3Com 3C421600A Management Manual
3Com 3C421600A Management Manual

3Com 3C421600A Management Manual

Superstack ii remote access system
Hide thumbs Also See for 3C421600A:
Table of Contents

Advertisement

®
http://www.3com.com/
Part No. 1.024.1797 Rev 2.00
December, 1999
SuperStack
Remote Access System 1500
System Management Guide
Release 2.0
II
®

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 3C421600A and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for 3Com 3C421600A

  • Page 1 SuperStack Remote Access System 1500 ® System Management Guide Release 2.0 http://www.3com.com/ Part No. 1.024.1797 Rev 2.00 December, 1999 ®...
  • Page 2 3Com Corporation reserves the right to revise this documentation and to make changes in content from time 95052-8145 to time without obligation on the part of 3Com Corporation to provide notification of such revision or change. 3Com Corporation provides this documentation without warranty of any kind, either implied or expressed, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.
  • Page 3: Table Of Contents

    ONTENTS BOUT UIDE Finding Specific Information in This Guide Conventions Related Documentation Year 2000 Compliance VERVIEW Overview Basic Configuration Port Expansion Module Configuration Primary Access Unit Applications Dial-In Shared ISP LAN-to-LAN Individual Dial-Out Comprehensive Security Options Configuration Options Web Configuration Interface Command Line Interface SING THE OMMAND...
  • Page 4: Scenario

    Configuration with the CLI Step One: Power On the RAS 1500 Step Two: Configure the RAS 1500 Basics Step Three: Configure IP Step Four: Configure IPX Step Five: Configure DNS - Optional Step Six: Configure SNMP - Optional Step Seven: Save Your Work 64 Character Limit Configuring a Manage User Configuring Specific Modems...
  • Page 5 Dialout IP Verses Telnet Before You Begin Required Information Optional Information Configuring Your System For DialOut/IP Software Configure the RAS 1500 Configure Client Workstations ONFIGURING ELNET Overview Using Telnet Network Dial-out DialOut/IP Versus Telnet Configuring and Using Telnet Network Dial-out Before You Begin Required Information Optional Information...
  • Page 6 Requirements Communications Software Communication Parameters IP Addresses Configuring RAS 1500 IP Address Pool Overview Step One: Configure an IP Address Pool Step Two: Configure IP Network Users Step Three: Configure PPP Parameters Step Four: Configure Additional Parameters Using Callback and Roaming Callback Overview Configuring Callback Users Calling Line Identification Callback...
  • Page 7 Routing Overview IP Routing Overview Dynamic, Static, and Default Routes How the RAS 1500 Routes Packets Establishing Connections to Remote Gateways Spoofing Authentication Before you Begin Required Information Configuring LAN-to-LAN Routing Step One: Add the LAN-to-LAN User Step Two: Configure the User Network Parameters Step Three: Configure the User Dial-out Parameters Step Four: Configure the User Routing Parameters Step Five: Configure the User PPP Parameters...
  • Page 8 Configuring Remote Computers Setting Communication Parameters Configuring the RAS 1500 Login Hosts Host Name Address Preference Rlogin, Telnet and ClearTCP Ports Configuring Login Users Case Studies Case Study A Case Study B DVANCED ODEM COMMANDS Overview Before You Begin Connecting to the RAS 1500 Accessing the Console Interface AT Commands Sending AT Command...
  • Page 9 Configuring 56 Kbps Technology Factory-enabled Protocol Controlling Server x2 Disabling V.34 Connections Configuring ISDN Enabling X.75 Frame Size Window Size Selecting Frame and Window Size Relationships Between Frames and Windows Viewing Current Frame and Window Size Settings Best Possible Connection Universal Connect Call Flow Answering and Originating Calls Setting the Originate Call Type...
  • Page 10 SING ECURITY AND Authentication Overview Local Authentication RADIUS Authentication Overview RADIUS Authentication Process Configuring RADIUS Authentication on the RAS 1500 NOS Authentication Overview NOS Authentication Process Installation Overview Installing and Configuring NOS Authentication Software (Novell NetWare) Installing and Configuring NOS Authentication Software (Windows NT) Changing Encryption Key Configuring NOS Authentication on the RAS 1500...
  • Page 11 Monitoring and Troubleshooting Show the Settings at the Interface Level Show the Settings at the PVC Level List PVC Statistics List the Status of all Frame Relay PVCs Case Study Goal Assumptions Strategies ANDLING ACKET Filtering Overview Filtering Capabilities Filter Types Data Filters Advertisement Filters Call Filters...
  • Page 12 Filter Examples IP Packet Filter Rule Examples RAS 1500 Global Filtering Keywords ONFIGURING YNAMIC Overview Scenario 1 Scenario 2 Scenario 3 Scenario 4 Scenario 5 Configuring the RAS 1500 for Dynamic Host Configuration Protocol DHCP Server DHCP Proxy Server User Datagram Protocol Broadcast Forwarding Configuring UDP Broadcast Forwarding Displaying UDP Broadcast Forwarding Parameters SING...
  • Page 13 Physical Dimensions Interfaces Power Requirements ECHNICAL UPPORT Online Technical Services World Wide Web Site 3Com FTP Site 3Com Bulletin Board Service 3ComFacts Automated Fax Service Support from Your Network Supplier Support from 3Com Returning Products for Repair NDEX IMITED ARRANTY...
  • Page 15: Finding Specific Information In This Guide

    Web-based Configuration of the RAS 1500 Using Security and Accounting Handling Packet Filters Configuring DialOut/IP Configuring Telnet Network Dial-Out Configuring Network Dial-In LAN-to-LAN Routing Bridging with the RAS 1500 Configuring an IP Terminal Server Using Frame Relay 3Com Limited Warranty...
  • Page 16: About This Guide

    BOUT UIDE Conventions Table 1 and Table 2 list conventions that are used throughout this guide. Table 1 Notice Icons Icon Table 2 Text Conventions Convention Syntax Commands Screen displays This typeface represents information as it appears on the The words “enter” and “type”...
  • Page 17: Related Documentation

    Related The RAS 1500 documentation set includes the following documents. All Documentation 3Com documentation is available on the 3Com web site: http://www.3Com.com Description Key names appear in text in one of two ways: Referred to by their labels, such as “the Return key” or “the Escape key”...
  • Page 18: Year 2000 Compliance

    BOUT UIDE Year 2000 For information on Year 2000 compliance and 3Com products, visit the Compliance 3Com Year 2000 Web page: http://www.3com.com/products/yr2000.html documentation. The Release Notes are enclosed in the RAS 1500 package and are available at http://www.3com.com/ras1500.htm SuperStack ®...
  • Page 19: Overview

    VERVIEW This chapter contains the following information: Overview Applications Configuration Options This guide provides the most commonly used command line interface (CLI) parameters.
  • Page 20: Basic Configuration

    1: O HAPTER VERVIEW Overview The SuperStack communications platform that supports a broad variety of applications. Basic Configuration The basic configuration of a RAS 1500 consists of one Router Unit with the following options: Port Expansion The RAS 1500 allows you to add two Port Expansion Units to your stack. Module The addition of the expansion units allows your RAS 1500 stack to Configuration...
  • Page 21: Shared Isp

    Serial Line IP Protocol (SLIP) 3Com Fast Connect Protocol (FCP) The RAS 1500 offers access extensive security, dial-back, and substantial configurability for dial-in network connections. Shared ISP The RAS 1500 can be configured for shared Internet Service Provider (ISP) access. This allows dial users and users on the Ethernet network to simultaneously share a single ISP dial-up connection/account.
  • Page 22: Comprehensive Security Options

    1: O HAPTER VERVIEW Comprehensive RAS 1500 supports the following security options: Security Options Firewall protection in the form of IP packet filtering in both the inbound and the outbound directions of ports, users, and dial-out locations. Configuration The RAS 1500 supports the following configuration options: Options Web Configuration You can configure the RAS 1500 by accessing the RAS 1500 Web...
  • Page 23: Using The Command Line Interface

    SING THE NTERFACE This chapter contains the following information: CLI Overview Obtaining Registered IP Addresses Accessing the CLI Using CLI Quick Setup Configuration with the CLI Configuring a Manage User Configuration with the CLI Configuring Expansion Units Configuring the WAN Interface Configuring Static Routes OMMAND...
  • Page 24: Cli Overview

    HAPTER SING THE OMMAND CLI Overview Although 3Com recommends using Web Configuration Interface to configure the SuperStack II Remote Access System (RAS) 1500, you can use the RAS 1500 command line interface (CLI) to configure all RAS 1500 parameters. You can also manage the RAS 1500 through the Web Management Interface, the Windows-based graphic user interface (GUI) provided in your package.
  • Page 25: Obtaining Registered Ip Addresses

    Obtaining Each computer or network that attaches to the Internet must have a Registered IP registered IP address. Addresses Obtain registered addresses from the Internet Network Information Center (InterNIC) for IP machines and networks that are attached to the Internet.The InterNIC Web site is: http://ds.internic.net If you only need a small number of IP addresses, your Internet access providers should be able to provide them.
  • Page 26: Ibm Computer-Compatible Computers

    (or when you type reboot at the CLI prompt). 3Com recommends using the CLI Quick Setup to configure the RAS 1500 and access the GUI. The Quick Setup will let you set up simple configuration for your whole system or different portions of the system.
  • Page 27: Configuration With The Cli

    Configuration with This section describes how to set up your RAS 1500 with the full CLI. To the CLI configure the RAS 1500 with CLI Quick Setup, see “Using CLI Quick Setup”. Step One: Power On To begin manual configuration, power on your RAS 1500. After a few the RAS 1500 moments when your screen has registered system initialization.
  • Page 28: Step Three: Configure Ip

    2: U HAPTER SING THE OMMAND NTERFACE Step Three: Use the following steps to configure the RAS 1500 interface (rm0/eth:1) Configure IP for IP networks. The IP network information is required for proper operation. 1 Enter IP network information. The network address consists of the station address and a subnet mask using this format: nnn.nnn.nnn.nnn/A, B, C, H, 8-30 or nnn.nnn.nnn.nnn The first four octets describe the IP station address, followed by the...
  • Page 29: Step Four: Configure Ipx

    2 Set a default gateway. Default gateways must be on the same subnet. You also need to supply a metric (hop count) for each type of default gateway. Possible values range from 1 (default) to 15. Since the actual metric of a default gateway is only one hop, the value entered here is used to control the perceived cost of the gateway to other routers on your network.
  • Page 30 2: U HAPTER SING THE OMMAND 3 Type the following: config A display similar to the one shown below appears: File server name: IPX internal network number: 0000000A Western Digital Star EtherCard PLUS Driver v2.05 (910424) Hardware setting: I/O Port 300h to 31Fh, Memory CC000h to Cffffh, Interrupt Ah Node address: 0000C0488D28 Frame type: ETHERNET_802.3...
  • Page 31 The RAS 1500 displays information similar to the display below: LAN A Configuration Information: Network Address: [0788] [002608C0D53F4z] Hardware Type: [3Com 3C505 EtherLink Plus (Assy 2012 only) V2.30EC (880813)] Hardware Setting: IRQ=5, IO=300h, DMA 5 The above example only has one frame type, so the network address is 0788.
  • Page 32: Step Five: Configure Dns - Optional

    2 Specify your default domain, the Ethernet segment where your system resides and your default. Adding this entry to the Hosts Table eliminates the task of always specifying the domain. Use the following command: set dns domain_name <string> Example: set dns domain_name 3com.com NTERFACE...
  • Page 33: Step Six: Configure Snmp - Optional

    Step Six: Configure The following section configures SNMP service. If you do not wish to set SNMP - Optional up SNMP, skip to “Step Seven: Save Your Work”. If you plan to use an SNMP application to configure and manage the RAS 1500, you must specify SNMP community values.
  • Page 34: 64 Character Limit

    OMMAND 64 Character Limit The CLI has a 64 character limitation for each field. When you attempt to add more than three interfaces with the interface command, 3Com recommends the following: 1 Assign the first three interfaces. add modem_group test interface <3 interface names>...
  • Page 35: Configuring Specific Modems

