Page 1 E N T E R P R I S E N E T W O R K H U B S Y S T E M NETServer/8 NETServer/8 NETServer/16 NETServer/16 Version Command Reference...
Page 2 Copyright 1996 by U.S. Robotics Access Corp. 8100 North McCormick Blvd. Skokie, Illinois 60076 All Rights Reserved U.S. Robotics and the U.S. Robotics logo are registered trademarks of U.S. Robotics Access Corp., Total Control is a trademark of U.S. Robotics Access Corp. Any trademarks, tradenames, service marks or service names owned or registered by any other company and used in this manual are the property of their respective companies.
Page 3: Table Of Contents
Warranty and Service Chapter 1 Overview What’s New in 3.1? NETServer Overview Chapter 2 Basic Installation System Administrator Requirements Accessing the Command Line Getting Started Getting the LAN Port Up and Running Recommended Global Configuration Chapter 3 Configuration Overview How to Set Up Applications The Command Line Quick Command Overview Overview of Configurable Tables...
Page 4 Chapter 5 Dial-In User Setup NETServer Dial-In Setup (Overview) NETServer Dial-In (Detailed Setup) Configuring a Port Adding a Network User to the User Table IP Remote Access Case Study IPX Remote Access Case Study Chapter 6 Setup for NETServer Routing (Overview) An Introduction to NETServer Routing PAP and CHAP Authentication LAN-to-LAN Routing (Detailed Setup)
Page 5 Chapter 9 Administrative Tools Configuring the !root Account Manually Connecting to a Remote Site Troubleshooting Commands The SHOW commmand Chapter 10 Command Reference Global Configuration Hosts Table Configuration Location Table LAN Port (Net0) Configuration Netmasks Table Configuration Ports Table (S-port configuration) Routes Table Configuration SNMP Table User Table...
Page 6: Limited Warranty
Limited Warranty U.S. Robotics Access Corp. warrants to the original consumer or other end user purchaser that all U.S. Robotics Total Control products and parts are free from defects in materials or work- manship for a period of two years from the date of purchase. During the warranty period, and upon proof of purchase, the product will be repaired or replaced (with the same or similar model) at our option, without charge for either parts or labor.
Page 7: Service And Support
SRO number is visible on the outside of the package, and ship it charges prepaid and insured. 8100 North McCormick Blvd. Skokie, Illinois 60076-2999 support@usr.com 800-550-7800 847-982-0823 847-982-5092 800-762-6163 Keyword USROBOTICS GO USROBOTICS ftp.usr.com* Username=Anonymous Password=your internet address. http://www.usr.com *The FTP is for downloading files only.
Page 8: Netserver/8
We welcome your suggestions for better documentation Every effort has been made to provide useful, accurate informa- tion. If you have any comments or suggestions, please let us know. By voicemail: Via the Internet: viii (708) 933-5200 sysdocs@usr.com...
Page 9: Chapter 1 Overview
This chapter provides an overview of the Total Control NETServer/8 and NETServer/16. It also contains information on what’s new in version 3.1 of the NETServer firmware. What’s New with Release 3.1? Release 3.1 supports the following new features: Classless InterDomain Routing and Host-based routing via the Netmask Table.
Page 10: Accounting Servers
Netmask Table CIDR (Classless Interdomain Routing) or host-based routing requires special netmasks. Special netmasks may also be useful for debugging. The Netmask Table allows you to configure netmasks for CIDR or host-based routing as needed. RIP messaging/dynamic route information must be active for host-based routing. IP Address Spoofing The NETServer may now be configured to spoof a single IP address.
Page 11 RADIUS Accounting and ANI/DNIS Release 3.1 of the NETServer supports the current RADIUS Accounting Internet Draft. The NETServer can generate appropriate Code 4 Accounting-Request and Code 5 Accounting-Response messages for properly configured RADIUS servers. The NETServer’s RADIUS implementation also supports ANI and DNIS services.
Page 12 New Modem Port Features Release 3.1 of the NETServer Command Line and NETServer Manager software now support the following modem port features: Download new firmware to the modems using NETServer Manager (windows software) version 3.2 or later. You can now send AT commands directly to the modems from the NETServer’s command line.
Page 13: Netserver Overview
NETServer Overview The NETServer allows you to implement four basic applications: IP Terminal Service, IP modem sharing, IP/IPX Network Dial In, and IP/IPX LAN-to-LAN routing. Everything else it does is based on one of these four. IP Terminal Service Remote terminals can log into an IP host on the NETServer’s local network as of they were physically connected to it.
Page 14 IP Modem Sharing Hosts on a local IP network can use a chassis modem to dial out. Moreover, the NETServer can create pools of modems that can be used by local hosts on a first come, first serve basis. To do this, the NETServer allows the host to establish a virtual terminal session with the modem.
Page 15 Dial-Up Routing The same routing engine that allows network dial in access allows the NETServer to establish dial up routing sessions with remote networks. Such connections can be maintained continuously or established on an on-demand basis and torn down when not needed. How do I get there from here? Configuring any of these applications on a NETServer is a three- step process:...
Page 16: Netserver/16
Security The NETServer supports IP and IPX packet filtering in both the inbound and the outbound directions of ports, users, and dial out locations. Packet filter configuration is discussed in Chapter The NETServer also supports the use of a centralized RADIUS security server, allowing you to create a single account for each user rather than multiple user accounts on multiple NETServers.
Page 17: Basic Installation
This chapter contains information on the following: System Administrator Requirements Logging into the supervisor account for the first time Getting the LAN port up and running Recommended Additional Configuration System Administrator Requirements In compiling this manual, we have had to make certain assump- tions about the knowledge of users who will install the product.
Page 18 TCP/IP Reference Material It is the responsibility of the Network Manager to devise an addressing strategy appropriate for the size and growth poten- tial of the network. We recommend the following reference material for TCP/IP: Comer, D.E., Internetworking with TCP/IP Volume I: Principles, Protocols and Architecture, Prentice-Hall, Englewood Cliffs, New Jersey, 1995.
Page 19: Accessing The Command Line
Accessing the Command Line To configure the NETServer from the command line, you must log in as the supervisor. In order to login, you need a login prompt. There are three ways to get one: Attach the provided serial cable to the CONSOLE port and attach the other end of the cable to a terminal (or a PC running terminal emulation software such as Win- dows Terminal).
Page 20: Getting Started
Getting Started Name your NETServer. Among other things, this name will be used for the NETServer’s DNS system name and its SNMP system name. It is also the name that the NETServer will advertise in SAP broadcasts. No other device on your network should be using this name.
Page 21: Getting The Lan Port Up And Running
Getting the LAN port up and running First step for IPX or IP/IPX networks If your network uses the IPX protocol, you must enter the IPX network number of the segment the NETServer connected to the NETServer’s LAN port. You can find this network number using Novell’s CONFIG utility.
Page 22 This is an example of the information returned for one version 3.xx card that has two different frame types. The card has one port address, but two LAN protocol network addresses, one for each frame type. The network number for 802.3 is 00000255, and for 802.2 it is 00000684. Write down the LAN protocol IPX network number for the frame type you want to use.
Page 23 IP Configuration IP Network Address: You must assign an IP address to the NETServer’s LAN interface (Ethernet or Token Ring port). Type the following: set net0 address <IP address> If your network does not use IP, you may choose whatever address you like.
Page 24 You must also set the Broadcast Address. Type the following: set net0 broadcast < high or low > High The bits of the host portion of a broadcast address are all ones. This is the rule for the vast majority of IP networks.
Page 25: Ipx Configuration
IPX Configuration IMPORTANT: Even if your network uses only the IPX protocol, you must set up an IP address for the NETServer if you want to use the Windows-based management software. If you have not already done so, perform step 1 under IP Configuration. IPX Network Frame Type: This is the IPX frame type of the network segment connected to the NETServer’s LAN port.
Page 26 Final Steps Save your configuration and reboot the NETServer. Note that the LAN port settings are the only configuration changes that will require rebooting the NETServer. To save your changes, type the following: save all Wait until the RN/FL LED is green. Rebooting the NETServer while a save is in progress could cause the flash memory to be corrupted.
Page 27: Recommended Global Configuration
Recommended Global Configuration Following is a list of global fields that we recommend you configure. Password This is the password for the superuser (supervisor) account. If a password has been set, it must be entered when logging into the NETServer from either the command line or from the Windows- based software.
Page 28 To set the IP gateway, type the following: set gateway <IP address> <metric> The following example configures an IP default gateway whose cost is prohibitive to all but the closest subnets: set gateway 192.77.203.200 12 To set the IPX gateway, type the following: set ipxgateway <IPX node address>...
Page 29: Save Your Work
Name Service This is the server that translates your host names into their corresponding IP addresses.. The NETServer supports two types of name services DNS and NIS. NIS is also sometimes referred to as Yellow Pages (YP). If you are using DNS, type set namesvc DNS If you are using NIS, type set namesvc NIS...
Page 30 2-14 Basic Installation...
Page 31: Configuration Overview
Configuration Overview The internal firmware lets you manage and configure the NETServer by typing commands. This chapter covers the following: How to set up applications Issuing commands Quick Command Overview Overview of configurable tables How to Setup Applications There are three applications the NETServer is designed to handle: user dial in access, modem sharing, and LAN-to-LAN routing.
Page 32: Where Do I Go From Here
Where do I go from here? Each of the three applications has a section of this manual devoted to its setup. If you want to begin configuration immediately, you may go to one of the chapters listed below: Application User Dial In Access LAN-to-LAN Routing IP Modem Sharing Note that there are actually two Chapters for user dial in access.
Page 33: The Command Line
The Command Line The Command Line Interface is similar to DOS, UNIX or Netware in that you can type commands to view information, change settings and so on. Commands are not case sensitive You can type any command in upper or lowercase. Table entries are case sensitive, however.
Page 34: Save Your Changes
Save your changes You can save all of your changes, or you can save changes to a specific table only. Note: We recommend using save all. If you save tables individually, the space used by the previous version of the table is not freed up.
Page 35: Quick Command Overview
Quick Command Overview The NETServer’s configuration data is stored in several tables, including the user table and the location table among others. To change most parameters in these tables, use the set command: set <user | location | port | etc.> <parameter name> <value> For example: set net0 address 192.77.203.5 set user John password Bumblebees...
