Managing AppleTalk The supported range for n is 1 to the number of asynchronous ports. The access server always attempts to keep the number of available entries in the address cache equal to the smaller of either the cache size that you define or the number of ports that do not already have AppleTalk connections. The default value for n is the number of access server asynchronous ports divided by 8. For instance, the default cache size on a 16 port access server would be 2.
PAGE 145
Managing AppleTalk Displaying AppleTalk Characteristics Commands Use the LIST APPLETALK CHARACTERISTICS command to display the AppleTalk characteristics. This command is nonprivileged. Use the SHOW/MONITOR APPLETALK STATUS command to see the values being used operationally.
PAGE 146
Managing AppleTalk Displaying AppleTalk Counters Command Use the SHOW/MONITOR APPLETALK COUNTERS command to display the AppleTalk counters on an access server. The command is nonprivileged.
PAGE 147
Managing AppleTalk Fields in the AppleTalk Counters Display The following table describes the fields in the AppleTalk Counters display: Field AARP DDP Description Unsent Probes The number of AARP probes that could not be sent due to insufficient access server resources. Unsent Responses Unsent Responses The number of AARP responses that could not be sent due to insufficient access server resources.
PAGE 148
Managing AppleTalk Field NBP RTMP ZIP Description Out Longs The number of long DDP datagrams transmitted. Out No Routes The number of DDP datagrams dropped because a route could not be found. Hop Count Errors The number of input DDP datagrams dropped because the access server was not their final destination and their hop count would exceed 15 if forwarded. Lookups Received The number of NBP Lookup Requests the access server has received.
PAGE 149
Managing AppleTalk Displaying AppleTalk Status Command Use the SHOW/MONITOR APPLETALK STATUS command to display the AppleTalk status on the access server. The command is nonprivileged. Displaying AppleTalk Status Example The following example shows how to display the AppleTalk status on an access server: Local> SHOW APPLETALK STATUS AppleTalk Status Server: State: Up Address: 401.
PAGE 150
Managing AppleTalk Field Value Description Up AppleTalk is fully operational. Address The AppleTalk address of the access server, learned from the EtherTalk network at initialization. Its value is 0.0 until the Learning state. Network The AppleTalk network range the access server learned at initialization. If no AppleTalk router is on the access server’s network, the value is 1-65534. The value is 0-0 until the Learning state.
PAGE 151
Managing AppleTalk Displaying AppleTalk Routes Command Use the SHOW/MONITOR APPLETALK ROUTES command to display the available AppleTalk routes to an access server. The command is nonprivileged. Displaying AppleTalk Routes Example The following example shows how to use the SHOW APPLETALK ROUTES command to display available AppletTalk routes: Local> SHOW APPLETALK ROUTES AppleTalk Routes Server: LAT_08002B24F24F Destination Next Hop Status Interface Seconds since Last Validated 12344-12350 12346.
PAGE 152
Managing AppleTalk Field Value Description Up The route is known to be valid. Suspect The route is thought valid, but has not been refreshed recently. Bad The route has not been refreshed recently enough to warrant further use. Down The route exists in the routing table, but is not being used. Interface The interface the access server uses to route packets to the destination.
PAGE 153
Managing AppleTalk Displaying AppleTalk ARP Entries Introduction When an attached host sends a message to an unknown AppleTalk node on the access server network, the access server creates an entry in the AppleTalk ARP cache and transmits an ARP request for the node’s data link address. At this time, the access server does not know the address for the desired node. When it receives a reply, it fills in the node’s corresponding Ethernet address.
PAGE 154
Managing AppleTalk Field Value Description Remote The entry designates an ARP entry for a remote host on the access server Ethernet. Such an entry usually means the server recently forwarded a DDP packet to this host. Local The entry designates either: 1. A host that is presently running AppleTalk over its asynchronous link to the access server or 2. Acquired Interface 9-14 The access server AppleTalk address The entry has been pre-acquired for later use by an attached AppleTalk host.
PAGE 155
Chapter 10 Configuring Basic Device Characteristics Overview Introduction This chapter explains how to configure the basic characteristics for all types of devices that attach to the access server ports.
PAGE 156
Configuring Basic Device Characteristics Configuring Basic Device Characteristics Introduction If you attach a standard ANSI video terminal to an access server port, the basic device characteristics described in this chapter are the only ones that you need to consider. If you are configuring a port to communicate with a modem, PC, computer interface, or nonstandard terminal, refer to the signal characteristics described in Chapter 10 in addition to the characteristics described in this chapter.
PAGE 157
Configuring Basic Device Characteristics Characteristic Default Allowed Values Refer to Section PARITY None Even, Odd, Mark, None PARITY SPEED 9600 75,110, 134, 150, 300, 600, 1200, 1800, 2000, 2400, 4800, 9600, 19200, 38400, 57600, 115200 SPEED STOP BITS Dynamically set 1, 2 STOP BITS TYPE ANSI Hardcopy, Softcopy, ANSI TYPE 10-3
PAGE 158
Configuring Basic Device Characteristics Displaying Basic Device Characteristics Command To display basic device characteristics, use the SHOW PORT command.
PAGE 159
Configuring Basic Device Characteristics Configuring the ACCESS Characteristic Description The ACCESS characteristic determines which types of devices can use a port.
PAGE 160
Configuring Basic Device Characteristics Matching the Port and Device Characteristics Introduction You must ensure that the physical characteristics of the access server port match the physical characteristics of the device as described in this section. If these characteristics do not match, the device does not operate correctly.
PAGE 161
Configuring Basic Device Characteristics The AUTOBAUD characteristic functions only if the input and output speeds of the port device are the same and the character size and parity settings have the combinations listed in the following table: Character Size Parity 8 None 7 Even Example: Disabling AUTOBAUD The following example shows how to disable the autobaud characteristic: Local> CHANGE PORT 5 AUTOBAUD DISABLED CHARACTER SIZE The CHARACTER SIZE characteristic indicates the number of bits in a da
PAGE 162
Configuring Basic Device Characteristics The following table lists the available parity checks: Setting Check Performed Per Character Even Even number of one bits Odd Odd number of one bits Mark A set parity bit Space A cleared parity bit None (default) No parity checking performed Example: Changing the PARITY Settings The following example shows how to change the parity: Local> CHANGE PORT 5 PARITY ODD SPEED The SPEED characteristic enables you to configure the port for devices that operate
PAGE 163
Configuring Basic Device Characteristics STOP BITS The STOP BITS characteristic indicates the number of bits that mark the end of a character transmission. By default, the access server dynamically sets up the STOP BITS characteristic. The access server automatically uses 2 stop bits for port speeds up to and including 134 bits/s, and 1 stop bit for port speeds above 134 bits/s. You can also specify 1 or 2 stop bits for each device.
PAGE 164
Configuring Basic Device Characteristics Configuring the FLOW CONTROL Characteristic Introduction The FLOW CONTROL characteristic allows the access server to start and stop data transfer between the port and the attached device. Flow control prevents data losses due to lack of buffering space. The FLOW CONTROL characteristic does not apply to data transfer between the access server and a network resource.
PAGE 165
Configuring Basic Device Characteristics Example: Enabling XON/XOFF FLOW CONTROL The following example shows how to enable XON/XOFF FLOW CONTROL: Local> CHANGE PORT 5 FLOW CONTROL XON DSR DSR FLOW CONTROL operates as follows: • If the access server receives data too quickly from the port device, it turns off DTR until it can accept more data. • If the port device receives data too quickly from the access server, it turns off the DSR signal until can accept more data.
PAGE 166
Configuring Basic Device Characteristics Local> CHANGE PORT 7 FLOW CONTROL CTS Example: Disabling FLOW CONTROL The following command shows how to disable FLOW CONTROL on port 5 of an access server: Local> CHANGE PORT 5 FLOW CONTROL DISABLED FLOW CONTROL Direction The access server software allows you to specify flow input and output FLOW CONTROL: • Input FLOW CONTROL refers to the data flow from the attached device to the access server.
PAGE 167
Configuring Basic Device Characteristics Specifying the Automatic Logout Characteristics Introduction This section describes the characteristics that you can use to log out a port automatically when the device attached to the port is turned off or when there is no activity for a specified period of time. Specifying DSRLOGOUT The DSRLOGOUT characteristic causes the access server to logout a port device when the device deasserts DSR. You cannot enable DSR logout if you enable DSR FLOW CONTROL.
PAGE 168
Configuring Basic Device Characteristics Specifying INACTIVITY LOGOUT The INACTIVITY LOGOUT characteristic allows you to enable or to disable automatic log out for the port. If INACTIVITY LOGOUT is enabled, the access server automatically disconnects the session and logs out the port if there is no input or output activity for the time specified by the INACTIVITY TIMER characteristic.
PAGE 169
Chapter 11 Configuring Modem Signals Overview Introduction This chapter describes the various port characteristics that you can use to control the modem signals. You use modem signals to support devices that use these signals, such as modems, computers, and printers.
PAGE 170
Configuring Modem Signals DTE/DCE Device Configuration Port Configuration The role of the access server in the communication is determined by the configuration of the port and the port device: 11-2 • If the port access characteristic is set to local, the access server appears as a data terminal equipment (DTE) device to a dial-in modem connected as a port device, and as a data communication equipment (DCE) device to a personal computer or terminal.
PAGE 171
Configuring Modem Signals Determining the Supported Modem Signals Access Servers and MODEM CONTROL Not all access servers support all modem signals. There are three types of access servers: • Full MODEM CONTROL • MODEM CONTROL Access servers that support MODEM CONTROL can use only one of two sets of modem signals.
PAGE 172
Configuring Modem Signals Access Server Types and Supported Modem Signals The following table lists the types of access servers and the modem signals that each type supports. To determine the type of access server that you have, refer to the software product description (SPD) for your access server.
PAGE 173
Configuring Modem Signals Modem Signals Description Types of Modem Signal The following table describes the various modem signals: Modem Signal Description Request To Send (RTS) Asserted by the access server to indicate to the port device that the access server is ready to exchange further control signals with the port device to initiate the exchange of data. The RTS signal is the same state as the DTR signal unless CTS input flow control is enabled.
PAGE 174
Configuring Modem Signals Specifying MODEM CONTROL and SIGNAL CONTROL Introduction The MODEM CONTROL and SIGNAL CONTROL characteristics are identical, except that MODEM CONTROL is only used with full MODEM CONTROL access servers, and SIGNAL CONTROL is used on all other access servers. These characteristics enable or disable the use of MODEM CONTROL signals on a port.
PAGE 175
Configuring Modem Signals The MODEM CONTROL or SIGNAL CONTROL characteristic can only be configured in the permanent database; therefore, you cannot use the SET or CHANGE command to configure MODEM CONTROL or SIGNAL CONTROL.
PAGE 176
Configuring Modem Signals Specifying SIGNAL SELECT Introduction The SIGNAL SELECT characteristic is used only with MODEM CONTROL access servers. This characteristic determines which of two sets of signals that the access server uses: • CTS, DSR, RTS, and DTR or • RI, DCD, DSRS, and DTR The port device must be cabled correctly to work with the set of signals that you choose.
PAGE 177
Configuring Modem Signals Specifying SIGNAL CHECK Introduction The SIGNAL CHECK characteristic allows the access server to check for any modem signal when a host requests a connection. If any one modem signal is present, the access server makes a connection; otherwise, a connection is denied. If all modem signals are dropped at the port once a connection is made, the access server disconnects the session and logs out the port.
PAGE 178
Configuring Modem Signals Specifying DTRWAIT Description When functioning with modems and computer interfaces, the access server port normally asserts the DTR signal at all times except during a disconnect sequence. However, there are instances when assertion of DTR is undesirable. For example, when a computer is offered as a service, the automatic reassertion of DTR after a disconnect sequence might cause the computer to act as if a session is in progress.
PAGE 179
Configuring Modem Signals Specifying RING Description The RING characteristic is supported only on those access servers that support the DSRS signal. Certain terminal switches and computers need to detect a RING indicator signal (RI) before they activate. The access server can emulate the RI signal when the port is used with a BC22R or equivalent cable that crosses the DSRS signal of the access server over to the RI pin on the device.
PAGE 180
Configuring Modem Signals Specifying ALTERNATE SPEED Description The ALTERNATE SPEED characteristic is only used with full MODEM CONTROL access servers. Two speeds for a modem port can be defined in the access server database: primary and alternate (or fallback). The primary speed is defined with the speed characteristic; the ALTERNATE SPEED is defined with the ALTERNATE SPEED characteristic. You normally set up the primary speed as the high speed and the ALTERNATE SPEED as the low speed.
PAGE 181
Configuring Modem Signals Specifying DIALUP Description The DIALUP characteristic is used to notify LAT service nodes that a port user connected to the service through a dial-in modem. The service node can use this information to implement system security. With DIALUP enabled, the access server sends DIALUP notification to service nodes. With DIALUP disabled (the default), the access server does not notify the service nodes.
PAGE 182
Configuring Modem Signals Sample Modem Configurations Introduction This section provides sample modem configurations for access servers that support full MODEM CONTROL. Configuring a Dial-In Modem on a Full MODEM CONTROL Server The following example provides a sample configuration for a dial-in modem operating at 57600 baud. Note that when the port password characteristic is enabled, you must have previously defined a server login password (refer to Specifying Passwords in Chapter 22).
PAGE 183
Configuring Modem Signals Configuring a Dial-In and Dial-Out Modem on a Full MODEM CONTROL Server The following example provides a sample configuration for a dial-in and dial-out modem operating at 2400 baud: Local> Local> Local> Local> Local> DEFINE DEFINE DEFINE DEFINE LOGOUT PORT PORT PORT PORT PORT 4 4 4 4 4 ACCESS DYNAMIC AUTOBAUD DISABLED DSRLOGOUT DISABLED FLOW CONTROL XON INACTIVITY ENABLED MODEM CONTROL ENABLED PASSWORD ENABLED SIGNAL CHECK DISABLED SPEED 2400 Configuring a Dial-Out Modem on
PAGE 184
Configuring Modem Signals MODEM CONTROL Sequences Introduction Modem-controlled communication requires that the access server recognize what type of device is on a port and detect when this device is ready to communicate and when the device has ceased to communicate. The following section describes the general sequences of modem signals involved in establishing, in monitoring, and in ending communications.
PAGE 185
Configuring Modem Signals NOTE For dial-out modems, the access server enables data communication before detecting DSR. Otherwise, the access server waits until detecting DSR to enable data communication. 3. After first detecting DSR, the access server monitors the port for CTS and DCD. If it detects CTS and DCD within 30 seconds, the access server enables data flow on the line. If it does not detect CTS and DCD within 30 seconds, the access server disconnects the line. 4.
PAGE 186
Configuring Modem Signals Configuring DTR and DSR Signals Introduction This section describes how to configure DTR and DSR signals for those access servers that do not support the other modem signals. DSR flow control must be disabled when you are using the various port characteristics to control the DSR and DTR signals. DSR flow control can override the port characteristics.
PAGE 187
Configuring Modem Signals Enabled Characteristic DTR and DSR Actions SIGNAL CONTROL and DTRWAIT DTR is asserted only if there is a solicited remote connection. (SIGNAL CHECK disabled) Solicited remote connection is established regardless of the state of DSR. Reception of asynchronous data is accepted once the connection is established. Port is logged out if DSR is deasserted after initial assertion. DTR is deasserted for 5 seconds minimum as a consequence of a logout.
PAGE 188
Configuring Modem Signals 11-20 Enabled Characteristic DTR and DSR Actions SIGNAL CONTROL, DTRWAIT, and DSRLOGOUT Same as SIGNAL CONTROL and DTRWAIT. SIGNAL CONTROL, SIGNAL CHECK, DTRWAIT, and DSRLOGOUT Same as SIGNAL CONTROL, SIGNAL CHECK, and DTRWAIT. SIGNAL CHECK and DSRLOGOUT Same as SIGNAL CHECK.
PAGE 189
Chapter 12 Configuring and Managing Interactive Devices Overview Introduction This chapter explains how to configure and manage interactive devices, such as terminals, terminal-like devices, and personal computers (PCs) in terminal emulation mode. Before you use the procedures in this chapter, you must: • Connect and test the devices. • Enable privileged status. • Configure the port and device characteristics to match.