    Network example: add user predator type manage,network Login example: add user predator type manage,login 2 Save your work. save all Configuring When connected to the Router Unit Console Port, you can configure all Specific Modems devices in your stack with the CLI. Each modem is identified by slice (rm0, pem0, pem1, and pem2), slot (slot1 or slot2), and modem number (mod:1, mod:2, mod:3, mod:4).
  • Page 36: Configuring Expansion Units

    2: U HAPTER SING THE OMMAND Configuring The RAS 1500 requires minimal configuration. However, several unique Expansion Units situations require additional Port Expansion Unit or Primary Access Unit configuration. Reconfiguring the The Router Unit that supports the expansion units uses a private IP Private IP Network network over the IEEE1394 bus (FireWire) to communicate with the expansion units.
  • Page 37: Replacing I/O Modules In The Port Expansion Unit

    Replacing I/O The slot in each Port Expansion Unit retains configurations of specific I/O Modules in the Port modules that are installed. As a result, the Port Expansion Unit uses the Expansion Unit following rules when you replace I/O modules (analog modems, U interface ISDN, or S/T interface ISDN): If you remove an I/O module from a Port Expansion Unit and replace it with the same type of module into the same slot, the Port Expansion...
  • Page 38: Configuring The Wan Interface

    2: U HAPTER SING THE OMMAND Configuring the Protocols are set up over the WAN by creating and editing a user profile. WAN Interface A user profile specifies the call type, protocols, addresses, and bandwidth management parameters that determine how you connect and communicate to that user (remote site) over the WAN.
  • Page 39: Ipx Routes

    Configuring Static Routes Example: add ip route 145.122.231.43/h gateway 145.122.232.28 metric 1 The list ip routes command displays all currently defined routes including the route just configured but only if you have specified a gateway. Static routes are installed but not visible via the list ip routes command until the interface to the gateway is active (entered in the IP/IPX Forwarding Tables).
  • Page 41: W Eb - Based C Onfiguration Of The Ras

    This chapter contains the following information about Web-based configuration of the RAS 1500: Overview You can remotely configure the RAS 1500 by accessing the RAS 1500 Web Configuration Interface. The Web Configuration Interface consists of a series of Web pages that are embedded on the RAS 1500 and viewed through a remote Internet browser, such as Netscape Navigator or Microsoft Internet Explorer (4.x or greater).
  • Page 42 3: W HAPTER BASED ONFIGURATION OF THE After you set up the RAS 1500 using the Setup Wizard, use other Web pages in the Web Configuration Interface to configure the following: Basic system information, such as the RAS 1500 name and location Date and time settings, including daylight savings time Domain name server (DNS) settings IP and IPX settings, such as addresses and framing methods and...
  • Page 43: Preparing The Ras 1500 For Web-Based Management

    Preparing the RAS Before you can manage a RAS 1500 using the Web Management 1500 for Web-based Interface, the RAS 1500 must have an IP address assigned to it. Out of Management the box, the RAS 1500 does not have an IP address. This procedure lets you assign an IP address, network mask, and community string to the RAS 1500.
  • Page 44 3: W HAPTER BASED ONFIGURATION OF THE Figure 1 RAS 1500 Resource CD Splash Screen 2 At the RAS 1500 Setup screen, click Configure RAS 1500. The IP address Configuration Wizard appears as shown in Figure 2. Figure 2 IP Address Configuration Wizard 3 In the Discovered MAC Address list, select the RAS 1500 to which you want to assign an IP address.
  • Page 45: Accessing The Ras 1500 For Web-Based Management

    Accessing the RAS To access the RAS 1500 Web Management Interface, perform the 1500 for Web-based following steps: Management 1 Launch your preferred Internet browser. To properly view the Web Management Interface, your browser must meet the following criteria: 2 In the location or address field at the top of the browser, type the RAS 1500 IP address.
  • Page 46 3: W RAS 1500 HAPTER BASED ONFIGURATION OF THE Figure 3 Web Configuration Interface, Initial Screen...
  • Page 47: Setup Wizard

    Table 4 Web Configuration Interface, Initial Screen Callout Description Uniform resource locator (URL) of the RAS 1500. Available views. Each of these views displays a different tree of folders and Web pages in the left frame of the window. The “Configure” view displays Web pages in which you change the RAS 1500 settings.
  • Page 48: Configuration Pages

    3: W RAS 1500 HAPTER BASED ONFIGURATION OF THE After entering Admin and Password, you are prompted to setup a manager user as shown in Figure 5. Once this is done you may setup the RAS 1500. Figure 5 Setting Manager User Username and Password Configuration Pages Figure 6 shows a configuration page in the Web Management Interface.
  • Page 49 Web-based Management of the RAS 1500 Figure 6 Web Configuration Interface, Configuration Page Table 5 Web Management Interface, Configuration Page Callout Description Configuration fields. Navigation buttons.
  • Page 50: Accessing Help

    3: W HAPTER BASED ONFIGURATION OF THE Accessing Help The Web Configuration Interface offers three types of help: Status bar help. In a configuration page, place the cursor over a field label. Help text appears in the status bar of the browser. Field-specific help.
  • Page 51: Configuring Dial Out /Ip

    This chapter contains the following information: Overview DialOut/IP access modems on the SuperStack II Remote Access System (RAS) 1500, as though the modems were directly connected to the computers. Once connected to a modem, a network user can dial out to the Internet, electronic bulletin board systems (BBSs), information services (such as CompuServe), ftp sites, and e-mail sites—anything that you could access with a modem directly connected to the computer.
  • Page 52: Before You Begin

    4: C HAPTER ONFIGURING Before You Begin Before you configure DialOut/IP, you need to obtain some system information and confirm some basic configuration of the RAS 1500 and the network computers. Required Information The following information is required: Optional Information The following information is optional: Configuring Your The RAS 1500 includes DialOut/IP software for Windows...
  • Page 53: Configure The Ras 1500

    Configuring Your System For DialOut/IP Software Configure the Complete the following steps to enable dial-out through the RAS 1500. RAS 1500 Unless otherwise noted, all of the commands in these steps are issued through the command-line interface (CLI) of the RAS 1500. Press the Enter key to issue the command.
  • Page 54 4: C HAPTER ONFIGURING The <service name> is the name to assign the network service, for example, dialout-service. The <socket number> is the TCP port number where the service is accessible. DialOut/IP expects the TCP port number for the RAS 1500 to be 6000 (and above).
  • Page 55 Configuring Your System For DialOut/IP Software 3 Click OK. A Telnet session starts. 4 In the Telnet window, type AT, then press Enter. If the response is “OK,” the port is configured correctly for dial-out using DialOut/IP. If the connection is unsuccessful, or if a “login” prompt appears, the port is configured incorrectly for dial-out using DialOut/IP.
  • Page 56: Configure Client Workstations

    4: C HAPTER ONFIGURING Configure Client Complete the following steps to install and configure DialOut/IP software on each of the client workstations from which you plan to dial out. Workstations Step 1: Install DialOut/IP Software 1 Insert the Resource CD into the workstation. 2 Navigate to the ClientSoftware\Dial-out\Tactical directory.
  • Page 57 Configuring Your System For DialOut/IP Software 5 In the Presets drop-down list, select “3Com RAS-1500.” (You might need to scroll down the list.) The default TCP port number for the RAS 1500, 6000, is entered in the Port Number text box.
  • Page 59: Configuring Telnet Network Dial -Out

    ONFIGURING This chapter contains the following information: Overview Before You Begin Configuring the RAS 1500 Configuring Network Computers Dialing Out From a Network Computer Case Study ELNET ETWORK...
  • Page 60: Overview

    5: C HAPTER ONFIGURING ELNET ETWORK Overview You can access modem ports on the SuperStack II Remote Access System (RAS) 1500 from computers on the network to provide dial-out services. Using Telnet Network Network dial-out allows computers connected to the local area network Dial-out (LAN) to access modems on the RAS 1500, as though the modems were directly connected to the computers.
  • Page 61: Dialout/Ip Versus Telnet

    DialOut/IP Versus Network computers communicate with the RAS 1500 over the LAN using Telnet either DialOut/IP or Telnet. A difference between DialOut/IP network dial-out and Telnet network dial-out is that DialOut/IP supports Windows Dial-Up Networking, and Telnet does not. So, if you need access to the Internet over a dial-up PPP connection, which Windows Dial-Up Networking provides, choose DialOut/IP network dial-out.
  • Page 62: Optional Information

    5: C HAPTER ONFIGURING ELNET Optional Information The following information is optional: RAS 1500 Before you begin, confirm the following steps are complete, as detailed in Configuration the Getting Started Guide: Computers on the Network ETWORK Modem group name Modems to include in the modem group Idle timeout Recovery timeout Login banner...
  • Page 63: Configuring The Ras 1500

    Configuring the To configure the RAS 1500 for Telnet network dial-out service, follow RAS 1500 these steps. Each of these steps is detailed in this section. Notes about the procedures The commands below are performed in the RAS 1500 command line interface (CLI).
  • Page 64: Step Two: Add An Ip Network

    5: C HAPTER ONFIGURING ELNET Step Two: Add an IP Essentially, this step gives an IP address to the RAS 1500, so it can be Network found on the LAN. Use the following command: add ip network <IP network name> Table 7 IP Network Parameters Parameter network name...
  • Page 65: Step Four: Add The Dial-Out Service

    For example, to add a modem group called Telnet_users with three modems assigned to it: add modem_group telnet_users interface rm0/slot:1/mod:1,rm0/slot:1/mod:2,rm0/slot:1/mod:3 After you create the modem group, you assign it to the dial-out service (in step four). The modem group you assign in that step must match exactly (case-sensitive) with the modem group you create in this step.
  • Page 66 5: C HAPTER ONFIGURING ELNET Table 9 Network Service Parameters Parameter ancillary data Example: add network service telnet_lab server_type telnetd socket 6666 data “service_type=dialout This example makes available modem ports assigned to the modem group telnet_users (modems 1-3). 2 Confirm the dial-out service is enabled. Use the following command: list network services A list of network services appears.
  • Page 67: Step Five: Add Users

    Changing a dial-out service To change dial-out service settings: 1 Disable the dial-out service. disable network service <service_name> 2 Make the changes to the dial-out service. set network service <service name> All DATA parameters are lost when you issue the set network service command.
  • Page 68: Step Six: Save Your Work

    5: C HAPTER ONFIGURING Table 10 User Parameters Parameter username user password user type modem group name Name of modem group used to make the dial-out Example: add user gil password fish type dial_out set user gil modem_group telnet_users Step Six: Save Your Use the following command: Work save all...
  • Page 69: Dialing Out From A Network Computer

    Dialing Out From a Network Computer 1 From the Windows 95 or NT desktop, click Start, then Run. The Run dialog box appears. 2 In the Open text box, enter the following: telnet <ip address of the RAS 1500> <socket number> Example: telnet 192.112.227.115 6666 3 Click OK.
  • Page 70 5: C HAPTER ONFIGURING ELNET add modem_group telnet_lan interface rm0/slot:1/mod:1,rm0/slot:1/mod:2 5 Add a dial-out user named “eddie” with a password “panama.” Use the following command: add user eddie password panama type dial_out 6 Add a Telnet network dial-out service named “telnet” with these characteristics: socket number 6666 and a modem group “telnet_users.”...
  • Page 71: Configuring Network Dial -I N

    ONFIGURING This chapter contains the following information: Overview Before You Begin Configuring the Remote Computer Configuring RAS 1500 Using Callback and Roaming Callback Calling Line Identification Callback Network Callback User Case Study Network User Case Study ETWORK...
  • Page 72: Overview

    6: C HAPTER ONFIGURING Overview SuperStack II Remote Access System (RAS) 1500 allows remote computer and Macintosh users to dial in over ISDN or analog lines and connect to the local network via Novell IPX, Internet Protocol (IP), or AppleTalk. Using Network Use network dial-in (Figure 8) if you want to configure a RAS 1500 to Dial-In...
  • Page 73: Before You Begin

    Before You Begin Before you begin configuring RAS 1500 for Network Dial-in, follow all the configuration steps in the SuperStack II Remote Access System Getting Started Guide. Required Information Obtain the following information for network dial-in: Configuring the Remote users must have a modem supporting the remote access protocol Remote Computer used (Point-to-Point Protocol [PPP] or Serial Line Internet Protocol [SLIP]).
  • Page 74: Ip Addresses

