PortMaster ® Configuration Guide Lucent Technologies Remote Access Business Unit 4464 Willow Road Pleasanton, CA 94588 925-737-2100 800-458-9966 May 1998 950-1182D
Copyright and Trademarks © 1995, 1997, 1998 Lucent Technologies. All rights reserved. PortMaster, ComOS, and ChoiceNet are registered trademarks of Lucent Technologies. RADIUS ABM, PMVision, PMconsole, and IRX are trademarks of Lucent Technologies, Inc. ProVision is a service mark of Lucent Technologies, Inc. All other marks are the property of their respective owners. Disclaimer Lucent Technologies, Inc.
Contents About This Guide 1. 2. Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii PortMaster Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Additional References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix RFCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 3. iv On-Demand Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 PortMaster Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Port Status and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 Configuring Global Settings Setting the System Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 4. PortMaster Modem Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20 Setting SNMP Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Setting SNMP Read and Write Community Strings . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Adding SNMP Read and Write Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 Viewing SNMP Settings . . . . .
Contents 5. vi Configuring Ethernet Subinterfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 Setting OSPF on the Ethernet Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 Configuring an Asynchronous Port Asynchronous Port Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 General Asynchronous Port Settings . . . . . . . . . . . . . . . . . . . . . . . .
Contents 6. 7. Network Dial-Out-Only Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17 Network Dial-In-and-Out (Two-Way) Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18 Configuring a Port for a Dedicated Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20 Setting the Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 8. viii Setting the Idle Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 Setting the Session Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 Configuring Network Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 Setting the Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 9. Setting RIP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7 Setting the Dial Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 Setting the MTU Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8 Configuring Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Input Filter for an Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10 Input and Output Filters for FTP Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11 Rule to Permit DNS into Your Local Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12 Rule to Listen to RIP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Setting the Inband Signaling Protocol for E1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4 Configuring ISDN PRI Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5 Setting the ISDN PRI Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5 Setting the Framing Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3 Configuring ISDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4 ISDN BRI Switch Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4 Setting the Switch Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents LMI Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 Frame Relay Configuration on the PortMaster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-4 Enabling LMI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5 Enabling Annex-D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Using ISDN for On-Demand Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-15 16. Using Internet Connections Overview of Continuous Internet Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-3 Configuration Steps for an Internet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-3 Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Configuring Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-4 Configuring Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-5 Configuring a Network Device for Telnet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-8 19. Using Synchronous Leased Lines Overview of Leased Line Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents xvi Configuration Guide for PortMaster Products
About This Guide The PortMaster® Configuration Guide provides general information about networking and network configuration as well as specific information needed to configure PortMaster products. Review this guide thoroughly before configuring your PortMaster. This guide provides the settings required for the most commonly used PortMaster configurations. To use this guide you must have successfully installed your PortMaster according to the instructions provided in the relevant installation guide.
PortMaster Documentation The manuals are also provided as PDF and PostScript files on the PortMaster Software CD shipped with your PortMaster. In addition, you can download PortMaster information and documentation from http://www.livingston.com. • ChoiceNet® Administrator’s Guide This guide provides complete installation and configuration instructions for ChoiceNet server software.
Additional References • PortMaster Troubleshooting Guide This guide can be used to identify and solve software and hardware problems in the PortMaster family of products. • RADIUS Administrator’s Guide This guide provides complete installation and configuration instructions for Lucent Remote Authentication Dial-In User Service (RADIUS) software. Additional References RFCs Use any World Wide Web browser to find a Request for Comments (RFC) online.
Additional References RFC 1587, OSPF NSSA Options RFC 1597, Address Allocations for Private Internets RFC 1627, Network 10 Considered Harmful (Some Practices Shouldn’t be Codified) RFC 1634, Novell IPX Over Various WAN Media (IPXWAN) RFC 1661, The Point-to-Point Protocol (PPP) RFC 1700, Assigned Numbers RFC 1771, A Border Gateway Protocol 4 (BGP-4) RFC 1812, Requirements for IP Version 4 Routers RFC 1814, Unique Addresses are Good RFC 1818, Best Current Practices RFC 1824, Requirements for IP Version 4 Rou
Additional References ITU-T Recommendations The following documents are recommendations of the International Telecommunication Union Telecommunication Standardization Sector (ITU-T), formerly known as CCITT: • Recommendation V.25bis (1988)—Automatic calling and/or answering equipment on the general switched telephone network (GSTN) using the 100-series interchange circuits • Recommendation V.
Document Conventions Routing in the Internet. Christian Huitema. Prentice Hall PTR, 1995. (ISBN 0-13-132192-7) TCP/IP Illustrated, Volume 1: The Protocols. W. Richard Stevens. Addison-Wesley Publishing Company. 1994. (ISBN 0-201-63346-9) Internet Routing Architectures. Bassam Halabi. Cisco Press, 1997.
Document Advisories Convention Use Examples Vertical bar (|) Separates two or more possible options in command syntax. • set S0|W1 ospf on|off • set S0 host default|prompt|Ipaddress Document Advisories Note – means take note. Notes contain information of importance or special interest. ✍ ! Caution – means be careful. You might do something—or fail to do something—that results in equipment failure or loss of data. Warning – means danger.
PortMaster Training Courses For the EMEA Region If you are an Internet service provider (ISP) or other end user in Europe, the Middle East, Africa, India, or Pakistan, contact your local Lucent Remote Access sales channel partner. For a list of authorized sales channel partners, see the World Wide Web at http://www.livingston.com/International/EMEA/distributors.html.
Subscribing to PortMaster Mailing Lists Subscribing to PortMaster Mailing Lists Lucent maintains the following Internet mailing lists for PortMaster users: • portmaster-users—a discussion of general and specific PortMaster issues, including configuration and troubleshooting suggestions. To subscribe, send email to majordomo@livingston.com with subscribe portmaster-users in the body of the message. The mailing list is also available in a daily digest format.
Subscribing to PortMaster Mailing Lists xxvi PortMaster Configuration Guide
Introduction 1 This chapter discusses the following topics: • “PortMaster Software” on page 1-1 • “Preconfiguration Planning” on page 1-2 • “Configuration Tips” on page 1-3 • “Basic Configuration Steps” on page 1-4 PortMaster Software All PortMasters are shipped with the following software: • ComOS®—The communication software operating system already loaded in Flash RAM on each PortMaster. You can use the ComOS command line interface to configure your PortMaster through a console.
Preconfiguration Planning • RADIUS—The RADIUS server, radiusd, runs as a daemon on UNIX systems, providing centralized authentication for dial-in users. The radiusd daemon is provided to customers in binary and source form for SunOS, Solaris, Solaris/X8.6, AIX, HP-UX, IRIX, Alpha OSF/1, Linux, and BSD/OS platforms. For installation and configuration instructions, see the RADIUS Administrator’s Guide.
Configuration Tips • Are you running IP, IPX, or both? • Do you want to enable SNMP for network monitoring? • Do you want dial-in only, dial-out only, or two-way communication on each port? • What characteristics do you want to assign to the dial-out locations? • How do you want to configure dial-in users? • Do you want to use RADIUS to authenticate dial-in users, or the internal user table on the PortMaster? • Do you want to use ChoiceNet to filter network traffic? • Do you want to use the
Basic Configuration Steps Basic Configuration Steps The exact PortMaster configuration steps you follow depend upon the hardware you are installing and your network configuration. However, the following general configuration steps are the same for all PortMaster products: 1. Install the PortMaster hardware and assign an IP address and a password as described in the installation guide shipped with your PortMaster.
Basic Configuration Steps ISDN PRI connection configuration is described in Chapter 11, “Configuring the PortMaster 3.” ISDN BRI connection configuration is covered in Chapter 12, “Using ISDN BRI.” 9. Configure dial-in users in the user table, or configure RADIUS. The user table is described in Chapter 7, “Configuring Dial-In Users.” If you are using RADIUS security instead of the user table, see the RADIUS Administrator’s Guide. 10. Configure ChoiceNet, if you are using it.
Basic Configuration Steps 1-6 PortMaster Configuration Guide
How the PortMaster Works 2 This chapter summarizes PortMaster operation and capabilities so you can choose how to configure your system. Consult the glossary for definitions of unfamiliar terms.
Booting the PortMaster then attempts to boot itself across the network using the Trivial File Transfer Protocol (TFTP) to download a netbootable ComOS image from the host that replied to the RARP. The TFTP process begins by transferring the /tftpboot/address.typ file, replacing address with the uppercase 8-character hexadecimal expression of the IP address of the PortMaster and typ with the 3-character boot extension describing the model of PortMaster, as shown in Table 2-1. If /tftpboot/address.
PortMaster Initialization PortMaster Initialization Once the PortMaster has successfully booted, it does the following: 1. Ethernet interfaces are started. 2. Modem initialization strings are sent to asynchronous ports that have modem table entries defined. 3. Network hardwired ports are initiated. 4. Continuous dial-out connections are initiated. 5.
On-Demand Connections On-Demand Connections The PortMaster establishes on-demand connections in the following way: • When the PortMaster receives packets going to an on-demand location that is suspended (not currently active), it dials out to that location if a line is available. • If idle timers expire on a connection, the connection is brought down, freeing the port for other uses.
Port Status and Configuration Access can also be denied if the specified login service is unavailable—for example, if the PortMaster Login Service has been selected for the user but the selected host does not have the in.pmd PortMaster daemon installed. Access is denied with the “Host Is Currently Unavailable” message if the host is down or otherwise not responding to the login request.
Port Status and Configuration Table 2-2 PortMaster Port Status Status Description IDLE The port is not in use. USERNAME The data carrier detect (DCD) signal has been asserted and observed on the port. • On older PortMaster expansion cards (ports S10 through S29) and system cards (ports S0 through S9), DCD floats high when nothing is attached to the port. • On newer cards, in two-way and device environments, DCD is high when the device is busy.
Configuring Global Settings 3 This chapter describes how to configure settings that the PortMaster uses across all its ports and interfaces.
Setting the System Name See the PortMaster Command Line Reference for more detailed command descriptions and instructions. Setting the System Name The system name is the name that identifies the PortMaster for SNMP queries, IPX protocol routing, and CHAP authentication. Enter a name that is valid for your network. The system name can have up to 16 characters, and appears in place of the Command> prompt on PortMaster products that have it set.
Setting the Dynamic Host Control Protocol (DHCP) Server Use the following command to configure a PortMaster product to forward a DHCP request from a cable modem to the DHCP server: Command> set dhcp server address ✍ Note – The ComOS does not support DHCP requests over Ethernet (nor requests from PortMaster OR-U dial-up routers).
Setting the Dynamic Host Control Protocol (DHCP) Server Figure 3-1 Cable Modem Telephone Return Interface Startup 4 IP Packet DST 192.168.33.10 SRC 10.66.98.96 DHCP Response Coaxial cable interface address = 172.16.98.67 Configuration info. Internet 10.66.98.96 DHCP server 3 WAN IP Packet DST 10.66.98.96 SRC 192.168.33.10 DHCP Request nch asy N WA ron ous PM3 PPP 1 con nec tion 2 IP Packet DST 255.255.255.255 SRC 192.168.33.10 DHCP Request Telephone interface 192.168.33.
Setting the Default Route Gateway 1. Using the telephone interface, the cable modem dials the PortMaster and establishes a PPP connection. The PortMaster assigns IP address 192.168.33.10 to the telephone interface of the cable modem. 2. Using the telephone interface, the cable modem broadcasts a DHCP request. The destination of the request is 255.255.255.255 and the source is 192.168.33.10. 3. The PortMaster forwards the request to the DHCP server by substituting the IP address of the DHCP server (10.66.
Configuring Default Routing You can set a metric between 1 and 15 for the IP and IPX gateways to indicate the hop count associated with the gateway route. The PortMaster uses the hop count value for comparisons if the PortMaster is set to listen for default routes from other routers. Refer to Appendix A, “Networking Concepts,” for more information about address formats. Refer to the PortMaster Routing Guide for more information about routing.
Configuring Name Resolution Using the Host Table Each host attached to an IP network is assigned a unique IP address. Every PortMaster supports a local host table to map hostnames to IP addresses. If your network lacks a computer that can perform hostname resolution, the PortMaster allows entries in a local host table. Hostnames are used by the PortMaster only for your convenience when using the command line interface, or if you require users to enter hostnames at the host prompt.
Configuring Name Resolution To set the name service, use the following command: Command> set namesvc dns|nis Once the name service is set, you must set the address of your NIS or DNS name server and enter the domain name of your network. See “Setting the Name Server” on page 3-8 for instructions. Setting the Name Server The PortMaster supports RFC 1877, which allows remote hosts also supporting RFC 1877 to learn a name server through PPP negotiation.
Setting the Telnet Port Setting the Telnet Port The Telnet access port can be set to any number between 0 and 65535. The Telnet port enables you to access and maintain the PortMaster using a Telnet connection to this TCP port. If 0 (zero) is used, Telnet administration is disabled. The default value is 23. Ports numbered 10000 through 10100 are reserved and should not be used for this function. Up to four administrative Telnet sessions at a time can be used.
Setting System Logging Setting the Loghost To set the IP address of the loghost—the host to which the PortMaster sends syslog messages—use the following command: Command> set loghost Ipaddress ✍ Note – Do not set a loghost at a location configured for on-demand connections, because doing so keeps the connection up or brings up the connection each time a syslog message is queued for the syslog host. Setting the loghost’s IP address to 0.0.0.0 disables syslog from the PortMaster.
Setting System Logging You can change the facility, the priority, or both, of log messages. To change the facility or priority of log messages, use the following command. Be sure to separate the Facility and Priority keywords with a period (.). Command> set syslog Logtype Facility.Priority The facility and priority can be set for each of the five types of logged events listed in Table 3-2. Table 3-3 and Table 3-4 show the keywords used to identify facilities and priorities.
Setting Administrative Logins to Serial Ports Table 3-4 Syslog Priority Keywords (Continued) Priority Number Typically Used for warning 4 Warning messages notice 5 Normal but significant messages info 6 Informational messages debug 7 Debug-level messages To determine current syslog settings, enter the following command: Command> show syslog Setting Administrative Logins to Serial Ports When you log in using !root, administrative logins to the serial ports are enabled by default.
Setting the Reported IP Address The default number of addresses available for the address pool is equal to the number of ports configured for network dial-in. The address pool size is determined during the boot process. You can instead set the number of IP addresses assigned to the pool with the set pool command.
Configuring SNMP The SNMP agent returns values for management information base (MIB) variables that can be changed or queried by the SNMP manager. The agent gathers information from the MIB, which resides on the target device. MIB information can include device parameters and network status. The agent is capable of responding to requests to get or set data from the manager. PortMaster products support MIB II variables as specified in RFC 1213, along with a MIB specific to PortMaster products.
Configuring SNMP Figure 3-2 Management Information Base (MIB) Hierarchy unnamed 0 CCITT 1 iso 2 joint ISO/CCITT 3 org 6 dod 1 internet 1 directory 2 mgmt 3 experimental 4 private 1 mib 307 Livingston 11820021 Configuring Global Settings 3-15
Configuring SNMP Figure 3-3 shows the tree structure of the private Livingston portion of the MIB. Figure 3-3 Part of MIB Structure showing PortMaster Port S0. Livingston Enterprise 305 1. (not used) 306 307 308 2. products 3. livingstonMib 1. livingstonSystem 2. livingstonInterfaces 1. livingstonSerial 2. livingstonT1E1 1. livingstonSerialTable 1. livingstonSerialEntry 1. Index 2. PortName 3. PhysType 4. User ...