PAGE 190
Configuring and Managing Interactive Devices 12-2 • Specifying the Telnet Client Session Profile • Configuring Individual Telnet Client Session Characteristics • Managing Access Server User Accounts • Managing Users • Managing Sessions
PAGE 191
Configuring and Managing Interactive Devices Configuring an Interactive Device for LAT Sessions Configuring an Interactive Device for LAT Sessions The following example shows a sample configuration of a device connected to LAT services: Local> Local> Local> Local> Local> Local> Local> Local> CHANGE PORT 6 ACCESS LOCAL AUTHORIZED GROUPS 10,24,46 CHANGE PORT 6 AUTOBAUD ENABLED AUTOPROMPT ENABLED CHANGE PORT 6 BREAK LOCAL DEDICATED NONE DEFAULT PROTOCOL LAT CHANGE PORT 6 DSRLOGOUT ENABLED FLOW CONTROL XON CH
PAGE 192
Configuring and Managing Interactive Devices Sample Network Configuration Figure 12-1 shows the sample network configuration for LAT and Telnet sessions: UNIX host (TCP/IP and Telnet) ULTRIX host (LAT) VMS host (LAT) Ethernet transceiver LAN Access Server WAN (TCP/IP) Terminal TD/SMP terminal Asian terminal Personal Computer UNIX host (TCP/IP and Telnet) LJ-05094.fh8 Figure 12-1.
PAGE 193
Configuring and Managing Interactive Devices To configure group codes on an access server, perform the following steps: Step Action 1 Determine the group codes of the LAT services that a port user needs by entering the SHOW NODE STATUS command. 2 Enable the applicable groups on the port as illustrated by the following commands: Local> CHANGE PORT 5 AUTHORIZED GROUPS 10,24,46 Local> SET PORT 5 GROUPS ALL ENABLED 3 If necessary, disable any unwanted group that was previously enabled.
PAGE 194
Configuring and Managing Interactive Devices Example: Enabling AUTOCONNECT The following example shows how to enable AUTOCONNECT on port 5: Local> CHANGE PORT 5 AUTOCONNECT ENABLED Specifying AUTOPROMPT The AUTOPROMPT characteristic is only used with the LAT protocol. This characteristic controls the initiation of a login process on some service nodes when a session begins. The access server sends the status of the AUTOPROMPT characteristic whenever you establish a new LAT service session.
PAGE 195
Configuring and Managing Interactive Devices • PPP — The access server defaults to the PPP protocol if the user does not specify a protocol with the CONNECT command. • AUTOLINK — The access server passively examines characters received from the attached device. If the access server detects a PPP or SLIP connection, it attempts to change the current session into the appropriate data link session type, PPP or SLIP.
PAGE 196
Configuring and Managing Interactive Devices If the access server offering the service has queuing enabled and has not reached its queue limit, the request is queued. If more than one access server offers the service, your access server will attempt to connect to the target access server that has the highest service rating. For access servers that offer queuing, service ratings are higher for access servers that have the greatest number of open positions in their connection queues.
PAGE 197
Configuring and Managing Interactive Devices The following table lists the SHOW/MONITOR QUEUE commands: Option Displays Entries For PORT port-number A specific port NODE node-name A specific node SERVICE service-name A specific service ALL All types of requests For example, to display information about the entries for the service LASER, enter the following command: Local> SHOW QUEUE SERVICE LASER The entry identification numbers in a SHOW/MONITOR QUEUE display can range from 1 to 9999.
PAGE 198
Configuring and Managing Interactive Devices No default entry exists for the REMOVE QUEUE command, and failure to specify what entry or entries are to be removed from the queue results in an error.
PAGE 199
Configuring and Managing Interactive Devices Configuring an Interactive Device for Telnet Sessions Introduction User-oriented characteristics, such as forward switch and VERIFICATION and the various Telnet session characteristics (see Configuring Individual Telnet Client Session Characteristics in this chapter), are not included in this example. Also, this example assumes that the port and device characteristics match. (See the Matching the Port and Device Characteristics section in Chapter 9.
PAGE 200
Configuring and Managing Interactive Devices Enable DSRLOGOUT or LONGBREAK LOGOUT (see Specifying DSRLOGOUT and Specifying LONGBREAK LOGOUT in Chapter 9) if you wish the access server to log out the port when the device is turned off. Note that the access server, device, and device cable must support the DSR signal if you use DSRLOGOUT. Reference For a description of the default protocol characteristic, refer to Specifying the Default Protocol in this chapter.
PAGE 201
Configuring and Managing Interactive Devices Configuring a Session Management (TD/SMP) Terminal Introduction The MULTISESSION characteristic allows a session management terminal using the terminal device/session management protocol (TD/SMP) to manage each terminal session at the terminal itself, not at the access server. A terminal session is a single session on an access server port that is operating under session management control.
PAGE 202
Configuring and Managing Interactive Devices • Simultaneous data exchange with multiple service sessions. • Management of terminal sessions using terminal commands. • Restrictions on some access server commands (see the table in the Local Mode Command Restrictions During Session Management section in this chapter). • The dedicated service characteristic must be disabled. (See the User Account Command Parameters section in this chapter.
PAGE 203
Configuring and Managing Interactive Devices Logging In with Multisessions The following is a typical procedure for logging in at a session management terminal with MULTISESSIONS enabled at the access server port: Step Action 1 Press the Return key once or twice to obtain the introductory banner and username prompt. After the user optionally enters a user name, the access server invokes session management, and the terminal prompts the user for a network resource name.
PAGE 204
Configuring and Managing Interactive Devices Configuring On-Demand Loading for Asian Terminals Introduction Asian terminals implementing the On-Demand Loading (ODL) font protocol can communicate with an OpenVMS load host through an access server. The access server software has an on-demand loading characteristic that enables the ODL protocol. When the on-demand loading characteristic is enabled on the access server, the ODL protocol overrides FLOW CONTROL during font loading to allow for Asian characters.
PAGE 205
Configuring and Managing Interactive Devices Configuring for Block-Mode Terminals Description Block-mode terminals do not require any special setup to communicate with a host through an access server. The access server software automatically allows terminals that support block mode to transmit large blocks of data without using FLOW CONTROL. Buffer Size The maximum receive buffer size is 2048 bytes.
PAGE 206
Configuring and Managing Interactive Devices Specifying the Telnet Client Session Profile Introduction You can set various features for a Telnet client session. You can either choose a profile that has many of the characteristics predefined or set the characteristics individually (refer to Configuring Individual Telnet Client Session Characteristics in this chapter). Many of the characteristics have factory-set defaults.
PAGE 207
Configuring and Managing Interactive Devices Telnet Client Session Characteristics Predefined for Each Profile The following table lists the Telnet client session characteristics that are predefined for each profile. Enabling a profile automatically sets all the characteristics to the value specified by the profile, except those listed as “use current value.” Those characteristics keep their existing value.
PAGE 208
Configuring and Managing Interactive Devices Configuring Individual Telnet Client Session Characteristics Modifying Telnet Session Characteristics You can modify the Telnet client session characteristics in two ways: at the port level or for the individual session using the SET SESSION command. Modifying the characteristics at the port level enables those values for Telnet client sessions at that port when sessions are created. Also, you can save the characteristics in the permanent database.
PAGE 209
Configuring and Managing Interactive Devices Enabling the BINARY characteristic does some, but not all, of what a user might require to send and receive BINARY files over the Telnet connection. For BINARY transfers, you should use the BINARY profile instead of the BINARY characteristic.
PAGE 210
Configuring and Managing Interactive Devices Example: Mapping Keyboard Characters The following example shows how to map the AO function to the Delete key: Local> CHANGE PORT 5 TELNET CLIENT AO You can use the SET SESSION command to map a Telnet function to a key for a particular session. This mapping only lasts for the duration of the specified session. You cannot map a keyboard character to more than one function.
PAGE 211
Configuring and Managing Interactive Devices Function Description Default Quote Causes the next character to be treated as ordinary data. To send a key mapped to a Telnet command as ordinary data, you precede the key with the Quote command. None Toggle Echo Defines a character to enable or disable the echoed input when the ECHO option is local. You can use this command to suppress a local echo when you type a password.
PAGE 212
Configuring and Managing Interactive Devices When you enter a SHOW PORT CHARACTERISTICS command, the -s and +s symbols indicate if AUTOSYNCH is disabled or enabled for a given character. Specifying Telnet Client Newline The NEWLINE characteristics allow the user to define a 1- or 2-character sequence that will be interpreted as a new line. This characteristic is useful for devices that generate or recognize sequences for a new line other than CRLF or CR. There are four different directions as follows.
PAGE 213
Configuring and Managing Interactive Devices The access server supports the remote FLOW CONTROL feature, where the remote Telnet server can toggle on and off the XON and XOFF output FLOW CONTROL characters from the access server (client). This happens when an application on the Telnet server uses the XON and XOFF characters for a function other than FLOW CONTROL.
PAGE 214
Configuring and Managing Interactive Devices Specifying the SWITCH CHARACTER The SWITCH CHARACTER characteristic determines how the access server handles SWITCH CHARACTERs. By default, if any SWITCH CHARACTER is defined on the port, it is recognized and intercepted by the access server during each session. However, any user can change or disable the access server from recognizing these SWITCH CHARACTERs for a specific Telnet session.
PAGE 215
Configuring and Managing Interactive Devices Managing Access Server User Accounts Minimal Setup for Local User Accounts A limited amount of storage is available for defining user account records within the access server volatile and nonvolatile memory.
PAGE 216
Configuring and Managing Interactive Devices SHOW/LIST/MONITOR USERACCOUNT Display The following table defines the values in the SHOW USSERACCOUNT display: Field Description Username Establishes a database for a user account for authentication/authorization. Password Specifies that a password has been set for the user account Access Specifies the default access mode this user is granted.
PAGE 217
Configuring and Managing Interactive Devices Service Type Description Local User may utilize the access server commands. None The configuration value of the port access parameter or realm-wide access parameter determines user access to the realm. Service Permissions Access The following table shows the type of service permissions a user can have. A user can have more than one type of service permission. The user can also have more than one type of permission assigned at a time.
PAGE 218
Configuring and Managing Interactive Devices Command Clause Description Variables Comments PASSWORD Allows modification of the password field for the specified entry. Clear the PASSWORD by setting it to nullstring (""). Max. length = 40 characters Casesensitive, depending on authentication service (protocol). Case-insensitive only for the local access server user data base. USERACCOUNT User name of account. DIALOUT NUMBER Contains a phone number used on dialout.
PAGE 219
Configuring and Managing Interactive Devices Access Command Variables The following table defines the ACCESS command parameter variables: Variable Definition LOCAL Local access (only) allowed. FRAMED Framed (PPP, SLIP) access (only) allowed. NONE No access specified; port characteristics or realm default access determine service. LOGIN Dedicated to a host.
PAGE 220
Configuring and Managing Interactive Devices Managing Users This section describes various tasks for managing users. Providing a Contact Name and Access Server Location The SET/DEFINE/CHANGE SYSTEM command allows you to provide all access server users with a person’s name to contact in case of problems. This command also allows you to specify the location of the access server.
PAGE 221
Configuring and Managing Interactive Devices Example: Enabling a Preferred LAT Service on a Specific Node and Port The following example shows how to specify that port 5 connects to port JAMES on node MARKETING for service FILES: Local> CHANGE PORT 5 PREFERRED FILES NODE MARKETING DESTINATION JAMES For the Telnet Protocol To set an Internet host as a preferred service, the port’s default protocol must be set to TELNET.
PAGE 222
Configuring and Managing Interactive Devices USERNAME is designed to accommodate interactive terminals that have one permanent user. Terminals that are usually shared should not have a permanent user name assigned, and the Enter Username> prompt should be entered upon login. If AUTHENTICATION is enabled on the port, the port user name may be set to the Kerberos principal name of the port’s permanent user. Specifying Keys to Switch Between Sessions Access server users can define keys as switches.
PAGE 223
Configuring and Managing Interactive Devices Defining the Break Key The BREAK characteristic defines how the Break key is used. The Break key can be defined in three ways: • LOCAL — Pressing the Break key switches the user from service mode to local mode. This is the factory-set default. The following shows how to set the Break key to LOCAL on port 5: Local> CHANGE PORT 5 BREAK LOCAL • REMOTE — The Break key is ignored by the access server and passed to the LAT service for the port’s current session.
PAGE 224
Configuring and Managing Interactive Devices Example: Disabling a Local Switch The following example shows how to disable the local switch, which is also the factory-set default: Local> CHANGE PORT 5 LOCAL SWITCH NONE Specifying BROADCAST There are three types of BROADCAST characteristics: • BROADCAST — A port user uses this command to send messages. • Port broadcast — Defines whether a particular port can receive broadcast messages.
PAGE 225
Configuring and Managing Interactive Devices A user with privileges set can use the privileged BROADCAST ALL command to send a message to all interactive users. Example: BROADCAST ALL The following example shows a sample of a message broadcasted to all users: Local> BROADCAST ALL "Server shut down at 12:15; back up at 1:00." At a port with a session management terminal, broadcast messages are delivered to the current terminal session. The factory-set default allows port users to send broadcast messages.
PAGE 226
Configuring and Managing Interactive Devices Specifying Message Codes Each access server message has a message code. In the following example, the number 750 is the message code: Local -750- Another port has this name With message codes disabled, the same message would look like: Local - Another port has this name The factory-set default shows the message codes.
PAGE 227
Configuring and Managing Interactive Devices Example: Configuring LOCK The following example shows how to enable LOCK on the access server, while disabling LOCK on ports 5 through 7: Local> CHANGE SERVER LOCK ENABLED Local> CHANGE PORT 5-7 LOCK DISABLED Since anyone can LOCK any terminal, the LOCK facility can cause inconvenience in a situation where there are irresponsible users. If a user forgets the LOCK password, you have to log out the port with the LOGOUT command before the port can be used again.
PAGE 228
Configuring and Managing Interactive Devices SHOW/LIST/MONITOR USERS Display Headings The following table provides an explanation of the information in the display in the previous example: Heading Description Port Number Number of the port. Username Any user name or the name of the port established by the PORT NAME characteristic. Note: Any port having the user name “(Remote)” designates a remote-access session in progress.
PAGE 229
Configuring and Managing Interactive Devices The SHOW PORT CHARACTERISTICS command displays the user-specified groups, listing them in the field labeled (Current) Groups. Current groups apply only to those ports with ACCESS set to LOCAL; current groups are ignored for those ports with ACCESS set to REMOTE. Current groups (user-specified groups) are stored only in the operational database.
PAGE 230
Configuring and Managing Interactive Devices Managing Sessions This section shows how to initiate and terminate sessions and how to display session information. Initiating a Session to a LAT Service To initiate a session to a LAT service, use the CONNECT LAT command with the service name. If the default protocol (refer to Specifying the Default Protocol in this chapter) is set to LAT or ANY, you can ignore the LAT keyword.
PAGE 231
Configuring and Managing Interactive Devices Local> CONNECT TELNET SALES Local> CONNECT TELNET SALES.MARKETING.FOO.COM Local> CONNECT TELNET 129.122.30.11 You can also use the OPEN or TELNET command instead of the CONNECT command to connect to an Internet host. The OPEN command does not accept the TELNET keyword.
PAGE 232
Configuring and Managing Interactive Devices • TEST INTERNET or PING - Sends an ECHO request message to the specified remote Internet host. You use this command to test for a valid connection. This command starts a PING session, which continues until the PING succeeds (and sends a VERIFICATION message) or until the timeout period of 30 seconds is exceeded. The following shows how to test the communication to an Internet host with an address of 22.46.72.167: Local> TEST INTERNET 22.46.72.
PAGE 233
Configuring and Managing Interactive Devices For ports with session management terminals, the kind of terminal at the port further determines the port’s session limit, where the access server port can support up to eight terminal sessions. However, terminal devices typically support a maximum of less than eight terminal sessions. The documentation for the terminal device should tell you how many terminal sessions the device can have. Set the port session limit to a value in that range.
PAGE 234
Configuring and Managing Interactive Devices SHOW/MONITOR SESSIONS Display Fields The following table describes the information in the SHOW/MONITOR SESSIONS display: Field Description Session n Number of the session. First Column Status of a session, which can be one of the following: Connected Port is connected to the service. Connecting Port is attempting to connect to a service Disconnected Session was terminated while dormant.
PAGE 235
Configuring and Managing Interactive Devices There are only two lines in this display. The first line displays the port number, session number, and protocol used by the session. The second line displays the transparency mode, which can be Interactive, Pasthru, or Passall. For an explanation of the characteristics for Telnet and 3270 sessions, refer to Specifying the Telnet Client Session Profile in this chapter and Chapter 18, respectively.
PAGE 236
Configuring and Managing Interactive Devices SHOW/MONITOR PORT SESSIONS STATUS Display Fields The following table provides a description of the SHOW/MONITOR PORT SESSIONS STATUS display information: Field Description Do-Binary Enabled — Interpreting all data received as in a BINARY access server format. Disabled — Not interpreting all data received as in a BINARY format. Will-Binary Enabled — Sending data in a BINARY format. Disabled — Not sending data in a BINARY format.
PAGE 237
Configuring and Managing Interactive Devices Field Description Do-End of Record Enabled — The access server is enabled to receive EOR commands. Disabled — The access server is not enabled to receive EOR commands. Will-End of Record Enabled — The access server has permission to transmit EOR commands to the remote peer. Disabled — The access server does not have permission to transmit EOR commands to the remote peer.