    6: C HAPTER ONFIGURING IP Addresses You may specify an IP address for your remote computer during the session. If RAS 1500 is configured to negotiate an IP address with the remote computer, RAS 1500 automatically detects this address. If the remote computer does not have an IP address configured and the address selection type is negotiate, RAS 1500 terminates the call.
  • Page 75: Step One: Configure An Ip Address Pool

    Step One: Configure Use the following steps to configure an IP address pool: an IP Address Pool 1 Designate an IP address pool name and initial pool address. Use the following command: add ip pool <name> initial_pool_address <initial_pool_address> Example: add ip pool kurtspool initial_pool_address 172.32.142.2 Do not overlap the ip addresses of the IP address pool and DHCP pool.
  • Page 76: Step Two: Configure Ip Network Users

    6: C HAPTER ONFIGURING ETWORK Step Two: Configure A remote access user is as a network user. When you create a network IP Network Users user, the software builds a user profile that includes many default parameters. These defaults reflect most common types of user configurations.
  • Page 77 2 Specify a Remote Address. If you want the remote IP address to be selected from a pool or negotiated, go to step 3. When adding a remote IP address, RAS 1500 automatically chooses the specified address selection method, so you do not need to configure the parameter in the command.
  • Page 78: Step Three: Configure Ppp Parameters

    6: C HAPTER ONFIGURING Step Three: Configure If your remote users connect using PPP, you can also define several PPP Parameters optional PPP parameters that control how RAS 1500 handles the remote access session. This section describes parameters that are applicable for network dial-in users.
  • Page 79 4 Configure if RAS 1500 uses the asynchronous control character map to filter incoming data. Use the following command: set network user <name> ppp receive_acc_map [hex_number - array of 4 bits] Example: set network user tom ppp receive_acc_map 0 5 Configure if RAS 1500 uses the asynchronous control character map to filter outgoing data.
  • Page 80: Step Four: Configure Additional Parameters

    6: C HAPTER ONFIGURING ETWORK save all Step Four: Configure You can configure several additional network user parameters. Use the Additional following steps to configure additional parameters: Parameters 1 Configure the Maximum Transmission Unit (MTU). MTU is the largest packet size (in bytes) RAS 1500 accepts. The default setting is 1514 for PPP and SLIP, although the maximum MTU SLIP accepts is 1006.
  • Page 81: Using Callback And Roaming Callback

    4 Configure idle and session timeouts to limit a user’s time on the line or end a call after a specified idle period: set user <name> idle_timeout <0-86400 seconds> session_timeout <0-86400 seconds> Example: set user tom idle_timeout 60000 session_timeout 60000 5 Save your work.
  • Page 82: Calling Line Identification Callback

    6: C HAPTER ONFIGURING Configuring a Roaming Callback User (Dynamic) Use the following steps to configure a roaming callback user: 1 Add the roaming callback user. add user [ username ] password [ password ] type network,callback 2 Set the roaming callback user as “dynamic.” set user [ username ] callback_type dynamic 3 Save your work.
  • Page 83 Calling Line Identification Callback Restrictions of CLID callback: CLID callback only works with the RAS 1500 for LAN-to-LAN connections. CLID callback does not provide “roaming” callback; PPP callback does. The RAS 1500 supports only CLID callback for ISDN users, not analog users.
  • Page 84: Call Handling

    6: C HAPTER ONFIGURING ETWORK Call Handling Figure 9 details the CLID callback/security process. Figure 9 CLID Callback Process A remote user dials into the RAS 1500 The RAS 1500 searches its local user records for a CLID that matches the incoming ANI.
  • Page 85 After the system determines whether the incoming call ANI matches a user CLID, the handling of an incoming call is determined by two settings: the status of CLID security (a modem-level setting) and the incoming user type (a user-level setting). These two settings are configured independently.
  • Page 86: Configuring Clid Callback

    6: C HAPTER ONFIGURING ETWORK Configuring CLID For most CLID-callback setups, three general steps must be completed to Callback prepare the RAS 1500: Step One: Add a CLID user. Step Two: Configure the user CLID-callback settings. Step Three: Configure CLID security. Each of these steps is shown in detail below.
  • Page 87 1 Set the user CLID numbers. Use the following command: set user [name] caller_id1 [number 1] caller_id2 [number 2] For example, set user schmidt caller_id1 8475552100 caller_id2 8475552101 The parameter caller_id2 is optional. Each CLID number must be unique, otherwise the RAS 1500 cannot determine which user to call back.
  • Page 88: Step Three

    6: C HAPTER ONFIGURING ETWORK set user default callback_delay [seconds of delay] CLID callback and PPP callback use the same callback delay. Step Three: CLID security provides an additional layer of security by rejecting calls Configure from remote users whose ANI does not match the CLID of any user on CLID Security the RAS 1500.
  • Page 89: Troubleshooting Clid Callback

    Troubleshooting CLID Follow this procedure to obtain more information from the RAS 1500 Callback about the CLID-callback process: 1 Set the log level of the RAS 1500: set facility “Call Initiation Process” loglevel verbose 2 Enable CLID security for one of the interfaces (for example, rm0/slot:1/mod:1): set switched interface rm0/slot:1/mod:1 clid_security on 3 Dial from the remote user into the interface (in this case,...
  • Page 90: Case Study

    6: C HAPTER ONFIGURING Case Study A small office satellite provides dial-up connections to its at-home workers using the RAS1500. All the modems have CLID security enabled, and the user records have the caller ID fields set. This ensures the workers can dial in only from home.
  • Page 91: How It Works

    5 Save your work. save all How it Works Gina dials in to RAS 1500 using PPP (Dial-Up Networking) with the username and phone number supplied by the administrator. After Gina is authenticated, the call is disconnected and RAS 1500 dials Gina back at the phone or alternate phone number.
  • Page 92: How To Configure This User

    6: C HAPTER ONFIGURING ETWORK All other settings remain at factory defaults. How to Configure Use the following commands to configure the user: this User 1 Create a network user “Bridgett” of the network user type. Use the following command: add user bridgett password 1234 type network 2 Bridgett's home computer has no IP address configured on it.
  • Page 93: Lan- To -Lan Routing

    LAN- This chapter contains the following information: Overview Before you Begin Configuring LAN-to-LAN Routing LAN-to-LAN Routing Case Study Configuring IP on Demand This chapter assumes that all routing devices have been installed and that both local area networks (LANs) have been properly configured. -LAN R OUTING...
  • Page 94: Overview

    7: LAN- -LAN R HAPTER Overview The SuperStack II Remote Access System (RAS) 1500 can perform IP routing with a remote RAS 1500 or third-party router over analog or Integrated Services Digital Network (ISDN) digital lines (Figure 11). Figure 11 LAN-to-LAN Routing with the RAS 1500 The Difference Routing and bridging are very similar: they move packets between Between Bridging...
  • Page 95: Routing Overview

    Routing Overview Configuring a LAN-to-LAN routing connection is very similar to configuring a network user, with some additional dial-out and routing parameters such as: Types of LAN-to-LAN connection Routing configuration Dial-out scripts used to connect to the remote location Bandwidth (can be increased or decreased automatically) The following sections give an overview of each parameter.
  • Page 96: Ip Routing Overview

    7: LAN- -LAN R HAPTER OUTING Dial-Out Scripts All dial-out users can have dial-out scripts defined in the user profile. The dial-out script can consist of up to six send/receive pairs. The script can contain AT commands and other login commands needed to access the remote location.
  • Page 97: Dynamic, Static, And Default Routes

    Dynamic, Static, and You can configure the RAS 1500 to use constantly updated routing tables Default Routes (dynamic routes that use protocols such as IP RIPv1 or RIPv2) or to use only your pre-configured routing tables (static routes). Dynamic Routes Network devices running RIPv1 or RIPv2 broadcast the destination addresses to which they can forward packets.
  • Page 98: Establishing Connections To Remote Gateways

    7: LAN- -LAN R HAPTER OUTING Establishing The RAS 1500 forwards a packet to a gateway for which there is an Connections to established connection, such as a gateway on the same segment of the Remote Gateways local LAN or at the other end of an active dial-up connection. All the RAS 1500 does in these situations is send the packet out the correct interface.
  • Page 99: Chap Authentication

    CHAP Authentication Instead of actually sending a clear text password over the link, CHAP relies on a “shared secret,” a password that both sides of the connection know, but never send. When a remote system requests CHAP authentication, the authenticating host replies with a challenge packet. The challenge packet contains important information, including the following: The challenged system needs the username for the host to look up the...
  • Page 100: Configuring Lan-To-Lan Routing

    7: LAN- -LAN R HAPTER Configuring Connecting to a remote LAN is similar to connecting to a remote user LAN-to-LAN station (with the addition of a few more parameters); remote LANs are Routing defined as users. Use the following steps to configure a LAN-to-LAN routing connection: Step One: Add the To add a LAN-to-LAN user, use the following command: LAN-to-LAN User...
  • Page 101: Step Two: Configure The User Network Parameters

    Step Two: Configure Configure network user with the following commands: the User Network set network user <name> Parameters 1 Specify the type of address selection and remote IP address. set network user <name> Table 20 address_selection parameter Configurable Address Type A specific remote IP address.
  • Page 102: Step Three: Configure The User Dial-Out Parameters

    7: LAN- -LAN R HAPTER 2 Specify the settings for ip, ipx, appletalk, and bridging. set network user <name> ip [enable | disable] ipx [enable | disable] appletalk [enable | disable] bridging [enable | disable] Disable the protocols that are not used across the dial-up link. Example: set network user main_office ip enable ipx disable appletalk disable bridging disable...
  • Page 103 Table 21 Connection Type Action Initiation is automatic when valid/interesting data on demand requires to traverse the link. Initiated and terminated automatically at preconfigured timed times. Initiated with the command “dial <username>. manual Maintained constantly, as long as the RAS1500 remains continuous powered on.
  • Page 104: Step Four: Configure The User Routing Parameters

    7: LAN- -LAN R HAPTER OUTING Step Four: Configure Use the following command to configure the user routing parameters: the User Routing set network user <username> Parameters set network user <username> ip_routing <level of routing> rip <rip version> Table 22 IP Routing Levels Command Listen Send...
  • Page 105: Step Five: Configure The User Ppp Parameters

    Step Five: Configure Use the following command to configure the user PPP parameters: the User PPP set network user <username> ppp Parameters 1 Configure basic PPP parameters. set network user <username> ppp compression_algorithm <algorithm> max_channels <maximum number of channels> channel_expansion <at x percent load on current link> channel_decrement <at y percent load on current link>...
  • Page 106: Step Six: Configure Phone Numbers

    7: LAN- -LAN R HAPTER OUTING The PPP channel_expansion and PPP channel_decrement parameters are associated with MLPPP operation. When the utilization of the link reaches these values, either more links are made available (channel expansion) or links are removed (channel decrement). When MLPPP brings up additional links, the RAS 1500 uses the same number it brought up for the first link.
  • Page 107: Step Seven: Configure Authentication

    Example: set user main_office phone_number 8715552020 alternate_phone_number 5088712022 Step Seven: Use the following command to configure authentication settings: Configure set ppp receive_authentications <chap|either|none|pap > Authentication set system transmit_authentication_name <remote router name> The PPP receive_authentication parameter determines how dial-in users are authenticated. The system transmit_authentication_name is the name the RAS 1500 uses to identify itself to the remote router while setting up a dial-up LAN-to-LAN connection.
  • Page 108: Strategies

