Page 1 ORKGROUP EMOTE CCESS WITCH ’ UIDE Release 7.2 Cabletron Systems (603) 332-9400 phone (603) 337-3075 fax support@ctron.com...
Page 2 You may post this document on a network server for public use as long as no modifications are made to the document. Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made.
Page 3: Fcc Notice
All other product names mentioned in this manual are trademarks or registered trademarks of their respective companies. COPYRIGHTS All of the code for this product is copyrighted by Cabletron Systems, Inc. © Copyright 1991-1997 Cabletron Systems, Inc. All rights reserved. Printed in the United States of America.
Page 4 CABLETRON SYSTEMS, INC. PROGRAM LICENSE AGREEMENT IMPORTANT: Before utilizing this product, carefully read this License Agreement. This document is an agreement between you, the end user, and Cabletron Systems, Inc. ("Cabletron") that sets forth your rights and obligations with respect to the Cabletron software program (the "Program") contained in this package.
Page 5: Table Of Contents
Safety Considerations 36 System Platforms 37 The CSX1000 and NE Link 1000 (a Network Express Product) 37 Platform Description 38 System Characteristics 40 The CSX1200 42 Platform Description 43 System Characteristics 43 Cabling Information 44 LAN Access 44 Back-to-Back Setup 45...
Page 6 Northern Telecom DMS100 NI-1 Service 60 Northern Telecom DMS100 Custom Service 61 Basic Information for Ordering PRI ISDN Lines 61 Hardware Installation 63 Pre-Installation Requirements 63 Installing the CSX1200-E11-MOD 64 Installing the CSX1200-U4-MOD 65 Cabling 66 Accessing the CyberSWITCH 67 Overview 67...
Page 7 Internet Protocol (IP) Option 102 Enabling IP 102 IP Option Configuration Elements 103 IP Background Information 103 IP Operating Mode 103 Configuring the IP Operating Mode 103 IP Operating Mode Configuration Elements 104 IP Operating Mode Background Information 104 Workgroup Remote Access Switch...
Page 8 USER’S GUIDE IP Network Interfaces 105 Configuring Interfaces 105 Network Interface Configuration Elements 107 IP Network Interface Background Information 112 IP RIP and the IP Network Interfaces 117 IP RIP over Dedicated Connections 120 IP Host Operating Mode and the IP Network Interfaces 122 Using Multiple IP Addresses 122 Static Routes 124 Configuring Static Routes 124...
Page 9 Off-node Device Database Location Background Information 175 Configuring User Level Databases 176 Overview 176 User Level Authentication Database Location 176 Configuring Authentication Database Location 176 User Level Authentication Database Location Configuration Elements 177 User Level Authentication Database Location Background Information 177 Workgroup Remote Access Switch...
Page 10 USER’S GUIDE Configuring Off-node Server Information 178 Overview 178 Multiple Administration Login Names 178 VRA Manager Authentication Server 179 Configuring VRA Manager Authentication Server 179 VRA Manager Authentication Server Configuration Elements 180 VRA Manager Authentication Server Background Information 180 RADIUS Authentication Server 180 Configuring a RADIUS Authentication Server 180 RADIUS Authentication Server Configuration Elements 182 RADIUS Authentication Server Background Information 182...
Page 11 Example: Bridge Dial Out Using a Destination MAC Address Filter 233 Known Connect List 235 Configuring the Known Connect List 235 Using CFGEDIT 235 Known Connect List Configuration Elements 236 Known Connect List Background Information 236 Workgroup Remote Access Switch...
Page 12 USER’S GUIDE Configuring Advanced IP Routing 237 Overview 237 Static ARP Table Entries 238 Configuring Static ARP Table Entries 238 Static ARP Table Entries Configuration Elements 238 Static ARP Table Entries Background Information 238 The Isolated Mode 239 Configuring the Isolated Mode 239 Isolated Mode Configuration Elements 239 Isolated Mode Background Information 239 Static Route Lookup via RADIUS 239...
Page 13 Configuring IPX Isolated Mode 289 IPX Isolated Mode Configuration Elements 289 IPX Isolated Mode Background Information 290 IPX Triggered RIP/SAP 290 Displaying WAN Peer List 290 Configuring Triggered RIP/SAP Global Timers 291 Configuration Elements 291 Triggered RIP/SAP Background Information 292 Workgroup Remote Access Switch...
Page 14 USER’S GUIDE IPX-Specific Information for Devices 292 Configuring IPX Devices 292 WAN Devices 292 Remote LAN Devices 295 IPX Configuration Elements for Devices 296 IPX Background Information for Devices 297 IPX Triggered RIP/SAP Device Background 297 Configuring SNMP 298 Overview 298 Configuring SNMP 298 SNMP Configuration Elements 300 SNMP Background Information 301...
Page 15 Log Options Background Information 339 Local Log File Overview 339 Syslog Server Overview 339 CDR Log Report Overview 340 Compression Options 345 Configuring Compression Options 345 Compression Options Configuration Elements 345 Compression Options Background Information 346 Compression and CCP 347 Workgroup Remote Access Switch...
Page 16 USER’S GUIDE TFTP 348 Configuring TFTP 348 TFTP Configuration Elements 349 TFTP Background Information 349 File Attributes 350 Configuring File Attributes 350 File Attributes Configuration Elements 350 File Attributes Background Information 350 ROUBLESHOOTING System Verification 353 Overview 353 Verifying Hardware Resources are Operational 353 Verifying WAN Lines are Available for Use 354 Verifying LAN Connection is Operational 354 Verifying Bridge is Initialized 355...
Page 17 IP Routing Over a WAN Interface Connection 393 IP Routing Over a WAN (Direct Host) Interface Connection 394 IP Routing Over a WAN RLAN Interface Connection 395 IP Routing Over a WAN UnNumbered Interface Connection 396 IP Filters 396 Workgroup Remote Access Switch...
Page 18 Local Area Network LED Indicators 418 WAN LED Indicators 418 BRI LED Indicators 418 PRI LED Indicators 419 LANVIEW LEDs (CSX1200-E11-MOD) 420 NT1 Status LEDs (CSX1200-U4-MOD only) 421 Service Indicator 422 Service Indicator Remains Lit 422 Service Indicator Blinks 423 Alarm LEDs (PRI Only) 424...
Page 19 System Commands 513 Overview 513 Accessing Administration Services 513 Setting the IP Address 514 Boot Device Commands 514 Accessing Dynamic Management 515 Viewing Operational Information 515 Viewing Throughput Information 520 Throughput Monitor Contents 521 Saving Operational Information 521 Workgroup Remote Access Switch...
Page 20 USER’S GUIDE Clearing Operational Information 522 Configuration-Related Commands 522 Restarting the CyberSWITCH 523 Setting the Date and Time 523 File Utility Commands 523 Terminating Administration Sessions 524 AppleTalk Routing Commands 525 Bridge Commands 530 Call Control Commands 531 Call Detail Recording Commands 534 Call Restriction Commands 534 Compression Information Commands 535 DHCP Commands 535...
Page 21 Routine Maintenance 597 Overview 597 Installing/Upgrading System Software 597 Executing Configuration Changes 597 Configuration Files 597 Making Changes Using CFGEDIT 597 Making Changes Using Manage Mode 598 Configuration Backup and Restore 598 Obtaining System Custom Information 598 Workgroup Remote Access Switch...
Page 22 Overview 608 Main Menu 608 Physical Resources Menu 609 Options Menu 610 Security Menu 613 Getting Assistance 616 Reporting Problems 616 Contacting Cabletron Systems 616 Administrative Console Commands Table 618 Manage Mode Commands Table 625 Cause Codes Table 629 NDEX CyberSWITCH...
Page 23: Using This Guide
SING THIS UIDE The User’s Guide is divided into the following parts: YSTEM VERVIEW We begin with an overview of bridging, routing, and specific CyberSWITCH features. Next, we provide an overview for both the system software and hardware. YSTEM NSTALLATION In this section of the User’s Guide we provide guidelines for ordering ISDN service in the US, and a step-by-step description of installing hardware and upgrading software.
Page 24: Documentation Set
This appendix provides information for getting assistance if you run into problems when installing your system. A FAX form is included. You can print this form, fill out the information requested, and FAX it to Cabletron Systems, using the provided FAX number. DMINISTRATION ONSOLE Provides a tabular listing of the system administration console commands and their uses.
Page 25: Guide Conventions
All references to CyberSWITCH documentation titles will use the same font as normal text, but will be italicized. For example, all references to the User’s Guide will appear as: User’s Guide Configuring Off-node Server Information. Workgroup Remote Access Switch SING THIS UIDE Guide Conventions...
Page 26: System Overview
YSTEM VERVIEW We include the following chapters in the System Overview segment of the User’s Guide. • The CyberSWITCH Provides the “big picture” view of a CyberSWITCH network. We include an overview of unique system features, interoperability, security, interfaces, system components, remote devices, and switches supported.
Page 27: The Cyberswitch
With ISDN services, the costs of LAN interconnection are based on actual usage — the user gets the bandwidth of dedicated digital service at dial-up prices. Our products offer internetworking solutions for small businesses as well as large corporations. SWITCH N YBER ETWORK This particular CyberSWITCH model consists of an embedded communications platform.
Page 28: Unique System Features
As network bandwidth requirements increase or decrease, the system will CyberSWITCH File Server Host CSX5500 ISDN Workstation (with BRI ISDN TA) CSX1200 WORKGROUP REMOTE ACCESS SWITCH B-CHANNELS E1 ONLY B9 B11 B13 B15 B17 B19 B21 B23 B25 B27...
Page 29 Connection Filter, which determines if an IP packet requiring a WAN connection may con- tinue. • Packet Capture In order to monitor incoming LAN data, the CyberSWITCH packet capture feature will allow you to capture, display, save, and load bridged or routed data packets. YBER Unique System Features Workgroup Remote Access Switch SWITCH...
Page 30: Interoperability Overview
USER’S GUIDE • Protocol Discrimination It is possible for multiple types of remote devices to use the same line. The system can determine the device type and the protocol encapsulation used by remote devices. • RS232 Port: Dual Usage If your installation requires you to process PPP-Async data, this feature allows you to use the RS232 port for either console access or a serial data connection.
Page 31: Interoperability Devices
IPX routers use the Internetwork Packet Exchange (IPX) protocol, typical of the NetWare environment. AppleTalk routers route AppleTalk datagrams based on address information. They support the following protocols: RTMP, NBP, and ZIP. YBER Interoperability Overview Workgroup Remote Access Switch SWITCH...
Page 32: Security Overview
USER’S GUIDE ECURITY VERVIEW The system provides several options for validating remote devices and for managing network security. The security options available are dependent on the remote device type, type of access, and the level of security required. Levels of security include no security, device level security, user level security, and multi-level security.
Page 33: System Components
More detailed descriptions of system software and hardware are included in the next two chapters. The following section describes remote ISDN devices. Host 192.1.1.3 Router (or Host) ISDN Interface 192.1.1.1 RLAN Interface 100.1.1.1 WORKGROUP REMOTE ACCESS SWITCH B-CHANNELS E1 ONLY B9 B11 B13 B15 B17 B19 B21 B23 B25 B27 POWER SERVICE 10BASE-T...
Page 34: Remote Isdn Devices
USER’S GUIDE ISDN D EMOTE EVICES The CyberSWITCH provides a centralized concentrator function for remote ISDN devices. The devices can be separated into the following categories: • remote ISDN bridge devices • PC based terminal adapters • ISDN enabled workstations •...
Page 35: Switches Supported
NET3 NET5 NT DMS 100 NT DMS 250 NT SL-100 NI-1 TS013 TS014 1TR6 Switch support may vary from country to country. Use the following as a guideline: Country Australia Germany Japan United States International Basic Rate Primary Rate Switches supported...
Page 36: Hardware Overview
ARDWARE VERVIEW The CyberSWITCH is an embedded communications platform. It uses a flash file system (instead of a hard disk) and a two-stage boot device to initialize the platform and download system software. System software is preconfigured to allow immediate connection via a Local Area Network (LAN) or Wide Area Network (WAN) with Telnet and/or TFTP access.
Page 37: System Platforms
CAUTION FOR CONTINUED PROTECTION AGAINST RISK OF FIRE, REPLACE ONLY WITH SAME TYPE AND RATING OF FUSE. 10Base-T The NE Link 1000 B8 Workgroup Remote Access Switch ARDWARE VERVIEW System Platforms RODUCT # Connections two connections two connections four connections...
Page 38: Platform Description
The unit’s ON/OFF switch is located in the upper right corner of the back panel. Directly below this switch are the AC power input and fuse box. Note that the unit requires a 250V, 5 x 20 mm time- lag fuse rated at 1.6 amps. The back panel also provides connectors for WAN and LAN access, as well an RS232 port for an administration console.
Page 39 1000 platform is at the end of the line, so these DIP switches must be ON to provide proper termination. In a Point-Multipoint connection, DIP switch settings are dependent upon the physical configuration of the line. If the 1000 platform is at the end of the line, the terminating resistors should be activated (DIP switches ON).
Page 40: System Characteristics
USER’S GUIDE Refer to the following figure, which illustrates a BRI Point-Multipoint configuration. 1 2 3 4 WORKGROUP REMOTE ACCESS SWITCH LINE POWER SERVICE 10BASE-T CH-1 CH-2 SYNC D-CH (Terminating resistor ON; end of the line) YSTEM HARACTERISTICS Physical Characteristics:...
Page 41 Meets or exceeds the following: Safety: EMI: UL 1950, CSA C22.2 No. 950, EN 60950, IEC 950, and 72/23/EEC FCC Part 15, EN 55022, CSA 108.8, EN 50082-1, VCCI V-3, and 89/336/EEC Workgroup Remote Access Switch ARDWARE VERVIEW System Platforms...
Page 42: The Csx1200
The following table summarizes the CSX1200 platform options. Model CSX1201 CSX1204 CSX1223 The platform shown below is the PRI version of the CSX1200 (the CSX1223). Note that all CSX1200’s back panels have two slots for future WORKGROUP REMOTE ACCESS SWITCH SLOT 1 CyberSWITCH...
Page 43: Platform Description
The CSX1200 is based on the NE Link 1000 platform with two major additions. The NE Link 1000 is available only with a BRI interface, whereas the CSX1200 is available with either a BRI or a PRI interface. Also, unlike the NE Link 1000, the CSX1200 includes two slots for user installed add-on modules.
Page 44: Cabling Information
USER’S GUIDE Electrical Characteristics Voltage: Frequency: Fuse: Power: Note: Main circuit card fuse labeled F1 is rated at 0.5A 63V. This fuse protects the 12V AUI circuitry on the main board. This fuse is a factory serviceable item only. Regulatory Compliance Meets or exceeds the following: Safety: EMI:...
Page 45: Back-To-Back Setup
Signal Function Transmit + Transmit - Receive + No Connect No Connect Receive - No Connect No Connect Ethernet 10Base-T Crossover Patch Cord wht/ora ora/wht wht/blu blu/wht wht/grn grn/wht wht/brn brn/wht Workgroup Remote Access Switch ARDWARE VERVIEW System Platforms 12345678...
Page 46: Wan Access
USER’S GUIDE WAN A CCESS Since the CyberSWITCH is a factory-customized product, there is no need to install specific adapter boards in order to access the WAN. Connections for the internal BRI interface are made at the sys- tem’s back panel. On the B2, a basic rate line will connect to the RJ-45 connector labeled 1. On the B4, up to two basic rate lines will connect to the ports labeled 1 and 2.
Page 47: Administration Console Access
For informational purposes, the pin list for the console follows: Pin and Signal Assignment for the RS232 Connector(s) Signal Function Carrier Detect Receive Data Transmit Data Data Terminal Ready Ground Data Set Ready Request to Send Clear to Send Ring Indicator Workgroup Remote Access Switch ARDWARE VERVIEW System Platforms...
Page 48: The Csx1200-E11-Mod
YSTEM ODULES CSX1200-E11-MOD The CSX1200-E11-MOD is an internal 11 port Ethernet hub option card for the CSX1200 family. The CSX1200-E11-MOD is available for both the BRI (CSX1201, CSX1204) and PRI (CSX1223) models. The CSX1223 is shown below. WORKGROUP REMOTE ACCESS SWITCH SLOT 1 The internal hub addition provides affordable LAN device connectivity.
Page 49: System Modules
The hub is equipped with LANVIEW LEDs. These LEDs are comprised of three types: receive, link, and collision. Refer to the LED Indicators For installation instructions refer to the SLOT 2 10Base-T CONSOLE Connectivity chapter for further information. Hardware Installation chapter. Workgroup Remote Access Switch ARDWARE VERVIEW System Modules...
Page 50: The Csx1200-U4-Mod
North America, since North American telephone companies typically do not provide the needed U-interface conversion. The CSX1200-U4-MOD performs the function of an external NT1, and is available for the BRI (1201, 1204) CSX1200 models. Below, we show the module installed in a CSX1223.
Page 51: Software Overview
OFTWARE VERVIEW VERVIEW The CyberSWITCH software provides: • system software for the CyberSWITCH, LAN and WAN interfaces, and administration functions • system files containing configuration and operational information This chapter provides an overview for each of the above software categories. YSTEM SOFTWARE Included with each CyberSWITCH is a CD containing upgrade software and utility software.
Page 52: Operational Files
USER’S GUIDE node.nei This configuration file contains node-specific information like resources, lines, CyberSWITCH operating mode and security options, along with the Throughput Monitor Configuration information. If enabled, SNMP configuration information is also in this file. lan.nei This file contains configuration information used when the bridge is enabled. This file also contains information for the Spanning Tree protocol used for the bridge.
Page 53: User Level Security Files
This file contains the text of the administrator-defined welcome banner. It is displayed when a user initiates a network login. motd.nei This file contains the text for the administrator-defined message of the day. It is displayed when the user is validated after log-in. OFTWARE System Files Workgroup Remote Access Switch VERVIEW...
Page 54: System Installation
YSTEM NSTALLATION We include the following chapters in this segment of the User’s Guide: • Ordering ISDN Service Provides guidelines for ordering ISDN service in the United States. • Hardware Installation Step-by-step instructions for installing hardware components. • Accessing the CyberSWITCH Provides a description of the possible ways to access the CyberSWITCH (for diagnostic purposes, or for software upgrade).
Page 55 Workgroup Remote Access Switch...
Page 56: Ordering Isdn Service (Us Only)
When the phone company installs the line, they assign it certain characteristics. These are different depending on the type of ISDN switch to which the line is attached. AT&T’s 5ESS NI-1 and Northern Telecom’s DMS100 NI-1 are among the most popular.
Page 57: Provisioning Settings For At&T 5Ess Switches
If the AT&T 5ESS switch type is available, the ISDN services available will be one of the following: • NI-1 • Custom Point-to-Point If Northern Telecom DMS-100 switch type is available, the ISDN services available will be one of the following: •...
Page 58: At&T 5Ess Ni-1 Service
USER’S GUIDE AT&T 5ESS NI-1 S ERVICE Note that some of the elements below are set per directory number. With NI-1 Service, you will typically have two directory numbers. Provisioning Element CyberSWITCH AT&T # 5ESS NI-1 Service Setting Term Type CSV ACO unrestricted CSV limit...
Page 59: At&T 5Ess Custom Point-To-Point Service
Provisioning Element Ordering BRI ISDN Lines using Provisioning Settings OINT ERVICE AT&T Custom Point-to-Point Service Setting Term Type CA quantity CSV CHL CSV limit CSD CHL CSD limit DSL CLS Workgroup Remote Access Switch ISDN S (US O RDERING ERVICE...
Page 60: Provision Settings For Northern Telecom Dms-100 Switches
USER’S GUIDE ROVISION ETTINGS FOR ORTHERN The ISDN services supported by Northern Telecom DMS-100 switches are as follows (in order of preference of usage): NI-1 Custom Service The sections below provide the settings for each DMS-100 service type. Note that your service provider may not be able to offer all of the features listed.
Page 61: Northern Telecom Dms100 Custom Service
Ordering BRI ISDN Lines using Provisioning Settings ERVICE Setting functional dynamic 3 is preferable 1-64 is acceptable EKTS ISDNKSET functional PRI ISDN L INES Workgroup Remote Access Switch ISDN S (US O RDERING ERVICE...
Page 62 When the phone company installs the line, they assign it certain characteristics (sometimes called translations). These are different depending on the type of ISDN switch to which the line is attached. The customer must know what type of switch is being used.
Page 63: Hardware Installation
ARDWARE NSTALLATION NSTALLATION EQUIREMENTS Before you begin the installation process, be sure to: • Choose a suitable setup location Make sure the location is dry, ventilated, dust free, static free, and free from corrosive chemicals • Verify system power requirements The appropriate standard power cord is supplied with the system.
Page 64: Installing The Csx1200-E11-Mod
E11 and observe all antistatic precautions during this procedure. Failure to do so could result in damage to the CSX1200, E11, or both. The E11 can be installed in either of the two slots at the top, rear of the CSX1200 chassis. To install the E11: Power down the CSX1200.
Page 65: Installing The Csx1200-U4-Mod
U4 and observe all antistatic precautions during this procedure. Failure to do so could result in damage to the CSX1200, U4, or both. The U4 can be installed in either of the two slots at the top, rear of the CSX1200 chassis. To install the U4: Power down the CSX1200.
Page 66: Cabling
Note that the module consists of four pairs of numbered RJ45 ports; you must properly connect the CSX1200 BRI ports to the corresponding U4 S/T interface ports of each pair on the module. We provide four 6-inch, category 5, twisted-pair cables (with RJ45 connectors) for this purpose: Using the twisted-pair cables, connect BRI port 1 to the S/T interface port labelled number 1, BRI port 2 to S/T interface port number 2, and so on.
Page 67: Accessing The Cyberswitch
X-Modem communications capability (required for software upgrade only) • has ASCII transfer capability (required for SSB recovery) Any computer or terminal that meets these requirements and connects to the administration port on the system can operate as an administration console. SWITCH YBER...
Page 68: Changing The Baud Rate
USER’S GUIDE Using the provided RS232 null modem cable, attach an administration console to the system. The administration port is a 9-pin, male RS232 serial adapter as shown below: BRI (Termination switches behind plate; see diagram Connect one end of a null modem cable to the console port on the CyberSWITCH, and the other end to the communication port on the PC.
Page 69: Remote Connection Using Telnet
Refer to information for the COMMPORT COMMPORT Resource to change defaults. ELNET Session. Remote Management ODEM for additional information. Refer to Workgroup Remote Access Switch SWITCH CCESSING THE YBER Making Connections chapter. Resources and the background Configuring Changes for a...
Page 70: Establishing An Administration Session
USER’S GUIDE STABLISHING AN DMINISTRATION If a login prompt is displayed after the power-on initialization, the system software was preinstalled. Complete the login: The login controls which class of commands the user can access. Each access level (guest or administrator) is protected by a unique login password. This allows managers to assign different responsibility levels to their system users.
Page 71 RS232 port connected to the system. Turn on the system by pressing the POWER-ON switch located on the back of the machine. The power light emitting diode (LED) on the front panel confirms the power supply is functioning properly.
Page 72: Accessing The Release Notes
REL_NOTE.TXT | more For example, if your CD-ROM is designated as drive D, the platform you are installing is a CSX1200, you are using US ISDN standards, and have purchased the IPX option, you would use the following path: D:\CSX1200\US\IPX> type REL_NOTE.TXT | more The release notes located on the system’s FLASH file system are also in a file called...
Page 73: Upgrading System Software
To perform a remote upgrade refer to the section titled grade is performed over the network using Telnet and TFTP). For countries other than Japan, upgrade files are located on the CSX1200 CD. Refer to the immedi- ately following section for CD file structure information.
Page 74 IP/IPX software option, use the files found in the \CSX1223\US\ipipx di- rectory. • If you are installing a CSX1204 using a NET3 international switch, and have purchased the IP, IPX, AppleTalk and Frame Relay options, use the files found in the \CSX1204\intnet3\ipipx- at.fr directory.
Page 75 \ipipxat.pkt \ipipx.pkt \ipipxat.x25 csx1204\int1tr6\ipipx \ipipx.fr \ipipx.x25 \ipipxat \ipipxat.fr \ipipxat.pkt \ipipx.pkt \ipipxat.x25 csx1204\intts013\ipipx \ipipx.fr \ipipx.x25 \ipipxat \ipipxat.fr \ipipxat.pkt \ipipx.pkt \ipipxat.x25 csx1223\us\ipipx \ipipx.fr \ipipx.x25 \ipipxat \ipipxat.fr \ipipxat.pkt \ipipx.pkt \ipipxat.x25 csx1223\intnet5\ipipx \ipipx.fr \ipipx.x25 \ipipxat \ipipxat.fr \ipipxat.pkt \ipipx.pkt \ipipxat.x25 Workgroup Remote Access Switch OFTWARE...
Page 76: Local Software Upgrade
If you choose to install this CD information onto your hard drive, it will be placed under the following base directory: ([drive]:\Program Files\Cabletron Systems, Inc.\) Note that these files will be specific to the configuration options you choose during installation.
Page 77: Local Upgrade Of The Operational Software (Osw)
To remotely upgrade the system, you are required to have a PC/workstation that is connected to the system’s network. It must have the following features: • ability to read CDs • TELNET client • TFTP client (OSW) OFTWARE autobaud Workgroup Remote Access Switch PGRADING YSTEM OFTWARE Upgrading Software boot device command to...
Page 78: Remote Upgrade Of The Second Stage Boot (Ssb)
USER’S GUIDE To perform a remote upgrade, first upgrade to the latest SSB, if required, then upgrade the OSW. The Release Notes will indicate whether or not the SSB needs to be upgraded. Note: If, during a remote upgrade, the compressed file set cannot be uncompressed into the Flash File System due to a lack of space, the compressed file set will not be deleted from the Flash File System and the previous version of the OSW will be booted.
Page 79: Remote Upgrade Of The Operational Software (Osw)
Make sure that the recover file that you are using is correct. Delete, Recover, and reTFTP if necessary. Hardware failure in the boot device. Contact your distributor immediately for a replacement. The SSB has been successfully updated. (OSW) OFTWARE Workgroup Remote Access Switch PGRADING YSTEM OFTWARE Upgrading Software...
Page 80: Change Defaults To Secure System