Page 36: Overview Of Configurable Tables
Overview of configurable tables This section contains a brief description of each of the NETServer’s internal databases. Global Configuration The Global Configuration table lets you configure parameters that apply to all ports, such as the Name Service (if any) your network uses, default gateways through which to forward packets, and so on.
Page 37: Location Table
Initialization Script Configuration A Port Initialization Script is a string of text that is sent to a modem (or S0, the external serial port) each time the port is reset (a modem resets itself every time it disconnects). Initialization scripts for the modems will probably contain the AT commands needed to configure them for use on your network.
Page 38 Packet Filter Table Packet filters may be created to control which packets are permitted to pass through given interfaces. Packet filters created in the Packet Filter Table screen are used in the following Tables: Net0 (LAN port) Configuration—to control what packets may pass through the LAN interface to the local network (output filter) or from it (input filter) Location Table—to control what packets are received from...
Page 39: Port Configuration
Port Configuration Port Configuration controls the modem ports and the external serial port. The configuration of these ports reflect what appli- cations a given modem can be used for. Port Type Three fields determine which type of services a modem will support: User Login, Host Device, and Network.
Page 40: Snmp Configuration
Hardwired Routes Table The routes table contains both static and dynamic routing information. Dynamic routes are updated by RIP broadcasts received from other routing devices on the network. Static routes are routes added to the table by hand. A static route to a given location will override a dynamic route that RIP generates.
Page 41: User Table
User Table The User Table contains authentication and configuration information for two types of users: Login Users and Network Users. Note that you cannot have a Login User with the exact same name as a Network User. Login Login users are remote users dialing in to request terminal service from an IP host.
Page 42 3-12 Configuration Overview...
Page 43: Ip Terminal Server Setup
IP Terminal Server Setup If you have workstations or terminals at a remote site that require access to a host on the local network, you can configure the NETServer to function as a terminal server. Terminal or Workstation Setup The remote user should get the following information from the NETServer’s system administrator: The user name and password that he or she will use.
Page 44: Configuring A Port
NETServer Terminal Server Setup (Overview) Find out what kind of terminals are being used (or what kind of terminal will be emulated). If you don’t know the terminal emulation to use, you can also choose to go with standard Network Virtual Terminal emulation (ASCII only dumb terminal).
Page 45 A Note About Hosts When a login user dials in, he or she is forwarded to a host. Which host the user is forwarded to depends on several things. The NETServer first attempts to find host information in the individual’s user table entry. If the user table shows a host of Default, the NETServer checks the host setting for the port the user is connected to.
Page 46: Ip Terminal Server (Detailed Setup)
Terminal Server (Detailed Setup) The following section give details on configuring the NETServer as a terminal server from the command line. For instructions on how to attach to the command line software, see Connecting to the Command Line in Chapter 2. Configuring a Port Ports used for terminal service must be configured as User Login ports.
Page 47 Step 3 - Create default user settings for the port If you turned security off in Step 2, port defaults must be set to tell the NETServer what to do with users not in the user table. If security is on, these settings are optional. Users who are in the NETServer’s user table may also use some of these settings.
Page 48 Port Default - Login Service The NETServer uses the service specified here to connect users not in the user table with the port default host. Users with user table entries will not use this setting This setting is never used when Security is set to On.
Page 49 Port Default - Terminal Type: This value is used by all login users connected to this port. The purpose is to inform the host what kind of terminal is being used (or emulated). by users connecting to this port. The field is a string of characters that must be recognized by the host as a valid terminal type.
Page 50 Many automated login scripting systems expect a login prompt to end in login:. Putting any character after the colon (including quotation marks!) will cause some login scripts to crash. If you select Telnet as the Port Default Login Service, the NETServer changes the login prompt to “Press <Return>...
Page 51 Adding a Remote User to the User Table Users for terminal server applications are configured as login users. Step 1 - Add the user to the User Table Type the following command: add user <name> password <password> Step 2 - Configure the user You must specify a login service for each user.
Page 52 Login Service The NETServer uses the service specified here to connect the user to the selected host. Note that the remote terminal or workstation does not need to know how to use this service since it talks directly to the NETServer, not the host. Use the following command: set user <name>...
Page 53 Step 3 - Configure for dialback use? Normally, after a user enters his or her user name and password, the connection to the host proceeds. When a dialback user enters his or her user name and password, the NETServer hangs up and dials the user back.
Page 54: Ip Terminal Server Case Studies
IP Terminal Server Case Studies The following examples set up users to log into the two hosts in the illustration below. IP Terminal Server - Case Studies Example 1 UserA, UserB, and UserC are all Login Users with entries in the user table.
Page 55 This example also assumes that Sun1 is the NETServer’s global default host. The command to do this is: set host 192.77.203.2 Port Setup The NETServer will use ports 6, 7, and 8 for this application. set s6 login set s7 login set s8 login Ports 6 and 7 will be used exclusively by users who already have user accounts.
Page 56 Users connecting to the info line will be connected directly to a database application running on VAX1 and will have no other access to VAX1. Note that since netdata is talking directly to an application, it will not relay terminal type information to the host.
Page 57 Example 2 Suppose you have a lot of potential users, but only a couple of hosts, each of which has its own login security already set up for each of its potential users. It may be easier to assign generic user names for each host and let the hosts take care of user authentication.
Page 58 4-16 IP Terminal Server Setup...
Page 59: Network Dial-In Access
Network Dial In Access Network dial in users establish PPP or SLIP connections with the NETServer and the local network. Unlike the “login users” covered in the previous chapter, this kind of user is connecting to the network as a virtual node rather than simply acting as an input/output device (terminal) for an existing network node.
Page 60 NETServer Setup for Network Dial-In (Overview) This setup configures a NETServer for users to dial in to. Note: This is a special case of LAN-to-LAN routing in which the dial in network has only one node (an end user). For a more complete understanding of how the NETServer handles these functions, you may want to study Chapter 6 as well Prework...
Page 61 Configuration Configure at least one port for a network dial in connection. See Configuring a Port, later in this chapter, for details. Decide whether the dial in user is a normal user or a dialback user. If the he or she is a dialback user, you must create a Location Table entry for that user.
Page 62: Netserver Dial-In (Detailed Setup)
NETServer Dial-In (Detailed Setup) To set up the NETServer software for this application: Configure at least one port Create a user table entry for each user Configuring a Port Ports used for this type of dial-in access should be configured as Network ports that allow dial in.
Page 63 Step 2 - Optional friendly stuff The following two parameters allow you to customize the port’s printed response to dial in users. Note that Hardwired ports do not use these settings. Login Message You can create a message (banner) that users will see prior to login.
Page 64: Step 4 - Save Your Changes
Step 4 - Save your changes Save the changes to flash memory: save s<port #> Reset the port so the changes take effect: reset s<port #> Adding a Remote User to the User Table Note that user table entries do not need to be created for Hardwired ports.
Page 65: Step 1 - Create A New User
Step 1 - Create a new user Add the remote user to the User Table. Use the following command: add netuser <name> password <password> Specifying a password is optional. In the example below, User1 will not be required to enter a password to get access to the network.
Page 66 Step 3 - Add configuration information for the user You must set the following parameters. All other parameters are optional. IP Address This is the dial in user’s IP address for the duration of the connection. This address can be selected in three different ways. Assigned Negotiated IP address...
Page 67 Protocol Select the protocol to be used for the connection (PPP or SLIP). Use the following command: set user <name> protocol < ppp | slip > IPX remote access sessions require the PPP protocol. If you have specified an IPX Network Number, the NETServer will set this to PPP automatically.
Page 68 Routing Set the level of RIP messaging that the two devices will ex- change during the connection. Use the following command: set user <name> routing <option> <option> can be any one of the following: broadcast Send dynamic routing information to the dial in user (but do not listen) listen Listen for dynamic routes received from the dial in...
Page 69: Ip Remote Access Case Study
IP Remote Access Case Study UserA, UserB and UserC will be dialing to connect with the local network. UserC will be a dialback user. This case study assumes the following: The configuration will take place from the Command Line The NETServer has the correct IP address and netmask All other settings remain at factory defaults Configure the ports This example will use ports 3 and 4 to answer calls from dial in...
Page 70 Create user table entries for the dial in users Use the following commands to create User A: add netuser userA password userApw set user userA address 192.77.203.100 set user userA netmask 255.255.255.0 set user userA protocol ppp set user userA mtu 1500 set user userA routing on User B will be configured to use CSLIP (Compressed SLIP) add netuser userB password userBpw...
Page 71 A modem group must be defined to tell the NETServer which modems it can use to dial out to the location. Note that since only serial port 4 was configured for dial out use, the group we create will contain only port 14. set s4 group 1 set location sales_1 group 1 Maxports (the maximum number of ports that can be used to...
Page 72 Connecting to the NETServer The users are now ready to connect to the local network. When they dial into the NETServer from a communications software package, they will see a login message (banner) and prompt. If UserA and UserB respond to the User Name and Password prompts correctly, the NETServer connects them to the network.
Page 73: Configure The Ports
IPX Remote Access This case study assumes the following: The configuration will take place from the Command Line software. The NETServer is configured with the correct IPX network number, IPX Frame Type, and Sysname. The NETServer is set to the factory defaults on all other settings.