Configuring SNMP The SNMP manager queries the agents by means of OIDs. Each OID uniquely identifies a single MIB variable. For example, the OID 307.3.2.1.1.1.2.0, returns the portname for port S0, and the OID 307.3.2.1.1.1.2.1 returns the port name for port S1 (see Table 3-5). Table 3-5 Partial View of the Livingston Serial Table. OID S0 (0) S1 (1) S2 (2) S3 (3) S4 (4) ...307.3.2.1.1.1.1 Index Index Index Index Index ...307.3.2.1.1.1.2 PortName PortName PortName PortName PortName ...
Configuring SNMP Table 3-6 3-18 Serial Interfaces Table (Continued) Object Definition Direction Direction in which the active session was initiated. PortStatus Status of the serial interface. Started Amount of time this session has been active. Idle Amount of time this session has been idle. InSpeed Estimate of the current inbound bandwidth in bits per second of the serial interface. OutSpeed Estimate of the current outbound bandwidth in bits per second of the serial interface.
Configuring SNMP PortMaster T1/E1 Interfaces Table 3-7 lists the objects in the T1/E1 interfaces from the Livingston Extensions section of the MIB. T1/E1 interfaces are supported on the PortMaster 3 only. Table 3-7 T1/E1 Interfaces Table Object Definition Index Unique value for each T1/E1 interface PhysType Type of interface (T1 or E1) Function Configured function of the interface Status Current operational state of the interface.
Configuring SNMP Table 3-7 T1/E1 Interfaces Table (Continued) Object Definition CarrierLoss Total number of times the interface has lost the carrier signal SyncLoss Total number of times the interface has lost frame synchronizations BipolarErrors Total number of frame-level CRC errors detected on the interface CRCErrors Total number of frame-level CRC errors detected on the interface SyncErrors Total number of frame synchronization errors detected on the interface PortMaster Modem Table Table
Configuring SNMP Table 3-8 Modem Table (Continued) Object Type Definition livingstonModemInByteCount Total number of bytes received by the modem livingstonModemOutByteCount Total number of bytes transmitted by the modem livingstonModemRetrains Number of retrains attempted by the modem livingstonModemRenegotiates Number of renegotiates attempted by the modem livingstonModemCalls Number of times a call received by the modem livingstonModemDetects Number of analog calls received by the modem l
Configuring SNMP information can be set on the SNMP agent. The default write community string is private. Community strings must be set on SNMP agents so that configuration information is not changed by unauthorized users. To use this feature, you must set both a read community string and a write community string for your network.
Displaying the Routing Table Viewing SNMP Settings Settings for SNMP monitoring, read and write community strings, and read and write hosts are stored in the SNMP table. To display the SNMP table, enter the following command: Command> show table snmp Monitoring SNMP Alarms When an interface or modem fails, the SNMP agent traps the error message generated by the failure and sends it to the SNMP Manager.
Setting Static Routes To display the IPX routing table entries, enter the following command: Command> show ipxroutes The routes appear in the following order: 1. Default route 2. Host routes 3. Network routes 4. Expired routes that are no longer being advertised Setting Static Routes Static routes provide routing information unavailable from the Routing Information Protocol (RIP), Open Shortest Path First (OSPF) protocol, or Border Gateway Protocol (BGP).
Setting Static Routes ✍ • Gateway—The address of a locally attached router where packets are sent for forwarding to the destination. • Metric—The number of routers (or hops) a packet must cross to reach its destination. The metric represents the cost of sending the packet through the gateway to the specified destination. Note – Never set the gateway for the PortMaster to an address on the same PortMaster; the gateway must be on another router.
Setting Static Routes • ✍ Ticks—The time required to send the packet to its destination. Ticks are measured in 50ms increments.The ticks metric is used in addition to the hops metric only on IPX networks. Note – Never set the gateway for the PortMaster to an address on the same PortMaster; the gateway must be on another router.
Setting Static Routes For example, suppose the address of Ether0 is 172.16.1.1 with a 255.255.255.0 subnet mask (a class B address subnetted on 24 bits) and the destination of ptp1 is 192.168.9.65 with a 255.255.255.240 subnet mask (a class C address subnetted on 28 bits). If routing broadcast is on, the PortMaster routing broadcast on Ether0 claims a route to the entire 192.168.9.0 network. Additionally, the broadcast on ptp1 claims a route to 172.16.0.0.
Setting Static Routes ✍ Note – Static routes use the netmask table entries that are in effect when the routes are added. If the netmask table is changed, the static route must be deleted from the route table and added again. Example of Applying Static Netmasks Note – Lucent recommends that you use OSPF in this circumstance instead of static routes. This static netmask example assumes the following: • You have anywhere between 8 and 250 PortMaster routers.
Enabling NetBIOS Broadcast Packet Propagation If your gateway on the Ethernet is not a PortMaster product, the netmask table is not supported. However, you can set a static route on the gateway for each of the three destination networks for your assigned pools (192.168.207.0, 192.168.208.0, and 192.168.209.0), pointing at one of the PortMaster routers. The identified PortMaster then forwards packets to the proper PortMaster. If you are using an IRX running ComOS 3.
Setting Call-Check Authentication If you set PAP to off, and CHAP to on, dial-in users are asked to authenticate with CHAP. PAP authentication is neither requested nor accepted. If you set both PAP and CHAP to off, dial-in users must authenticate with a username/password login.
Configuring the Ethernet Interface 4 This chapter describes how to configure PortMaster Ethernet interfaces and subinterfaces, and includes the following topics: • “Setting General Ethernet Parameters” on page 4-1 • “Setting IP Parameters” on page 4-3 • “Setting Ethernet IPX Parameters” on page 4-5 • “Configuring Ethernet Subinterfaces” on page 4-7 • “Setting OSPF on the Ethernet Interface” on page 4-8 Before configuring the Ethernet interface, you must make the appropriate Ethernet connection f
Setting General Ethernet Parameters ✍ Note – ComOS releases prior to 3.5 use the keyword routing instead of the rip keyword. Table 4-1 describes the results of using each keyword. Table 4-1 Keywords for Configuring RIP Routing Keyword Description on The PortMaster broadcasts and listens for RIP information from other routers on the local Ethernet. This is the default. off The PortMaster neither broadcasts nor listens for RIP information from the local Ethernet.
Setting IP Parameters To apply an input filter to the Ethernet interface, use the following command: Command> set Ether0 ifilter Filtername To remove the input filter, omit the filter name when entering the command. Output Filters When an output filter is used, all traffic going out of the PortMaster on the Ethernet interface is compared to the output filter rules. Only packets permitted by the filter rules are sent by the PortMaster.
Setting IP Parameters Setting the Subnet Mask The default subnet mask is 255.255.255.0. If you have divided your network into subnets, enter the subnet mask that identifies how your network addresses are divided between the network portion and the host portion. To set the subnet mask, use the following command: Command> set Ether0 netmask Ipmask See Appendix A, “Networking Concepts,” for more information about using subnet masks.
Setting Ethernet IPX Parameters To enable or disable IP traffic, use the following command: Command> set ether0 ip enable|disable Note – This command is currently available only on the Ether0 port. ✍ Setting Ethernet IPX Parameters You must set the following values to send IPX traffic on the Ethernet interface. IPX routing is enabled when routing is enabled. • Network address • Protocol • Frame type Setting the IPX Network Address You must identify the IPX network of your local Ethernet segment.
Setting Ethernet IPX Parameters To enable or disable IPX traffic, use the following command: Command> set ether0 ipx enable|disable Note – This command is available only on the Ether0 port. ✍ Setting the IPX Frame Type The IPX frame type must be identified and set to the value used on the local IPX network. The frame type identifies the encapsulation method used on your IPX ports. The IPX protocol can be implemented with one of the four commonly used IPX encapsulation and frame types shown in Table 4-2.
Configuring Ethernet Subinterfaces Configuring Ethernet Subinterfaces With the subinterface feature of the ComOS, you can create up to 512 subinterfaces (the total number of interfaces available on a PortMaster) on a single primary Ethernet interface. Because you have the bandwidth of only a single Ethernet interface, however, efficiency begins to degrade significantly when you add more than 8 subinterfaces. Subinterfacing is essentially the segmenting of a single wire, or port, into multiple IP networks.
Setting OSPF on the Ethernet Interface You can view or modify a subinterface with the ifconfig command (see the PortMaster Command Line Reference). If you modify the interface with the ifconfig command, you must reboot the PortMaster for the changes to take effect. Setting OSPF on the Ethernet Interface You can enable or disable Open Shortest Path First (OSPF) routing protocol on an Ethernet interface.
Configuring an Asynchronous Port 5 Each asynchronous port can be configured for several different functions, giving the PortMaster configuration more flexibility. However, each port can carry out only one function at a time. For example, if a port receives a dial-in user login request, this port cannot be used for anything else until the current session is terminated. The port is then available for dial-out use or any other purpose specified when the port was configured.
Asynchronous Port Uses offices dial into a central hub that routes among them, and a mesh where every office can speak to any other office on demand. Intermediate configurations between star and mesh are also possible. To add network bandwidth on-demand, additional ports can be configured for loadbalancing. These ports can be configured to connect to a location when the network traffic exceeds a specific level.
General Asynchronous Port Settings connection can be established to a specified port on the PortMaster. Once the connection is established, the connected device such as a printer or modem can be accessed as if it were connected directly to the host. Ports can also be configured to be accessed by programs using TCP/IP sockets, or by Telnet from the network. Chapter 18, “Accessing Shared Devices,” gives an example of sharing devices across a network.
General Asynchronous Port Settings To set the port speed, use the following command—entered on one line: Command> set S0|all speed [1|2|3] Speed You can set speed to any of the following standard modem speed settings: 300 1200 4800 19200 57600 600 2400 9600 38400 76800 115200 Parity Checking Parity checking is off by default. Setting Databits You can set the number of databits per byte for a single asynchronous port or all asynchronous ports. The default (8) is the most common.
General Asynchronous Port Settings Setting the Dial Group You can create modem pools for dial-out connections by associating ports and dial-out locations with dial groups. Dial groups can be used to reserve ports for dial-out to specific locations, or to differentiate among different types of modems that are compatible with the remote location. Dial groups are numbered 0 to 99. The default dial group is 0.
General Asynchronous Port Settings Setting the Login Message The PortMaster allows you to specify a message for each port, up to 240 characters long, that is displayed to the user before login. To insert a new line, use a caret (^). Do not include double quotation marks within the message.
General Asynchronous Port Settings To enable automatic login for a particular user on a particular port, use the following command: Command> set S0 username|autolog String Setting a Port as the Console You can set any asynchronous port to be the console for administrative functions such as configuring the PortMaster. The set console command takes effect immediately. If you use the save console command, the port remains the console even after the current session is ended.
Configuring a PortMaster for Login Users To enable the idle timer and set a timeout value, use the following command: Command> set S0 |all idletime Number [minutes|seconds] To disable the idle timer, set it to 0. Configuring a PortMaster for Login Users A PortMaster can be configured to allow dial-in users to log in to a specified host. This configuration is called user login.
Configuring a PortMaster for Login Users To configure a PortMaster for user login, use the following steps. These steps are described in more detail in later sections. 1. Set the port type to login. Command> set S0 login 2. Set the login service. Command> set S0 service_login portmaster|rlogin|telnet|netdata [Tport] 3. Set the login host. Command> set S0 host 1|2|3|4 default|prompt|Ipaddress 4. Specify the terminal type. Command> set S0|all termtype String 5. Reset the port and save the settings.
Configuring a PortMaster for Login Users Setting the Login Service The login service specifies how login sessions are established. Table 5-1 describes the four types of login services available. Table 5-1 Types of Login Service Login Service Function portmaster PortMaster is the default login service and can be used to access any host that has the PortMaster in.pmd daemon installed.
Configuring a Port for Access to Shared Devices Setting the Login Host You can specify how the login host is determined for the selected port. The three ways to determine the login host are described in Table 5-2. Table 5-2 Login Host Options Host Option Description default The host used for this port is the default or alternate host specified in the global settings. prompt The user is given the opportunity to enter a hostname or IP address instead of the standard login prompt.
Configuring a Port for Access to Shared Devices You can provide access to host device ports by establishing a pseudo-tty connection to the port from a UNIX host with the PortMaster daemon software installed. In this case, the port operates as a host-controlled device. Figure 5-2 shows a host device configuration using the PortMaster device service and a pseudo-tty connection. This configuration is most commonly used to provide access to shared devices such as printers.
Configuring a Port for Access to Shared Devices Figure 5-3 Network Device Configuration user 2 modems PortMaster host: /dev/network Telnet/rlogin/netdata 11820003 11820003 user 1 Once the port type is set to accommodate a host device, the device service must be selected and the hostname entered. If the device service selected is PortMaster for pseudo-tty service, a hostname must be specified either in the port configuration or as the global default host. In addition, the PortMaster in.
Configuring a Port for Access to Shared Devices Setting the Device Service The device service defines the method used to connect a host to a host device port.
Configuring a Port for Network Access Telnet Device Service Telnet is a remote terminal protocol supported by most computers using TCP/IP protocols. Telnet allows the user at one site to establish a TCP connection to a login server at another site. Once the connection is established, keystrokes are passed from one system to the other. Use Telnet service in networks where a variety of hardware devices with different operating systems must use the selected port.
Configuring a Port for Network Access When you configure a port for network dial-in, dial-out, or two-way access, the port becomes available for connections to and from remote sites using modems and the Serial Line Internet Protocol (SLIP) or the Point-to-Point Protocol (PPP). To configure a port for network access, follow these steps: 1. Set the port to network and choose the access type. Command> set S0 network dialin|dialout|twoway 2. Save the configuration.
Configuring a Port for Network Access Figure 5-4 Dial-In-Only Port Access mobile or at-home user dial-in connection modems PortMaster workstation 1 workstation 2 11820017 11820017 Network Dial-Out-Only Access Network dial-out-only access can be set on ports dedicated to Internet connections or connections to another office. In this configuration, the port is used to establish communication from the PortMaster to an outside location. SLIP or PPP is used for these types of connections.
Configuring a Port for Network Access Figure 5-5 Dial-Out-Only Access branch office workstation 1 PortMaster modem dial-out connection main office modems workstation 2 PortMaster workstation 1 11820018 11820018 Network Dial-In-and-Out (Two-Way) Access Dial-in-and-out service on a selected port is also called two-way access. Two-way access is specified for ports where both dial-in and dial-out access are needed.
Configuring a Port for Network Access To set a port for network two-way access, use the following commands Command> set S0 network twoway Command> save all PPP and SLIP Connections The Serial Line Internet Protocol (SLIP) is an older protocol than PPP and not as robust. However, some hosts support only SLIP. The type of protocol allowed is specified for each dial-in user, dial-out location, or network hardwired port.
Configuring a Port for a Dedicated Connection Configuring a Port for a Dedicated Connection You can configure an asynchronous port for a permanent network connection (also known as a hardwired connection). Hardwired connections require no modem dialing or authentication protocol and are designed for connections to modems configured for leased line service, asynchronous-to-synchronous converters, or Frame Relay asynchronous devices (FRADs). Hardwired connections can use SLIP or PPP with IP and IPX.
Configuring a Port for a Dedicated Connection To configure a port for a hardwired connection, follow this procedure: 1. Set the port for network hardwired. Command> set S0 network hardwired 2. Set the protocol. Command> set S0 protocol slip|ppp 3. Set the maximum transmission unit (MTU) size. Command> set S0 MTU MTU 4. Set the destination IP address. Command> set S0 destination Ipaddress [Ipmask] 5. Set the IPX network number if you are using IPX. Command> set S0 ipxnet Ipxnetwork 6. Enable RIP routing.
Configuring a Port for a Dedicated Connection Setting the Protocol The network protocol for the hardwired port can be set for PPP packet encapsulation or SLIP encapsulation as described in “PPP and SLIP Connections” on page 5-19. If you want to use PPP you have your choice of the following options: • PPP with IP packet routing • PPP with IPX packet routing • PPP with both IP and IPX packet routing You should select a protocol that is compatible with your network configuration.