USER’S GUIDE If you experience a problem transferring the file with TFTP, wait about three minutes for the TFTP to fail, delete the incomplete file, and try again. Using Telnet, reboot the system by issuing the command: restart It should take approximately 3 minutes for the system to restart and install the upgrade. Login via Telnet and type the ver command to confirm that the system software upgraded correctly.
Page 81: Return Configuration To Factory Defaults
ETURN ONFIGURATION TO The default configuration files are located on the CSX1200 CD. If you wish to return to the default configuration, download the DEFLTCFG.OSW file. Follow the same steps for Local or Remote Upgrade except download the file DEFLTCFG.OSW instead of the UPGRADE.OSW file.
Page 82: Basic Configuration
ASIC ONFIGURATION We define basic configuration as the configuration needed by most users. Basic configuration will get your system up and running. Note that not all configuration steps in this part are required. For example, if you are only using bridging, you will have no need to complete the configuration steps included in Configuring Basic IP Routing.
Page 83: Configuration Tools
ONFIGURATION VERVIEW We provide the following configuration tools to set up and/or alter your configuration: • CFGEDIT, the configuration utility • Manage Mode, the dynamic management utility Your CyberSWITCH is shipped with a configuration files provide basic functions which will allow you to perform initial installation tests with no additional configuration.
Page 84: Saving Cfgedit Changes
USER’S GUIDE As long as there is no other “change” session active (CFGEDIT or Manage Mode), access is granted, and the following menu is displayed: Main Menu: 1) Physical Resources 2) Options 3) Security 4) Save Changes Select function from above or <RET> to exit: From this screen you will begin the configuration process.
Page 85: Utility Dynamic Management Commands
Dynamic Management command since the last commit was performed. To return to the normal operating mode after you have committed your changes, issue the following command: MANAGE> exit OMMANDS HANGES Workgroup Remote Access Switch ONFIGURATION OOLS Dynamic Management...
Page 86: Default Configuration
USER2 configured as PPP device (USER2 as secret) IP address 002.002.002.003 • Single BRI line and resource configured on country-specific basis (for BRI platforms): JAPAN: Point-Multipoint Automatic TEI Switch type: NTT INS EUROPE: Point-Multipoint Automatic TEI Switch type: NET3 (default country code: Norway) U.S.:...
Page 87: Using The Configuration Chapters
A brief outline of the configuration procedure using Manage Mode (if applicable). A definition of each configuration element. Background feature information providing a more detailed explanation of the feature. HAPTERS of the configuration utility CFGEDIT. Workgroup Remote Access Switch ONFIGURATION OOLS Using the Configuration Chapters...
Page 88: Configuring Resources And Lines
Physical Resources may or may not be configurable, depending upon the country of operation. The WAN resource, Ethernet resource and Serial resource (COMMPORT) are preinstalled and preconfigured on all systems. However, switch type selection is country-dependent. Refer to the country or switch type descriptions below.
Page 89 For all others (International configurations other than Japan, US, 1TR6, TS013 and TS014 users): The default switch type is NET3 (or NET5 for primary rate). You must specify the region and then country in which the switch is to operate. Select Resources to display the following:...
Page 90: Resource Configuration Elements
For the NET3 and NET5 switchtypes. The country in which the system is operating. ENERIC UMBER For PRI_4ESS primary rate switch type only. The software load (generic # ) the switch is running. YNCHRONIZATION For Primary adapters only. Every framed transmission line requires a clock source from which it must derive the appropriate bit timing and channel timing relative to the start of a frame.
Page 91 The T1-E1-PRI can be used for any T1, E1, or PRI resource, and directly terminates a standard USOC RJ45 connector. It is supplied with a standard S/T interface and supports one port. It also provides support for the following switch types: •...
Page 92: Lines
Will this Data Link support X.25 communications (Y/N)? [default N] If the line uses a NI-1 or a DMS-100 switch type, you must also enter the following: SPID(s) - supplied by your carrier b. Directory Number(s) associated with the SPID(s) - supplied by your carrier Number of digits to verify.
Page 93: Configuring A Line For Apri Resource
You must delete the data link for a Robbed Bit line. SING ANAGE OMMANDS line Displays the current line configuration. datalink Display the current data link configuration. ESOURCE PRI/T1 lines B8ZS Common_Channel Workgroup Remote Access Switch ONFIGURING ESOURCES AND INES Lines E1 line Multiframe CRC...
Page 94: Line Configuration Elements
USER’S GUIDE datalink add Allows you to add a data link. The following sample screen shows how a data link is added. Current LINE Configuration: LINE NAME -------------------------------------------------------------------------------- LINE.BASICRATE1 LINE.BASICRATE2 DMS100.LINE1 Select line id for new data link or press <RET> to cancel: 3<RET> Automatic TEI negotiation (Y or N) [default = Y]? N<RET>...
Page 95 All switch types, except the DMS100 and the NI-1, require a single data link per line. The NI-1 switch type can have either one or two data links per line. The DMS100s generally require two data links per line, one for each B channel. For both NI-1 and DMS100 switch types, contact your Service Provider for the number of data links required.
Page 96 ERVICE ROFILE For basic rate lines only. SPIDs are only required for DMS100 and NI-1 switch types. A SPID is a number that identifies ISDN equipment attached to your ISDN line. Depending on the type of ISDN service you have, you may have one, 2, or no SPIDs. When ordering your ISDN service, your service provider should supply you with SPID information.
Page 97 If you are using an external CSU, you will specify a value under Short Haul Build Out. Specify the length of the line, in meters, from CPE to the CSU by selecting a range from zero to 210 meters. ONFIGURING ESOURCES AND Workgroup Remote Access Switch INES Lines...
Page 98: Line Background Information
For example, if the distance to the Telco switch is great (6000 foot maximum), or the line is old, you may need a decibel value of 0.0 (meaning no attenuation). If the distance is much closer (for example, 1000 ft.), the decibel value may be -15.0 (i.e., the signal is strong enough that it needs a certain amount of...
Page 99: Subaddresses
A subaddress may be configured for a point-multipoint line. This element is a call screening method. A subaddress is only needed if you have a line interface type of point-multipoint, and you choose the subaddress call screening method. LEMENTS NFORMATION Workgroup Remote Access Switch ONFIGURING ESOURCES AND INES Subaddresses...
Page 100: Configuring Basic Bridging
ONFIGURING ASIC VERVIEW This chapter provides information for configuring basic bridging features. Basic bridging configuration includes: • enabling/disabling bridging A separate chapter, Configuring Advanced bridging features. Advanced bridging features include: • bridge dial out • Spanning Tree Protocol • mode of operation •...
Page 101: Mac Layer Bridging Background Information
If the bridge and the IP options are both enabled, the system will act as a “brouter.” A brouter operates as a router for protocols it can route, and operates as a bridge for protocols it cannot route. NFORMATION Workgroup Remote Access Switch ONFIGURING ASIC RIDGING...
Page 102: Configuring Basic Ip Routing
ONFIGURING ASIC VERVIEW This chapter provides information for configuring basic IP routing features. Basic IP routing configuration includes: • enabling/disabling the Internet Protocol (IP) When you enable this option, the system operates as an IP Router. If you also enable bridging, it will route IP packets and bridge all other packet types.
Page 103: Ip Option Configuration Elements
SING Select IP Operating Mode from the IP configuration menu. Select either the IP router or IP host operating mode. If you select IP router, the following menu is displayed: LEMENTS Workgroup Remote Access Switch IP R ONFIGURING ASIC OUTING...
Page 104: Ip Operating Mode Configuration Elements
USER’S GUIDE IP Configuration Menu: IP Routing (Enable/Disable) IP Operating Mode IP Interfaces Static Routes RIP (Enable/Disable) IP Static ARP Table Entries Isolated Mode (Enable/Disable) Static Route Lookup via RADIUS (Enable/Disable) IP Address Pool 10) IP Filter Information 11) DHCP Select function from above or <RET>...
Page 105: Ip Network Interfaces
If IP RIP is enabled, enter the following additional information: IP RIP send control k. IP RIP respond control IP RIP receive control m. IP RIP v2 authentication control IP R ONFIGURING ASIC IP Network Interfaces Workgroup Remote Access Switch OUTING...
Page 106 USER’S GUIDE n. IP RIP v2 authentication key (required only if the IP RIP v2 authentication control has been configured with a value other than “No Authentication” Note: With the Secondary IP Addressing feature, you may add more than one LAN network interface.
Page 107: Network Interface Configuration Elements
The IP address (using dotted decimal notation) assigned to this interface. The IP address applies to LAN type interfaces and WAN type interfaces only. Each LAN interface must be configured with a unique IP address. LEMENTS Workgroup Remote Access Switch IP R ONFIGURING ASIC...
Page 108 USER’S GUIDE UBNET The Subnet Mask value (the number of significant bits for the subnet mask) associated with the IP address specified for this interface. The Subnet mask is specified by entering the number of contiguous bits that are set for the mask. The mask bits start at the most significant bit of the IP address field and proceed to the least significant bit.
Page 109 RIP information. You may also configure a set of RIP parameters for each RLAN or numbered WAN interface. IP R ONFIGURING ASIC IP Network Interfaces for the primary interface on a LAN port. Workgroup Remote Access Switch OUTING...
Page 110 Send Control Options Do Not Send* IP RIP v1** IP RIP v1 Compatible IP RIP v2 (*) The default switch for WAN RLAN interface. (**) The default switch for LAN interfaces. For numbered WAN interfaces: Send Control Options Do Not Send*...
Page 111 This switch indicates responding only to IP RIP requests compliant with RFC 1058. IP RIP v2 Only This switch indicates responding only to IP RIP v2 requests compliant with RFC 1723. IP RIP v1 or IP RIP v2 * This switch indicates responding with the same IP RIP version format as the version of the request.
Page 112: Ip Network Interface Background Information
The following table provides the possible choices for IP RIP v2 authentication control Type No Authentication * Simple Password * This is the default switch. IP RIP UTHENTICATION If IP RIP is enabled for a specific interface, this key is required if the following condition has been met: the “IP RIP v2 Authentication Control”...
Page 113 LAN IP network interfaces on the same LAN port. Refer to Network Flattening for more information. ONFIGURING IP RIP and the IP Network Associated Remote Device IP Host (RFC1294) IP Host (RFC1294) HDLC Bridge Workgroup Remote Access Switch IP R ASIC OUTING IP Network Interfaces Interfaces.
Page 114 USER’S GUIDE The WAN IP Network Interface is used to define remote IP devices (hosts or routers) that require access to the central network. This network interface represents a different subnet than that connected to a LAN network interface. The WAN IP Network Interface is used for both IP Host and PPP remote devices.
Page 115 B22 B24 B26 B28 192.2.2.1 ISDN 192.2.2.3 198.1.2.3 Subnet 198.1.2.0 (Uses WAN Interface) for multiple LAN IP addresses). Workgroup Remote Access Switch IP R ONFIGURING ASIC OUTING IP Network Interfaces Interfaces: LAN Interface 128.1.1.1 WAN Direct Host Interface WAN Interface 192.2.2.1...
Page 116 Thus it makes a simple bridge device appear to be an IP router. This is accomplished by having the system extend its Ethernet to handle the ARPs for the remote bridge. CyberSWITCH File Server Subnet 128.1.1.0 128.1.1.3 CSX1200 B-CHANNELS E1 ONLY POWER SERVICE 10BASE - T B13 B15 B17 B19...
Page 117: Ip Rip And The Ip Network Interfaces
B17 B19 B21 B23 B25 B27 B29 B31 SERVICE 10BASE - T B10 B12 B14 B16 B18 B20 B22 B24 B26 B28 Network 3 Elements. Workgroup Remote Access Switch IP R ONFIGURING ASIC OUTING IP Network Interfaces (1.0.0.0) (2.0.0.0) (3.0.0.0)
Page 118 Example 2. It is better for SITE1 and SITE2 to advertise the IP RIP information for each of the remote devices on the logical network on each IP Host device as it connects to the system. CyberSWITCH (1.0.0.0) (2.0.0.0) i/f 1 2.0.0.2 CSX1200 POWER POWER SERVICE 10BASE - T Service 10BASE - T i/f 2 3.0.0.2...
Page 119 B10 B12 B14 B16 B18 B20 i/f 2 3.0.0.2 CSX1200 3.0.0.11 WAN RIP Interfaces: Example 2 For the WAN interface to function properly with IP RIP, additional WAN interface information is configured. The additional information required involves selecting one of the following: disabling host routes propagation (needed for Example 1), or enabling host routes propagation (needed for Example 2).
Page 120: Ip Rip Over Dedicated Connections
WAN IP Interface to Router 2 (R2). Therefore, SITE1 would know about Networks 1 and 2, but would not learn anything about Network 3. In this situation, a static route would have to be configured on the CyberSWITCH. For information on the configuration of static routes, refer to Static Routes. CSX1200 IP RIP OVER EDICATED ONNECTIONS IP RIP is supported over LAN, Remote LAN, and numbered WAN interfaces.
Page 121 CSX1200 B-CHANNELS POWER SERVICE 10BASE - T B10 B12 1.1.1.2 1.1.1.1 In the previous graphic, the WAN network interface 1.1.1.1 on SITE1 is used to connect to a dedicated line and an ISDN line. You need to specify to which remote device, either SITE2 or SITE3, SITE1 should exchange RIP packets.
Page 122: Ip Host Operating Mode And The Ip Network Interfaces
USER’S GUIDE IP H PERATING ODE AND THE Only one network interface can be configured when the IP operating mode is host. The network interface configuration is not much different from the others available in router mode except that the following configuration items will not be asked: •...
Page 123 B17 B19 B21 B23 B25 B27 B29 B31 SERVICE 10BASE - T B10 B12 B14 B16 B18 B20 B22 B24 B26 B28 CSX1200 ISDN Workgroup Remote Access Switch IP R ONFIGURING ASIC OUTING IP Network Interfaces 3.3.3.3 Host D 1.1.1.3...
Page 124: Static Routes
1.x.x.x. The CyberSWITCH generates an ARP response, containing its own MAC address. Host B then communicates with Host C by sending packets to the Cyber- SWITCH. The CyberSWITCH forwards the packets over the WAN to Host C. TATIC...
Page 125 LAN interface or one of the CyberSWITCH IP sites. If next hop is one of the system’s IP sites, the IP address for that site should be used. ETRIC ALUE Hop count to the destination network or the host. Workgroup Remote Access Switch IP R ONFIGURING ASIC OUTING...
Page 126: Static Route Configuration Elements
USER’S GUIDE IP RIP P ROPAGATION The IP RIP propagation control determines how a static route is propagated via IP RIP. The following table provides an explanation of how a IP RIP propagation control flag is assigned to a static route. Flag Propagate Always Propagate only...
Page 127 Do Not Propagate This flag indicates that the static route information is not propagated over the interface. This flag is available only when the next hop is over a WAN interface. IP R ONFIGURING ASIC Static Routes Workgroup Remote Access Switch OUTING...
Page 128: Static Route Background Information
Line POWER Service 10BASE - T CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CHAN SYNC D-CHAN SYNC D-CHAN SYNC D-CHAN CSX1200 128.1.1.1 LAN Interface 128.1.1.2 Router 131.1.0.0 156.1.0.0 Router 192.1.1.2 Static Route IP Address 156.1.0.0 Next Hop 192.1.1.2...
Page 129: Default Routes
LAN connections, you may want to assign a low metric to this route so that a route is taken that is local, thus, no toll charges. Or, perhaps there is a route with a low number of hops, but the Routes). LEMENTS Workgroup Remote Access Switch IP R ONFIGURING ASIC...
Page 130: Routing Information Protocol (Rip) Option
USER’S GUIDE connection is over a WAN. You may want to assign this route a high number of hops to limit toll charges, in case there is a local route that could be used. IP RIP P ROPAGATION ONTROL This controls how a default route is propagated via IP RIP. The following table provides an explanation of how a IP RIP propagation control flag can be assigned to a default route.
Page 131: Ip Rip Configuration Elements
WAN links, such as dedicated or semi-permanent dial-up. For a more detailed explanation, refer to ONFIGURING Routing Information Protocol (RIP) Option Elements. IP RIP and the IP Network Interfaces. Workgroup Remote Access Switch IP R ASIC OUTING...
Page 132: Security
ECURITY The CyberSWITCH provides a great variety of security options. These options include device level security, user level security, a combination of the two, or if preferred, no security. There are different ways to authenticate, as well as different locations (both local and remote) to store security information.
Page 133: Security Overview
ECURITY VERVIEW VERVIEW Security is an important issue to consider when you are setting up a network. The CyberSWITCH provides several security options, and this chapter describes the “Big Picture” of how these options work and interoperate. This information will better equip you to proceed with the following phases of security configuration: configuring the level of security configuring system options and information...
Page 134: System Options And Information
USER’S GUIDE Multilevel security provides both user level security and device level security for local (on-node) database, Radius, and SFVRA. This provides added protection; first, a device will be authenticated, and then a particular user (on the device) will be authenticated. The feature also allows the configuration of an on-node device database at the same time as an off- node device database.
Page 135: User Level Databases
You may also specify the number of login attempts and password change attempts. Specific login elements, such as prompt order, for RADIUS and TACACS are defined here. ECURITY User Level Databases Workgroup Remote Access Switch VERVIEW...
Page 136: Configuring Security Level
ONFIGURING ECURITY VERVIEW The CyberSWITCH offers the following levels of network security: no security, device level security, user level security, or device and user level security. The network security level determines the type of security you want activated on your network. As the name implies, no security is used if you configure your network security level as “no security.”...
Page 137 POWER SERVICE 10BASE - T B13 B15 B17 B19 B21 B23 B25 B27 B29 B31 B10 B12 B14 B16 B18 B20 B22 B24 B26 B28 ISDN ISDN Router User Level Administration Security Sessions Workgroup Remote Access Switch ECURITY EVEL Overview...
Page 138: No Security
USER’S GUIDE ECURITY ONFIGURING ECURITY CFGEDIT SING To begin the configuration of an on-node database or any of the Security Database options, start at the main menu and progress through the screens as shown below: Main Menu: 1) Physical Resources 2) Options 3) Security 4) Save Changes...
Page 139: Device Level Security
Device Type IP Host IP Host HDLC Bridge Security Options CLID, CHAP, PAP CLID, MAC Address Security CLID, IP Host ID Configuring Basic IP Routing Options Workgroup Remote Access Switch ONFIGURING ECURITY EVEL Device Level Security configuration section. Security Required? optional...
Page 140: Overview Of Device Authentication Process
USER’S GUIDE VERVIEW OF EVICE UTHENTICATION When a remote device connects, the CyberSWITCH negotiates the required authentication. It then collects the information which is used to identify and authenticate the remote device. The system compares this collected information against information maintained in a device database. If the information collected from the remote device matches the information found in the database, the connection is valid and the device is allowed access to network resources.
Page 141: Authentication Using A Security Token Card
The following picture shows the relationship between the security server, an end user, and the computer that prompts for the input. The security clients and the security server communicate with each other using some special protocol, such as TACACS. OKEN Workgroup Remote Access Switch ONFIGURING ECURITY EVEL...
Page 142: System Requirements
USER’S GUIDE YSTEM EQUIREMENTS When providing user level security for the CyberSWITCH, you must establish Remote User-to- LAN Connectivity (like terminal servers). You may not establish LAN-to-LAN Connectivity as routers usually do. There are two different ways of establishing Remote User-to-LAN Connectivity: •...
Page 143: Authentication Process With User Level Security
Refer to the section below that summarizes the login procedure required for the type of server you are using. RADIUS: does not use security token card Enter login Id. Enter password. EVEL ECURITY Workgroup Remote Access Switch ONFIGURING ECURITY EVEL User Level Security...
Page 144: Device And User Level Security
USER’S GUIDE TACACS: with PINPAD SecureID Card Enter login Id (remote machine). Enter password onto SecurID card, which generates a dynamic password. Enter dynamic password onto remote machine’s password prompt. Press <RET> key when prompted for dynamic password. with non-PINPAD SecureID Card Enter login Id (remote machine).
Page 145: Device And User Level Background Information
For example, Scally is using the PC on the LAN attached to Sparky, a CSX1200. Scally needs to download some files off of the Service Server, which is on the LAN connecting to Zoe, a CSX1200.
Page 146: Configuring System Options And Information
ONFIGURING YSTEM VERVIEW System options include security options for remote devices. The security required for the authentication of each device will depend on the information you have entered for that device. System information includes a system name, system password, and a system secret. These values are required only if there are remote devices on the network that require this information for system validation.
Page 147: System Options Configuration Elements
If, for some reason, you wish to disable an option, select the Id of the option and press <RET>. The CSX1200, CSX1000, and CSX150 no longer connect to devices which use the RFC 1294 protocol to define their datalink headers. For these particular products only, disregard (i.e., do not select) the IP Host (RFC 1294) Link option on the System Options...
Page 148 USER’S GUIDE Authentication Authentication Note: If a system is brought on line with a device that has a required Calling Line Id that is a duplicate of another device’s Calling Line Id, and no other type of authentication is used, a warning message is logged at initialization.
Page 149: System Options Background Information
The possible security options that can be enabled include: • Calling Line Id • IP Host Id • Bridge Ethernet Address • • CHAP ONFIGURING NFORMATION Workgroup Remote Access Switch YSTEM PTIONS AND NFORMATION System Options...
Page 150: System Information
USER’S GUIDE The following table summarizes the identifying and authenticating information used by each remote device type to connect to the system: Device Type HDLC Bridge (MAC Layer Bridge) IP Host (with RFC 1294 encapsulation) YSTEM NFORMATION ONFIGURING YSTEM NFORMATION CFGEDIT SING Select option (2), System Information from the System Options and Information menu.
Page 151: System Information Background Information
3) RADIUS 4) TACACS 5) ACE Current Database Location is "On-node". Select function from above or <RET> for previous menu: ONFIGURING NFORMATION ESSIONS is On-node is DISABLED is 3 is 23 Workgroup Remote Access Switch YSTEM PTIONS AND NFORMATION Administrative Session...
Page 152: Administrative Session Configuration Elements
USER’S GUIDE You may specify an authentication database location for administrative sessions that is different from the user authentication database location. Note: If you select RADIUS, TACACS, or ACE, you must be sure that the selected server is active before you initiate an administrative session. From the Administrative Session menu select (2) Session Inactivity Timeout.
Page 153: Administrative Session Background Information
23. However, if you choose to use a different port number, you may adjust this value through CFGEDIT. The Client must be aware of the port number you have configured. ONFIGURING UMBER TCP P UMBER NFORMATION ACKGROUND NFORMATION NFORMATION ESSIONS ACKGROUND NFORMATION ACKGROUND NFORMATION Workgroup Remote Access Switch YSTEM PTIONS AND NFORMATION Administrative Session...
Page 154: Emergency Telnet Server Port Number Background Information
USER’S GUIDE MERGENCY ELNET ERVER There are some Telnet client programs that do not clear Telnet connections when terminating Telnet sessions. Since they do not clear the Telnet connections, those connections stay alive and soon all Telnet sessions are used up. Once this happens, no more Telnet sessions can be established until the inactivity timer of one of the sessions expires.
Page 155: Configuring Device Level Databases
ONFIGURING EVICE VERVIEW Device level security is an authentication process between internetworking devices, in which authentication takes place automatically. Both bridges and routers support this form of security.Device level security is available to the network locally through the On-node Device Database or remotely through the VRA Manager or RADIUS Server.
Page 156: On-Node Device Entries
USER’S GUIDE Device Level Databases Menu: 1) On-node Device Database (Enable/Disable) 2) On-node Device Entries 3) Off-node Device Location Select function from above or <RET> for previous menu: 1 Select option (1) On-node Device Database from the Device level Databases menu. The following screen will be displayed.
Page 157 H0 Call Support can be enabled for devices who need more bandwidth to accomplish large file transfers or video conferencing. ONFIGURING "PPP (Point to Point Protocol)" "64000 bps" "64000 bps" "128000 bps" "" "Default_Profile" DISABLED Workgroup Remote Access Switch EVICE EVEL ATABASES On-node Device Entries...
Page 158 USER’S GUIDE For Frame Relay devices: Note: You must first configure the Frame Relay Access. Instructions for configuring the access is found in the chapter. Begin by selecting Frame Relay from the Device Table Menu. A screen similar to the following is displayed: Device Frame Relay Menu: (Device = "DAN") 1) PVC Information...
Page 159: Circuit Configuration
CHAP secret. Or, for an HDLC device, enter a Bridge Ethernet Address. ONFIGURING [default 2]: 1 [default 2]: 2 "" "" ENABLED DISABLED "" "" "" "" for details). For example, for a PPP device, Workgroup Remote Access Switch EVICE EVEL ATABASES On-node Device Entries...