PAGE 238
Configuring and Managing Interactive Devices Terminating Sessions There are two commands you can use to terminate a session on another port: • The privileged LOGOUT PORT command allows you to manually log out any port, and all sessions terminate at the specified port. If the port device supports session management, the LOGOUT PORT command disconnects all the terminal sessions (and the associated sessions) then logs out the port.
PAGE 239
Chapter 13 Configuring and Managing LAT Services Overview Introduction This chapter explains how to configure devices attached to the access server ports as LAT services. A LAT node can offer devices as LAT services to users on the port itself and other LAT nodes. Prerequisites Before you use the procedures in this chapter, you must: • Connect and test the devices. • Enable privileged status. • Configure the port and device characteristics to match.
PAGE 240
Configuring and Managing LAT Services 13-2 • Configuring a Printer with Unannounced Availability • Verifying the LAT Service • Managing Your Access Server As a LAT Node Offering a Service
PAGE 241
Configuring and Managing LAT Services Configuring a Port to Offer a LAT Service Configuration Parameters After you attach a device to a port and ensure that the port and device characteristics match, you need to specify certain configuration parameters to enable all devices as LAT services. The following table lists the configuration parameters.
PAGE 242
Configuring and Managing LAT Services Configuring Access to a LAT Service Assigning a Service Name A service name is a name you assign to the LAT service using the CHANGE SERVICE NAME command. When you assign a service name, the access server periodically multicasts the service’s availability over the network. When you select a service name for a device, follow these guidelines: • Service names must be 1 to 16 characters long and cannot be abbreviated.
PAGE 243
Configuring and Managing LAT Services Example: Clearing the Identification String To clear a previously set service identification string, enter the ID qualifier with empty quotations marks, as shown in the following example: Local> CHANGE SERVICE LN03_PRINT PORT 5-7,12 ID "" Assigning a Port Name Assigning a port name to a service limits the service’s availability. When you assign a port name to a service: • The service is not listed in the access server multicast message.
PAGE 244
Configuring and Managing LAT Services Example: Assigning a Service Password The following example shows two ways to assign a password to the service LN03_PRINT: Local> DEFINE SERVICE LN03_PRINT PASSWORD Password> BLIGH (not echoed) Verification> BLIGH (not echoed) Local> or Local> DEFINE SERVICE LN03_PRINT PASSWORD "BLIGH" ! Do not specify passwords for services such as printers that you set up for hostinitiated requests.
PAGE 245
Configuring and Managing LAT Services Configuration of Specific Types of Devices As LAT Services Introduction This section provides examples of configuring the following types of devices as LAT services: • A personal computer (as both a LAT service and a terminal) • A computer • A modem • A printer When you configure each type of device, you need to determine if the devices use SIGNAL CONTROL or MODEM CONTROL.
PAGE 246
Configuring and Managing LAT Services Configuring a Computer As a LAT Service By using multiple terminal interfaces and access server ports, you can use more than one access server port with a single computer system. Ensure that each access server port is assigned to a service.
PAGE 247
Configuring and Managing LAT Services Configuring a Printer As a LAT Service After you configure a printer as a LAT service, you need to set up the appropriate LAT remote print queue as described in the following sections of this chapter: Setting Up a LAT Remote Print Queue on an OpenVMS Host and Setting Up a LAT Remote Print Queue on an ULTRIX System.
PAGE 248
Configuring and Managing LAT Services Creating a Logical Device to Access a Printer Service The following example shows how to run LATCP to create a logical device. This example configures the logical port LTA1925 to access the LAT service PRINT. $RUN SYS$SYSTEM:LATCP LCP> CREATE PORT LTA1925: /NOLOG LCP> SET PORT LTA1925: /APPLICATION /NODE=LAT_08002B054DE0 /SERVICE=PRINT LCP> EXIT $COPY/LOG FILE.
PAGE 249
Configuring and Managing LAT Services $! This command procedure sets up the local characteristics of the $! applications devices for remote printers and sets up the print $! queues for these remote printers. These devices should have been $! set up previously by the LTLOAD.COM command file. NOTE: The queue $! manager must be running before executing this file. $! $! Set up local characteristics for the applications devices.
PAGE 250
Configuring and Managing LAT Services Example: Configuring a LAT Remote Print Queue on an ULTRIX System The following example provides a sample procedure for setting up a remote print queue for a laser printer. This example identifies the access server and port names to the with the /etc/printcap file.
PAGE 251
Configuring and Managing LAT Services Configuring a Printer with Unannounced Availability Introduction This section describes how to configure a printer with unannounced availability. The only users that know about the device’s availability are those users that you tell about the device. By defining a port name and not a service name, you can configure a device on the access server for access by users on a LAT network.
PAGE 252
Configuring and Managing LAT Services Example: Configuring a Printer with Unannounced Availability on a LAT Network on Port 4 Local> Local> Local> Local> Local> Local> Local> DEFINE DEFINE DEFINE DEFINE DEFINE DEFINE LOGOUT PORT PORT PORT PORT PORT PORT PORT 4 4 4 4 4 4 4 ACCESS REMOTE AUTHORIZED GROUPS 10,24,46 AUTOBAUD DISABLED AUTOCONNECT DISABLED DEDICATED NONE DSRLOGOUT DISABLED INACTIVITY LOGOUT ENABLED LONGBREAK LOGOUT DISABLED NAME PORT_4 SIGNAL CHECK ENABLED SIGNAL CONTROL DISABLED For system
PAGE 253
Configuring and Managing LAT Services Verifying the LAT Service Do This To verify whether the service is functioning, try connecting to the new service. Once connected, you can assess whether the device responds appropriately. The appropriate response depends on what device is attached to the access server port. When you have adequate information, return to local mode (press the Break key or a local-switch character) and disconnect the service by typing DISCONNECT at the Local> prompt.
PAGE 254
Configuring and Managing LAT Services • Verify whether the port is properly configured by entering a SHOW PORT command and looking at the port characteristics display.
PAGE 255
Configuring and Managing LAT Services Managing Your Access Server As a LAT Node Offering a Service Introduction By default, once there is a service, the access server functions as a service node by issuing multicast service announcements, which describe its available services to access servers on the network. These announcements contain information about the service node (such as its name and identification string) and about the available services.
PAGE 256
Configuring and Managing LAT Services Displaying Services Characteristics The LIST/SHOW/MONITOR SERVICES CHARACTERISTICS command generates a display of information on values that you can modify with the SET/ DEFINE/CHANGE SERVICE command. With the LIST command, the characteristics display is the default display for the SERVICES and the SERVICES LOCAL entity specifications.
PAGE 257
Configuring and Managing LAT Services Field Description Connections Access server allows connections to this service. Password Access server requires the requester of the service to supply a password before access to the service is allowed. Queuing Access server places queued connection requests for this service in a queue if the request cannot be immediately satisfied.
PAGE 258
Configuring and Managing LAT Services Example: SHOW SERVICE STATUS Display The following example shows how to generate a service status display for a service named DEVELOP: Local> SHOW SERVICE DEVELOP STATUS Service DEVELOP - Available Node Name Status Rating Identification ORANGE Reachable 27 Terminals Development System PEACH Unreachable 255 Engineering Development System TEST Unknown 150 High-powered Performance Testing SHOW/LIST/MONITOR SERVICE STATUS Display Headings The following table describes the
PAGE 259
Configuring and Managing LAT Services Heading Description Rating Relative capability for a service node to process new sessions. The service rating is assigned by a service node for each service that it offers. With the higher rating, the capability of the service node to accept a new connection is greater. The access server uses service ratings to decide where to establish a service session when two or more service nodes offer the same service.
PAGE 260
Configuring and Managing LAT Services Example: SHOW SERVICE SUMMARY Display The following example shows how to generate a service summary display for all network services: Local> SHOW SERVICES ALL SUMMARY Service Name Status Identification DEVELOP DOCUMENT TEST TIMESHARING Hardware Development System Documentation Timesharing High-powered Performance Testing Accts.
PAGE 261
Chapter 14 Configuring and Managing Telnet Servers Overview Introduction This chapter explains how to configure various types of devices as a Telnet or raw TCP server. A Telnet or raw TCP server is a resource on a TCP/IP network. To use the procedures in this chapter, you must: • Connect and test the devices • Enable privileged status • Configure the port and device characteristics to match Refer to your access server hardware documentation for information about connecting device cables.
PAGE 262
Configuring and Managing Telnet Servers 14-2 • Managing Your Access Server As a Telnet Listener Node • Supplying User Location Data to Telnet Servers • Configuring a Raw TCP Listener
PAGE 263
Configuring and Managing Telnet Servers Sample Device Configurations Introduction This section provides examples of configuring the following types of devices for access through a Telnet listener: • A printer • A computer • A modem You must configure the device and port characteristics as described in Chapter 9 before performing the procedures described in this chapter. The examples in this section do not include the various Telnet server characteristics.
PAGE 264
Configuring and Managing Telnet Servers The following example shows a sample configuration of a printer used for access through a Telnet listener on port 4.
PAGE 265
Configuring and Managing Telnet Servers Example: Configuring a Dial-In and Dial-Out Modem The following example shows a sample configuration of a dial-out modem used for access through a Telnet listener on port 4: Local> Local> Local> Local> Local> Local> Local> Local> Local> DEFINE DEFINE DEFINE DEFINE DEFINE LOGOUT CHANGE CHANGE CHANGE PORT 4 PORT 4 PORT 4 PORT 4 PORT 4 PORT 4 TELNET TELNET TELNET ACCESS DYNAMIC AUTOBAUD DISABLED DSRLOGOUT DISABLED FLOW CONTROL XON INACTIVITY ENABLED MODEM CONTROL ENA
PAGE 266
Configuring and Managing Telnet Servers Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener Sample Configuration To configure a PC for access through a Telnet listener only, use the following example and: Local> Local> Local> Local> Local> Local> Local> Local> Local> Local> • Substitute MODEM CONTROL for SIGNAL CONTROL if your access server supports modem control.
PAGE 267
Configuring and Managing Telnet Servers Setting User Priority for Devices Using Dynamic Access You can enable interrupts if you want the owner or main user of the device to have full control over it. For example, the main user of a personal computer may require priority over other users that want to copy files from the computer disk. You can provide this control by setting the port to INTERRUPTS ENABLED and the Break key to LOCAL.
PAGE 268
Configuring and Managing Telnet Servers To be available for file transfers, the PC must be logged out from the access server port. When a connection is made to the port, the port shifts to remote-access mode. To transfer files, you must set up the access server port and the personal computer (local partner) to function as the initiator of a session with the remote partner in the transfer. The remote partner computer can be a session node or a personal computer that is available on the network.
PAGE 269
Configuring and Managing Telnet Servers Configuring a Remote Print Queue Introduction The following sections explain how to configure a print queue on an ULTRIX or UNIX system. Configuring a TCP/IP Remote Print Queue on an ULTRIX System An ULTRIX print spooler can be configured to access one or more access server ports through the access server Telnet listener. Thus, a file can be queued for printing using the host’s lpr command.
PAGE 270
Configuring and Managing Telnet Servers It is assumed that you are familiar with configuring an ULTRIX print system. For more detailed description of the ULTRIX print system, refer to the ULTRIX Guide to System Environment Setup. Step Action 1 Use the lprsetup program to initially configure a remote access printer entry in the printcap file. Example: The following example creates printer ds0 with spooling directory /usr/spool/ lpd1. Some of the questions are ignored by pressing the Return key.
PAGE 271
Configuring and Managing Telnet Servers Configuring a Telnet Listener Introduction Perform the following steps to assign a Telnet listener to one or more devices attached to access server ports: Step Action 1 Assign a TCP port to the access server port. The access server uses 23, and 2001 to 2032 as TCP port numbers. The TCP port number is the number that users on the TCP/IP network use to connect to the device on the access server port.
PAGE 272
Configuring and Managing Telnet Servers Configuring Telnet Server Session Characteristics Introduction The following sections describe how to configure the various Telnet server session characteristics. Mapping Event Indications to Keyboard Characters You can map the event indications to keyboard characters. The factory-set default for each indication is that no character is sent to the device or application on the access server port set up as a Telnet server port.
PAGE 273
Configuring and Managing Telnet Servers Event Indication Description Erase Previous Character (EC) Occurs when the remote user of this connection issues an EC request. No operation (NOP) Occurs when the remote user of this connection issues a NOP command. Specifying Newline Characteristics The NEWLINE characteristics allow the person managing the access server to define a new line as a 1- or 2-character sequence.
PAGE 274
Configuring and Managing Telnet Servers Erase Previous Line (EL) Occurs when the remote user of this connection issues an EL request. Example: Setting Character Size in a Specific Direction The following example shows how to set CHARACTER SIZE to 7 in the TRANSMIT direction: Local> CHANGE PORT 5 TELNET SERVER TRANSMIT CHARACTER SIZE 7 To set the character size in the receive direction, use RECEIVE instead of TRANSMIT.
PAGE 275
Configuring and Managing Telnet Servers Managing Your Access Server As a Telnet Listener Node Introduction This section contains the procedures to display and remove Telnet listeners. Displaying Telnet Listeners The SHOW/LIST/MONITOR TELNET LISTENER command displays the Telnet listener characteristics. The ALL characteristic displays all the Telnet listeners. You can specify a specific Telnet listener by its TCP port number.
PAGE 276
Configuring and Managing Telnet Servers Example: SHOW PORT TELNET SERVER CHARACTERISTICS Display The following example shows how to display the Telnet server characteristics on port 12: Local> SHOW PORT 12 SESSIONS 1 CHARACTERISTICS Xmit Char Size: 8 Newline From Term: Rcv Char Size: 8 Newline From Host: IP: None Newline To Term: AYT: None Newline To Host: AO: None EC: EOR: None EL: NOP: None BRK: Local> NONE NONE None Removing a Telnet Listener You can remove a Telnet listener
PAGE 277
Configuring and Managing Telnet Servers Step Action 3 Disable the port as follows (substitute your listener TCP port for 2005 and the listener physical port for 5): Local> CHANGE TELNET LISTENER 2005 PORT 5 DISABLED 4 Enable the Telnet listener. The following shows how to enable connections to internet port 2005: Local> SET TELNET LISTEN 2005 CONNECTIONS ENABLED Reassigning a Port This process allows you to manage a failed access server port that is configured as a Telnet listener.
PAGE 278
Configuring and Managing Telnet Servers Supplying User Location Data to Telnet Servers Introduction When the access server creates a Telnet client connection, it automatically negotiates with the Telnet server to send port user data. If the server responds with a “send” message, the access server transmits the session port name and port number. Appropriate software on the server can then use the location data for each session to generate statistics about Telnet use.
PAGE 279
Configuring and Managing Telnet Servers Configuring a Raw TCP Listener Introduction When you configure a Telnet listener to use raw TCP, the associated port sends data to a device or a remote host without any data manipulation or interpretation of control characters. Because raw TCP sends the data it receives to a port without any interpretation, sending data this way is faster than using the Telnet protocol.
PAGE 280
Configuring and Managing Telnet Servers Displaying Raw TCP Characteristics Use the SHOW/LIST TELNET LISTENER command to view the raw TCP settings. Example: Raw TCP Display The following example shows a typical display for a Telnet listener configured for raw TCP: Local> SHOW TELNET LISTENER 2003 Listener TCP-port: 2003 Listener Type: RAW TCP Identification: Ports: 3 Connections: ENABLED IP address: 12.22.22.
PAGE 281
Chapter 15 Configuring LPD Printers Overview Introduction The Line Printer Daemon (LPD) handles remote networking printing. It listens for print requests from remote hosts on the Local Area Network (LAN) and responds to these requests. The LPD software that the access server implements is similar in function to the LPR/LPD (Line Printer Remote/Daemon) on UNIX systems.
PAGE 282
Configuring LPD Printers LPD Operation Supported File Types The access server’s LPD implementation supports printing of ASCII text and PostScript header and trailer pages. The access server does not convert files from one format to the other. The host system must be configured with appropriate printer drivers to match the file formats supported by the printer. Users must be aware of the type of file they want to print and select the appropriate printer and printer driver when submitting a print job.
PAGE 283
Configuring LPD Printers • If the data file arrives first, the access server sends the file to the printer according to the printer setup on the port. When the control file arrives, the access server sends the user data to the printer as the last page of the print job. In this situation, the access server cannot display or use user information from the control file while the file is printing.
PAGE 284
Configuring LPD Printers Remote Host (LPD Client) Access Server (LPD Server) 3.Access Server confirms that specified printer is ready to print. 5. Receives data and control files. 6. LPD sends the data to the local printer. Printer Serial Port TCP 4. LPR sends data and control files to remote LPD server. Port 515 2. LPR connects to remote LPD server. LAN Interface 1. User issues an LPR print command. LKG-10496-98fh8 Figure 15-1.
