Download Print this page

Bay Networks 5390 Administering

Communications server

Hide thumbs Also See for 5390:

Installation manual (114 pages)

,

Release note (108 pages)

,

Release notes (64 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual

Administering the

Model 5390

Communications Server

Bay Networks, Inc. Corporate Headquarters

4401 Great America Parkway

Santa Clara, CA 95054

February 1996

*893-741-B*

8 Federal Street

Billerica, MA 01821

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the 5390 and is the answer not in the manual?

Questions and answers

Summary of Contents for Bay Networks 5390

Page 1: Communications Server
Administering the Model 5390 Communications Server Bay Networks, Inc. Corporate Headquarters 4401 Great America Parkway Santa Clara, CA 95054 February 1996 *893-741-B* 8 Federal Street Billerica, MA 01821...
Page 2 © 1996 by Bay Networks, Inc. All rights reserved. Trademarks Bay Networks, Optivity, and Xylogics are registered trademarks of Bay Networks, Inc. Bay Networks Press, Annex and Annex Manager are trademarks of Bay Networks, Inc. Other brand and product names are registered trademarks or trademarks of their respective holders.
Page 3: Table Of Contents
Chapter A1 Model 5390 Capabilities ......A1-2 Network Administrator (na) Utility ..... . A1-2 Command Line Interpreter (CLI) .
Page 4 Using the Trivial File Transfer Protocol ....A2-14 Using Model 5390 Security ......A2-14 Using Name Servers .
Page 5 How TSTTY Interacts with Model 5390 Port Parameters ... . A4-18 Configuring the Model 5390 Server for TSTTY....A4-21 Naming the TSTTY Devices .
Page 6 Modem Signals ....... . A6-1 Setting Model 5390 Port Configuration Parameters for Modems ..A6-3 Outbound Modems .
Page 7 Configuring SLIP for Dial-in ......A7-10 Configuring SLIP for Dial-out ..... . . A7-12 Routing Across a SLIP Link (Basic Passive RIP) .
Page 8 AppleTalk Remote Access Protocol (ARAP) ....A10-1 Configuring the Model 5390 Server for AppleTalk ....A10-1 AppleTalk-specific Configuration Parameters .
Page 9 AppleTalk-specific Serial Line Port Parameters... . A10-5 arap_v42bis ......A10-6 at_guest .
Page 10 Obtaining Network Addresses .....A12-12 Setting the Model 5390 IP Address ....A12-12 Subnetting Using Subnet Masks .
Page 11 Displaying RIP Statistics ......A12-63 Displaying the Model 5390 Routing Table ....A12-64 Displaying the route cache .
Page 12 Self-booting without a Local Ethernet Interface ....A14-49 Using the Model 5390 FTP Daemon ..... . .A14-49 Installing a Time Server .
Page 13 Accessing LAT from a Virtual CLI ....A14-57 Accessing LAT from a Model 5390 Server Port ... A14-57 Reverse LAT .
Page 14 New-PIN Mode .......A15-57 Configuring the Model 5390 Server for Use with SecurID ...A15-58 Integrating SecurID into ACP .
Page 15 SafeWord Backup Security ......A15-69 Configuring Security for the Model 5390 FTP Daemon ... . . A15-70 Configuring the IP Basic Security Option (IPSO) .
Page 16 Managing the ARP Table ......B1-21 Monitoring Model 5390 Activity ......B1-21 Logging User and Model 5390 Events .
Page 17 TMux-specific Model 5390 Parameters versus MIB Objects ..B2-22 IPX-specific Model 5390 Parameters versus MIB Objects ..B2-22 T1-specific Model 5390 Parameters versus MIB Objects ..B2-23 Interface Parameters versus MIB Objects .
Page 18 Contents alarmsyslog ....... . . C2-10 allow_broadcast ....... C2-10 allow_compression .
Page 19 Contents erase_char ........C2-23 erase_line ........C2-23 erase_word .
Page 20 Contents login_password ....... C2-34 login_port_password ......C2-34 login_prompt .
Page 21 Contents ppp_ipx_network .......C2-47 ppp_ipx_node ....... . .C2-47 ppp_mru .
Page 22 ........C2-60 subnet_mask (Model 5390) ......C2-60 subnet_mask (port) .
Page 23 tni_line_buildout .......C2-66 tni_line_code ....... . .C2-67 tni_ones_density .
Page 24 Contents more ........C3-31 mv .
Page 25 Summary of All Parameters......D1-3 Model 5390 Parameters ......D1-31 AppleTalk-specific Model 5390 Parameters .
Page 26 Variable Arguments ......D1-66 Model 5390 Processes ......D1-66...
Page 27 . Connecting a Single Host Using SLIP... . . A7-5 . Connecting a Remote Model 5390 Server ... A7-6 . PPP Link Connecting Two Subnets ....A8-5 .
Page 28 Figures xxviii 893-741-B...
Page 29: Commands
Network Classes ..... . . A12-10 RIP-specific Model 5390 Parameters ... . A12-18 Interface Parameter Settings .
Page 30 Tables Table A14-3. Table A14-4. Table A14-5. Table A14-7. Table A14-8. Table A14-9. Table A14-10. Table A14-11. Table A14-12. Table A14-13. Table A14-14. Table A14-15. Table A14-16. Table A15-1. Table A15-2. Table A15-3. Table A15-4. Table A15-5. Table A15-6. Table A15-7. Table A15-8.
Page 31 SNMP Commands Supported by the Model 5390 ServerB2-7 Standard MIBs Supported by the Model 5390 Server ..B2-10 RFC 1213 MIB-II Objects ....B2-11 RFC 1243 AppleTalk.
Page 32 The Superuser procs Command Display ... C3-45 Model 5390 Processes ....C3-46 Arguments for the queue Command .
Page 33: Appletalk-Specific Model 5390 Parameters
All Parameters ......D1-3 Model 5390 Parameters ....D1-31 AppleTalk-specific Model 5390 Parameters .
Page 34 Variable Arguments ..... D1-66 Model 5390 Processes ....D1-66...
Page 35: Preface
The Model 5390 Communications Server is a communications server for operating in heterogenous network environments. The Model 5390 server can communicate with any system that supports the TCP/IP, LAT, and ARA protocols. The Model 5390 TCP/IP implementation is derived from the 4.3BSD tahoe distribution of UNIX, as are the implementations of several higher-level Internet protocols.
Page 36: Conventions
• A basic familiarity of UNIX systems and network administration in general, with the host operating system, and with the serial devices connected to the Model 5390 server. • A good understanding of the versions of UNIX distributed by the University of California at Berkeley, 4.2BSD and 4.3BSD, or versions of System V.
Page 37 Other Conventions This guide uses the following typographical conventions: In examples, special type indicates system output. special type Bold special type indicates user input. special type lowercase bold Lowercase bold indicates commands, path names, or ﬁle names that must be entered as displayed. lowercase italics In the context of commands and command syntax, lowercase italics indicate variables for which the user supplies a value.
Page 38: Related Publications
Preface Related Publications For more information about using the Model 5390 Communications Server, refer to the following publications: • Installing the Model 5390 Communications Server (Bay Networks part number 893-738-A) Provides detailed installation instructions for the Model 5390 Communications Server software and hardware.
Page 39 Using the Annex Manager Graphical User Interface (Bay Networks part number 893-857-A) Provides instructions on using the graphical user interface to quickly and easily conﬁgure one or more Model 5390 Communications Servers. • Installing the TSTTY and TMux Software Modules (Bay Networks part number 893-900-A) Includes instructions for using the TSTTY and TMux software modules.
Page 40: Ordering Bay Networks Publications
Preface Ordering Bay Networks Publications To purchase additional copies of this document or other Bay Networks publications, order by part number from Bay Networks Press • Phone: 1-800-845-9523 • FAX—U.S./Canada: 1-800-582-8000 • FAX—International: 1-916-939-1010 You can also use these numbers to request a free Bay Networks Press catalog. Bay Networks Customer Support Bay Networks provides live telephone technical support to our distributors, resellers, and service-contracted customers from two U.S.
Page 41: Compuserve
Preface ™ To purchase any of these support programs, including PhonePlus for 24-hour telephone technical support, call 1-800-2LANWAN. Outside the U.S. and Canada, call (408) 764-1000. You can also receive information on support programs from your local Bay Networks ﬁeld sales ofﬁce or purchase Bay Networks support directly from your reseller.
Page 42: Infofacts
Preface InfoFACTS InfoFACTS is the Bay Networks free 24-hour fax-on-demand service. This automated system contains libraries of technical and product documents designed to help you manage and troubleshoot your Bay Networks products. The system can return a fax copy to the caller or to a third party within minutes of being accessed.
Page 43: How To Get Help
How To Get Help For additional information or advice, contact the Bay Networks Technical Response Center in your area: United States 1-800-2LANWAN Valbonne, France (33) 92-966-968 Sydney, Australia (61) 2-903-5800 Tokyo, Japan (81) 3-3288-0331 893-741-B Preface xliii...
Page 44 Preface xliv 893-741-B...
Page 46 Part A Conﬁguration Procedures • Chapter A1, “Introduction to the Model 5390 Server” • Chapter A2, “Conﬁguring the Model 5390 Server” • Chapter A3, “Conﬁguring Ports” • Chapter A4, “The Port Server and Rotaries” • Chapter A5, “Printers” • Chapter A6, “Modems”...
Page 47 Tables • Chapter A11, “Dial-up Networking” • Chapter A12, “Internet Protocol (IP) Routing” • Chapter A13, “Filtering” • Chapter A14, “Conﬁguring Hosts and Servers” • Chapter A15, “Using Model 5390 Security” 893-741-B xlvii...
Page 49: Chapter A1