Page 160 Note: The CSX1200, CSX1000, and CSX150 no longer connect to devices which use the RFC 1294 protocol to define their datalink headers. For these particular products only, disregard (i.e., do not select) the IP Host (RFC 1294) menu option on the Device Authentication Menu.
Page 161 Remote LAN port, enable bridging. If you want dial out capabilities to this device, enable Make calls for Bridge data. ONFIGURING Configuration Elements for more information. DISABLED None DISABLED None for more information. NONE ENABLED NONE NONE Workgroup Remote Access Switch EVICE EVEL ATABASES On-node Device Entries...
Page 162 USER’S GUIDE For IP Remote LAN networks, you must explicitly configure the IP (Sub)Network number. For IPX Remote LAN networks, you may configure the IPX external network number, or you may leave the value at NONE. The IPX Spoofing Options for IPX Remote LAN devices are not available at this time.
Page 163: On-Node Device Database Configuration Elements
IP Host (RFC 1294) RFC 1294 provides a simple security exchange at connection time, along with an encapsulation method for IP datagrams. RFC 1294 devices are not interoperable with the CSX1200, CSX1000, and CSX150 products. Only used for Dial-Out. This value represents the throughput on a B-channel or pre-ISDN link connecting the CyberSWITCH to a device.
Page 164 USER’S GUIDE calls. The system will not accept or make a call when the added bandwidth will exceed the configured maximum. The value is configured as a number from 2,400 bps to 3,072,000 bps. You may configure any value in this range. For example, if you have configured the base data rate at 64,000 bps, and the maximum data rate at 512,000 bps, the system would use a maximum of eight calls (connections) running in parallel to open up bandwidth (512,000 / 64,000 = 8).
Page 165: Frame Relay Access Configuration Elements
CHAP Secret for validation. If the calculation’s results do not match the expected results, the connection is terminated. LEMENTS LEMENTS Workgroup Remote Access Switch ONFIGURING EVICE EVEL ATABASES...
Page 166 USER’S GUIDE UTBOUND UTHENTICATION This parameter allows you to enable or disable PPP outbound authentication procedures. When PPP outbound authentication is enabled, PPP (CHAP or PAP) authentication is required at both ends of the connection. When PPP outbound authentication is disabled, the CyberSWITCH does not authenticate the remote device when dialing out.
Page 167: Ip Information Configuration Elements
ROUTING PROTOCOL Indicates the protocol the remote device will be using to communicate with the CSX system: • none • RIP/SAP • triggered RIP/SAP LEMENTS IP D ALLS FOR LEMENTS Workgroup Remote Access Switch ONFIGURING EVICE EVEL ATABASES On-node Device Entries...
Page 168: Appletalk Information Configuration Elements
USER’S GUIDE WAN P Specifies an active WAN peer (receives and sends information at all times) or a passive WAN peer (receives/sends information only when a connection is up). In order for an active peer type to work properly, the Make Calls field must also be enabled. POOFING PTIONS Spoofing allows you to prohibit excessive ISDN connections by internally generating a desired...
Page 169: Bridge Information Configuration Elements
If this parameter remains none, the CyberSWITCH will assume an association with the first configured AppleTalk Remote LAN port. LEMENTS refer to page 222. UMBER Workgroup Remote Access Switch ONFIGURING EVICE EVEL ATABASES On-node Device Entries refer to page 235.
Page 170: Compression Configuration Elements
USER’S GUIDE OMPRESSION ONFIGURATION LEMENTS EVICE OMPRESSION TATUS Allows you to enable or disable compression for the individual device. If this option is enabled, then the CyberSWITCH will negotiate compression with this device. Otherwise, the system will not negotiate compression with this device, leaving the compression resources available for other devices.
Page 171 Optional per Requested device entry Conditionally Optional per Required* Required* device entry (if entry specifies an Ethernet Address) Workgroup Remote Access Switch ONFIGURING EVICE EVEL ATABASES On-node Device Entries Bridge Password Not Requested Optional per device entry Optional per device entry...
Page 172 USER’S GUIDE IP Routing with IP Host Devices (RFC1294) To allow an IP Host device to connect to the CyberSWITCH, you must have IP Routing and IP Host Security enabled. For each IP Host device using this type of connection, you may need to enter the device’s IP address, IP Host Id, and Calling Line Id.
Page 173 Calling Line Id Security Enabled Not Requested Enabled Optional per device entry Disabled Required for information regarding the System Secret. If Outbound Workgroup Remote Access Switch ONFIGURING EVICE EVEL ATABASES On-node Device Entries Data PAP Password or CHAP Secret Required...
Page 174: Off-Node Device Database Location
USER’S GUIDE The following table identifies the configuration requirements for possible security options for IP Routing with PPP Bridge Devices. Security Mode Configuration Calling Line Id PAP or CHAP Security Disabled Enabled Enabled Enabled Enabled Disabled Note: If CHAP Security is enabled, and Outbound Authentication has not been disabled, a CHAP Secret must be entered for both the remote device and for the CyberSWITCH.
Page 175: Off-Node Device Database Location Configuration Elements
The system will not attempt to continue searching the remaining database entries or additional off-node database for the correct peer. OCATION ONFIGURATION Configuring Call Control OCATION ACKGROUND NFORMATION Workgroup Remote Access Switch ONFIGURING EVICE EVEL ATABASES Off-node Device Database Location LEMENTS chapter of this...
Page 176: Configuring User Level Databases
Select function from above or <RET> for previous menu: Select the option you wish to configure and press <RET>. This prompt acts like a toggle switch. If you select a server that is currently enabled, the system will prompt you to disable it. If you select a server that is currently disabled, follow the onscreen instructions to enable the server, including entering the Telnet port number for the server.
Page 177: User Level Authentication Database Location Configuration Elements
If the user’s information matches what is configured in the database, then the connection is allowed. User Level Authentication Database Location ATABASE OCATION ONFIGURATION UMBER ATABASE OCATION ACKGROUND Workgroup Remote Access Switch ONFIGURING EVEL ATABASES LEMENTS NFORMATION...
Page 178: Configuring Off-Node Server Information
ONFIGURING VERVIEW You can configure both local device entries and remote authentication databases for device authentication. When a device needs to be authenticated, the CyberSWITCH will first look the device up locally, and, if there is no device entry, will then check the remote database for device authentication.
Page 179: Vra Manager Authentication Server
Enter the TCP port number used by the VRA Manager. SING ANAGE OMMANDS Displays the current VRA Manager configuration data. vra change Allows you to change the VRA Manager TCP port number. ONFIGURING ERVER UTHENTICATION ERVER is 2000 Workgroup Remote Access Switch NODE ERVER NFORMATION VRA Manager Authentication Server...
Page 180: Vra Manager Authentication Server Configuration Elements
RADIUS Server. The static routes then do not need to be duplicated on all of the Cabletron systems. This is done by enabling the “IP Routes via RADIUS” feature available under CFGEDIT’s IP Information Menu, and including a Framed Route attribute for each system’s RADIUS device entry.
Page 181 ONFIGURING NODE RADIUS Authentication Server VRA Manager Authentication Server is 128.111.011.001 is "SHAREDSECRET1234" is 5800 is Not Configured is 5 is 2 seconds Workgroup Remote Access Switch ERVER NFORMATION...
Page 182: Radius Authentication Server Configuration Elements
USER’S GUIDE RADIUS A UTHENTICATION IP A DDRESS The IP address in dotted decimal notation for the RADIUS Server. This information is required for the Primary RADIUS Server, and also required if a Secondary RADIUS Server is configured. If a Secondary RADIUS Server is configured, it must have a different IP address than the Primary RADIUS Server.
Page 183: Tacacs Authentication Server
UDP port number used by the Authentication Server ONFIGURING describes the device authentication ERVER ERVER is 001.002.003.004 is 49 is 001.002.003.008 is 49 is 3 is 1 second is (ID CODE,PIN) Workgroup Remote Access Switch NODE ERVER NFORMATION TACACS Authentication Server VRA Manager Authentication Server...
Page 184: Tacacs Authentication Server Configuration Elements
USER’S GUIDE Optional: configure a secondary TACACS Server with selection (2). In the event that the primary server does not respond to system requests, the secondary server will be queried for device authentication information. The address and port number of the Secondary Server must not be the same as the Primary Server.
Page 185: Ace Authentication Server
ONFIGURING ERVER ERVER is Not Configured is Not Configured is 3 is 1 second is Not Configured Workgroup Remote Access Switch NODE ERVER NFORMATION ACE Authentication Server VRA Manager Authentication Server...
Page 186: Alternate Method Of Configuration
USER’S GUIDE Select Miscellaneous Information to finish the configuration. Specify the number of access request retries that the system will send to the Authentication Server. b. Specify the time between retries. Choose between the DES or SDI Encryption Method. The algorithm you select must be compatible with the ACE Server setup.
Page 187: Ace Authentication Server Background Information
The ACE Server software is installed on a UNIX-based system connected to the network. The client protocols allow the CyberSWITCH to communicate with the ACE Server, ultimately authenticating users. ONFIGURING ETRIES ETRIES ACKGROUND NFORMATION Workgroup Remote Access Switch NODE ERVER NFORMATION ACE Authentication Server...
Page 188: Configuring Network Login Information
ONFIGURING ETWORK VERVIEW The CyberSWITCH offers a number of configurable options to control the login process for this system and for off-node authentication servers. These options include: • general network login configuration • network login banners • login configuration specific to RADIUS •...
Page 189: Network Login General Configuration Background Information
When using DHCP to provide temporary IP addresses to remote clients, it is important to enable BOOTP before Authentication if user authentication is used. ONFIGURATION ACKGROUND Workgroup Remote Access Switch ONFIGURING ETWORK OGIN NFORMATION...
Page 190: Network Login Banners
USER’S GUIDE ETWORK OGIN ANNERS ONFIGURING ETWORK OGIN CFGEDIT SING Select option (2), Network Login Banners from the Network Login Information menu. If you need guidance to find this menu, refer to the instructions provided in the Configuration configuration section. The following screen will be displayed: Device Network Login Banner Menu: The file "\CONFIG\Welcome.NEI"...
Page 191: Login Configuration Specific To Radius Server
Selection (1) from the RADIUS Specific Device Login Menu allows you to change the password control character: Enter control character used to switch from LOGIN to CHANGE PASSWORD mode. Select the control character that you wish to us by typing caret (‘^’) followed by another character (example: ^A),...
Page 192: Login Configuration Specific To Radius Server Background Information
If you need to change this order, you may specify this order of prompts in the login process. The password control character is a key sequence you specify to switch between the login mode and the change password mode. In order to enable this feature for the general user, you need to configure this password control character.
Page 193 Selection (1) from the TACACS Specific Device Login Menu allows you to change the password control character: Enter control character used to switch from LOGIN to CHANGE PASSWORD mode. Select the control character that you wish to us by typing caret (‘^’) followed by another character (example: ^A),...
Page 194: Login Configuration Specific To Tacacs Server Background Information
If you need to change this order, you may specify this order of prompts in the login process. The password control character is a key sequence you specify to switch between the login mode and the change password mode. In order to enable this feature for the general user, you need to configure this password control character.
Page 195: Advanced Configuration
DVANCED ONFIGURATION We define advanced configuration as the configuration you may use to fine tune your system, or to configure options that are not necessarily needed by the majority of users. For example, if you would like to configure an alternate access (an alternate to ISDN access); this would be considered advanced configuration.
Page 196: Configuring Alternate Accesses
ONFIGURING LTERNATE VERVIEW An access defines the connection details the CyberSWITCH uses to reach the network. The default access is ISDN access, a switched-network access. Configurable accesses are required for dedicated network connections, for packet-switched network connections including X.25 and frame relay connections.
Page 197: Dedicated Access Background Information
Keep in mind that you can aggregate a maximum of 32 connections. These connections can be any combination of dedicated and/or switched connections to the same device. For maximum performance, however, we recommend aggregating no more than eight connections at a time. NFORMATION Workgroup Remote Access Switch ONFIGURING LTERNATE CCESSES Dedicated Accesses...
Page 198: Accesses
USER’S GUIDE X.25 A CCESSES X.25 A ONFIGURING AN CCESS Note the following: • X.25 accesses are available only if you have purchased the additional software module for packet switched accesses. • To establish virtual circuits over X.25, you must enable device level security •...
Page 199: Lapb Configuration Information
This timer designates the time limit in which a clear confirmation must be returned by the DCE (the PPSN) after a clear request has been issued by the DTE (the CyberSWITCH). ONFIGURING LTERNATE X.25 Accesses Workgroup Remote Access Switch CCESSES...
Page 200 USER’S GUIDE Configure the X.25 Reliability, Windows, and Acknowledgment Facilities. Select the type of sequence numbers to be used for X.25: regular or extended. Extended sequence numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128), as opposed to 0-7 (modulo 8). b.
Page 201: Permanent Virtual Circuit Information
The X.121 address to be used as the local DTE address. The X.121 address is the public data network address assigned by your X.25 provider. The local DTE (Data Terminal Equipment) in our application refers to the CyberSWITCH. ONFIGURING LTERNATE X.25 Accesses Workgroup Remote Access Switch CCESSES...
Page 202: Lapb Configuration Elements
USER’S GUIDE The data rate that applies to the line being used for this X.25 access. The configured data rate can be 56 or 64 Kbps. EARER HANNELS A list of bearers (a channel map) that will be used on the line associated with this X.25 access. For PRI lines, the range of channels is from 1 to 24.
Page 203: Access Configuration Elements
DCE (the PPSN) after a clear request has been issued by the DTE (the CyberSWITCH). The range for the this timer is 1 to 200 seconds. The default for this timer is 180 seconds. SSIGNMENTS Workgroup Remote Access Switch ONFIGURING LTERNATE CCESSES X.25 Accesses...
Page 204 USER’S GUIDE X.25 R ELIABILITY INDOWS X.25 S EQUENCE The type of sequence numbers to be used for X.25; regular or extended. Extended sequence numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128), as opposed to 0-7 (modulo 8). The default value is modulo 8. AXIMUM INDOW This is the largest possible window size to be supported on any virtual circuit.
Page 205 The default configuration is to not allow outgoing X.25 calls to request reverse charging. ONFIGURING RANSMIT INDOW ECEIVE INDOW RANSMIT ACKET ECEIVE ACKET RANSMIT HROUGHPUT LASS ECEIVE HROUGHPUT LASS HARGING HARGING Workgroup Remote Access Switch LTERNATE CCESSES X.25 Accesses...
Page 206: Pvc Configuration Elements
USER’S GUIDE X.25 R ESTRICTION ACILITIES These facilities are used to place restrictions upon incoming and outgoing X.25 calls. ARRING NCOMING Allows to you bar X.25 calls coming in to the system. The default configuration is to not bar incoming X.25 calls. ARRING UTGOING Allows you to bar X.25 calls going out of the system.
Page 207: Access Background Information
Virtual circuits are used to establish a virtual path from one DTE to another. This virtual path appears to have the same characteristics that you might get from a physical telephone circuit. With ECEIVE INDOW RANSMIT ACKET ECEIVE ACKET RANSMIT HROUGHPUT LASS ECEIVE HROUGHPUT LASS NFORMATION Workgroup Remote Access Switch ONFIGURING LTERNATE CCESSES X.25 Accesses...
Page 208 B10 B12 B14 B16 B18 B20 B22 B24 B26 B28 CSX1200 = X.25 Virtual Circuits Note: In the illustration, the DTEs are all CyberSWITCH systems. Throughout the X.25 Access section, the term “DTE” can be interchanged with “CyberSWITCH”. Public Packet Switched Networks are typically more cost effective for users who transmit data in the mid-traffic range.
Page 209: Current X.25 Restrictions
Frame Relay Access. Select the data rate from the supplied list of data rates. CCESS Workgroup Remote Access Switch ONFIGURING LTERNATE CCESSES...
Page 210: Configuring Apvc
USER’S GUIDE Enter a list of bearers (a channel map). For T1 lines, the range of channels is from 1 to 24. For BRI lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/or list a range by using a dash (-).
Page 211: Frame Relay General Configuration Elements
Link Failure Detection is only supported across PPP permanent virtual circuits. Some Frame Relay networks have a per packet charge, therefore, the administrator should be cautious when enabling this feature. ONFIGURING LEMENTS Workgroup Remote Access Switch LTERNATE CCESSES Frame Relay Accesses...
Page 212: Frame Relay Pvc Configuration Elements
PVC. The DLCI identifies a pre-established path, or permanent virtual circuit, within the access line to the frame relay network. The frame relay switch at the edge of the frame relay network, the one to which the access line is directly connected, routes the packet to the intended destination based on the DLCI therein.
Page 213: Workgroup Remote Access Switch
PVC. This parameter should only be changed for those users very familiar with the Frame Relay Service. For a more in-depth explanation, refer to ONFIGURING BITS SECOND Data Rate Control Overview. SECOND Congestion Control Overview. SECS Data Rate Control Workgroup Remote Access Switch LTERNATE CCESSES Frame Relay Accesses Data Overview.
Page 214: Frame Relay Access Background Information
(DLCI). The DLCI identifies a pre-established path, or permanent virtual circuit, within the access line to the frame relay network. The frame relay switch at the edge of the frame relay network, the one to which the access line is directly connected, routes the packet to the intended destination based upon the DLCI therein.
Page 215: The Local Management Interface Overview
A frame relay PVC has two transmission rates associated with it: the Committed Information Rate (CIR) and an Excess Information Rate (EIR). The committed information rate is the bandwidth requested for a PVC at service subscription time. It is essentially the guaranteed transmission rate VERVIEW Workgroup Remote Access Switch ONFIGURING LTERNATE CCESSES...
Page 216: Congestion Control Overview
Frame relay supports only a single Permanent Virtual Circuit connecting any two given systems. To illustrate this point, the following diagram shows a frame relay network configuration that would be allowed: CSX1200 B-CHANNELS E1 ONLY POWER SERVICE...
Page 217 However, under the above stated conditions, the network configuration shown below would not be allowed: CSX1200 B-CHANNELS E1 ONLY POWER B17 B19 B29 B31 SERVICE 10BASE - T B13 B15 B21 B23 B25 B27 B10 B12 B14 B16 B18 B20...
Page 218: Configuring Advanced Bridging
ONFIGURING DVANCED VERVIEW When bridging is enabled, optional advanced features are available. Optional bridging features include: • bridge dial out • Spanning Tree Protocol • mode of operation • bridging filters • known connect lists This chapter includes a section for each advanced bridging feature. RIDGE With bridging enabled, bridge dial out is supported.
Page 219: Configuring The Device List For Bridge Dial Out
Return to the Device Table Menu, and select Bridge: RIDGE chapter contains the information needed to "PPP (Point to Point Protocol)" "64000 bps" "64000 bps" "128000 bps" "" "Default_Profile" DISABLED Workgroup Remote Access Switch ONFIGURING DVANCED RIDGING Bridge Dial Out...
Page 220: Spanning Tree Protocol
USER’S GUIDE Device Bridging: (Device = "DAN") 1) IP (sub)network number 2) Bridging 3) Make Calls for bridge data 4) IPX Network Number 5) IPX Spoofing Options Id of option to change or press <RET> for previous menu? 3 Enable Bridging. 10.
Page 221: Bridge Mode Of Operation Background Information
If the device is not on the Known Connect list, the packet is discarded. No Filter Match - Destination Unknown The packet is discarded. ACKGROUND NFORMATION Workgroup Remote Access Switch ONFIGURING DVANCED RIDGING Bridge Mode of Operation...
Page 222: Bridge Filters
USER’S GUIDE RIDGE ILTERS ONFIGURING RIDGE ILTERS Note: Bridge dial out calls can be initiated through the use of a Known Connect list or through the use of bridge filters. For a description of bridge dial out through bridge filters, refer to the section titled CFGEDIT SING...
Page 223 Allows a destination address filter to be deleted from the current configuration. Protocol Filter Commands protfilt Displays the current protocol filter configuration data. (page 226). (page (page Workgroup Remote Access Switch ONFIGURING DVANCED RIDGING Bridge Filters 222). Configure any needed 222). 222).
Page 224: Bridge Filter Configuration Elements
USER’S GUIDE protfilt add Allows a protocol filter to be added to the current configuration. Refer to the CFGEDIT section for required configuration elements protfilt change Allows the current protocol filter configuration to be changed. protfilt delete Allows a protocol filter to be deleted from the current configuration. Packet Data Filter Commands pktfilt Displays the current packet filter configuration data.
Page 225: Bridge Filters Background Information
If the mode of operation is changed, any previously defined filters will be deleted. Any previously defined protocol definitions will remain unchanged. NFORMATION Filter Type Maximum Number of Each filter (in manual mode) Workgroup Remote Access Switch ONFIGURING DVANCED RIDGING Bridge Filters Protocol Definitions.)
Page 226: Protocol Definitions
USER’S GUIDE MAC address filters reference either the source or destination MAC address fields in a packet. Protocol filters use the protocol Id field in a packet. Packet data filters reference data outside the address and protocol fields in a packet. Each filter has a distribution list that identifies the potential destinations for a filtered packet.
Page 227: Bridge Filter Definitions
NOT be forwarded as specified in the distribution list. If no distribution list is specified, the frame will not be forwarded. Forwarding Action SOURCE DISCARD SOURCE CONNECT DISCARD CONNECT PROTOCOL DISCARD PROTOCOL CONNECT PACKET DISCARD PACKET CONNECT Workgroup Remote Access Switch ONFIGURING DVANCED RIDGING Bridge Filters...
Page 228 USER’S GUIDE DESTINATION MAC-address CONNECT< distribution list > This filter allows you to connect MAC frames addressed to the specified MAC address. When the specified MAC address appears in the destination address field of the MAC frame, the frame will be forwarded as specified in the distribution list. PROTOCOL protocol-Id DISCARD <...
Page 229 A packet matching this filter will not be forwarded to any sites on the specified Device List. A packet matching this filter will be connected and forwarded to the sites on the specified Device List. Workgroup Remote Access Switch DVANCED RIDGING Bridge Filters...
Page 230 USER’S GUIDE Restricted Mode Bridge Filters Restricted Mode Type of Filter available DESTINATION DESTINATION SOURCE unicast-address FORWARD <distribution list> This filter allows you to stipulate access privileges of a given device. When the specified unicast address appears in the source address field of a MAC frame, the frame will be forwarded as specified in the distribution list.
Page 231 For example you may forward all IPX data packets but restrict workstation watchdog packets. ONFIGURING for more information. Workgroup Remote Access Switch DVANCED RIDGING Bridge Filters...
Page 232 USER’S GUIDE The following chart summarizes the forward filter actions available for Restricted Bridging: Filter Distribution Action FORWARD FORWARD FORWARD FORWARD Device List* CONNECT Device List* It is possible to use a discard filter action to selectively discard packets that have been forwarded through the previous restricted bridging forwarding filters.
Page 233: Dial Out Using Bridge Filters
Follow the item selection process shown in the screens (the selections are in bold). MAC A ESTINATION DDRESS ILTER page 227. Configuring Resources and Lines Configuring a On-node Device Database Workgroup Remote Access Switch ONFIGURING DVANCED RIDGING Bridge Filters for details. in the Configuring Device...
Page 234 USER’S GUIDE Bridge Filter Menu: 1) Protocol Definition 2) Source MAC Address Filter 3) Destination MAC Address Filter 4) Protocol Filter 5) Packet Data Filter Select function from above or <RET> for previous menu: 3 Current Destination Address Filter: DEST ADDRESS ACTION -------------------------------------------------------- There are currently no Destination Address Filters configured.
Page 235: Known Connect List
Repeat step 2 for all devices you want included on this list. DISTRIBUTION LIST John ONNECT On-node Device Database section found in the Configuring Device Level page 220 Workgroup Remote Access Switch ONFIGURING DVANCED RIDGING Known Connect List Configuring Resources and Lines for instructions on changing the...
Page 236: Known Connect List Configuration Elements
USER’S GUIDE NOWN ONNECT ONFIGURATION EVICE The name of a bridge device that has been preconfigured in the the Configuring Device Level Databases chapter. This is a device to which you want the system to connect and forward bridged unicast packets. NOWN ONNECT ACKGROUND...
Page 237: Configuring Advanced Ip Routing
ONFIGURING DVANCED VERVIEW By default, IP routing is disabled when you first install your system software. After IP routing is enabled, there are optional advanced features available. Optional advanced IP routing features include: • Static ARP Table Entries ARP (Address Resolution Protocol) is used to translate IP addresses to Ethernet addresses. As a rule, this translation is handled dynamically.
Page 238: Static Arp Table Entries
USER’S GUIDE ARP T TATIC ABLE NTRIES ARP T ONFIGURING TATIC CFGEDIT SING Once IP has been enabled, the full IP Configuration menu will be displayed as shown below: IP Routing Menu: P Routing (Enable/Disable) IP Operating Mode IP Interfaces IP Static Routes RIP (Enable/Disable) IP Static ARP Table Entries...
Page 239: The Isolated Mode