PAGE 285
Configuring LPD Printers Configuring LPD Configuring Remote Hosts Remote network printing using LPR/LPD requires that you set up the host system correctly. The following table describes the setup requirements for specific types of hosts: If Printing From This Host: Then: UNIX Create an entry in the /etc/printcap file that includes the name of the remote printer and the IP address of the access server (the LPD server). Refer to your system’s LPR/LPD documentation for details.
PAGE 286
Configuring LPD Printers The following table lists the print characteristics that you can configure: Characteristic Description AUTOCR Automatically inserts a carriage return. When you enable this option, the access server inserts a carriage return after each line feed character if there is no existing carriage return. The AUTOCR option applies only to ASCII text files. CONNECTIONS Specifies whether a user can queue a print job to a printer.
PAGE 287
Configuring LPD Printers Printer Configuration Example The following example shows how to configure the access server to use LPD for remote network printing: Local> DEFINE PRINTER LPS32_PS CONNECTIONS ENABLED HEADER ENABLED PORTS 4,5 TRAILER DISABLED AUTOCR DISABLED In this example: • The name of the printer is LPS32_PS. • The printer is set to allow users to submit print jobs to it. • A header page prints at the start of each job. • The ports associated with the printer are 4 and 5.
PAGE 288
Configuring LPD Printers Displaying Printer Characteristics Use the LIST/SHOW PRINTER command to display the printer characteristics. You can specify a printer name or display all of the configured printers.
PAGE 289
Configuring LPD Printers Notification, Message Codes, Output Flow Control, Verification Local> SHOW PRINTER SPEEDY STATUS Printer: Identification: Print Jobs: SPEEDY Fast Laser Printer 34 Total Bytes Sent: 459285 Printer Service Status: Port 4 5 User Status Bytes Waiting for data file 3045 Waiting for LPD command 0 15-9
PAGE 290
Configuring LPD Printers 15-10
PAGE 291
Chapter 16 Configuring and Managing SLIP Ports Overview Introduction This chapter explains how to configure and manage access server ports for use with PCs and computers acting as serial line Internet protocol (SLIP) hosts. A SLIP host is an Internet host that uses SLIP as its data link over low-speed serial lines. To use the procedures in this chapter, you must: • Ensure that the devices support SLIP. • Connect and test the devices. • Enable privileged status.
PAGE 292
Configuring and Managing SLIP Ports 16-2 • Managing the Maximum Transmission Unit • Configuring a Port So That a PC Can Function as a Terminal or SLIP Host • Configuring a Dedicated SLIP Port • Configuring a Dial-In Modem for Use with a SLIP Host • Establishing Terminal Sessions with a PC • Establishing a SLIP Session • Establishing a SLIP Session • Compressed SLIP • Displaying SLIP Counters • Disabling SLIP
PAGE 293
Configuring and Managing SLIP Ports Packet Forwarding to and from SLIP Hosts Description During SLIP sessions, the access server forwards packets from an attached SLIP host through the Ethernet interface to the Internet. When the access server receives a packet addressed to an attached SLIP host, it forwards the packet to that host. The access server also directly forwards packets from one attached SLIP host to another attached SLIP host.
PAGE 294
Configuring and Managing SLIP Ports Displaying SLIP Characteristics Introduction The LIST/SHOW/MONITOR SLIP CHARACTERISTICS command enables you to display the SLIP configuration for a given port. The characteristics that you manage are the host address, the Maximum Transmission Unit (MTU) and the compression. If you change SLIP characteristics while a SLIP session is already established, the changes have no effect until you start a new SLIP session.
PAGE 295
Configuring and Managing SLIP Ports Managing Internet Addresses for SLIP Hosts Introduction The Internet address for the SLIP host must be unique on the subnet and must have the same subnet identifier as the access server. A subnet identifier is the result of a logical AND operation on the Internet address and the subnet mask. For example, assume that you set: 1. The access server Internet address as follows: Local> CHANGE INTERNET ADDRESS 83.62.18.101 2.
PAGE 296
Configuring and Managing SLIP Ports How a Port Automatically Obtains the SLIP Host Address If you configure a port for SLIP communication and do not assign a host address, the access server does the following: 1. Reads the source address from the attached host’s first output IP packet. 2. Automatically assigns this address to the port if it is valid. The access server clears this address when the SLIP host logs out from the port.
PAGE 297
Configuring and Managing SLIP Ports Managing the Maximum Transmission Unit Introduction The maximum transmission unit (MTU) value specifies the maximum size of the datagram that a given access server port accepts. The range is 64 to 1500 bytes. The default is 1500 bytes. Changing the MTU You can change the MTU value using the SET/DEFINE/CHAGE PORT n MTU command. If you use the SET or CHANGE command, the new value does not affect an existing SLIP connection.
PAGE 298
Configuring and Managing SLIP Ports Configuring a Port So That a PC Can Function as a Terminal or SLIP Host Introduction This section describes how to configure an access server port so that you can use an attached PC as a both a terminal and a SLIP host. With this configuration, port users can switch between terminal emulation and SLIP mode. To configure the port so that the PC acts only like a SLIP host, refer to the Configuring a Dedicated SLIP Port section in this chapter.
PAGE 299
Configuring and Managing SLIP Ports Configuring a Dedicated SLIP Port Introduction The dedicated SLIP port allows a single SLIP session. Before you perform this procedure, you must configure the device and port characteristics as described in Chapter 9.
PAGE 300
Configuring and Managing SLIP Ports Configuring a Dial-In Modem for Use with a SLIP Host Introduction Before you perform this procedure, you must configure the device and port characteristics as described in Chapter 9.
PAGE 301
Configuring and Managing SLIP Ports Establishing Terminal Sessions with a PC Prerequisites Before you can use a PC to establish a terminal session with the access server, you must: 1. Configure the device and port characteristics as described in Chapter 9. 2. Enter the commands to set up SLIP operating characteristics as shown in the Example: Configuring a PC As a Terminal and SLIP Host, in this chapter. 3.
PAGE 302
Configuring and Managing SLIP Ports Establishing a SLIP Session Enabling a SLIP Session from the PC The following example shows how a nonprivileged user could configure and start a SLIP session. The example assumes that the port characteristics are configured as shown this example. The CHANGE PORT SLIP MTU command is optional. Local> CHANGE PORT SLIP HOST 195.1.1.
PAGE 303
Configuring and Managing SLIP Ports Compressed SLIP Introduction The access server has the ability to enable compressed SLIP (CSLIP). Enabling CSLIP compresses the lengthy headers of IP datagrams on low-speed asynchronous serial lines. Therefore, enabling CSLIP can improve performance. Enabling CSLIP Use the SET/CHANGE PORT n SLIP COMPRESSION command to enable or disable CSLIP. By default, compression is disabled. When you enable CSLIP, make sure that it is enabled at both ends of the communications link.
PAGE 304
Configuring and Managing SLIP Ports Displaying SLIP Counters Commands The SHOW/MONITOR PORT SLIP COUNTERS command displays the various SLIP counters. To reset the counters, use the ZERO COUNTERS PORT SLIP command.
PAGE 305
Configuring and Managing SLIP Ports Field Description Send Packets Lost Number of send IP packets lost due to lack of buffers. Send Packets Queued Number of IP packets in a queue to be sent to the SLIP host on the port.
PAGE 306
Configuring and Managing SLIP Ports Disabling SLIP Command Use the CHANGE PORT n SLIP DISABLED command to disable SLIP on a port.
PAGE 307
Chapter 17 Configuring for SNMP Access Overview Introduction This chapter describes how to configure the access server simple network management protocol (SNMP) agent so that it can be controlled by a remote Network Management Station (NMS). Reference For complete information about managing SNMP on the access server, refer to the file snmp_survival.txt contained in the software installation kit. This file fully describes every SNMP-accessible variable and table in the access server.
PAGE 308
Configuring for SNMP Access Supported SNMP Features Supported Specifications The access server supports the SNMP specifications listed in the following table: Specification Title RFC 1155 Structure for Management Information for TCP/IP-Based Protocols RFC 1157 A Simple Network Management Protocol (SNMP) SNMP Community Names An SNMP community name is a character string that the NMS uses as a password to gain access to the access server. A community name contains a maximum of 32 characters.
PAGE 309
Configuring for SNMP Access Supported MIBs The access server supports the Management Information Bases (MIBs) listed in the following table. The release kit contains all supported MIBs. The network manager can enroll these MIBs in the appropriate NMS. MIB Description RFC 1213 Management Information Base (MIB II) for Internet protocol suite management. This makes RFC 1158 obsolete. RFC 1243 Definitions of Managed Objects for the AppleTalk MIB.
PAGE 310
Configuring for SNMP Access Supported Management Information Base Variables Figure 17-1 illustrates the access server implementation of MIB-II, the Character MIB, RS-232-like MIB, AppleTalk MIB, and Ethernet-like MIB variables. The objects described in this section are implemented as defined in RFCs 1213, 1243, 1284, 1316, and 1317.
PAGE 311
Configuring for SNMP Access Configuring the Access Server for SNMP Access Enabling and Disabling SNMP The access server must have an Internet address to enable SNMP. To enable SNMP, enter: Local> CHANGE SNMP ENABLED To disable SNMP, enter: Local> CHANGE SNMP DISABLED Displaying Information About SNMP Use the SHOW SNMP command to display the access server’s SNMP characteristics.
PAGE 312
Configuring for SNMP Access When you create a community name without specifying an address the access server assigns the default address ANY. The address ANY enables any NMS that knows this community name to GET or SET information about the access server.
PAGE 313
Configuring for SNMP Access This Event: Occurs When: Line down A network data link session was disconnected on port n. Authentication Unauthorized SNMP access was attempted Example: Configuring SNMP TRAP Messages The following example shows how to create the community name server. In this example, only NMS 195.1.1.2 can access community name SERVER. The access server sends TRAP messages to this NMS.
PAGE 314
Configuring for SNMP Access UNIX NMS VMS NMS DOS NMS Accesses: SNUGS SERVER Accesses: SNUGS BUGS Accesses: SNUGS 195.1.1.2 195.1.1.1 195.1.1.3 GET GETNEXT SET LAN Access Server 195.1.1.8 Communities: SNUGS - GET, GETNEXT, and SET Enabled BUGS - 195.1.1.1 only, GET, GETNEXT, and SET Enabled SERVER - 195.1.1.2 only, GET, GETNEXT, SET, and TRAPS Enabled LJ-05096.fh8 Figure 17-2.
PAGE 315
Configuring for SNMP Access The following example shows how to remove community name BUGS: Local> CLEAR SNMP COMMUNITY "BUGS" Removing an Address from a Community Name You can remove an NMS address from a community name by using the ANY keyword in the CHANGE SNMP COMMUNITY community-name ADDRESS command. This keyword allows any NMS that knows the community name to access the access server. The access server, however, rejects an ADDRESS ANY command if TRAP access is enabled.
PAGE 316
Configuring for SNMP Access Configuring the NMS Procedure To configure an NMS to manage an access server using SNMP, do the following: 17-10 Step Action 1 Enter the access server management information bases (MIBs) in the NMS database (see Supported MIB Variables in this chapter). The software installation kit includes ASCII text files of these MIBs. 2 Enter the access server IP address, each appropriate community name, and desired access rights in the NMS database.
PAGE 317
Chapter 18 Managing the Access Server Overview Introduction The following lists the actions you perform to manage the access server. These actions should be done on an as-needed basis. • Manage the access server as part of the LAT network. • Manage the access server as part of the TCP/IP network. • Manage access server characteristics. • Check port status and counters. • Reassign a port device (in case of port failure).
PAGE 318
Managing the Access Server Managing Your Access Server As Part of the LAT Network Introduction The network manager should coordinate the activities of service nodes and access servers. This section describes a set of configuration guidelines that helps maximize performance from your LAT network. All the guidelines presented are optional; however, failure to follow these guidelines might result in unnecessary performance degradation.
PAGE 319
Managing the Access Server A higher node limit uses more of the access server memory. A lower node limit uses less memory. However, a lower node limit can potentially increase the time to make a connection to nodes that are not in the service database. You need to decide the optimal number for your needs. The following example shows how to decrease the node limit to 100: Local> CHANGE SERVER NODE LIMIT 100 Reducing Memory Usage Set the node limit characteristic to a lower value.
PAGE 320
Managing the Access Server SHOW/LIST/MONITOR NODE STATUS Display Fields The following table describes the information in the fields and headings of the node status display: 18-4 Field Description Node Name of the service node. LAT Protocol Vx.x LAT protocol version number and update level of the service node software. LAT Version 5.2 protocol permits queued connection requests for printers connected to network access servers. LAT Version 5.2 protocol does not permit queued connection requests.
PAGE 321
Managing the Access Server Field Description Identification column Service identification string. Rating column Value assigned to the service by the service node, indicating relative capacity to accept new connections or new queue connections. This value is the current loadbalancing rating associated with the service. The rating varies from 0 to 255. With the higher value, the capacity of the service node to accept a new connection is greater.
PAGE 322
Managing the Access Server Local> SHOW NODE PEACH COUNTERS Node: PEACH Seconds Since Zeroed: 961608 Multiple Node Addresses: Messages Received: 687568 Duplicates Received: Messages Transmitted: 558793 Messages Re-transmitted: Slots Received: 509763 Illegal Messages Received: Slots Transmitted: 532932 Illegal Slots Received: Bytes Received: 13876620 Solicitations Accepted: Bytes Transmitted: 475427 Solicitations Rejected: 0 21 35 0 0 0 0 SHOW/LIST/MONITOR NODE COUNTERS Display Fields The following table d
PAGE 323
Managing the Access Server Field Description Messages Retransmitted Number of messages the access server retransmitted to this node. This value should be less than 1/1000 of the value for Messages Transmitted. If this value is higher than the guideline, the service node might not be handling the access server message load. Illegal Messages Received Number of illegally formatted messages the access server received from this node. This value should be zero.
PAGE 324
Managing the Access Server If you use the SET/DEFINE/CHANGE SERVER NAME command and you specify an access server name that is already being used by another node, other LAT nodes may replace your access server name with a default LAT name to make your access server name unique. The default is in the following format: LAT_nnnnnnnnnnnn The value nnnnnnnnnnnn is the unhyphenated, 12-digit Ethernet address of the second service node, which is used on the node summary displays.
PAGE 325
Managing the Access Server NODE SUMMARY Display Fields The following table describes the information in the NODE SUMMARY display: Heading Description Node Name The name of the service node as defined in the access server node database. Status Reachability status of the service node shown as one of the following: • n Connected — Node is reachable and n sessions are active with services offered by the service node. • Reachable — No sessions are active, but the service node is accessible.
PAGE 326
Managing the Access Server Displaying Information About the Access Server Introduction The LIST/MONITOR/SHOW SERVER command displays information about the access server or about data maintained by the access server. You can obtain characteristics, counter, status, and summary displays for the access server. Specifying the Prompt The factory-set default access server prompt is Local>. You can change this prompt to any ASCII character, with a restriction of 1 to 16 characters.
PAGE 327
Managing the Access Server the node counters display descriptions in Viewing LAT Node Counters Information in this chapter. Displaying Information About the Access Server Each counter has a maximum value of 4,294,967,295. If a counter reaches that value, it latches (remains) at that value until either the counters are set to zero or the access server is initialized.
PAGE 328
Managing the Access Server Field Description Bytes Sent Number of bytes contained in datagrams successfully transmitted by the access server, excluding Ethernet header and CRC data. Frames Received Number of datagram frames successfully received by the access server, including multicast frames. Frames Sent Number of datagram frames successfully transmitted by the access server, including multicast frames.
PAGE 329
Managing the Access Server Field Description Send Failure Reasons Mask providing information about the type or types of send failure encountered if the Send Failures counter is not zero. This is a cumulative mask.The following are the bits defined in the mask: Bit 0 1 4 5 8 9 If a reason for send failures is heartbeat errors and the access server characteristic HEARTBEAT is enabled for a transceiver that supports heartbeat, you can usually expect up to about 200 such errors daily.
PAGE 330
Managing the Access Server Field Description Unrecognized Destination Number of times a frame was passed through the hardware, but the access server did not recognize the multicast address and discarded the message. This value reflects multicast traffic or other traffic addressed to the access server from protocols not supported by the access server. The count will be high if the access server does not have an IP address and is connected to a network with ARP traffic.
PAGE 331
Managing the Access Server Field Description Solicitations Rejected Number of queued connection requests that the access server could not process and therefore rejected. The sum of the number of solicitations accepted and the number of solicitations rejected equals the number of queued connection requests that the access server received. Multiple Node Addresses Number of times a service node became available with different Ethernet addresses.
PAGE 332
Managing the Access Server The first line displays the access server software version number and base level, LAT software version number, ROM version number, and the time that the access server has been running since the last downline load, expressed as days hours:minutes:seconds. Example: SHOW SERVER STATUS Display The following example shows how to generate an access server status display: Local> SHOW SERVER STATUS Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM x.