Introduction to the Model 5390 Server The Model 5390 server increases both the accessibility and the power of an Ethernet local area network (LAN). With the Model 5390 server, you can attach virtually any serial device(s) to the network. The Model 5390 server supports and manages these devices, and provides many applications for connecting users and resources on the network (see Figure A1-1).
Page 50: Model 5390 Capabilities
Introduction to the Model 5390 Server Model 5390 Capabilities Devices attached to the Model 5390 server can easily access, or be accessed by the network. The Model 5390 Annex software provides network management tools and routing capabilities for managing the connections between these devices. The Annex software can be transparent to a UNIX host and to the application running on that host.
Page 51: Customizing The User Interface
Or, create menus that hide the command interface, but provide the user with the appropriate selection of options. Loading Files Model 5390 ﬁles can be loaded from a host using either the trivial ﬁle transfer protocol (tftp), the expedited remote procedure call daemon (erpcd), or the self-boot option. •...
Page 52: Extensive Security System
– where at least one host on the network is functioning as a security server, and local password protection – where the passwords are stored on the Model 5390 server. Optionally, you can use local password protection as a back-up to host-based security. You can conﬁgure the following security checkpoints:...
Page 53: Port Servers And Rotaries
• The port server supports rotaries A rotary is a set of ports grouped together so that users can address them—and the Model 5390 server can manage them—as one resource. You can assign names to rotaries. Using rotaries, you can: assign multiple rotaries to one Model 5390 server with each rotary having its own name;...
Page 54: Unix Host-Originated Connections
The rtelnet utility is more flexible; it supports many types of existing applications, and establishes telnet connections between a serial line on the Model 5390 server and a character special file on a host. The rtelnet utility is the Model 5390 server-specific reverse Telnet utility that runs on top of the pseudo-terminal facility provided by UNIX hosts;...
Page 55: Network Management
The Model 5390 server can build host tables by listening to and extracting host names from RWHO packets. Although RWHO is not a name server, the Model 5390 server can use it as one. Using RWHO is adequate for small networks in which all hosts broadcast RWHO packets.
Page 56: Full Routing
Passive routing in which the Model 5390 server uses the Routing Information Protocol (RIP) to learn routes. • Active routing in which the Model 5390 server uses RIP to advertise learned routes. (The network administrator enables this feature by setting the option_key parameter to a value obtained from the Model 5390 supplier).
Page 57: Applications For The Model 5390 Server
By running PPP, SLIP, or CSLIP, the user can connect a PC to the network using a serial port attached to the Model 5390 server. The PC behaves as an IP host on the network, allowing host connectivity via Telnet, mail service via SMTP, and ﬁle transfers via FTP. All Internet services are available just as if the PC is connected directly to the network.
Page 58: Connecting Modems
LAN. Modems attached to the Model 5390 server can be grouped into a modem pool, which is easier to manage than when modems are attached to several different computers. Also, the Model 5390 security system adds a level of protection beyond that provided by individual hosts.
Page 59: Connecting Apple Powerbook And Macintosh Computers Using Ara
Connecting Hosts Without a Network Interface The Model 5390 server can act as front end to a host lacking a network interface by providing that host with an interface. By attaching the host’s serial lines to the Model 5390 serial ports, users on the network can access the host through the Model 5390 server using the Telnet protocol.
Page 60 Introduction to the Model 5390 Server A1-12 893-741-B...
Page 61: Chapter A2 Configuring The Model 5390 Server
Chapter A2 Conﬁguring the Model 5390 Server Conﬁguring the Model 5390 server involves setting parameters to deﬁne the unit’s necessary operating and administrative attributes. These administrative attributes include: • Deﬁning Internet addresses for the Model 5390 server. • Deﬁning the preferred hosts for booting and dumping.
Page 62: Using The Na Utility
The set annex command allows you to change any setting. All parameters have default settings. Some of these parameters must be set using the ROM Monitor before booting the Model 5390 server with its operational code. For more details, refer to Installing the Model 5390 Communication Server.
Page 63 The following sample command lines: • Enable the DNS name server. • Deﬁne two name server hosts. • Enable security on the Model 5390 server. • Deﬁne a security server host. • Enable security for virtual CLI connections. • Deﬁne an administrative password.
Page 64 Conﬁguring the Model 5390 Server VCLI Parameters max_vcli: unlimited vcli_password: "<unset>" Nameserver Parameters nameserver_broadcast: N pref_name1_addr: 192.9.200.95 pref_name2_addr: 192.9.200.85 host_table_size: 64 Security Parameters enable_security: Y pref_secure1_host:192.9.200.95 network_turnaround: 2 acp_key: "<unset>" allow_snmp_sets: N passwd_limit: 3 Time Parameters time_broadcast: N timezone_minuteswest: 300...
Page 65 Model 5390 servers. • Deﬁne the parameters for one Model 5390 server and use the write command to create a script ﬁle with all conﬁguration data for that Model 5390 server. Next, execute the read command for all Model 5390 servers you want to conﬁgure.
Page 66: Using The Cli Admin Command
CLI prompt. For more details, see admin on page C3-10. NOTE: The admin command functions only on the local Model 5390 server. When issuing admin with command line arguments (not as a subsystem) you must include the port_set.
Page 67 "<unset>" allow_snmp_sets: N passwd_limit: 3 Time Parameters time_broadcast: N timezone_minuteswest: 300 SysLog Parameters syslog_mask: all syslog_host: 192.9.200.95 893-741-B Conﬁguring the Model 5390 Server subnet_mask:255.255.255.0 pref_dump_addr:132.245.33.8 broadcast_addr:132.245.44.255 load_dump_sequence: net motd_file: "motd" authoritative_agent: Y server_capability: none tftp_load_dir: "" ipencap_type: ethernet ip_forward_broadcast: N option_key: "OHCg0C52T"session_limit: 1152...
Page 68 "" ipx_dump_username: "" ipx_dump_path: "" TMux Parameters tmux_enable: N tmux_max_mpx: 700 Execute either boot or reset annex all to effect these changes at the Model 5390 server. A2-8 login_prompt: "#" facility_num: 0 lat_queue_max: 4service_limit: 256 circuit_timer: 8 vcli_groups: nonemulticast_timer: 30 node_id: 0.0...
Page 69: Local File System
The Model 5390 Internet address is deﬁned in the inet_addr parameter. This address must be set prior to downloading the operational code to the Model 5390 server. To do so, use the ROM monitor addr command during the Model 5390 initial installation. You can reset the address at any time thereafter by changing the inet_addr parameter.
Page 70: Booting And Dumping
(self-boot). The Model 5390 server boots each time it is powered up and upon receipt of a boot command. The Model 5390 server can dump to a ﬁle server or a host running tftp. The Model 5390 server performs a dump upon receipt of either the na command dumpboot or the superuser CLI boot –d command, or automatically when it detects fatal internal errors or failures.
Page 71: Setting The Preferred Dump Host
The server_capability parameter defines the Model 5390 server as a file server host. The Model 5390 Server can provide operational code only for another Model 5390 server of the same type. When the Model 5390 server boots, it uses the image file to load the operational code, and the configuration file 893-741-B...
Page 72: Disable Broadcasting For Files During A Boot
The Model 5390 server normally does not store these files because they use memory. As a file server host, the Model 5390 server uses approximately 120 KB for the operational code; for the message-of-the-day (motd) and configuration files, it uses the amount of space relative to the size of the files.
Page 73: Self Booting
Using SLIP for Booting and Dumping You can load and dump the Model 5390 server over the local area network or over a serial line using the Serial Line Internet Protocol (SLIP). The default is to use the local area network. The load_dump_sequence parameter specifies which network interfaces are to be used for a load or a dump and the order in which they are to be used.
Page 74: Using The Trivial File Transfer Protocol
The Model 5390 server initially tries to open a ﬁle using erpcd (except when using the self-boot option). If erpcd fails or times out, the Model 5390 server tries to open a file using tftp. If the tftp request fails or times out, the Model 5390 server retries opening the file using erpcd. This cycle continues until the Model 5390 server succeeds in opening the file or until it reaches a maximum try count (currently 8 cycles).
Page 75: Using Name Servers
IEN-116 server. Both of these name server protocols are available in the UNIX environment. You can use one or both on the network, and the Model 5390 server allows you to specify the preferred protocol. If you choose not to use either protocol, you can conﬁgure the Model 5390 server to build the host table by listening to RWHO broadcasts.