Configuring a Port for a Dedicated Connection Configuring RIP Routing As described in the PortMaster Routing Guide, PortMaster products automatically send and accept route information as part of RIP messages if RIP routing is turned on. To configure RIP routing for a network hardwired asynchronous port, use the following command: Command> set S0 rip on|broadcast|listen|off Note – ComOS releases prior to 3.5 use routing instead of the rip keyword. ✍ Table 5-3 describes the results of using each keyword.
Configuring a Port for a Dedicated Connection The PortMaster supports Stac LZS data compression only for PPP connections with bidirectional compression. Stac LZS data compression cannot be used for SLIP connections. To configure compression, use the following command: Command> set S0|W1 compression on|stac|vj|off Table 5-4 describes the results of using each keyword. Table 5-4 ✍ Keywords for Configuring Compression Keyword Description on Enables compression.
Connecting without TCP/IP Support characters. The PPP asynchronous map is a bitmap of characters that should be replaced. The default PPP asynchronous map is 00000000. If the remote host requires a PPP asynchronous map, the PortMaster accepts the request for the map. Setting Input and Output Filters Input and output packet filters can be attached to a network hardwired port. Filters allow you to monitor and restrict network traffic.
Connecting without TCP/IP Support ✍ 5-26 Note – The PortMaster ignores the Data Set Ready (DSR) signal. Some PCs might require DSR high, but they do not tie DSR to DTR.
Configuring a Synchronous WAN Port 6 This chapter describes the steps required to configure a PortMaster synchronous Wide Area Network (WAN) port. This chapter discusses the following topics: • “Synchronous Port Uses” on page 6-1 • “Configuring WAN Port Settings” on page 6-4 See the PortMaster Command Line Reference for more detailed command descriptions and instructions.
Synchronous Port Uses dozen field offices with 56Kbps or fractional T1 Frame Relay connections can connect to a central office using a fractional T1 or T1 Frame Relay connection. The central office requires only one CSU/DSU and synchronous port on the router, instead of 12. For more information, see Chapter 13, “Using Frame Relay.” Routing over Switched 56Kbps.
Synchronous Port Uses Figure 6-1 Synchronous WAN Connection Bangkok workstation 1 IRX Router workstation 2 IRX Router CSU/DSU workstation 3 Frame Relay New York CSU/DSU workstation 1 IRX Router IRX Router workstation 2 workstation 3 11820004 Once you have determined the type of synchronous connection to use between your remote locations, the synchronous port on each end of the connection must be configured.
Configuring WAN Port Settings Configuring WAN Port Settings The WAN port settings described in this section enable you to configure your synchronous port for you needs. “General Synchronous Settings” on page 6-4 includes settings that are available for all connection types. The settings in “Settings for Hardwired Connections” on page 6-7 are available only for network hardwired connections.
Configuring WAN Port Settings Table 6-1 describes the four connection types available on synchronous ports. Table 6-1 Port and Network Types Type Description hardwired Allows you to establish a dedicated network connection between two sites without modem dialing or authentication. In this mode, the port immediately begins running the specified protocol. If the port is set for a hardwired connection, it cannot be used for any other purpose.
Configuring WAN Port Settings You can substitute any of the following for Speed: 9600 19200 56000 64000 115200 1536k t1 14400 38400 57600 76800 1344k 2048k t1e e1 Setting Modem Control When modem control is on, the PortMaster uses the condition of the carrier detect (DCD) signal from an attached modem to determine whether the line is in use. Modem control is off for synchronous connections by default.
Configuring WAN Port Settings Assigning a Port to a Dial Group You can create modem pools for dial-out connections by associating ports and dial-out locations with dial groups. Dial groups can be used to reserve ports for dial-out to specific locations, or to differentiate among different types of modems that are compatible with the remote location. Dial groups are numbered 0 to 99. The default dial group is 0.
Configuring WAN Port Settings Setting the Transport Protocol The transport protocol for synchronous connections must be set for a network hardwired synchronous port. Choose PPP for leased line, switched 56Kbps, and ISDN connections, or Frame Relay for a Frame Relay connection. Additional Frame Relay settings must be configured for Frame Relay connections, described in Chapter 13, “Using Frame Relay.
Configuring WAN Port Settings To set the destination IP address for a leased-line connection only, use the following command: Command> set W1 destination Ipaddress [Ipmask] Setting the Subnet Mask The default subnet mask is 255.255.255.0. If you have divided your network into subnets, enter the subnet mask that identifies how your network addresses are divided between the network portion and the host portion.
Configuring WAN Port Settings To configure RIP routing, use the following command: Command> set W1 rip on|broadcast|listen|off ✍ Note – ComOS releases prior to 3.5 used the keyword routing instead of the rip keyword. Table 6-3 describes the results of using each keyword. Table 6-3 Keywords for Configuring RIP Routing Keyword Description on The PortMaster broadcasts and accepts RIP packets from the system at the other end of the WAN connection. This is the default.
Configuring WAN Port Settings To apply an input filter to a synchronous port, use the following command: Command> set W1 ifilter [Filtername] To apply an output filter to a synchronous port, use the following command: Command> set W1 ofilter [Filtername] You can remove filters from the port by entering the command without a filter name. If a filter is changed, you must reset the port for the change to take effect.
Configuring WAN Port Settings 6-12 PortMaster Configuration Guide
Configuring Dial-In Users 7 This chapter describes how to configure the PortMaster user table to support dial-in connections. The user table settings define how each dial-in user is authenticated and how dial-in connections are made. To configure network dial-in connections from other routers, you must define each remote router as a user on the PortMaster.
Configuring the User Table Displaying User Information You can display the current users in the user table or the complete configuration information for a specified user. To display the current users in the user table, for example, enter the following command: Command> show table user Name Type Address/Host Netmask/Service RIP --------------------------------------------------------------------------jozef Netuser negotiated 0000000000 adele Login User default Telnet elena Netuser assigned 255.255.255.
User Types ✍ Note – To add a network user, you must use the netuser keyword. Thereafter, you can use either the netuser or the user keyword to configure settings for the network user. You must always use the user keyword when configuring login users. Deleting Users from the User Table To delete a user from the user table, use the following command: Command> delete user Username User Types User settings define the nature and behavior of dial-in users.
Configuring Settings for Network and Login Users Configuring Settings for Network and Login Users The following settings can be configured for either network or login users. Setting a Password To set a password for either a login or network user, use the following command: Command> set user Username password Password The password can contain between 0 and 16 printable ASCII characters.
Configuring Network Users Setting the Protocol You can set the network protocol for the network user to PPP or SLIP as described in Chapter 5, “Configuring an Asynchronous Port.” Select a protocol that is compatible with the rest of your network configuration and the user’s capabilities. To set the network protocol for a network user, use the following command: Command> set user Username protocol slip|ppp If you set a nonzero IP address for a network user using PPP, IP is automatically routed.
Configuring Network Users To set the user IP address for a normal network user, use the following command: Command> set user Username destination assigned|negotiated|Ipaddress Setting the Subnet Mask Do not set a subnet mask for a network user unless the user is routed to another network from your network. In that case, set the subnet mask to 255.255.255.255.
Configuring Network Users Table 7-2 describes the results of using each keyword. Table 7-2 Keywords for Configuring RIP Routing Keyword Description on The PortMaster broadcasts and listens for RIP information. off The PortMaster neither broadcasts nor listens for RIP information from the local Ethernet. This is the default. broadcast The PortMaster broadcasts RIP information to the host at the other end of the connection.
Configuring Network Users The MTU size is typically set to the maximum allowed for the protocol being used, either 1500 bytes (for PPP) or 1006 bytes (for SLIP). However, smaller MTU values can improve performance for interactive sessions. If you are using IPX, the MTU should be set to at least 600.
Configuring Network Users The PortMaster supports Stac LZS data compression only for PPP connections with bidirectional compression. Stac LZS data compression cannot be used for SLIP connections. To set header compression for a network user, use the following command: Command> set user Username compression on|off Table 7-3 describes the results of using each keyword. Table 7-3 Keywords for Configuring Compression on Enables compression.
Configuring Login Users To apply an output filter for a network user, use the following command: Command> set user Username ofilter [Filtername] Omitting the Filtername removes any filter previously set on the port. Note – Filters will be applied to the user the next time the user dials in. ✍ Specifying a Callback Location You can configure the user for callback connections to enhance network security or to simplify telephone charges.
Configuring Login Users To set the login host for a login user, use the following command: Command> set user Username host default|prompt|Ipaddress Table 7-4 Login Host Options Host Option Description default This option allows the user to log in to the default or alternate host specified for this PortMaster. You can specify the default host with the set host command shown on page 17-5.
Configuring Login Users Setting the Login Service Type All login users must have an associated login service that determines the nature of their connection with the host. The login service specifies how login sessions are established. Four types of login service are available as described in Table 7-5. Table 7-5 Types of Login Service Login Service Function portmaster PortMaster is the default login service and can be used to access any host that has the PortMaster in.pmd daemon installed.
Configuring Login Users Table 7-5 Types of Login Service (Continued) Login Service Function netdata The netdata login service creates a virtual connection between the PortMaster port and another serial port on another PortMaster, or between the PortMaster port and a host. This login service creates a clear-channel TCP connection. To connect to another PortMaster port using netdata, you must configure that port as /dev/network with the netdata device service and the same TCP port number.
Configuring Login Users 7-14 PortMaster Configuration Guide
Configuring Dial-Out Connections 8 This chapter discusses how to create locations—settings for dial-out destinations—for dial-out connections. This chapter discusses the following topics: • “Configuring the Location Table” on page 8-1 • “Setting Multiline Load Balancing” on page 8-11 • “Setting Filters” on page 8-13 • “Testing Your Location Configuration” on page 8-14 See the PortMaster Command Line Reference for more detailed command descriptions and instructions.
Configuring the Location Table Locations can also optionally have the following settings: ✍ • Connection type (dial-on-demand, continuous, or manual) • Routing protocol • IPX network number • MTU size • Compression • Idle timer • Data-over-voice for ISDN connections • CHAP authentication • Asynchronous character map • Multiline load balancing Note – The location table is not used for dialing out with the tip command or UUCP.
Configuring the Location Table Creating a Location You must create a unique dial-out location for each remote host or router you want to access. Location table entries are identified by this unique location name, which can contain up to 12 characters.
Configuring the Location Table On-Demand Dial-on-demand connections to selected locations can save money because the telephone line is used only when traffic needs to be transmitted. The dial-on-demand configuration can also be used as a backup for other types of connections such as those using high-speed synchronous lines. A dial-on-demand connection usually has the idle timer set so that the connection is closed when no longer needed.
Configuring the Location Table To configure a location to support a manual connection, use the following command: Command> set location Locname manual ✍ Note – Disconnect dial-out connections by resetting the port before switching a connection type from manual to on demand,. Setting the Telephone Number The telephone number setting is used to dial out to the remote location.
Configuring the Location Table Setting the Destination IP Address The destination IP address is the IP address expected on the system at the remote end of the dial-out connection. For PPP connections, you can either specify an IP address or have it negotiated. If you enter 255.255.255.255 (negotiated) for the destination IP address, the PortMaster learns the IP address of the remote system during PPP IPCP negotiation.
Configuring the Location Table Setting RIP Routing You can associate RIP routing with locations—for example, a dial on-demand connection where the remote router is defined as a location on the local PortMaster. As described in the PortMaster Routing Guide, PortMaster products automatically send and accept route information as RIP messages. Refer to the PortMaster Routing Guide for OSPF and BGP configuration instructions.
Configuring the Location Table Setting the Dial Group Dial groups associate locations with specific dial-out ports. By default, all ports and locations belong to dial group 0 (zero). You can configure locations and ports into dial groups numbered from 0 to 99. Dial group numbers can be used to reserve ports for dial-out to specific locations, or to differentiate among different types of modems that are compatible with the remote location.
Configuring the Location Table Compression cannot be used with multiline load-balancing, but can be used with Multilink PPP. Compression must be enabled on both ends of the connection if you are using SLIP. With SLIP, TCP packets are not passed if only one side of the connection has compression enabled. For PPP connections, the PortMaster supports both bidirectional and unidirectional compression. Refer to RFC 1144 for more information about header compression.
Configuring the Location Table Setting the Idle Timer You can set the idle timer for a location with manual or on-demand connections. This timer defines the length of time the line can be idle, with no network traffic in either direction, before the PortMaster disconnects the connection. You can set the idle time in seconds or minutes, to any value from 0 to 240. The default setting is 0 minutes.
Setting Multiline Load Balancing To set CHAP authentication for a location, use the following command: Command> set location Locname chap on|off Setting the Asynchronous Character Map The PPP protocol supports the replacement of nonprinting ASCII data in the PPP stream. These characters are not sent through the line, but instead are replaced by a special set of characters that the remote site interprets as the original characters.
Setting Multiline Load Balancing The following settings are used to configure load balancing and define when additional lines to this location are dialed. Setting the Maximum Number of Dial-Out Ports To configure load balancing, you must define the number of dial-out ports that can be used to dial and establish a connection with this location. This setting creates a pool of ports that can be used at the same time to establish a connection with this location.
Setting Filters This value is used only when the maximum number of ports is greater than one. The default high-water mark is zero. To set the high-water mark in bytes for a location, use the following command: Command> set location Locname high_water Number Setting Filters You can attach input and output filters to each location. Filters must be defined in the filter table before they can be added to the location table. For more information about filters, see Chapter 9, “Configuring Filters.
Testing Your Location Configuration Testing Your Location Configuration When you are configuring a location, you can set a manual connection for the location so that you can test the configuration before resetting the connection to on-demand or continuous. To test the configuration, you must initiate a connection with the remote location by using the dial command from the command line. To display the chat script (if you are using one) during dialing, use the optional -x keyword.
Configuring Filters 9 This chapter describes how to configure input and output packet filters. IP, IPX, and Service Advertising Protocol (SAP) rules are reviewed, and filter examples are given. You can also use the ChoiceNet application to filter IP packets by lists of sites rather than by individual IP addresses. For more information on ChoiceNet, see the ChoiceNet Administrator’s Guide.
Overview of PortMaster Filtering You use Ethernet filters to constrain the types of packets allowed to pass through the local Ethernet port, and you can set filters on asynchronous ports configured for hardwired operation when security with another network is an issue. The packet filtering process analyzes the header information contained in each packet sent or received through a network interface.
Overview of PortMaster Filtering Table 9-1 Filter Options (Continued) Option Description Restricting access based on source and destination address You can create filters that evaluate both the source and destination addresses of a packet against a rule list. The number of significant bits used in IP address comparisons can be set, allowing filtering by host, subnet, network number, or group of hosts whose addresses are within a given bit-aligned boundary.
Overview of PortMaster Filtering A maximum of 256 filter rules per filter is allowed for the PortMaster 3 and IRX. For other PortMaster products, the maximum number of filter rules allowed is 100. The PortMaster generates an error message when the number of filter rules exceeds the limit. How Filters Work IP and IPX packet filters are attached to users, locations, Ethernet interfaces, or network hardwired ports as either input or output filters. SAP filters are attached as output filters only.
Creating Filters Creating Filters You construct a filter by creating the filter and then adding rules that permit or deny certain types of packets. A maximum of 256 filter rules per filter is allowed for the PortMaster 3 and IRX. For other PortMaster products, the maximum number of filter rules allowed is 100. The PortMaster generates an error message when the number of filter rules exceeds the limit. Packets are evaluated in the same order as the rules are listed.
Creating Filters Creating IP Filters You can create a rule that filters IP packets according to their source and destination IP addresses. For more information on the command syntax for creating filters, see the PortMaster Command Line Reference.