PAGE 333
Managing the Access Server Field Description Cur column Current running value of the resource. If the Max value is lowered during the Uptime, this value can exceed the Max value for counters. High column Highest value the resource attained, since the access server was last initialized. The length of time is shown in the Uptime field. If the Max value is lowered during the Uptime, this value can exceed the Max value for certain counters.
PAGE 334
Managing the Access Server Field Description Discarded Nodes Number of nodes that could not be entered into the access server database, because of the value set for the node limit characteristic or because of a lack of memory. If this count is nonzero, the access server might be experiencing resource problems. The memory used for storing service and node information is shared with that used for handling multiple sessions and queued connection requests.
PAGE 335
Managing the Access Server Field Description Console User Address of the node at which the Remote Console Facility (RCF) is being used to access the access server. The access server indicates “none available” if the RCF is not in use. Boot Protocol This is the protocol used to downline load the software.
PAGE 336
Managing the Access Server Field Description Selftest Status (continued) 2000 4000 8000 10000 20000 Selftest Status (continued) 40000 80000 Port: 0000000000000000: This value is a hexadecimal number that corresponds to ports 1 to 16 from left to right. Note: If more than one bit is set in a bit map, the value shown is the sum of the values for each bit. For example, if the Service Status value is 18C (hexadecimal), this is the sum of 100, 80, 8, and 4.
PAGE 337
Managing the Access Server Example: SHOW SERVER SUMMARY Display The following example shows how to generate an access server summary display: Local> SHOW SERVER SUMMARY Network Access SW Vx.x for DSxxx Address: 08-00-2B-02-F2-BB Name: T_LAT06 Identification: Number 6 LAT Server Server Groups: 0,4,10-20 Local> Number: 6 SHOW/LIST/MONITOR SERVER SUMMARY Display Fields The following describes the access server summary display fields: Field Description Address Ethernet address of the access server.
PAGE 338
Managing the Access Server Checking Port Status and Counters Introduction The LIST/MONITOR/SHOW PORT command displays information about one or more ports on the access server. You can obtain characteristics, counter, status, and summary displays for ports. Displaying Port Characteristics The LIST/MONITOR/SHOW PORT CHARACTERISTICS command displays the values of the characteristics of the selected ports. The bottom of the display lists all the enabled port characteristics.
PAGE 339
Managing the Access Server Example: SHOW PORT CHARACTERISTICS Display The following example shows how to generate a port characteristics display: Local> SHOW PORT 1 CHARACTERISTICS Port 1: Joe Smith Character Size: Flow Control: Parity: Stop Bits: Access: Backwards Switch: Break: Forwards Switch: Default Protocol: Server: Servername 8 XON None Dynamic Local None Local None LAT Input Speed: 9600 Output Speed: 9600 Signal Control: Disabled Signal Select: CTS-DSR-RTS-DTR Local Switch: None Name: PORT_1 Se
PAGE 340
Managing the Access Server Example: SHOW PORT COUNTERS Display The following example shows how to generate a port counters display: Local> SHOW PORT 1 COUNTERS Port 1: Joe Smith Server: Servername Seconds Since Zeroed: 1182768 Local Accesses: Framing Errors: 0 Remote Accesses: Parity Errors: 0 Overrun Errors: 17 0 0 SHOW/MONITOR PORT COUNTERS Display Fields The following table describes the information in the port counters display: 18-24 Field Description Port n Number n of the port.
PAGE 341
Managing the Access Server Field Description Local Accesses Number of times an access server login occurred on the port. Remote Accesses Number of times a remote access connection was established on the port. Displaying Port Status The SHOW/MONITOR PORT STATUS command displays information about the operational condition of the selected port.
PAGE 342
Managing the Access Server Field Description Access Current setting of the ACCESS port characteristic. Access determines how a port can access a service node or how a port can be accessed by other interactive users and service nodes. Access is shown as one of the following: • Dynamic — Access server allows access on the port to alternate between local and remote. • Local — Access server allows only interactive use of the port. • None — Access server prevents any use of the port.
PAGE 343
Managing the Access Server Field Description Status Current status of the port, which can be one of the following: • Connected — Port is connected to a service. • Connecting — Port is attempting a connection to a service. • Disconnected — Session was terminated while dormant. • Disconnecting — Session is disconnecting from a service. • Idle — Port is not in use. • Local Mode — Port is logged in to the access server and is not connected to or connecting to a service.
PAGE 344
Managing the Access Server Displaying Port Summary The LIST/MONITOR/SHOW PORT SUMMARY command displays one line of general information for each selected port. The port summary display is useful for obtaining information about how the ports are being used. This is the default display for the PORTS ALL entity specification.
PAGE 345
Managing the Access Server SHOW/LIST/MONITOR PORT SUMMARY Display Fields The following table describes the information under the headings in the SHOW/LIST/MONITOR PORT SUMMARY display: Heading Description Port Number n of the port. Access Current setting of the ACCESS port characteristic. Access determines how a port can access a service node or how a port can be accessed by other interactive users and by service nodes.
PAGE 346
Managing the Access Server 18-30
PAGE 347
Chapter 19 Configuring and Managing 3270 Terminal Emulation (TN3270) Overview Introduction This chapter explains how to configure and manage the 3270 Terminal Emulator (TN3270) software for the access server. This software enables ASCII terminals and PCs to access IBM applications. The TN3270 software enables an ASCII terminal to emulate an IBM 3278 Display Station Model 2. The display screen of this model has 80 columns and 24 rows.
PAGE 348
Configuring and Managing 3270 Terminal Emulation (TN3270) Supported ASCII Terminals Definition TN3270 supports the following models of DIGITAL ASCII terminals: • VT100 with Advanced Video Option • VT102 • VT220, VT240, and VT241 • VT320, VT330, VT340, and VT341 • VT420 In the remainder of this chapter, the term ASCII terminal refers to all the models listed above and any compatible terminal emulation package.
PAGE 349
Configuring and Managing 3270 Terminal Emulation (TN3270) Definition and Description of a Keyboard Map 3278 Keyboards Because the IBM 3278 keyboard differs greatly from those on ASCII terminals, TN3270 provides keyboard maps. A keyboard map assigns the functions on the IBM 3270 keyboards to keys or key sequences on the ASCII terminals. For example, Ctrl/Z on an ASCII keyboard by default maps to the IBM 3270 EXIT function when you use the VT100 keyboard map.
PAGE 350
Configuring and Managing 3270 Terminal Emulation (TN3270) Configuring Basic 3270 Terminal Emulation Once the IBM system administrator has configured the IBM host with TCP/IP, you need to do the following: 1. Set up the ASCII terminal. 2. Indicate the model number of the IBM 3270 Information Display Station that a terminal emulates. 3. Specify the type of ASCII terminal attached to the port.
PAGE 351
Configuring and Managing 3270 Terminal Emulation (TN3270) Terminal Setup Parameters The following table provides information on terminal setup for the various DIGITAL terminal models: Terminal Model Terminal ModelSetup Parameters VT100 ANSI mode AUTO XON/XOFF = ON VT2xx, VT3xx, V4xx General: • VT100 through VT400 mode • 7-bit or 8-bit controls Communications: • XOFF at 64 or 128 • No local echo Indicating the 3270 Model Number To enable 3270 emulation on a port, you must specify the 3270 model numbe
PAGE 352
Configuring and Managing 3270 Terminal Emulation (TN3270) IBM Host Communications Introduction This section describes IBM host communications with a terminal attached to the access server. Connecting to an IBM Host After you complete the basic configuration of a port for 3270 emulation, you can use the CONNECT, OPEN, or TELNET commands to access an IBM host. The following example shows a connection to an IBM host that uses the host’s Internet address: Local> CONNECT 195.20.0.
PAGE 353
Configuring and Managing 3270 Terminal Emulation (TN3270) The status line is restored when: • You use the STATUS function. • You send data to the host. • The IBM application clears the screen. Status Line Messages The following table describes the messages that appear on the status line indicator: Message Description EXTEND You have pressed the EXT function. HIDDEN The status line is covering some screen data that you have not yet seen.
PAGE 354
Configuring and Managing 3270 Terminal Emulation (TN3270) Status Line Indicator Display Figure 19-1 shows the position of the status line indicator on the screen: INHIB LKG-7423-fh8 Figure 19-1.
PAGE 355
Configuring and Managing 3270 Terminal Emulation (TN3270) Displaying and Customizing Keyboard Maps Introduction Although the default TN3270 keyboard maps are sufficient for most users, some may want to customize keyboard maps for specific applications. This section describes the default keyboard maps and the options for displaying and customizing them. There are two ways to manage customization of keyboard maps: on a server-wide basis and a port-by-port basis.
PAGE 356
Configuring and Managing 3270 Terminal Emulation (TN3270) Default Server-Wide Terminal Type and Keyboard Maps The following table shows the default keyboard map and the associated terminal type: Predefined Terminal Type Default Keyboard Map ANSI VT100 VT100 VT100 VT220 VT220 VT320 VT220 VT420 VT220 These particular associations between terminal types and keyboard maps are fixed. You cannot reassign any of the five default terminal types to different keyboard maps.
PAGE 357
Configuring and Managing 3270 Terminal Emulation (TN3270) NOTE You cannot customize the predefined VT100 keyboard map that you set up with the first command. Local> CHANGE TN3270 TERMINAL PC_100_DCA KEYMAP VT100 Local> CHANGE TN3270 TERMINAL PC_100_DCA KEYMAP NEW_KEYS You can carry out a similar process for terminal devices that use the VT220 keyboard map—the other default map.
PAGE 358
Configuring and Managing 3270 Terminal Emulation (TN3270) • You cannot assign an ASCII key sequence that is a subset of a key sequence already assigned to a 3270 function. For example, the assignment of “KPDOT” to a 3270 function is disallowed if “KPDOT F20” is already assigned to a 3270 function.
PAGE 359
Configuring and Managing 3270 Terminal Emulation (TN3270) Selecting and Customizing Keyboard Maps for a Port Server-wide keymapping is the recommended method for customizing users’ TN3270 keymapping assignments. It uses access server memory efficiently and provides a common customized environment across all TN3270 ports. Port-byport keymapping is also possible, but uses additional access server resources. A user can set up unique keymapping assignments for use only on his or her port.
PAGE 360
Configuring and Managing 3270 Terminal Emulation (TN3270) You can list the defaults with this command: Local> SHOW TN3270 KEYMAP "KEYMAPNAME" The defaults are shown in the Default Server-Wide Terminal Type and Keyboard Maps and the Keyboard Map and Terminal Type.
PAGE 361
Configuring and Managing 3270 Terminal Emulation (TN3270) Example: SHOW PORT TN3270 KEYMAP Command The following example shows a partial display of a keymap: Local> SHOW PORT 2 TN3270 KEYMAP Port 1: john 3270 function ASCII Keystroke CLEAR mnemonic F12 description “Alt F2” . . .
PAGE 362
Configuring and Managing 3270 Terminal Emulation (TN3270) ASCII-to-EBCDIC and EBCDIC-to-ASCII Translation Tables Commands The following table lists and describes the commands that enable you to display and modify the ASCII-to-EBCDIC and EBCDIC-to-ASCII translation tables. These tables use ASCII codes 0 to 255. When you display or change a given translation, you must enter the codes in hexadecimal format.
PAGE 363
Configuring and Managing 3270 Terminal Emulation (TN3270) Guidelines for Managing the Use of NVRAM for TN3270 Introduction There is a pool of approximately 2.5 KB of shared NVRAM for the customization of the following TN3270 characteristics: • Keyboard maps for the ports • ASCII-to-EBCDIC and EBCDIC-to-ASCII translation tables This section provides guidelines on managing the available memory pool.
PAGE 364
Configuring and Managing 3270 Terminal Emulation (TN3270) Command Frees NVRAM Space Used By DEFINE TN3270 ETOA E-CODE A-CODE DEFAULT The specified EBCDIC-to-ASCII translation. DEFINE TN3270 ATOE A-CODE E-CODE DEFAULT The specified ASCII-to-EBCDIC translation. Limiting NVRAM Usage To limit the number of NVRAM keyboard maps that the port user can customize, use the command shown in the following example: Local> DEFINE PORT TN3270 NVRAM LIMIT 5 The default limit is 0.
PAGE 365
Configuring and Managing 3270 Terminal Emulation (TN3270) Commands to Manage TN3270 Terminal Emulation Introduction This section summarizes the commands to manage 3270 emulation. Reference For a complete description of these commands and the correct syntax, refer to the Cabletron Network Access Software Command Reference guide.
PAGE 366
Configuring and Managing 3270 Terminal Emulation (TN3270) TN3270 Port Characteristics The following table provides information on port characteristics and their defaults: SET/DEFINE/ CHANGE PORT TN3270 19-20 Description Default MODEL Specifies the model of IBM 3270 Information Display Station the ASCII terminal emulates. NONE Nonprivileged TERMINAL Indicates the type of ASCII terminal and associated keymap attached to the port.
PAGE 367
Configuring and Managing 3270 Terminal Emulation (TN3270) SHOW Commands The following table provides information on the SHOW Commands for port characteristics: SHOW Description PORT TN3270 KEYMAP The TN3270 keyboard map for a specified port. PORT TN3270 CHARACTERISTICS The TN3270 port characteristics for a specified port. TN3270 ATOE The ASCII-to-EBCDIC translation table. TN3270 ETOA The EBCDIC-to-ASCII translation table.
PAGE 368
Configuring and Managing 3270 Terminal Emulation (TN3270) 19-22
PAGE 369
Chapter 20 Configuring and Managing Point-toPoint Protocol (PPP) Ports Overview Introduction This chapter explains how to configure and manage access server ports for use with PCs and computers acting as Point-to-Point Protocol (PPP) hosts. A PPP host uses PPP as its data link over low-speed asynchronous serial lines. Prerequisites Before you use the procedures in this chapter, you must: • Ensure that the devices support PPP. • Connect and test the devices.
PAGE 370
Configuring and Managing Point-to-Point Protocol (PPP) Ports 20-2 • Displaying PPP Status • Displaying PPP Counters
PAGE 371
Configuring and Managing Point-to-Point Protocol (PPP) Ports Enabling PPP on an Access Server Port Introduction To check if PPP is enabled on a given port, use the SHOW PORT command. When enabled, the keyword PPP displays in the list of enabled characteristics at the bottom of the screen. The section provides examples of enabling PPP on an access server port.
PAGE 372
Configuring and Managing Point-to-Point Protocol (PPP) Ports Enabling Dedicated PPP Traffic The following example shows a series of commands used to dedicate a port to PPP.
PAGE 373
Configuring and Managing Point-to-Point Protocol (PPP) Ports Establishing and Ending a PPP Session Using the CONNECT PPP Command If PPP is configured, you can start a PPP session on a port by entering the following secure command: Local> CONNECT PPP You can stop a PPP session by: • Logging out of the port • Generating a BREAK to the access server if the login is interactive, followed by the DISCONNECT command causing the peer to negotiate an end to the link The exact mechanism for causing a peer to neg
PAGE 374
Configuring and Managing Point-to-Point Protocol (PPP) Ports Displaying PPP Characteristics Introduction This section describes the commands used to display characteristics for LCP, IPCP, and ATCP. Displaying LCP Characteristics Use the SHOW PORT n PPP LCP CHARACTERISTICS command to display LCP characteristics for a port. This command is nonprivileged. The fields shown in the LCP display show the latest values configured by the SET PORT n PPP LCP characteristic commands.
PAGE 375
Configuring and Managing Point-to-Point Protocol (PPP) Ports Fields in the LCP Characteristics Display The following table explains the fields in the LCP characteristics display. Field Description Values Default LCP Indicates if LCP is enabled. Enabled Disabled Enabled Passive Open When enabled, LCP negotiation does not begin until initiated by the attached device.
PAGE 376
Configuring and Managing Point-to-Point Protocol (PPP) Ports *FCS Size has a fixed value in this software release. NOTES ** If you enable PPP call-back negotiation on a port, it is strongly recommended you also enable some sort of authentication (PAP, CHAP, etc.) on the port. Without authentication, any user who happens to discover the phone number for that port’s modem could potentially request a call-back and run up unlimited phone charges. To enable authentication on a port, refer to Chapter 22.
PAGE 377
Configuring and Managing Point-to-Point Protocol (PPP) Ports Field Description Values Default Restart Timer Indicates the amount of time between IPCP configure- or terminate-request retransmissions when there is no response. 1 to 5 seconds 3 Max Configure The number of times that IPCP sends a configure- request packet to the peer without receiving an acknowledgment.