Page 76: Domain Name System
A number of DNS servers are available and the Model 5390 server can support them all. One typical DNS server is the Berkeley Internet Name Domain (BIND) server. The BIND server is a standard part of 4.3BSD (for more details, refer to the 4.3BSD documentation).
Page 77: Setting Configuration Parameters
Broadcasting for a Name Server By default, the Model 5390 server does not broadcast for a name server if the preferred name servers do not respond. However, you can conﬁgure the Model 5390 server to broadcast requests for a name server by setting the nameserver_broadcast parameter to Y.
Page 78: Using The Rwho Protocol
Managing the Size of the Host Table When the host table acquires a new entry after it is full, the Model 5390 server deletes the oldest, least-used entry to make room for the new one. The Model 5390 server’s use of the host table is erratic if the table size is too small.
Page 79: Minimum Uniqueness
Using Event Logging The Model 5390 server can log events to a 4.3BSD system log daemon (syslogd) or to a serial port on the Model 5390 server. The Model 5390 server may be able to log events to a 4.2BSD system using the syslog daemon or to a System V if it has system logging similar to 4.3BSD syslogging.
Page 80: Table A2-2. Priority Levels For The Syslog_Mask Parameter
• The syslog_port parameter deﬁnes the port to which syslog messages are sent. The options are 0 through the Model 5390 port count. The default, 0, causes the Model 5390 server to log messages over the network. • The syslog_facility parameter deﬁnes the facility used in the syslog messages (speciﬁed as log_localn where n is a number from 0 through 7).
Page 81: Using The Time Server
The Model 5390 server does not reset its time by more than 10 minutes based on an answer to a broadcast request. If the time returned to the broadcast query was greater than 10 minutes from the Model 5390 server’s current time, the Model 5390 server only resets its time by a maximum of 10...
Page 82 GMT, its value is 300 minutes; since Paris is one hour east of GMT, its value is –60 minutes. The daylight_savings parameter defines the daylight savings time to which your geographic area adheres. The Model 5390 server uses this parameter to adjust the time display for daylight savings time. Valid arguments include: us, australian, british, canadian, east_european, mid_european, west_european, or none.
Page 83: Customizing The Model 5390 Environment
The Model 5390 server displays a prompt when a user accesses the CLI. The cli_prompt parameter allows you to customize the Model 5390 prompt. You can also customize the prompt for each serial port using the prompt port parameter (see cli_prompt on page C2-17 and prompt on page C2-51).
Page 84 The location deﬁned for the port; if none, the string port nn, where nn is the number of the serial line. The Model 5390 name or Internet address, such as 132.245.6.40. The port number or number for the virtual CLI connection in the form of vn, where n is the number of virtual CLI connection.
Page 85: Setting A Limit On Virtual Cli Connections
Setting a Limit on Virtual CLI Connections The number of virtual CLI connections at the Model 5390 server can affect the use of memory, as each virtual CLI connection uses memory. The max_vcli parameter determines the maximum number of virtual CLI connections the Model 5390 server can create at any one time.
Page 86: Setting The Motd File
The default ﬁle name is motd. The motd_file parameter allows you to specify another name for this file. The Model 5390 server reads this host file each time it is booted, and when the na or admin command reset annex motd is issued.
Page 87: Using The Terminal Server Tty (Tstty)
One module runs in the Model 5390 server and one module runs in the host. A protocol links the two modules together. When a host wants to talk to a device attached to a port that is in slave or adaptive mode, it must ﬁrst establish a connection by connecting to the appropriate TCP port on the Model...
Page 88: Configuring Ipx
The Model 5390 server can display, and connect to, currently available LAT services. Initially, all LAT functions in the Model 5390 server are disabled as this feature is optional. To enable the LAT functions, the network administrator must enter the correct lat_key parameter value and reboot the Model 5390 server (see Configuring Hosts and Servers starting on page A14-1 for more details).
Page 89: Using The Na Utility
Chapter A3 Conﬁguring Ports The Model 5390 server connects terminals, printers, modems, PCs, and hosts lacking a network interface to a serial line port. The Model 5390 server supports several protocols that connect remote nodes to a network. Conﬁguring Ports The port parameters you must set are based on the device you are attaching to the port.
Page 90: Table A3-1. Keywords For The Show [Port | Asynchronous]
132.245.6.40,hobbes password: Specify one port or specify multiple ports: command: port 1 port 1–10 NOTE: You can skip Step 2 by specifying the Model 5390 server with an @ following the port number(s). command: port 1@132.245.6.40 or port 1–10@132.245.6.40 A3-2...
Page 91 Execute either the boot or reset port command to effect these changes at the Model 5390 server. command: res 8 Conﬁguring multiple ports on multiple Model 5390 servers requires a few simple steps: Deﬁne a port using the port command. Deﬁne the parameters for that port.
Page 92 Conﬁguring Ports Use the copy port command to copy the parameters to other Model 5390 ports. The following example copies the parameter settings from port 1 on one Model 5390 server to several ports on another Model 5390 server: command: annex 132.245.6.40...
Page 93: Port Mode
Conﬁguring Ports Port Mode The Model 5390 port can be opened from a device attached to the port or from the network requesting attachment to a device. The port mode, speciﬁed by the mode parameter, dictates the direction from which the port can be opened. The port mode options are adaptive, arap, auto_adapt, auto_detect, cli, connect, dedicated, ipx, ndp, ppp, rlogin, slave, slip, telnet, tn3270, and unused.
Page 94: Port Security
A9-1. Port Security The Model 5390 server provides a security system that allows you to conﬁgure security on a per-port basis. You can use host-based security, local password protection, or a combination of the two (see Using Model 5390 Security starting on page A15-1 for more details).
Page 95: Validating Cli Connections
If the port password is used as a backup to the host-based CLI security, and the security server is unavailable, the Model 5390 server displays a status message when a user tries to access a port: Checking authorization, Please wait...
Page 96: Connection Security
The acp_restrict file lists those hosts and networks to which access from the specified Model 5390 server is restricted. When a user requests a connection to a host, the Model 5390 server verifies the ability to connect to that host (or network). If the host is listed as restricted, access to that host is denied for any port on which connect security is enabled.
Page 97: Cli Ports
If you deﬁne a terminal type, it must be one that is valid for the host to which the user is connecting. The Model 5390 server uses this parameter internally for the edit command only (see edit on page C3-20 for more details).
Page 98 To use EIA/hardware ﬂow control (RTS/CTS), set the control_lines parameter to ﬂow_control, and the input_ﬂow_control and output_ﬂow_control parameters to eia. The Model 5390 server asserts RTS when it is ready to receive data, and checks the CTS input before transmitting data.
Page 99: Dedicated Ports
Dedicated Ports The Model 5390 server allows four forms of dedicated ports for use with terminals and modems. To set a dedicated port: • Set the serial line port parameter mode to telnet, tn3270, rlogin, or connect for ports using the telnet, tn3270, rlogin, or LAT protocols, respectively.
Page 100 To use EIA/hardware ﬂow control (RTS/CTS), set the control_lines parameter to ﬂow_control or both, and the input_ﬂow_control and output_ﬂow_control parameters to eia. The Model 5390 server asserts RTS when it is ready to receive data, and checks the CTS input before transmitting data.
Page 101: Slave Ports
To use EIA/hardware ﬂow control (RTS/CTS), set the control_lines parameter to ﬂow_control, and the input_ﬂow_control and output_ﬂow_control parameters to eia. The Model 5390 server asserts RTS when it is ready to receive data, and checks the CTS input before transmitting data.
Page 102: Data Buffering On A Slave Port
LAT access to the port. After establishing a telnet connection to a port, the Model 5390 server prompts Display the history buffer? only if buffered data exists. You can flush the buffer either by issuing a telnet send ao command or by resetting the port via na or admin.
Page 103: Host-Based Applications To Access A Terminal