Page 74 Create User Table entries for the dial in users Use the following commands to create an IPX user account for UserA: add netuser userA password userApw set user userA ipxnet 00010000 set user userA protocol ppp set user userA mtu 1500 set user userA routing on UserB also has both the IP and the IPX protocol stacks loaded on his machine.
Page 75: Lan-To-Lan Routing
The NETServer can perform IP or IPX LAN-to-LAN routing with a remote NETServer or third party router. This chapter assumes that the basic installation of all involved routing devices has already been performed. Setup for NETServer Routing (Overview) Before you begin, obtain the following information. These items are required for routing connections: TCP/IP routing An IP address to connect to.
Page 76 IPX routing An IPX network number that will represent the connection between the two devices. This number must not already exist on either network. IPX connections must use the PPP protocol and an MTU of 1500. When you assign an IPX network number to the connection, the NETServer will set these values automati- cally.
Page 77 Test the connection from both sites. See Testing the Connec- tion, later in this chapter for details. LAN-to-LAN Routing...
Page 78: An Introduction To Netserver Routing
An Introduction to NETServer Routing Some network devices, such as Router 1 and Router 2 in the drawing below, have more than one network interface, allowing them to be attached to multiple network segments. Such devices allow data from one end of a large network to be forwarded to the other end.
Page 79 addresses of “Gateways” (next hops) through which packets should be forwarded when they are headed for given destina- tion addresses. A gateway can be a host, a server or any other device that performs routing functions In the drawing below, the NETServer would require an entry for segment C in its routes table in order to forward packets going from network segment A to C.
Page 80 Static vs. Dynamic Routes Static routes are user-defined. By adding entries to the Routes Table, you tell the NETServer how to forward packets bound for specific networks. Fortunately, most networks don’t require you to build routing tables by hand. All IPX and most IP networks use a protocol that builds routing tables dynamically to reflect changing network conditions.
Page 81: How Packets Are Routed
How Packets are Routed When the NETServer receives a packet, it looks up the packet’s destination in its routing table. If a static route is found, the packet is sent to the gateway listed. If a static route is not found, the NETServer will use a dynamic route.
Page 82 Routing Procedure Packet NETServer/16 Destination X 6-8 LAN-to-LAN Routing...
Page 83: Pap And Chap Authentication
PAP/CHAP Authentication The NETServer supports auto-detecting the PAP and CHAP methods of login authentication on PPP connections. If a user dials in and starts sending PPP packets, the NETServer asks that the user log in with PAP (enter a user name and password). If the user refuses PAP authentication, the NETServer demands CHAP authentication.
Page 84 A “challenge value” (a randomly generated string of characters) The challenged system then concatenates the challenge value with the shared secret and passes the new string through a hashing algorithm. When the hashing algorithm has formed a response based on this string, the challenged system replies with a packet containing both the response value and a user name.
Page 85 A CHAP Challenge Example At the Corporate site is a NETServer with the Sysname of NETSERVE. A typical authentication might resemble the following: A remote NETServer establishes a connection and negoti- ates for an authentication procedure. NETSERVE becomes responsible for issuing a CHAP challenge.
Page 86: Lan-To-Lan Routing (Detailed Setup)
LAN-to-LAN Routing (Detailed Setup) The following section gives details on configuring routing from the command line. To attach to the command line software, see Connecting to the Command Line in Chapter 2. Configuring the Port Ports used for LAN-to-LAN routing need to be configured as Network ports.
Page 87: Step 3 - Save Your Work
Step 2 - Creating a Dial-Out Group Dialout and Twoway ports only. If the NETServer will dial out to a remote location, you must create a group of modems that can be used to dial out to the location. Note that you must do this even if only one modem will be used for that particular location.
Page 88: Adding A Remote Device To The Location Table
Adding a Remote Device to the Location Table This is required only if the NETServer will dial out to the remote location. If the NETServer will not be initiating connections to the remote location (the remote device will always do the dialing), you may skip to the section titled Adding a Remote Device to the User Table.
Page 89 Manual (Used for debugging) The NETServer dials out only when it receives a dial command from the command line. Continuous The NETServer will attempt to maintain the connection at all times. If the connection is broken it will dial again. Example: set location Atlanta on_demand Protocol...
Page 90 Netmask This is the remote network’s IP subnet mask. Use the following command: set location <location name> netmask <netmask> The Maximum Transmission Unit specifies the size of the largest packet that may be sent to this location. IPX connections will discard larger packets.
Page 91 Compression If using SLIP, enable Van Jacobson IP header compression only if both networks use CSLIP (compressed SLIP). If compression is enabled for a PPP connection, the NETServer will attempt to negotiate for compression, but will not use it if the remote site does not support compression.
Page 92 Step 3 - Multiple lines for a single connection When talking to other NETServers, the NETServer can spread a single TCP/IP connection over multiple lines (increasing throughput). Individual IPX clients/socket connections will show little (if any) benefit from this technique. However, because load balancing is employed, this technique may allow you to pipe more IPX clients/socket connections through the same bandwidth.
Page 93 Maximum Ports Sets the maximum number of ports the NETServer can use for a single connection to the remote location. Use the following command: set location <location name> maxports <0 .. 16> (default) disable dialout to the location. Use only one port for a connection. This setting must be used if the remote device is not another NETServer.
Page 94 The second method is to configure each modem to dial a differ- ent stored number. This is done using the modem’s AT&Z command. You can send this command to the modem from the NETServer’s command line by typing the following: set s<port #>...
Page 95 If you had configured this location to use multiple lines without a hunt group (see Step 3), you would configure the NETServer to use whichever number the modem has stored, rather than giving it the number explicitly. Since each modem has a differ- ent number stored, each will dial a different number.
Page 96: Adding A Remote Device To The User Table
Adding the Remote Device to the User Table Adding a user table entry is required if the remote device will be dialing into the NETServer. It is only required for dial out connections if you want to use CHAP authentication on a PPP connection. Step 1 - Create a User Table Entry Type in a user name and password: add netuser <user name>...
Page 97 Protocol Select the protocol to be used for the connection (PPP or SLIP). Use the following command: set user <user name> protocol < ppp | slip > IPX LAN-to-LAN routing requires the PPP protocol. If you have assigned an IPX Network Number, the NETServer will set this to PPP automatically.
Page 98 Routing Set the level of RIP messaging that the two devices will ex- change during the connection. Use the following command: set user <user name> routing < broadcast | listen | on | off > broadcast device. (but do not listen) listen Listen for dynamic routes received from the remote device.
Page 99: Lan-To-Lan Routing Case Study
LAN-to-LAN Routing Case Study The following example shows routing between two NETServers in order to demonstrate how each end of the connection would be configured. This case study assumes the following: both NETServers (NETServerA and NETServerB) are configured with the correct IPX network number, IPX Frame Type, IP address and Netmask.
Page 100 This example will set up two NETServers for LAN-to-LAN routing. NETServer B will be configured to dial NETServer A on demand. In other words, when packets are waiting to be transferred, NETServer B will form a virtual connection to NETServer B. When the connection is no longer needed, it is terminated.
Page 101 Setting Up NETServer B NETServer B (a 16 port NETServer) will dial out to NETServer A using ports 10 and 11 (The port defaults will not work in this case). set s10 network dialout set s11 network dialout Instead of user entries, dial out ports have entries in the location table.
Page 102 Since this dial script expects the verbal result code “CONNECT” from the modem, we should make sure the the init script for each modem in the dial group contains Q0 and V1. The default init script, USR_int, contains both of these settings (as part of &F1) and some other useful modem configuration.
Page 103: Testing The Connection
Testing the Connection You can test the connection by setting the location for manual dialing. set location nsb manual dial nsb -x The -x parameter lets you see the connection/authentication messages in order to verify the connection. Make any necessary changes to the dial script and retry dialing until the connection succeeds.
Page 104 Connecting to NETServer A from NETServer B When a user on LAN2 tries to connect with a host on LAN1, NETServerB dials NETServerA and establishes a LAN-to-LAN connection. The first person to connect sees an initial delay while the NETServers exchange CHAP messages. After the initial connection, traffic will flow freely and any user on either network can use the connection to telnet, ftp, and so on back and forth.
Page 105: Chapter 7 Talking To The Modems
Talking to the Modems This chapter discusses use and configuration of the NETServer’s internal modems. The following subjects will be covered: TCP/IP modem sharing Modem Initialization Scripts Sending AT commands to the modems TCP/IP Modem Sharing Configuring a port to act as a “host device” allows users on a local TCP/IP network to use the modem for dialing out.
Page 106 <TCP port#> can be any number not already used by the NETServer. We suggest 6000 plus the modem number. Assign- ing the same TCP port number to multiple ports will create a pool of modems. The user will be connected to the first avail- able modem in the pool.
Page 107: Implementing Security With Host Device Dial Out
Implementing Security with Host Device Dial Out To authenticate a host device dial out user, configure a host device port with a device service of Telnet and a TCP port number between 10,000 and 10,100. These ports can only be connected to by the NETServer itself, forcing the user to telnet to port 23, the default telnet port, and have the NETServer forward him to the modem.
Page 108: Configuring Modems As Unix Pseudo Ttys
Configuring modems as UNIX pseudo TTYs A pseudo tty device acts like a serial device, but is actually something else entirely. In this case, we would like one of the NETServer’s modems to act like it is connected to one of the serial ports of a UNIX host, even though it’s really attached to the NETServer.
Page 109 Keep in mind that other programs on the host may use these pseudo-tty devices, but usually select the pseudo-tty drivers from the beginning of the list (for example, /dev/ttyp0, /dev/ try, and so on). In order to avoid conflicts, we recommend you select the pseudo-tty device drivers from the end of the list (for example, /dev/ttypf or /dev/ttyqe).