    7: LAN- -LAN R HAPTER OUTING Strategies The goals can be achieved in two ways: either a numbered IP link between the sites (see “Strategy 1 (numbered link)”), or an unnumbered IP link between the sites (see“Strategy 2 (unnumbered link)” on page 108).
  • Page 109 6 Configure the user PPP parameters. set network user branch_office ppp max_channels 2 set network user branch_office ppp channel_expansion 60 channel_decrement 20 7 Configure phone numbers. set user branch_office phone_number 5085555555 8 Configure authentication. set ppp receive_authentication pap set system transmit_authentication_name main_office 9 Save your work.
  • Page 110 7: LAN- -LAN R HAPTER OUTING 7 Configure phone numbers. set user main _office phone_number 5085556666 8 Configure authentication. set ppp receive_authentication pap set system transmit_authentication_name branch_office 9 Save your work. save all Strategy 2 (unnumbered link) Configuring the RAS1500 in the Main Office: f an IP network has been defined, configured, and enabled on the RAS 1500, steps 1 through 3 are not necessary.
  • Page 111 6 Configure the user PPP parameters. set network user branch_office ppp max_channels 2 set network user branch_office ppp channel_expansion 60 channel_decrement 20 7 Configure phone numbers. set user branch_office phone_number 5085555555 8 Configure authentication. set ppp receive_authentication pap set system transmit_authentication_name main_office 9 Save your work.
  • Page 112: Configuring Ip On Demand

    7: LAN- -LAN R HAPTER set user main _office phone_number 5085556666 8 Configure authentication. set ppp receive_authentication pap set system transmit_authentication_name branch_office 9 Save your work. save all Configuring IP on Using IP on demand, the RAS 1500 sends IP packets it receives to Demand specified routers.
  • Page 113: Bridging With The Ras 1500

    RIDGING WITH THE This chapter contains the following information: Overview Enabling Bridging Over the LAN Using FCP to Bridge with OfficeConnect Routers RAS 1500...
  • Page 114: Overview

    8: B HAPTER RIDGING WITH THE Overview The SuperStack II Remote Access System (RAS) 1500 uses bridging to allow you to link two separate locations as if they were the same network. How the RAS 1500 When the RAS 1500 receives a frame, it inspects the frame and Acts as a Bridge determines where the frame belongs by analyzing address information.
  • Page 115: Bridging Tips

    If the bridge does not find the destination hardware address in its bridging table, the RAS 1500 transmits the frame across the bridge. If the bridge finds the destination hardware address in its bridging table, the RAS 1500 transmits the packet across bridge links. Bridging Tips The following sections provide tips to help you understand bridging with the RAS 1500.
  • Page 116: Using Fcp To Bridge With Officeconnect Routers

    8: B HAPTER RIDGING WITH THE 3Com recommends that you route all protocols and bridge only the protocols that cannot be routed. Use the command below: set network user <name> For example, to bridge IPX and AppleTalk protocols but route the IP...
  • Page 117 Using FCP to Bridge with OfficeConnect Routers FCP supports the following features: Data compression Multilink line aggregation (Multilink FCP) PPP Versus FCP PPP is used widely throughout the IP community to connect routers from different manufacturers. It is recognized as the de facto standard protocol for this purpose.
  • Page 118 8: B HAPTER RIDGING WITH THE b Disable all protocols not used on your network: Bridging IP does not work if you add an IP network to the Ethernet interface. c Enable bridging for the FCP user: d Configure FCP username and password: e Enable the user on the network: 3 Set dial-out settings for the user: a Associate a user with the modem group:...
  • Page 119 Using FCP to Bridge with OfficeConnect Routers On-demand Bridging When the RAS 1500 receives a frame that needs to be bridged, it checks the learned MAC address table to see if it knows where to send the frame. (Maybe a dial-up link is still available where that can be forwarded.) If it does not know where to send it, it will cycle through the configured dialout bridging users bringing up their dial-up links and bridges the frame over to all these users.
  • Page 121: Configuring An Ip Terminal Server

    This chapter contains the following information: Overview Remote users can dial in to the SuperStack II Remote Access System (RAS) 1500 to establish a terminal session with a host on the local network using a login service such as Telnet, Rlogin, or ClearTCP. Before You Begin Before you begin configuring the RAS 1500 as an IP terminal server, follow all the configuration steps in the RAS 1500 Getting Started Guide.
  • Page 122: Setting Communication Parameters

    9: C HAPTER ONFIGURING AN Setting The remote computer should be configured for the following Communication communications parameters: Parameters These settings are the defaults. If you change the communications settings, you must provide the remote user with the appropriate settings as well.
  • Page 123: Rlogin, Telnet And Cleartcp Ports

    Rlogin, Telnet and Optional. The Rlogin, Telnet and ClearTCP port numbers of the host. ClearTCP Ports 1 To add a login host, use the following command: add login_host detroit address 236.135.221.167 preference 1 2 Check your work with the following command. list login_hosts 3 Save your work.
  • Page 124 9: C HAPTER ONFIGURING AN The host type setting may override this setting. See step 2 for more information. Type The following are valid types for a login user: If you include callback in the user type, you need to specify a phone number at which the user is called back using the following command: set user <name>...
  • Page 125 select — (Default) The user is automatically connected to a host selected from the Login Hosts Table. The method of choosing the host is set using the set connection <host_select> command by random or round robin (default) fashion. Example: set connection host_select random specified —...
  • Page 126: Case Studies

    9: C HAPTER ONFIGURING AN Case Studies This section provides examples of how to configure a login user to dial-in to the RAS 1500 and establish a Telnet session with hosts on the network. Jack's home computer uses VT100 terminal emulation software to establish a IP terminal session with any host on the local area network (LAN) that he is authorized to access.
  • Page 127 Case Studies When Jack dials in, he is prompted for his login name as shown below: Welcome to 3Com RAS 1500 (TM) login: After Jack is successfully authenticated, the system prompt appears. At this point, Jack can connect to either host by using the following...
  • Page 128: Case Study B

    4 Save your work. save all When Jill dials in, she is prompted for a login name/password as shown below. Welcome to 3Com RAS 1500 (TM) login: password: After Jill is successfully authenticated, she is connected to the host and prompted for a username and password.
  • Page 129 Case Studies After system authentication, Jill is up and running on the host. When Jill logs out of her host session, she exits from the RAS 1500 as well. Example: Granite:\> logout NO CARRIER Microsoft(R) Windows 95 (C)Copyright Microsoft Corp 1981-1995. Granite:\>...
  • Page 131: Advanced Modem Configuration With Cli/At

    COMMANDS This chapter contains the following information: 3Com recommends using the Web configuration interface to configure the modems on the SuperStack II Remote Access System (RAS) 1500. This chapter explains how to configure modems with the command line interface (CLI). For information about configuring modems with the Web configuration interface, view the online help.
  • Page 132: Overview

    10: A HAPTER DVANCED Overview Before You Begin Before you access the Console Interface, perform the following actions: 1 Connect the SuperStack II Remote Access Concentrator (RAS) 1500 console port. 2 Access the Console Interface with terminal software. Connecting to the Connect to the RAS 1500 attaching a standard DB-9 connector to the RAS 1500 Console Port.
  • Page 133: Obtaining At Command Help

    Obtaining AT There are five types of AT command help. See the Table 25 for the Command Help commands associated with the five types of AT command help. Table 25 AT Command Help Help Type Basic AT Command Help Ampersand AT Command Help Percent AT Command Help Asterisk AT Command Help S-Register Help...
  • Page 134 10: A HAPTER DVANCED ODEM Dial Command Options Include optional dial commands (Table 27) after the D command and before the number to be dialed unless indicated otherwise. To cancel dial command execution, press any key. Table 27 Dial Command Options Action Tone dial Pause for a two second duration, set in...
  • Page 135: Disconnecting With At Commands

    Using Stored Telephone Numbers Each modem in an RAS 1500 can store up to four dial strings in NVRAM, store the last dialed number, and do an inquiry of stored phone numbers. A dial string may be up to 40 characters long. The string may include any valid Dial command options (Table 28), but no other commands.
  • Page 136: Configuring Data Compression Settings

    10: A HAPTER DVANCED Configuring Data Data compression is a method by which the modem sending Compression (transmitting) compresses the data being sent as it transmits, and the Settings receiving modem decompresses the data as it is received. V.42 bis and the Microcom Networking Protocol-5 (MNP-5) allows for this compression to take place.
  • Page 137 Data Compression Tables A Data Compression Table describes a table of values assigned for each character during a call using data compression techniques. The default values in the table are constantly being changed to ensure the most efficient throughput possible. Each table uses a dictionary to assign these values.
  • Page 138: Configuring Error Control Options

    10: A HAPTER DVANCED Configuring Error Error control can be accomplished in different ways. Error control is Control Options available for calls at 1200 bps and above. It can be disabled, although high speed calls (above 2400 bps) should always be under error control. The operations defined in an error control protocol include the following: CAUTION: High speed calls are vulnerable to errors unless the data is protected by error control.
  • Page 139: Using Error Control

    Microcom Networking Protocol Error Control Microcom Networking Protocol (MNP) is supported by the ITU-T V.42 Recommendation. It was originally developed by Microcom®, Inc. and is now in the public domain. MNP is based on special protocol frames. If the remote device does not recognize an MNP Link Request, error control is not possible.
  • Page 140: Configuring Carrier Delay Times

    10: A HAPTER DVANCED ODEM Establishing Error Control-only Connections Use this setting to guard against the transfer of data at high speeds without the reliability of error control. Modem disconnects (hang up on call) if ARQ connection cannot be made. Action Establish Error Control ONLY connections...
  • Page 141: Modifying Carrier Receive Delay

    Modifying Carrier Table 33 provides the carrier receive delay commands. Receive Delay Table 33 Carrier Receive Delay Setting The duration (tenths of a second) of the remote modem carrier signal before the local modem recognizes the signal. Ignored at speeds above 2400 The duration (tenths of a second) that the modem waits after the loss of the remote modem carrier signal before hanging up.
  • Page 142: Configuring Link Option Settings

    10: A HAPTER DVANCED Configuring Link This section explains how to change the settings that affect link options Option Settings between the RAS 1500 module and the modems it connects to. Link Speed Index The following table shows the index number used in configuring both minimum and maximum connect speeds.
  • Page 143 Setting the Lowest Possible Connect Speed The &U command allows you to set the lowest possible connect speed. When a remote modem connects to an RAS 1500, it limits the minimum speed of the connection based on the value specified with &U. If the &U argument is zero, the connection is limited to the single speed implied by the &N argument.
  • Page 144 10: A HAPTER DVANCED ODEM Understanding Base Rates and True Rates The x2 speeds listed in the &U and &N table are base rates. From each base rate an additional 6 true rates can be derived. There are 30 true rates.
  • Page 145 Controlling the Maximum Low-speed Direction Low-speed direction speed is the send/receive baud rate of the slowest end of a connection. Use the S75 settings in Table 37 to control the maximum low-speed direction speed: Table 37 S75 Upper Limit Link Speeds Upper Limit Link Speed No upper limit 2400...
  • Page 146: Obtaining Modem Call Information

    Product configuration. Displays code date, revision, the slot and channel number of the modem, and other information used by 3Com Technical Support to diagnose problems Advanced Link Diagnostics ISDN information ATI8, ATI0, ATI2, and ATI18 are reserved.
  • Page 147 Understanding Link Diagnostic Results Link diagnostic result parameters are displayed by the ATI6 command. Table 39 explains each parameter. Table 39 Link Diagnostic Results Result Indication Octets Compressed characters; may be greater than the number of characters sent due to buffering operations. Blers Errors in data and protocol (non-data) blocks, but corrected by ARQ (Error Control).
  • Page 148 10: A HAPTER DVANCED ODEM The possible reasons for disconnect are explained in Table 40. Table 40 Disconnect Reasons Disconnect Reason Keypress Abort Escape code GSTN (General Switch Telephone Network) Clear Down Loss of Carrier Inactivity Timeout MNP Incompatibility Retransmit limit LD received DISC Loop loss disconnect...
  • Page 149: Working With Modem Memory

    Working with Modems inside an RAS 1500 module have a user-configurable memory Modem Memory type known as Flash memory. You can store, retrieve, and change settings in Flash. Each modem also uses Random Access Memory (RAM) to store current settings, however modem configurations stored in RAM are lost as soon as the modem is power cycled or turned off.
  • Page 150: Saving A Phone Number To Flash Memory

    10: A HAPTER DVANCED ODEM Saving a Phone Each modem in an RAS 1500 can store up to four different telephone Number to Flash numbers. Table 41 explains how to store these numbers in modem Flash Memory memory. Table 41 Saving a Phone Number to Flash Memory Action Dial the phone number you saved with a special setting.In this example, &M0 (no error control) comes before the DS2.
  • Page 151: Configuring Modem Call Control Settings