# rtelnet -bmr 5390_02 3 /dev/ttyDB You can specify the Model 5390 server by either its Internet address or its name. If you use the name, make sure that it is listed in the name server database and that the name server is started before the rtelnet command.
Page 104 Add the rtelnet command to the appropriate /etc/rc so that the special ﬁle is created when the system is booted. Conﬁguring Ports for Hosts The Model 5390 server provides a front-end service to a host that does not have a network interface. Attach the host’s serial ports to the Model 5390 ports. •...
Page 105 To use EIA/hardware ﬂow control (RTS/CTS), set the control_lines parameter to ﬂow_control, and the input_ﬂow_control and output_ﬂow_control parameters to eia. The Model 5390 server asserts RTS when it is ready to receive data, and checks the CTS input before transmitting data.
Page 106 Conﬁguring Ports A3-18 893-741-B...
Page 107: The Port Server And Rotaries
Chapter A4 The Port Server and Rotaries As a port server, the Model 5390 server accepts connection requests from users, hosts, and applications on the network (see Figure A4-1). You can connect to the Model 5390 server in several ways: •...
Page 108: The Port Server
Applications connecting to the Model 5390 server access only a single port. A rotary is a set of Model 5390 ports grouped together so that they can be addressed by users, and managed by the Model 5390 server, as a single entity. When a user requests a rotary, the port server attaches the user to the ﬁrst available port.
Page 109: Camp-On
This feature is called camp-on. If the user chooses to wait, the Model 5390 server puts the request in a ﬁrst-come, ﬁrst-served queue and notiﬁes the user when a port is free.
Page 110 Model 5390 server notifies the user when the connection is complete. In the next example, the user ﬁrst presses the attention character to return to the Model 5390 prompt, then issues the CLI bg command to place the telnet request using camp-on into the background, and then issues the fg command to return to the HostB session.
Page 111: Defining Tcp Port Numbers
A14-3). Deﬁning TCP Port Numbers telnet and rlogin can include a TCP port number in the connection request. The Model 5390 server recognizes the following ranges of TCP port numbers for telnet and rlogin connections: 5000, 6000, and 7000.
Page 112: Virtual Cli Connections
Virtual CLI Connections The Model 5390 server can access the CLI from anywhere on the network through the port server. It creates a virtual CLI connection for the user when either a CLI is requested at the port server prompt or the TCP port number 5000 is included in the telnet command.
Page 113: Security For The Port Server
The Model 5390 server creates a new virtual CLI connection for each request it receives. You can limit the number of virtual CLI connections the Model 5390 server creates using the max_vcli Model 5390 parameter. The only other limit on the number of virtual CLI connections created is system resources.
Page 114: Security For Virtual Cli Connections
NOTE: The port parameter port_password is applicable to both CLI and port server connections. Security for Virtual CLI Connections The Model 5390 server establishes security for virtual CLI (VCLI) connections using host-based security, local password protection, or both. Host-based security validates the user name and user password.
Page 115: Rotaries
Rotaries A rotary is a group of serial ports that the Model 5390 server manages as a single entity. The network administrator can customize the behavior and use of rotaries by deﬁning rotary entries in the Model 5390 configuration file. The Model 5390 server extracts its assigned rotary definitions from this file.
Page 116: Configuring Rotaries
Conﬁguring port selection. Deﬁning Multiple Rotaries with One Entry You can include more than one Model 5390 server in a single ﬁle entry in the rotary section of the Model 5390 server configuration file by separating the ports@locations field with semicolons. The following entry defines a rotary named modems that resides on two different Model 5390 servers.
Page 117: Assigning Auxiliary Rotaries Internet Addresses
Trying... Connected to 5390_01. Rotaries Defined: modems 1,4,7,13–16 Enter Annex port name or number: When the user accesses the Model 5390 server at 132.245.6.15, the port server displays: % telnet 132.245.6.15 Trying... Connected to 132.245.6.15. Escape character is "^]". Rotaries Defined:...
Page 118 With the DNS server, the Telnet request attempts to connect to the ﬁrst IP address returned by the nameserver. If that connection is unsuccessful, it moves on to the next connection, and so on until a connection is available. Using the following example, one entry deﬁnes rotaries on two Model 5390 servers: modems: direct_camp_on=never\ 1,3,8,11@5390_01+132.245.6.90;\ 6-8@5390_05+132.245.6.91...
Page 119: Assigning Rotaries Tcp Port Numbers
The last three digits of the port number are arbitrary; but the TCP port numbers must be unique for each Model 5390 server. NOTE: A special version of rlogin, one that accepts TCP port numbers, is needed to use TCP port numbers with rlogin.
Page 120 5390 primary Internet address. An invisible rotary prevents users from seeing the name if they use telnet or rlogin to connect to the Model 5390 server and further hides details of the connection. Only rotaries that can be accessed via an auxiliary Internet address or a TCP port in the 6000 range can be deﬁned as invisible.
Page 121: Configuring Rotaries
The setting direct_camp_on=never is the default for raw rotaries; ask cannot be used. Following is an example of a raw rotary consisting of ports 1, 2, 3, and 8 on the Model 5390 server whose Internet address is 132.245.6.32. The rotary is accessed through TCP port 6300: strip-record: protocol=raw direct_camp_on=always\ 1-3,8@132.245.6.32/6300...
Page 122 The Port Server and Rotaries protocol=binary The setting protocol=binary configures a binary rotary. In this configuration, the Model 5390 server negotiates with the host to operate in telnet binary mode in both directions: strip-record: protocol=binary direct_camp_on=never 1-3,12@132.245.6.30 Conﬁguring Port Selection...
Page 123 The Port Server and Rotaries modems: select=next 1-5@5390_01 % telnet modems Trying... Connected to 5390_01. Escape character is "^]". Attached to port 1. telnet> quit % telnet modems Trying... Connected to 5390_01. Escape character is "^]". Attached to port 2. 893-741-B A4-17...
Page 124: How Tstty Interacts With Model 5390 Port Parameters
One module runs in the Model 5390 server and one module runs in the host. A protocol links the two modules together. When a host wants to talk to a device attached to a port that is in slave or adaptive mode, it must ﬁrst establish a connection by connecting to the appropriate TCP port on the Model...
Page 125 ISTRIP When set, input characters are stripped to 7 bits, otherwise all 8 bits are passed on. NLDLY/ The speciﬁed delay is done on the Model 5390 CRDLY/ server by waiting for all output to be sent, then TABDLY/ starting the delay. Note: TAB3 is not a delay, and BSDLY/ will cause host action.
Page 126 POSIX termios Field Deﬁnitions for TSTTY (continued) Description CBAUD The given baud rate is used to set the Model 5390 port baud rate. If the setting is read from the Model 5390 server and there is no equivalent POSIX speed, B50 is returned. Note that split baud rates are not supported.
Page 127: Naming The Tstty Devices
/dev/tstty/daemon. The names of the devices used to communicate with the Model 5390 ports are all numbered, starting from 0 and incrementing up to the total number of conﬁgured devices. Table A4-2 lists the systems and their corresponding device names.
Page 128: Transport Multiplexing Protocol (Tmux)
A4-22). TCP port 9000 connects to the port server on the Model 5390 server. Use this port to select a port or rotary by name, or to connect to a virtual CLI. If a rotary is selected by name, it must ﬁrst be deﬁned as a TSTTY rotary (for more details, see Deﬁning TCP Port Numbers on page A4-22).
Page 129: Figure A4-2. How Tmux Works
The Port Server and Rotaries rlogin, and TSTTY connections from the Model 5390 server to a host system into a single IP network packet. Since the system load is determined per packet, not per byte, multiplexing this single packet from one system to another signiﬁcantly reduces the host overhead (see Figure A4-2).
Page 130 The Port Server and Rotaries Host Figure A4-4. TMux Block Diagram A4-24 Shell Shell Shell Shell Shell Ethernet User User Shell Shell Shell Model 5390 6586 893-741-B...
Page 131: Printer Cables
(the location is printer-speciﬁc) should be connected to the CTS signal on the Model 5390 server: this is pin 4 on a terminal cable and pin 5 on a modem cable. For serial cable wiring diagrams, refer to Installing the Model 5390 Communication Server.
Page 132: Using Aprint As A Direct Command
1) as a direct command, or 2) as part of an output filter of a BSD spooling system. Using aprint as a Direct Command When using aprint as a direct command, specify the Model 5390 server and port using the –A, –p, and –L arguments (Configuring Ports on page A3-1 describes the arguments for aprint).
Page 133: Integrating Aprint With The Lpd Spooler
After deﬁning a ﬁlter, compile and link the filt.c program to a name that specifies the Model 5390 port to which the output should go. For example, to send output to port 15 on the Model 5390 server called 5390_01, filt.c should be linked to annex01.15. The filt.c program looks like this:...
Page 134: Running A Shell Script Filter