Page 110: Modem Initialization Scripts
Modem Initialization Scripts An initialization string may be sent to any one of the NETServer’s S-ports every time the port is reset (a modem resets itself each time it disconnects). An initialization string can contain any text that needs to be sent to a port at start up. For a modem, the initialization string will usually contain AT com- mands.
Page 111 Caution: Avoid using commands that write to the modem’s NVRAM (such as &W) in an initialization script that you plan to use indefinitely. Rewriting the NVRAM every time the port is reset may eventually wear the NVRAM out. Use such com- mands only on a short term basis.
Page 112 Reset the port so your changes take effect. reset s3 The default initialization string NETServer/8 and NETServer/16 have a pre-defined initializa- tion script assigned to all their internal modems. This script is called USR_int and looks like this: AT&FS0=1\r\n This string sets a U.S.
Page 113: Sending At Commands
Sending AT commands to the modems Version 3.1 of the NETServer/8 and NETServer/16 firmware allows you to send AT commands to the internal modems directly from the NETServer’s command line. To do this, type the full AT command string that you would send to the modem as part of the following command: set s<port #>...
Page 114 7-10 Talking to the Modems...
Page 115: Packet Filters
This chapter covers setting up packet filters for the NETServer. The following topics are included: Filter overview Creating new packet filters Filter rule format TCP/IP packet filtering IPX packet filtering Editing Packet filters Packet Filters Packet filters are primarily used in networks that cross organiza- tional or corporate boundaries.
Page 116: Types Of Filters
Types of Filters The NETServer supports the following types of packet filters: Input and output filters; packet filters can be created to control either inbound or outbound data packets Source and destination address filtering; a packet filter can permit or deny access based on the IP address of the source and/or destination Protocol filtering;...
Page 117: Information Sources
Information Sources Internet packet filtering and security are complex issues which this chapter can barely scratch the surface of. The following sources provide additional information: Cheswick and Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker, Addison Wesley, 1994, ISBN 0-201-63357-4 Siyan and Hare, Internet Firewalls and Network Security, New Riders Publishing, 1995, ISBN 1-56205-437-6 Input filters vs.
Page 118: Adding Packet Fitlers
Adding Packet Filters To create a new filter, type the following command: add filter <filter name> The filter name can be up to 15 characters long. Optionally, you can add an extension beginning with a period to the end of a filter. For example, we recommend that you add .in to an input filter name (such as sales.in) and .out to the corresponding output filter (such as sales.out).
Page 119 Input filters vs. Output filters You can assign two packet filters to each interface: an input filter and an output filter. Input filters control which packets are allowed into the NETServer through the interface. Output filters control what packets are allowed out of the NETServer. When possible, use the input filter to filter out an incoming packet rather than waiting to catch a packet on its way out of the NETServer.
Page 120: Filter Rule Format
Filter Rule Format A packet filter consists of a set of rules which you must create. A newly created packet filter contains no rules. The number of rules a packet filter may have is limited only by the amount of available flash memory in the NETServer.
Page 121 Rule Number This is a number up to the highest previously set Rule # plus one. For example, if a packet filter currently has four rules, the new rule can be any number between 1 and 5. Note that if an existing rule number is specified, it is replaced by the new rule.
Page 122 TCP/IP packet filtering After the filter name, rule number and permit/deny, IP rules start with the following parameters: <source address/mask> <destination address/mask> < tcp | udp | icmp > Depending on the protocol, there can be more options following these parameters. See TCP and UDP parameters and Filtering ICMP packets (below) for more information.
Page 123 Destination Address The address given here is compared to the destination address of the packet. Note that only the part of the address specified by the mask field is used in the comparison. If a match is found, the packet is forwarded (rules containing permit) or discarded (rules containing deny).
Page 124: Tcp And Udp Parameters
TCP and UDP parameters TCP and UDP packets can be filtered by source and destination socket numbers. This allows you permit or deny specific services. < tcp | udp > src < lt | gt | eq > <TCP/UDP port #> Compare the source port number in a TCP or UDP packet to a specific value.
Page 125 Standard Port Numbers The table below contains information on standard port numbers for some common services. For a complete list, see the most recent “Assigned Numbers” RFC (currently RFC 1700). Description File Transfer Protocol (data) File Transfer Protocol (control) Telnet Simple Mail Transfer Protocol Who Is Domain Name Service...
Page 126 1642 1645 1646 Filtering RIP messages If the NETServer is listening for or broadcasting RIP messages, you should permit them (UDP dst eq 520) to pass in the appro- priate direction(s). Note that spurious RIP messages can disrupt your routing tables.
Page 127 Step 2 - The client opens a control channel To initiate an FTP session, the client opens a control channel on the well-known FTP port 21. This means any client on the local network must be able to send packets to TCP port 21 on any external host.
Page 128 FTP Example 2 If you also wanted to allow external clients access to a specific FTP server on your network, you could add a few more rules. In this example, our FTP server is 192.77.203.12 set filter ftp.in 3 permit 0.0.0.0/0 192.77.203.12/32 tcp dst eq 21 set filter ftp.out 3 permit 192.77.203.12/32 0.0.0.0/0 tcp src eq 21 dst gt 1023 established set filter ftp.out 4 permit 192.77.203.12/32 0.0.0.0/0 tcp src eq 20 dst...
Page 129: Filtering Icmp Packets
Filtering ICMP packets ICMP packets can only be filtered by type. So, the only option type <icmp message type> The ICMP message types are listed below. Note that most of them are error messages necessary for the correct operation of TCP/IP: Type If you are concerned about security, filter out incoming type 5...
Page 130: Ipx Packet Filtering
IPX packet filtering IPX packets can be filtered by source and destination host, network or socket. Additionally, SAP packets can be specifically permitted or denied. Note that IPX network numbers must be specified as 8-digit hex values. Node addresses must consist of the 8-digit network number, followed by a colon and then the 12-digit MAC address.
Page 131 dsthost Compare the destination IPX node address contained in the packet to the address given. The IPX address should be in hexadecimal format. < permit | deny > dsthost <IPX node address> srcsocket Compare the source IPX socket number contained in the packet to the socket number given.
Page 132: Sap Rules
SAP Rule Options SAP rules are only used in output filters. The rule format is as follows: < permit | deny > <keyword> <value> Possible keywords are server, network, host, and socket. server Compare the server name of an advertised service to the server name of the packet filter.
Page 133: Editing Packet Filters
Editing Packet Filters Edit a Packet Filter See Filter Rule Format, earlier in the chapter for a description of filter rule format. For information on filter rule options, see the section specific to the type of packet filter you are editing. To edit a filter, replace an existing rule with a new one.
Page 134 View a Packet Filter If you want to check to view a specific packet filter, use the following command: show filter <name> You’ll see the packet filter’s IP rules first, IPX rules second, and then the SAP rules. The information you see might look some- thing like this: 1 deny 0.0.0.0/0 0.0.0.0/0 tcp src eq 23 2 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 23...
Page 135: Administrative Tools
This chapter covers commands whose functions are purely administrative. Configuring the !root account Manually connecting to a remote site Troubleshooting commands The SHOW command Configuring the !root account The commands in this section control access to the supervisor account (!root). Changing the command prompt If you have more than one NETServer and want to differentiate between them, you can change the Command>...
Page 136 Note: You can also disable Telnet access to the !root account. For more information, see Telnet Access Port below. Telnet Access Port You can reach the command line interface by initiating a Telnet session and logging into the NETServer as !root. The Telnet Access Port identifies the specific TCP port number that the NETServer should listen to for incoming Telnet sessions.
Page 137: Manually Connecting To A Remote Site
Manually Connecting to a Remote Site You can dial a remote (or local) site from the Command Line software with the dial command and log in to a local host with the nslogin, rlogin, and telnet commands. The Dial Command Use the following command: dial <location>...
Page 138: Troubleshooting Commands
Troubleshooting Commands Troubleshooting commands are described in the following sections. Viewing DEBUG messages The debug command allows you to view certain messages which would normally be discarded. If you have a strong background in the protocols you wish to view, these messages should be useful in determining the following: Why a dial in user is failing to connect.
Page 139 When you are finished viewing debug messages, tell the NETServer not to display messages. set debug 0x00 Turn off the output console by typing the following: reset console Administrative Tools 9-5...
Page 140 Ifconfig This command displays the current (active) configuration of an interface. Note that the configuration of a serial port is only displayed when there is an established point-to-point connec- tion using that serial port. That is, an established connection with S1 would show up as ptp1 (point-to-point connection 1) Ifconfig also lets you reconfigure the NETServer interfaces while they are active.
Page 141 The second line contains the following information: Broadcast The Ethernet broadcast address. Dest Displays the IP address of the device on the other end of a point-to-point connection. Inet The interface’s IP address (NETServer em- ploys its LAN port IP address for most connections).
Page 142 Ping This verifies that the NETServer can communicate with other devices on the network. Use the following command: ping <IP address> <IP address> is the IP address or name of the device on the network you want to ping. You’ll see the following results if the ping is successful: 199.55.55.55 is alive If you have a name service such as DNS or NIS, you may see the...
Page 143 Ptrace This command lets you monitor network traffic at the packet level. Use the following command: ptrace <filter name> Note that if you type the command without specifying a packet filter, ptrace is disabled. Keep in mind that this packet filter does not function like an output or input packet filter.
Page 144 Traceroute This command identifies the routers (and the path) to a remote host/system. The name or IP address of the remote host/ system follow the traceroute command. Use the following command: traceroute <IP address> The information you see might look something like this: Command>...
Page 145: The Show Commmand