Disables the lookup of IP routes lookup via RADIUS. ipradius on Enables the lookup of IP routes lookup via RADIUS. LEMENTS NFORMATION RADIUS RADIUS OOKUP VIA Workgroup Remote Access Switch IP R ONFIGURING DVANCED OUTING The Isolated Mode...
Page 240: Static Route Via Radius Configuration Elements
USER’S GUIDE RADIUS C TATIC OUTE VIA RADIUS S TATIC OUTE VIA You may enable or disable this option. RADIUS B TATIC OUTE OOKUP VIA The Static Routes Lookup via RADIUS option allows you to maintain static routes for devices on the RADIUS Server.
Page 241: Ip Address Pool Background Information
NITIATING THE ILTER ONFIGURATION CFGEDIT SING To begin the configuration process, IP must be enabled. Access IP Filter configuration through the extended IP Routing Menu: NFORMATION Information. section for details. Workgroup Remote Access Switch IP R ONFIGURING DVANCED OUTING IP Filters...
Page 242: Configuring Packet Types
USER’S GUIDE IP Routing Menu: IP Routing (Enable/Disable) IP Operating Mode IP Interfaces IP Static Routes RIP (Enable/Disable) IP Static ARP Table Entries Isolated Mode(Enable/Disable) Static Route Lookup via RADIUS(Enable/Disable) IP Address Pool 10) DHCP Configuration 11) IP Filter Information. Select function from above or <RET>...
Page 243: Configuring The Common Ip Portion
If you select NOT EQUAL, you may choose between a specific upper-level protocol or an ar- bitrary numeric value only. Select IP protocol. If you choose an upper-level protocol, refer to the three following configuration sections: Configuring TCP, Configuring UDP, and Configuring ICMP. IP R ONFIGURING DVANCED Workgroup Remote Access Switch OUTING IP Filters...
Page 244: Configuring Tcp
USER’S GUIDE ONFIGURING If you have selected TCP as your IP protocol, a screen similar to the following is displayed. Note that the following TCP defaults constitute a wild card match for any TCP packet: PACKET TYPE "Type_One": 1) IP Source Address 2) IP Destination Address 3) IP Protocol 4) TCP Source Port...
Page 245: Configuring Icmp
If you choose “NOT EQUAL”, you may only specify a numeric value for the ICMP code. ONFIGURING AND 0.0.0.0 EQUAL 0.0.0.0 AND 0.0.0.0 EQUAL 0.0.0.0 EQUAL ICMP EQUAL ANY EQUAL ANY Workgroup Remote Access Switch IP R DVANCED OUTING IP Filters...
Page 246: Configuring Forwarding Filters
USER’S GUIDE ONFIGURING ORWARDING The configuration of Forwarding Filters is a two-part process. First you must name the filter, and then you must create a list of conditions for the filter. To add a condition, you must name a previously-created packet type, and then name the action to perform on the specified packet type (i.e., forward or discard).
Page 247: Configuring Connection Filters
All Other Types (3) Delete, (4) Move a CONDITION, or press <RET> for previous menu? "Type_Two" All Other Types (3) Delete, (4) Move a CONDITION, or press <RET> for previous menu? Workgroup Remote Access Switch IP R ONFIGURING DVANCED OUTING IP Filters...
Page 248: Configuring Exception Filter
USER’S GUIDE ONFIGURING XCEPTION ILTER The IP Exception Filter is intended for temporary, special conditions within an existing forwarding filter. When enabled, it is logically appended to the beginning of each forwarding filter in effect. CFGEDIT SING Select Exception Filter from the IP Filter menu. Enable the Exception Filter.
Page 249: Modifying The Final Condition For A Filter
Select Apply Global Forwarding Filter. Provide the global filter name. PPLYING PER DEVICE ORWARDING Return to the Main Menu. Select Security. Select Device Level Databases. Select On-node Device Entries. ILTER ILTER ILTERS Workgroup Remote Access Switch IP R ONFIGURING DVANCED OUTING IP Filters...
Page 250: Ip Filters Configuration Elements
USER’S GUIDE Select the device to which you want to apply the forwarding filter. Select IP Information. Select either IP Input Filter or IP Output filter. Provide the filter name. IP F ILTERS ONFIGURATION The following elements are described in terms of the individual comparisons which make up the packet types.
Page 251: Ip Filters Background Information
The following illustrates a packet that is passing through a filter. The packet is checked against each of the individual conditions of the filter before an action is performed: IP R ONFIGURING DVANCED Workgroup Remote Access Switch OUTING IP Filters...
Page 252: Filter Composition
USER’S GUIDE IP Packet Packet Types: Type 1: www,www,www Type 2: xxx,xxx,xxx Type 3: yyy,yyy Type 4: zzz,zzz ILTER OMPOSITION The IP filtering mechanism is composed of three fundamental building blocks: Packet Types The criteria for describing an IP datagram’s contents: IP Source and Destination Addresses, Protocol (TCP, UDP, etc.), Protocol-specific fields (TCP port, etc.).
Page 253: Role Of Filters In The Ip Processing Flow
WAN and it is necessary to first establish a connection, the Connection Filter, if enabled, is applied. Finally, any User-specific filter is applied (again, only if the datagram is being transmitted on WAN interface). for more information on these filtering mechanisms. Workgroup Remote Access Switch IP R ONFIGURING DVANCED...
Page 254: Packet Types
USER’S GUIDE Because the Packet Types within the conditions specify both source and destination address information, Global application may often be sufficient to filter IP traffic across the entire system. However, the Input, Output and User-Based application points are defined in case the administrator needs to apply a finer level of filtering which cannot be obtained on a Global basis.
Page 255: Limitations
EQ <port> /NEQ < port > / GT < port > /LT < port > / RANGE <p1> <p2> EQ / NEQ n / ANY EQ / NEQ n / ANY Central Office Remote Access Switches Workgroup Remote Access Switch IP R ONFIGURING DVANCED OUTING IP Filters...
Page 256: Example Of An Ip Filter Configuration
CyberSWITCH SFVRA Manager Server Server 128.131.25.12 128.131.25.10 128.131.25.11 128.131.25.15 POWER SERVICE 10BASE - T CSX1200 ISDN Remote User Remote User Internet 193.57.50.1 B-CHANNELS E1 ONLY B13 B15 B17 B19 B21 B23 B25 B27 B29 B31...
Page 257 Permits all ICMP packets to enter (in- cluding ECHO packets for PING). No-match action. Denies access to the Netserver. Denies access to the CyberSWITCH it- self. Denies access to the CyberSWITCH it- self. No-match action Workgroup Remote Access Switch IP R OUTING IP Filters...
Page 258: Dhcp Relay Agent
USER’S GUIDE FORWARD IP Src 255.255.255.255, 201.55.89.100 IP Dst: 255.255.255.255, 128.131.25.11 IP Prot: ANY FORWARD All other packet types Once the offsite maintenance is completed, the Exception filter would be disabled. Configuration control over the Exception filter is available both through CFGEDIT and Manage Mode (with Manage Mode being the most practical method due to its dynamic nature).
Page 259: Dhcp Configuration Elements
DHCP/BOOTP Relay Agent processing is extensively discussed in RFC 1542. DHCP/BOOTP R ELAY GENT NVIRONMENTS The following sections describe the different environments in which the DHCP/BOOTP Relay Agent may be used. GENT NABLE ISABLE DDRESSES Workgroup Remote Access Switch IP R ONFIGURING DVANCED OUTING DHCP Relay Agent...
Page 260 USER’S GUIDE Bridge to Bridge Environment CSX1200 Remote Bridge DHCP Client As shown in the picture above, when a remote LAN is connected with bridge devices, the DHCP server and clients communicate with each other as if they were on the same LAN. This is one example configuration of how DHCP can be used to accomplish the dynamic IP address assignment to the remote IP devices.
Page 261: Example Dhcp Configurations
B14 B16 B18 B20 B22 B24 B26 B28 CSX1200 IP Router w/ DHCP Relay Agent ("Alex") In this configuration, the DHCP Client is able to obtain its IP address from the DHCP Server (and any other information that the server provides), using the Relay Agents contained in both IP...
Page 262 USER’S GUIDE Routers shown in the diagram above. Sample configurations for the objects in the above network diagram are as follows: Configuration for IP Router "Alex" System Information: System Name = Alex System Password = stone Security Level = Device Level (On-node Device Database, PAP security) Bridging disabled IP enabled (router mode)
Page 263 B14 B16 B18 B20 B22 B24 B26 B28 CSX1200 IP Router w/ DHCP Relay Agent ("Alex") In this configuration, the DHCP Client is able to obtain its IP address from the DHCP Server (and any other information that the server provides), using the Relay Agent contained in the DHCP- enabled router “Alex.”...
Page 264 USER’S GUIDE Configuration for IP Router "Alex" System Information: System Name = Alex System Password = stone Security Level = Device Level (On-node Device Database, PAP security) Bridging disabled IP enabled (router mode) I/F = LAN (192.168.1.168) I/F = WAN RLAN (204.157.42.190) DHCP enabled Relay Destination # 1 = 192.168.1.5...
Page 265: Dhcp Proxy Client
SING ANAGE dhcp Displays the current DHCP configuration values. dhcp change Displays the same DHCP menu as CFGEDIT, allowing you to change the current DHCP configuration. LIENT Workgroup Remote Access Switch IP R ONFIGURING DVANCED OUTING DHCP Proxy Client...
Page 266: Dhcp Configuration Elements And Background Information
USER’S GUIDE DHCP C ONFIGURATION LEMENTS DHCP P ROXY LIENT NABLE A global flag that indicates whether the DHCP Proxy Client feature is enabled or not. The proxy client is disabled by default. IP A AXIMUM UMBER OF Refers to the maximum number of IP addresses obtained from DHCP servers for this network interface.
Page 267: Sample Configuration: Ip Router With Dhcp Proxy Client
192.168.1.168 POWER SERVICE 10BASE - T CSX1200 IP Router w/ DHCP Proxy Client ("Chloe") In this configuration, the remote IPCP device, “Summer”, is able to negotiate and obtain its IP address from the system’s IP Address Pool. IP addresses have been obtained from the DHCP server for the WAN interface 192.168.10.0.
Page 268 USER’S GUIDE System Information: System Name = Chloe System Password =pets Security Level = Device Level (On-node Device Database, PAP security) Bridging disabled IP enabled (router mode) DHCP configuration: Device = “Summer” CyberSWITCH Configuration for IP Router “Chloe” I/F = LAN (192.168.1.168); LAN port 1 I/F = WAN explicit (192.168.10.168) DHCP related: max addrs to obtain=10...
Page 269: Configuring Ipx
ONFIGURING VERVIEW IPX protocol accepts data from remote devices and formats the data for transmission onto the network, and conversely, accepts data from the LAN and formats it so it can be understood by remote devices. In short, IPX allows remote devices and their servers to communicate. The CyberSWITCH supports the standard method of routing datagrams over a network.
Page 270: Configuring Ipx Information
You may find it helpful to refer to the graphic and to the sample screens for clarification while completing your IPX configuration. External Network Number Internal Network Number Network # 55555555 CSX1200 B-CHANNELS POWER SERVICE 10BASE - T B10 B12 Remote2 (Remote Bridge)
Page 271: Ipx Routing Option
IPX data packets at the IPX network layer. If the option is set to disable, the system will process and forward IPX data packets at the MAC or bridging layer. LEMENT Workgroup Remote Access Switch ONFIGURING IPX Routing Option...
Page 272: Ipx Option Background Information
USER’S GUIDE IPX O PTION ACKGROUND NFORMATION The Internetwork Packet Exchange (IPX) protocol is a datagram, connectionless protocol in the NetWare environment analogous to the Internet Protocol (IP) in the TCP/IP environment. With the help of Routing Information Protocol (RIP) and Service Advertising Protocol (SAP), the IPX router performs the network layer tasks of addressing, routing and switching information packets, to move packets from one location to another in a complex network.
Page 273: Ipx Network Number Background Information
Select the packet encapsulation type from the displayed list. Enter the MTU size. Note that the maximum value for the MTU size varies based on the packet encapsulation type chosen. NFORMATION NTERFACES Workgroup Remote Access Switch ONFIGURING IPX Network Interfaces...
Page 274 USER’S GUIDE If IPX RIP has been enabled for the system, enter the following: RIP send control (do not respond or respond) b. frequency (in seconds) of sending RIP updates RIP receive control (do not respond or respond) d. time (in seconds) to age RIP entries RIP respond control (do not respond or respond) 10.
Page 275: Ipx Network Interface Configuration Elements
IPX RIP packets on this network interface. If this parameter is set to do not send, the system will not transmit any IPX RIP packets on this network interface. LEMENTS ONFIGURATION LEMENTS (MTU) LEMENTS Workgroup Remote Access Switch ONFIGURING IPX Network Interfaces...
Page 276: Sap Ipx Network Interface Configuration Elements
USER’S GUIDE REQUENCY Specifies the frequency at which the system will transmit RIP packets, if the Send control parameter is set to send for this interface. This parameter is a decimal value specified in seconds from 1 to 300. The default value is 60 seconds. ECEIVE ONTROL Specifies how the system will process RIP packets received on this network interface.
Page 277: Ipx Network Interface Background Information
IPX Remote LAN interface, and uses it as a default. Currently, we do not support a remote LAN with both NetWare servers and clients connected to it. NFORMATION Workgroup Remote Access Switch ONFIGURING IPX Network Interfaces...
Page 278: Ipx Routing Protocols
USER’S GUIDE IPX R OUTING ROTOCOLS IPX R ONFIGURING OUTING CFGEDIT SING Select Routing Protocols from the IPX menu. The following will be displayed: IPX Routing Protocol Menu: IPX RIP Processing is currently ENABLED IPX RIP Table maximum IPX SAP Processing is currently ENABLED IPX SAP Table maximum number of entries is 282141 Select function from above or <RET>...
Page 279: Ipx Routing Protocol Background Information
IPX address of the server. The following service entries are stored in this table: • static • NTRIES NFORMATION by events) to update other routers. RIP determines the fastest path Workgroup Remote Access Switch ONFIGURING IPX Routing Protocols...
Page 280: Special Considerations - Remote Lan Interface
USER’S GUIDE Static services are configured locally on the system. SAP entries are learned from incoming SAP packets. All services are stored, used internally and advertised to other routers. The same factors that affect the maximum number of routes stored also affect the maximum number of services stored.
Page 281: Ipx Static Routes
Enter a RIP Propagation Scheme from the above menu [default = 3]? 3 Follow the onscreen instructions to save the configured static route information. ONFIGURING IPX Static Routes (page 292), the configuration of static routes is Workgroup Remote Access Switch...
Page 282: Ipx Static Routes Configuration Elements
USER’S GUIDE SING ANAGE OMMANDS ipxroute Displays the current IPX routes (both statically entered and "learned"). ipxroute [add/change/delete] Allows you to add/change/delete an IPX route. IPX S TATIC OUTES ONFIGURATION ESTINATION ETWORK The IPX network number reachable through this static route entry. This parameter is a hexadecimal value from 1 to 4 bytes in length.
Page 283: Ipx Netware Static Services
Displays the current IPX service data (both statically entered and "learned"). ipxsvc [add/change/delete] Allows you to add/change/delete an IPX service. ERVICES (page TATIC ERVICES Workgroup Remote Access Switch ONFIGURING IPX NetWare Static Services 292), the configuration of static services...
Page 284: Ipx Netware Static Services Configuration Elements
USER’S GUIDE IPX N TATIC ERVICES ERVICE Specifies the NetWare service name that is the target of this static service definition. This parameter is a 48 character NetWare service name. ERVICE Indicates the type of NetWare service that is the target of this static service definition. You may enter the hexadecimal service type value, or request a list of common service types.
Page 285: Ipx Netware Static Services Background Information
Press 1 to select the serialization packet handling configuration level. Follow the onscreen instructions to select either device level or system level. Return to the serialization packet handling menu. ACKGROUND NFORMATION Workgroup Remote Access Switch ONFIGURING IPX Spoofing...
Page 286: Ipx Spoofing Configuration Elements
USER’S GUIDE b. Press 2 to select the system serialization packet handling level. The default values for all parameters will be displayed. Enter the Id of any parameters you need to change. Follow the onscreen instructions for changing the default values. Return to the IPX spoofing menu. Press 4 to configure the message packet handling.
Page 287: Watchdog Protocol
T amount of time. After T amount of time, the keep-alive will be filtered ONFIGURING IPX Spoofing Workgroup Remote Access Switch...
Page 288: Ipx Type 20 Packet Handling
USER’S GUIDE without generating a keep-alive response. The duration timer T starts when a device is disconnected and is reset each time a new connection is established. Some of these <SYS> packets are overloaded in that they are not just keep-alive packets but are control packets needed for the application to run successfully and hence have to be routed like regular SPX data packets.
Page 289: Ipx Type 20 Packet Handling Configuration Elements
Allows you to enable/disable IPX isolated mode. IPX I SOLATED ONFIGURATION Isolated Mode Status You may enable or disable the isolated mode. ONFIGURATION LEMENTS TATUS EVICE ONFIGURATION LEMENTS ONTROL ETHOD ACKGROUND NFORMATION LEMENTS Workgroup Remote Access Switch ONFIGURING IPX Isolated Mode...
Page 290: Ipx Isolated Mode Background Information
USER’S GUIDE IPX I SOLATED ACKGROUND When operating with isolated mode enabled, the CyberSWITCH does not relay IPX datagrams received from the WAN to other IPX routers/hosts located on the WAN. IPX datagrams received from the WAN will be discarded if they need to be forwarded over the WAN. IPX datagrams received on the LAN interface are forwarded to the proper interface.
Page 291: Configuring Triggered Rip/Sap Global Timers
Valid range for timer: 1 to 10,000 seconds (165 minutes); default: 5 minutes. LOBAL IMERS Current Settings 180 sec. 20 sec. 5 sec. 5 min. 180 sec. Workgroup Remote Access Switch ONFIGURING IPX Triggered RIP/SAP...
Page 292: Triggered Rip/Sap Background Information
USER’S GUIDE SUBSCRIPTION IMER Over subscription is the situation in which there are more next-hop routers on the WAN that need updates than there are channels available. When a WAN circuit goes down, a delay (per the over- subscription timer) is incorporated in marking the routes unreachable. This allows the calls to time- multiplex over the limited channels.
Page 293 Serialization Packet Handling Message Packet Handling Select function from above or <RET> for previous menu: 1 Press 1 to configure IPX watchdog spoofing. The following menu will be displayed: ONFIGURING IPX-Specific Information for Devices ISDN Authentication Workgroup Remote Access Switch...
Page 294 USER’S GUIDE Device Level IPX Watchdog Spoofing Menu: 1) Default Handling 2) Handling while the connection is up 3) Handling for the special period after disconnecting is Spoof 4) Special period of time after disconnecting Select function from above or <RET> for previous menu: b.
Page 295: Remote Lan Devices
Allows you to change information for a specific device entry. This will allow you, for example, to add IPX information to a previously configured device entry. IPX-Specific Information for Devices ISDN NONE ENABLED DISABLED NONE page Workgroup Remote Access Switch ONFIGURING Authentication 277.
Page 296: Ipx Configuration Elements For Devices
USER’S GUIDE IPX C ONFIGURATION LEMENTS FOR IPX R OUTING Indicates that the remote device is an IPX router and that the system should route IPX datagrams to this device. The system will forward IPX datagrams to this device based on IPX network layer information if this parameter is set to enabled.
Page 297: Ipx Background Information For Devices
Triggered RIP/SAP. The information about IPX Triggered RIP/SAP may be fetched from an off- node server, if applicable, and then Triggered RIP/SAP will start for the configured routers. UMBER EVICES ACKGROUND Workgroup Remote Access Switch ONFIGURING IPX-Specific Information for Devices WAN peer list.
Page 298: Configuring Snmp
SNMP ONFIGURING VERVIEW A Network Management Station (NMS) is a device that contains SNMP-specific software, giving it the ability to query SNMPAgents using various SNMP commands. If you have purchased an NMS (such as Cabletron’s SPECTRUM® Management Platform), you should enable and configure the CyberSWITCH to be an SNMP Agent.
Page 299 If you want ISDN B-channel usage traps, follow the onscreen instructions for enabling them. d. Set the threshold value for ISDN B-channel usage traps. Optional: change the values of the MIB-2 system group objects. ONFIGURING Configuring SNMP Workgroup Remote Access Switch SNMP...
Page 300: Snmp Configuration Elements
USER’S GUIDE SING ANAGE OMMANDS Currently you cannot configure SNMP using the Manage Mode, but the following command is available: snmp This Manage Mode command displays the current SNMP configuration data. An example output screen is shown below: MANAGE> SNMP The SNMP feature is enabled.
Page 301: Snmp Background Information
SNMP messages. Thus only those systems that have enabled the IP routing operating mode can make use of SNMP. RAPS TATUS RAPS TATUS HRESHOLD Workgroup Remote Access Switch SNMP ONFIGURING SNMP Background Information ISDN Usage Related...
Page 302 Address Translation (AT) group, the Internet Protocol (IP) group, the Internet Control Message Protocol (ICMP) group, the User Datagram Protocol (UDP) group, the Transmission Control Protocol (TCP) group, and the Simple Network Management Protocol (SNMP) group. CyberSWITCH CSX1200 B-CHANNELS E1 ONLY POWER...
Page 303 Trap An SNMP Agent will generate an isdnUsageNormal Trap PDU when the Agent detects that the number of B-Channels in use has returned to a value below the configured threshold value. ONFIGURING SNMP Background Information Workgroup Remote Access Switch SNMP...
Page 304 USER’S GUIDE • authTimeout Trap An SNMP Agent will generate an authTimeout Trap PDU anytime an off-node server times out. • clidDisconnect Trap An SNMP Agent will generate an clidDisconnect Trap PDU anytime there is a configuration problem with a device’s Calling Line Id. •...
Page 305: Configuring Appletalk Routing
ONFIGURING PPLE VERVIEW The AppleTalk routing feature allows the CyberSWITCH to efficiently route AppleTalk data as opposed to bridging all data relating to the protocol. With the addition of the AppleTalk Remote LAN feature, the CyberSWITCH can be configured to be a router, bridge or a mix of both when handling AppleTalk traffic.
Page 306: Appletalk Routing Option Configuration Element
USER’S GUIDE PPLE OUTING PTION PPLE PERATIONAL You can enable or disable the AppleTalk Routing option. When AppleTalk Routing is enabled, the CyberSWITCH acts as an AppleTalk Router, routing AppleTalk datagrams based on AppleTalk address information. When AppleTalk Routing is disabled, the CyberSWITCH will simply bridge AppleTalk protocol network traffic.
Page 307: Appletalk Ports Configuration Elements
The NonExtended Network indicates that the system is connected to a NonExtended AppleTalk network, which supports addressing of up to 254 nodes and supports only one zone. LEMENTS port type allows remote bridge devices to connect to other AppleTalk Workgroup Remote Access Switch ONFIGURING PPLE OUTING...
Page 308: Appletalk Ports Background Information
USER’S GUIDE PPLE ETWORK ANGE The AppleTalk network range (for Extended network) or the AppleTalk network number (for NonExtended network) of the LAN segment that the port is connected to. Specifying 0.0 (for Extended) or 0 (for NonExtended) places the port in discovery mode (a.k.a., non-seed router), in which the system learns its configuration information from the seed router.
Page 309: The Zone Concept
This means that if an RTMP packet is received with a different network number/range than configured, the LAN port assumes the RTMP packet contains the ONFIGURING PPLE AppleTalk Ports bridge device table entry. Workgroup Remote Access Switch OUTING...
Page 310: Appletalk Static Routes
USER’S GUIDE correct network/range and begins using the learned network number/range. If the network number/range configured for the Remote LAN port differs from the network number/range that is being broadcasted in RTMP packets by other remote routers, the port becomes unusable. Configuration In order to properly set up an AppleTalk Remote LAN, you must: •...
Page 311: Appletalk Routing Static Routes Configuration Elements
Allows you to set the maximum number of defined and learned zone table entries. The default value is 512. The maximum is 2,000. OUTES ONFIGURATION LEMENTS ANGE UMBER OUTES ACKGROUND NFORMATION LEMENTS AXIMUM UMBER OF NTRIES AXIMUM UMBER OF NTRIES Workgroup Remote Access Switch ONFIGURING PPLE OUTING AppleTalk Capacities...
Page 312: Appletalk Capacities Background Information
USER’S GUIDE PPLE APACITIES ACKGROUND This option allows you to control the maximum number of table entries (routing and zone tables) for your network. PPLE SOLATED ONFIGURING THE PPLE CFGEDIT SING Select Isolated Mode (Enable/Disable) from the AppleTalk Routing Menu. Follow the onscreen instructions to either enable or disable the isolated mode.
Page 313: Configuring Call Control
ONFIGURING VERVIEW The CyberSWITCH offers a number of configurable options to control how the system will make and accept calls. These options include: • configuring throughput monitor parameters • configuring call interval parameters • configuring monthly call charge parameters • configuring call restriction parameters •...
Page 314: Throughput Monitor Configuration Elements
USER’S GUIDE Follow the onscreen instructions to keep the feature enabled. Enter the sample rate in seconds. Enter the overload trigger number. Enter the overload window size. Enter the overload percentage utilization. Enter the underload trigger number. Enter the underload window size. 10.
Page 315: Throughput Monitor Background Information
Condition Overload Underload Idle Note: For adding calls, these parameters only apply to calls initiated by the system. NFORMATION Trigger Number Window Size Workgroup Remote Access Switch ONFIGURING ONTROL Throughput Monitor Utilization...
Page 316: Overload Condition Monitoring
USER’S GUIDE The throughput monitor feature constantly monitors the use of the connections and looks for the following conditions: • The overload condition, which indicates that demand exceeds the current aggregate capacity of the WAN connections. The system can add more bandwidth when this occurs. •...
Page 317: Idle Condition Monitoring
(the trigger of 2) out of 3 samples (the window of 3) before any action is taken. This condition has not been met. XAMPLE 0 of 1 1 of 2 1 of 3 Sliding Window 1 of 3 1 of 3 2 of 3 Overload condition met 0 of 1 Workgroup Remote Access Switch ONFIGURING ONTROL Throughput Monitor...
Page 318: Call Interval Parameters
USER’S GUIDE The average throughput is 40% for the third sample rate period. This is less than the configured utilization, so out of the last 3 samples (a sliding window is in use), 1 out of 3 samples have throughput that is greater than the configured utilization. The overload condition has still not been met.