PAGE 378
Configuring and Managing Point-to-Point Protocol (PPP) Ports Example: ATCP Characteristics Display The following example shows a sample ATCP characteristics display: Local> SHOW PORT 5 PPP ATCP CHARACTERISTICS Port 5: Server: LAT_08002B26AA94 ATCP Characteristics: ATCP: Restart Timer: Max Configure: Max Terminate: Max Failure: Enabled Passive Open: 3 seconds 10 transmissions 2 transmissions 10 transmissions Enabled ATCP Characteristics Display Field Values The following table explains the fields in th
PAGE 379
Configuring and Managing Point-to-Point Protocol (PPP) Ports Displaying PPP Status Introduction This section describes how to display the PPP LCP and IPCP status. Displaying LCP Status Use the SHOW PORT n LCP STATUS command to display LCP characteristics. This command is nonprivileged. This command shows the actual state of the LCP implementation on the access server.
PAGE 380
Configuring and Managing Point-to-Point Protocol (PPP) Ports Fields in the LCP Status Display The following table describes the fields in the LCP status display: Field Description State The LCP state as defined in RFC 1331. Negotiation Time The number of seconds required by the PPP negotiation procedure the last time LCP renegotiated. Since Open The number of seconds since LCP last attempted to negotiate the link. Failure Reason Provides a brief reason if LCP cannot complete negotiations.
PAGE 381
Configuring and Managing Point-to-Point Protocol (PPP) Ports Because of the nature of PPP negotiations, this display can differ from the configured characteristics shown on the SHOW PORT n PPP IPCP CHARACTERISTICS display.
PAGE 382
Configuring and Managing Point-to-Point Protocol (PPP) Ports Field Description Negotiate Address Indicates if address negotiation should take place. This characteristic is disabled in this release. IP Address Local — The IP address that the access server is using for itself on the link. This value is the address used with the access server’s own Ethernet. Remote — The value that the access server is using to identify the peer on the link. Compress Header Indicates whether compression is turned on.
PAGE 383
Configuring and Managing Point-to-Point Protocol (PPP) Ports Example: ATCP Status Display The following example shows the ATCP status display on port 5: Local> SHOW PORT 5 PPP ATCP STATUS Port 5: Server: LAT_08002B26AA94 ATCP Status: State: Negotiation Time: Since Open: Failure Reason: ATCP Options: Appletalk Address: Routing Protocol: Suppress B_Cast: Compression: Connect Time: Server Info: Default Router: Zone Info: Opened 0 00:00:10 0 00:08:10 None Local: 401.
PAGE 384
Configuring and Managing Point-to-Point Protocol (PPP) Ports 20-16 Field Description Routing Protocol The type of routing protocol information that may be sent across the link. Suppress B_Cast Indicates whether broadcasts are suppressed. Compression Indicates whether compression is being used on AppleTalk packets. Connect Time Indicates whether connect time information is passed. Server Info Indicates whether server information is passed.
PAGE 385
Configuring and Managing Point-to-Point Protocol (PPP) Ports Displaying PPP Counters Introduction The section describes PPP counters. Displaying LCP Counters Use the SHOW PORT n LCP COUNTERS command to display LCP counters for a port. The display shows all the counters relevant to LCP protocol operation. Most of this information is useful as a diagnostic aid. The CONNECT or DISCONNECT command zeroes each of the counters.
PAGE 386
Configuring and Managing Point-to-Point Protocol (PPP) Ports Fields in the LCP Counters Display The following table describes the fields in the LCP counters display: 20-18 Field Description Negotiation Successes The number of times that LCP successfully entered a round of negotiations since the link was brought up. Ordinarily, this counter is 1. However, you can reconfigure LCP and then cause LCP to renegotiate This changes the performance characteristics for the link.
PAGE 387
Configuring and Managing Point-to-Point Protocol (PPP) Ports Field Description Echo Reqs out The number of LCP echo-requests sent to the peer from the access server. This number should always be zero in this version. Echo Resps in The number of LCP echo-replies received from the peer. Echo Resps out The number of LCP echo-replies sent to the peer from the access server. Prot Rejects in The number of LCP protocol-rejects received from the peer.
PAGE 388
Configuring and Managing Point-to-Point Protocol (PPP) Ports Fields in the IPCP Counters Display The following table describes the fields in the IPCP counters display: 20-20 Field Description Negotiation Successes The number of times that IPCP has successfully entered a round of negotiations to bring up IP since the link was brought up. Ordinarily the value of this counter is 1. However, you can reconfigure IPCP and then cause IPCP to renegotiate.
PAGE 389
Configuring and Managing Point-to-Point Protocol (PPP) Ports Displaying ATCP Counters Use the SHOW PORT n ATCP Counters command to display ATCP counters for a port. This command requires no privileges. The counters display shows all the counters relevant to ATCP protocol operation. Most of this information is useful as a diagnostic aid. The CONNECT or DISCONNECT command zeroes each of these counters.
PAGE 390
Configuring and Managing Point-to-Point Protocol (PPP) Ports 20-22 Field Description Acks out The number of ATCP configure-acks sent to the peer from the access server. Naks in The number of ATCP configure-naks received from the peer. Naks out The number of ATCP configure-naks sent to the peer from the access server. This counter should always be zero in this release. Rejects in The number of ATCP configure-rejects received from the peer.
PAGE 391
Chapter 21 Managing IPX Overview Introduction This chapter describes how to configure and manage IPX on an access server.
PAGE 392
Managing IPX 21-2 • Displaying IPX Counters • Displaying IPX Routes • Resetting Counters
PAGE 393
Managing IPX IPX Description Introduction The purpose of IPX is to allow Novell NetWare clients to dial in to (or directly attach to) the network access server via asynchronous lines. Each remotely connected Novell client looks and acts as if it was directly connected to the LAN. The network access software provides PPP/IPXCP as the underlying data link on the asynchronous lines. This allows multiprotocol support (IP/IPX/AppleTalk) over the same asynchronous lines simultaneously.
PAGE 394
Managing IPX Login Procedures One or more serial ports of the access server can be configured for Novell dial-up access. Depending on your requirements, different login procedures for IPX can be configured including: 21-4 • The remote PC user can choose to activate a connection to the Novell network after login to the access server local user interface. This allows the user to take advantage of other non-IPX services from the access server before connecting to the Novell network.
PAGE 395
Managing IPX Getting Started Checklist The following is a checklist for using this chapter to perform the basic steps to perform remote node access to a Novell network through a network access server: Step Action 1 Determine your hardware/software requirements (Hardware and Software Requirements). 2 Configure your PC (Setting Up the Network Access Server). 3 Configure your network access server (Setting Up the Network Access Server).
PAGE 396
Managing IPX Hardware and Software Requirements Introduction This section describes the hardware and software necessary to run IPX. There must be at least one NetWare fileserver version 3.xx or greater on the network. If a fileserver is not directly attached to the same LAN as the network access server, there must be a NetWare router on the LAN. Software Requirements The following software is required to run IPX: • Network Access Software version 1.4 or greater.
PAGE 397
Managing IPX Setting Up Your PC PC Remote Access Software Ensure you know whether the network access server port you are dialing in to requires you to enter a login password or logs directly in to the local user interface. If this is the case, you will need to use terminal emulation to communicate with the access server following modem connection. Ensure you know whether the network access server port requires a PPP/PAP password.
PAGE 398
Managing IPX Setting Up the Network Access Server Enabling IPX By default, IPX is not enabled on the access server. A privileged user must enable IPX with the following commands: Local> CHANGE IPX INTERNAL ipx-net Local> CHANGE IPX ENABLED NOTE The ipx-net value must be a unique Novell network number on the network.
PAGE 399
Managing IPX • SIGNAL SELECT should match signals used by the attached device (for example, a modem) when the SIGNAL SELECT feature is supported on the access server. SIGNAL SELECT is not applicable for some access server platforms. SIGNAL SELECT can be configured either CTS (CTS-DSR-RTSDTR) or RI (RI-DCD-DSRS-DTR). Based on configuration, correct adapter must be chosen (see Appendix A). Current high-speed modems (>9600 baud) typically use CTS.
PAGE 400
Managing IPX Configuring the Port Dedicated to PPP Following modem connection, the PC user will log in with or without password authentication. Then, PPP will automatically be activated to pass IPX network packets.
PAGE 401
Managing IPX Enabling PPP/PAP Password Authentication To enable the optional PPP/PAP password authentication, use the following commands: Local> CHANGE SERVER LOGIN PASSWORD xxxxxx Local> CHANGE PORT n LCP AUTHENTICATION PAP Disabling PPP/PAP Password Authentication To disable the optional PPP/PAP password authentication, use the following command: Local> CHANGE PORT n LCP AUTHENTICATION DISABLE Passwords Both login password authentication and PPP/PAP password authentication use the same password.
PAGE 402
Managing IPX Summary of DECserver IPX Management Commands The following are the network access server commands you can use to manage IPX. Port PPP IPX Commands for LCP The following table explains the PORT PPP IPX commands for LCP. SHOW/LIST/MONITOR PORT n LCP Description CHARACTERISTICS Display the current values for the LCP characteristics. SHOW/MONITOR PORT n LCP Description COUNTERS Display the current values of the IPXCP counters.
PAGE 403
Managing IPX Port PPP IPX Commands for IPXCP The following table explains the PORT PPP IPX commands for IPXCP: SHOW/LIST/MONITOR Port n IPXCP CHARACTERISTICS SHOW/MONITOR PORT n IPXCP Description Display the current values for the IPXCP characteristics. Description STATUS Display the values of the IPXCP counters and characteristics. COUNTERS Display the values of the IPXCP counters. CHANGE/SET/DEFINE PORT n IPXCP Description ENABLE Enable IPXCP. DISABLE Disable IPXCP.
PAGE 404
Managing IPX Server IPX Commands The following table defines the server IPX commands: 21-14 SHOW/LIST/MONITOR IPX Description CHARACTERISTICS Display the current values for the characteristics. SHOW/MONITOR IPX Description COUNTERS Display the values of the IPXCP counters. RIP Display the RIP entries known to the server. ROUTES Display the routes known by the server. STATUS Display the counters, RIP entries, and routes.
PAGE 405
Managing IPX CHANGE/SET/DEFINE IPX FRAME frametype NETWORK Description ipx-net Specify explicit internal network number. LEARN Learn internal network number from LAN. DISABLED Internal network disabled. CHANGE/SET/DEFINE IPX INTERNAL NETWORK Description ipx-net Specify ipx-net as the internal network number. NONE There is no IPX address for the internal network.
PAGE 406
Managing IPX Modem Considerations Dial-In Modems Keep the following in mind when using dial-in modems attached to the network access server: • Flow control for the dial-in modem and the access server port must match. CTS is recommended for access server platforms that support CTS/RTS. XON/XOFF is recommended for access server platforms that do not support CTS/RTS.
PAGE 407
Managing IPX Recommended Serial Port Baud Rate The following table lists guidelines for setting the serial port baud rate: UART Type Maximum Modem Speed Maximum Recommended Serial Port Baud Rate 8250 9600 Up to 9600 16450 9600 to 14400 9600 to 19200 16450-A 9600 to 14400 9600 to 19200 16550 Up to 28800 Up to 115200 21-17
PAGE 408
Managing IPX Novell Client/Server Operation Establishing Remote Node Access Connection to Novell Network Vendors of PC remote node access software for Novell may have different procedures for dialing in and establishing a remote access connection to a Novell LAN through the access server. However, the following are generally the expected steps: Step Action 1 Dial in to the network access server. Activate your remote node access software on your PC so that a phone call is made to the access server.
PAGE 409
Managing IPX connection. Refer to the remote node access software installation guide for additional information. • Use local Novell login scripts to facilitate logging in to a Novell fileserver. • If Novell packet burst is used, specify a maximum of 3 for PB BUFFERS in NET.CFG. Using PB BUFFERS > 3 may cause access server buffers to be depleted for PPP at the port causing poor performance. In some cases, it may be better to disable packet burst by defining PB BUFFERS=0 in NET.CFG.
PAGE 410
Managing IPX Operational Checkout and Diagnosis Verifying Configuration To verify proper configuration, at a access server management port, type SHOW IPX at the local user interface prompt: • At least one LAN frame should have a corresponding network number. • IPX should be enabled and the internal network should be defined with a unique network number. Reference If you have problems with your dial-in connection, refer to the Cabletron Network Access Software Problem Solving guide.
PAGE 411
Managing IPX Disabling IPX Using the DEFINE Command If you decide you no longer need IPX support, you can disable IPX by using the following privileged command: Local> DEFINE IPX DISABLED Reinitialize the access server to have this command take effect.
PAGE 412
Managing IPX Frame Types Introduction To support a broad base of network stations, the access server supports four different frame formats for encapsulating IPX packets on the LAN. The four frame types supported by the access server can be enabled simultaneously: • Ethernet • RAW802 • SAP802 • SNAP802 A LAN frame is enabled when a unique NetWare network number is associated with the frame. The network number can be automatically “learned” or explicitly configured.
PAGE 413
Managing IPX Displaying IPX Characteristics Using the SHOW command Use the SHOW IPX CHARACTERISTICS command to display IPX characteristics, including IPX network and node numbers. The command is nonprivileged.
PAGE 414
Managing IPX 21-24 Field Description LAN Frame LAN frame types: ETHERNET, RAW802, SAP802, or SNAP802. LAN Network Learn, Disable, or up to 8 hexadecimal numbers (no leading zeroes, 1 to FFFFFFFE). “Learn” means that the access server will monitor the LAN to determine the network number of the corresponding frame.
PAGE 415
Managing IPX Displaying IPX Status Using the SHOW IPX Command Use the SHOW IPX command to display IPX status. The command is nonprivileged.
PAGE 416
Managing IPX Field Description LAN Frame The frame type: Ethernet, RAW802, SAP802, or SNAP802. LAN Network Learning — The network number for the corresponding LAN frame has been configured to “learn.” The access server is currently attempting to learn the network number. XXXXXXXX — Either the network number for the corresponding LAN frame has been configured to “learn” and the network number has been automatically learned, or an explicit network number has been configured.
PAGE 417
Managing IPX Displaying IPX Counters Use the SHOW IPX COUNTERS command Use the SHOW IPX COUNTERS command to display the IPX counters. The command is nonprivileged.
PAGE 418
Managing IPX 21-28 Field Description IPX Total Packets Received Total number of data packets received. IPX Local Transmits Number of data packets transmitted, originating from the access server. IPX Local Receives Number of data packets received that were destined for the access server. IPX Unknown Sockets Number of data packets with unknown socket addresses. IPX Receive Discards Number of data packets that were received and discarded.
PAGE 419
Managing IPX Field Description RIP/SAP Requests Received Number of RIP/SAP request packets received. RIP/SAP Requests Discarded Number of RIP/SAP request packets discarded. RIP/SAP Request Resource Errors Number of RIP/SAP request packet resource errors. RIP/SAP Responses Transmitted Number of RIP/SAP response packets transmitted. RIP/SAP Responses Received Number of RIP/SAP response packets received. RIP/SAP Responses Discarded Number of RIP/SAP response packets discarded.
PAGE 420
Managing IPX Displaying IPX Routes Using the SHOW IPX ROUTES Command Use the SHOW IPX ROUTES command to display IPX Routes. This command is nonprivileged. IPX Routes Display The following example shows the command to display IPX routes: Local> SHOW IPX ROUTES IPX Routes Destination Next Hop 2B24F2DD.020000000001 2B24F2DD.08002B24F2DD 911.000000000000 21000001.00608C114E4A 21000001.FFFFFFFFFFFF 21000001.08002B24F2DD EEE8022.FFFFFFFFFFFF EEE8022.08002B24F2DD EEE8023.FFFFFFFFFFFF EEE8023.
PAGE 421
Managing IPX Resetting Counters Using the ZERO Command Use the ZERO command to reset IPX counters.
PAGE 422
Managing IPX 21-32
PAGE 423
Chapter 22 Managing Dial Services Overview Introduction Configuring dial services is similar in concept to configuring a LAT service or Telnet listener. You define a service with a specified configuration that dictates how the user can operate the dialer. Before you begin any dialer management, be sure to: • Install the latest software image on the access server and all load hosts. • Read the release notes. • Know what devices and cables are connected at the various ports.
PAGE 424
Managing Dial Services Dial Services Command Groups Command Groups To configure and manage the dial services, use the SET/DEFINE/CHANGE DIALER and SHOW/LIST/MONITOR DIALER command groups. Reference For more detailed information about commands used in this chapter, refer to the Cabletron Network Access Software Command Reference guide. Entering the SET PRIVILEGED command Before changing any other parameter, make sure you have the authority to make such changes.
PAGE 425
Managing Dial Services Checking the Current Server Settings Introduction Before you configure dialer services, determine the current server configuration. Use the SHOW SERVER command to display the server configuration. Server Configuration Display The following example shows a typical access server configuration display: Local> SHOW SERVER Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.
PAGE 426
Managing Dial Services Defining a Dialer Script Introduction The first step in configuring a dial service is creating a dialer script. A dialer script tells the access server what text strings to use to control a modem on a specific port. These text strings are also known as “modem strings.” Defining Dialer Script Strings Use the SET, DEFINE, and CHANGE DIALER SCRIPT commands to define the modem strings that make up various modem commands in a dialer script.