    Changing Settings Temporarily Any setting can be changed just for the current session. You may want to use this feature for experimentation if you are experiencing performance difficulties. If the change does not achieve the desired effect, reset the modem (described below) to return it to its previous saved configuration. For example, the ATX6 command changes the result code setting, but the power-on/reset default remains intact.
  • Page 152 10: A HAPTER DVANCED ODEM use error correction and hangs up if the remote modem is not using error correction. Setting None (Normal) Normal ARQ (Default) ARQ Only Setting Carrier Wait Time after Dialing Setting The duration, in seconds, that the local modem waits to detect a carrier signal from the remote modem.
  • Page 153: Configuring 56 Kbps Technology

    The duration, in tenths of a second, of the EIA-specified Multimode Training sequence for V.32 modems, which includes 3Com Dual Standard modems set to answer V.32 calls (set to B0). The delay gives V.32 modems additional time to connect with most U.S./Canada modems at 9600 bps before falling back to attempt a V.21 connection (to answer...
  • Page 154: Disabling V.34 Connections

    10: A HAPTER DVANCED Disabling V.34 The RAS 1500 allows the selective disabling of V.34 connections Connections depending on whether or not they are made with an x2 capable modem (Table 42). Table 42 Disabling V.34 Connections Action Allow V.34 and x2 connections Allow V.34 and x2 connections only with x2 modems Allow V.34 connections to all modems...
  • Page 155: Relationships Between Frames And Windows

    Table 43 AT Commands Setting Frame size Window size Relationships Although you can set the frame size on the RAS 1500 up to 2048, use Between Frames and Table 44 to determine the actual values allowed by the RAS 1500. Windows Table 44 Frame and Windows Sizes Setting...
  • Page 156: Universal Connect Call Flow

    10: A HAPTER DVANCED ODEM Universal Connect The RAS 1500 tries a number of calls and detection processes (Table 45). Call Flow Table 45 Universal Connect Call Flow Attempt When you set the RAS 1500 to Universal Connect and make or receive a call, the RAS 1500 attempts a V.110 connection only if you set S67.0=1.
  • Page 157 Originating HDLC 64 Kbps and 56 Kbps Protocols Use Table 47 to control the originating High-level Data Link Control (HDLC) 64 Kbps and 56 Kbps protocols: Table 47 HDLC 64Kbps and 56 Kbps Protocols Setting Command None *U1=0 V.120 *U1=1 X.75 *U1=2 *U1=3...
  • Page 159: Configuring The Ras 1500 Router

    ROUTER This chapter covers administrative commands used for the following: Reconfiguring Your The commands detailed in this section control configurable aspects of System your system. Customizing CLI Local Prompt Parameters Use set command if you have more than one SuperStack II Remote Access System (RAS) 1500 and want to differentiate between them or you just want to customize your prompt from the default.
  • Page 160 11: C HAPTER ONFIGURING THE Idle Timeout If you want to make sure that a console login user is using the link constructively — and not leaving the system vulnerable to a security breach — set an idle timeout using the following command: set command idle_timeout <0-60 minutes>...
  • Page 161 SYSTEM INFO; set system name “marauder” set system contact “Henry Stimson” set system location “3Com Lab” SETTING THE LOCAL COMMAND PROMPT; ;set command prompt “RAS 1500” SETTING THE SYSTEM COMMAND HISTORY; ;set command history 100 SNMP COMMUNITIES;...
  • Page 162 11: C HAPTER ONFIGURING THE add dns host wimpy address 157.172.248.40 ;add dns server preference 1 address 157.172.248.40 name louvre add syslog 157.172.248.54 loglevel verbose enable authentication local set authentication radius_secret testing12326.54 secondary_server 157.172.248.40 ; enable authentication remote set accounting primary_server 157.172.248.54 secondary_server 157.172.248.40 enable accounting enable ip rip...
  • Page 163: Discarding And Renaming Files

    Discarding and There are several delete commands you can use to discard various files. Renaming Files Communicating with Remote and Local Sites Dial, Disconnect, and You can dial up a remote or local site with the dial command and log in Hangup Commands to hosts with the rlogin and telnet commands.
  • Page 164: Reboot Command

    11: C HAPTER ONFIGURING THE Disconnect Command To disconnect a user (disconnect and leave the user in an inactive state), use the following command: disconnect user <user_name> Reboot Command Use the reboot command to recycle the system. But first, be sure to use the save all command to preserve any configuration changes.
  • Page 165: Logout Command

    Logout Command Logout exits the CLI and closes the connection, ending a dial-in user or Telnet session. Network Services To use ClearTCP, Simple Network Management Protocol (SNMP), or DialOut and to set values associated with them, add each network service and related parameter.
  • Page 166 11: C HAPTER ONFIGURING THE data Ancillary data. Format one or more values with syntax from Table 50. Table 50 Ancillary Data Values Data Value “auth=on/off” “login_banner=\”string”” “login_prompt=\”string\”” “service_type=manage/dialout” “modem_group=\”string\”” “drop_on_hangup=on/off” RAS 1500 ROUTER Description On indicates that login/ password authentication should be performed on incoming connections.
  • Page 167 Communicating with Remote and Local Sites Using the list services command after typing the example above will display the following (for example): CONFIGURED NETWORK SERVICES Server Admin Name Type SocketClose Status tftpd TFTPD 69 FALSE ENABLED DATA: dialout DialOut32773FALSE DATA: auth=off, login_banner= “Welcome to My Net”, login_prompt=“My Session,drop_on_hangup=on telnetd TELNETD23FALSE...
  • Page 168 11: C HAPTER ONFIGURING THE Using TFTP TFTP (Trivial File Transfer Protocol) can be used to transfer files to and from the system. Since this network service is enabled by default, set it up by first configuring your computer as a TFTP client of the stack by entering this command: add TFTP client <hostname or IP address>...
  • Page 169 Communicating with Remote and Local Sites For example, to Telnet to a host with an IP address of 167.199.76.23, use the following command: telnet 167.199.76.23 When using Telnet or rlogin on a TCP connection via a global interface (RAS 1500 internal interface), you should run RIP. Without RIP running on the internal network, you will not learn of remote networks should the Ethernet interface be disabled.
  • Page 170: Troubleshooting Commands

    11: C HAPTER ONFIGURING THE For example, at the host prompt, use the following command: C ] send AYT You can use the set_escape command to change the Telnet escape character to a character of your choice. Use a carat (^) to precede another character.
  • Page 171: Resolving Addresses

    Troubleshooting Commands Resolving Addresses The arp command performs IP address resolution. Use the following command: arp <ip address or host name> The system will respond with an IP address (and MAC [Ethernet] address if found on a locally connected network) of the host. Example: ARP: 172.122.120.118 ->...
  • Page 172 11: C HAPTER ONFIGURING THE This diagnostic tool can also be initiated from an SNMP station. Use the following command: ping <IP address> Example: ping 199.55.55.55 count 3 verbose yes The command would display the following: PING Request: 1 Time (ms): 10 PING Request: 2 Time (ms): 0 PING Request: 3 Time (ms): 0 PING Destination: 199.55.55.55...
  • Page 173 Troubleshooting Commands Showing ping Settings The show ping row <number> command is an alternative to display ping statistics. Example: PING SETTINGS for ROW: 1 DESTINATION: www.cnn.com Status: ACTIVE Resolved IP Address:207.25.71.28 Count: Interval:1 Size: Timeout:20 Self Destroy Delay:10 Use the delete ping row <number> command to erase a row in the Remote Ping Table.
  • Page 174: Viewing Ras 1500 System Information

    You can use the show system command to see the firmware revision System Information number, the date, and the time that this revision was compiled as well as other system information that may be useful when consulting 3Com Technical Support. Example:...
  • Page 175: Displaying System Information

    Displaying System Information List Commands You can use list commands to view current configurations for all values stored in tables as well as facilities, files (FLASH memory configuration), and other data. List Critical Events The list critical events command displays the last ten critical status events, and the system time when each occurred.
  • Page 176 11: C HAPTER ONFIGURING THE Example: CONNECTION SETTINGS Host Selection Method:ROUND-ROBIN Global User Name: default Service Prompt: Message Prompt: List Dial-in Connections The list connections command displays all connections established on switched interfaces as configured with the set connections command. It lists: RAS 1500 ROUTER Login/Network User:...
  • Page 177 DLL — data link layer that the specified dial-in session is connected to: NONE, PPP, SLIP, FCP, RLGN, TLNT, PING, ADMN, CLTCP Start Date — start date of a connection established on the specified interface Start Time — start time of a connection established on the specified interface Example: CONNECTIONS...
  • Page 179: Ecurity And

    This chapter contains the following: Authentication You can perform user authentication with either the SuperStack II Remote Overview Access System (RAS) 1500 local authentication facility, Remote Authentication Dial-In User Service (RADIUS) authentication, network operating system (NOS) authentication, or local authentication and either RADIUS or NOS.
  • Page 180: Local Authentication

    12: U HAPTER SING ECURITY AND Local The RAS 1500 provides user authentication locally using a user table Authentication defined by the administrator. Local authentication is enabled by default. To enable local authentication, use the following command line interface (CLI) command: enable authentication local To disable local authentication, use the following CLI command: disable authentication local...
  • Page 181: Radius Authentication Process

    The RAS 1500 integrates the following enhanced RADIUS features: 128 challenge responses up to 128 bytes A filter rule format allowing filter names and rules to be downloaded to the RADIUS client Dynamic RADIUS server changes of a user filter rules Increased RADIUS security through RADIUS server verification of source IP address and UDP port Configuration of one secret and UDP port per server...
  • Page 182: Configuring Radius Authentication On The Ras 1500

    12: U HAPTER SING ECURITY AND Configuring RADIUS This section provides procedures to configure RADIUS authentication Authentication on through the CLI. You can also use the Web Configuration Interface to the RAS 1500 configure RADIUS authentication. Refer to the Web Configuration Interface online help for more information.
  • Page 183 4 Set the primary encryption key or secret. Use the following command: This is the first key the RAS 1500 uses to encrypt passwords and the RADIUS server uses to decrypt them. The RADIUS server(s) must be set to the same secret (encryption) key. The encryption key is entered into the clients file for the RADIUS server.
  • Page 184: Nos Authentication

    12: U HAPTER SING ECURITY AND Enabling and Disabling Remote Authentication Remote authentication is enabled by default. To set the type of remote authentication (RADIUS or NOS), see the previous procedure, “Configuring RADIUS Authentication Settings.” To enable remote authentication (in this case, RADIUS), use the following CLI command: enable authentication remote To disable remote authentication, use the following CLI command:...
  • Page 185: Nos Authentication Process

    NOS Authentication When a user dials into the RAS 1500 and NOS authentication is enabled, Process the following occurs: In these steps, the terms “security client” and “security server” refer to either a Novell NetWare or Windows NT platform. 1 The RAS 1500 checks its own user table. If the RAS 1500 finds a local entry, the RAS 1500 grants or denies the user access based on information in the table.
  • Page 186: Installing The Software

    12: U HAPTER SING ECURITY AND These NLMs reside on their respective server. They provide the appropriate agent software to interface between the RAS 1500 and the respective security server. Installing the Software 1 Copy the appropriate security NLM (see below) from the RAS 1500 Resource CD to the sys:system directory on the Novell server: 2 Add TCP/IP to the Novell server.
  • Page 187 \etc\services example # SYS:ETC\SERVICES Network service mappings. Maps service names to transport protocol and transport protocol ports. echo 7/tcp discard 9/tcp systat 11/tcp daytime 13/tcp netstat 15/tcp ftp-data 20/tcp 21/tcp telnet 23/tcp smtp 25/tcp time 37/udp name 42/udp whois 43/tcp domain 53/tcp hostnames...
  • Page 188 :load sbindery 3Com where sbindery is NLM name for the RAS 1500 Security Client for Novell NetWare Bindery. 3Com is the default password for the RAS 1500 Security Client. :load snds 3Com where snds is NLM name for the RAS 1500 Security Client for Novell NetWare Directory Services.
  • Page 189 To ensure the security client starts each time the system is rebooted, add the above commands in autoexec.ncf file: For NDS, add the command after TCP/IP, binding IP to an interface, and LOAD DSAPI. For bindery, add the command after TCP/IP and binding IP to an interface.
  • Page 190: Changing The Encryption Key