Page 319: Monthly Call Charge
At the beginning of a new month, the current total call charges will be reset to 0. HARGE LEMENTS NFORMATION Workgroup Remote Access Switch ONFIGURING ONTROL Monthly Call Charge...
Page 320: Call Restrictions
USER’S GUIDE ESTRICTIONS ONFIGURING ESTRICTIONS Note: Certain restrictions apply to the use of Refer to the Background Information discussion. CFGEDIT SING Select Call Restrictions from the Call Control Options menu. Follow the onscreen instructions for enabling this feature. The current call restriction configuration will be displayed. Enter the number Id associated with the parameter you want to change.
Page 321 The call will be allowed; however, a warning will be written to the report log. 3:00 4:00 5:00 6:00 3:59 4:59 5:59 6:59 Entry 9-18 all hours 1-24 11-19, 21, 24 9-18, 20-22 Workgroup Remote Access Switch ONFIGURING ONTROL Call Restrictions 7:00 8:00 9:00 10:00 11:00 7:59 8:59 9:59 10:59 11:59...
Page 322: Call Restrictions Background Information
USER’S GUIDE INUTES PER The limit of number of call minutes per day. The default value is 240 call minutes per day. Call minutes will be calculated periodically while calls are active (not when a call is disconnected). Statistics will be kept to track the total number of call minutes made per day. This statistic will be written to the statistics log every half hour, and available through the ds command.
Page 323: Bandwidth Reservation
Note that there are four lines in the default profile: (1,1), (1,2), (1,3), and (1,4). The leading “1” in the pair of numbers represents the slot number. The second number in the pair represents ESERVATION LINES (SLOT,PORT) (1,1 1,2 1,3 1,4) Workgroup Remote Access Switch ONFIGURING ONTROL Bandwidth Reservation...
Page 324 USER’S GUIDE the port number. This example shows that there is only one BRI adapter, and it is installed in slot number one, and has four ports. There is a line for each port number. Press 1 to add a device profile. Enter a user-defined unique name to identify the profile.
Page 325: Bandwidth Reservation Configuration Elements
This element identifies the line or lines to be reserved for the specified Device Profile. Overlap of lines between profiles is allowed. Note that this is a BRI-only feature since bandwidth is reserved per-line. [delete] ONFIGURATION LEMENTS Workgroup Remote Access Switch ONFIGURING ONTROL Bandwidth Reservation...
Page 326: Bandwidth Reservation Background Information
USER’S GUIDE ANDWIDTH ESERVATION This feature allows a portion of the possible connections to always be available to specific devices for both inbound and outbound calls. To increase flexibility, this feature may be configured to either allow or prevent bandwidth overlap. Bandwidth overlap will allow normal devices to use a certain number of lines, while a special class of super devices would be allowed access to both the normal bandwidth (designated in the default profile) as well as special super device bandwidth (designated in the configured device profile).
Page 327 Adds, changes, or deletes a semipermanent connection from the current configuration. Max Retries Over Interval Session Interval ( ALWAYS CALL BACK ) Max Retries Over Interval Session Interval 10 Mins Max Retries Over Interval Session Interval 10 Mins Workgroup Remote Access Switch ONFIGURING ONTROL Semipermanent Connections 60 Mins...
Page 328: Semipermanent Connections Configuration Elements
USER’S GUIDE EMIPERMANENT ONNECTIONS EVICE Specify the device name (from the Device List) that you wish to make a semipermanent connection. Once specified, the semipermanent feature will (at least) keep the Initial Data Rate active to the specified device, as long as it is not prohibited by call restrictions or a physical or configuration problem.
Page 329 If this happens, you will need to use the call device command to restart the feature. ONFIGURING Semipermanent Connections parameter values. Workgroup Remote Access Switch ONTROL...
Page 330: Vra Manager As A Call Control Manager
USER’S GUIDE VRA M ANAGER AS A This feature allows you to use the Virtual Remote Access (VRA) Manager for call control management only. This feature allows you to continue to use other authentication servers (e.g., RADIUS, ACE) yet still gain the benefits of VRA call control management. VRA M ONFIGURING ANAGER FOR...
Page 331: Background Information
This will provide access to the following VRA call control management features: call restrictions, maximum bandwidth, and grouping (in addition to the call logging feature). IMER ANNER Workgroup Remote Access Switch ONFIGURING ONTROL VRA Manager as a Call Control Manager...
Page 332: Limitations/Considerations
USER’S GUIDE • User Level Security If you use user level security for authentication: configure devices on the VRA manager as well. This will provide access to the following VRA call control management features: call restrictions, maximum bandwidth, and grouping (in addition to the call logging feature). User level security and VRA call control management work together as follows: VRA allows a device to connect under an alias name until the user can be verified by its authentication server.
Page 333: Configuring Other Advanced Options
ONFIGURING THER VERVIEW This chapter provides information for configuring advanced system options that are not covered in the previous chapters. These options include: • configuring PPP • configuring default line protocol • configuring log options • configuring system compression options •...
Page 334: Ppp Configuration Elements
USER’S GUIDE PPP C ONFIGURATION LEMENTS ERMINATE The number of Terminate-Request packets sent without receiving a Terminate-Ack before assuming that the peer is unable to respond. ONFIGURE The number of Configure-Request packets sent without receiving a valid Configure-Ack, Configure-Nak or Configure-Reject before assuming that the peer is unable to respond. AILURE The number of Configure-Nak packets sent without sending a Configure-Ack before assuming that configuration is not converging.
Page 335: Ppp Background Information
B-channel has failed. Similarly, the Local Management Interface (LMI) facility of a Frame Relay circuit may provide feedback suitable for determining that an end- to-end Virtual Circuit has failed. TATUS Workgroup Remote Access Switch ONFIGURING THER DVANCED...
Page 336: Ppp Reference Documents
USER’S GUIDE However, the PPP link exists on an end-to-end basis with the remote peer, a domain which exceeds that controlled by the signalling-type entities just cited. Thus, not every end-to-end failure will be detected. Some examples of such failures include: •...
Page 337: Default Line Protocol
It is possible to change the timeout value for waiting for responses. You may also change the action on frame timeout. Instead of disconnecting after the frame timeout value has been reached, you can select a default protocol for the system to use. ROTOCOL LEMENTS NFORMATION Workgroup Remote Access Switch ONFIGURING THER DVANCED PTIONS Default Line Protocol...
Page 338: Log Options
USER’S GUIDE PTIONS Log options allow you to direct log reports to a specific location. Reports an be directed to a local log file, or to a UNIX-style syslogs server. Currently, only call detail recording (CDR) reports can be directed to a specific location. ONFIGURING PTIONS CFGEDIT...
Page 339: Log Options Background Information
90 to 180 seconds of operation. When we use the term UNIX Syslog Server, we are, more precisely, referring to the “syslogd” daemon running on a UNIX system. Syslogd reads and forwards messages to the appropriate log NFORMATION Workgroup Remote Access Switch ONFIGURING THER DVANCED...
Page 340: Cdr Log Report Overview
USER’S GUIDE files and devices depending upon its configuration. Refer to your UNIX system documentation for more information on syslogd. Each log message sent to a syslogd server has a priority tag associated with it. The priority tag is encoded as a combination: facility.level. The facility identifies the part of the system creating the log message and the level describes the severity of the condition which caused the log message to be written.
Page 341 A verify event is generated by issuing the cdr verify console command. This command verifies the configuration of the CDR feature. It causes a message to be sent to all configured CDR log ONFIGURING ISDN POWER SERVICE 10BASE - T Bridge CSX1200 Workgroup Remote Access Switch THER DVANCED PTIONS Log Options B-CHANNELS E1 ONLY...
Page 342 USER’S GUIDE servers. The proper logging of the message can then be inspected to verify that CDR configuration is as desired. Event Report Contents A CDR event triggers a report which can consist of one or more records. Each record corresponds to a line in the log file.
Page 343 ISDN connect message was received from the switch. An incoming phone number is displayed if it is provided by the telephone switch. Not all switches provide calling line identification. A phone number is always displayed for outbound calls.
Page 344 On a reject event, records 1 through 4 are used. The event type is REJECT. The timestamp reflects the time that the decision to disconnect was made. An incoming phone number is displayed if it is provided by the telephone switch. Not all switches provide calling line identification. A phone number is always displayed for outbound calls.
Page 345: Compression Options
You may enable or disable the compression subsystem status. This option provides enable/disable control over the entire compression subsystem within the system. If this option is enabled, the system will negotiate compression with remote devices per their individual PTIONS LEMENTS TATUS Workgroup Remote Access Switch ONFIGURING THER DVANCED PTIONS Compression Options...
Page 346: Compression Options Background Information
USER’S GUIDE configuration. If this option is disabled, the system will not negotiate compression with any remote device. The default value is enabled. Note that enable/disable applies to all protocols which support compression. EFAULT EVICE OMPRESSION You may enable or disable the per-device compression setting. This is in addition to the global compression enable/disable state described above.
Page 347: Compression And Ccp
The peer will be expected to also discard its outbound history and respond with a CCP Reset-Acknowledgment. At this point, both sides will have been resynchronized and compressed data transfers can continue. ONFIGURING THER DVANCED Compression Options Workgroup Remote Access Switch PTIONS...
Page 348: Tftp
USER’S GUIDE When using Extended mode, a coherency count is checked to detect lost packets. If a packet loss is detected by the receiver, a Reset-Request is sent to the transmitter. The next compressed data packet transmitted will have a bit set to indicate that the history has been reset. With the use of sequence numbers, the decompressed output of all in-order compressed frames is assumed to be valid.
Page 349: Tftp Configuration Elements
Whenever a remote host invokes the TFTP Server function in the system, the file access rights associated with the configured device ID are applied to all file accesses by the remote host. TFTP F EATURE TFTP C LIENT TFTP S ERVER TFTP S ERVER Workgroup Remote Access Switch ONFIGURING THER DVANCED PTIONS TFTP...
Page 350: File Attributes
USER’S GUIDE Each device has pre-assigned configurable access rights to the TFTP permissible file types. The access rights are configurable using the fileattr change Manage Mode command. Refer to Attributes for more information regarding configuring the file attributes. When a device remotely access the TFTP server, it doesn’t matter what level the device is logged in as.
Page 351 CfgFiles File types included in the category RPRT_LOG.1 - 5 STAT_LOG.1 - 5 *.NEI (with the exception of CFGTOKEN.NEI) All other file types i.e. .EXE, .COM, .TXT, (CFGTOKEN.NEI), etc. Workgroup Remote Access Switch THER DVANCED PTIONS File Attributes Other Files...
Page 352: Troubleshooting
ROUBLESHOOTING We include the following chapters in the Troubleshooting segment of the User’s Guide: • System Verification After your CyberSWITCH has been configured, and before proceeding with normal system operations, you may want to verify that the system is functional. System Verification provides instructions for verifying the system hardware and system configuration.
Page 353: System Verification
YSTEM ERIFICATION VERVIEW After your CyberSWITCH has been configured, and before proceeding with normal system operation, it is necessary to verify that the system is functional. This chapter provides instructions for verifying the system hardware and system configuration. You only need to perform the verification procedures for the options that apply to your configuration.
Page 354: Verifying Wan Lines Are Available For Use
Data Link up: <slot #> <port #> <ces> Depending on the resource switch type, the system will delay up to 2 minutes before attempting to bring up the data links.
Page 355: Verifying Bridge Is Initialized
If you see these IP router initialization messages, then the IP router is operational. If these IP router initialization messages are NOT displayed, refer to Diagnosis chapter. Bridge Initialization NITIALIZED Workgroup Remote Access Switch YSTEM ERIFICATION Verifying Bridge is Initialized LAN Attachment...
Page 356: Verifying A Dedicated Connection
USER’S GUIDE ERIFYING A EDICATED To verify a dedicated connection to the CyberSWITCH, the WAN lines that are connected to the system must be available for use, and the routing option must be properly initialized. To verify that you have a dedicated connection: View the system messages by entering the following console command: dr <return>...
Page 357: Verifying An X.25 Connection
Authentication initially disabled. A client PC on the LAN of the remote device must a user ID and password for a user level database on an off-node server. Both databases must be enabled and available. of the Problem Diagnosis chapter. ONNECTIVITY ECURITY Workgroup Remote Access Switch YSTEM ERIFICATION Verifying an X.25 Connection Remote Device Connectivity...
Page 358 It also uses the “ping” command. The “ping” command sends a packet to a specified host, waits for a response, and reports success or failure. Substitute the equivalent command on your network. WORKGROUP REMOTE ACCESS SWITCH LINE LINE...
Page 359: Verifying Ip Host Mode Is Operational
The steps to verify the operation of IP Host mode feature over a LAN connection are: Determine if the CyberSWITCH can access the local IP host. Type: ip ping 100.0.0.2 PERATIONAL PERATIONAL CONNECTION Workgroup Remote Access Switch YSTEM ERIFICATION Verifying IP Host Mode is Operational IP Host Initialization of the...
Page 360: Verifying Ip Host Mode Operation Over A Wan Connection
USER’S GUIDE If a message similar to the following is displayed, the IP host mode feature over the specified LAN port is operational. Repeat this step for each LAN port on your Ethernet resource. 100.0.0.2 is alive If this message is not displayed, then the IP Host mode feature over the LAN connection is not operational.
Page 361: Verifying Ip Routing Over Awan Interface
CSX1200 WORKGROUP REMOTE ACCESS SWITCH POWER SERVICE 10BASE-T 100.0.0.0 To verify IP Routing over a LAN connection: Determine if the CyberSWITCH can access the local IP host. On the administration console type: ip ping 100.0.0.2 <return> Issuing this command will result in a response similar to the following: 100.000.000.002 is alive...
Page 362 USER’S GUIDE WORKGROUP REMOTE ACCESS SWITCH CSX1200 100.0.0.0 Host A 100.0.0.2 The steps to verify the operation of IP routing over a WAN interface are: Determine if a remote IP host can access the WAN interface of the CyberSWITCH over the WAN connection.
Page 363: Verifying Ip Routing Over A Wan (Direct Host) Interface
Host) interface is operational. Repeat the above steps for each WAN (Direct Host) interface through which you wish to get access. If the remote IP host CANNOT ping to the local IP host, refer to Host) Interface Connection WAN (D IRECT NTERFACE CSX1200 LINE LINE LINE LINE POWER SERVICE...
Page 364: Verifying Ip Routing Over A Wan Remote Lan Interface
Determine if a remote IP host can access the local IP host through the CyberSWITCH over the WAN connection. On the remote IP host type: ping 100.0.0.2 <return> CyberSWITCH WAN R LAN I EMOTE NTERFACE CSX1200 192.100.1.1 LINE LINE LINE LINE POWER SERVICE...
Page 365: Verifying Ip Routing Over A Wan Unnumbered Interface
It uses IP addresses specific to the example. Substitute the IP addresses of your network when you perform the IP routing verification steps. It also uses the “ping” command. The “ping” command sends a packet to a specified host, waits for a response, and reports success or failure. CSX1200 "SITE1" WORKGROUP REMOTE ACCESS SWITCH...
Page 366: Verifying Ip Filters
USER’S GUIDE IP F ERIFYING ILTERS To verify that IP Filters are functioning, perform the following test: Configure and apply at least one IP filter that contains at least one condition whose action is to DISCARD the matching packet. Perform a trace on discarded packets. On the administration console issue the command: ip filter trace discard <return>...
Page 367: Verifying Ip Rip Output Processing On A Lan Interface
It uses IP addresses specific to the example. Substitute the IP addresses of your network when you perform the verification steps. It also uses the netstat administration console command. The netstat command displays the IP routing table of the system. Substitute the equivalent command on your IP host. CSX1200 "SITE1" WORKGROUP REMOTE ACCESS SWITCH LINE...
Page 368: Verifying Ip Rip Input Processing On A Lan Interface
Below is an example of a configuration used to verify IP RIP output processing on a WAN interface. It uses IP addresses specific to the example. Substitute the IP addresses of your network when you CyberSWITCH LAN I NTERFACE Router 1 128.1.1.1 CSX1200 LINE LINE LINE LINE POWER SERVICE...
Page 369: Verify Ip Rip Input Processing Operational On A Wan Interface
Determine if system has learned the route to 192.1.2.0 from the Router. On the CyberSWITCH administration console: Type: ip route <return> If the route to 192.1.2.0 is displayed, the IP RIP input processing is operational. If the route is NOT displayed, refer to Diagnosis chapter. CSX1200 Dedicated Connection LINE LINE LINE LINE...
Page 370: Verifying Ipx Router Is Initialized
The example also uses NetWare commands available for the Windows 95 workstation. Substitute the equivalent commands on your NetWare client. "SITE1" CSX1200 WORKGROUP REMOTE ACCESS SWITCH LINE LINE POWER...
Page 371: Verifying Ipx Routing Over A Lan Connection
Problem Diagnosis chapter. LAN C ONNECTION in the Problem Diagnosis chapter. ONNECTION is the IPX Network Number is the router’s MAC address IPX Routing over the Remote LAN Connection Workgroup Remote Access Switch YSTEM ERIFICATION Verifying IPX Routing is Operational...
Page 372: Verifying Ipx Routing Over Awan Connection
USER’S GUIDE IPX R ERIFYING OUTING OVER A To verify the operation of IPX Routing over a WAN connection: Determine if NetWare Client A can see the remote NetWare Server “remote.” To do this, activate NetWare Client A’s desktop network neighborhood feature. Then check to see if “remote”...
Page 373: Verifying Appletalk Routing Is Operational
Below is an example of a configuration used to verify AppleTalk Routing operation. It uses AppleTalk addresses, zones and resource names specific to the example. Substitute those of your network when you perform the AppleTalk Routing feature verification steps. CSX1200 "Site1" WORKGROUP REMOTE ACCESS SWITCH...
Page 374: Verifying Appletalk Routing Operational Over The Lan Connection
USER’S GUIDE ERIFYING PPLE OUTING The steps to verify the operation of AppleTalk Routing feature over a LAN connection are: Determine if the local Macintosh can see all zones. Bring up the Chooser on the Local Mac: If a list of all zones (Left Zone and Right Zone) appear in the Chooser as shown above, then the AppleTalk Routing over a LAN connection is operational.
Page 375: Verifying Snmp Is Operational
MIB objects are ds , udp stats , ip stats, and snmp stats. AppleTalk Routing Operation Over the WAN Connection SNMP in the Problem Diagnosis chapter for Workgroup Remote Access Switch YSTEM ERIFICATION Verifying SNMP is Operational in the Problem...
Page 376: Verifying The Dial Out Feature
USER’S GUIDE ERIFYING THE To perform the Dial Out verification for a remote device, you need to know the configured device name associated with the device’s device table entry. Note that the device name is case sensitive. If you already know the device name, skip to step 4. Otherwise, begin the verification process with step 1.
Page 377: Verifying Compression Is Operational
ECHO REQ Id=0x50 Len=10 3E 03 78 AC ECHO RPLY Id=0x50 Len=10 70 18 D0 87 ECHO REQ Id=0x51 Len=10 3E 03 78 AC ECHO RPLY Id=0x51 Len=10 70 18 D0 87 Workgroup Remote Access Switch YSTEM ERIFICATION Verifying Compression is Operational...
Page 378: Verifying Dhcp Relay Agent
USER’S GUIDE Set up two systems in a back-to-back, dedicated, BRI scenario where at least one of the systems is a PC-Platform. Configure a dedicated access between the 2 systems. The usage of a PC-platform exploits the fact that the layer 1 of a PC-based BRI board stays active even when you exit the software.
Page 379: Verifying The Relay Agent Is Enabled
Problem DHCP Client 204.157.42.168 WORKGROUP REMOTE ACCESS SWITCH LINE LINE LINE LINE POWER SERVICE 10BASE-T CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH CSX1200 IP Router w/ DHCP Relay Agent ("Ruby")
Page 380: Verifying Dhcp: Proxy Client
USER’S GUIDE Shortly after a DHCP Client is powered on, it will attempt to get its IP address from a DHCP Server. If it is successful, its IP-related features (e.g., ping, telnet, etc.) will become operational. If the client could not obtain its IP address, it will retry periodically to do so. From the DHCP Client, attempt to ping the Relay Agent (“Ruby”) that is on the same LAN: C:\>...
Page 381: Verifying The Proxy Client Is Enabled
If neither of these error messages is found in the report log, refer to the Problem Diagnosis chapter. DHCP Proxy Client Initialization NABLED Enabling the Proxy Client PERATIONAL Workgroup Remote Access Switch YSTEM ERIFICATION Verifying DHCP: Proxy Client in the in the Problem...
Page 382: Ip Address Pool
If not, follow the instructions actions in the dial out verification section. ERIFYING ROXY Use the following graphic to help you in verifying that Proxy ARP is operational. When following the steps below, substitute your addresses for the addresses used in the example. CSX1200 "Site1" WORKGROUP REMOTE ACCESS SWITCH POWER SERVICE 10BASE-T 128.168.1.x...
Page 383 ARP feature. If the target IP addresses are not shown or are mapped to MAC addresses that are not then refer to the the Problem Diagnosis chapter. YSTEM ERIFICATION Verifying Proxy ARP is Operational Proxy ARP Operation section of Workgroup Remote Access Switch...
Page 384: Problem Diagnosis
ROBLEM IAGNOSIS VERVIEW This chapter, when used in conjunction with the correct problems encountered in the verification process. During some of the diagnosis procedures, we ask you to enter an administration console command. To enter these commands, you must have an active administration session. If you need instructions for starting an administration session, refer to ENERAL ROCEDURES...
Page 385: Bridge Initialization
If the line was correctly attached in action 1, try restarting the system. If actions 1 and 2 fail to correct the problem, call your phone company (carrier) to check the status of the line. has initialized correctly. Workgroup Remote Access Switch ROBLEM IAGNOSIS Bridge Initialization...
Page 386 USER’S GUIDE Problem: The system does not display the WAN line availability messages. Instead, the system displays the following message after the status console command is issued: Out Svc 1 (slot #, port #) This means that Layer 1 cannot be established, most likely due to WAN cabling problems. Action: If the system has been operational for longer than 2 minutes, verify that the line is correctly attached to the proper system resource and port.
Page 387: Dedicated Connections
The device indicated device database does not have a device entry corresponding to the permanent virtual circuit. Start up the run-time configuration utility CFGEDIT by entering the following console command: cfgedit For the Frame Relay PVC, change the PVC name to match the remote device name. ROBLEM Dedicated Connections Workgroup Remote Access Switch IAGNOSIS...
Page 388: Connections
USER’S GUIDE X.25 C ONNECTIONS Problem: An X.25 access is configured, but the x.25 stats command response is: No X.25 Access configured Action: Verify that the proper line and port have been selected. Enter the er command to erase the report log. Enter the trace lapb on command.
Page 389: Remote Device Connectivity
If the system displays the following messages among the system messages: IP Call Dropped: ID_RSP was not received from remote IP Call Dropped: XID was not received from remote ROBLEM Remote Device Connectivity System Messages Workgroup Remote Access Switch IAGNOSIS...
Page 390: Multi-Level Security
USER’S GUIDE IP Security Rejection - Digit string wrong length IP Security Rejection - Invalid Security ID <Id string> Review the system configuration for the Device List. You can also refer to the chapter for the message meanings and the appropriate actions to be taken. The first two messages indicate that the system did not receive the required protocol data.
Page 391: Ip Host Mode
Try to ping the Host from another device on the LAN. If this is also unsuccessful, this may indicate a problem with the Host. CONNECTION System Commands chapter.) If the ARP cache entry for the Workgroup Remote Access Switch ROBLEM IAGNOSIS IP Host Mode...
Page 392: Ip Host Mode Operation Over The Wan Connection
USER’S GUIDE Verify that the hardware address (MAC address) for the IP Host in the CyberSWITCH’s ARP cache is correct. If it is not correct, verify the configuration in the IP Host. IP H PERATION OVER THE Problem: The remote IP Host connected to a WAN RLAN interface on the CyberSWITCH does not receive a ping response from the WAN RLAN interface.
Page 393: Ip Routing Over Awan Interface Connection
Verify that the remote IP Host is initiating a call to the CyberSWITCH. Since the LAN interface has an IP address assigned with a different network number than the one for the remote IP IP Routing Over Interface Connections ONNECTION Remote Device Workgroup Remote Access Switch ROBLEM IAGNOSIS Connectivity.
Page 394: Ip Routing Over A Wan (Direct Host) Interface Connection
USER’S GUIDE Host, the remote IP Host may need a proper route entry for the local network where the CyberSWITCH is located. Make corrections to the remote IP Host configuration. Problem: The remote IP Host connected to a WAN interface on the CyberSWITCH does not receive a ping response from the local IP Host.
Page 395: Ip Routing Over Awan Rlan Interface Connection