The SHOW command The show command can be used to view the NETServer’s current configuration and its routing activity. The command has the following options: show... arp <interface> filter <filter name> flash global init_script <script name> ipxroutes location <location name> memory netconns net0...
Page 146: Show Flash
show arp Show arp allows you to view IP address resolution information for the given interface. To use this command, type show arp <interface> <Interface> can be one of the following: net0 ptp<port #> The NETServer will respond with a list of IP addresses, followed by the corresponding MAC addresses.
Page 147: Show Memory
show memory Use the following command to see the NETServer’s DRAM memory utilization: show memory The information you see might look something like this: System memory 2097152 bytes - 1457952 used, 639200 available Free blocks (block_size:count): 4096:1 1152:0 640:0 80:7 160:1 48:5 128:0 32:8 System nbufs 800 created - 20 used, 780 available (27 maximum used, 0 underflows) System netqueues 174 available, 172 min.
Page 148: Show Netstat
Foreign Address The address of the port on the remote side of a (State) show netstat The show netstat command provides information on network statistics, specifically on each network interface or ptp (point-to- point) connection. show netstat The information you see might look something like this: Name Ipkts net0...
Page 149: Show Sessions
show sap Use the following command to view the SAP interfaces: show sap The information you see might look something like this: Server Network Host ------------- ----- ------------------------------------------- PRINTERS 0AE31100:000000000001:8060 AE_311 0AE31100:000000000001:0451 show sessions This command provides a port-by-port synopsis of activity, including information such as the user currently dialed in, the destination host system, the type of connection, and the amount of time that they have been dialed in.
Page 150 Type Status Online Idle 9-16 Administrative Tools This is the type of service that the port has been configured to support. Possible Port Types are: Login User login port Device Host device port Twoway Both user login and host device port Netwrk Network (dial in or dial out)
Page 151: Command Reference
This chapter contains a complete listing of all the commands for configuring the following (in alphabetical order): Global Configuration The Hosts Table The Location Table Net0 (LAN Port) Configuration The Netmasks Table The Ports Table (S-Port Configuration) The Routes Table SNMP Setup The User Table Global Configuration...
Page 152: Save Changes
How to . . . Get help To bring up a list of command options for Global Configuration, use the following command: help set global Save Changes To save any configuration changes you have made, use the following command: save global View the Global Configuration Table To view Global Configuration, type: show global...
Page 153: Connect Message
Assigned Address Optional. The Assigned Address is the first of 9 (NETServer/8) or 17 (NETServer/16) consecutive IP addresses. One address is set aside for each modem plus an additional address for the external serial port (s0). Network users whose IP address field are set to “assigned”...
Page 154 Randomize Hosts This command is used to relieve the burden on frequently-used global default, port default and RADIUS user table hosts. All three of these tables contain a default host and several alternate hosts. When the random host command is turned off (default), the user will be connected first to the default host.
Page 155: Default Gateways
Global routing parameters The parameters in this section configure routing on all ports. Default Gateways If the NETServer does not know where to send a packet, it forwards the packet to the default gateway or router defined in this step. Default gateways must be on the same subnet as the NETServer.
Page 156: Default Route
Default Route This command determines whether the NETServer will dynami- cally update IP default gateway information. The default is off. Use the following command: set default < on | broadcast | listen | off > The NETServer will broadcast its default gateway information as part of normal RIP messaging and will also listen for default gateways broadcast by other routing devices.
Page 157: Pap Authentication
NetBIOS Packet Propagation On an IPX network, NetBIOS obtains information by broadcast- ing type 20 packets to all networks. In order to fully support NetBIOS over IPX, the NETServer must be configured to for- ward type 20 broadcast packets across an IPX network. The following command is used: set netbios <...
Page 158: Server Name
Name Service These commands configure the name service your network uses. A name service allows you to use host names rather than just IP addresses. The default is no name service. If you select a name service, you must also enter a Name Server and a Domain Name (see below).
Page 159: Domain Name
Domain name This is the name of the domain the NETServer belongs to. Both the primary and the secondary name servers must belong to the same domain. Use the following command: set domain <domain name> DNS Cache Reset Time-out Once the NETServer has obtained a name resolution response from a DNS server, it caches the results so that the name resolu- tion information can be reused without further DNS requests.
Page 160: Radius Security
RADIUS security The following commands configure the NETServer’s use of RADIUS security servers. See Appendix F for more information on RADIUS. Primary RADIUS Server This is the IP address of the primary RADIUS authentication server. Use the following command: set authentic <IP address> Alternate RADIUS Server The IP address of the secondary RADIUS authentication server.
Page 161 Accounting servers The following commands configure the NETServer’s communi- cations with accounting servers. RADIUS Accounting This command specifies the primary (1) and secondary (2) RADIUS accounting servers. RADIUS is an open protocol for network accounting. This allows the NETServer to send ac- counting messages to any one of a number of RADIUS imple- mentations available, including U.S.
Page 162 ICMP Logging This command determines whether the NETServer sends ICMP errors such as Host Unreachable to the Syslog server. The default is off, which means that the NETServer does not pass such messages to Syslog. set icmplogging < on | off > Note that the NETServer must be configured to use Syslog network accounting (see Syslog Accounting).
Page 163: Hosts Table Configuration
Hosts Table Like a name service, the hosts table translates names to IP addresses and vice versa. However, the hosts table is only used by the NETServer itself, rather than the entire network. If you are not using a name service and you want to use names rather than IP addresses, you must first create host table entries for all the hosts you want to refer to.
Page 164: Location Table
Location Table Use the location table to define sites that the NETServer can dial out to. (As opposed to dialing in, which requires a User Table entry). How To . . . Add a Location to the Location Table To add a remote site or host to the Location Table, use the following command: add location <location name>...
Page 165 Save Location Table Changes To save changes you have made, use the following command: save location View the Location Table To view the Location Table, type the following command: show table location The information you see might look something like this: Location Destination —————...
Page 166: Connection Type
Location Table Parameters Connection Type This determines when then the NETServer will dial the remote host or site. Your options are Continuous, Manual, and On Demand. The default is On Demand. Continuous The NETServer keeps the connection to the remote site active at all times.
Page 167: Ipx Network
IP Address This command is used to tell the NETServer what IP address will be used by the remote device. The default is 0.0.0.0., which disables the port for TCP/IP connections using PPP. Use the following command. set location <location name> destination <IP address> PPP links: If the IP Destination is set to 255.255.255.255, the NETServer will try to negotiate or learn the location’s IP address.
Page 168 Protocol Default is SLIP. This field indicates what protocol the NETServer should use to encapsulate packets bound for the remote user. set location <location name> protocol < ppp | slip > Connections that forward IPX packets must use the PPP protocol.
Page 169 Dial Group This field specifies which group of modems will dial-out to a remote location. Group numbers can range from 0 to 99. The default group, 0, can be thought of as the group of all modems which have not been assigned to a different group. set location <location>...
Page 170 Idle Time-out Applies to Manual and On Demand locations only. Idletime specifies how many minutes a dial out connection to this location can remain idle before the NETServer disconnects. Default is 0 (disable idle time-out). Use the following command: set location <location name> idletime <2 to 240 minutes> Note: The idle timer ignores RIP, SAP and keepalive packets, allowing ports to time-out even though these protocols are running.
Page 171 This is the Maximum Transmission Unit (MTU) used with this interface. MTU sets the largest frame or packet size that a connection protocol will send. If an IP packet’s size is greater than the MTU setting, it’s broken down into smaller pieces. IPX packets larger than the MTU are discarded.
Page 172: Output Filter
Output Filter Packets being sent to the remote location are evaluated against this filter and are discarded or accepted accordingly. See Chapter 8 for more information on packet filters. Use the following command: set location <location name> ofilter <filter name> Input Filter Packets received from the remote location are evaluated against this filter and are discarded or accepted accordingly.
Page 173 Special Characters The send or reply strings can contain any printing ASCII character. Also, you may use the following special characters: ASCII carriage return ASCII line feed \0XX octal digit XX (such as \O7) single backslash (\) “” An empty reply string (expect no reply) The Last String in a Dial Script The last entry in the Dial Command Script must be a Reply string that indicates that the remote location is ready to begin...
Page 174: Lan Port (Net0) Configuration
LAN Port (Net0) Configuration LAN port configuration lets you configure the NETServer’s Ethernet interface. If you have changed the IP address or IPX network number, you must reboot the NETServer after you save your changes. How to . . . Bring Up the List of Commands To bring up a list of commands for Net0 configuration, use the following command:...
Page 175: Ethernet Status
View LAN Port Configuration Use the following command: show net0 The information you see might look something like this: Ethernet Status: Ethernet Address: Ethernet Media: Interface Addr: Netmask Broadcast Address: IPX Network: IPX Frame Type: Routing: Input Filter: Output Filter: LAN Port Parameters Ethernet Status You can disable or enable the IP (or IPX) protocol on the net-...
Page 176 Configured Ethernet Media Previous versions of the NETServer firmware automatically detected which type of Ethernet cable was connected to the NIC. Although convenient, auto-detection has two disadvantages: There is a slight delay at boot time (while auto-detection takes place). If you don’t attach an Ethernet cable to any of the interfaces, lights flash at you and you get a lot of annoying messages in debug mode.
Page 177: Broadcast Address
Netmask This is the IP subnet mask of the subnet attached to the NETServer’s LAN interface. The default is 255.255.255.0, which would be appropriate for a Class C network with no subnetting or for Class C size subnets of larger networks. You must change this value if the local network is using a different subnet mask.
Page 178: Ipx Frame Type