    ############################################################ # RAS 1500 NetWare Security Client Software ############################################################ load sbindery 3Com 6 Add the user on the Novell system. Changing the encryption key For security reasons, the messages between the RAS 1500 and the Novell server are encrypted with an encryption key.
  • Page 191 NT User Account Manager. This application software is a NT service that processes authentication requests from the RAS 1500. The NT Security Client uses a 3Com proprietary communication protocol to communicate with the RAS 1500. This protocol, which runs on top of registered UDP service "crsecacc", provides secured end-to-end communication services such as messages encryption and the protection against message replay.
  • Page 192 12: U HAPTER SING ECURITY AND Use the following steps to install and configure NOS authentication software on a Windows NT server or workstation: The time on the RAS 1500 and the Windows NT server must be within 15 minutes of each other. If you change the time on a Windows NT Server, you must reboot the server for the change to take effect.
  • Page 193: Changing Encryption Key

    For security reason, the messages communicated between the RAS 1500 and the NT Security Client are encrypted with an Encryption Key. The default Encryption Key is "3com". The Encryption Key is stored in the NT Registry database in the entry of "EncryptionKey", under the subkey HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\ ABSecurityClient.
  • Page 194: Configuring Nos Authentication On The Ras 1500

    2 Configure the primary NOS authentication server: set authentication primary_server [domain name or ip address] primary_port 888 primary_secret 3com The industry standard port setting for NOS authentication server is 888. Your NOS authentication server may differ. If you want to change the primary_secret, refer to the readme file provided with the Security application.
  • Page 195: Setting The Time Zone

    NOS Authentication To enable remote authentication (in this case, NOS), use the following CLI command: enable authentication remote To disable remote authentication, use the following CLI command: disable authentication remote Displaying Authentication Settings To display authentication settings, use one of the following commands: show authentication settings show configuration Setting the Time Zone...
  • Page 196: Setting The Date

    12: U HAPTER SING ECURITY AND CCOUNTING For example, to begin DST on the first Sunday of April at 2:00 AM and adjust 1 hour: set dst on week_of_month 1 day_of_week sunday month april time_to_correct 02:00:00 amount_to_correct 01:00:00 Use the following command to set specify when DST ends and the time adjustment to make: set dst off week_of_month <1-5>...
  • Page 197: Troubleshooting Nos Authentication

    To display the daylight saving time settings, use the following command: show dst Save Your Work To save your work, use the following command: save all Troubleshooting NOS If NOS authentication does not operate properly, verify the following: Authentication RADIUS Accounting The RAS 1500 performs local session accounting using a user table defined by the administrator.
  • Page 198: Configuring Radius Accounting

    12: U HAPTER SING ECURITY AND This section describes: Configuring RADIUS Use the following CLI command to configure RADIUS accounting Accounting settings: set accounting Configure RADIUS accounting parameters by setting the following values. Each step describes a parameter. An example is shown after the final step.
  • Page 199 4 Determine whether accounting information is sent to the primary server only (the secondary server acts as a backup) or whether accounting information is sent to both the primary and secondary servers until a response is received from both servers. Use the following command: set accounting use_servers [ONE | BOTH] 5 Set the number of retransmissions.
  • Page 200: Enabling And Disabling Radius Accounting

    12: U HAPTER SING ECURITY AND CCOUNTING Enabling and RADIUS accounting is enabled by default. It can be enabled or disabled Disabling RADIUS from the CLI. Accounting To enable RADIUS accounting, use the following CLI command: enable accounting To disable RADIUS accounting, use the following CLI command: disable accounting SYSLOG accounting is always enabled as long as a SYSLOG sink is defined.
  • Page 201 RADIUS Accounting If a PPP or SLIP (framed) user begins a session with the network, a record similar to the one below is sent to the accounting server: Thurs Jan 16 16:15:53 1999 Acct-Session-Id=“06000004” User-Name=harryk Client-Id=201.123.234.79 Client-Id-Port=5 Acct-Status-Type=Start Acct-Authentic=Local User-Service-Type=Framed-User Framed-Protocol=PPP Framed-Address=122.132.124.152 Framed-Netmask=255.255.124.0...
  • Page 203: Using Frame Relay

    This chapter contains the following information: The Frame Relay Stack complies with the Idacom Conformance Test Suite. When ordering Frame Relay service, tell your Frame Relay service provider. SING RAME Overview Before You Begin Basic Frame Relay Configuration Using the Command Line Interface Frame Relay Data Link Configuration Frame Relay PVC Configuration Monitoring and Troubleshooting...
  • Page 204: Overview

    13: U HAPTER SING RAME Overview The SuperStack II Remote Access System 1500 (RAS 1500) supports a Frame Relay interface to a wide area network (WAN). This allows for dedicated high throughput, low error connectivity to remote locations using public or private Frame Relay. Frame Relay technology is standardized and supported by a variety of remote access devices allowing the RAS 1500 to operate with remote access device from other manufacturers.
  • Page 205: Committed Information Rate

    Committed Frame Relay controls the data throughput rate with the Committed Information Rate Information Rate (CIR) parameter. CIR is the data rate the carrier guarantees without data loss. CIR is determined at the time the Frame Relay circuit is ordered and typically determines the cost of the Frame Relay service.
  • Page 206 13: U HAPTER SING RAME Table 53 Frame Relay Terminology Abbreviation How Congestion Control Works The chart below illustrates the congestion control process. This example assumes that all Frames are 4 k bits in size. Figure 13 shows what happens as the number of transmitted bits increases during the Committed Rate Measurement Interval (Tc).
  • Page 207 Overview Access - 64k All data in excess of Be is discarded Be - 48k All Data between Bc and Be is sent with the DE bit set Bc Max - 40k Be is in addition to Bc and will increase and decrease as Bc increases and decreases Bc is variable between Bc_Max and Bc_Min...
  • Page 208: Before You Begin

    13: U HAPTER SING RAME Before You Begin Before you configure the RAS 1500 for Frame Relay you must determine the following information: Basic Frame Relay Once you have obtained all required information, installed the RAS 1500, Configuration and configured all required system level parameters, you are ready to Using the begin configuring the RAS 1500 to use Frame Relay.
  • Page 209 Basic Frame Relay Configuration Using the Command Line Interface 3 Specify additional network parameters for the user. a If you are configuring an unnumbered interface, use the following command: set network user <username> remote_ip_address <xxx.xxx.xxx.xxx/x> The remote_ip_address for an unnumbered link may be the IP address of the remote router Ethernet port, depending on the configuration of the remote router.
  • Page 210: Frame Relay Data Link Configuration

    13: U HAPTER SING RAME Frame Relay Data Use the following steps to configure the Frame Relay data link: Link Configuration 1 Add the Frame Relay data link. add datalink frame_relay interface rm0/wan:1 enabled yes 2 Configure the following interface-level parameters: set frame_relay on interface rm0/wan:1 Both ends of the Frame Relay link must be configured for the same management type, otherwise the link is assumed to have failed.
  • Page 211: Frame Relay Pvc Configuration

    Frame Relay PVC To route over Frame Relay, users must be mapped to the correct PVC. Configuration This ensures that the correct IP and IPX addresses a associated with the correct PVC. On the RAS 1500, a user profile defines most aspects of the WAN connection across a Frame Relay link.
  • Page 212 13: U HAPTER SING RAME Table 56 Optional PVC Parameters Parameter bc_max bc_min becn_cmp becn-monitoring cir_monitoring ELAY Term Maximum Committed Burst Rate Minimum Committed Burst Rate Excess Burst Size Backward Explicit Congestion Notification Congestion Monitoring Period Backward Explicit Congestion Notification Monitoring Committed Information Rate...
  • Page 213: Monitoring And Troubleshooting

    Monitoring and There are several ways to monitor and troubleshoot your RAS 1500. Troubleshooting Show the Settings at Use the following command to show the setting at the interface level: the Interface Level show frame_relay on interface rm0/wan:1 settings show frame_relay on interface rm0/wan:1 counters show frame_relay on interface rm0/wan:1 lmi_statistics Show the Settings at Use the following command to show the setting at the PVC level:...
  • Page 214 13: U HAPTER SING RAME Strategy 1 (unnumbered link) Configuring the RAS 1500 for Site A: If an IP network has been defined, configured, and enabled on the RAS 1500, steps 1 through 3 are not necessary. 1 Add an IP network. add ip network sitea interface rm0/eth:1 address 172.16.253.254/b 2 Set the IP network routing protocol.
  • Page 215 10 Configure a Frame Relay PVC and associate a user with it. add frame_relay pvc atob dlci 101 interface rm0/wan:1 user siteb enabled yes 11 Save your work. save all Configuring the RAS 1500 for Site B: If an IP network has been defined, configured, and enabled on the RAS 1500, steps 1 through 3 are not necessary.
  • Page 216 13: U HAPTER SING RAME save all Strategy 2 (numbered link) Configuring the RAS 1500 for Site A: If an IP network has been defined, configured, and enabled on the RAS 1500, steps 1 through 3 are not necessary. 1 Add an IP network. add ip network sitea interface rm0/eth:1 address 172.16.253.254/b 2 Set the IP network routing protocol.
  • Page 217 8 Configure the user dial-out parameters. set dial_out user siteb local_ip address 192.168.168.1 9 Enable the user. enable user siteb 10 Configure the Frame Relay datalink. add datalink frame_relay interface rm0/wan:1 enabled yes 11 Configure a Frame Relay PVC and associate a user with it. add frame_relay pvc atob dlci 101 interface rm0/wan:1 user siteb enabled yes 12 Save your work.
  • Page 218 13: U HAPTER SING RAME 8 Enable the user. enable user sitea 9 Configure the Frame Relay datalink. add datalink frame_relay interface rm0/wan:1 enabled yes 10 Configure a Frame Relay PVC and associate a user with it. add frame_relay pvc btoa dlci 102 interface rm0/wan:1 user sitea enabled yes 11 Save your work.
  • Page 219: Handling Packet Filters

    This chapter describes how to set up packet filters on the SuperStack II Remote Access System (RAS) 1500. The following topics are discussed: This chapter describes how to use a text editor and the command line interface (CLI) to use filters. Transcend Remote Access Manager (TRAM) provides the same functionality using a graphical interface - for more information, see TRAM online Help.
  • Page 220: Filtering Overview

    14: H HAPTER ANDLING ACKET Filtering Overview Packet filters are used primarily in networks that cross organizational or corporate boundaries. They control inter-network data transmission by accepting or rejecting the passage of specific packets through network interfaces based on packet header information. When data packets are received by a network interface such as a modem, a packet filter analyzes packet header data against its set of rules.
  • Page 221: Filter Types

    Filter Types Filters can be classified by the following types: Data Filters Data filters control network access based on protocol, source/destination address, and source/destination port designation (for example, Transmission Control Protocol [TCP]/User Datagram Protocol [UDP] port designations) of the packet. The RAS 1500 supports Internet Protocol (IP) and Internetwork Packet Exchange (IPX)-related filters.
  • Page 222: Call Filters

    14: H HAPTER ANDLING ACKET Call Filters IP-Call filters are employed to screen outgoing calls for an ondemand user or a per interface basis. Filtering rules can comb source, destination, and host addresses, port numbers of TCP and UDP protocols, and Internet Control Message Protocol (ICMP) messages and protocols.
  • Page 223: Protocol Rules

    Protocol Sections A single filter file can contain protocol sections in any order, but sections cannot be repeated. The following conditions cause errors or prevent filtering: If you do not specify a protocol section in the filter file, no filtering will occur and packets of that protocol type will be accepted.
  • Page 224 14: H HAPTER ANDLING ACKET When a packet is filtered, an IP packet for example, the RAS 1500 parses each rule defined in the IP protocol section sequentially according to the line number. Filtering is performed based on the first occurring match. Without a match, the packet is accepted by default.
  • Page 225 Generic Filter Rules Generic filter rules are similar in format to protocol filter rules. The following shows the rule syntax. The following is the rule syntax: <line #> <verb> <keyword> <operator> origin = <DATA | FRAME>/ offset = <value>/length = <value>/mask = <hexadecimal value>/ value = <hexadecimal value>;...
  • Page 226: Creating Filter Files