If the proper interface does not exist, use CFGEDIT to make the necessary corrections. IP Routing Over Interface Connections Verifying IP Routing Over a LAN Interface NTERFACE ONNECTION Remote Device Connectivity. Workgroup Remote Access Switch ROBLEM IAGNOSIS in the...
Page 396: Ip Routing Over A Wan Unnumbered Interface Connection
USER’S GUIDE Verify that the remote bridge device is initiating a call to the CyberSWITCH. Since the CyberSWITCH LAN interface has an IP address assigned with a different network number than the one for the remote IP Host, the remote IP Host may need a proper route entry for the local network where the CyberSWITCH is located.
Page 397: Ip Rip
[IP RIP] Initialization failed, unable to allocate buffers [IP RIP] Unable to open RIP/UDP port 512 Action: There is an unexpected condition present within the CyberSWITCH software. Contact Customer Support. ROBLEM Workgroup Remote Access Switch IAGNOSIS IP RIP...
Page 398: Ip Rip Output Processing On A Lan Interface
USER’S GUIDE IP RIP O UTPUT ROCESSING ON A Problem: The local IP Host does not display the correct route entry, for example, the IP Host does not seem to be learning route information from the CyberSWITCH via RIP. Action: Using the ipnetif Manage Mode command, verify that the IP RIP Send Control is set to a RIP version that the IP Host can understand.
Page 399: Ip Rip Output Processing On A Wan Interface
Refer to page 398 for instructions regarding check RIP versions. Support. WAN I NTERFACE page 398 for instructions regarding check RIP versions. page 398 for instructions regarding checking the WAN I NTERFACE Workgroup Remote Access Switch ROBLEM IAGNOSIS IP RIP...
Page 400: Ipx Routing
USER’S GUIDE Enter the ip rip stats administration console command. Look for the IfStatRcvResponses counter for the interface. This statistics is the number of RIP update messages received on the interface. If the total number of these counters is 0, check the Router to verify that it is configured to send IP RIP update messages.
Page 401: Ipx Routing Over The Remote Lan Connection
Data is not forwarded from the remote bridge to the router over the Remote LAN interface. Action: Check the configuration: Verify Remote LAN interface configuration. Refer to details. LAN C ONNECTION Configuring IPX Network Interfaces Remote LAN Devices Configuring IPX Network Interfaces Workgroup Remote Access Switch ROBLEM IAGNOSIS IPX Routing for details.
Page 402: Ipx Routing Over The Wan Connection
USER’S GUIDE Verify device configuration on remote bridge. Bridge devices should be configured to make calls over the interface defined to go to the router. Problem: The router does not forward typical data (RIP, SAP, Type 20 packets) to the remote bridge. Action: Make sure a call is up.
Page 403: Ipx Routing And Service Tables
Run CFGEDIT. From Options, select IPX Routing. Select IPX SAP Table maximum number... Increase the size of the table based upon your calculations. ABLES Workgroup Remote Access Switch ROBLEM IAGNOSIS IPX Routing and Service Tables...
Page 404: Triggered Rip/Sap Start Up
USER’S GUIDE RIP/SAP S RIGGERED TART Problem: The CyberSWITCH does not display a triggered RIP/SAP starting message for a WAN peer. Action: Verify that the WAN peer is properly configured. Issue the device command in Manage Mode to display the current Device List. Or, you may view the WAN peer list through CFGEDIT, Options, IPX Configuration, Triggered RIP/SAP.
Page 405: Appletalk Routing Initialization
CSX1200 "Site1" WORKGROUP REMOTE ACCESS SWITCH POWER SERVICE 10BASE-T CH-1 SYNC Net Range: 10-11 Zone: Left Zone Local Mac PPLE OUTING NITIALIZATION Problem: The CyberSWITCH does not display the correct AppleTalk Routing Initialization messages. Action: Check the system configuration. Make sure that the AppleTalk feature is enabled for the system.
Page 406 USER’S GUIDE If EtherTalk is selected, and no zones are displayed, then contact your Distributor or Customer Support. If you are using Open Transport, verify that Local Mac has chosen a proper AppleTalk address within the valid network range (this would be 10-11 for the AppleTalk control panel as shown below: If the Network Range is correct and the AppleTalk address is not within that range, then try to close the AppleTalk control panel once, and then reopen it.
Page 407: Appletalk Routing Operational Over The Wan Connection
Make sure that the information on the remote CyberSWITCH (labeled Site 2 in the example network) contains a proper AppleTalk address, and that Make calls for AppleTalk data for the device is enabled. CONNECTION Workgroup Remote Access Switch ROBLEM IAGNOSIS AppleTalk Routing...
Page 408: Snmp
USER’S GUIDE If the remote resources can not be seen even when the connection is up, then make sure the AppleTalk address of the remote device is valid. If the remote device is on an unnumbered network, then AppleTalk an address of 0.0 must be configured for the remote device in the device table.
Page 409 Use CFGEDIT to change the MIB access level of the indicated Community Name to the desired access level or change the configuration of your Network Management Station so that it uses a Community Name that has the desired MIB access level. ROBLEM Workgroup Remote Access Switch IAGNOSIS SNMP...
Page 410: Dial Out
USER’S GUIDE Problem: A Dial Out call was not completed successfully. Action: If you issued the call device <device name> console command to initiate the call, check to see that you entered the device name correctly. Device names are case sensitive. If you issued the call peer <telephone number data rate>...
Page 411: Call Detail Recording
Check that the priority value that you assigned in the CFGEDIT Call Detail Recording menu (default of 38) matches the priority setting on your syslog server (default of auth.info). Cause Code table. If help is necessary to resolve the Workgroup Remote Access Switch ROBLEM IAGNOSIS Call Detail Recording...
Page 412: Compression
USER’S GUIDE OMPRESSION Problem: Compression is not established for a device for which it is expected. Action: Issue the cmp stats console command then issue the dr console command to check the message report log. A message will inform you if the compression failed due to memory constraints.
Page 413: Dhcp: Relay Agent
Check the DHCP configuration. This can be done by using CFGEDIT, or by using the dhcp command from Manage Mode. Make sure that the Relay Agent is enabled. CFG REQ Id=0xEC Len=9 Hist Count: 01 Chk Mode: 0x03 (SEQ#) TERM ACK Id=0xEC Len=4 Workgroup Remote Access Switch ROBLEM IAGNOSIS DHCP: Relay Agent...
Page 414: Relay Agent Operation
USER’S GUIDE If desired, enter MANAGE mode, and use the dhcp change command to enable the Relay Agent. (Note: CFGEDIT can also be used to change the Relay Agent configuration; but the changes will not take effect until the system is restarted.) When Manage Mode is exited, an attempt will be made to enable the Relay Agent.
Page 415: Enabling The Proxy Client
Check the DHCP-related configuration for WAN and WAN (Direct Host) IP network interfaces which should have IP addresses obtained from DHCP servers for them. Use CFGEDIT, or use the ipnetif command from Manage Mode. Correct if necessary. ROBLEM DHCP: Proxy Client Workgroup Remote Access Switch IAGNOSIS...
Page 416: Proxy Arp Operation
USER’S GUIDE Make sure that the maximum addresses to obtain for the interface is non-zero. Make sure that the number of addresses to pre-fetch for the interface is non-zero. The DHCP Server must be configured to distribute addresses to clients on the DHCP Client’s subnetwork.
Page 417 On both platforms, issue the iproute manage mode command to make sure that each system knows about the IP subnet at the other Ethernet segment. If the two IP host devices still can not communicate with each other, contact your Distributor or Customer Support. ROBLEM Proxy ARP Operation Workgroup Remote Access Switch IAGNOSIS...
Page 418: Led Indicators
LED I NDICATORS VERVIEW The front panel of the CyberSWITCH has several LED indicators. The POWER indicator will remain lit while the unit is on. There is a series of three LAN indicators: they will light to indicate transmissions, receptions, or good link integrity on the 10Base-T port. The bank of WAN indicators provide you with the status of each WAN line.
Page 419: Pri Led Indicators
B-CHANNELS B13 B15 B17 B19 B10 B12 B14 B16 B18 B20 Workgroup Remote Access Switch LED I NDICATORS WAN LED Indicators activity E1 ONLY B21 B23 B29 B31 B25 B27...
Page 420: Lanview Leds (Csx1200-E11-Mod)
LANVIEW LED CSX1200-E11-MOD) The LANVIEW LEDs are located on the hub portion of the CSX1200-E11-MOD’s back panel. These LEDs are convenient troubleshooting tools that can help you diagnose power failures, collisions, cable faults, and link problems. There are three categories of LANVIEW LEDs: Receive LEDs, Collision LEDs, and Link LEDs.
Page 421: Nt1 Status Leds (Csx1200-U4-Mod Only)
TATUS The NT1 Status LEDs are located between the S/T and U-interface jacks for each port on the CSX1200-U4-MOD’s back panel. These LEDs are convenient troubleshooting tools to help diagnose NT1 and related link problems on a port-by-port basis. U and S/T active (ON)
Page 422: Service Indicator
USER’S GUIDE ERVICE NDICATOR The Service indicator comes on normally during system power-up, and then goes off. If the Service indicator remains lit or blinks after power-up, it is signaling that something needs attention in the system. Refer to the section below that pertains to the Service indicator’s activity. Also, you may access your administrative console for further information (issue the dr console command to view system messages).
Page 423: Service Indicator Blinks
Communications error during recovery of SSB Incompatibility between FSB* and new SSB versions Currently not used Bad address information contained in SSB received during recovery SSB, received during Recovery, contained a bad checksum for entire image Workgroup Remote Access Switch LED I NDICATORS Service Indicator...
Page 424: Alarm Leds (Pri Only)
Lights up when layer 1 detects a qualified unframed all ones signal. AIS may be generated by intermediate device (the equipment between the 1200 and the switch) when the intermediate device sees an improper receive signal (or lack of signal) from the switch.
Page 425 Lights up when layer 1 has detected a qualified loss of frame condition (excluding AIS). A loss of frame condition occurs when signals are still being received by the switch, but the 1200 can not detect the frames in the receive path.
Page 426 YSTEM ESSAGES VERVIEW System Messages provide useful system information. They are listed in the system’s report log, a memory resident table. To manipulate the report log, use the following commands at the administrative console: dr or ds er or es wr or ws When the CyberSWITCH writes system messages to disk, it stores them in the following locations: Directory:...
Page 427 For point-to-point lines, status messages will more accurately reflect the status of the data link and/or line. This is because the data link remains up even though a call has been terminated. LED Indicators chapter. Note the number of blinks in the Workgroup Remote Access Switch YSTEM ESSAGES Informational Messages...
Page 428 USER’S GUIDE PANNING ESSAGES The Spanning Tree protocol is only supported by the Ethernet-2 interface card. Spanning Tree protocol messages are prefaced with [STP]. During normal operation, when Spanning Tree protocol is enabled, the system may report informational messages such as: [STP] A new Root Bridge has been detected [STP] LAN Port <port #>...
Page 429 Passwords may only be changed via the ACE Server administrator initiation. During an administrative login, the user attempted to change password. ACE only supports password change initiated by ACE Server administrator. AppleTalk routing initialized successfully. This message is posted when the system AppleTalk routing feature has initialized successfully. Workgroup Remote Access Switch...
Page 430 USER’S GUIDE AppleTalk routing RTMP initialization error, AppleTalk disabled AppleTalk is disabled because there is an initialization problem with the Routing Table Maintenance Protocol (RTMP). Contact your distributor or Customer Support. AppleTalk routing ZIP initialization error, AppleTalk disabled AppleTalk is disabled because there is an initialization problem with the Zone Information Protocol (ZIP).
Page 431 The < interface name> is not in the remote Authentication server’s database. The < interface name > is entered incorrectly in the remote Authentication server’s database. YSTEM System Message Summary Workgroup Remote Access Switch ESSAGES...
Page 432 USER’S GUIDE [AUTH] RADIUS IP HOST rejected IP Host id: <IP host Id> The remote Authentication server rejected the IP Host id. This indicates that one of the following has occurred: The <IP Host Id> is not in the remote Authentication server’s database. The <IP Host Id>...
Page 433 The System could not obtain enough internal resources for the user authentication operation. Contact your Distributor or Customer Support. [AUTH] Warning code: 0009 Server failed message digest test A message received from the authentication server did not have the correct authenticator field value. YSTEM System Message Summary Workgroup Remote Access Switch ESSAGES...
Page 434 USER’S GUIDE [AUTH] Warning code: 0010 Received unexpected authentication response code from server A message was received from an authentication server that contained an invalid response message identifier. [AUTH] Warning code: 0011 An unexpected server responded to the access request An access response message was received from an authentication server that is not configured in the System.
Page 435 Call Rejected, No Called TN IE The switch did not deliver an Information Element for the call. This problem normally occurs if you are connected to a point-to-point line and have the System configured for a multipoint line. If you are connected to a multipoint line and get this message, call your phone company and report the problem.
Page 436 USER’S GUIDE Call Restriction statistics reset for new day Call Restriction device information. Call Restriction statistics reset for new month Call Restriction device information. Call Restrictions will allow calls to be made this hour Call Restriction device information. Call Restrictions will allow calls, but this hour is restricted Calls are restricted during this hour but the action configured is to “Warn”.
Page 437 The system will revert to its original level and the upgrade process will not be allowed. Contact your Distributor or Customer Support. Note: Duplicating serial numbers on all systems is a license violation. YSTEM System Message Summary Workgroup Remote Access Switch ESSAGES...
Page 438 USER’S GUIDE Cause <cause code> received for DLCI <dlci index> A CLLM message was received indicating that the PVC associated with the indicated DLCI is subject to the event denoted by the indicated cause code. These events are listed below with their corresponding cause code: Cause Code CB disconnect:(1) Password Incorrect...
Page 439 Monitor Connection window may show brief periods (<1 second) where the indicated Bandwidth suddenly increases and then decreases. This is due to the changeover between Frame Relay and switched calls and is not a problem. YSTEM System Message Summary Workgroup Remote Access Switch ESSAGES...
Page 440 USER’S GUIDE CNTR-TMR:Timed out waiting for TMR <number> interrupt! The i386s specified timer did not respond during a POST testing its interrupt capabilities. The boot process should continue; however, make note of the error message in the event of a future problem. Configured adapter # ’x’...
Page 441 IP network interface’s LAN port on which the DHCP server is to be reached. This will result in no IP addresses being obtained for the network interface in question. Contact your Distributor or Customer Support. Workgroup Remote Access Switch...
Page 442 USER’S GUIDE [DHCP-P] Proxy Client disabled This message indicates that the DHCP Proxy Client has been successfully disabled. This message will appear after the DHCP Proxy Client has been disabled from Manage Mode. [DHCP-P] Proxy Client enabled This message will appear whenever the DHCP Proxy Client has been successfully enabled. This could be during system initialization (if configuration values have enabled it), or after the DHCP Proxy Client has been enabled from Manage Mode.
Page 443 DM card in slot <slot # > in unknown state The Digital Modem card is in an unrecognizable state. Reseat the card in its ISA slot, and/or check the MVIP cabling. If the problem persists, contact your Distributor or Customer Support. Workgroup Remote Access Switch...
Page 444 The system was unable to initialize the Digital Modem in the specified slot correctly. Check all switch and/or jumper settings on the board to ensure they match the values in CFGEDIT. If the board is configured properly, and this message still appears, contact your Distributor or Customer Support.
Page 445 ECP negotiation failed to converge Verify compatible encryption parameters on each side of the link. EDRV transmit error <error code> An error was returned upon the software’s request to transmit a data frame. Contact your Distributor or Customer Support. Workgroup Remote Access Switch...
Page 446 Error loading WAN board, data verify error: adapter ’x’ The WAN card initialization subsystem encountered an error during download verification. The specified adapter card may be faulty. Contact your Distributor or Customer Support. CyberSWITCH switch settings.
Page 447 If seen repeatedly, the above message indicates a problem with your file system. Contact your Distributor or Customer Support. Error reading file \system\ethernet2.bin,section = <file type> The specified section of the LAN adapter executable file could not be read. Check for proper software installation. Workgroup Remote Access Switch...
Page 448 Facility not subscribed - Slot=<slot # > Port=<port # > This probably indicates a SPID configuration error on the indicated line. The configuration should be corrected on the system or the switch. Failed to allocate enough memory for XILINX load file The WAN card initialization subsystem failed to allocate a buffer for use in downloading files.
Page 449 Below are possible error messages and their corresponding definitions: DISC rcvd The Network has sent a Layer 2 DISC (Disconnect), terminating the data link. An attempt will be made to re-establish the data link after a switchtype-dependent delay. YSTEM System Message Summary Workgroup Remote Access Switch ESSAGES...
Page 450 USER’S GUIDE DM rcvd The Network will not allow establishment of the data link at this time. An attempt will be made to re-establish the data link after a switchtype dependent delay. MDL_ERR_RESP rcvd The Network has not responded to TEI requests - no data link was established. An attempt will be made to re-establish the data link after a switchtype dependent delay.
Page 451 The administrator must change the PVC configuration on one of the devices. Frame Relay event queue full Indicates a lack of system resources to handle the level of traffic being experienced. Contact your Distributor or Customer Support. YSTEM System Message Summary Workgroup Remote Access Switch ESSAGES...
Page 452 USER’S GUIDE Frame Relay PVC connection down: Slot=<slot number>, Port=<port number> The Frame Relay PVC connection is down for the indicated slot and port number. Frame Relay PVC connection up: Slot=<slot number>, Port=<port number>, DLCI=<DLCI index> The Frame Relay PVC connection is up for the indicated slot, port, and DLCI index. FrBufFree: error <error code>...
Page 453 A failure was encountered by the IP subsystem during initialization processing. IP made an unsuccessful attempt to add a “static” address to the IP Address Pool. An unknown error code was returned by the IP Address Pool Manager. Contact your Distributor or Customer Support. Workgroup Remote Access Switch...
Page 454 USER’S GUIDE [IPAP] ResMem returned invalid device maximum value (x) A memory allocation failure was encountered by the IP Address Pool Manager during initialization processing. Contact your Distributor or Customer Support. [IP] Cannot get system memory for xxxx There is not enough system memory available for IP software to operate (“xxxx” is a variable name internally used).
Page 455 There is another WAN (Direct Host) type interface that is configured for the LAN port indicated, and it was already initialized successfully. This means that there are multiple WAN (Direct Host) type interfaces configured for the same LAN port. Use CFGEDIT to specify primary or secondary interface. Workgroup Remote Access Switch...
Page 456 USER’S GUIDE [IP] WAN (Direct Host) Interface <WAN interface name>, invalid associated LAN interface <LAN interface name> The WAN (Direct Host) type interface could not come up; the associated LAN network interface, specified by configuration, was not found. Use CFGEDIT to delete old WAN (Direct Host) interface.
Page 457 You can use the packet capture commands to try to determine if a device is advertising an unusual number of routes. If you are unable to track down the problem, contact your Distributor or Customer Support. Workgroup Remote Access Switch...
Page 458 USER’S GUIDE [IP RIP] Unable to open RIP/UDP port 520 The UDP port for RIP was unable to be opened. There are 63 possible UDP ports, and none are available for use at this time. No RIP information can be transmitted or received. Contact your Distributor or Customer Support.
Page 459: Workgroup Remote Access Switch
The internal network number of the system must be changed to ensure proper IPXWAN negotiation to occur. [IPXWAN] IPX Internal Network Number must be configured. You must configure a valid internal network number in order for IPX routing to work properly. Workgroup Remote Access Switch...
Page 460 USER’S GUIDE L3_CallRefSelect Call Reference wrapped Status message indicating that Layer 3’s call reference value has wrapped. If this message is posted frequently, report the problem. LAN Adapter Abort The Ethernet adapter or subsystem is being interrupted as part of the error recovery process. If the system fails to operate normally, or the warning continues to occur, then report the event using the problem reporting form included in Getting Assistance.
Page 461 LAN Port <port # > detected open LAN media The system detected a problem with the physical LAN on the indicated port. The LAN is not properly terminated or the LAN is not fully connected to the system. Check for proper LAN installation. Workgroup Remote Access Switch...
Page 462 USER’S GUIDE LAN Port <port # > detected shorted LAN media The system detected a problem with the physical LAN on the indicated port. The LAN is not properly terminated or the LAN is not fully connected to the system. Check for proper LAN installation.
Page 463 Contact your Distributor or Customer Support. Mild congestion CLLM received for DLCI <dlci index> A CLLM message was received indicating mild congestion may be expected on the PVC associated with the indicated DLCI. Workgroup Remote Access Switch...
Page 464 Mismatch of configured and installed DM card in slot <slot # > The switch and/or jumper settings on the specified Digital Modem card are not properly set to match how the card is configured in software. Check the hardware and software configuration and restart.
Page 465 The indicated line does not support SPIDs; however, a SPID is configured for use on the line. Is the SPID configured incorrectly? Do you have the right switch type? Check the configuration. If the message persists, contact your BRI provider to determine corrective action.
Page 466 No UA seen in response to SABMEs - Slot=<slot # > Port=<port # > Ces=<communication endpoint suffix> Layer 2 cannot be established between the system and the switch. This could be a TEI configuration mismatch between the system and the switch for the indicated line. Check the configuration of the system.
Page 467 TEI to be configured TEI value AUTO is 0 change TEI to be non- if problem happens auto for over 5 minutes, report problem to phone company Workgroup Remote Access Switch YSTEM ESSAGES System Message Summary...
Page 468 USER’S GUIDE [PAP] Remote device rejected System Information <error message> The system received the PAP Authenticate-Nak packet with the error message <error message> against the previous PAP Authenticate-Request sent by the system. The <error message> is from the remote device, and is device-specific. Contact the remote site for assistance. [PAP] Unknown name <name>...
Page 469 RBS_out_SM<channel # >: Timeout waiting for WINK. The system went off-hook and the switch never “winked” back, going off-hook for a specified amount of time and then returning to on-hook. The switch must wink back in order to tell the Workgroup Remote Access Switch...
Page 470 USER’S GUIDE system to start dialing. Contact the telephone company and ensure that the line is configured for wink-start. RBS: Unexpected event chan = <channel # >, state = <state ID> An illegal signaling event occurred in the RBS task on the specified channel. Ensure that the line is configured correctly and that it is using the expected RBS protocol.
Page 471 System Device table. Security Rejection - No Bridge Address given by caller A normal Bridge Security negotiation packet was received, but did not contain a bridge address. Check configuration. If problem persists, contact your Distributor or Customer Support. Workgroup Remote Access Switch...
Page 472 USER’S GUIDE Security Rejection - No Password given by caller A properly formed Bridge Security negotiation packet was received, and the bridge is registered in the system Device Table, but a password is required and none was provided by the calling bridge. Check configuration.
Page 473 [SNMP] Unable to obtain an SNMP Trap queue header The SNMP Agent attempted to generate a TRAP PDU but was unsuccessful because it could not obtain necessary memory. The TRAP was not sent. Contact your Distributor or Customer Support. YSTEM System Message Summary Workgroup Remote Access Switch ESSAGES...
Page 474 USER’S GUIDE SPID FSM got unidentifiable INFO msg - Slot=<slot # > Port=<port # > Ces=<communication endpoint suffix> An unexpected information message was received from the network on the indicated line. If you are having trouble establishing calls on this line, the problem should be reported to your phone company.
Page 475 The remote device will only accept the stream connection if the MTU is set to be > 1514. Check to make sure that the remote device and the CyberSWITCH MTU value is set to > 1514. Workgroup Remote Access Switch...
Page 476 The specified release of System software was successfully loaded into memory. Switch could not recognize phone number nnnnnnn The switch did not accept the phone number dialed as a complete number. Check the correctness of the phone number (including any leading digits such as 8 or 9).
Page 477 The TFTP protocol received a packet that was too big. There may be a problem with the specified file; try replacing it. If this message appears consistently, contact your Distributor or Customer Support. YSTEM System Message Summary Workgroup Remote Access Switch ESSAGES...