Creating Filters Filtering TCP and UDP Packets TCP Packets You can filter TCP packets by source and destination IP address, or by TCP port number. Appendix B, “TCP and UDP Ports and Services,” lists port numbers commonly used for UDP and TCP port services. For a more complete list, see RFC 1700.
Displaying Filters Creating SAP Filters The Service Advertising Protocol (SAP) is an IPX protocol used over routers and servers that informs network clients of available network services and resources. SAP packets can be filtered only on output.
Example Filters Example Filters Because filters are very flexible, you must carefully evaluate the types of traffic that a specific filter permits or denies through an interface before attaching the filter. If possible, a filter should be tested from both sides of the filtering interface to verify that the filter is operating as you intended. Using the log keyword to log packets that match a rule to the loghost is useful when you are testing and refining IP filters.
Example Filters Input Filter for an Internet Connection The filter in this example is designed as an input filter for a network hardwired port that connects to the Internet. You can use this filter for a dial-on-demand connection by attaching it to the location entry. The rules for the filter are set as follows: Command> Command> Command> Command> Command> Command> Command> Command> Command> set set set set set set set set set filter filter filter filter filter filter filter filter filter internet.
Example Filters Table 9-3 Description of Internet Filter (Continued) Rule Description 9. Permits ICMP packets. Input and Output Filters for FTP Packets Filters can be used to either permit or deny File Transfer Protocol (FTP) packets. You must understand how this protocol works before you develop FTP filters. FTP uses TCP port 21 as a control channel, but it transfers data on another channel initiated by the FTP server from TCP port 20 (FTP-data).
Example Filters The rules for the input filter are as follows: Command> set filter internet.in 20 dst gt 1023 Command> set filter internet.in 21 estab Command> set filter internet.in Command> set filter internet.in 1023 dst eq 20 estab 1 permit 0.0.0.0/0 192.168.0.1/32 tcp src eq 2 permit 0.0.0.0/0 192.168.0.1/32 tcp src eq 3 permit 0.0.0.0/0 172.16.0.2/32 tcp dst eq 21 4 permit 0.0.0.0/0 172.16.0.2/32 tcp src gt The rules for the output filter are as follows: Command> set filter internet.
Example Filters Rule to Allow Authentication Queries To allow authentication queries used by some mailers and FTP servers, add the following rule to your input filter: Command> set filter filtername RuleNumber permit tcp dst eq 113 For more information about these types of queries, refer to RFC 1413. Rule to Allow Networks Full Access To allow some other network to have complete access to your network, add the following rule. In the example below, 172.16.12.0 is granted full access to 192.168.1.
Example Filters If you use the following example, replace the name server with the IP address or hostname of your Internet server: Command> set Command> set Command> set Command> set dst gt 1023 Command> set Command> set Command> set Command> set Command> set Command> set filter filter filter filter restrict.in restrict.in restrict.in restrict.in 1 2 3 4 deny 192.168.1.0/24 0.0.0.0/0 log permit 0.0.0.0/0 10.0.0.3/32 tcp estab permit 0.0.0.0/0 10.0.0.3/32 tcp dst eq 21 permit 0.0.0.0/0 10.0.0.
Restricting User Access Restricting User Access Access filters enable you to restrict Telnet or rlogin connections to a specific host or network, or a list of hosts or networks. You can create an access filter that restricts user access to particular hosts. Access filters work as follows: 1. The user specifies a host. 2. The host address is compared against the access filter. 3. If the address is permitted by the filter, the connection is established. 4.
Restricting User Access 9-16 PortMaster Configuration Guide
Using Modems 10 This chapter explains how to configure external modems to work with PortMaster products. For information on using the internal digital modems with the PortMaster 3, see Chapter 11, “Configuring the PortMaster 3.
Modem Functions Dial-up modems that operate over normal telephone lines at speeds of 28,800bps or higher are now available. These modems do not operate at a guaranteed throughput, but rather at a speed dependent on the quality of the line, the effectiveness of data compression, and other variables. These modems use hardware flow control to stop the data from the host by raising and lowering the Clear to Send (CTS) signal.
Using Automatic Modem Configuration A modem table display looks like the following: Short Name -------------cardinal mega supra-288 Long Name ------------Cardinal MVP288XF Massive MegaFast Supra V.34 Type -----System User System The modem type is either system or user. System indicates that the configuration settings are the factory default settings. User indicates that the user has configured the modem table settings for that modem.
Using Automatic Modem Configuration Table 10-1 shows the current factory default settings for commonly used modems. Table 10-1 Factory Default Modem Table Entries Modem Name (Short) Modem Name (Long) DTE Rate at&t-v32 AT&T Keep In Touch 57600 AT&F&D3&T5&R0\\D1S0=1&W^OK cardinal Cardinal MVP288XF 11520 0 AT&F1&C1&D2&K3S0=1S2=129S10=20&W0& W1 card-v34-p Cardinal MVP288CC PCMCIA 11520 0 AT&F&C1&D3S0=1s2=129S10=20&W eiger-v32-p Eiger 14.
Using Automatic Modem Configuration Table 10-1 Factory Default Modem Table Entries (Continued) Modem Name (Short) Modem Name (Long) DTE Rate mot-pwr-p Motorola Power 14.4 PCMCIA 57600 AT&F&C1&T5&C1&D2&W mot-life-p Motorola Lifestyle 14.4 PCMCIA 57600 AT&FS0=1&C1&D2\\Q3&T5&W^OK multizdx MultiTech Z/DX fax/data v.32 11520 0 AT&F^ATM0&E1&C1&D3$SB115200S0=1S10= 20%E0&W0 multi-v34 MultiTech MT2834 28.8k 11520 0 AT&F^AT&C1&D3S0=1&W0 multi-v34 MultiTech MT2834 28.
Using Automatic Modem Configuration Table 10-1 Factory Default Modem Table Entries (Continued) Modem Name (Short) Modem Name (Long) DTE Rate usr-v32-p USR Courier/Sportster V.32bis PCMCIA 57600 AT&F1&W usr-v34-p USR Courier/Sportster V.34 PCMCIA 11520 0 AT&F1S0=1&W usr-v32 USR Courier/Sportster V.32bis 57600 AT&F1S0=1&W usr-v34 USR Courier/Sportster V.34 11520 0 AT&F1S0=1&W usr-spt-v32 USR Sportster V.32bis 57600 AT&F1S0=1S10=20S13.0=1&W0 usr-spt-336 USR Sportster 33.
Configuring Ports for Modem Use To configure all ports for the same modem type, use all instead of the port number in the previous example. After the modem is attached to the port, configure the other modem settings described in “Configuring Ports for Modem Use” on page 10-7. To configure the modem not to answer when users dial in, set S0=0 in the initialization string.
Configuring Ports for Modem Use Setting Modem Control Set modem control on if you want to use the DCD signal for modem connections. When modem control is on, the PortMaster uses the condition of the carrier detect line to determine whether the line is in use. Modem control must be on for PortMaster outbound traffic. If modem control is off, the PortMaster assumes the carrier detect line is always asserted.
Configuring Ports for Modem Use To set software flow control for a modem, use the following command: Command> set S0 xon/xoff on|off Hardware flow control allows the PortMaster to receive data from the attached device by raising the Request to Send (RTS) signal on pin 4 of the RS-232 connector. The PortMaster sends information to the attached device only when the Clear to Send (CTS) modem line on pin 5 of the RS-232 connector is raised.
Configuring Ports for Modem Use 10-10 PortMaster Configuration Guide
Configuring the PortMaster 3 11 This chapter describes how to use the command line interface to configure the ISDN Primary Rate Interface (PRI) Line0 and Line1, and the digital modems on the PortMaster 3. The PortMaster 3 can also use many of the commands common to all PortMaster models. ✍ Note – After making any configuration changes to a line (Line0 or Line1), you must use the save all and reboot commands for the changes to take effect.
Configuring General Settings Command> show Line0 Configuring Line Use You can use a line as a single E1 or T1 line, as PRI B channels, as fractional E1 or T1 lines divided into channel groups, or for inband signaling for channelized T1. ✍ Note – T1 and E1 lines require an external clock signal provided by the device to which the PortMaster is connected, or by the telephone company network. To configure a line, use the following command. Table 11-1 explains the line use options.
Setting the Inband Signaling Protocol for T1 ! Warning – If you configure a line for fractional T1 and reboot the PortMaster 3 before configuring the group and channels, you will no longer be able to see and configure the line. You must erase your entire configuration and reboot to see the line again. Setting the Channel Rate To set the channel rate to 56Kbps or 64Kbps for a channel group, use the following command. Table 11-2 explains the channel rate options.
Setting the Inband Signaling Protocol for E1 Setting the Inband Signaling Protocol for E1 Although PortMasters do not require dial digits (the calling number and caller ID) when establishing a connection, most Telcos transmit this information by default. You can use the r2gen signalling option if you don’t require dial digits, but you must first arrange for the Telco not to transmit these signals. The PortMaster defaults to r2gen when you set the line to inband (see “Configuring Line Use” on page 11-2).
Configuring ISDN PRI Settings Configuring ISDN PRI Settings Use the following settings to configure ISDN PRI on the PortMaster 3. Setting the ISDN PRI Switch The switch type information is available from your ISDN PRI service provider. To set the switch type for ISDN connections to the PortMaster ISDN PRI ports, use the following command—entered on one line. Table 11-5 explains the ISDN switch options.
Configuring ISDN PRI Settings To set the framing format used for the E1 or T1 line, use the following command. Table 11-6 explains the framing format options. Command> set Line0 framing esf|d4|crc4|fas Table 11-6 T1 Inband Signaling Protocol Options Option Description Line0 Line0 or Line1. esf Extended superframe. This is the default format for T1 lines. d4 D4 framing, an alternative format for T1 lines. crc4 Cyclic redundancy check 4. This is the default format for E1 lines.
Configuring ISDN PRI Settings Setting the Pulse Code Modulation You need to set the pulse code modulation only if you are using digital modems and your PRI service provider instructs you to change the setting to something other than the default. This command sets the digital encoding method used for analog signals. To set the pulse code modulation, use the following command. Table 11-8 explains the pulse code modulation options.
Using True Digital Modems Table 11-9 Directory Number Options Options Description S0 One of the ISDN ports Number Access telephone number Using True Digital Modems Use the following settings to configure the built-in digital modems on the PortMaster 3. Setting Digital Modems The digital modems are numbered from m0 to m59, for a maximum of 60 modems. Modem slot 0 is allocated numbers m0 through m9, modem slot 1 is allocated numbers m10 through m19, and so on.
Using True Digital Modems Hot-Swapping Digital Modem Cards With the lastcall feature, you can hot-swap a modem card without dropping calls. To force an active modem into ADMIN mode as soon as the last active call terminates, use the following command: Command> set M0 lastcall When the lastcall feature is set, modem status displayed by the show m0 and show modems commands is ACT(LC).
Using Channelized T1 • TEST—under test • DOWN—unavailable To display the status for all modems, use the following command: Command> show modems Using Channelized T1 The PortMaster 3 has an integrated channel service unit/digital service unit (CSU/DSU). However, the other end of a T1/E1 connection might require an external clock signal provided by the telephone company, or a CSU/DSU. Why Use Channelized T1? Channelized T1 service provides 24 channels of 56Kbps capacity each.
Using Channelized T1 Configuring the PortMaster 3 for Channelized T1 Follow these steps to configure the PortMaster 3 to use channelized T1 service: 1. Set the line for inband signaling. Command> set Line0 inband 2. Set the signaling protocol and the line provisioning. Command> set Line0 signaling wink|fxs inonly 3. Set the framing format for the line. Command> set Line0 framing esf|d4|crc4|fas 4. Set the encoding method for the line. Command> set Line0 encoding b8zs|ami 5.
Using the T1 Expansion Card To display the line configuration for line 1, for example, enter the following command: Command> show line1 ----------------------line1 - T1 Inband DS0 -----------------Status: UP Framing: ESF Encoding: 8ZS PCM: u-law Signaling: Trunk E&M wink start Options: inbound calls only Receive Level: +2dB to -7.
Using the T1 Expansion Card When you specify internal, the built-in 1.544MHz crystal sets timing on the line. This is useful for dry wire configurations, or for back-to-back connections. When you specify external, the built-in DSU/CSU extracts timing from the line. Configuring the T1 Expansion Card for Fractional T1 The T1 card is identified as line2 in the PortMaster 3. Follow these steps to configure the PortMaster 3 to use fractional T1 service: 1. Set the line for fractional T1.
Using the T1 Expansion Card Troubleshooting the T1 Expansion Card If the T1 expansion card is not properly installed, the show line2 command displays the following status: line2 not available This message indicates that the card is either not present or installed incorrectly. If the card is present, remove it, wait 5 seconds and reinstall it. Refer to your hardware installation guide for instructions.
Using Multichassis PPP Using Multichassis PPP Multichassis PPP allows the use of Multilink PPP across multiple PortMasters in a single telephone hunt group, and on the same Ethernet. Setting Multichassis PPP To enable Multichassis PPP, set the endpoint discriminator on all PortMaster products sharing a hunt group and Ethernet, with the same 12-digit hexadecimal number.
Troubleshooting the PortMaster 3 Troubleshooting the PortMaster 3 The debug command is useful for troubleshooting the digital modems and Multichassis PPP events. Output is sent to the system console set by the set console command. After completing the debugging process, disable the debug commands by using the correct set debug off command, and reset the console with the reset console command. Debug information is displayed to the console.
Using ISDN BRI 12 This chapter describes how to configure the PortMaster to connect two local area networks (LANs) via ISDN using V.25bis dialing on a Basic Rate Interface (BRI) with an integrated network termination device (NT1). This chapter also provides an example to demonstrate this type of configuration. For information on the PortMaster 3 and ISDN PRI service, see Chapter 11, “Configuring the PortMaster 3.
Overview of ISDN BRI Connections For the ISDN S/T interface, a PortMaster requires an external terminal adapter to connect from the PortMaster synchronous port to the ISDN link. For terminal adapters that do not have automatic dialing or for administrators who want to manually connect with the terminal adapter, the PortMaster supports automatic location table scripting. For more information, see Chapter 8, “Configuring Dial-Out Connections.
Overview of ISDN BRI Connections Figure 12-1 Example of an ISDN Connection Bangkok workstation 1 workstation 2 PortMaster 2e PortMaster PM-2E with BRI module workstation 3 ISDN New York workstation 1 System Link Network NT1 S1 S2 Office Router-ISDN workstation 2 workstation 3 11820006 Provisioning To help you determine the kind of provisioning you require for your ISDN setup, refer to the information in the hardware installation guide and on the Lucent Remote Access website at http://www.
Configuring ISDN Configuring ISDN This section describes the commands that you need to configure a PortMaster for ISDN BRI service. ISDN BRI Switch Types The North American ISDN U interface and international S/T interface require different switch type settings on your PortMaster. North American ISDN BRI Switch Types The ISDN switch type for North American ISDN connections (U interface) can be set to one of four values, shown in Table 12-1.
Configuring ISDN Table 12-2 International ISDN BRI Switch Types (Continued) ISDN Switch Type Used for ntt Japan kdd Japan Setting the Switch Type To set the ISDN switch type for an ISDN BRI U interface, use the following commands: Command> set isdn-switch ni-1|dms-100|5ess|5ess-ptp Command> reboot To set the ISDN switch type for an ISDN BRI S/T interface, use the following commands: Command> set isdn-switch net3|vn4|1tr6|ntt|kdd Command> reboot ✍ Note – You must reboot the PortMaster after changi
Configuring ISDN Terminal Identifier (TID) for ISDN BRI The terminal identifier (TID) is a numeric value used by some telephone switches for additional identification. Some telephone companies require the SPID, while others require a TID, as well. When configuring the PortMaster, append the TID to the SPID if required by your carrier. Directory Number The optional directory number is a 10-digit phone number provided by the telephone company.