    14: H HAPTER ANDLING ACKET Specifying the Filtering Action You can specify the filtering action for each protocol section that determines whether a packet is accepted or rejected if no match occurs with any of the rules defined in the section. To do so, enter one of the following values as the last rule line of the section: For example, the following entry would reject IP packets that did not match any of the rules defined in the IP protocol section:...
  • Page 227 3 Enter the protocol rules for the protocol section you are defining. Be sure to perform the following: Begin each rule with a unique line number (1-999). Arrange rules in increasing order within each protocol section. Arrange rules so that the rules you expect to be matched most frequently are at the top of the list.
  • Page 228: Configuring Filters

    14: H HAPTER ANDLING ACKET 8 Return to the CLI on the RAS 1500. The RAS 1500 does not recognize a filter file stored in its FLASH memory until you add it to the Managed Filter Table. Use the following command: add filter <name>...
  • Page 229: Interface Filters

    Configuring Filters To enable filter access for a specific interface, use the following command: set interface <rm0/slotx/mod:[1-4]> filter_access off Filter file changes take effect on an interface immediately when you issue the set interface command. The set switched interface and set modem_group commands can also be issued to turn filter access on or off.
  • Page 230: User Filters

    14: H HAPTER ANDLING ACKET Call Filters If a call filter is configured on an interface, all transmitted packets are checked against the filtering rules. The filtering rules determine whether the packet can initiate an outgoing call. Call filters are checked only after the packet has passed the output filter check.
  • Page 231: Assigning A Filter To An Interface

    Assigning a Filter to To configure input or output filters on a specified interface, use the an Interface following command. The default filter access setting (off) need not be set unless you have previously enabled filtering for a user. Use the following command: set interface <rm0/slot[1-2]mod:[1-4]>...
  • Page 232: Managing Filters

    14: H HAPTER ANDLING ACKET Managing Filters This section provides the following information about how to manage filters: When managing filters, if you edit an existing filter and do not first remove it from every interface or user profile for which it is configured and then reapply the new filter, the previously unedited version will still apply.
  • Page 233: Removing A Filter From An Interface

    To add a filter file to the list of managed filters, use the following command: add filter <filter_name> It is helpful to use list files to see files successfully stored in flash memory. Removing a Filter Removing a filter assigned to an interface is mandatory when editing it. from an Interface ““...
  • Page 234: Deleting A Packet Filter

    14: H HAPTER ANDLING ACKET Deleting a Packet To delete a specific packet filter, removing the filter file from the filter list Filter and permanently from FLASH memory, use the following commands: delete filter <filter_name> delete file <file_name> Verifying Filter File The verify filter command is useful if you make changes to a filter Syntax file that has already been added to the managed list and re-TFTP the file...
  • Page 235: General Filter Setup

    A description of each parameter follows. General Filter Setup This section describes the steps to configure a filter on the RAS 1500. 1 Create a filter using the filter rules described in the Creating Filters section. You may use an off-line editor and TFTP the file to the RAS 1500. For the purposes of this example, the input filter is named ras1500.fil.
  • Page 236: Filter Examples

    14: H HAPTER ANDLING ACKET Filter Examples This section provides specific filter examples. IP Packet Filter Rule This section briefly describes IP packet filtering options and provides rule Examples examples for each IP packet filtering capability. It includes the following topics: Source and Destination Address Filtering Source and destination address filtering is generally used to limit...
  • Page 237 The following rule example allows forwarding of IP packets with source address 192.077.100.032 and destination address 201.128.011.034: #filter 010 AND src-addr = 192.077.100.032; 020 ACCEPT dst-addr = 201.128.011.034; The following rule example limits a user to one host with an input filter: #filter IP:010 ACCEPT dst-addr = 143.134.45.56;...
  • Page 238 14: H HAPTER ANDLING ACKET The following rule example accepts only TCP packets that have a destination port number that is in the range of 24 to 39: #filter 010 AND tcp-dst-port > 23; 020 ACCEPT tcp-dst-port < 40; 030 DENY; The following rule example accepts only UDP packets that have a destination port number that is in the range of 24 to 39: #filter...
  • Page 239 Standard Port Numbers Table 60 lists standard port numbers for common services. For a complete list, see the most recent “Assigned Numbers” RFC. Table 60 Standard Port Numbers Description File Transfer Protocol (data) File Transfer Protocol (control) Telnet Simple Mail Transfer Protocol Who Is Domain Name Service Trivial File Transfer Protocol...
  • Page 240 14: H HAPTER ANDLING ACKET ILTERS IP and IPX-RIP Packet Filtering RIP packets identify all attached networks and the number of router hops required to reach them. These responses are used to update a router's routing table. Define IP/IPX-RIP filtering rules in the IP-RIP and IPX-RIP protocol sections of the filter.
  • Page 241 For example, to allow a packet to pass if it is advertised from the server named sales_1 and its socket number is less than 32, enter the following: #filter IPX-SAP: 010 ACCEPT server sales_1; 020 ACCEPT socket < 32 When applied to an input filter, the following example will permit SAP service type 04 and deny everything else from entering: #filter IPX-SAP:...
  • Page 242 14: H HAPTER ANDLING ACKET For example, to prevent vandals from changing your routing tables by sending ICMP redirects, enter the following: #filter 010 REJECT IP/IPX-Call Filtering You define IP/IPX-call filtering rules in the IP-CALL, IPX-CALL protocol sections of the filter file. Like the rules defined in the IP protocol section, the IP-CALL filtering rules compare the advertised source or destination network address, host address and port number, and values defined in the IP-CALL filter rules.
  • Page 243: Ras 1500 Global Filtering

    Filter Examples For example, to filter the host where login users initially connect to, enter the following: #filter LOGIN-ACCESS: 010 ACCEPT dst-addr = 187.243.71.54/24 This filter allows users on network 187.243.71.0 to access the configured host but rejects all others. RAS 1500 Global The RAS 1500 can filter packets globally traveling in and out of dial-up Filtering...
  • Page 244: Keywords

    14: H HAPTER ANDLING ACKET Global Switch to Filter Out All IP Options Sometimes IP options may be generated from an outside source in an attempt to get past routing tables in a network. The RAS 1500 provides a global feature to filter out all IP packets with IP options. By using the command below, you can discard all packets like this, which will create a SYSLOG message each time one of these packets is discarded.
  • Page 245 IP-RIP Section Keyword Description network IP network address IPX and IPX-CALL Section Keyword Description src-net source network address dst-net destination network address src-host source host address dst-host destination host address src-socket source socket number dst-socket destination socket number IPX-SAP Section Keyword Description network...
  • Page 246 14: H HAPTER ANDLING ACKET AppleTalk Call Section Keyword src-host dst-host src-node dst-node src-socket dst-socket generic AppleTalk RTMP Section Keyword network AppleTalk Zip Section Keyword zone-name ILTERS Description source host address destination host address source node address destination node address source socket number destination socket number field based on offset, length,...
  • Page 247: Configuring Dynamic Host Configuration Protocol

    This chapter contains the following information: Overview Dynamic Host Configuration Protocol (DHCP) allows a server to provide Internet Protocol (IP) information (including IP address, subnet mask, default gateway, Windows Internet Naming Service (WINS) server addresses, and lease duration) to a local area network (LAN) user or a remote dial-in user, when the user requests it.
  • Page 248: Scenario 1

    15: C HAPTER ONFIGURING YNAMIC ONFIGURATION ROTOCOL Acting as a DHCP server, the RAS 1500 receives and processes the requests for IP information and provides the IP information directly back to the client. Acting as a DHCP proxy, the RAS 1500 initiates a DHCP request to a DHCP server in behalf of the DHCP dial-in clients.
  • Page 249: Scenario 3

    Scenario 2 In this scenario, when a local user or dial-in user requests IP information, the RAS 1500, acting as a DHCP server, provides it. L A N local LAN users Figure 15 RAS 1500 as a DHCP server (local and dial-in users) Scenario 3 The following describes this scenario: When a local LAN user requests IP information, the DHCP server (not...
  • Page 250: Scenario 4

    15: C HAPTER ONFIGURING Scenario 4 The following describes this scenario: LAN 1 LAN 2 Figure 17 RAS 1500 as a proxy server (DHCP server on a different LAN) YNAMIC ONFIGURATION ROTOCOL When a local LAN 1 user requests IP information, the RAS 1500, acting as a proxy server, relays the request to the router.
  • Page 251: Scenario 5

    Overview Scenario 5 The following describes this scenario: When a local LAN 1 user requests IP information, the RAS 1500 A, acting as a proxy server, relays the request through the PSTN to the RAS 1500 B. The RAS 1500 B relays the request to the DHCP server on LAN 2.
  • Page 252: Configuring The Ras 1500 For Dynamic Host Configuration Protocol

    15: C HAPTER ONFIGURING Figure 18 Two RAS 1500s as proxy servers; each on a separate LAN Configuring the RAS 1500 for Dynamic Host Configuration Protocol DHCP Server Use the following steps to configure RAS 1500 to act as a DHCP server: 1 Set the IP address assignment mode.
  • Page 253: Dhcp Proxy Server

    set dhcp server lease [lease duration] c Set the primary and secondary DNS servers. set dhcp server dns1 [ip address] dns2 [ip address] d Set the primary and secondary WINS servers and default gateway. set dhcp server wins1 [ip address] wins2 [ip address] router [ip address of the default gateway] e Set the DHCP server host name and domain name.
  • Page 254: Configuring Udp Broadcast Forwarding

    15: C HAPTER ONFIGURING Configuring UDP To allow or disallow the RAS 1500 to forward UDP packets, use the Broadcast Forwarding following command: [enable | disable] ip udp_broadcast_forwarding For example, to enable UDP broadcast forwarding, use the following command: enable ip udp_broadcast_forwarding By default, UDP broadcast forwarding is disabled.
  • Page 255: Using Network Address Translation And Port Address Translation

    This chapter contains the following information: Overview Network Address Translation (NAT) and Port Address Translation (PAT) act as address translators between public and private networks. They allow users on a privately addressed network to access the public network. Use NAT if your Internet Service Provider (ISP) assigns you a public subnetwork.
  • Page 256 16: U HAPTER SING ETWORK NAT is either “dynamic” or “static.” The preceding example is dynamic and is depicted in the following diagram. (Figure 19 shows fewer addresses in the pool than in the preceding example.) When no users are attempting to access the public network, no addresses are assigned.
  • Page 257: Port Address Translation

    Figure 20 depicts static NAT. When a user attempts to access the public network, the private address of the user is assigned the public IP address defined in the table. Private 192.168.111.1 192.168.111.2 192.168.111.3 192.168.111.4 Figure 20 Static NAT Port Address PAT translates Internet Protocol (IP) addresses and User Datagram Translation Protocol (UDP) or Transmission Control Protocol (TCP) source port...
  • Page 258 16: U HAPTER SING ETWORK PAT is either “dynamic” or “static.” The preceding example is dynamic and is depicted in the following diagram. (Figure 21 shows fewer addresses in the pool than in the preceding example.) 192.168.111.3, 4444 Figure 21 Dynamic PAT Figure 22 depicts static PAT.
  • Page 259: Configuring Nat And Pat

    Configuring NAT and PAT Configuring Network Enabling and Disabling Users Address Translation To enable NAT for a user, use the following command: set network user <username> nat_option nat Example: set network user nat_user nat_option nat To disable NAT for a user, use the following command: set network user <username>...
  • Page 260: Configuring Port Address Translation