Printers #include <stdio.h> #define SEPARATOR’.’ #define APRINT”/usr/annex/aprint” * If you have a filter end string with | #define FILTER”” main(argc,argv) int argc ; char *argv[] ; charannex[20]; charport[20]; charline[120]; char*p; char*basename; intlength; basename = (char *)strrchr(argv[0],’/’); if(basename == (char *)NULL) { basename = argv[0];...
Page 135: Editing The /Etc/Printcap File
#!/bin/sh sed 's/$/^M/' | /usr/annex/aprint -A5390_01 -L15 NOTE: The line #!/bin/sh is critical because it allows the UNIX kernel to execute this shell as a Bourne shell script. Editing the /etc/printcap File If the ﬁlter program annex01.15 is in the directory /usr/annex, create an entry in /etc/printcap that looks like this: annexprt|ap|Annex printer:\ :lp=/dev/null:sd=/usr/spool/annexprt:\...
Page 136: Integrating Rtelnet With The Lpd Spooler
Create a special ﬁle using rtelnet. This example creates a device that allows a printer on port 16 of the Model 5390 server called 5390_02 . The –b argument is included because the printer uses binary data which may be scrambled by Telnet’s carriage return/line feed conventions.
Page 137: Integrating Aprint Into The Lp Spooler
Printing from a System V Host The aprint utility sends files directly to the Model 5390 printer connected to the serial port. The aprint utility can be used in one of two ways: 1) as a direct command (see Using aprint as a Direct Command on page A5-2) and 2) as part of an output filter of a System V lp spooling system.
Page 138: Sample System V Interface File For Aprint
Printers Using aprint with an Interface File When an interface ﬁle is used with aprint, that file is almost identical to the standard interface file for a System V printer except that all output destined for the printer is piped into a single instance of aprint.
Page 139 # lp interface for line printers # SCCS @(#) lp 1.2 #Change the next two lines to direct output to the correct place. #ANNEXLINE is port number to use, 0=serial printer ANNEX=5390_01 ANNEXLINE=1 #Change this line if your Annex software is installed in a #different directory PATH=$PATH: /usr/annex export PATH...
Page 140: Integrating Rtelnet With The Lp Spooler
Integrating rtelnet with the lp Spooler A host can access a printer attached to the Model 5390 server through a character special ﬁle created using the rtelnet utility. The following example is for a DQP-10 printer using the dqp10 model interface;...
Page 141 # rtelnet –Pbr 5390_01 s901 /dev/s_pdev This command creates the character special ﬁle /dev/s_pdev and creates an rtelnet connection between the associated pty device and port 12 on the Model 5390 server called 5390_01 . Deﬁne a new printer using the lpadmin command: # lpadmin –ps_printer –v/dev/s_pdev –mdqp10...
Page 142 Printers A5-12 893-741-B...
Page 143: Modem Signals
NOTE: A label on the Model 5390 server speciﬁes the MLB and SEB numbers. The Model 5390 server has three input and two output signals. The use of these signals is determined by the port parameters control_lines, input_flow_control, output_flow_control, and need_dsr.
Page 144 To use modem control (DTR/DCD/DSR), set the control_lines parameter to modem_control. The Model 5390 server asserts DTR when the port is ready for use. It then waits for DCD and DSR to be asserted before opening the session. After opening the session, any drop of DCD that lasts more than 400 milliseconds, or any drop of DSR, causes a port reset.
Page 145: Outbound Modems
• When using a modem connected to a slave port, if the need_dsr parameter is enabled, the connection fails if no DSR signal is present; if need_dsr is disabled, the Model 5390 server accepts the connection. •...
Page 146: Inbound Modems
Model 5390 conﬁguration ﬁle. • Setting the type parameter to dial_in registers the user with the who database as soon as the CLI process attaches to the line. For dedicated ports, the Model 5390 server continuously retries the connection, regardless of errors. •...
Page 147: Bidirectional Modems
Break key by signaling the Model 5390 server to suspend the session with the host and return to the CLI prompt. However, set attn_string to off when using ﬁle transfer programs (uucp, kermit, xmodem);...
Page 148 Break key by signaling the Model 5390 server to suspend the session with the host and return to the CLI prompt. However, set attn_string to off when using ﬁle transfer programs (uucp, kermit, xmodem);...
Page 149: Setting Up Applications
The following subsections provide set-up procedures that allow applications to access the Model 5390 port to which a modem is attached. These procedures use the rtelnet utility (see rtelnet on page C4-8 for more details). All ports to which rtelnet attaches must be in adaptive or auto_adapt mode.
Page 150 # rtelnet –fmr 5390_02 13 /dev/modem In this example, the –f argument instructs the Model 5390 server to release the port when the device is no longer using it, thus releasing the port for use as a CLI. The –m argument instructs the Model 5390 server to momentarily drop the network connection to the Model 5390 port when the pseudo device is closed;...
Page 151: Getty
NOTE: If the system uses a name server to translate host names to Inter- net addresses and you use the Model 5390 name in the rtelnet command, make sure that the Model 5390 server is listed in the name server data- base and that the name server is started before the rtelnet command.
Page 152 Modems A6-10 893-741-B...
Page 153: Compressed Slip
PC becomes a node on the network. For a remote PC, you can conﬁgure a port as both a SLIP link and an incoming modem. Then, a user at a remote PC can dial into the Model 5390 server and convert the port from an incoming modem to a SLIP link using the CLI slip command.
Page 154: Connecting Two Networks Together
Serial Line Internet Protocol (SLIP) You can choose either a conﬁguration that uses compressed SLIP always, or one that uses compressed SLIP only when the remote end sends compressed SLIP packets. The Model 5390 implementation of CSLIP offers four options: •...
Page 155: Figure A7-1
The following ﬁgures illustrate Class B subnetted networks. Figure A7-1 illustrates a network with a separate subnet address. In this example, the SLIP link is assigned a separate network address of 132.254.99.0 and a subnet mask of 255.2555.255.0; the link is then treated like any other physical network.
Page 156: Figure A7-2. Slip Link With Two Ip Addresses
Serial Line Internet Protocol (SLIP) If you are conserving network numbers, you may prefer the conﬁguration depicted in Figure A7-2. Using this option, the IP addresses assigned to the end points of the SLIP link are the hosts’ primary network IP addresses. Figure A7-2.
Page 157: Connecting A Single Host With A Slip Link
Connecting a Single Host with a SLIP Link In Figure A7-3, a single PC connected to the Model 5390 server through a SLIP link appears to the network as an attached host. Assign that PC a unique network host address.
Page 158: Connecting A Remote Host
Serial Line Internet Protocol (SLIP) Connecting a Remote Host In Figure A7-4, a remote host connected to the Model 5390 server through a SLIP link appears as a local Model 5390 server to the network. Assign the remote Model 5390 server a unique network host address.
Page 159: Setting Slip Port Parameters
The metric parameter deﬁnes the cost of getting to the remote end of the SLIP link (in relation to the cost of using other Model 5390 interfaces). This is referred to as the hop count. You may want to increase this number if the Model 5390 server has a preferred (for example, faster) route to the remote host.
Page 160 Model 5390 server automatically dumps to the host speciﬁed in the slip_load_dump_host parameter. On a 9600 baud line, a dump of a one MB Model 5390 server can take about ten minutes. To download the operational code, but prevent dumps: Downloading Operational Code without Dumping •...
Page 161 If you set the mode to cli mode, adaptive, auto_detect, or auto_adapt, you may have to press Return at the time you are connected. This puts you in cli mode. You must then issue the CLI slip command to convert the port to slip mode. The Model 5390 server does not detect SLIP.
Page 162 Routes that cannot be reached until the dial-in SLIP connection is activated are saved in the Model 5390 server at boot time and activated when the SLIP line is activated. When the SLIP connection is terminated, these routes become inactive.
Page 163 NOTE: SLIP is an 8-bit protocol. If data_bits is set to 7, and parity is not set to none, the Model 5390 server forces the data_bits setting to 8 and the parity setting to none. Otherwise, the Model 5390 server gener- ates an error message for the port.
Page 164 Each virtual dial-out route must be conﬁgured within the Model 5390 conﬁguration ﬁle to start the SLIP line (for more details, see Dial-out Routes on page A14-42). NOTE: Dial-out routes are deﬁned in the Model 5390 conﬁguration ﬁle.
Page 165: Routing Across A Slip Link (Basic Passive Rip)
This means that the Model 5390 server with a SLIP interface forwards packets addressed to the host at the remote end of the connection, but does not inform other hosts, routers, or Model 5390 servers that it has this capability. Other hosts and routers on the same network must be told about the route before they can use it.