PAGE 427
Managing Dial Services Example: Set Dialer Script Name The following example illustrates how to modify dialer script strings in a dialer script called “dickens” in order to set unique dialer characteristics: Local> Local> Local> Local> Local> Local> DEFINE DIALER SCRIPT dickens COMMAND "AT" SET DIALER SCRIPT dickens INIT NONE SET DIALER SCRIPT dickens RESET NONE CHANGE DIALER SCRIPT dickens PREFIX "DT" DEF DIALER SCRIPT dickens RESET NONE SET DIALER SCRIPT dickens TIMEOUT NONE 22-5
PAGE 428
Managing Dial Services Assigning the Dialer Script to a Port Steps After configuring the dialer strings in a dialer script, assign the script to a specific port. Do the following: Step Action 1 Are you defining the dialer script to the port for the first time? 2 • If yes, go to step 2. • If no, use the SHOW PORT n command to determine the current dialer script by showing the port (optional).
PAGE 429
Managing Dial Services Example: The Show Port Command Display The following example shows the resulting display for the SHOW PORT command. In this example, the preferred dialer service is CALL_HOME and the dialer script name is Generic_14400.
PAGE 430
Managing Dial Services Verifying Dialer Script Configuration Use the SHOW PORT n command to verify any changes you make to dialer script assignments for a port. The change appears in the Dialer Script field of the display.
PAGE 431
Managing Dial Services Defining the Dialer Service Steps After you define the dialer script and assign the dialer script to a port, define the dialer service. A dial service is used to establish a dial-back session. Do the following: Step Action 1 Display information (characteristics, status, and counters) about currently configured dialer services and system status. 2 Define or modify the dialer service using the SET/DEFINE/CHANGE DIAL SCRIPT SERVICE command.
PAGE 432
Managing Dial Services Example: Show Dialer, Port Security Enabled In this example, a user on a port with SECURITY enabled would not have access to the STATUS display since it might provide access to unlisted or sensitive phone numbers and other information received from the modem.
PAGE 433
Managing Dial Services SHOW DIALER STATUS Display Fields The following table lists values for the status field in the SHOW DIALER display: Status Meaning Initializing Sending dialer command and authorization strings. Dialing Sending the phone number string. Waiting Waiting for the expected response from mode. Connected Dialer call completed, port is in use. Available Dialer is not in use.
PAGE 434
Managing Dial Services For a detailed explanation of command keywords used to mange dialer services, see the Command Definitions section in Chapter 2.
PAGE 435
Managing Dial Services User Account Characteristics The following table explains the user account characteristics: Characteristic Description Comments DELAY Indicates the delay in seconds before the dialer engine should attempt to initiate the dial-back. Default = 30 seconds Minimum = 15 seconds Maximum = 3600 seconds (1 hour) USERNAME Defines the user name to be supplied to a peer that requires the access server to be authenticated.
PAGE 436
Managing Dial Services MODE Command Variables The following table explains the MODE command variables: 22-14 Variable Definition LOCAL Interactive nondedicated session. LOGIN Interactive dedicated session to a host. PPP Dedicated PPP session.
PAGE 437
Managing Dial Services Configuring Interactive Dial Requests Configuring for Interactive Dial-Back The following example sets the access server to a predefined phone number: Local> CHANGE DIALER AT_HOME PORT 1-16 IDENT "DIALS YOU AT HOME" The dialer service AT_HOME is set up to allow any phone number to be dialed, but the user’s security profile allows for a connection to be made using only one number. The ports are all set up to be ACCESS DYNAMIC, so they can be used for dial-in and also dial-back.
PAGE 438
Managing Dial Services Framed Dial Requests Introduction Dial-back requests can also be queued from a client that connects to the server using PPP. Unlike PPP, the SLIP protocol does not include a method of negotiating connection options including whether a call-back should be attempted and the phone number to which the call-back should be placed. Therefore, only PPP clients can request a call-back.
PAGE 439
Managing Dial Services 3. If you enable PPP call-back negotiation on a port, DIGITAL strongly recommends that you also enable some sort of authentication (for example PAP or CHAP) on the port. Without authentication, any user who happens to discover the phone number for that port’s modem could potentially request a call-back and run up unlimited phone charges. 4. To enable authentication on a port, use the SET/DEFINE/CHANGE PORT LCP AUTHENTICATION PAP/CHAP command. 5.
PAGE 440
Managing Dial Services 22-18
PAGE 441
Chapter 23 Managing Access Server Security Overview Introduction The Cabletron Network Access Software (CNAS) supports the following authentication services: • RADIUS • SecurID • Local User Accounts • Kerberos V4 In This Chapter This chapter contains the following topics: • Security Type Descriptions • Common Terminology Across Security Realms • Managing Kerberos • Managing RADIUS • Managing SecurID • Managing Local Access Server Security • Determining Security Configuration • Managi
PAGE 442
Managing Access Server Security Security Type Descriptions Introduction This section describes the types of security that the access server supports. Kerberos Kerberos is a user authentication system designed for open network computing environments. It provides for the authentication of a user name and password pair, by means of a host system accessible over the network.
PAGE 443
Managing Access Server Security SecurID SecurID is a system of authentication from Security Dynamics Technologies, Inc. There is no authorization information at the SecurID authentication host. Like Kerberos, the SecurID realm provides values for realm-defined parameters. Once the password has been accepted, its processing is analogous to the Kerberos method. However, the resulting “authorization” parameters with SecurID, are the combination of the realm parameters and the port configuration parameters.
PAGE 444
Managing Access Server Security Common Terminology Across Security Realms Introduction This section briefly defines the terms that are common to all of the security methods that the access server supports. Accounting Host A security server that accepts and records accounting information from the access server. Authentication Host A security server that provides authentication or authorization information to the access server.
PAGE 445
Managing Access Server Security Once configured, the secret is never displayed on the access server. There are privileged access server commands to erase and to reenter secrets. The secret is assigned as a realm parameter, and applies to all security hosts in the realm. Security Server The remote host with which the access server communicates in order to request authentication clearance during the login process.
PAGE 446
Managing Access Server Security Managing Kerberos Introduction This section describes Kerberos security features and explains how to configure and manage these features on the access server. To use the procedures in this section, you must: NOTE • Ensure that the access server can communicate with a host running Kerberos V4 software. • Connect and test the devices. • Enable privileged status. • Configure the port and device characteristics to match.
PAGE 447
Managing Access Server Security Network Access Server Requirements Before configuring security-specific parameters, make sure that: • You have entered the correct Internet address and subnet mask. (See the Configuring the Internet Address and Subnet Mask section in Chapter 7.) • There is an Internet gateway to the KDC if the KDC is not on the access server subnet. (See the Defining Networks Available Through a Specific Gateway section in Chapter 7.
PAGE 448
Managing Access Server Security Example: Definition of Kerberos Settings The following example shows a sample of the commands used to change these settings: Local> CHANGE KERBEROS DEFAULT REALM finance.acme.com SECRET Secret> (not echoed) Verification> (not echoed) Local> CHANGE KERBEROS REALM finance.acme.com MASTER HOST security.acme.com Local> CHANGE KERBEROS REALM finance.acme.com HOST atlas.acme.
PAGE 449
Managing Access Server Security Port Configuration You need to configure user authentication on the access server on a port-by-port basis. To enable the authentication on a given port, you enter a command such as: Local> DEFINE PORT 2 AUTHENTICATION ENABLED Example: Sample SHOW PORT Command After enabling authentication on a port, you can then display the port settings to verify that user authentication is enabled as shown in the following example: Local> SHOW PORT 1 Port 1: smith Server: TSM700 . . .
PAGE 450
Managing Access Server Security Username> smith.su@finance.acme.com Password> (not echoed) Local - 450 - Attempting to authenticate user:smith.su@finance.acme.com Local - 451 - Authentication successful Local> Example: Authentication Using the First Portion of the User Name If a default realm is configured, you have to enter only the first portion of the user name as shown in the following example: Username> smith Password> (not echoed) Local - 450 - Attempting to authenticate user: smith@finance.acme.
PAGE 451
Managing Access Server Security Network Access Server User Authentication Counters The following example shows how to display the user authentication counters for the access server: Local> SHOW SERVER AUTHENTICATION COUNTERS Total Total attempts failures User authentication (all realms): Realm: mfg.acme.com Realm: sales.acme.com Realm: finance.acme.
PAGE 452
Managing Access Server Security Managing RADIUS Introduction A RADIUS server must be operational on the network. The RADIUS server can include accounting capability, but the RADIUS accounting can be in a separate server, on a different node. In addition, there can be multiple RADIUS servers on the network, and RADIUS provides a method for using a second server should the attempt with the first server result in no response. A node that has the RADIUS server is considered an authentication host.
PAGE 453
Managing Access Server Security Optional Setup for RADIUS You can use the commands in the following examples to configure additional security parameters for RADIUS servers. The commands in these examples define a RADIUS server accounting node, the maximum timeout period for RADIUS server reply, and the interval between retries of an authentication request. • The following command defines a RADIUS server accounting node: Local> CHANGE RADIUS REALM JONAS.
PAGE 454
Managing Access Server Security Example: Defining Realm Default Authorization Attributes Local> CHANGE RADIUS REALM JONAS.COM PERMISSIONS (DIALBACK) Local> CHANGE RADIUS REALM JONAS.COM CALLBACK ENABLED DIALBACK NUMBER "1-800-555-1111" Example: Defining Password Authentication Type Local> CHANGE RADIUS REALM JONAS.COM ACCESS FRAMED NOTE The value NONE should be read as unspecified.
PAGE 455
Managing Access Server Security RADIUS User Authorizations The ultimate value for an authorization attribute may come from one of three sources: the RADIUS server, the realm defaults, or port characteristics, in that order of precedence. The choices for such features are: 1. For each RADIUS realm name you define, you can set various authorization attributes for that realm. These values serve as defaults at the realm level.
PAGE 456
Managing Access Server Security Value Description NAS-Prompt Access server’s command or menu prompt. Callback-NAS-Prompt Callback first, then NAS prompt. Setting User Permissions Permissions are explicitly given by the authorizations that were in the user-name entry in the RADIUS server’s authentication entry. When any attributes that may be appropriate are missing, an attempt is made to find a specified value in the realm defaults.
PAGE 457
Managing Access Server Security General Session Attributes The following table defines the general session RADIUS attributes: General Session Attributes Definition Service-Type Type of link requested, or change in type of link. Used in both Access-Request and Access-Accept packets. • • • • • • • Login — Delivers a dedicated connection to the specified host, using the specified protocol (Telnet, rlogin, LAT). Framed — Delivers a network (framed) protocol connection (PPP, SLIP). Callback-Login.
PAGE 458
Managing Access Server Security Framed Session Attributes The following table defines the framed session attributes: Framed Session Attributes Definition Framed-Protocol Type of framed protocol used for session. Used in Access-Accept packets. Values: • • Framed-IP-Address PPP SLIP IP address to be configured for the user (in lieu of DHCP, or similar). Used in Access-Accept packets. Note: Two values of this address require special action: • • The value 255.255.255.
PAGE 459
Managing Access Server Security Interactive session attributes Definition Login-Port Indicates the TCP (or LAT) port number to which the user is to be automatically connected. Used in Access-Accept packets. Login-LAT-Service Indicates the LAT service name to which the user is to be automatically connected, via LAT. Used in Access-Accept packets, when the Login-Service type is LAT.
PAGE 460
Managing Access Server Security DIGITAL Vendor-Specific Attributes The following table defines the vendor-specific attributes implemented in CNAS: DIGITAL Vendor-Specific Attributes Service Permissions(1) V-Type — 1 for service permissions. V-Length >= 3 Integer — The value field is 4 octets. The value is formatted as a bit map. Dialout Number (2) V-Type — 2 for dialout number. V-Length >= 3 String — Any printable ASCII characters. Dialback Number (3) V-Type — 3 for dialback number.
PAGE 461
Managing Access Server Security RADIUS Accounting Attributes Definition Acct-Session-Id A unique accounting session ID, preferably related to the access server accounting log. Acct-Authentic An indication of the means of authentication for this user: • RADIUS • Local (the User Data Base) • Remote (the Kerberos or SecurID client) Acct-Session-Time The number of seconds for which the service was delivered to the user.
PAGE 462
Managing Access Server Security Optional RADIUS User Attributes The RADIUS attributes that the access server supports are as follows: NOTE 23-22 Session-Timeout Login-Port Idle-Timeout Login-LAT-Service Framed-Protocol Login-LAT-Node Framed-IP-Address Login-LAT-Groups Callback-Number NAS-IP-Address Login-IP-Host NAS-Port Login-Service (Telnet, LAT) Vendor-Specific Other RADIUS attributes (particularly accounting attributes) are utilized internally between the RADIUS server or accounting se
PAGE 463
Managing Access Server Security Managing SecurID Introduction The Security Dynamics ACE/Server software performs dynamic two-factor SecurID authentication. Dynamic two-factor authentication combines something the user knows—a memorized personal identification number (PIN)—with something the user possesses—a randomly generated access code that changes every 60 seconds. The second factor is the tokencode generated by the SecurID token.
PAGE 464
Managing Access Server Security SecurID Ports Normally, you do not need to change the SecurID master and slave SERVICE PORT. If the default values do not match with those assigned on your hosts, then change the values in the access server to match those on the hosts. SecurID Realms SecurID servers do not provide any authorization data; therefore, any authorization information comes from the SecurID realm or the port characteristics.
PAGE 465
Managing Access Server Security Example: Including the Realm Name If your realm name has to be included when the access server sends messages to SecurID, issue the command shown in the following example: Local> CHANGE SECURID REALM realm-name INCLUDE For most usage, you will not want to include the realm name. If you do, each entry in the SecurID users file will have to appear as “user-name@realm-name” instead of simply “user-name”.
PAGE 466
Managing Access Server Security • One of the legal settings of the attributes in the realm is NONE. This special value connotes unspecified. In this case, when a user attempts to log in, if the value is not specified in the SecurID entry for the user name, and has the value NONE in the REALM, then the PORT configuration parameter assigns the corresponding value. Setting User Permissions Permissions are explicitly given by the value in the realm defaults.
PAGE 467
Managing Access Server Security Managing Local Access Server Security Introduction The tasks described in this section cover the configuration of the local access server realm and setup of local user accounts. Configuration of server security involves: • Access server realm configuration • Local user account configuration parameter Defining the Realm Realm names must be unique within a given type of authentication. In the case of the server realm, the realm name indicates local (or NAS) authentication.
PAGE 468
Managing Access Server Security Determining Security Configuration Displaying RADIUS, SECURID, and KERBEROS Characteristics The SHOW {RADIUS | SECURID | KERBEROS} CHARACTERISTICS command displays all configured realm names, along with any pertinent configuration parameters. This command is privileged. It shows the various RADIUS and SecurID servers that are configured for the access server as well as the Kerberos KDCs. It also shows the existing local server security database.
PAGE 469
Managing Access Server Security Example: Showing SecurID The following example shows the resulting display for the SHOW SECURID CHARACTERISTICS command: Local> SHOW SECURID Retransmit Interval: 00:00:02 Retransmit TimeOut: 00.00.20 Service Port: 755 Realm: AAA.BBB.CCC.COM Realm Inclusion: EXCLUDE Encoding Format: DES Prompt: Enter Passcode> Secret: (Entered) Primary Host: 16.20.55.
PAGE 470
Managing Access Server Security Example: Displaying Kerberos Characteristics The following example shows the resulting display for the SHOW KERBEROS CHARACTERISTICS command: Local> SHOW KERBEROS Retransmit Interval: 00:00:01 Retransmit TimeOut: 00:00:20 Ticket service port: 750 Password service port: 751 Default Realm: 33H.LKG.FOO.COM Secret: (None) Primary Host: prowlr.lkg.foo.com Master Host: ds900.lkg.foo.com Host: foo.bar.foo.
PAGE 471
Managing Access Server Security Showing the Authentication Counters This access server can display the counters for all realms (local, RADIUS, KERBEROS). Any session authenticated by RADIUS attempts to send accounting data to the RADIUS Server. Sessions authenticated by other methods may be configured to send accounting packets to a RADIUS accounting server as well (if one exists).
PAGE 472
Managing Access Server Security Example: Showing Security Counters Local> SHOW PORT 8 SECURITY COUNTERS 23-32
PAGE 473
Managing Access Server Security Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication Introduction AUTOLINK lets PC clients log in using SLIP, PPP, and character cell terminal mode. AUTOLINK AUTHENTICATION provides a flexible and secure method for clients to authenticate when using AUTOLINK. A single port can support authenticated logins from different types of PPP clients, which may have different LCP authentication capabilities.