    16: U HAPTER SING ETWORK DDRESS RANSLATION AND DDRESS RANSLATION To add a static address assignment, use the following command: add nat static user <username> public_address <ip address> private_address <ip address> Example: add nat static user nat_user public_address 200.1.1.11 private_address 198.168.111.1 View NAT Settings and Mappings To show user settings, which includes its NAT settings: show user <username>...
  • Page 261 Configuring NAT and PAT Adding Dynamic and Static Address Assignments Unless you receive incoming connections from the public network, dynamic PAT does not need configuration beyond enabling a user and choosing PAT option. To add a static address assignment, use one of the following commands: add pat tcp user <username>...
  • Page 262: Case Studies

    16: U HAPTER SING ETWORK To list active PAT port mappings, use the following command: list pat user <username> port Case Studies This section contains one case study for NAT and one for PAT. NAT Case Study A private network with a RAS 1500 requires access to a public network. This access is across a PPP link with “ascend”...
  • Page 263 Static NAT is performed for 2 hosts on the private network. A dynamic public IP address translation pool is defined for other machines on the private network to be able to access the public network. 1 Set basic system settings. set system name RASCNTRL set command prompt RASCNTRL set system transmit_authentication_name RASCNTRL...
  • Page 264: Pat Case Study

    16: U HAPTER SING ETWORK 6 Configure NAT mappings. add nat dynamic user nat_user add nat static user nat_user private_address 192.168.111.106 add nat static user nat_user private_address 192.168.111.140 7 Enable the user. enable user nat_user 8 Save your work. save all PAT Case Study The following case study configures PAT on the RAS 1500, with 2 channel multilink PPP connected to the ISP with dial-on-demand and...
  • Page 265 4 Set the username and password for your ISP account. set network user pat_user transmit_authentication betty set network user pat_user send_password fred 5 Specify additional user settings. set network user pat_user ppp compression none set network user pat_user address_selection negotiate set network user pat_user default_route_option enable set network user pat_user ip_routing listen set network user pat_user nat_option pat...
  • Page 267: Ppp Over Serial Wan Port

    PPP O This chapter contains the following information about configuring the SuperStack II Remote Access System (RAS) 1500 to support Point-to-Point Protocol (PPP) over the serial wide area network (WAN) port. Overview The RAS 1500 supports a PPP connection over a leased line on its serial port.
  • Page 268: Case Study

    17: PPP O HAPTER ERIAL Figure 23 shows a typical PPP over leased line setup. L A N Figure 23 Typical PPP over leased line setup The RAS 1500 supports the following protocols through the WAN port. There are no settings on the RAS 1500, a different cable is used for each protocol.
  • Page 269: Ppp Over Serial Wan Port Case Study

    PPP Over Serial WAN Port Case Study Goals Assumptions Process The goals can be achieved with either a numbered IP link or an unnumbered link between the sites. Figure 24 shows a numbered link, and Figure 25 shows an unnumbered link. Figure 24 Numbered PPP over Serial WAN Port Link Connect the “main_office”...
  • Page 270 17: PPP O HAPTER ERIAL Figure 25 Unnumbered PPP over Serial WAN Port Link To configure the RAS 1500 in the Main Office, perform the following: If an IP network has been defined, configured, and enabled on the RAS 1500, steps 1 through 3 are not necessary. 1 Add an IP network.
  • Page 271 5 Configure the user routing parameters. set network user branch_office ip_routing both rip ripv1 6 Add the PPP datalink. add datalink ppp user <username> interface rm0/wan:1 Example: add datalink ppp user test interface rm0/wan:1 7 Configure authentication. set ppp receive_authentication pap set system transmit_authentication_name main_office 8 Save your work.
  • Page 272: Disabling Leased-Line Ppp On The Ras 1500

    17: PPP O HAPTER ERIAL 6 Configure authentication. set ppp receive_authentication pap set system transmit_authentication_name branch_office 7 Save your work. save all Disabling Leased-line To bring down the connection, issue the following command: PPP on the RAS 1500 disable datalink ppp interface rm0/wan:1 Viewing the Status of To view the status of the link, use the the Connection...
  • Page 273: Gmt Time

    GMT T Table 62provides Greenwich mean time (GMT) offset information for locations around the world. Table 62 Greenwich Mean Time Offset GMT Offset (Hours) -9.5 ONES GMT Offset in Local DST Change Summer (Local (Hours) Summer) Region Kwajalein American Samoa Canton Enderbury Islands Midway Island Niue Island...
  • Page 274 A: GMT T PPENDIX ONES Canada Mountain USA Mountain Belize Costa Rica El Salvador Guatemala Honduras Mexico Canada Central Easter Island Nicaragua USA Central Cayman Islands Colombia Ecuador Galapagos Islands Jamaica Panama Peru USA Indiana East Bahamas Canada Eastern Cuba Haiti Turks and Caicos Islands USA Eastern...
  • Page 275 -3.5 -2.5 Anguilla Antigua Argentina western prov Aruba Barbados Bolivia Bonaire British Virgin Islands Curacao Dominica Dominican Republic Grenada Grenadines Guadeloupe Leeward Islands Martinique Netherlands Antilles Nevis Montserrat Puerto Rico Saba St Christopher St Croix St John St Kitts Nevis St Lucia St Maarten St Thomas...
  • Page 276 A: GMT T PPENDIX ONES Brazil Atlantic Islands Cape Verde Azores Greenland Scoresbysun Ascension Burkina Faso Cote d'Ivoire Gambia Ghana Guinea Iceland Liberia Mali Mauritania Morocco Principe Island Sao Tome e Principe Senegal Sierra Leone St Helena Togo Canary Islands Channel Islands England Faroe Island...
  • Page 277 Albania Algeria Andorra Austria Balearic Islands Belgium Bosnia Hercegovina Croatia Czech Republic Denmark France Germany Gibraltar Hungary Italy Luxembourg Macedonia Mallorca Islands Malta Melilla Monaco Namibia Netherlands Norway Poland Portugal San Marino Slovakia Slovenia Spain Sweden Switzerland Vatican City Yugoslavia Botswana Burundi Lesotho...
  • Page 278 A: GMT T PPENDIX ONES Belarus Bulgaria Cyprus Egypt Estonia Finland Greece Israel Jordan Latvia Lebanon Lithuania Moldova Moldovian Rep Pridnestrovye Romania Russian Federation zone one Syria Turkey Ukraine Azerbajian Bahrain Djibouti Eritrea Ethiopia Kenya Kuwait Madagascar Mayotte Qatar Saudi Arabia Somalia Tanzania Uganda...
  • Page 279 5.75 10.5 Maldives Pakistan Turkmenistan Uzbekistan Kyrgyzstan Russian Federation zone four India Sri Lanka Nepal Bangladesh Bhutan Tajikistan Kazakhstan Russian Federation zone five Myanmar Cambodia Indonesia West Laos Thailand Vietnam Russian Federation zone six Australia Western Brunei China People's Rep Hong kong Indonesia Central Malaysia...
  • Page 280 A: GMT T PPENDIX ONES 10.5 11.5 12.75 Australia New South Wales Australia Victoria Australia Australian Captial Territory Australia Tasmania Russian Federation zone nine Australia Lord Howe Island Caroline Island New Caledonia New Hebrides Ponape Island Solomon Islands Russian Federation zone ten Vanuatu Norfolk Island Fiji...
  • Page 281: Echnical Specifications

    This chapter contains information about Technical Specifications for the RAS 1500. Certification United States FCC Part 15 Compliance Statement This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
  • Page 282: For More Information

    B: T PPENDIX ECHNICAL SPECIFICATIONS For More Information If these suggestions do not help, you might consult the following booklet: Interference to Home Electronic Entertainment Equipment Handbook You can order the booklet from the U.S. Government Printing Office, Washington, DC 20402. Ask for stock number 004-000-00498-1. Analog V.34 Model: This equipment complies with Part 68 of the FCC rules concerning: FCC Part 68...
  • Page 283: Physical Dimensions

    BRI U Model This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the radio interference regulations of Industry Canada (formerly the Canadian Department of Communications). Le present appareil numerique níemet pas de bruits radioelectriques depassant les limites applicables aux appareils numeriques de la classe A prescrites dans le Reglement sur le brouillage radioelectrique edicte par líIndustrie Canada (anterieurement le ministre des Communications).
  • Page 284 B: T PPENDIX ECHNICAL SPECIFICATIONS WAN Interface - Cabling Specifications FireWire Wire Type: 10 Mbps: CAT 3 or CAT 5 twisted pairs 100 Mbps: CAT 5 twisted pairs Max. Cable Distance: 100 meters (328 ft.) suggested maximum. Longer cabling may be used at the expense of reduced receiver squelch levels.
  • Page 285: Power Requirements

    Power Requirements Voltage (VDC) The 5 and 3.3 VDC outputs “power-share.” Since the maximum power output of the 12 VDC supply is 30 W, the remaining 40 W is shared between the 3.3 and 5 VDC supplies. If no load in 3.3 V and 12 V limited to 0.6 A, then 5 V can deliver 12 A.
  • Page 287: C Technical Support

    3Com FTP Site Download drivers, patches, software, and MIBs across the Internet from the 3Com public FTP site. This service is available 24 hours a day, 7 days a week. ECHNICAL UPPORT...
  • Page 288: 3Com Bulletin Board Service

    U.K. U.S.A. Access by Digital Modem ISDN users can dial in to the 3Com BBS using a digital modem for fast access up to 64 Kbps. To access the 3Com BBS using ISDN, use the following number: 1 847 262 6000 Hostname: ftp.3com.com...
  • Page 289: 3Comfacts Automated Fax Service

    3ComFacts The 3ComFacts automated fax service provides technical articles, diagrams, Automated Fax and troubleshooting instructions on 3Com products 24 hours a day, 7 days Service a week. Call 3ComFacts using your Touch-Tone telephone: 1 408 727 7021 Support from Your If additional assistance is required, contact your network supplier.
  • Page 290 AT&T +800 666 5065 Brazil 0800 13 3266 Chile 1230 020 0645 Colombia 98012 2127 North America 1 800 NET 3Com (1 800 638 3266) Country Telephone Number P.R. of China 10800 61 00137 or 021 6350 1590 Singapore 800 6161 463 S.
  • Page 291: Returning Products For Repair

    Returning Products Before you send a product directly to 3Com for repair, you must first for Repair obtain a Return Materials Authorization (RMA) number. Products sent to 3Com without RMA numbers will be returned to the sender unopened, at the sender’s expense.
  • Page 293: Index

    NDEX Numbers 2100 Hz answer tone disable 139 enable 139 3Com bulletin board service (3Com BBS) 286 3Com URL 285 3ComFacts 287 56 kbps technology 151 accounting server RADIUS 195 settings 195 adding network services 163 address pools configuring 72...
  • Page 294 NDEX exiting 162 Quick Setup 24 command line interface. See CLI committed burst size 203 committed information rate 203 communicating with remote and local sites 161 configuration frame relay 206 congestion control 203 congestion monitoring period 203 congestion notifications 203 connect speed maximum 140 minimum 140...
  • Page 295 forward explicit congestion notifications 203 frame relay Bc 203 BECN 203 BECN_CMP 203 CIR 203 configuration 206 congestion control 203 datalink configuration 208 DCLI 202 LMI 203 PVC 202 PVC statistics 211 Tc 204 troubleshooting 211 GMT offset displaying 194 setting 194 GSTN clear down 146 help...
  • Page 296 202 system information displaying 173 system settings viewing 172 Tc 204 technical support 3Com URL 285 bulletin board service 286 fax service 287 network suppliers 287 product repair 289 Telnet case study 67 setting port for login user 121...
  • Page 297 NDEX V.90 151 Windows 95 Dial Up Networking 89 World Wide Web (WWW) 285 X.75 152...
  • Page 298 NDEX...
  • Page 299 If it appears that any product that is stated to meet this standard does not perform properly with regard to such date data on and after January 1, 2000, and Customer notifies 3Com before the later of April 1, 2000, or ninety (90) days after purchase of the product from 3Com or its authorized reseller, 3Com shall,...
  • Page 300 OVERNING 3Com shall not be responsible for any software, firmware, information, or memory data of Customer contained in, stored on, or integrated with any products returned to 3Com for repair, whether under warranty or not. Telephone Support, with coverage for basic troubleshooting only, will be provided for ninety (90) days, on a commercially reasonable efforts basis.

This manual is also suitable for:

Remote access system 1500

Table of Contents