Page 166: Extending A Single Host Onto The Network
Serial Line Internet Protocol (SLIP) To make Model 5390 servers aware of a route using a SLIP link, create a gateway entry in the Model 5390 configuration file (see Creating gateway Entries in the Configuration File on page A14-8 for more details).
Page 167: Bootp Requests
Typically, a Proxy-ARP is used when the Model 5390 SLIP link is to a single device, that is, both the device and the Model 5390 server use the same Internet network address. No other routing information is required with this conﬁguration (see arp on page C3-12 for more information on manipulating the ARP cache).
Page 168 Serial Line Internet Protocol (SLIP) A7-16 893-741-B...
Page 169 For a remote PC with a PPP client that supports scripting, you can conﬁgure a port in CLI mode. Then, a user at a remote PC can dial into the Model 5390 server using a modem and convert the port from a CLI to a PPP link using the CLI ppp command.
Page 170 X-terminals. When the port is reset, it reverts to its original mode: cli, adaptive, auto_detect, or auto_adapt. After you enter the command, the Model 5390 server displays: switching to PPP, starting LCP negotiations. Although the ppp command is a user-level command, it is not displayed by the help command.
Page 171: Using The Cli Netstat Command
If the keys match, the corresponding dial-up addresses are returned to the caller on the Model 5390 server (PPP link). If no match is found, the request is denied. You can specify the Model 5390 server by name, Internet address, or wild card (*). The wild card means that any incoming address request with that user name will match.
Page 172: Route Cache
Route Cache The route cache is a list of routing entries stored by the Model 5390 server. When the Model 5390 server boots, the route cache is created from the annex...end and subnet...end blocks in the gateway section of the conﬁguration ﬁle (see Creating gateway Entries in the Conﬁguration File on page...
Page 173: Setting Port Parameters For A Ppp Interface
Model 5390 server. The Model 5390 server examines once and discards routes outside the annex...end blocks if the destination is not a directly connected network or link. Setting Port Parameters for a PPP Interface This section describes how to set port parameters for different PPP conﬁgurations (for more information on Model 5390 conﬁguration parameters, see Conﬁguration Parameters starting on...
Page 174 • Set the ppp_security_protocol parameter to pap (password authentication protocol). • Set the allow_compression parameter to Y if you want the Model 5390 server to accept compressed packets. • Enter the routing information into the gateway section of the conﬁguration ﬁle. For example: %gateway # PPP link to the 132.254.5.0 net...
Page 175: Figure A8-2
Routes that cannot be reached until the dial-in PPP connection is activated are saved in the Model 5390 server at boot time and activated when the PPP line is activated. When the PPP connection is terminated, these routes become inactive.
Page 176 Set the remote_address parameter to zero. • Set the dialup_addresses parameter to Y so that the Model 5390 server requests the end point addresses, based on the user’s login, from ACP. The dialup_addresses parameter overrides both the local_address and remote_address parameters.
Page 177: Figure A8-3
For example, referring to Figure A8-3, user green dials in from home to the Model 5390 server. After passing CLI security, green issues the ppp command. The Model 5390 server PPP asks the security server (132.254.5.10) for green’s address. Then the Model 5390 server negotiates with green’s PC for this address and opens the link.
Page 178 • Set the ppp_security_protocol parameter to pap, pap,chap, or none. • Set the allow_compression parameter to Y if you want the Model 5390 server to accept compressed packets. • Use the supplied defaults for the data_bits (8), stop_bits (1), and parity (none) parameters.
Page 179 Each virtual dial-out route must be conﬁgured within the Model 5390 conﬁguration ﬁle to start the PPP line (for more details, see Dial-out Routes on page A14-42). NOTE: Dial-out routes are deﬁned in the Model 5390 conﬁguration ﬁle.
Page 180: Protocol Stack
NCP negotiation. The LCP establishes and negotiates the data link with the peer system. Next, an optional security phase authenticates the peer. Finally, NCP establishes and negotiates the network details and informs the Model 5390 server that the interface is available. A8-12...
Page 181: Negotiating The Lcp Options
The Model 5390 server requests the ppp_acm parameter as its local mask. If the peer rejects ppp_acm, the Model 5390 server accepts the hint if it is a superset of the Model 5390 mask; otherwise, it uses the PPP default of 0xFFFFFFFF. The Model 5390 server accepts any mask from the peer.
Page 182 Point-to-Point Protocol (PPP) • The value set for ppp_acm (a 32-bit integer) is read in as the ACCM. • If input_ﬂow_control is set to start/stop, the following two additions are made: If input_start_char is 0–31 decimal, the bit indexed by this parameter is set in the ACCM. If input_stop_char is 0–31 decimal, the bit indexed by this parameter is set in the ACCM.
Page 183: Network Control Protocol
PFC from the peer. If rejected, it accepts the PPP default of off. If the peer does not request PFC, the Model 5390 server hints for PFC on. If the peer rejects this hint, the Model 5390 server accepts PFC off.
Page 184 Point-to-Point Protocol (PPP) The Model 5390 server can require the peer to pass a security check before starting NCP. The Model 5390 server negotiates for the security speciﬁed by the ppp_security_protocol parameter. Valid arguments for this parameter are: • pap (password authentication protocol [PAP]).
Page 185: Negotiating The Compression Type
Negotiating the IP Address The Model 5390 server and the peer negotiate the IP address to be used on both sides of the link. Any address sent as zero requests that the peer set the address. Four parameters control the Model 5390 IP address negotiation: dialup_addresses, local_address, remote_address, and enable_security.
Page 186: Bootp Requests
Model 5390 server. • If a diskless client sends a BOOTP request to the Model 5390 server over a PPP line, the Model 5390 server responds with its current local address, remote address, and boot host. For detailed instructions about BOOTP, refer to Installing the Model 5390 Communications Server.
Page 187: Standards-Based Versus Proprietary Ipx
Nodes on Novell network are servers or clients. Servers provide shared access to ﬁles, printers, and specialized peripheral devices on the network. Within this context, the Model 5390 server functions as a communications server, providing shared access to the network by non-Novell as well as Novell nodes.
Page 188: Standards-Based Ipx (Ipx Over Ppp) Features
IP or IPX services as the need arises. (The same link can also be used for AppleTalk over PPP.) To dial into the Model 5390 server via IPXCP, a PC client can be running any operating system that supports IPXCP networking. This includes Windows ‘95, Windows NT, and DOS or Windows running FastLink II version 2.x or higher.
Page 189 Office network Figure A9-1. Sample IPXCP Network Conﬁguration To conﬁgure the Model 5390 server for IPXCP, see Conﬁguring Standards-based IPX (IPXCP) on page A9-7. NOTE: The current Model 5390 implementation of IPXCP does not support dial-out, call-back, or charge-back, except for ACP dial-back on a CLI port.
Page 190: Proprietary Ipx Features
Internetwork Packet Exchange (IPX) Protocol Proprietary IPX Features The proprietary Model 5390 IPX software allows PC clients to perform some or all of the following operations: • Dial into a Novell network from a remote PC and access network resources. A PC client does this using the proprietary FastLink II program described in the FastLink II Client Pack.
Page 191: Recommended Use
If there is no option key value attached to your Model 5390 server, contact your supplier to obtain a key. You will need to specify the Ethernet address of your Model 5390 server; it is taped to the back of the unit.
Page 192 Reboot the Model 5390 server to put the parameter settings into effect: admin: q annex# boot Reconnect to the Model 5390 server and issue the CLI stats –o command to make sure that IPX is Keyed On and that ipx is not listed as a disabled module. A9-6...
Page 193 You can conﬁgure IPXCP dial-in for speciﬁc users and/or for speciﬁc Model 5390 ports. Conﬁguring for speciﬁc users allows you to deny or permit Model 5390 IPXCP dial-in access to a subset of clients. Conﬁguring on a per-port basis limits the Model 5390 ports that can accept dial-in IPXCP packets.
Page 194 The sections that follow describe: • The minimum IPXCP conﬁguration required to establish a connection between the Model 5390 port and an IPXCP client. This conﬁguration uses the default settings for IPXCP and other parameters and does not provide security. •...
Page 195: Figure A9-2
Using PPP Security on page A15-46; IPXCP uses PPP security. Setting up the Model 5390 port for dial-in IPXCP requires that you conﬁgure the port for both an inbound modem and a IPXCP link (see Modems starting on page A6-1 for more details on inbound modems).