IPX Frame Type This sets the IPX frame type for the NETServer’s LAN interface. The default is 802.2 Ethernet. If the network attached to the NETServer’s LAN interface has more than one frame type, choose the frame type that best suits your network.
Page 179 Input Filter This filter controls packets coming into the NETServer through the LAN interface. Use the following command: set net0 ifilter <filter name> Packet filters control access to computers, networks, and net- work services by using a set of rules to analyze the header information of each packet of data received.
Page 180 Netmask Table The netmask table is used to define netmasks for Supernetting (Classless InterDomain Routing). See Appendix B for an explanation of this technique. Alternatively, the netmasks table could be used to force the NETServer to advertise routes to individual hosts on that network rather than a single route to the entire network.
Page 181: Ports Table (S-Port Configuration)
Ports Table (S-port configuration) The S-Port table is used to configure the external serial port and all the internal serial ports (modem ports). How to . . . Bring Up the List of Commands To bring up a list of commands and command options for the ports, use the following command: help set s<port #>...
Page 182 When a NETServer reboots, it copies configuration data from the permanent configuration saved in flash memory to the default configuration work area. The port is then reset, which makes that configuration active. You can change the permanent configuration by issuing one of the following commands, which copy the default configuration to flash memory: save s<port #>...
Page 183 Host This column displays IP addresses. The address displayed is dependent on what kind of connection currently exists on the port. active login user active network user host device session idle login port If none of the above is true, this field displays nothing. Type The port type.
Page 184 View an Individual Port To view a specific port, use the following command: show s<port #> The information that appears may look something like this: Status: Input: Output: Pending: Active Configuration ————————————— Port Type: Login Service: Baud Rates: Databits: Stop bits: Parity: Flow Control: Modem Control:...
Page 185: User Login
Determining a Port’s Type Three settings determine what type of connection a port per- mits: User Login, Host Device and Network. The different port types are discussed below. The default settings for a port are User Login enabled, Host Device disabled, and Network set to Dial In. This means that the port may be used for login sessions using a terminal service such as Telnet or for dial in PPP or SLIP connections, but may not be used to dial out.
Page 186 You can find these drivers (daemons called nettty and in.pmd) on the U.S. Robotics web site. To configure a port for Host Device use, set s<port #> device /dev/<device name> If you are using a UNIX pseudo TTY driver in conjunction with the host device setting, the <device name>...
Page 187 Network The Network field determines if the port permits PPP or SLIP connections. You may also enable User Login and Host Device (unless Network is set to Hardwired). The default is Dial In. Use the following command: set s<port #> network < dialin | dialout | twoway | hardwired > Dial In Remote users may dial in to the NETServer and establish a PPP or SLIP connection with the local...
Page 188: Line Hangup
Specifying a dial group lets you reserve a modem for dial-up to specific locations, or ensure that the modem used to make the connection is configured as this particular location requires. Dial In Port Parameters These parameters apply to both user login and network dial in ports.
Page 189: Login Prompt
The Login Message can be up to 240 characters in length. Use the carat ( ^ ) to designate the start of a new line. Login Prompt Optional. The following command allows you to customize the login prompt for the port. Any valid ASCII characters may be entered: set s<port #>...
Page 190: Dialback Delay
IMPORTANT: Without a user table entry, the NETServer can’t tell what type of user is dialing in. If security is off, network users who are not part of the User Table are assumed to be login users and passed on to a host. Security should be on if network dial in users will be using the port.
Page 191 Host This is the host for users whose user table host is set to Default. If security for the port is off, this is also the host for users who do not have user table entries. set s<port #> host < default | prompt | IP address> Default The port uses the Default Host specified in the Global Configuration Table.
Page 192: Login Service
Login Service The NETServer uses the service specified here to connect users not in the user table to the port default host. Users with user table entries will not use this setting. This setting will never be used if security is set to on. The Default login service for a port is PortMux.
Page 193: Terminal Type
Netdata Unlike Telnet, Rlogin, and PortMux, Netdata is not actually a login service. Netdata is a direct (clear TCP) connection to a given TCP port number. 8-bit data is exchanged without interpretation. Such connections may be used by dial in applications that require a socket interface.
Page 194 Hardwired Port Parameters The parameters described below apply to port s0 if it has been configured as network hardwired. Compression This indicates whether Van Jacobson TCP/IP header compres- sion is enabled (on) or disabled (off). The default is off. Use the following command: set s0 compression <...
Page 195: Output Filter
PPP connections are set between 100 and 1500 (default 1500). SLIP connections are set between 100 and 1006 (default 1006). Netmask This is the remote network’s IP subnet mask. The default is 255.255.255.0, which would be appropriate for a Class C net- work with no subnetting or for Class C size subnets of larger networks.
Page 196 For example to escape the ASCII null character, the command would be set s0 map 00000001 The default is 00000000 (do not escape any characters). We recommend that you do not change this field unless specifically required by your network. Protocol This field indicates what protocol the NETServer should use to encapsulate packets going across the hardwired serial connec-...
Page 197: Serial Communications Parameters
Serial Communications Parameters The following parameters configure the connection between the NETServer and the devices attached to its ports (modems). These parameters are independent of port type (such as user login and network dial in) S0 only: Setting DIP switch 3 on (down) will override these settings and force the following: Port Type: Baud:...
Page 198 Parity This is the parity of the data. The default is none. set s<port #> parity < odd | even | strip | none > Flow Control This is the type of flow control used by the port. Note that you will also have to configure the modem to use this type of flow control.
Page 199: Routes Table Configuration
Routes Table Configuration The routes table contains both static and dynamic routing information. Dynamic routes are updated by RIP broadcasts received from other routing devices on the network. Static routes are routes added to the table by hand. A static route to a given location will override any dynamic routes to the same location.
Page 200 Delete a Routes Table Entry To delete an IP route, use the following command: delete route <destination> To delete an IPX route, use the following command: delete ipxroute <destination> Save Routes Table Changes Use the following command for IP routes: save routes Use the following command for the IPX routes table: save ipxroutes...
Page 201 Viewing the IPX Routes Table To view the IPX Routes Table, use the following command: show ipxroutes The information you see might look something like this: Network Gateway ————— ————————————— 00071557 0AE31E03:0000C0BDA15F AE401211 0AE31E03:0000C0BDA15F AE401207 0AE31E03:0000C0BDA15F 0AE31E11 0AE31E03:0000C0BDA15F 0AE31E02 0AE31E03:0000C0BDA15F 0AE31E03 0AE31E03:00C04900311D Flag Parameter...
Page 202 IP Parameters Destination This is the IP address or name of the host or network to which the NETServer needs to send packets. Gateway This is the IP address of the host through which packets should be forwarded to reach the above destination. Metric This is the hop-count or the number of gateways that informa- tion must pass through before reaching the destination.
Page 203: Ipx Parameters
IPX Parameters Destination This is the IPX network number of the network to which the NETServer needs to send packets. Network This is the network node address of the gateway, bridge or router the packets will be forwarded through in order to reach the destination.
Page 204: Snmp Table
SNMP Table The NETServer provides support for using the Simple Network Management Protocol (SNMP) and supports industry standard MIB-II variables. These variables are fully described in your MIB-II documentation. How to . . . Bring Up the List of Commands To bring up a list of commands and command options for the SNMP Table, use the following command: help set snmp...
Page 205: Read Community Name
View SNMP Table To view the SNMP settings, use the following command: show table snmp The information you see might look something like this: SNMP Readers (public): Any SNMP Writers (private): Any SNMP Table Parameters Read Community Name The SNMP read community is a kind of password. Only devices that know the correct Read Community Name may read the NETServer’s MIB information.
Page 206 Read Hosts This defines which host(s) can perform SNMP GET operations on the NETServer MIB objects. Use the following command: add snmphost reader < any | none | IP address> Valid options are: Any host with the correct read community may retrieve SNMP data from the NETServer.
Page 207: User Table
User Table The User Table defines users who dial in to the local network to become virtual nodes or to establish login sessions with local hosts. How to . . . Add a User to the User Table The user name can be up to 8 characters long, and the password can be up to 15 characters long.
Page 208: Delete A User
Change a User’s Parameter(s) To change a user’s parameters, use the following command: set user <user name> <option> <value> Delete a User Use the following command to delete users: delete user <user name> Save User Table Changes To save changes to the user table, type the following: save user View the User Table To view the User Table, type the following command:...
Page 209: Dialback Number
The information displayed for a network user might look something like this: Username: Address: IPX Network: Protocol: MTU: Login User Parameters Access Filter The packet filter specified here determines which hosts this user is allowed to establish sessions with (useful when Host is set to Prompt).
Page 210 Host This field defines which network host the user’s session is forwarded to. Use the following command: set user <user name> host < default | prompt | IP address> Default Consult the ports table to obtain the default host for the port the user has dialed into and connect the user to the host listed there.
Page 211 Netdata Unlike Telnet, Rlogin and PortMux, Netdata is not actually a login service. Netdata is a direct (clear TCP) connection to a given TCP port number. 8-bit data is exchanged without interpretation. Such connections may be used by dial in applications that require a socket interface.
Page 212: Ipx Network
Network User Parameters Dialback This is the location that the NETServer will dial after verifying the user’s name and password. It must be a valid location in the Location Table. Use the following command: set user <user name> dialback <location name> IP Address This is the IP address that the user has for the duration of the connection.
Page 213 Protocol Default is SLIP. This is the protocol the NETServer should use to encapsulate packets bound for the user. set user <user name> protocol < ppp | slip > IPX connections require the PPP protocol. PPP Async Map The PPP protocol supports the escaping of non-printing ASCII characters.