Page 478 USER’S GUIDE [TFTP] Local error # 13: Received unexpected opcode <filename> The TFTP protocol received a packet that was not expected. There may be a problem with the specified file; try replacing it. If this message appears consistently, contact your Distributor or Customer Support.
Page 479 The call deflection selection is prior to CCITT 1988 Verify that the facilities provided by the service provider are CCITT 1988. The call has been disconnected A call has been up longer than the amount of time configured and has been taken down. Workgroup Remote Access Switch...
Page 480 Timeout on SPID Exchange - Slot=<slot# > Port=<port # > Ces=<communication endpoint suffix> SPID exchange was not completed in time (i.e., switch never responded to the SPID). Check switch configuration to make sure the correct SPID value has been entered.
Page 481 A Digital Modem dial-out call was attempted, and the system was unable to open a resource to place the call. Using the modem status command, check to ensure that there are usable modems available. If there are, and the problem persists, contact your Distributor or Customer Support. Workgroup Remote Access Switch...
Page 482 USER’S GUIDE Unable to Identify a remote device A device that was not identified by any active security measures (for example, PAP or CHAP) was rejected. Unable to Identify a remote device - <calling line id A device that was not identified by any active security measures (for example, PAP or CHAP) was rejected and is identified by its Calling Line Id.
Page 483 WAN port connections used by the bridge are now entering the specified state. WAN Port is now in the <new state> state The WAN connection port used by the bridge is entering the specified new state. Workgroup Remote Access Switch...
Page 484 USER’S GUIDE WAN: RBS Not Available on this card. A RBS debugging command was attempted on a PRI card that is not configured for RBS. Check the card configuration and ensure you have the proper type of card. Watchdog timeout detected on DM board in slot <slot # > The Digital Modem card in the specified slot is not functioning properly.
Page 485 X25 facilities warning, charge inform not available The service provider does provide charging information. No action required. X25 facilities warning, call redirect notification not available The service provider does provide call redirect information. No action required. Workgroup Remote Access Switch...
Page 486 USER’S GUIDE X25 facilities warning, NUI not available Network device identification not available. No action required. X25 permanent virtual circuit down: Access=<access index>, PVC=<PVC index>, LCN=<LCN> The indicated X.25 virtual circuit is down. Switched backup connections will be used, if available. This message will occur if the other system is down, or if the network interface line is not connected, or if the authentication of the remote device failed.
Page 487 RACE ESSAGES VERVIEW Trace messages include the following categories of messages: Call Trace Messages IP Filter Trace Messages PPP Packet Trace Messages WAN FR_IETF Trace Messages X.25 Trace Messages X.25 (LAPB) Trace Messages Before trace messages can be logged to the system report log, you must first enable the type of trace you would like to use.
Page 488 A feature of the CyberSWITCH console is the ability to save and display a record of the high level ISDN calls between the system and the local telephone switch. If calls are unable to be completed, this is normally the first area to look.
Page 489 These tone values indicate a temporary network failure. Check the outbound phone number and try again. If the problem persists, contact your phone company. Expensive routing tone on Informational call trace message. Workgroup Remote Access Switch...
Page 490 USER’S GUIDE In - ABNORMAL RPT Call Id=<call Id> Slot=<slot # > Port=<port # > ConnId=<connect Id> Ces=<communication endpoint suffix> The system has detected an internal error condition. The <parameters> are included for your Distributor or Cabletron Customer Support. An error message describing the problem should be reported following this trace message.
Page 491 The system has received a call proceeding message from the network. This is usually received in response to sending a call request. The Call Id and Ces values are included for your Distributor or Cabletron Customer Support. The remaining parameters are used to report line details. Workgroup Remote Access Switch...
Page 492 USER’S GUIDE In - PROGRESS Call Id=<call Id> Slot=<slot # > Port=<port # > Chans=<bearer channel map> CauseLoc=<cause location> Cause=<cause value> Signal=<signal value> ProgLoc=<progress location> Prog=<progress value> Ces=<communication endpoint suffix> ConnId=<connect Id> The system has received a call progress message from the network. This is usually received in response to sending a call request.
Page 493 Informational call trace message. It is used to indicate additional details on the <signal value> received in the “call progress” information message. The <tone value> is displayed as one of the following: dial, ring back, answer, call waiting, off hook warning, custom, recall dial, stutter dial, or expensive routing. Workgroup Remote Access Switch...
Page 494 USER’S GUIDE IP F ILTERS RACE ESSAGES You can trace packets that are discarded as a result of IP Filters. Enable this feature by using the ip filter trace discard command, and disable it with ip filter trace off . Note that when you enable this feature, the report log has the potential of filling quickly.
Page 495 Protocol negotiation uses the following commands: Options Negotiated Authentication Protocol (PAP,CHAP) Multilink Protocol (MRRU, Endpoint Discriminator) Password validation Shared Secret validation Compression options Encryption options IP address Bridge options IPX options Appletalk options Workgroup Remote Access Switch RACE ESSAGES PPP Packet Trace Messages...
Page 496 USER’S GUIDE • Configure Request The Configure Request is used to indicate the options that are supported by this sending device. The Request contains an option list and the desired values if they are different from the default value. • Configure ACK The Configure ACK is transmitted in response to a Configure Request.
Page 497 In - X25 Call Connect LCN <logical channel number>, <number of bytes> bytes The DTE has accepted an incoming SVC call. In - X25 Clear Ind LCN <logical channel number>, <number of bytes> bytes An SVC call has been cleared by the DCE. RACE X.25 Trace Messages Workgroup Remote Access Switch ESSAGES...
Page 498 USER’S GUIDE In - X25 CONNECTION CONFIRMATION ConnId=<connection Id> Access=<access index> RemDteAddr=<x121 address or protocol/route id> The system has received a connect message from the network. This indicates that a new call is now established. In - X25 CONNECTION INDICATION ConnId=<connection Id> Access=<access index > RemDteAddr=<x121 address or protocol/route id>...
Page 499 Out - X25 DTE Restart Conf LCN <logical channel number>, <number of bytes> bytes The DTE is confirming that all virtual circuits have been reset. Out - X25 DTE RNR LCN <logical channel number>, <number of bytes> bytes The DTE is not ready to receive more data packets. Workgroup Remote Access Switch...
Page 500 USER’S GUIDE Out - X25 DTE RR LCN <logical channel number>, <number of bytes> bytes The DTE is acknowledging 1 or more data packets received from the DCE. Out - X25 Reset Ind LCN <logical channel number>, <number of bytes> bytes The DCE is resetting a virtual circuit.
Page 501 Out - LAPB SABM The DTE is resetting the link layer. Out - LAPB SABME The DTE is resetting the link layer. Out - LAPB UA The DTE is acknowledging a SABM or SABME from the DCE. Workgroup Remote Access Switch...
Page 502 YSTEM AINTENANCE This grouping of information provides information to help you maintain your CyberSWITCH once it is operating. Note that the included system statistics information may also prove valuable in troubleshooting. We include the following chapters in the System Maintenance segment of the User’s Guide: •...
Page 503 EMOTE ANAGEMENT VERVIEW Once your system is initially configured (and thus assigned an IP address), you may use a variety of methods to remotely access and manage your system. This chapter describes many of these methods. For information on first-time access (either local or remote), refer to The CyberSWITCH has various tools to manage the system remotely.
Page 504 USER’S GUIDE SNMP SITE.HQ Network Management Station WORKGROUP REMOTE ACCESS SWITCH LINE POWER SERVICE 10BASE-T CH-1 SYNC SNMP: The NMS gathers information (including problem reports) from any CyberSWITCH SNMP (Simple Network Management Protocol) is a standard way of monitoring communication devices in IP networks.
Page 505 As an example, the information displayed in the dr command would be located in the MIB structure under: [private] [enterprises] [networkExpress] for background information on SNMP and details on configuring the [ih000] [ih000StatusReports] [ihStatusReportTable] Workgroup Remote Access Switch EMOTE ANAGEMENT SNMP...
Page 506 USER’S GUIDE ELNET IN_A> LAN TEST Telnet Client LAN Test Passed IN_A> LAN TEST LAN Test Passed WORKGROUP REMOTE ACCESS SWITCH LINE POWER SERVICE 10BASE-T CH-1 SYNC Remote 1 Telnet is the standard way of providing remote login service. With Telnet, any user on the LAN or WAN executing a standard Telnet client program can remotely login to the CyberSWITCH and get an CyberSWITCH console session.
Page 507 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH CSX1200 (Sub) Network 2 CSX1200 Can fix configuration problem in SITE2 remotely through SITE1 ISDN LINE LINE LINE LINE POWER SERVICE 10BASE-T CH-1 CH-2...
Page 508 USER’S GUIDE SAGE NSTRUCTIONS To access the CyberSWITCH using Telnet, you must have a Telnet client software package. A Telnet client software package is built into the CyberSWITCH. With the CyberSWITCH acting as the Telnet client, simply enter the telnet <ip address> command to Telnet into the target host.
Page 509 TFTP TFTP Client PC WORKGROUP REMOTE ACCESS SWITCH POWER SERVICE Remote 1 Remote 1 TFTP (Trivial File Transfer Protocol) is the standard way of providing file transfers between devices. With TFTP any WAN or LAN user executing a standard TFTP client program can transfer files to and from the CyberSWITCH.
Page 510 USER’S GUIDE The default file access for the GUEST user is “read” access to all files. The default file access for the ADMIN user is “read” access to the report and statistics files, and “read and write” access to all other files.
Page 511 After you have your setup complete, you must: Minimally configure the remote CyberSWITCH: switch type (US only) b. point-to-point or point-multi-point line SPIDS for DMS-100 and NI-1 lines Configure your local ISDN device using the following information:...
Page 512 CyberSWITCH site or use the call peer command to call the CyberSWITCH without configuring the phone number for the device explicitly. Modify the switch type and the line type (point-to-point or point-multipoint) to match your local ISDN line.
Page 513 YSTEM OMMANDS VERVIEW Two classes of system administration commands are available on the CyberSWITCH: guest commands and administrator commands. Guest commands provide current operational information only, and are available to all security levels. Administrator commands allows access to the complete system command set. The log-in to the system controls command access.
Page 514 USER’S GUIDE logout Terminates the administration session by logging-out the current administrator. You can start another session by using one of the two log-in commands outlined above. pswd Changes the password for the current access level (administrator or guest). Your password must be a 3 to 8 nonblank character string.
Page 515 Displays a help screen outlining all of the commands that are available. br stats Displays the current system packet statistics. Refer to statistics and their definitions. Clears the administration screen. YSTEM Accessing Dynamic Management Upgrading System Software. Bridge Statistics, for a list of available Workgroup Remote Access Switch OMMANDS...
Page 516 USER’S GUIDE Displays the list of connected devices along with the data rate for each device. The output for this command contains the connection time for each device along with a detailed breakdown (per connection type) of channel usage and available data rates. If there is at least one device connected, the display will look as follows.
Page 517 “up” for the line. The dedicated access does not have to be “up” for the interface to be considered “up”. A Primary Rate (Permanent) interface is considered to be down if the serial layer 1 is “down” for the line. Viewing Operational Information Slot Port Status ---- ---- ------ down down Workgroup Remote Access Switch YSTEM OMMANDS...
Page 518 USER’S GUIDE This command pertains to semipermanent connections. This command will list each semipermanent device, as well as the connection status, initial data rate and current data rate for each semipermanent device. The connection status will be one of the following: ONNECTED The system is connected to the device at the initial data rate or greater.
Page 519 To view throughput monitoring for the selected site. Refer to the section titled Throughput Information, for details. <Esc> To exit the Connection Monitor screen. Viewing Operational Information Potential Actual X.25 Frame Relay Workgroup Remote Access Switch YSTEM OMMANDS Statistics, for a list of Viewing...
Page 520 USER’S GUIDE IEWING HROUGHPUT NFORMATION The Throughput Monitor screen displays the system throughput monitoring feature in action. To enter this screen: Issue the mc command to display the connection monitor screen. Use the <arrow keys> to move the cursor down to the specific site for which you would like to view throughput information.
Page 521 <esc> To exit the Throughput Monitor and return to the Connection Monitor screen. AVING PERATIONAL NFORMATION The following commands are used to save system operational information to disk: Writes the current system messages to disk file. YSTEM Saving Operational Information Workgroup Remote Access Switch OMMANDS...
Page 522 USER’S GUIDE Writes the current system statistics to disk file. Note: For details on these disk files, refer to the chapter titled LEARING PERATIONAL The following commands are used to clear current system operational information: Erases the current system messages held in memory. Erases the current system statistics held in memory.
Page 523 Used only when you need to update the system software. It prepares for a software update by rebooting the system. When you receive the message “Waiting for Download,” transfer the new software files to the system via your communications package. SWITCH Workgroup Remote Access Switch YSTEM OMMANDS Restarting the CyberSWITCH...
Page 524 USER’S GUIDE flash recover Specific to the remote upgrade of the Second Stage Boot or when recommended by the Release Notes. The SSB update should be performed only upon recommendation of Customer Support personnel. In the event that it is necessary to upgrade the SSB, this command starts the remote upgrade, and bases its update on the \system\recover1 file.
Page 525 This command will allow you to “ping” a specified device. If the ping is successful, you have connectivity to the device. If it is unsuccessful, you do not have connectivity to the device. The parameters for this command are: YSTEM AppleTalk Routing Commands Workgroup Remote Access Switch OMMANDS...
Page 526 USER’S GUIDE dnet Required parameter. The destination network number. dnode Required parameter. The destination node Id. timeout Optional parameter. The number of seconds to wait for a reply message. The valid range is from 1 to 60 seconds. The default value is 10 seconds. nnnn Optional parameter.
Page 527 For LAN ports only. Indicates the Ethernet resource’s port number associated with this AppleTalk LAN port. physical address For LAN ports only. The device’s MAC address. remote device For WAN UnNumbered ports only. The remote device configured to use this port. YSTEM AppleTalk Routing Commands Workgroup Remote Access Switch OMMANDS...
Page 528 USER’S GUIDE atalk port stats [clear] This command will display or clear current AppleTalk port statistics. Refer to Statistics, for a list of available atalk port statistics and their definitions. atalk route This command will display AppleTalk static route information. A sample output screen is shown below: network range distance...
Page 529 The AppleTalk zone name for the network that the AppleTalk port is connected to. network range Specifies the network range associated with the indicated zone. network range ------------- 225 - 226 236 - 237 Workgroup Remote Access Switch YSTEM OMMANDS AppleTalk Routing Commands...
Page 530 USER’S GUIDE RIDGE OMMANDS The following commands are used to display bridging information and statistics. pkt mac Enables the MAC address monitor display. The MAC Address Monitor screen displays information contained in the LAN frames that are sent over the ISDN connections. The packets represented by the displayed MAC address pairs will not be captured unless the br pkt capture feature is on (enabled).
Page 531 Schultz, and a device configured with the name Schmidt, this message would be displayed. You would then need to enter at least call device Schu to successfully initiate a call to the device Schultz. YSTEM Call Control Commands Workgroup Remote Access Switch OMMANDS...
Page 532 USER’S GUIDE <device name> is not callable Each PPP device in the device database can have one or two phone numbers at which they can be called. This message is displayed if the device has no phone number specified. Re-enter the name, or <RET> to cancel The device name must be re-entered.
Page 533 Calling <phone number> at <data rate>, device PPP The phone number will show what is sent to the switch. Any imbedded dashes will have been removed. The data rate that is used is displayed. If an invalid data rate is entered, the default of 56 Kbps will use used.
Page 534 USER’S GUIDE with the name Schultz, and a device configured with the name Schmidt, this message would be displayed. You would then need to enter at least call device Schu to successfully initiate a call to the device Schultz. Re-enter the name, or <RET> to cancel The device name must be re-entered.
Page 535 <access n> command. The <access n> is the access index that is assigned to each frame relay access during the frame relay access configuration. Compression Information Commands OMMANDS Workgroup Remote Access Switch YSTEM OMMANDS Compression Statistics, for...
Page 536 USER’S GUIDE Note that this command may be used in conjunction with all other fr commands. For example, fr a 1 lmi would be a valid command, changing the frame relay access to 1 before displaying information relating to the LMI link. fr d <DLCI m>...
Page 537 The following commands are used to display IP routing information: ip addrpool Displays the current IP address pool. There are three fields displayed: address, origin, and in use: • address: lists the IP address in the pool YSTEM IP Routing Commands Workgroup Remote Access Switch OMMANDS...
Page 538 USER’S GUIDE • origin: specifies how the IP address has come to be placed into the IP address pool. If the origin is DHCP, the IP address was obtained from a DHCP server. If the origin is STATIC, the IP address was manually configured via CFGEDIT. •...
Page 539 Displays information pertaining to the routing table(s) that are maintained by the IP RIP protocol. The following example screen illustrates the output from this command. Following the table is an explanation of the fields displayed for each route. YSTEM IP Routing Commands Workgroup Remote Access Switch OMMANDS...
Page 540 USER’S GUIDE [System Name]> IP RIP ROUTES Active Routes Destination Subnet-Mask ---------------------------------------------------------------------- 3.2.0.0 255.255.0.0 3.3.0.0 255.255.0.0 192.168.5.0 255.255.255.0 4.4.4.1 255.255.255.255 0.0.0.0 Inactive Routes Destination Subnet-Mask ---------------------------------------------------------------------- 4.0.0.0 255.0.0.0 Destination The route destination. This destination may be a network number, a subnet address, or a host address.
Page 541 <IP address> Displays the routing information for the indicated device. The meaning of each displayed field for a route entry is included in the above ip route command explanation. YSTEM IP Routing Commands Workgroup Remote Access Switch OMMANDS...
Page 542 USER’S GUIDE ip stats Displays the current IP related statistics. Refer to their definitions. IPX R OUTING OMMANDS IPX routing must be enabled before these commands can be used. The following commands are used to display IPX routing information: ipx ipxwan clear Clears IPXWAN statistics.
Page 543 Statistics, for a list of available statistics and IPX Route Statistics. IPX SAP Statistics, for a list of available statistics and IPX General Statistics, for a list of available statistics and Workgroup Remote Access Switch YSTEM OMMANDS IPX Routing Commands...
Page 544 USER’S GUIDE ipx trigreq [device] Generates a triggered RIP/SAP update request to the specified device. You may use this command to initiate an update request to synchronize with the routing database of a particular WAN device. ipx trigrip stats Displays the triggered RIP statistics. Refer to ipx trigsap stats Displays the triggered SAP statistics.
Page 545 Packet capture commands are available for both local and remote (Telnet) connections. The following diagnostic packet commands are available: pkt [on/off] Enables or disables the Packet Capture feature. YSTEM Statistics, for a list of LAN Attachment to determine the reason for the Workgroup Remote Access Switch OMMANDS LAN Commands...
Page 546 USER’S GUIDE pkt capture [all/idle/reqd/pend/actv/none] Specifies which packets will be captured by the Packet Capture feature. A definition of each possible parameter follows. All packets will be captured. none No packets will be captured. reqd Only packets causing a connection to be requested will be captured. pend Only packets received while a requested connection is pending will be captured.
Page 547: Packet Capture Commands
0064 02608C4C0EAD Packet Type Transport Ctl 00,??? Node Socket FFFFFFFFFFFF 0453 RIP 02608C4C0EAD 0453 RIP Workgroup Remote Access Switch YSTEM OMMANDS Packet Capture Commands Type Conn 8137 PEND 8137 PEND 8137 PEND 8137 PEND 8137 PEND 8137 PEND 8137 PEND...
Page 548 USER’S GUIDE Banyan Vines Packet Detail Screen Packet Number Received at Time 0021 Destination Address FFFFFFFFFFFF EtherNet Type is 0BAD, Check Sum Packet Length D75D 0x001A Transport Control Dest Network Dest SubNet FFFFFFFF FFFF Packet Type Network Number Query 126697007 Hit Escape to EXIT Packet Details IP Datagram Detail Screen Packet Number...
Page 549 IP HOST id of the Host logging in (<RET> to abort)? 811145678234567812345678 Send Radius Authentication Request... Please wait [AUTH] Warning code: 0002 Missing required attribute from server. Framed-Data-Rate: 64KB Missing attribute: Device-Name YSTEM RADIUS Commands Workgroup Remote Access Switch OMMANDS...
Page 550 USER’S GUIDE radius ipres Attempts an authentication session using the IP resolution. The following is an example display of the screen. [System Name]>radius ipres IP Address of the Host logging in (<RET> to abort)? 19.63.4.5 Send Radius Authentication Request... Please wait [AUTH] Warning code: 0001 Timeout.
Page 551 For more information regarding the system’s Telnet client feature, refer to the Telnet section of the Remote System Management chapter. YSTEM SNMP Commands SNMP Statistics, for a list of available Statistics, for a list of available Workgroup Remote Access Switch OMMANDS...
Page 552 USER’S GUIDE telnet ? Displays the help screen for the telnet command. The help screen provides the syntax for the command described below. telnet <ip-address> [port number] Begins a Telnet session for the Telnet host at the indicated IP address. The port number is an optional parameter that can be used to specify the destination port number.
Page 553 Typically, Telnet “escape” characters have the form ‘<CTRL><char>‘ (i.e., the CTRL key + some other key must be pressed). The <value> parameter for the “set escape” command may have any of the following values: YSTEM Telnet Commands Workgroup Remote Access Switch OMMANDS...
Page 554 USER’S GUIDE • <CTRL><char>, where <char> is in the range of ASCII 'A' to ASCII '_' • <CTRL><char>, where <char> is in the range of ASCII 'a' to ASCII 'z' (note that lower case letters are converted to upper case before they are used) •...
Page 555 File Transfer Complete... tftp session Displays the TFTP session information of active TFTP sessions. To get detailed information on a specific session, enter the session’s Id number when prompted. You can not display the YSTEM TFTP Commands Workgroup Remote Access Switch OMMANDS...
Page 556 USER’S GUIDE session information for a TFTP session that has terminated. The screen below illustrates the use of this command. > TFTP SESSION Id Sess-Id Local file ---------------------------------------------------------- 5 temp.txt 6 tmp 7 text.txt Select the ID of the TFTP Session to display or <RET> to cancel? 2 TFTP Session ID: Type: Server...
Page 557 This command acts as a toggle switch, enabling or disabling user authentication rejection messages. If enabled, authentication rejection messages (identifying users who generated the messages) are written to the log file. To display the log file, issue the dr console command. This option is initially disabled.
Page 558 USER’S GUIDE sentry ace Attempts an authentication session using ACE. The system will report whether the authentication attempted was successful or rejected. WAN C OMMANDS The following commands are used to display current system WAN diagnostic information: wan fr-ietf stats [device/fr_accessname_dlci] [prot] Displays the current frame relay IETF related statistics.
Page 559 Clears the statistics for the default VC. x25 vc stats Displays the statistics for the default VC. Refer to and their definitions. YSTEM X.25 Commands X.25 Statistics for a list of X.25 Statistics for a list of available statistics Workgroup Remote Access Switch OMMANDS...
Page 560 YSTEM TATISTICS VERVIEW Statistics can either be generated by issuing the ds command to display the set of statistics known as the System Statistics, or by issuing a specific command to display statistics in a specific category. In addition to using the ds command to display the system statistics, they are also automatically written to a statistics log every 30 minutes.
Page 561 You can access these statistics by issuing the ds console command. Overload The number of bandwidth overload conditions. Underload The number of bandwidth underload conditions. Idle The number of idle conditions that caused the last switched connection to be disconnected. TATISTICS Workgroup Remote Access Switch YSTEM TATISTICS Call Statistics...
Page 562 USER’S GUIDE PPLE TATISTICS You may display AppleTalk protocol statistics (subdivided into six subgroups) and AppleTalk port statistics. You can display all six subgroups of the AppleTalk protocol statistics by issuing the atalk stats command, or you can display the individual subgroups by adding an extra variable to the atalk stats command.
