Editing Login Script - ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual

23.8 Editing Login Script

For some remote gateways, text login is required before PPP negotiation is started. The ZyWALL provides a
script facility for this purpose. The script has six programmable sets; each set is composed of an 'Expect'
string and a 'Send' string. After matching a message from the server to the 'Expect' field, the ZyWALL
returns the set's 'Send' string to the server.
For instance, a typical login sequence starts with the server printing a banner, a login prompt for you to enter
the user name and a password prompt to enter the password:
Welcome to Acme, Inc.
Login: myLogin
Password:
To handle the first prompt, you specify "ogin: " as the 'Expect' string and "myLogin" as the 'Send'
string in set 1. The reason for leaving out the leading "L" is to avoid having to know exactly whether it is
upper or lower case. Similarly, you specify "word: " as the 'Expect' string and your password as the
'Send' string for the second prompt in set 2.
You can use two variables, $USERNAME and $PASSWORD (all UPPER case), to represent the actual user
name and password in the script, so they will not show in the clear. They are replaced with the outgoing login
name and password in the remote node when the ZyWALL sees them in a 'Send' string. Please note that both
variables must been entered exactly as shown. No other characters may appear before or after, either, i.e.,
they must be used alone in response to login and password prompts.
Please note that the ordering of the sets is significant, i.e., starting from set 1, the ZyWALL will wait until the
'Expect' string is matched before it proceeds to set 2, and so on for the rest of the script. When both the
'Expect' and the 'Send' fields of the current set are empty, the ZyWALL will terminate the script processing
and start PPP negotiation. This implies two things: first, the sets must be contiguous; the sets after an empty
one are ignored. Second, the last set should match the final message sent by the server. For instance, if the
server prints:
login successful.
Starting PPP...
after you enter the password, then you should create a third set to match the final "PPP..." but without a
"Send" string. Otherwise, the ZyWALL will start PPP prematurely right after sending your password to the
server.
If there are errors in the script and it gets stuck at a set for longer than the "Dial Timeout" in menu 2 (default
60 seconds), the ZyWALL will timeout and drop the line. To debug a script, go to Menu 24.4 to initiate a
manual call and watch the trace display to see if the sequence of messages and prompts from the server
differs from what you expect.
WAN and Dial Backup Setup
ZyWALL 2 Series User's Guide
23-11