Configuring ISDN Note – numberauto is off by default. ✍ Setting the Number Type To change the number type from the default manufacturer setting (so that you can, for example, begin successfully to place outbound calls), use the following command: Command> set isdn-numbertype 0|1|2|4 The new setting becomes effective immediately; it does not need to be saved to nonvolatile RAM. Enter this command without a number type value to display a list of all plan values available, and the current setting.
Configuring ISDN Multiple Subscriber Network for an S/T Interface For countries that support BRI via the S/T bus interface, you can enable the multiple subscriber network (MSN) feature. When enabled, this feature allows multiple ISDN devices attached to the same BRI line to receive calls not intended for the PortMaster. When the MSN feature is disabled, the PortMaster rejects the call if a port is not available.
ISDN Port Configuration Tips ISDN Port Configuration Tips Use the following tips to help you configure your ISDN BRI port: • Modem control (carrier detect), flow control, and speed are not set on an ISDN port. The PortMaster automatically detects the speed and sets the port to 64000bps or 56000bps accordingly. Flow control is not set on a synchronous line because the external clock speed is provided by the telephone company and carrier detect is always used.
ISDN BRI Unnumbered IP Configuration Example 2. Configure the following settings for the PortMaster in Denver: a. Configure global settings (page 12-11). b. Configure Ethernet interface settings (page 12-12). c. Configure ISDN port settings (page 12-12). d. Configure dial-in users (page 12-13). e. Configure dial-out locations (page 12-14). 3. Configure the following settings for the PortMaster in San Francisco: a. Configure global settings (page 12-16). b.
ISDN BRI Unnumbered IP Configuration Example For comparison, Figure 12-3 shows a similar configuration using ISDN BRI with numbered interfaces. Figure 12-3 ISDN BRI Numbered S.F. Denver Ether0 192.168.100.1/24 Ether0 192.168.200.1/24 Internet PM2 PM2 BRI PPP 10.0.0.0/24 BRI PPP 10.0.0.2/24 11820026 Configuring the PortMaster in Denver The PortMaster in Denver is being configured for an ISDN dial-up connection to the PortMaster in San Francisco.
ISDN BRI Unnumbered IP Configuration Example Configuring Ethernet IP Interface Settings Configure the following Ethernet interface settings to the values shown in Table 12-4. Table 12-4 Ethernet Values Setting Command Protocol set ether0 ipx enable IP address set ether0 address 192.168.200.1 Netmask set ether0 netmask 255.255.255.0 IPX network set ether0 ipxnet F1 IPX frame type set ether0 ipxframe ethernet_802.
ISDN BRI Unnumbered IP Configuration Example Table 12-5 ISDN Port Values Setting Command Port type S1 set s1 network twoway Port type S2 set s2 network twoway Dial group S1 set s1 group 2 Dial group S2 set s2 group 2 Directory number S1 set s1 directory number 5551111 Directory number S2 set s2 directory number 7005551112 SPID S1 set s1 spid 700555111100 SPID S2 set s2 spid 700555111201 All the other parameters should be left at their default values.
ISDN BRI Unnumbered IP Configuration Example Table 12-6 User Table Values (Continued) Setting Command User IP address set user sf address 192.168.100.1 Netmask set user sf netmask 255.255.255.
ISDN BRI Unnumbered IP Configuration Example Table 12-7 ✍ Location Table Values (Continued) Setting Command IPX network set location sf ipxnet F3 RIP routing set location sf rip on MTU set location sf mtu 1500 Idle timer set location sf idle 2 Dial group set location sf group 2 Username set location sf username sf Telephone number set location sf telephone 5551212 Password set location sf password anypasswd High-water mark set location sf high_water 0 Maximum ports set location sf m
ISDN BRI Unnumbered IP Configuration Example Configuring Global Settings Configure the global settings to the values shown in Table 12-8. Table 12-8 Global Values Setting Command IP gateway set gateway 192.168.1.2 (This is the address of the next upstream router.
ISDN BRI Unnumbered IP Configuration Example After you configure the Ethernet interface as shown in Table 12-9, enter the following command to save the configuration: Command> save all For more information on Ethernet settings, refer to Chapter 4, “Configuring the Ethernet Interface.” Configuring ISDN Port Settings Configure the ISDN port with the values shown in Table 12-10 for the example in this chapter. This example assumes that the BRI used is port S1-S2 on a PortMaster ISDN Office Router (OR-U).
ISDN BRI Unnumbered IP Configuration Example Configuring a Dial-In User A user account must be set up on the PortMaster router in San Francisco so that PortMaster in Denver can dial in when traffic is queued. The new user denver should be configured with the values shown in Table 12-11. Table 12-11 User Table Values Setting Command Username add netuser denver Password set user denver password anypasswd Protocol set user denver protocol ppp User IP address set user denver address 192.168.200.
ISDN BRI Unnumbered IP Configuration Example Configuring a Dial-Out Location A location entry on the PortMaster in San Francisco must be created for the location identified as denver. This allows the PortMaster router in San Francisco to call the PortMaster in Denver when network traffic is queued. The new location denver should be configured with the values shown in Table 12-12.
ISDN BRI Unnumbered IP Configuration Example ✍ Note – Configuring the maximum ports setting to a value higher than 0 causes the PortMaster to dial out to a continuous location, or become available for dial-out to an on-demand location. By configuring the maximum ports setting last, you ensure that the PortMaster will not attempt to make a connection with a location until you have configured all the settings for that location.
Troubleshooting an ISDN BRI Connection 4. If you notice a problem, do the following: a. Reset the port on the PortMaster in Denver. b. Change the settings you think are causing the problem. c. Dial San Francisco again. d. Repeat this procedure until the connection is made correctly. 5. Repeat Steps 1 through 4, dialing from San Francisco to Denver.
Troubleshooting an ISDN BRI Connection • To view the PPP negotiation, enter the following commands: Command> set console Command> set debug 0x51 For more information about the interpreting the results of the debug command, refer to the PortMaster Troubleshooting Guide.
Using Frame Relay 13 Frame Relay is a method of encapsulating network information that allows for fast delivery and high line utilization. PortMaster routers support Frame Relay over synchronous ports. This chapter uses an example to demonstrate how to configure the PortMaster to connect to a synchronous line using Frame Relay.
Overview of Frame Relay PVCs and DLCIs PortMaster products support permanent virtual circuits (PVCs). PVCs are used to form a connection between any two devices attached to a Frame Relay cloud. Each PVC is given a unique number on each physical circuit along the path between the two devices. This unique number is called a data link connection identifier (DLCI). The DLCI is automatically changed to the PVC number of the next physical circuit as it passes through each switch along the path.
Overview of Frame Relay Discarding Frames The PortMaster pushes as much data out of the serial port as it can at port speed for any PVC that has traffic, regardless of CIR. The Frame Relay switch passes as much of the data as possible on to the next link. However, once a particular PVC has transmitted its CIR-worth of bits each second, the switch marks any additional frames as “discard eligible.
Frame Relay Configuration on the PortMaster Frame Relay Configuration on the PortMaster You configure Frame Relay by selecting the Frame Relay protocol, setting the IP address of the port, and specifying the DLCIs during the synchronous port configuration. Alternatively, the PortMaster can discover DLCIs dynamically with LMI or Annex-D and learn the IP addresses of the other routers through Inverse ARP if the other routers on your Frame Relay cloud support Inverse ARP as specified in RFC 1490.
Frame Relay Configuration on the PortMaster Figure 13-1 Frame Relay Configuration Bangkok workstation 1 IRX Router workstation 2 IRX Router CSU/DSU workstation 3 Frame Relay New York CSU/DSU workstation 1 IRX Router IRX Router workstation 2 workstation 3 11820004 Enabling LMI You can specify whether the PortMaster accepts Local Management Interface (LMI) frames from the attached Frame Relay switch. If LMI is enabled on the switch, you must enable LMI on the PortMaster.
Frame Relay Configuration on the PortMaster ✍ Note – Contact your Frame Relay carrier to determine which keepalive they are using, LMI or Annex-D. To enable LMI, use the following command: Command> set W1 lmi Seconds Enabling Annex-D The PortMaster also accepts the Annex-D polling interval. The Annex-D default value is 10 seconds. However, if your telephone company chooses another keepalive value, change this value as they instruct you. Enabling LMI causes the DLCI list to be completed automatically.
Configuration Steps for a Frame Relay Connection Configuration Steps for a Frame Relay Connection The example described in this chapter connects a PortMaster router located in a main office (Bangkok) with a PortMaster router located in a branch office (New York) using Frame Relay on a synchronous interface. To install your PortMaster, follow the instructions in the hardware installation guide. If you need additional help, refer to the troubleshooting chapter of the guide.
Configuration Steps for a Frame Relay Connection Configuring the PortMaster in Bangkok Configure the settings for the PortMaster in Bangkok with the values in the following sections. Configuring Global Settings Configure the global settings on the PortMaster in Bangkok to the values shown in Table 13-1. Table 13-1 Global Values Parameter Command Gateway set gateway 192.168.20.
Configuration Steps for a Frame Relay Connection For more information on Ethernet parameters, refer to Chapter 4, “Configuring the Ethernet Interface.” Configuring Synchronous WAN Port Parameters Configure the synchronous WAN port W1 to the values shown in Table 13-3. Table 13-3 Synchronous WAN Port Values Setting Command Port type set w1 network hardwired Protocol set w1 protocol frame Port IP address set w1 address 192.168.20.1 Netmask set w1 netmask 255.255.255.
Configuration Steps for a Frame Relay Connection Configuring Ethernet Interface Settings Configure the Ethernet interface settings to the values shown in Table 13-4. Table 13-4 Ethernet Values Setting Command IP address set ether0 address 92.168.1.1 Netmask set ether0 netmask 255.255.255.
Troubleshooting a Frame Relay Configuration Table 13-5 WAN Port Parameter Values (Continued) Setting Command DLCI list set w1 dlci 16:192.168.20.1 (You do not need to set a DLCI list if the remote router supports Inverse ARP.
Frame Relay Subinterfaces • Verify that you are using the correct cables and that they are attached securely to the correct port. Not all WAN ports are capable of the same speeds. • Verify that the DIP switch is set to V.35 for Lucent cables and that you are plugged into the correct V.35 interface on your CSU/DSU. • Verify that the CSU/DSU is providing the clock signal to the PortMaster. The CSU/DSU can generate the clock signal or receive it from the carrier.
Frame Relay Subinterfaces Adding a Location To configure a Frame Relay subinterface, you add a location for each interface, configure it with the frame protocol, and associate it with a dial group. Then associate a synchronous port with the same dial group.
Frame Relay Subinterfaces Troubleshooting Subinterfaces Packets received on a subinterface can be identified as belonging to that subinterface only if the DLCI is properly entered in the DLCI table for that location. If you are having problems, do the following: • Wait a few moments. Subinterfaces come up after the primary interface. This process can take a few moments. • Check the list of DLCIs tied to each location using the show location Locname command.
Frame Relay Subinterfaces Example: Configuring a Frame Relay Subinterface This set of example commands configures a PortMaster IRX-111 router with Frame Relay packets coming into port S1 with DLCIs 16, 17, and 18. Port S1 has already been configured for Frame Relay, so that portion is not shown here. The following commands split the Frame Relay port into a primary subinterface for DLCI 18 and a secondary subinterface for DLCIs 16 and 17.
Frame Relay Subinterfaces 13-16 PortMaster Configuration Guide
Using Synchronous V.25bis Connections 14 This chapter uses an example to demonstrate how to configure the PortMaster to connect two local area networks (LANs) via synchronous V.25bis dialing applications such as ISDN, terminal adapters, or switched 56Kbps. This chapter discusses the following topics: • “Overview of Synchronous V.25bis Dial-Up Connections” on page 14-1 • “Configuration Steps for a Synchronous V.25bis Connection” on page 14-3 • “Troubleshooting a Synchronous V.
Overview of Synchronous V.25bis Dial-Up Connections requires only 8 bits. A 115.2Kbps DTE rate cannot properly support two 64Kbps B channels because the terminal adapter is unable to buffer the excess data when the incoming data for an ISDN line is 128Kbps. Figure 14-1 shows an example of an ISDN or switched 56Kbps connection.
Configuration Steps for a Synchronous V.25bis Connection Configuration Steps for a Synchronous V.25bis Connection This example connects a PortMaster located in Boston with a PortMaster located in Miami using a synchronous interface that is initiated on-demand by an ISDN or switched 56Kbps connection. To install your PortMaster, follow the instructions in your hardware installation guide. If you need additional help, refer to the troubleshooting chapter of the installation guide.
Configuration Steps for a Synchronous V.25bis Connection Configuring Global Settings Configure the global settings to the values shown in Table 14-1. Table 14-1 Global Values Setting Command IP gateway set gateway 192.168.1.1 System name set sysname boston After you configure the global settings shown in Table 14-1, enter the following command to save the configuration: Command> save all For more information about global settings, refer to Chapter 3, “Configuring Global Settings.
Configuration Steps for a Synchronous V.25bis Connection For more information on Ethernet settings, refer to Chapter 4, “Configuring the Ethernet Interface.” Configuring Synchronous WAN Port Settings Configure the synchronous WAN port parameters with the values shown in Table 14-3.
Configuration Steps for a Synchronous V.25bis Connection Table 14-4 User Table Values (Continued) Setting Command IPX network set user miami ipxnet F3 RIP routing set user miami rip on MTU set user miami mtu 1500 After you configure user table settings as shown in Table 14-4, enter the following command to save the configuration: Command> save all No compression is used on synchronous lines.
Configuration Steps for a Synchronous V.
Configuration Steps for a Synchronous V.25bis Connection Configuring Global Settings Configure the following global settings to the values shown in Table 14-6. Table 14-6 Global Value Setting Command IP gateway set gateway 192.168.1.2 (This is the address of the next upstream router.
Configuration Steps for a Synchronous V.25bis Connection After you configure the Ethernet interface as shown in Table 14-7, enter the following command to save the configuration: Command> save all For more information on Ethernet settings, refer to Chapter 4, “Configuring the Ethernet Interface.” Configuring Synchronous WAN Port Settings Configure the synchronous WAN port with the values shown in Table 14-8.
Configuration Steps for a Synchronous V.25bis Connection Configuring a Dial-In User A user account must be set up on the PortMaster router in Miami so the PortMaster in Boston can dial in when traffic is queued. The new user boston should be configured on the PortMaster in Miami with the values shown in Table 14-9.
Configuration Steps for a Synchronous V.25bis Connection Configuring a Dial-Out Location A location entry on the PortMaster in Miami must be created for the location identified as boston. This allows the PortMaster router in Miami to call the PortMaster router in Boston when network traffic is queued. The new location boston should be configured on the PortMaster in Miami with the values shown in Table 14-10.
Configuration Steps for a Synchronous V.25bis Connection Testing the Configuration The configuration should be tested before the location boston is set for continuous dialing. To test the configuration, follow these steps: 1. Enter the following commands to connect from the office in Miami to location boston. Command> set console w1 Command> set debug 0x51 Command> dial boston 2. Monitor the dial-and-connect sequence between the two locations. 3. If everything connects as expected, do the following: a.
Troubleshooting a Synchronous V.25bis Connection Troubleshooting a Synchronous V.25bis Connection Most synchronous configurations come up with very little trouble if you have configured the PortMaster using information from your carrier. If you have problems, use the information in this section to debug your configuration. If you are having trouble with a V.
Troubleshooting a Synchronous V.