Page 214 Routing Default is off. This determines whether the NETServer ex- changes routing information (RIP messages) with the dial in user. Use the following command: set user <user name> routing < on | broadcast | listen | off > The NETServer sends RIP information to the dial in user and listens for dynamic routes received from the dial in user.
Page 215 Output Filter Optional. This is a packet filter that screens all packets sent to the user. See Chapter 8 for more information on packet filters. Use the following command: set user <filter name> ofilter <filter name> Command Reference 10-65...
Page 216 10-66 Command Reference...
Page 217: Technical Specifications
Technical Specifications 8 and 16 port NETServer Hardware Certification Complies with FCC Part 15 and Part 68, UL-listed, CSA- approved Processor 486SX at 33 MHz Operational MemoryDRAM (Dynamic Random Access Memory) 4 Megabytes Flash ROM 2 Megabytes Physical Dimensions 12.6 x 17.5 x 3.5 inches 32.0 x 44.5 x 8.9 centimeters Appendix A Technical Specifications A-1...
Page 218 Environment Shipping and Storage Temperature: Relative Humidity: Operating Temperature: Relative Humidity: Power Requirements AC PSU Maximum Output Power 125 watts +5 V +12 V -12 V Maximum Input Power 160 watts 1.3 A Typical Input Power 8 port 16 port MTBF 50,000 hours A-2 Technical Specifications...
Page 219 External Serial Port (“Console”) 8-Position Modular Jack Electrical specification: Connectors: 8-position modular jack: Stewart 88-360808 or equivalent DB-25: Configuration: Transmission method: Transmission rate: Serial Port Cable (DCE) Specifications 8-Position Modular Jack * DB-25-to-DB-25 null modem adapter Wire type: Maximum cable distance: Cabling: Circuit Function...
Page 220 Nominal direct current resistance: Center conductor: Shield: Nominal outside diameter: .265 inch; 6.73 millimeters Nominal capacitance between conductors: Ethernet Network Interface Card 10Base-T Pin Number Data Transfer Rate: Accessing Scheme: Topology: Maximum Nodes: Transmission Medium: Network Lobe Distance: A-4 Technical Specifications 24 gage (7 strands 32 gage);...
Page 221 Connector: Cable Specifications Wire Type: Maximum Cable Length: Cable Loss: Characteristic Impedance Propagation Delay: Cabling: 10Base-2 (BNC) Center Shield Data Transfer Rate: Accessing Scheme: Topology: Maximum Nodes: Transmission Medium: Network Lobe Distance: Connector: 8-position modular jack, Stewart 88- 360808 or equivalent .5mm or 24 AWG twisted pairs 100 meters (328 ft.) with standard receiver squelch levels...
Page 222 Cable Specifications Wire Type: center conductor Shield jacket Maximum Cable Distance: 185 m DC Loop Resistance: Velocity of Propagation: Characteristic Impedance: Attenuation: Cabling: A-6 Technical Specifications Coaxial .05 mm diameter stranded, tinned copper 2.95 .15 mm inside diameter dielectric solid preferred; any other material that meets other cable specs polyvinyl chloride with outer diameter of 4.9 .3 mm...
Page 223 Token Ring Network Interface Card Token Ring STP Connector Data Transfer Rate: Accessing Scheme: Topology: Maximum Nodes for Physical Network: Transmission Medium: Network Lobe Distance: Connector: Cable Specifications Wire type: Maximum cable distance: Nominal direct current resistance: Nominal outside diameter: Nominal impedance: Nominal velocity of propagation:...
Page 224 Token Ring UTP Connector Data Transfer Rate: Accessing Scheme: Topology: Maximum Nodes for Physical Network: Transmission Medium: Network Lobe Distance: Connector: Cable Specifications Wire type: Maximum cable distance: Nominal direct current resistance: Nominal outside diameter: .185 inches Nominal impedance: Nominal velocity of propagation: Nominal capacitance between conductors:...
Page 225 NETServer Firmware Specifications Routing Support Transparent On-Demand routing IP and IPX protocol routing Inverse multiplexing with programmable load balancing Host, subnet, and network routes supported Selective default routing Continuous connection (automatic retries after connection loss) Scheduled Link Establishment from UNIX cron Administration Local FLASH ROM for booting &...
Page 226 PPP Specific Features Address and control field compression Protocol field compression PAP and CHAP authentication protocols Magic number loopback detection Maximum receive unit negotiation Async control character map negotiation IP Address negotiation and assignment Van Jacobson compression TCP/IP headers Industry Standards Support TCP/IP (Transmission Control Protocol/Internet Protocol) RIP (Routing Information Protocol) SLIP (Serial Line Internet Protocol) and CSLIP (Compressed...
Page 227 SLIP and PPP Client Software Support Novell LAN WorkPlace TCP/IP NetManage Chameleon Sun PC/NFS FTP PC/TCP Windows ‘95 Stampede 3.0 NCSA PPP driver Technical Specifications A-11...
Page 228 A-12 Technical Specifications...
Page 229: Addressing Schemes
This appendix contains a brief introduction to the IP and IPX addressing schemes for administrators that are new to either one or both. IPX Addressing Basics Unlike TCP/IP, Novell’s IPX protocol uses two separate address fields for each network interface: a 4 octet (4 byte) network number and a 6 octet node address.
Page 230 These 32 bits are structured very differently from IPX addresses, in which you always have an 8 hex digit network number followed by a 12 hex digit node address. Address Classes In IP, the same 32 bits can be divided in a number of different ways to indicate networks and subnetworks of different sizes.
Page 231 For example, a netmask of 255.255.255.0 on a Class B network would indicate that the network is divided into 254 subnet- works of 254 nodes each (0 and 255 are reserved numbers). 128.5.63.28 would be host 28 on subnetwork 63 of that network. The network itself would be called 128.5.0.0 (Class B network number 5).
Page 232: Reserved Addresses
Two important things must be noticed about the address divi- sions created by a subnet mask. RFC 950 requires that the first and last subnet created by a mask are reserved. So, the number of usable subnets is always 2 less than the number of divisions created. This makes 128 an unusable netmask because it has no legal subnets! The first and last host address in each subnet are also...
Page 233 Supernetting (Advanced TCP/IP) Because Class B Internet addresses are in short supply, larger networks are now usually granted a contiguous block of several Class C addresses. Unfortunately, this creates very large routing tables since multiple Class C routes have to be defined for each network containing more than 254 nodes.
Page 234 CIDR - Each Supernet is treated as a single entity Since supernet addressing is a fairly complex mechanism, the easiest way to understand it is to walk through the setup process. Step 1 - Select a netmask for each supernet Each supernet must have a netmask assigned to it.
Page 235 Notice that the number of zero bits in the third octet will actu- ally dictate the number of Class C networks in the supernet. Each zero bit makes the supernet twice as large. So, a supernet composed of 8 Class C networks would actually have 3 zeroes (8 This would seem very limited since it restricts you to using groups that nicely fit into a power of 2 (1, 2, 4, 8, 16...).
Page 236 Step two - Select a range of addresses for each supernet The range of addresses in a supernet must fit exactly into a space that can be described by its netmask. This means that the zero bits in the netmask must also appear in the first address of the supernet block.
Page 237 Supernet Example The four networks in the example below are all connected to the same Internet service provider (ISP). The ISP has decided to use supernetting to reduce the size of his routing tables and, hope- fully, improve throughput. Supernets 1 and 2 each require four Class C networks, so they require a netmask with 2 zero bits (4 = 2 ) in the third octet.
Page 238 Since supernet 4 can fit entirely in a single Class C address space, it can use supernet 3’s surplus space. It is therefore given the last Class C address space in Supernet 3’s territory, effec- tively reducing supernet 3 to only the 7 class C networks it needs.
Page 239: Software Download
Software download is a means by which the executable software saved in the NETServer’s flash memory is reprogrammed. This can be performed through a direct connection to a PC or through the NETServer Manager windows software. Note that the software download process does not erase your configuration data.
Page 240 Loading the Software Download (SDL) Program Each NETServer is shipped with a disk containing replacement firmware. This disk also contains the software download program, and should be loaded on the Management Station PC. Make Backup Copies of the NETServer Firmware As with all software, it is a good idea to make a copy of the original disk.
Page 241 (re- quired) -vna software .nac operation code version number (required) -nsd specifies the .sdl filename prefix (required): (tr = NETServer/8 and NETServer/16 SDL file) Version # File Type 3.1.0 (03 01 00) 1.2.0 (01 02 00)
Page 242 (software download utility) and .nac file (operational code) to use in the download. C-4 Software Download specifies the .nac filename prefix (required): (pn = NETServer/8 and NETServer/16 NAC file) specifies the directory path name (optional); should be followed by the directory name where...
Page 243 Entering SDL Mode Once the PC is connected to the NETServer and is running the download software, turn the NETServer off and then on again. The unit checks the serial port before it attempts to load its system files from flash memory. If the NETServer detects a PC running SDL software, it will begin the download process.
Page 244 The Download NAC file to NETServer dialog box appears. Select the *.NAC file you want to perform the software download with. For NETServer/8 and NETServer/16, the filename is pn??????.nac, where ?????? is a six digit version number for the firmware.
Page 245 A series of dialog boxes appear, informing you of the status of the software download process. Some of these include: Download Progress This dialog box displays the file name Erasing Flash NETServer Manager informs you that the changes will not take place until you reboot and asks you if you want to reboot.
Page 246 Enter the name of the NAC and SDL files you wish to send to the modems. For the analog (i.e. V.34) NETServer, the file names are: pd??????.nac pd??????.sdl For the ISDN NETServer, the file names are: pi??????.nac pi??????.sdl ?????? is a six-digit version number for each file. Click OK.
Page 247: Error Messages
Error Messages All of the following errors are considered fatal and will cause the PC SDL software to abort. If one of these errors is detected, the operator must restart the PC software download. Bad Address in Downloadable Data The NETServer SDL software detects an invalid address while parsing through the Intel records.
Page 248 Bad Message Length The SDL program detects an invalid message length at the data link layer. The message length is either larger or smaller than the length required by the protocol. This error normally indi- cates message corruption due to noise on the transmission line. Bad Start of Text Characters The data link layer of the PC SDL program detected an invalid start-of-text characters sequence.
Page 249 Insufficient Number of Arguments The number of arguments in the command line is less than the number of required arguments. The required arguments are -p (COM port), -r (serial port rate), -vsd (software download file version), -vna (.nac software operation code version), -nsd (software download filename prefix) and -nna (.nac software operation code filename prefix).