Page 196 PPP, ARAP, proprietary IPX and the CLI. (SLIP is not detected.) CAUTION: If you set a port to auto_detect or auto_adapt and you want the Model 5390 server to be secure, conﬁgure the port to use native protocol security for every protocol type the port could detect.
Page 197 Model 5390 server forces the data_bits setting to 8 and the parity setting to none. If this is not possible because data_bits is set to 7 and parity is set to none, the Model 5390 server syslogs an error message for the port.
Page 198 ( smith in the sample conﬁguration). In the annex ﬁeld, enter the IP address or host name of the Model 5390 server the user will be dialing into ( 132.254.5.17 in the sample conﬁguration). Leave the Local address blank (the Model 5390 server uses its own Ethernet address for the node portion of the local address).
Page 199 Model 5390 address, but the Remote address is not of the form network : node , no match is found. In this case, the Model 5390 server uses the values, if any, set for the port parameters ppp_ipx_node and ppp_ipx_network (see page A-14). If network : node is conﬁgured properly in the acp_dialup ﬁle and ppp_ipx_node and...
Page 200 CLI security. The Model 5390 PPP asks the security server (132.254.5.10) for smith’s address. Then the Model 5390 server negotiates with smith’s PC for this address and opens the link. NOTE: If the client PC is running Windows ‘95, the user must change Windows security from SPAP (the default) to PAP or CHAP.
Page 201: Choosing Ipx Port Types
Remember that values in the acp_dialup ﬁle override the ppp_ipx_network and ppp_ipx_node parameters. If the node number is not set in acp_dialup or through the ppp_ipx_node parameter, and no value is suggested by the client, the Model 5390 server uses its own Ethernet address plus one (1).
Page 202: Overview Of Ipx Mode
This network supports two PCs and a ﬁle server in addition to the Model 5390 server. If Model 5390 ports 4 and 11 are set to ipx mode, the two remote workstations, PC3 and PC4, can use FastLink II to log into the Novell network and access its ﬁle server, just as if the PCs were attached to the network directly.
Page 203: Overview Of Auto_Detect And Auto_Adapt Modes
For outgoing packets, the port operates in slave mode (see Slave Ports on page A3-13), which has no meaning in a Novell context. An auto_detect port defaults to cli mode if the Model 5390 server does not detect a particular protocol within 30 seconds. Pressing the Return key immediately upon connecting to an auto_detect port also puts the port in cli mode.
Page 204: Overview Of Ndp Mode
Ports on page A9-21. Dial-out Using the Model 5390 ndp port, Novell client PCs such as the ones shown in Figure A9-5 can access remote services, such as a Bulletin Board System (BBS). In Figure A9-5, PC1 and PC2 can dial out to the host BBS via the modem on 5390_02’s ndp port.
Page 205: Figure A9-5
Figure A9-5. Sample Dial-out Conﬁguration 893-741-B Internetwork Packet Exchange (IPX) Protocol File server1 Novell network 5390_01 System 5000 hub Modems on ndp ports 5390_02 Host BBS System 5000 hub 5173 A9-19...
Page 206: Figure A9-6
Internetwork Packet Exchange (IPX) Protocol Routing Figure A9-6 shows a conﬁguration in which two Model 5390 servers, connected by a phone line, act as asynchronous routers allowing communication between Novell networks 1 and 2. Through this connection, the PCs on Novell Network1 can access the services provided by File server2 (including the printer services), and the PCs on Novell Network2 can access the services provided by File server1.
Page 207 Examples in these sections use the superuser CLI admin command (you can also use the na utility); the default superuser password for the Model 5390 server is its IP address. Conﬁguring ndp-mode Ports Although conﬁguration and management of an ndp port is...
Page 208 Annex administration Remote Annex R10.1, 24 ports admin: set port=4 mode ndp The Model 5390 server ignores any na or admin port parameters you set other than mode. Reset the port: admin: reset 4 Manage the Model 5390 server itself and any non-ndp Model 5390 ports.
Page 209 Set EIA/hardware ﬂow control (RTS/CTS) by setting the control_lines parameter to both, and setting the input_ﬂow_control and output_ﬂow_control parameters to eia. The Model 5390 server asserts RTS when it is ready to receive data and checks the CTS input before transmitting data.
Page 210 Set EIA/hardware ﬂow control (RTS/CTS) by setting the control_lines parameter to both and setting the input_ﬂow_control and output_ﬂow_control parameters to eia. The Model 5390 server asserts RTS when it is ready to receive data and checks the CTS input before transmitting data.
Page 211: Accessing Ip Nodes Via Fastlink Ii
Accessing IP Nodes via FastLink II This section applies to FastLink II versions earlier than 2.x. After establishing an IPX connection between your remote PC and the Model 5390 ipx or auto_detect/auto_adapt port, you can also load an ODI-compliant TCP/IP stack. This allows you, for example, to read UNIX mail and access Netware services within one session on your remote PC.
Page 212: Method 1: Use Dial-Up Addresses
Conﬁguring auto_detect and auto_adapt mode Ports and Modems on page A9-24). In addition, you must conﬁgure the local (Model 5390 server) and remote (PC) IP addresses in one of the following ways, the ﬁrst of which is the recommended method.
Page 213: Method 2: Use Local Address Of Port Number
System Logs The Model 5390 server automatically logs ipx, auto_detect/auto_adapt, ndp, and ppp port events to a 4.3BSD system log daemon (syslogd) or to a serial port on the Model 5390 server. To send log 893-741-B Internetwork Packet Exchange (IPX) Protocol...
Page 214: Ipxcp Interface Statistics
Internetwork Packet Exchange (IPX) Protocol messages to a port, use the Model 5390 parameter syslog_port. For more information on syslogging, see Using Event Logging on page A2-19 and Logging Security Events on page A15-73. NOTE: The Annex DOS Dial-out software also logs ndp port activity.
Page 215: Table A9-1. Fields In (Ncp) Ipxcp Status Display
The Model 5390 server received and answered a conﬁgure request. IPXCP negotiation has completed successfully. The link is in the process of closing. The Model 5390 server has sent a terminate request and is waiting for a terminate ACK. Shows the current values of the negotiated options. The Local: column displays the value suggested by the Model 5390 server.
Page 216: Ipx Interfaces, Memory Buffers, Routes, And Servers
Issuing the netstat -x command displays the number of NICs, RIPs, and of Service Advertising Protocol (SAP) services on the Model 5390 server. NICs indicates the number of active IPX interfaces (including en0) on the Model 5390 server, and RIPs indicates the number of Novell networks the Model 5390 server can reach.
Page 217: Using The Netstat -X Command
Usage: netstat -x -xr [network] -xs [server_name] -xS [server_name] IPX Network Interfaces Issuing the netstat -xi command displays information about the Model 5390 servers currently in use for dial-in or LAN-to-LAN routing. The following is a sample display. Name Network 00001234 2...
Page 218: Ipx Buffer Pools
IPX buffer pools. The Model 5390 server creates these buffer pools when it boots, allotting the appropriate amount of memory for the number of ipx, auto_detect, auto_adapt, ppp, and ndp ports conﬁgured. If you change these port modes, reboot the Model 5390 server so that it can allot the proper amount of buffer memory.
Page 219: Ipx Servers
Interface is the network interface using the route. Issuing the netstat -xr command followed by a network number displays the Model 5390 server route for that network. The following example shows how to display the route for network 42 (you...
Page 220 Internetwork Packet Exchange (IPX) Protocol • The second ﬁeld is the server type, which can be: – File Server – – Print – Archive – Job Queue – NAS SNA Gate(way) – TimeSync VAP – Dynamic SAP – Annex NCS –...
Page 221: Ipx Frame Type And Network Number
Issued with no arguments, the CLI stats command displays various Model 5390 statistics, including the IPX frame type of the Ethernet port and the Model 5390 Netware network number. The following is a sample stats display; IPX information is highlighted:...
Page 222: Ipx Connections
Internetwork Packet Exchange (IPX) Protocol Loading: CPU current/average = 1%/0% rescheds = 0/32 switches = 48/109401 Mbufs: total=5400 free=3273 Serial Ports: Total bytes: rcv’d=24982 Errors: parity=0 framing=0 Memory: total=5242880 avail=3894424 free=2073480 min free=1782488 fails=0 NOTE: If a 0 is displayed for the IPX network number, either the ipx_frame_type parameter was not conﬁgured properly or there is no IPX ﬁle server on the network.
Page 223: Statistics For All Interfaces And For 802.2
Statistics for All Interfaces and for 802.2 Use the CLI command netstat –i to display statistics for current Model 5390 interfaces and for the 802.2 data-link layer. An example follows: annex: netstat –i Name 1500 1500 1536 asy2 asy16 1006...
Page 224 Internetwork Packet Exchange (IPX) Protocol A9-38 893-741-B...
Page 225: Appletalk Remote Access Protocol (Arap)
Model 5390 server. The way to obtain a key depends on the configuration you purchased. Some option key values are physically attached to the bottom of the Model 5390 server.