Using Office-to-Office Connections 15 This chapter uses an example to demonstrate how to configure the PortMaster to connect your office to another office using a dial-on-demand modem configuration. This type of connection is designed to take the place of a costly dedicated line between the two locations, where the amount and duration of traffic do not justify a leased line or Frame Relay connection.
Overview of Example Configuration used as a console, or with an external modem and a straight-through cable connected, as an additional dial on-demand port for multiline load balancing during peak traffic periods.
Configuration Steps for an Office-to-Office Connection The example in this chapter uses the PCMCIA asynchronous modem port on the OR-M. To use the ISDN port on the OR-U, see “Using ISDN for On-Demand Connections” on page 15-15. Configuration Steps for an Office-to-Office Connection The example described in this chapter connects a PortMaster router located in a branch office (London) with a PortMaster router located in the main office (Paris) using a dial-on-demand modem configuration.
Configuration Steps for an Office-to-Office Connection Configuring the Office Router in London Configure the following settings on the PortMaster PCMCIA Office Router in the London office to enable London office users to access the main office network in Paris on demand. Configuring Global Settings Configure the global settings shown in Table 15-1. The values shown in the table only apply to this example. When you are configuring your PortMaster, use values appropriate for your network.
Configuration Steps for an Office-to-Office Connection Table 15-2 Ethernet Values (Continued) Setting Command Broadcast address set ether0 broadcast high After you configure the Ethernet interface as shown in Table 15-2, enter the following command to save the configuration: Command> save all For more information on Ethernet settings, refer to Chapter 4, “Configuring the Ethernet Interface.
Configuration Steps for an Office-to-Office Connection After you configure the port as shown in Table 15-3, enter the following commands to reset the port and save the configuration: Command> reset s1 Command> save all For more information about asynchronous ports, refer to Chapter 5, “Configuring an Asynchronous Port.” For more information about configuring modems, refer to Chapter 10, “Using Modems.
Configuration Steps for an Office-to-Office Connection Dial-Out Location Settings for London You must create a location entry on the PortMaster Office Router in the London office for the Paris office. This entry allows the Office Router in the London office to call the PortMaster 2 in the Paris office when network traffic is queued. The new location paris should be configured with the values shown in Table 17-5.
Configuration Steps for an Office-to-Office Connection After you configure the location table as shown in Table 15-5, enter the following command to save the configuration: Command> save all For more information about configuring location table settings, refer to Chapter 8, “Configuring Dial-Out Connections.” Configuring the PortMaster in Paris In the example, the remote machine is a PortMaster 2 Communications Server in the Paris office.
Configuration Steps for an Office-to-Office Connection Configuring Dial-Out Port Settings For all ports on the PortMaster in Paris that you want enabled for dial-in and dial-out (two-way service) to the Office Router in the London office, enter the values shown in Table 15-7.
Configuration Steps for an Office-to-Office Connection Configuring a Dial-In User A user account must be set up on the PortMaster in Paris so the Office Router in the London can dial in when traffic is queued. The new user london should be configured with the values shown in Table 15-8. Table 15-8 User Table Values Setting Command Username add netuser london Password set user london password anypasswd Protocol set user london protocol ppp User IP address set user london destination 192.168.200.
Configuration Steps for an Office-to-Office Connection Configuring Dial-Out Location Settings You must create a location entry on the PortMaster in Paris for the London office. This entry allows the PortMaster in Paris to call the PortMaster in the London office when network traffic is queued. Configure a new location london with the values shown in Table 15-9.
Configuration Steps for an Office-to-Office Connection ✍ Note – Configuring the maximum ports setting to a value higher than 0 causes the PortMaster to dial out to a continuous location, or become available for dial-out to an on-demand location. By configuring the maximum ports setting last, you ensure that the PortMaster will not attempt to make a connection with a location until you have configured all the settings for that location.
Setting the Console Port for Multiline Load Balancing 4. If you notice a problem, do the following: a. Reset the port on the Office Router in the Paris office. b. Change the settings you think are causing the problem. c. Dial the London office again. d. Repeat this procedure until the connection is made correctly. 5. Repeat Steps 1 through 4, dialing from the London office to the Paris office.
Setting the Console Port for Multiline Load Balancing Figure 15-2 Multiline Load Balancing London workstation 2 2 workstation 1 System Link Network PortMaster Office Router PortMaster Office Router PCMCIA modem modem PortMaster Paris workstation 1 workstation 2 workstation 3 11820009 To enable multiline load balancing, you must configure the S0 port using the same settings shown for the PCMCIA port in Table 15-3.
Using ISDN for On-Demand Connections The value of the high-water mark depends on the type of traffic and how many bytes of traffic you want queued before the second line is used. Using ISDN for On-Demand Connections Using the ISDN BRI port on the PortMaster ISDN Office Router (OR-U) is very similar to using the PCMCIA port on the OR-M, except that you must do the following: • Configure the ISDN switch type as a global setting. • Set the SPID on the port.
Using ISDN for On-Demand Connections 15-16 PortMaster Configuration Guide
Using Internet Connections 16 This chapter uses an example to demonstrate how to configure the PortMaster to establish a continuous connection to an Internet service provider (ISP), shown in Figure 18-1. This connection creates a gateway from your office to the Internet using a dial-out connection through one of the serial ports on your PortMaster. Internet connections can also be set for on-demand operation.
Figure 16-1 Continuous Internet Connection System Link Network PortMaster Office Router PortMaster office Internet Internet service provider 16-2 11820010 11820010 PortMaster Configuration Guide
Overview of Continuous Internet Connections Overview of Continuous Internet Connections You can configure two types of continuous connections: • Dial-up A continuous dial-up connection starts as soon as the PortMaster boots and is redialed whenever the telephone connection is dropped. If you use a continuous dial-out link from the S1 serial port, one location table entry is needed for the ISP.
Configuration Steps for an Internet Connection c. Serial port settings (page 16-5 or page 16-6). d. Dial-out location (page 16-7). 2. Test the configuration (page 16-8 or page 16-9). 3. Set network filtering (page 16-10). Alternatively, you can configure a PortMaster with an ISDN port for an Internet connection. See “Using ISDN for Internet Connections” on page 16-11. Configuring Global Settings Configure the global settings to the values shown in Table 16-1.
Configuration Steps for an Internet Connection Table 16-2 Ethernet Port Parameter Values Setting Command IP address set ether0 address 192.168.200.1 Netmask set ether0 netmask 255.255.255.0 Broadcast address set ether0 broadcast high After configuring the Ethernet interface, enter the following commands to reset it and save the configuration: Command> reset ether0 Command> save all For more information on Ethernet interface parameters, refer to Chapter 4, “Configuring the Ethernet Interface.
Configuration Steps for an Internet Connection Leave all other settings at their default values. After configuring the serial port, enter the following commands to reset the port and save the configuration: Command> reset s1 Command> save all For more information about asynchronous ports and configuring modems, refer to Chapter 5, “Configuring an Asynchronous Port.
Configuration Steps for an Internet Connection For more information about asynchronous ports, refer to Chapter 5, “Configuring an Asynchronous Port.” Configuring a Dial-Out Location If you are using a continuous dial-out link, a location entry on the PortMaster must be created for the location identified as isp1. This entry allows the PortMaster to establish a connection with the ISP as soon as it is booted.
Configuration Steps for an Internet Connection Table 16-5 Location Table Values (Continued) Setting Command Password set location isp1 password passwd (This value is provided by your ISP.) Maximum ports ✍ set location isp1 maxports 1 Note – Configuring the maximum ports setting to a value higher than 0 causes the PortMaster to dial out to a continuous location, or become available for dial-out to an on-demand location.
Configuration Steps for an Internet Connection 4. If you notice a problem, do the following: a. Reset the port. b. Check your configuration. c. Dial the ISP again. d. Repeat this procedure until the connection is made correctly. Contact your ISP if you are unable to connect as expected. The ISP might be able to provide additional information. 5.
Providing Network Filtering Providing Network Filtering Your connection to the Internet can be vulnerable to attack from other Internet users. Therefore, Lucent recommends that you add an input filter to the location isp1 for the continuous dial-out connection. For a hardwired connection, you should attach an input filter to the hardwired port. ✍ Note – This section describes an example filter that might not protect your network from all forms of attack.
Using ISDN for Internet Connections Table 16-6 Description of Internet Filter (Continued) Rule Description 6. Permits an FTP data channel back to outgoing FTP requests. 7. Permits the Domain Name Service (DNS). 8. Permits DNS zone transfers. (You might want to restrict this rule to allow only connections to your name servers.) 9. Permits ICMP packets. If your domain name server is outside your local network, refer to “Input and Output Filters for FTP Packets” on page 9-11.
Using ISDN for Internet Connections 16-12 PortMaster Configuration Guide
Providing User Dial-In Access 17 This chapter uses an example to demonstrate how to configure a PortMaster for remote dial-in access to local hosts and networks. Although the example shows how Internet service providers (ISPs) can provide dial-in access to their users, this application can be used by academic environments, corporate telecommuters, or anyone else needing remote access to a host or network.
Overview of Dial-In Configuration The same application can be used by companies to allow remote users to access their own accounts on the corporate network. Once the PortMaster authenticates users, they can access network resources as if they were connected to the corporate network directly. Although this example uses seven PortMaster 2E Communications Servers, many more can be used.
Overview of Dial-In Configuration Example Configuration The example described in this chapter uses the values shown in Table 17-1. Change variable values to values that reflect your network. Table 17-1 Example Configuration Variables Variable Description Value Address type Class C assigned by your provider Network IP address 192.168.1.0 IP address and name of router connecting to the Internet 192.168.1.1 (gw.edu.com) IP address and name of host running RADIUS 192.168.1.2 (rk2.edu.
Configuration Steps for Dial-In Access Table 17-1 Example Configuration Variables (Continued) Variable Description Value Reserved pool of assigned addresses for PortMaster 7 192.168.1.225 through 254 You can set the assigned pool numbers a little closer together as long as they do not overlap; however, having the pools fall within bit boundaries makes packet filters easier to write. ✍ Note – This example uses a PortMaster 2E Communications Server.
Configuration Steps for Dial-In Access ✍ Note – This example describes how to configure the first PortMaster, pm1.edu.com. Use a similar configuration for the remaining PortMaster devices. Connecting Modems Use the following steps to connect modems to the first PortMaster: 1. Connect your modems to the serial ports using straight-through modem cables. Modems slower than 14.4Kbps are not recommended for network users. 2.
Configuration Steps for Dial-In Access For more information about global settings, refer to Chapter 3, “Configuring Global Settings.” After you configure the global settings as shown in Table 17-2, enter the following command to save the configuration: Command> save all Configuring Ports You must configure each port you are using for dial-in on the first PortMaster, plus its attached modem. Configuring Ethernet Port Settings Set the Ethernet port on the first PortMaster to the values shown in Table 17-3.
Configuration Steps for Dial-In Access table described in Chapter 10, “Using Modems,” to configure the attached modems, or set each port as a host device as described in Chapter 18, “Accessing Shared Devices,” and configure each modem individually. ✍ Note – V.34 modems should lock the DTE rate at 115200bps unless your modem manual instructs otherwise. V.32bis modems should lock the DTE rate at 57600bps. Use the fastest DTE interface speed supported by your modem.
Configuration Steps for Dial-In Access After you configure the ports as shown in Table 17-4, enter the following commands to reset the ports and save the configuration: Command> reset all Command> save all Configuring Users Because no more than approximately one hundred users can be configured in the user table and stored in nonvolatile memory on the PortMaster, you should use RADIUS for user authentication when configuring multiple PortMaster Communication Servers to handle more than a few dozen users ea
Configuration Steps for Dial-In Access After configuring RADIUS settings as shown in Table 17-5, use the following command to save the configuration: Command> save all Dial-In Login Users ✍ Note – Use the instructions in this section only if you are not using RADIUS and you are not using pass-through logins. A user account must be set up on the PortMaster for each authorized user. You should configure each new user user1, user2, and so on, with the values shown in Table 17-6.
Configuration Steps for Dial-In Access A user account must be set up on the PortMaster for each authorized network user. Each new user usera, userb, and so on should be configured with the values shown in Table 17-7.
Configuration Steps for Dial-In Access 3. If everything connects as expected, turn off debugging and save the configuration. Command> set debug off Command> save all 4. If you notice a problem, do the following: a. Reset the port. b. Check your configuration. c. Dial the PortMaster again. d. Repeat this procedure until the connection is made correctly. 5. When you have configured the PortMaster correctly, reset the ports and save the configuration.
Configuration Steps for Dial-In Access 17-12 PortMaster Configuration Guide
Accessing Shared Devices 18 This chapter uses an example to demonstrate how to configure the PortMaster to connect from networked hosts to shared devices attached to the PortMaster. This type of connection provides user access to modems, printers, and other RS-232 devices.
Overview of Shared Device Access Methods Once a port is defined as a host device, you configure it with the PortMaster device service, and select a pseudo-tty terminal. The host device port can now be accessed if you establish a pseudo-tty connection to the port from a UNIX host with the PortMaster daemon software installed. In this case, the port operates as a host-controlled device.
Overview of Shared Device Access Methods PortMaster port for configuration purposes. In this application, each port is identified by a unique port number assigned during the configuration process. You can also configure a pool of ports at a single TCP port number. The netdata (TCP clear channel) device service is most often used when you want to have a custom application open a TCP connection to an RS-232 device, or to connect two serial devices across a network.
Configuration Steps for Shared Device Access Configuration Steps for Shared Device Access To install your PortMaster, follow the instructions in your hardware installation guide. If you need additional help, refer to the troubleshooting chapter of the installation guide. The example in this chapter shows variables in italics. Change these values to reflect your network. Once you have assigned an IP address to the PortMaster, continue with the following steps: 1.
Configuration Steps for Shared Device Access After you configure global settings as shown in Table 18-1, enter the following command to save the configuration: Command> save all Configuring Port Settings You must configure settings for your Ethernet interface, dial-in-and-out (two-way) port, and printer port. You can connect the printer to either a serial port or a parallel port. Ethernet Interface Settings Configure the Ethernet interface to the values shown in Table 18-2.
Configuration Steps for Shared Device Access Table 18-3 Serial Port Values (S2) (Continued) Setting Command Speed 1 set s2 speed 1 115200 Speed 2 set s2 speed 2 115200 Speed 3 set s2 speed 3 115200 Modem control set s2 cd on Hardware flow control set s2 rts/cts on Software flow control set s2 xon/xoff off Host set s2 host default Security set s2 security on (If you turn security on, you must also configure the user table or RADIUS.
Configuration Steps for Shared Device Access Serial Printer Port (S9) Settings In the example, a serial printer is connected to port S9. Configure the S9 port with the values shown in Table 18-4. If the printer is a DTE, use a null modem cable to connect to the port.
Configuration Steps for Shared Device Access Parallel Port (P0) Settings You can also configure the parallel port P0 to access a printer. To configure the P0 port for a printer, use the values shown in Table 18-5. Table 18-5 Parallel Port (P0) Values Setting Command Port type set P0 device /dev/ttyre Host set P0 host default Device service set P0 service_device portmaster Leave all other settings at their default values.
Configuration Steps for Shared Device Access The value pm1 is the hostname of the PortMaster you are accessing, and 6001 is the TCP port set for the port you are accessing. You can also set several ports to the same TCP port to create a pool of ports available for Telnet access. ✍ Note – If you are using this configuration to configure your modems, refer first to Chapter 10, “Using Modems.
Configuration Steps for Shared Device Access 18-10 PortMaster Configuration Guide
Using Synchronous Leased Lines 19 This chapter uses an example to demonstrate how to configure the PortMaster to connect to a synchronous leased line at speeds up to T1 (1.544Mbps) or E1 (2.048Mbps). This chapter also describes how to configure a dial backup connection for your synchronous line. The example described in this chapter connects a PortMaster router located in one office with a PortMaster router located in another office using a dedicated leased line.