Page 563 You can display this subgroup of AppleTalk statistics by issuing the atalk stats echo console command. atechoRequests The number of AppleTalk Echo requests received. atechoReplies The number of AppleTalk Echo replies sent. atechoOutRequests The count of AppleTalk Echo requests sent. Workgroup Remote Access Switch...
Page 564 USER’S GUIDE atechoInReplies The count of AppleTalk Echo replies received. PPLE OUTING ABLE AINTENANCE You can display this subgroup of AppleTalk statistics by issuing the atalk stats rtmp console command. rtmpInDataPkts A count of the number of good RTMP data packets received by this system. rtmpOutDataPkts A count of the number of RTMP packets sent by this system.
Page 565 The number of times the release timer expired, as a result of which a Request Control Block had to be deleted. (NBP) S TATISTICS (ATP) S TATISTICS Workgroup Remote Access Switch YSTEM TATISTICS AppleTalk Statistics...
Page 566 USER’S GUIDE atpRetryCntExceeds The number of times the retry count was exceeded, and an error was returned to the client of ATP. PPLE TATISTICS You can display the AppleTalk port statistics by issuing the atalk port stats console command. portInPackets The number of AppleTalk packets received on this port by this system.
Page 567 This counter reflects the number of reject events that have occurred since the system was loaded. This is an unsigned long integer; it will wrap after 0FFFFFFFF hex or 4,294,967,295 decimal. TATISTICS Workgroup Remote Access Switch YSTEM TATISTICS Bridge Statistics...
Page 568 USER’S GUIDE OMPRESSION TATISTICS The system collects the following compression statistics for each active compression connection. These statistics can be displayed by issuing the cmp stats or the cmp stats <device name> command at the administration console. The cmp stats command will display the compression statistics for all active connections.
Page 569 DHCP/BOOTP msg too small Stat incremented whenever a DHCP/BOOTP message is received with a total length less than the minimum BOOTP header length. Messages that are too small are discarded. YSTEM DHCP Statistics Workgroup Remote Access Switch TATISTICS...
Page 570 USER’S GUIDE DHCP/BOOTP invalid’op’ Stat incremented whenever a DHCP/BOOTP message is received with an’op’ field that is not equal to either BOOTREQUEST or BOOTREPLY. These messages are discarded. DHCP R ELAY GENT TATISTICS BOOTREQUEST msgs rcvd Incremented whenever the system identifies a UDP datagram as a DHCP/BOOTP BOOTREQUEST message.
Page 571 Incremented whenever an unsuccessful result is returned from UDP, when the DHCP Proxy Client was trying to send a DHCDECLINE message. DHCPOFFERSs recd Incremented whenever the DHCP Proxy Client has received a DHCPOFFER message from a DHCP server. Workgroup Remote Access Switch...
Page 572 USER’S GUIDE DHCPACKs rcvd Incremented whenever the DHCP Proxy Client has received a DHCPACK message from a DHCP server. DHCPNAKs rcvd Incremented whenever the DHCP Proxy Client has received a DHCPNAK message from a DHCP server. Invalid DHCP pkts rcvd Incremented whenever the DHCP Proxy Client encounters a DHCP message that is invalid due to either of the following: •...
Page 573 (or frames) was lost. # Invalid Frame Size The number of times a frame is discarded because it exceeded the maximum frame size supported by the frame relay network. # Timed Lost Rx Frame Not currently supported. Workgroup Remote Access Switch...
Page 574 USER’S GUIDE # No Control Block Not currently supported. # NEW & Existing PVC The number of times a NEW PVC was indicated by a LMI STATUS message—but the frame relay software believed the PVC already existed. # PVC Not Configured The number of times a frame was received containing an unknown DLCI value, and hence, an unconfigured PVC.
Page 575 The number of good frames discarded because there were no resources available. pkts xmit The number of packets transmitted on the LAN port. xmit errors The number of packets transmitted with errors on the LAN port. Workgroup Remote Access Switch...
Page 576 USER’S GUIDE IP S TATISTICS You can access IP statistics by using the ip stats console command. These statistics are parts of the IP Group and the ICMP Group MIB variables that are defined in RFC-1213:MIB-II. IP G ROUP TATISTICS ipForwarding The indication of whether the system is acting as an IP gateway in respect to the forwarding of datagrams received by, but not addressed to, this CyberSWITCH.
Page 577 The total number of ICMP messages that the system received. Note that this counter includes all those counted by icmpInErrors. icmpInErrors The number of ICMP messages that the system received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, etc.). Workgroup Remote Access Switch...
Page 578 USER’S GUIDE icmpInDestUnreachs The number of ICMP Destination Unreachable messages received. icmpInTimeExcds The number of ICMP Time Exceeded messages received. icmpInParmProbs The number of ICMP Parameter Problem messages received. icmpInSrcQuenchs The number of ICMP Source Quench messages received. icmpInRedirects The number of ICMP Redirect messages received. icmpInEchos The number of ICMP Echo (request) messages received.
Page 579 The network number portion of the IPX address of this system. ipxBasicSysName The readable name for this system. ipxBasicSysInReceives The total number of IPX packets received, including those received in error. YSTEM IPX Statistics Workgroup Remote Access Switch TATISTICS...
Page 580 USER’S GUIDE ipxBasicSysInHdrErrors The number of IPX packets discarded due to errors in their headers, including any IPX packet with a size less than the minimum of 30 bytes. ipxBasicSysInUnknownSockets The number of IPX packets discarded because the destination socket was not open. ipxBasicSysInDiscards The number of IPX packets received but discarded due to reasons other than those accounted for by ipxBasicSysInHdrErrors, ipxBasicSysInUnknownSockets, ipxAdvSysInDiscards, and...
Page 581 With the CyberSWITCH, the value of this statistic is always 1. With other products, this statistic is useful. Currently, it is not useful for the CyberSWITCH. ripIncorrectPackets The number of times incorrect RIP packets were received. ripState Represents the status of the IPX RIP feature: 1 = disabled, 2 = enabled. Workgroup Remote Access Switch...
Page 582 USER’S GUIDE IPX T RIP S RIGGERED TATISTICS You can access IPX triggered RIP statistics by using the ipx trigrip stats command. trigRipUpdateRequestsSent Number of triggered RIP update requests sent. trigRipUpdateRequestsRcvd Number of triggered RIP update requests received. trigRipUpdateResponsesSent Number of triggered RIP update responses sent. trigRipUpdateResponsesRcvd Number of triggered RIP update responses received.
Page 583 Number of static services configured on this router. Sap Services Number of services learned through SAP from other routers. Total Services Total number of services. Should be equal to the sum of Static and SAP services. YSTEM IPX Statistics Workgroup Remote Access Switch TATISTICS...
Page 584 USER’S GUIDE Maximum Services Maximum number of services this router is configured to handle. Available Services Number of services currently available on this router. High Water Mark Peak number of services this router has used. RIP S TATISTICS You can access RIP statistics by using the ip rip stats console command. Global RIP statistics and statistics for each configured RIP interface are included.
Page 585 The total number of SNMP PDUs that were delivered to the SNMP Agent and for which the value of the error-status field is “noSuchName”. snmpInBadValues The total number of SNMP PDUs that were delivered to the SNMP Agent and for which the value of the error-status field is “badValue”. Workgroup Remote Access Switch...
Page 586 USER’S GUIDE snmpInReadOnlys The total number of valid SNMP PDUs that were delivered to the SNMP Agent and for which the value of the error-status field is “readOnly”. It should be noted that it is a protocol error to generate an SNMP PDU that contains the value “readOnly”...
Page 587 The number of times TCP connections have made a direct transition to the SYN-SENT state from the CLOSED state. tcpPassiveOpens The number of times TCP connections have made a direct transition to the SYN-RCVD state from the LISTEN state. Workgroup Remote Access Switch...
Page 588 USER’S GUIDE tcpAttemptFails The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN-SENT state or the SYN-RCVD state, plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN-RCVD state. tcpEstabResets The number of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSE-WAIT state.
Page 589 Displays the total number of Read Requests received. Write Requests Sent Displays the total number of Write Requests sent. Write Requests Received Displays the total number of Write Requests received. TFTP A LIENT NITIATED CTIVITY CTIVITY Workgroup Remote Access Switch YSTEM TATISTICS TFTP Statistics...
Page 590 USER’S GUIDE Data Packets Sent Displays the total number of Data Packets sent. Data Packets Received Displays the total number of Data Packets received. Error Packets Sent Displays the total number of Error Packets sent. Error Packets Received Displays the total number of Error Packets received. ACK Packets Sent Displays the total number of ACK Packets sent.
Page 591 The number of times layer 1 has detected a qualified loss of frame condition; excluding AIS (alarm indication signal). Loss of Signal (RED) The number of times layer 1 has detected an all zero signal (or complete lack of signal). TATISTICS Workgroup Remote Access Switch YSTEM TATISTICS WAN FR_IETF Statistics...
Page 592 USER’S GUIDE AIS (Blue) The number of times layer 1 has detected a qualified unframed all ones signal. RAI (Yellow) The number of times layer 1 has detected a qualified RAI (remote alarm indication) signal. 1 PRI E AYER RROR TATISTICS Note: Layer 1 PRI error statistics apply to the line connected to the indicated slot.
Page 593 A counter that is incremented each time a WAN board is restarted after it originally comes up. call minutes (day) The total call minutes that have been logged for the day. Workgroup Remote Access Switch...
Page 594 USER’S GUIDE call minutes (month) The total call minutes that have been logged for the month. calls (day) The total number of calls that have been made for the day. calls (month) The total number of calls that have been made for the month. X.25 S TATISTICS There are two sets of statistics available related to an X.25 access: statistics for the access itself, and...
Page 595 You can access these statistics by issuing the x25 vc stats console command. The statistics displayed will be associated with the currently selected default VC. Access Name The name of the access on which this VC resides. LCN index The index assigned to the VC LCN. Workgroup Remote Access Switch...
Page 596 USER’S GUIDE Permanent Virtual Circuit or Switched Virtual Circuit Identifies the type of VC in use. Local Address The local DTE X.121 address. Remote Address The remote DTE X.121 address. # Packets Sent count The number of X.25 data packets sent. # Packets Received The number of X.25 data packets received.
Page 597 OUTINE AINTENANCE VERVIEW The information in this chapter provides instructions for performing routing maintenance on the CyberSWITCH. The information falls into the following categories: • installing/upgrading system software • executing configuration changes • performing a configuration backup and restore • obtaining system custom information NSTALLING PGRADING...
Page 598 USER’S GUIDE changes are NOT dynamic. The changes are saved in a temporary copy of configuration data, and will not affect the current run-time operation of the system in any way. To terminate the session, return to the main CFGEDIT menu. Select the save changes option. Then press <RET>...
Page 599 PPENDICES The User’s Guide includes the following appendices: • System Worksheets We have designed a set of worksheets you can fill out before you begin your CyberSWITCH configuration. Once filled out, they will contain information you will need for the configuration process.
Page 600 Worksheet. This worksheet identifies the following information for each CyberSWITCH in your network: • The resource details for each adapter in your CyberSWITCH. Note the switch type. • Details on each ISDN line attached to your CyberSWITCH. If a line has more than one SPID, use an extra worksheet line to record that SPID and its associated directory number.
Page 601 YSTEM ORKSHEETS Network Topology ETWORK OPOLOGY Workgroup Remote Access Switch...
Page 602 System Name: _____________________ PAP Password:_______________ CHAP Secret:___________________ ESOURCES Type INES BRI Lines Name Slot Port PRI Lines Name Slot CyberSWITCH YSTEM ETAILS Slot Switch type Line type Call screen Port Framing type Line coding Synchronization type SPID Directory number Sig. method Line build-out...
Page 603 Clocking of local DTE Internal Data rate Bearer channels 56 Kbps 64 Kbps Clocking Data rate Internal External Workgroup Remote Access Switch YSTEM ORKSHEETS System Details Line Device tied to this protocol access Line Device tied to this protocol access...
Page 604 USER’S GUIDE Device Name: _____________________________ Calling (ISDN, FR, etc.) Information Line Protocol Base Data Rate Initial Data Rate Max Data Rate Dial-Out Number(s) Authentication Information : PAP Password CHAP Secret IP Host ID Bridge Ethernet Address* Bridge Password* CLID(s) * HDLC Bridge only Protocol for this particular device? Bridge Bridging enabled?
Page 605 IP address Mask Input filters Output filters Name IP address Mask Input filters Output filters Name IP address Mask Input filters Output filters IP address Mask Input filters Output filters Workgroup Remote Access Switch YSTEM ORKSHEETS Bridging and Routing Information...
Page 606 USER’S GUIDE IP R OUTING CONTINUED Static Routes Destination network address IPX R OUTING Routing Information IPX routing Internal network number Network Interface Information Name External network number Remote LAN Name External network number Static Routes Destination network number NetWare Static Services Service name CyberSWITCH Mask...
Page 607 Zone name(s) Name Network type extended nonextended Netwk range/ number AppleTalk address Zone name(s) Next hop Next hop address name Workgroup Remote Access Switch YSTEM ORKSHEETS Bridging and Routing Information extended extended nonextended nonextended extended extended nonextended nonextended extended extended...
Page 608 CFGEDIT M VERVIEW The following pages provide an outline of the CyberSWITCH CFGEDIT configuration utility. As you configure your system, you may find it helpful to use this outline as a map to help you navigate through CFGEDIT. Note: All options listed may not be available on your particular system. The availability of these options depends upon the platform and software you have ordered, as well as your configuration choices.
Page 609 Data rate Bearers list Line protocol HDLC FR DBU Device name • X.25 Name Data rate X.121 address Bearers list LAPB info • Frame Relay Data rate Bearers Access info PVCs Workgroup Remote Access Switch CFGEDIT M Physical Resources Menu...
Page 610 USER’S GUIDE PTIONS RIDGING • Enable/Disable • Spanning Tree • Mode of Operation unrestricted, restricted • Bridge Filters protocol definition filters (source, destination, protocol, packet data) • Known Connect List IP R OUTING • Enable/Disable • IP Operating Mode (host/router) •...
Page 611 Isolated Mode SNMP • Enable/Disable • Community info • Trap info B-channel usage authentication failures • MIB2 group objects • Global options • LCP options • IPCP options • Link failure options CFGEDIT M Options Menu Workgroup Remote Access Switch...
Page 612 USER’S GUIDE ONTROL • Throughput Monitor • Call Interval • Monthly call charges • Call Restrictions • Device Profile • Bandwidth Reservation • Semipermanent Connection • VRA Manager for Call Control enable/disable TCP port number EFAULT ROTOCOL • Action Timeout •...
Page 613 On-node Device Database (Enable/Disable) • On-node Device Entries (by name) ISDN line protocol data rate dial out numbers subaddress Frame Relay X.25 SVC, PVC Digital Modem line protocol baud rate bearer capability dial out numbers CFGEDIT M Security Menu Workgroup Remote Access Switch...
Page 614 USER’S GUIDE Authentication PAP password CHAP secret outbound authentication user level authentication IP host ID bridge Ethernet calling line ID IP information IP address IP enable/disable make calls for IP data enable/disable calls for IPX data IPXWAN IPX routing none RIP/SAP trig RIP/SAP IPX spoofing...
Page 615 (SDI or DES) source IP address Load Server Configuration file ETWORK OGIN NFORMATION • Network login configuration (Terminal Server Security) • Network login banners • Login configuration RADIUS • Login configuration TACACS CFGEDIT M Security Menu Workgroup Remote Access Switch...
Page 616 The System Problem Report has been designed as a FAX form. Please fill in all information in this area before you FAX the report to Cabletron Systems. If you plan to mail the System Problem Report, please fill in the company information in this section for reference information.
Page 617 OFTWARE Release: __________ Issue: __________ ARDWARE Platform __ CSX154 __ 9W006-200 __ CSX155 __ 9W006-400 __ CSX1000 __ 9W006-220 __ CSX1200 __ 9W007-200 __ CSX5500 __ 9W007-400 __ CSX6000 __ 9W007-220 __ CSX7000 ROBLEM Type __ Hardware __ Software __ Unknown...
Page 618 DMINISTRATIVE The following table lists all system administration commands. Guest commands are identified in the command column. Command (GUEST) autobaud atalk arp atalk ping <dnet>.<dnode> {timeout/dnnn] example: atalk ping 1.3 30 /d200 atalk port atalk port stats [clear] atalk route atalk stats atalk stats atp atalk stats ddp...
Page 619 <frame relay access “n”> sets frame relay access index to “n” as default context for all subsequent “fr” console commands DMINISTRATIVE Workgroup Remote Access Switch ONSOLE OMMANDS ABLE...
Page 620 USER’S GUIDE Command fr clear fr clearall fr cong fr d <DLCI “m”> fr dbg level fr dbg level <level> fr display fr lmi fr stats ip addrpool ip arp ip filter trace <discard> <off> ip ping <host ip address> ip rip interface ip rip routes ip rip send...
Page 621 (GUEST) terminates a session manage switches the system to the Manage Mode, allowing Dynamic Management to operate (GUEST) displays connection monitor screen DMINISTRATIVE useful for displaying Release Notes (“list rel_notes.txt”) Workgroup Remote Access Switch ONSOLE OMMANDS ABLE...
Page 622 USER’S GUIDE Command neif pkt capture <connection mode> pkt mac pkt [on/off] pkt display pkt load <filename> pkt save <filename> pswd (GUEST) radius chap radius iphost radius ipres radius macres radius pap recover restore restart sentry ace sentry radius sentry status sentry log session session kill <session id>...
Page 623 SSB for download of software via XMODEM (GUEST) displays current software version and hardware resource revision information wan fr-ietf stats [device/ displays WAN frame relay connection information for fr_accessname_dlci] [prot] devices configured for the FR_IETF line protocol DMINISTRATIVE Workgroup Remote Access Switch ONSOLE OMMANDS ABLE...
Page 624 USER’S GUIDE Command wan fr-ietf trace [on/off] [in/out] [device/fr_accessname_dlci] [prot] wan stats x25 clear x25 clearall x25 display [access name] (GUEST) x25 l <LCN “m”> (GUEST) x25 p <access name> (GUEST) x25 stats [l <access name>] (GUEST) x25 vc <LCN “m”> x25 vc active x25 vc clear x25 vc stats...
Page 625 ANAGE OMMANDS The following table displays the available Dynamic Management commands: Command ace change ace reinit admlogin [change] alarm alarm [off/on] bwres bwres [on/off] callrest callrest [off/on] commit commit status datalink datalink [add/change/delete] dedacc destfilt destfilt [add/change/delete] device device [add/change/delete] dhcp dhcp change exit...
Page 626 USER’S GUIDE Command fileattr fileattr change help ipfilt ipnetif ipradius ipradius off ipradius on iprip iprip [off/on] iproute iproute [add/change/delete] ipxaddrpool ipxaddrpool [add/change/delete] ipxinet ipxiso ipxnetif ipxnetif [add/change/delete] ipxrip ipxrip [off/on] ipxroute ipxroute [add/change/delete] ipxsap ipxsap [off/on] ipxsvc ipxsvc [add/change/delete] ipxspoof CyberSWITCH displays the current user file access rights (guest or admin)
Page 627 [add/change/delete] adds/changes/deletes the a source address filter tacacs displays TACACS off-node server configuration tacacs change allows changes to the TACACS off-node server configuration adds/deletes a semi-permanent connection Workgroup Remote Access Switch ANAGE OMMANDS ABLE...
Page 628 USER’S GUIDE Command tftp tftp change thruput thruput change vra change CyberSWITCH displays the current TFTP configuration allows the current TFTP configuration to be changed displays the current throughput monitor configuration data allows the current throughput monitor configuration data to be changed displays current VRA manager configuration data allows you to change the VRA TCP port number...
Page 629 AUSE ODES ABLE The following table provides Q.931 cause codes and their corresponding meanings. Cause codes may appear in Call Trace Messages. Dec Value Hex Value Q.931 Cause valid cause code not yet received unallocated (unassigned number) Indicates that, although the ISDN number was presented in a valid format, it is not currently assigned to any destination equipment.
Page 630 USER’S GUIDE Dec Value Hex Value CyberSWITCH Q.931 Cause no answer from device (device alerted) Indicates that the destination has responded to the connection request but has failed to complete the connection within the prescribed time. Problem at remote end. call rejected Indicates that the destination was capable of accepting the call (was neither busy nor incompatible) but rejected the call for some reason.
Page 631 X.213) could not be provided by the network. This may be a subscription problem. requested facility not subscribed Indicates that the remote equipment supports the requested supplementary service but that this is available only by subscription. reverse charging not allowed AUSE ODES Workgroup Remote Access Switch ABLE...
Page 632 USER’S GUIDE Dec Value Hex Value CyberSWITCH Q.931 Cause outgoing calls barred outgoing calls barred within CUG incoming calls barred incoming calls barred within CUG call waiting not subscribed bearer capability not authorized Indicates that the device has requested a bearer capability that the network is able to provide, but that the device is not authorized to use.
Page 633 Indicates that the receiving equipment received a message that did not include one of the mandatory information elements. D-channel error. If this error is returned systematically, report the occurrence to your authorized service provider. AUSE ODES Workgroup Remote Access Switch ABLE...
Page 634 USER’S GUIDE Dec Value Hex Value CyberSWITCH Q.931 Cause message type non-existent or not implemented Indicates that the receiving equipment received a message that was not recognized either because the message type was invalid, or because the message type was valid but not supported. This is either a problem with the remote configuration or a problem with the local D-channel.
Page 635 Indicates that an event occurrent but that the network does not provide causes for the actions that it takes, therefore the precise nature of the event cannot be ascertained. This may, or may not, indicate the occurrence of an error. Workgroup Remote Access Switch...
Page 636 USER’S GUIDE NDEX 184, 187 access request retries accesses alternate accesses X.25 accessing the CyberSWITCH ACE Authentication Server alternate method of configuring configuring active WAN peer adapters configuring adapters overview 70, 513 admin admin login names administration commands administration console requirements alarm LEDs AMI encoding...
Page 637 Console Information Port (CIP), refers to RS232 port country code 90, 97 cr stats 61, 97 CSX1200-E11-MOD installation CSX1200-U4-MOD LEDs custom information data links database timer (triggered RIP/SAP) datalink date D-CHAN indicator decompression statistics...
Page 638 H0 call support hardware verification HDLC bridge devices HDLC data polarity 85, 515 help hold-down timer (triggered RIP/SAP) hunt group ICMP ICMP group statistics idle condition initial data rate initialization messages installation CSX1200-E11-MOD requirements 246, 252...
Page 639 277, 280 remote LAN interface RIP table size routing tables SAP table size service tables statistics triggered RIP/SAP verification WAN interface IPX WAN protocol ipxinet ipxiso ipxnetif ipxrip ipxroute ipxsap ipxsvc ipxt20 Workgroup Remote Access Switch...
Page 640 USER’S GUIDE ISDN configuration elements ordering profile information provisioning settings isdn isolated mode known connect list LAN adapter problem diagnosis verification messages LAN connection operation verification LAN IP interface LAN LED indicators LAN statistics lan test LANVIEW LEDs LAPB LED indicators alarm LANVIEW NT1 status...
Page 641 70, 514 pswd 201, 206, 210 PVCs configuration elements 181, 549 radius RADIUS Server configuring static route lookup rate measurement interval readme receive LEDs recover 89, 90 region release notes remote device connectivity operation verification Workgroup Remote Access Switch 180, 182...
Page 642 USER’S GUIDE 114, 273, 277, 295 remote LAN problem diagnosis verification remote management SNMP Telnet TFTP reporting problems requirements verification procedures resource 88, 90, 91 resources See also adapters restart restore restoring configuration 221, 230 restricted bridge mode retransmission timer (triggered RIP/SAP) RIP (IP) and dedicated connections and interfaces...
Page 643 IP filters PPP packet summary WAN FR_IETF X.25 transmit broadcast address triggered RIP/SAP commands description device information 291, 292 global timers problem diagnosis 582, 583 statistics verification 244, 251, 255 184, 186 port number statistics Workgroup Remote Access Switch...
Page 644 USER’S GUIDE underload condition unrestricted bridge mode update upgrade path directories upgrading software user level authentication user level databases 133, 140 user level security 140, 177 configuration configuration specific to IPX device and user level security login banner files utility commands VCCI notice verification module installation...

This manual is also suitable for:

Csx1000 Cyberswitch 1000 Cyberswitch 1200

Cabletron Systems CSX1200 User Manual

Using this Guide

System Overview

Hardware Overview

Software Overview

System Installation

Ordering ISDN Service (US Only)

Hardware Installation

Accessing the Cyberswitch

Upgrading System Software

Basic Configuration

Configuration Tools

Configuring Resources and Lines

Configuring Basic Bridging

Configuring Basic IP Routing

Security

Security Overview

Configuring Security Level

Configuring System Options and Information

Configuring Device Level Databases

Configuring User Level Databases

Configuring Off-Node Server Information

Configuring Network Login Information

Advanced Configuration

Configuring Alternate Accesses

Configuring Advanced Bridging

Quick Links

Related Manuals for Cabletron Systems CSX1200

Summary of Contents for Cabletron Systems CSX1200