Page 250 Invalid Control Word The SDL application layer does not recognize the control word returned from the NETServer. Invalid Device/Manufacturing ID in Flash There was a problem reading the ID in Flash memory due either to a wrong or bad chip. Invalid Directory Path The directory path specified in the command line does not comply with DOS naming conventions.
Page 251 Missing Required Argument There is a sufficient number of arguments, but some required arguments are missing. The required arguments are -p (COM port), -r (serial port rate), -vsd (software download file version), -vna (software .nac operation code version), -nsd (software download filename prefix) and -nna (.nac software operation code filename prefix).
Page 252 Unknown Information Received from NAC The CRC is good, but the application layer detected unrecog- nized information, for example, control word indicators in the message. Work Space Buffer Overflow There is no more space left in the NETServer’s buffer for the PC to download its data.
Page 253: The Boot Process
Appendix D The Boot Process When you flip the power switch to the ON position. The row of LEDs on each set of 8 modems will cycle through several colors as the modems perform self-diagnostics. When they are fin- ished, the Run/Fail LED(s) should be green, indicating that the modems are ready.
Page 254 D-2 The Boot Process...
Page 255: Using Syslog
This appendix includes information on UNIX syslog network accounting and samples of system messages. Important: You must have the NETServer entered in the \etc\hosts file of the UNIX server that is running Syslog. With- out this, you will be unable to use Syslog network accounting with the NETServer.
Page 256 (in this example, usrobotics) or for the keywords “NETServer:” and “dialnet” and make a frequency count of which ports get used. May 4 20:52:20 usrobotics NETServer: port S5 Login succeeded for Usun May 5 04:05:10 usrobotics dialnet: port S5 Pgpu succeeded dest 149.198.6.1...
Page 257 Syslog System Message Examples router1 dialnet: port S16 ppp_sync failed dest cane Router1 is unable to establish a PPP connection to host cane on synchronous port S16. usr1 NETServer: port S2 Login succeeded for doug User doug has logged into port S2 on usr1. usr1 NETServer: port S5 session disconnected user doug User doug has disconnected from port S5 on usr1.
Page 258 usr1 dialnet: port S8 PPP succeeded dest Negotiated Hardwired network port S8 has established a PPP negotiation to a negotiated address. usr1 user: host mint admin login succeeded Someone has used Telnet from host mint to login as !root on usr1.
Page 259 usr1 S15 to 192.77.203.2 port 1 connection established A TCP/IP connection has been established between port 1 and an IP host. usr1 S15 to 192.77.203.2 port 1 connection terminated(4) The TCP/IP connection between S15 and the IP host has been terminated.
Page 260 Syslog Accounting...
Page 261 Remote Authentication Dial In User Service (RADIUS) is a proposed standard Internet protocol for security and accounting. Obtaining RADIUS RADIUS security server RADIUS accounting server Obtaining RADIUS Versions 3.0 and later of the U.S. Robotics Total Control Manager software have built in support for RADIUS accounting. The security server that is available as an optional feature of Total Control Manager is an implementation of the RADIUS security protocol.
Page 262 Security - A Centrally Managed User Table The RADIUS security server is based on a model of distributed security previously defined by the Internet Engineering Task Force (IETF). RADIUS’s client-server approach to security allows a network administrator to maintain a single user table for all NETServers on the network, rather than individual user tables for each box.
Page 263 Setting Up RADIUS User Table Entries RADIUS servers store their user data in a human readable (text) database. The information following shows the format of entries in that database. For specific, detailed instructions on setting up a user table entry in the version of the RADIUS server that you decide to use, see your RADIUS documentation.
Page 264 Client-Id Adding this optional parameter will limit a network dial in (framed) user to the specified NETServer rather than allowing the user to access every one on the network. This is the name or IP address of the NETServer the user will dial into. An IP address must be enclosed in quotes (for example “199.99.9.123”).
Page 265 Framed-Address This is the user’s IP address for the duration of the connection. If this line is omitted, NETServers which have a pool of assigned addresses set up will use assigned addressing. NETServers without such a pool will attempt to negotiate the address. Framed-Address=192.77.203.76 Framed-Compression Default is Van-Jacobson-TCP-IP.
Page 266 Framed-Netmask Default is 255.255.255.255. This is the user’s IP subnet mask. Example: Framed-Netmask=255.255.255.0 Framed-Protocol Default is PPP. This field identifies which protocol the user is using to make a connection. Possible entries: Framed-Protocol=SLIP Framed-Protocol=PPP Framed-Route This specifies a static route, or a specific set of routers that the connection must take.
Page 267 Framed-Routing Default is None. This determines whether the NETServer permits RIP packets to be sent to or received from the remote user. Possible values are: None The NETServer does not send any RIP mes- sages to the remote user and discards any RIP messages received from the user.
Page 268: User Types
User Types There are five types of users in the RADIUS users file: Login-User Dialback-Login-User Framed-User Dialback-Framed-User Outbound-User Login-User This is the same kind of user that the NETServer command line software would call a login user. Once the user name and password are authenticated, this kind of user is connected via a login service to the host or network specified in his or her RADIUS users file entry.
Page 269 For example: cindyg Password=“billthecat” User-Service-Type=Dialback-Login-User, Dialback-No=“19195551234”, Login-Host=NY_Sales, Login-Service=PortMux Framed-User The NETServer command line software would call this a network user. Once the user ID and password are authenti- cated, users are connected to the network via PPP or SLIP. A Framed-User entry must contain the following parameters: User-Name, Password, Framed-Protocol, Framed-Address, and Framed-Netmask.
Page 270 Outbound-User The RADIUS protocol defines this user type as a user on the local network who is using the modems to dial out (Similar to the NETServer’s host device dial out user). However, the RADIUS Outbound-User type is not defined on the NETServer. Do not use Outbound-Users in your RADIUS users file.
Page 271 CHAP authentication using RADIUS If the NETServer wishes to use RADIUS to authenticate the remote device, the user name and the password of the remote device can be stored in the users file on the RADIUS server. The user name for the remote device must be the user ID that it will send during CHAP authentication.
Page 272: Radius Accounting
RADIUS Accounting RADIUS accounting is uses the same basic protocol as the RADIUS security server. Both servers may run on the same host, but you may choose a different host to provide each function if you like. The accounting server creates a separate account file for each NETServer under the following directory: /usr/adm/radacct/<NETServer-hostname>/detail RADIUS accounting fields...
Page 273 Acct-Authentic This attribute indicates how the user was authenticated. There are three possible values: None Used for Stop records and Pass-Thru Logins RADIUS User was authenticated by RADIUS Local User was authenticated by local host or by the NETServer Acct-Session-Time This indicates how many seconds the user was connected.
Page 274 If a SLIP or PPP user begins a session with the network, a record like the one below is sent to the accounting server: Thurs Jan 16 16:15:53 1995 Acct-Session-Id=“06000004” User-Name=harryk Client-Id=201.123.234.79 Client-Id-Port=5 Acct-Status-Type=Start Acct-Authentic=Local User-Service-Type=Framed-User Framed-Protocol=SLIP Framed-Address=122.132.124.152 Framed-Netmask=255.255.124.0 When the framed user ends the session, a record like the one below is sent to the accounting server: Thurs Jan 16 16:25:57 1995 Acct-Session-Id=“06000004”...
Page 275: Alphabetical Index
Symbols !ROOTACCESS 9-1 Access filter 10-59 ACCESS parameter 10-41 Accounting server ICMP logging 1-3, 10-12 RADIUS F-12–F-14, 1-2, 10-11 Syslog 10-11, Appendix D Active interface Changing 9-7 Viewing 9-6 ADD command 3-5 Filter 8-4, 8-12 Help 3-5 Host 10-13 Init script 7-6, 7-8 Location 5-12, 6-14, 6-27, 10-14 Netmask 10-30 SNMP 10-56...
Page 276 Default host Global 3-6, 4-3, 4-5, 4-13, 10-3, 10-41 Port 4-3, 4-5, 4-9, 4-13, 10-41, 10-60 Default route 10-6 DELETE command 3-5 Filter 8-19 Help 3-5 Host 10-13 Init script 7-7 Location 10-14 Netmask 10-30 Route 10-50 SNMP hosts 10-54 User 10-58 DESTINATION parameter.
Page 277 Global default host 3-6, 4-3, 4-5, 4-13, 10-41 Group number (location) 5-13, 6-13, 6-17, 6-27, 10-19, 10-37 Hardwired port Compression 10-44 Creating 5-4, 6-12 Definition of 3-10, 10-37 Help 10-31 IP address 10-44 IPX network number 10-44 MTU 10-44 Packet filters 10-45 PPP async map 10-45 PPP/SLIP use 10-46 RIP messaging 10-46...
Page 278 LAN port 3-4, 10-24–10-29 Basic configuration 2-5–2-10 Broadcast address B-4, 2-7, 10-27 Help 10-24 IP address 2-7, 10-26 IP/IPX enable 10-25 IPX frame type 2-9, 10-28 IPX network number 2-9, 10-27 Media type 10-26 Overview 3-7 Packet filters 10-29 Resetting the NIC 10-24 RIP messaging 10-28 Subnet mask 2-7, 10-27 Viewing 10-25...
Page 279 Name Autolog 10-40 Domain 10-9 Location 6-14, 6-27, 10-14 Login user 4-9, 10-57 Network dial in user 5-7, 10-57 Packet filter 8-4 RADIUS user F-3 System (sysname) 2-4, 6-2, 6-10, 6-22, 6-26, 6-27, 6-30, 10-7 Name service 1-3, 2-13, 3-6, 10-7, 10-8 Negotiated IP address 5-8, 10-62 Net0 3-4, 10-24–10-29 Basic configuration 2-5–2-10...
Page 280 IP rules 8-7 IPX rules 8-16–8-18 LAN port 10-29 Location 10-22 Login user 10-59 Network dial in user 10-64 Overview 3-8 Permit/Deny 8-7 PTRACE filter 9-9 RADIUS user F-5 Rule number 8-6, 8-7 Rule type 8-6 SAP rules 8-18 Saving 8-19 TCP parameters 8-10 Types of filters 8-2 UDP parameters 8-10...
Page 281 REPORTED_IP 10-6 Requirements System administrator 2-1–2-2 RESET command 3-4, 4-8, 5-6, 6-13, 10-24 RIP messaging Filtering 8-12 Hardwired port 10-46 How RIP works 6-6 LAN port 10-28 Location 5-12, 6-16, 10-18 Network dial in user 5-10, 5-12, 5-16, 6- 24, 10-64 RADIUS user F-7 Spoofing of 6-14 Rlogin 4-14...
Page 282 SHOW command 3-5, 9-11 ARP 9-12 Filter 8-20 Flash 9-12 Global configuration 10-2 Help 3-5 Hosts 10-13 Init 7-7 Locations 10-15 Memory 9-13 Net0 10-25 Netconns 9-13 Netmasks 10-30 Netstat 9-14 Ports 10-34 Routes 10-50 SAP 6-29, 9-15 Sessions 9-15 SNMP 10-55 User 10-58 SLIP...
Page 283 U.S. Robotics, contacting vii UDP packet filters 8-10 User login port Access override 10-41 Alternate host 10-41 Autolog name 10-40 Default host 4-5, 4-9, 10-41 Dialback delay 10-40 Help 10-31 Idle time-out 10-38 Line hangup 10-38 Login message 4-7, 10-38 Login prompt 10-39 Login service 4-6 Overview 3-9, 10-35...
Page 284 Index...

This manual is also suitable for:

Total control netserver/8

US Robotics Total Control NETServer/16 Command Reference Manual

Warranty and Service

Chapter 1 Overview

Chapter 2 Basic Installation

Chapter 3 Configuration Overview

Chapter 4 IP Terminal Server Setup

Chapter 5 Network Dial-In Access

Chapter 6 LAN-To-LAN Routing

Chapter 7 Talking to the Modems

Chapter 8 Packet Filters

Chapter 9 Administrative Tools

Chapter 10 Command Reference

Technical Specifications

Appendix A Technical Specifications

Appendix B Addressing Schemes

Software Download

Quick Links

Need help?

Questions and answers

Related Manuals for US Robotics Total Control NETServer/16

Summary of Contents for US Robotics Total Control NETServer/16

This manual is also suitable for:

Table of Contents