Overview of Leased Line Connections Figure 19-1 Leased Line Configuration workstation 1 workstation 3 IRX Router IRX Router CSU/DSU workstation 2 Rome Florence CSU/DSU workstation 1 IRX Router IRX Router workstation 2 workstation 3 11820012 11820012 If you are connecting two networks together for the first time, you should make sure first that the two networks are not overlapping subnets. For more information on network numbers and subnetting, see Appendix A, “Networking Concepts.
Configuration Steps for Leased Line Connections signal, you do not need to set the speed on the synchronous port. The port speed is whatever the carrier sends. If you choose to set a speed, it is used for administrative notationonly and does not affect the operation of the port. PortMaster synchronous ports support leased line connections from 9600bps to T1 (1.544Mbps) or E1 (2.048Mbps) speeds.
Configuration Steps for Leased Line Connections Configuring the PortMaster Office Router in Rome Configure the settings for the PortMaster Office Router in Rome with the values in the following sections. Configuring Global Settings Configure the global settings to the values shown in Table 19-1. Table 19-1 Global Values Setting Command IP gateway set gateway 192.168.1.
Configuration Steps for Leased Line Connections After you configure the Ethernet interface as shown in Table 19-2, enter the following command to save the configuration: Command> save all For more information on Ethernet settings, refer to Chapter 4, “Configuring the Ethernet Interface.” Configuring Synchronous WAN Port Settings Configure the synchronous WAN port on the PortMaster Office Router in Rome with the values shown in Table 19-3. Port S1 is used in this example.
Configuration Steps for Leased Line Connections Configuring the PortMaster Office Router in Florence Configure the settings for the PortMaster Office Router in Florence with the values in the following sections. Configuring Global Settings Configure the global settings to the values shown in Table 19-4. Table 19-4 Global Values Setting Command IP gateway set gateway 192.168.200.
Configuration Steps for Leased Line Connections After you configure the Ethernet interface as shown in Table 19-5, enter the following command to save the configuration: Command> save all For more information on Ethernet settings, refer to Chapter 4, “Configuring the Ethernet Interface.” Configuring Synchronous WAN Port Parameters Configure the synchronous WAN port with the values shown in Table 19-6. The IP address for the port is left unconfigured, accepting the default IP address value of 0.0.0.0.
Troubleshooting a Leased Line Connection Troubleshooting a Leased Line Connection Use the information in this section to debug your configuration.
Troubleshooting a Leased Line Connection • If you still have problems, enter the following commands: Command> set debug 0x51 Command> set console s1 Then set the CSU/DSU for local loopback. You should see the following message: LCP_APPARENT_LOOP For more information about the interpreting the results of the debug command, refer to the PortMaster Troubleshooting Guide.
Troubleshooting a Leased Line Connection 19-10 PortMaster Configuration Guide
Networking Concepts A This chapter describes general network concepts that you must understand before you configure your PortMaster. This chapter discusses the following topics: • “Network Addressing” on page A-1 • “Using Naming Services and the Host Table” on page A-8 • “Managing Network Security” on page A-9 See the PortMaster Routing Guide for information on routing and how Lucent’s ComOS implements routing protocols. See the glossary for unfamiliar terms.
Network Addressing IP Address Notation IP addresses are written in dotted decimal notation consisting of four numbers separated by dots (periods). Each number, written in decimal, represents an 8-bit octet (sometimes informally referred to as a byte) giving each number a range of 0 through 255, inclusive. When strung together, the four octets form the 32-bit IP address. Table A-1 shows 32-bit values expressed as IP addresses. Table A-1 IP Address Notation 32-Bit Value Dotted Decimal Notation 01100100.
Network Addressing Class A Addresses The class A IP address format allocates the highest 8 bits to the network field and sets the highest-priority bit to 0 (zero). The remaining 24 bits form the host field. Only 126 class A networks can exist (0 is reserved, and 127 is used for loopback networks), but each class A network can have almost 17 million hosts. No new class A networks can be assigned at this time. For example: 10.100.232.
Network Addressing Class C Addresses The class C IP address format allocates the highest 24 bits to the network field and sets the three highest-order bits to 1, 1, and 0, providing a range from 192 through 223, inclusive. The remaining 8 bits form the host field. More than two million class C networks can exist, and each class C network can have up to 254 hosts. For example: 192.168.20.
Network Addressing Reserved IP Addresses Some IP addresses are reserved for special uses and cannot be used for host addresses. Table A-2 lists ranges of IP addresses and shows which addresses are reserved, which are available to be assigned, and which are for broadcast. Table A-2 Reserved and Available IP Addresses Class IP Address Status A 0.0.0.0 Reserved 1.0.0.0 through 126.0.0.0 Available 127.0.0.0 Loopback networks on the local host 128.0.0.0 Reserved 128.1.0.0 through 191.254.255.
Network Addressing IP Address Conventions If the bits in the host portion of an address are all 0, that address refers to the network specified in the network portion of the address. For example, the class C address 192.31.7.0 refers to a particular network. Historically, this address was used as a broadcast. The standard for broadcast is high, which uses all 1s in the host portion (for example, 192.168.1.255); however, many networks still use all 0s.
Network Addressing Netmasks A netmask is a four-octet number that identifies either a supernetwork (supernet) or a subnetwork (subnet). A netmask that designates a subnet is called a subnet mask. Using Subnet Masks to Create IP Subnets Subnet masks are used to divide networks into smaller, more manageable groups of hosts known as subnets. Subnetting is a scheme for imposing a hierarchy on hosts on a single physical network.
Using Naming Services and the Host Table Subnetting, Routing, and VLSMs Routers and hosts can use the subnet field for routing. The rules for routing on subnets are identical to the rules for routing on networks. Releases before ComOS 3.5. Before ComOS 3.5, correct routing required all subnets of a network to be physically contiguous. The network must be set up so that it does not require traffic between any two subnets to cross another network.
Managing Network Security The PortMaster enables you to specify an internal host table, which can be used in addition to DNS and NIS. The host table allows each unique IP address to be aliased to a unique name. The host table is consulted when a port set for host access prompts for the name of the host. The table is used to identify the IP address of the requested host. If the user-specified hostname is not found in the host table, then NIS or DNS is consulted.
Managing Network Security Each of these security methods is described in more detail in this guide. All or some of these security methods can be configured as you configure the system-wide parameters and each interface. RADIUS and ChoiceNet are described briefly in the next sections; however, for configuration information, refer to the RADIUS Administrator’s Guide and the ChoiceNet Administrator’s Guide. RADIUS RADIUS is a nonproprietary protocol invented by Lucent and described in RFC 2138 and RFC 2139.
TCP and UDP Ports and Services B Table B-1 lists common port numbers—well-known ports—assigned to TCP and UDP services—well-known services—by the Internet Assigned Network Numbers Authority (IANA). A more complete list is available in RFC 1700, “Assigned Numbers.” ✍ Note – If you are configuring a filter on a PortMaster from the command line interface, you must use the port number. The PortMaster does not have the /etc/services file and cannot use NIS to get the equivalent information.
Table B-1 B-2 TCP and UDP Port Services (Continued) Service Port Protocol Description kerberos 88 TCP Kerberos authentication kerberos 88 UDP Kerberos authentication pop3 110 TCP Post Office Protocol (POP) version 3 sunrpc 111 TCP SUN Remote Procedure Call (RPC) sunrpc 111 UDP SUN RPC auth 113 TCP Authentication service auth 113 UDP Authentication service nntp 119 TCP Network News Transfer Protocol (NNTP) ntp 123 TCP Network Time Protocol (NTP) ntp 123 UDP NTP
Table B-1 TCP and UDP Port Services (Continued) Service Port Protocol Description ntalk 518 TCP Newer version of Terminal-to-terminal chat router 520 UDP Routing Information Protocol (RIP) uucp 540 TCP UNIX-to-UNIX Copy Protocol (UUCP) uucp 540 UDP UUCP uucp-rlogin 541 TCP Variant of UUCP/TCP uucp-rlogin 541 UDP Variant of UUCP/IP klogin 543 TCP Kerberized login klogin 543 UDP Kerberized login pmd 1642 TCP PortMaster daemon in.
B-4 PortMaster Configuration Guide
Glossary A abort error An error indicating an attempted and failed connection. acceptance policy A set of rules that determine the path and route information the PortMaster accepts from a BGP peer for further processing. See also policy. address A number used to identify a computer or other device on a network or internetwork. See also IP address; MAC address. address resolution A method for translating one type of address into another—for example, an IP address into a media access control (MAC) address.
Glossary aggregation The process of combining multiple prefixes from one or several routes so that a single prefix and route can be advertised. Route aggregation reduces the amount of information that a device running BGP must store and exchange with its BGP peers. See also summarization. Annex-D The ANSI T1.617 Frame Relay Annex-D version of the Local Management Interface (LMI) protocol. The Annex-D protocol has a more robust feature set than the proprietary Cisco/Stratacom LMI, but was developed later.
Glossary autonomous system border router In OSPF, a router that exchanges information with routers from other autonomous systems. Autonomous system border routers are also used to import routing information about RIP, direct, or static routes from non-OSPF attached interfaces. autonomous system path list In BGP, the list of autonomous systems that a packet must traverse to reach a given set of IP address destinations located within a single autonomous system destination.
Glossary baud The number of discrete signal events per second occurring on a communications channel. Although not technically accurate, baud is commonly used to mean bit rate. B channel Bearer channel. A 64Kbps synchronous channel that is part of an ISDN Basic Rate Interface (BRI). BGP Border Gateway Protocol. A routing protocol for exchanging network reachability information among autonomous systems. A routing device can use this information to construct a “map” of autonomous system connectivity.
Glossary bps Bits per second. A unit for measuring the data rate. BRI Basic Rate Interface. An ISDN interface that consists of two 64Kbps B channels for voice or data and one 16Kbps D channel for signaling. Compare PRI. broadcast address A special address reserved for sending a message to all stations. Generally, a broadcast address is a media access control (MAC) destination address of all 1s (ones). broadcast packets Packets that are sent to all network nodes.
Glossary CHAP Challenge Handshake Authentication Protocol. A Point-to-Point Protocol (PPP) authentication method for identifying a dial-in user. CHAP does not itself prevent unauthorized access, it merely identifies the remote end. See also PAP. CIDR Classless interdomain routing. A technique supported by BGP-4 that eliminates the necessity for network address classes by explicitly advertising the length (netmask) associated with each prefix. CIR Committed information rate.
Glossary committed information rate See CIR. community A label that identifies a group of BGP destinations for the purpose of policy enforcement. Assembling destinations into identifiable “communities” lets BGP peers base policy decisions on the identity of the group rather than on individual destinations. The community identifier, which consists either of one 32-bit value or two 16-bit values, is advertised in update messages between BGP peers.
Glossary confederation member autonomous system See CMAS. console port A serial port on a PortMaster attached to a terminal or PC through which you enter commands to communicate with ComOS. CRC error Cyclic redundancy check error. These errors can indicate problems with source station hardware, receivers, retiming modules and/or repeaters, bridges, cabling, or transceivers. CSU Channel service unit. An ancillary device needed to adapt the V.35 or X.21 interface to a port on a telephone carrier switch.
Glossary DCE Data communications equipment. Devices and connections of a communications network that make up the network end of the interface between the network and the user. The DCE provides a physical connection to the network, forwards traffic, and provides a clocking signal to synchronize data transmission between DCE and DTE devices. Modems and interface cards are DCEs. DDE Dynamic data exchange. A form of interprocess communication that uses shared memory to exchange data between applications.
Glossary digital service unit See DSU. direct memory access See DMA. DLCI Data link connection identifier. A unique number that represents a particular permanent virtual circuit (PVC) on a particular physical segment of the Frame Relay network. As the frame is passed through each switch, the DLCI is remapped automatically by the switch as necessary. DMA Direct memory access. Transfer of data from a peripheral device, such as a hard disk drive, into a computer memory without mediation by a microprocessor.
Glossary DTE Data terminal equipment. A device at the user end of the interface between the network and the user. The DTE connects to a data network through a data communications equipment (DCE)—such as a modem or an interface card. DTEs convert user information into data signals for transmission, and reconvert received data signals into user information. Compare DCE. DTR Data Terminal Ready.
Glossary EBGP Exterior BGP. The BGP used between peers in different autonomous systems, or, when confederations are in use, between peers in different confederation member autonomous systems (CMASs). Unlike internal BGP peers, EBGP peers need not have full connectivity with one another. endpoint discriminator A 12-digit identifier used to associate multiple chassis in a Multichassis PPP domain.
Glossary filter Generally, a process or device that screens network traffic for certain characteristics, such as source address, destination address, or protocol, and determines whether to forward or discard that traffic based on the established criteria. filter table A database used to store filters. Flash RAM See nonvolatile RAM. flow control A technique for ensuring that a transmitting entity, such as a modem, does not overwhelm a receiving entity with data.
Glossary G gateway A device that connects two or more networks that use different protocols. Gateways provide address translation services, but do not translate data. Gateways must be used in conjunction with special software packages that allow computers to use networking protocols not originally designed for them. graphical user interface See GUI. GUI Graphical user interface. A software interface based on pictorial representations and menus of operations and files.
Glossary host A single, addressable device on a network. Computers, networked printers, and routers are hosts. hunt group A group of multiple telephone circuits that allows telephone calls to find an idle circuit to establish a link. I IBGP Interior BGP. The BGP used between peers in the same autonomous system, or, when confederations are in use, between peers in the same confederation member autonomous system (CMAS).
Glossary Integrated Services Digital Network See ISDN. Interior BGP See IBGP. internal peer A peer that resides in the same autonomous system—or, when confederations are in use, in the same confederation member autonomous system (CMAS)—as the current PortMaster. internal router In OSPF, a router with all of its directly connected interfaces or physical networks belonging to the same area and containing no virtual connections to the backbone area. International Organization for Standards See ISO.
Glossary IP Internet Protocol. The protocol defined in RFC 791. IP address A 32-bit number assigned by the system administrator, usually written in the form of four decimal fields separated by periods—for example, 192.9.200.1. Any computing device that uses IP must be assigned an Internet or IP address. Part of the Internet address is the IP network number (IP network address), and part is the host address (IP host address).
Glossary ISO International Organization for Standards. The international organization that sets standards for network communication protocols. ITU-T International Telecommunication Union Telecommunication Standardization Sector. International organization that develops worldwide standards for telecommunications technologies. The ITU-T carries out the functions of the former CCITT. See also CCITT. K KB Kilobyte(s). 1024 bytes. Kb Kilobit(s). 1024 bits. Kbps Kilobits per second.
Glossary LCP Link Control Protocol. The protocol used by the Point-to-Point Protocol (PPP) for establishing, configuring, and testing the data link connection. LED Light-emitting diode. line speed The speed of the physical wire attached to the interface or interface hardware. The line speed is 10Mbps for Ethernet and 1.544Mbps for T1. Fractional T1 is often implemented with a wire speed of T1 (1.544Mbps) and a lower port speed. Upgrading line speed is generally a hardware change. See also port speed.
Glossary location A dial-out destination. location table A database on the PortMaster where location settings are stored. See location. lockstep A feature of BGP on the PortMaster that ensures consistency of routing information between the BGP and non-BGP routers within its autonomous system. Lockstep forces the PortMaster to advertise a route learned from an internal BGP peer only when it has learned the same route via an Interior Gateway Protocol (IGP)—OSPF or RIP—or a static route.