PAGE 474
Managing Access Server Security Enabling AUTOLINK Authentication If you want authenticated logins, you must separately configure the port to require AUTOLINK AUTHENTICATION. The authentication can be by PPP PAP, PPP CHAP, or interactively by terminal emulation (which could be a script). The PC client is required to provide one authentication. SLIP users are treated as if they are character-cell users. Once authentication is successful, the protocol identified by AUTOLINK (PPP, SLIP, or local login) starts.
PAGE 475
Managing Access Server Security LCP Authentication Results Disabled PC clients that connect immediately using PPP will be authenticated using either CHAP or PAP authentication. If the LCP negotiation for CHAP is not acknowledged, the access server requires PPP PAP authentication. CHAP USERNAME PC clients that connect immediately to PPP will be authenticated using PPP CHAP authentication. If you user the CHAP NOUSERNAME options with the PORT LCP AUTHENTICATION command, the login fails.
PAGE 476
Managing Access Server Security Example: Setting AUTOLINK Timers The following example shows how to set AUTOLINK timers: Local> DEFINE PORT AUTOLINK TIMER PASS ONE 30 Local> DEFINE PORT AUTOLINK TIMER PASS TWO 50 Timeouts The following are the properties of AUTOLINK timeouts: • A user has one minute to complete an interactive login successfully. The clock starts from the time the USERNAME> prompt is displayed.
PAGE 477
Managing Access Server Security Stage Description 4 The script searches for: Local -451- Authentication successful 5 The script exits and allows the framed protocol to run. Note that the key phrase to search for is “Authentication successful”.
PAGE 478
Managing Access Server Security Specifying Other Security Features Introduction This section describes various security features on interactive ports. Specifying Dedicated Service for LAT or Telnet Resources The results of specifying a dedicated service on a port are as follows: • The device on the port appears hard-wired to a specific resource. • The access server establishes only one session for the port.
PAGE 479
Managing Access Server Security The following shows how to enable a host on the TCP/IP network, SALE.MKT.FOO.COM, as a dedicated service on port 5: Local> CHANGE PORT 5 DEDICATED SALE.MKT.FOO.COM Normally, the user must press the Return key to connect to the LAT or Internet host. However, if SIGNAL CONTROL or MODEM CONTROL is enabled, the port automatically connects to the host.
PAGE 480
Managing Access Server Security Login Password Definition Example The following example shows how to define TOTAL as the login password: Local> CHANGE SERVER LOGIN PASSWORD "TOTAL" or Local> CHANGE SERVER LOGIN PASSWORD Password> TOTAL (not echoed) VERIFICATION> TOTAL (not echoed) Local> You must enable the PASSWORD characteristic at the port level.
PAGE 481
Managing Access Server Security Example: Changing the Server Password Attempt Limit The following example shows how to change the password limit to 6: Local> CHANGE SERVER PASSWORD LIMIT 6 23-41
PAGE 482
Managing Access Server Security 23-42
PAGE 483
Chapter 24 Managing Remote Login Overview The remote login client (Rlogin) is supported by Cabletron Network Access Software. The Rlogin protocol, described in informational RFC 1282, allows users to log onto a remote computer (similar to Telnet). Rlogin supports preauthenticated sessions on hosts that have been configured with trust relationships. This allows users to connect to those hosts without needing to enter a username and password.
PAGE 484
Managing Remote Login Rlogin Features The following is a list of Rlogin features implemented in this release of the Cabletron Network Access Software: • Rlogin runs over TCP/IP. Once a TCP/IP connection to the target system is established, the Rlogin client sends two frames to the Rlogin server. The first consists of a null. The second contains the username at the client side, the username at the server side, and the terminal type and speed.
PAGE 485
Managing Remote Login Rlogin Characteristics The following is a list of Rlogin characteristics: • Client username — The client username sent to the Rlogin server is the username at the Rlogin client that is stored in the port’s authorization information. This means the Access Server user has been authenticated and the username given during that process is the first choice for the rlogin protocol. If there is no authorization information available, the Access Server’s port username is used.
PAGE 486
Managing Remote Login Configuring a Rlogin Client The Rlogin component implemented in the Cabletron Access Server Network Access Software is a Rlogin client. A user can initiate a Rlogin session from an Access Server, but a user cannot Rlogin onto an Access Server by means of a connection over a LAN. Follow these steps to configure a Rlogin client: Step Action 1 Turn off the terminal’s XON/XOFF flow control. (This is not the Access Server’s flow control.
PAGE 487
Managing Remote Login Step Action 4 There are two ways you can configure Rlogin for DIGITAL UNIX: 1. In the user’s home directory, add an entry to the .rhosts file, specifying the Access Server’s name or IP address, and the client username. For example: myserver.foo.com smith or 2. Add an entry specifying the Access Server’s name or address to the /etc/hosts.equiv file in the root directory. See Rlogin manpages for restrictions and syntax.
PAGE 488
Managing Remote Login 24-6
PAGE 489
Chapter 25 Accounting Overview Introduction This chapter describes the network access server accounting component. The basis of an accounting facility is the logging of events related to user access. These events can be useful to support audit trails, billing, capacity planning, and connection trouble-shooting.
PAGE 490
Accounting Accounting Description Introduction The configuration of the accounting feature is supported using SNMP and the user interface. The accounting log itself is also accessible by both mechanisms. There is also a facility for sending accounting events to the access server console port as they occur. Accounting Log File The accounting component stores information about significant user events (for example, logins) in an accounting log file.
PAGE 491
Accounting What Events Are Logged? Contents of Log Entry Types The following table shows the fields that are logged in each accounting log entry type: Log Entry Type Event Time Port Port Login X X X Port Logout X X X Session Connect Attempt X X X X X Session Disconnect X X X X X Kerberos Password Fail X X X X Privilege Password Fail X X X X Maintenance Password Fail X X X Login Password Fail X X X Remote Password Fail X X X SNMP Community Fail X X Privilege
PAGE 492
Accounting Event Field Descriptions The following table describes the fields in the accounting log entries: Field Description Event Provides the ability to distinguish the event type. The valid event types are listed in the previous table. Time Current server system uptime when entry was created. Port • For session connect/ disconnect events: - Local Access: The port the session connect or disconnect occurred on.
PAGE 493
Accounting Field Description Port • Session connect/disconnect: The protocol associated with the session attempt or disconnect. These values can be: - LAT - TELNET - MOP - TN3270 - SLIP - PPP - AUTOLINK - PING Note: For a TN3270 session, the protocol type may appear as TELNET for the connect event and TN3270 for the disconnect event.
PAGE 494
Accounting Field Description Peer The value of this field varies depending on the protocol field, as follows: • • • • • • • • Reason 25-6 LAT - Local Access: For nondedicated/preferred case, whatever you type following the CONNECT [LAT] command. For example, C CLUSTER1 (peer is CLUSTER1); C CLUSTER1 NODE NODE1 (peer is CLUSTER1 NODE1). If dedicated/preferred service is defined, the peer field will contain the service name.
PAGE 495
Accounting Field Description Tx • Session Disconnect Event: The number of bytes of successfully transmitted user data on this session at the time of session termination. This field will always be zero for MOP remote console connections. • Logout Event: The number of bytes output to the port during the life of the associated login. Rx • Session Disconnect Event: The number of bytes of successfully received user data on this session at the time of session termination.
PAGE 496
Accounting When Events Are Logged Introduction This section describes when each specific event type is logged. Login Events Login events are logged at the time of the successful login (just before the user gets the Local> prompt). Unsuccessful login attempts are handled by Kerberos Password Fail, Login Password Fail, or Remote Password Fail events. Logout Events Logout events are stored when the port is logged out. There is always an associated login event.
PAGE 497
Accounting Password Modified Events Password modified events (Privilege, Maintenance, Login, Remote) are logged whenever the associated password is modified with a SET/DEFINE/CHANGE command. A single event is logged for each UI command (only one event is logged for a CHANGE command). SET commands cannot be distinguished from DEFINE commands. If a user sets the password to the existing value, an event is still logged.
PAGE 498
Accounting Managing Accounting Introduction You can manage the accounting feature fully by using SNMP or the user interface. You can access the accounting log itself using both mechanisms. This section describes the user interface commands you can use to manage the accounting feature. Reference Refer to SNMP Survival Guide (located on the CNAS distribution media) for instructions on managing the accounting component with SNMP.
PAGE 499
Accounting Changing the Accounting Threshold Use the ACCOUNTING THRESHOLD command to specify the point in the building of a log when the accounting component sends out a threshold notification.Valid values for the ACCOUNTING THRESHOLD variable are: • NONE: No notification. • HALF: Notify when each half of the log file is reached. • QUARTER: Notify when each quarter of the log file is reached. • EIGHTH: Notify when each eighth of the log file is reached.
PAGE 500
Accounting Example: Displaying Accounting Characteristics The following example shows the display that appears when you use the SHOW ACCOUNTING CHARACTERISTICS command: Local> SHOW ACCOUNTING CHARACTERISTICS Accounting Characteristics: Threshold: None Log Size: Console Logging: Disabled 128K Displaying the Accounting Log Use the SHOW ACCOUNTING LOG command to view the log.
PAGE 501
Accounting Using the Accounting Console Logging Feature Description When console logging is enabled, the accounting component displays the accounting events on the server console as they occur. This can be useful for viewing events on a console terminal or printer. It is also possible to view (and log to a file) the console events remotely.
PAGE 502
Accounting This will cause the accounting events to be displayed on the remote screen. To log the events to a file, type the following command (replace x.x.x.x with your server’s IP address): # TELNET x.x.x.x 2001 > ACCT.
PAGE 503
Appendix A Cable and Adapter Recommendations Cable and Adapter Hardware Cable and Adapter Table The following table lists the cable and adapter hardware you need to connect devices to specific access server models: To Connect This Device: To This Access Server Model: 90M or 90TL (8 Port) 900TM (32 Port) 700 (16 Port) 316 (16 Port) 700 (8 Port) Use This Cable and Adapter Hardware: Terminal/printer with MMJ port BN24H-xx cable H8575-A adapter and BC16E-xx cable Terminal/printer with DB25 male port H8
PAGE 504
Cable and Adapter Recommendations To Connect This Device: To This Access Server Model: Modems using RI-DCDDSRS-DTR signals (typically <9600 baud) with DB25 female port H8585-AB adapter and BN25G-xx cable BC22E-xx (10-wire) cable or BC22F-xx (25-wire) cable Modem using CTS-DSR-RTSDTR signals (typically =>9600 baud) with DB25 female port H8585-AC adapter andBN25G-xx cable BC22E-xx (10-wire) cable or BC22F-xx (25-wire) cable Host computer systems with DB25 male ports (reverse-LAT configuration) - BC
PAGE 505
Glossary access server A generic name for a family of access servers supported by Cabletron Network Access Software. access server configuration database A load host database that contains the DECnet characteristics and the access server type, the load file name, and the dump file name for each access server. access server image A file in the access server directory on the load host that contains executable code. Address Resolution Protocol See ARP. American National Standards Institute See ANSI.
PAGE 506
Glossary asynchronous Pertaining to a communication method in which each event occurs with no relation to a timing signal. atomics Refers to nontabular objects in a group of objects in a MIB. authentication Utilizes Kerberos to verify a user’s identity by validating a Kerberos user name and password on a remote Kerberos host (KDC).
PAGE 507
Glossary CCR Console Carrier Request. An ULTRIX host function that allows connections to the access server remote console port. Clear To Send See CTS. circuit timer LAT. The LAT protocol timer that determines the minimum interval at which a access server transmits virtual circuit messages. client-server Internet. The model of interaction in a distributed system in which a program at one site sends a request to a program at another site and awaits a response.
PAGE 508
Glossary datagram See IP datagram. Data Set Ready See DSR. Data Terminal Ready See Data Terminal Ready. data transparency During a session, the access server normally intercepts and interprets switch characters and flow control characters. Users can enable data transparency, causing these characters to become transparent to the access server.
PAGE 509
Glossary The individual sections of the name might represent sites, groups, or computers, but the domain system simply calls each section a label. For example, the domain name super.dec.com, contains three labels: super, dec, and com. Any suffix of labels in a domain name is called a domain. Thus, the lowest level domain is super.dec.com, an abbreviation for the computer named super. The second level domain is dec.
PAGE 510
Glossary node. Failover is attempted only if the service is offered by two or more service nodes (as with a VAXcluster service). flow control The set of rules used by a communications protocol to ensure that access server ports and port devices do not lose data during data transfers. Flow control prevents the sending network node (or transmitting process) from sending more data than the receiving node (or receiving process) can handle. gateway See Internet gateway. group codes LAT.
PAGE 511
Glossary initialization The process of running the access server diagnostic self-test program and, optionally, downline loading the access server with the access server image. Installation Verification Procedure See IVP. Internet Internet (written in all lowercase letters) is a collection of packet switching networks that use TCP/IP protocols and are interconnected by gateways. Software enables the networks to function logically as a single, large, virtual network. 3.
PAGE 512
Glossary Internet Protocol See TCP/IP. IP Internet Protocol. See TCP/IP. IP datagram Internet. A basic unit of information transferred over the Internet. IVP Installation Verification Procedure. This procedure verifies that the access server software was successfully installed on a OpenVMS load host. KDC Key Distribution Center. A Kerberos host that serves to validate a user’s identity with a Kerberos user name and password. keepalive timer LAT.
PAGE 513
Glossary LAT Control Program A control program that provides a command interface that allows system and network managers to set up and manage an operating system as a LAT service. LAT network All the computer systems, or nodes, on a LAN that support the LAT protocol constitute a LAT network. LAT node A computer on a LAN that contains LAT software. There are two types of LAT nodes; nodes that access services and nodes that offer services; some nodes perform both functions.
PAGE 514
Glossary local service Network resource offered by your access server. loopback test A access server asynchronous port test during which data is looped to the module. There are two types of loopback tests: internal and external. The external loopback test requires a loopback connector. Maintenance Operation Protocol See MOP. Management Information Base See MIB. Maximum Transmission Unit See MTU. MIB Management Information Base. A listing of variables that can be accessed by SNMP.
PAGE 515
Glossary name server See Internet name server. NCP Network Control Program. The DECnet command interface used to configure, control, monitor, and test DECnet networks. network access server See access server. Network Control Program See NCP. Network Management Station See NMS. network resource A device (such as a computer or printer) or software application on a network that performs certain functions and can be accessed by devices, such as access servers and computers.
PAGE 516
Glossary ODL Font Protocol On-Demand Loading Font Protocol. A protocol that enables Asian terminals connected to the access server to use the LAT protocol to access Japanese and Chinese OpenVMS systems on the LAN. On-Demand Loading Font Protocol See ODL Font Protocol. OpenVMS An operating system for DIGITAL VAX computers. operational database The access server database that contains the values that determine the current operating characteristics of the access server.
PAGE 517
Glossary queuing LAT. The process of putting LAT connection requests for a busy printer or service on a waiting list (queue). Requests are dequeued and processed in the order in which they were entered into the queue-first-in/first-out (FIFO). RAM Random Access Memory. This is a read and write memory integrated circuit (IC). Random Access Memory See RAM. RCF Remote Console Facility. A OpenVMS host function that allows connections to the access server remote console port.
PAGE 518
Glossary root name server A name server that is at the top level in a domain. RTS Request To Send. A signal sent by the access server to the port device to indicate that the access server is ready to exchange control signals or data. secure port A port set up so that the port user only has access to a limited subset of the nonprivileged user command set.
PAGE 519
Glossary session management A facility provided by some access servers that uses TD/SMP to communicate with a access server device so that the device can process simultaneous, independent, multiple terminal sessions. On the device, the data exchange of multiple sessions can be processed simultaneously regardless of which session is current. Simple Network Management Protocol See SNMP. SLIP Serial Line Internet Protocol.
PAGE 520
Glossary synchronous Pertaining to a communication method in which each event occurs in relation to a timing signal. TCP/IP Transport Control Protocol/Internet Protocol. A suite of Internetworking communication protocols of which TCP and IP are the two most fundamental. TCP port This is a protocol port number used by TCP/IP. For access servers, this number is mapped to a physical access server port number. TD/SMP Terminal Device/Session Management Protocol.
PAGE 521
Glossary Time To Live See TTL. TFTP Trivial File Transfer Protocol. For access servers, this Internet protocol is used to downline load software from a load host to the access server. transceiver Hardware equipment that provides an electrical connection to a network cable for a network node. Transport Control Protocol/Internet Protocol See TCP/IP. TRAP message An SNMP message sent by the agent (in this case, the access server) to one or more designated Internet hosts. TSM Terminal Server Manager.
PAGE 522
Glossary virtual circuit A logical communications path between a access server and a service node. A virtual circuit provides a bidirectional, sequential, timer-based, error-free stream of data. WAN Wide Area Network. A network composed of computers connected by communications links that cover distances up to many thousands of miles. Contrast with LAN. Wide Area Network See WAN. XON/XOFF characters These characters are used with a form of in-band flow control and are transmitted as TxD and RxD data.