Glossary maximum transmission unit See MTU. MB Megabyte(s). 1,048,576 bytes. Mbps Megabits per second. A unit for measuring data rates. MD5 Message digest algorithm 5. The algorithm used for message authentication in Simple Network Management Protocol (SNMP) v.2. MD5 verifies the integrity of the communication, authenticates the origin, and checks for timeliness. ComOS uses the RSA Data Security, Inc. MD5 Message-Digest Algorithm. media access control address See MAC address.
Glossary Multichassis PPP Multilink PPP over two or more chassis. Multilink PPP A protocol defined in RFC 1990 that allows a PortMaster to automatically bring up additional ISDN B channels as bandwidth needs increase. See also Multichassis PPP. multiexit discriminator In BGP, an arbitrary rating number that the PortMaster can use to enforce the use of preferred exit and entry points when multiple connections exist between its autonomous system and another.
Glossary neighbor (1) In OSPF, two routers that have interfaces to a common network are neighbors. On multiaccess networks, neighbors are dynamically discovered by the OSPF Hello protocol. (2) In Multichassis PPP, PortMasters in the same Multichassis PPP domain. netmask A 32-bit number that distinguishes the portion of an IP address referring to the network or subnet from the portion referring to the host. Compare subnet mask.
Glossary NIC Network interface card. A card that provides network communication capabilities to and from a computer system. A NIC is also known as an adapter. NIS Network Information Service. A protocol developed by Sun Microsystems for the administration of network-wide databases. NLRI Network layer reachability information. The part of a BGP route containing the IP address prefixes and associated netmask lengths that are reachable via the path described in the route.
Glossary NT1 Network termination 1 device. The device that provides an interface between the ISDN Basic Rate Interface (BRI) line used by the telephone company and a customer’s terminal equipment. The NT1 also provides power for the terminal equipment, if necessary. In North America, where ISDN BRI is a U loop, the customer must supply the NT1 device; in Japan and the European countries where BRI is an S/T bus, the telephone company supplies the NT1.
Glossary out-of-band connection A remote connection, or a connection outside connected networks, established over a modem. This type of connection is useful when network communications are not available. P packet A unit of data sent across a network. PAP Password Authentication Protocol. An authentication protocol that allows PPP peers to authenticate one another. The remote router attempting to connect to the local router is required to send an authentication request.
Glossary (2) In Multichassis PPP, the relationship between a master and slave. A peer is distinct from a neighbor. permanent virtual circuit See PVC. physical circuit A physical connection between two devices. ping Packet Internet Groper. A program that is useful for testing and debugging networks. Ping sends an ICMP echo packet to the specified host and waits for a reply. Ping reports success or failure and sometimes statistics about its operation. Point-to-Point Protocol See PPP.
Glossary PRI Primary Rate Interface. The ISDN interface to primary rate access. Primary rate access consists of a single 64Kbps D channel plus 23 (T1) or 30 (E1) 64Kbps B channels for voice or data. Compare BRI. Primary Rate Interface See PRI. propagation The process of translating and forwarding routes from one routing protocol into another. Route propagation is also known as route redistribution.
Glossary RARP Reverse Address Resolution Protocol. A protocol used in network routers that provides a method for finding IP addresses based on media access control (MAC) addresses. Compare ARP. Remote Authentication Dial-In User Service See RADIUS. Request for Comments See RFC. Reverse Address Resolution Protocol See RARP. RFC Request for Comments. One of a series of documents that communicate information about the Internet. Most RFCs document protocol specifications, such as those for IP and BGP.
Glossary route reflection In BGP, a method for maintaining path and attribute information across an autonomous system, while avoiding the overhead of having all peers within an autonomous system fully communicate to—be fully meshed with—each other. To reduce the number of links, all internal peers are divided into clusters, each of which has one or more route reflectors.
Glossary S SAP Service Advertisement Protocol. An IPX protocol that provides a means of informing network clients, via routers and servers, of available network resources and services. See also IPX. Serial Line Internet Protocol See SLIP. serial port A bidirectional channel through which data flows one bit as a time. Asynchronous serial ports most often use 10 bits for a character of data including 1 start bit, 8 data bits, and 1 stop bit.
Glossary SNMP Simple Network Management Protocol. A protocol defined in RFC 1157, used for communication between management consoles and network devices. speaker A single BGP router that is able to communicate with other routers that run BGP. When two BGP speakers communicate with each other, they are called BGP peers. SPID Service profile identifier. A number used by some service providers to define the services to which an ISDN device subscribes.
Glossary switched virtual circuit See SVC. T T1 Digital WAN carrier facility used to transmit data formatted for digital signal level 1 (DS-1) at 1.544Mbps through the telephone-switching network, using alternate mask inversion (AMI) or binary 8-zero substitution (B8ZS) coding. Compare E1. TCP/IP An open network standard that defines how devices from different manufacturers communicate with each other over interconnected networks. TCP/IP protocols are the foundation of the Internet.
Glossary transit service In BGP, the function provided by an autonomous system that is in the path of a route but not the origination or destination. To provide reliable transit service, an autonomous system must ensure that its BGP and non-BGP routers agree on the interior routes and exit and entry points for each transit route through the autonomous system. The PortMaster synchronizes routing information between the BGP and non-BGP routers within its autonomous system by means of the lockstep feature.
Glossary User Datagram Protocol See UDP. UUCP UNIX-to-UNIX Copy Program. Interactive communication system for connecting two UNIX computers to send and receive data. V V.120 An ITU-T standard for performing asynchronous rate adaptation into ISDN. V.25bis An ITU-T standard defining how to dial on synchronous devices such as ISDN or switched 56Kbps. V.32bis An ITU-T standard that extends the V.32 connection range from 4800bps to 14.4Kbps. V.
Glossary virtual connection In Multichassis PPP, a connection made when a slave forwards all the packets it receives for a particular connection to its corresponding master for processing. virtual port In Multichassis PPP, a port corresponding to the physical port of the slave. virtual private network See VPN. VLSM Variable-length subnet mask. A means of specifying a different subnet mask for the same network number on different subnets. VLSM often allows addresses to be assigned more efficiently.
Command Index A add dlci 13-15 add filter 9-5 add location 8-3, 12-14, 12-19, 13-15, 14-6, 14-11, 15-7, 15-11, 16-7 add location sub1 13-13 add modem 10-3 add netmask 3-28 add netuser 7-2, 12-13, 12-18, 14-5, 14-10, 15-6, 15-10, 17-10 add route Ipaddress 3-25 add route Ipxnetwork 3-26 add subinterface 4-7 add user 7-2, 17-9 D delete filter 9-8 delete route Ipaddress 3-25 delete route Ipxnetwork 3-26 delete user 7-3 dial 8-14, 12-20, 14-12, 14-13, 15-12, 16-8 R reboot 11-11 reset 6-7 reset all 10-6 reset
Command Index set debug 12-20, 12-22, 13-12, 13-14, 14-12, 14-13, 15-12, 16-8, 17-10, 19-8 set debug isdn 12-5, 12-20, 12-21, 14-12 set debug mcppp 11-16 set debug mcppp-event 11-16 set debug mdp-events 11-16 set debug mdp-status 11-16 set debug off 11-16 set default 3-6, 12-16, 14-8, 17-5 set domain 3-8, 17-5 set endpoint 11-15 set Ether0 address 3-28, 4-3, 12-12, 12-16, 13-8, 13-10, 14-4, 14-8, 15-4, 15-8, 16-5, 17-6, 18-5, 19-4, 19-6 set Ether0 broadcast 4-4, 12-12, 12-16, 13-10, 14-4, 14-8, 15-5, 15-8,
Command Index set location manual 8-5, 12-14, 12-19, 14-6, 14-11, 15-7, 16-7 set location map 8-11 set location maxports 8-12, 12-15, 12-19, 14-7, 15-7, 15-11, 15-14, 16-8 set location mtu 8-8, 12-15, 12-19, 14-6, 14-11, 15-7, 15-11, 16-7 set location multilink 12-7 set location netmask 8-6, 12-14, 12-19, 13-15, 14-6, 14-11, 15-7, 15-11, 16-7 set location ofilter 8-13, 16-7 set location on_demand 8-4, 12-20, 14-12, 15-12 set location password 8-5, 12-9, 12-15, 12-19, 14-7, 14-11, 15-7, 15-11, 15-15, 16-8,
Command Index set S0 override 5-3 set S0 parity 10-8 set S0 prompt 5-5 set S0 protocol 5-21, 16-5, 16-6, 19-5, 19-7 set S0 rip 5-21, 5-23, 16-6, 19-5, 19-7 set S0 rts/cts 5-4, 5-19, 10-9, 15-5, 15-9, 16-5, 16-6, 18-6 set S0 security 5-6, 18-6 set S0 service_device 5-13, 5-25, 18-6, 18-7, 18-8 set S0 service_login 5-9, 18-6 set S0 speed 5-4, 10-7, 15-5, 15-9, 16-5, 16-6, 18-6, 18-7 set S0 spid 12-5, 12-13, 12-17 set S0 termtype 5-9 set S0 twoway 5-25, 18-5 set S0 username 5-7 set S0 xon/xoff 5-4, 10-9, 16-5
Command Index show filter 9-8 show ipxroutes 3-24 show Line0 11-2, 11-11 show location 13-13 show M0 11-9 show mcppp 11-15 show modem 10-3 show modems 11-10 show P0 2-5 show routes 3-23 show S0 2-5, 12-9 show syslog 3-12 show table filter 9-8 show table location 8-2 show table modem 10-2 show table user 7-2 show user 7-2 show W1 2-5 Command Index-5
Command Index Command Index-6 PortMaster Configuration Guide
Subject Index A access filters creating 9-1 restricting user access to hosts 7-11 address pools creating 3-12 example 17-4 size 3-13 addresses.
Subject Index broadcast packets, type 20 3-29 broadcast, high and low 4-4 burst speed 13-2 C callback configuration tip 1-3 login users 7-13 manual dial-out 8-4 network users 7-10 call-check, setting 3-30 carrier detect. See DCD CHA authentication 3-29 Challenge Handshake Authentication Protocol.
Subject Index configuration tip 1-3 defining 12-13, 14-5, 14-10 ISDN connections 12-18 maximum ports 7-8 network users 17-10 dial-in-only access 5-16 dial-on-demand connections 8-4 dial-out configuration tip 1-3 connection types 8-3 dial-out ports configuration 16-5 configuration tip 1-3 multiline load balancing 8-12 dial-out-only access 5-17 dial-up connections, continuous 16-3 digital modems 11-9 directory number 11-8, 12-6 disconnecting a dial-in user 5-7, 6-7 DISCONNECTING port status 2-6 DLCI learning
Subject Index adding rules 9-5 asynchronous ports 5-25 attaching 9-4 authentication queries 9-13 ChoiceNet 1-2, A-10 creating 9-5 deleting 9-8 displaying 9-8 DNS outside local subnet 9-12 empty rule set 9-3 Ethernet interface 4-2, 9-2 examples 9-9 filter table 9-3 filtering options 9-2 for dial-out 8-13 FTP 9-11 hardwired port 9-10 ICMP packets 4-3 input 4-2, 6-11, 7-9, 8-13, 9-4, 16-10 Internet 9-10 IP 9-6 IPX rules 9-7 location filters 9-5 logging results 9-14 network access 9-13 output 4-3, 6-11, 7-10,
Subject Index default routing 3-6 gateway for IP 3-25 gateway for IPX 3-25 host table 3-7 IP address assignment 3-12 name service 3-7 password 3-2 route destinations for IP 3-24 route destinations for IPX 3-25 static routes 3-24 subnet mask table 3-26 system logging 3-9 system name 3-2 Telnet 3-9 ticks 3-26 H hanging up a line 6-7, 10-9 hardware flow control 5-4, 10-2, 10-8 hardwired connections 16-3 port configuration 16-6 tip for configuring 1-3 high-speed dedicated connections 6-1 high-water mark 8-11,
Subject Index default gateway, setting 3-6 displaying routing table entries 3-24 enabling traffic 4-5 encapsulation 4-6 frame type 4-6 network address 6-9 packets, filtering 9-4, 9-7 IPX addresses, conventions A-6 IPX network number 7-5, 7-6, 8-6 asynchronous ports 5-22 Ethernet interface 4-5 IPX route destinations 3-25 ISDN BRI ports 12-2 BRI, definition 12-1 data over voice 8-10, 12-8 dial-in users, defining 12-13, 12-18 directory number 11-8, 12-6 encoding method for PRI line 11-7 framing format for PRI
Subject Index locations defining 8-1, 12-14, 14-6, 15-7, 16-7 logging in to a remote host 5-2 loghost, setting 3-10 login host 5-11, 7-10 default 5-11 prompt 5-11 specifying 5-11 login message 5-6 login prompt 5-5 login service 5-10 netdata 5-10 PortMaster 5-10 rlogin 5-10 Telnet 5-10 using with in.
Subject Index N P name resolution 3-6 name service A-8 disabling 3-8 setting 3-7 negotiating IP addresses 5-22, 6-8 NetBIOS, setting 3-29 netdata device service 5-15 login service 5-10, 7-13 netmask table accessing 3-27 configuring 3-26 example of static netmask 3-27 IP address pools 3-27 netmasks 8-6, A-7 network device configuration 5-14, 18-2 network security description of A-9 RADIUS A-10 network users adding to user table 7-2 callback 7-10 description 7-3 protocol 7-5 NIS A-8 setting 3-8 using inste
Subject Index displaying line status 11-1 enabling analog modem service 11-10 enabling modems 11-9 enabling Multichassis PPP support 11-16 encoding method 11-7 framing format 11-6 inband signaling 11-3, 11-4 network loopback 11-8 pulse code modulation 11-8 switch type 11-6 ports dial groups 5-5, 6-7 for modem use 10-7 ISDN BRI 12-2 number used for dial-in access 17-1 port limits 12-8 printer port 18-7 security 5-6 speed 13-2 synchronizing speed 10-7 synchronous port speed 6-5 two-way access 18-5 well-known
Subject Index 2003 9-6 2139 A-10 988 A-4 RIP asynchronous ports 5-23 network users 7-6 on Ethernet 4-1 routing, setting 8-7 synchronous ports 6-9 rlogin login service 5-10, 7-12 route boundaries 3-28 routing asynchronous ports 5-23 configuring the Ethernet interface 4-1, 6-9, 7-6, 8-7 dial-out locations 8-7 Frame Relay 6-1 ISDN 6-2 leased lines 6-1 route destinations for IP 3-24 route destinations for IPX 3-25 setting the default 3-6 switched 56Kbps 6-2 routing table, displaying 3-23 RTS/CTS 10-2, 10-9 S
Subject Index BRI 12-4 PRI 11-6 switched 56Kbps connections 14-1 synchronous leased lines 19-1 synchronous ports connection type 6-4 description 6-1 destination IP address 6-8 DLCI list 13-6 extended information 6-4 filters 6-10 modem control 6-6 port type 6-4 speed 6-5 subnet mask 6-9 TCP header compression 6-11 transport protocol 6-8 See also WAN ports system logging disabling 3-10 messages 3-10 setting 3-9 system name, setting 3-2 T T1 channel groups 11-2 T1 expansion card 11-3 clocking 11-13 for fract
Subject Index packets, filtering 9-7 services and ports B-1 user login configuration 5-8 user table access filters 7-11 adding users 7-2 compression 7-8 displaying 7-2 IP address 7-5 IPX network number 7-6 login host 7-10 login service 7-12 maximum ports 7-8 MTU 7-7 packet filters 7-9 session limit 7-4 setting the protocol 7-5 TCP/IP header compression 7-8 user types 7-3 USERNAME port status 2-6 username, setting for dial-out 8-5 users defining dial-in network users 17-10 defining dial-in users 14-5, 14-10