Page 226 (AppleTalk-speciﬁc Model 5390 Parameters on page A10-3 describes these parameters). The Model 5390 server behaves like an AppleTalk phase II end node. At startup, it listens for an AppleTalk router in the startup network range and begins the process of ﬁnding its address. The Model 5390 server selects as its A_Router the ﬁrst router it detects broadcasting an RTMP Route...
Page 227: Appletalk-Specific Configuration Parameters
AppleTalk-speciﬁc Model 5390 Parameters The AppleTalk-speciﬁc Model 5390 parameters are visible only when the option_key parameter contains the correct key value for the Model 5390 server. These parameters provide some AppleTalk protocol control, limits, and identification. Table A10-1 lists these parameters; the following subsections describe them in detail.
Page 228: Default_Zone_List
This is the address the Model 5390 server tries to acquire at startup. If this address is in use, the Model 5390 server must acquire a new node ID. The node_id is an AppleTalk address in the form net.node.
Page 229: Option_Key
Model 5390 server you purchased. Some option key values are physically attached to the bottom of the Model 5390 server. If the number is there, use it. If not, contact your supplier to obtain an option_key value.
Page 230: Arap_V42Bis
ARA service. When this parameter is enabled and a client requests guest access, the Model 5390 server asks ACP for user name (guest) privileges. A Y enables guest privileges; an N disables guest privileges. The default is N.
Page 231: Mode
The mode parameter sets the type of access for a serial line port; it determines whether access is initiated by a device to the Model 5390 server or from the network through the Model 5390 server to the device.
Page 232: Arap
You can shorten any CLI command or host name to the minimum number of letters that make the name unique. This is referred to as minimum uniqueness. If you do not want the Model 5390 server to interpret a host name using minimum uniqueness, enclose the name in double quotes (""). For example, entering hosts “new”...
Page 233: Table A10-3. Arguments For The Arp Command
The arp command displays and, optionally, modifies the IP-to-hardware address translation table that the Address Resolution Protocol (ARP) uses. Because the Model 5390 server builds the ARP table dynamically, you rarely need to modify it. Table A10-3 lists the arguments for this command.
Page 234: Table A10-4. Appletalk-Related Arguments For The Netstat
The netstat command displays statistics and information that the Model 5390 server has obtained from the network. The command is similar to the UNIX netstat command in format and display, but offers additional options. Table A10-4 describes the arguments for netstat that relate to AppleTalk.
Page 235 Table A10-4. AppleTalk-related Arguments for the netstat Argument Description –s –z Addresses display as either host.port or network.port. The latter displays if a socket’s address does not include a speciﬁc host address. Known host names are displayed; otherwise, the Internet addresses are displayed.
Page 236: Ping
AppleTalk 5390_01# netstat –ia 2 *** ARAP Statistics *** ATALK sent:52 ATALK received:0 ARAP Version 1 MNP received:17683 MNP internal errors:0 MNP retransmit:0 The netstat –z command display looks like this: 5390_01# netstat –z eng lab techpubs market1 market2 ping The CLI superuser ping command elicits an ICMP Echo Response from a specified host.
Page 237: Stats
94 bytes from 10557.31: aep_seq=3. time=5. ms stats The stats command displays Model 5390 statistics. The AppleTalk statistics follow the Default domain field; Table A10-6 describes the AppleTalk fields in the stats display (these fields appear in bold type in the following sample display). For more details on the stats command, see stats on page C3-55.
Page 238: Appletalk Over Ara
The who command displays information about current users on the Model 5390 ports. This command also displays current users on other Model 5390 servers, and on remote hosts, if those hosts have fingerd running for who @host. The command accepts one or more arguments (see who on page C3-93 for more details).The syntax is:...
Page 239: Setting Port Parameters For Appletalk Over Ara
Setting Port Parameters for AppleTalk over ARA Figure A10-1 illustrates the following sample settings. In this conﬁguration, a Macintosh connected to the Model 5390 server through an ARA link appears to the network as an attached node. 12.8 A_Router Figure A10-1. Connecting a Macintosh Using ARA Setting up a port for AppleTalk over ARA requires that you conﬁgure the port for both an inbound...
Page 240: Ara Security
(ACP) security system, and the flexibility to integrate Model 5390 security with existing security for a network-wide system. The following subsections brieﬂy describe Model 5390 security as it relates to ARA. For a detailed description of ACP, host-based security, and the acp_userinfo ﬁle, see Using Model 5390 Security starting on page A15-1.
Page 241: Security Features
File on page A15-16. • guest access The Model 5390 server allows anonymous access to the network. Restrictions can be applied to guests by setting up an ACP guest proﬁle with limitations. For more details, see at_zone on page A15-20.
Page 242: Network-Visible Entity (Nve) Filtering
Every user can have a zone list assigned via remote ACP. If a list is not available via ACP, the Model 5390 server provides all the zones it has learned from the network. If local security is used, use the per Model 5390 parameter default_zone_list.
Page 243: How To Use The Ccl Converter
Model 5390 server. An AppleTalk point-to-point link is conﬁgured, enabled, and disabled using AppleTalk Control Protocol (ATCP). NOTE: The Model 5390 implementation of ATCP currently supports dial-in only. How to use the Converter The Macintosh CCL Converter application converts the CCL modem conﬁguration...
Page 244: Table A10-7. Selecting Security Type
The Model 5390 administrator can conﬁgure the CCL Converter Application to connect to the Model 5390 port mode that is set to arap, auto_adapt, auto_detect, or to cli. Connecting to a CLI port is useful only for networks requiring port passwords or SecureID security. The Model 5390 server host-based (ACP) security is available via arap and auto_detect ports.
Page 245 Model 5390 prompt is the Model 5390 name followed by the port number. Under Customize on the Macintosh, select the CLI Prompt... menu item. A dialog box now appears. In the dialog box, enter the Model 5390 name portion of the Model 5390 prompt, but not the 893-741-B...
Page 246: Running The Application
(because the user will be connecting to different ports) and either click OK or press Return. Make sure the Model 5390 name you enter is enclosed in quotes. After all modiﬁcations are made, the conﬁguration is complete. Go to Running the Application .
Page 247 Using the Model 5390 server as a dial-up server, a remote user can dial into a modem connected to the Model 5390 server and become a directly connected network node; the Model 5390 server is then transparent to the user. The Model 5390 server can also generate a call to the remote server and become a directly connected network node while remaining transparent to the user.
Page 248: Enabling Dynamic Dialing
A dynamic dialing route appears as a normal route to the end user. It has an entry in the route cache and is advertised by the Model 5390 server (if RIP advertising is enabled; see rip_advertise on page C2-53).When a user tries to send trafﬁc to its destination (for example, using telnet), the connection protocol’s process detects this trafﬁc, establishes the phone connection by dialing into a modem,...
Page 249 If the option_key value is not attached to your Model 5390 server, contact your supplier to obtain a key. You will need to specify the Ethernet address of your Model 5390 server; it is taped to the back of the unit.
Page 250 Reconnect to the Model 5390 server and issue the CLI stats -o command to make sure dialout is keyed on. Conﬁgure the modem section of the Model 5390 conﬁguration ﬁle. Table A14-6. on page A14-28 lists the ﬁeld deﬁnitions for modem entries (for more details, see Creating modem Entries in the Conﬁguration File starting on page A14-26).
Page 251 On each Model 5390 server, edit the conﬁguration ﬁle to contain a modem section similar to the following sample entry. If the Model 5390 server boots from a host, the ﬁle resides on the host; for self-boot units, the ﬁle resides on the Model 5390 server.
Page 252 Annex administration Remote Annex 10.1, 24 ports admin: reset annex modem Conﬁgure the dialout section of the Model 5390 conﬁguration ﬁle. Table A14-9. on page A14-37 provides ﬁeld deﬁnitions for the dialout entries. Each entry in the dialout section of the conﬁguration ﬁle deﬁnes a dial-out route. The format...
Page 253 On the terminal connected to each Model 5390 server, issue the CLI superuser modem –a command to verify the modem type and each of the strings deﬁned for the modem. On each Model 5390 server, issue a CLI netstat –r command to verify that there is a route (for example, do2).
Page 254 For more details on Model 5390 conﬁguration parameters, see Conﬁguration Parameters starting on page C2-1. Sample Conﬁgurations for Dynamic Dialing This section illustrates a ﬁnal conﬁguration for two Model 5390 servers conﬁgured for dynamic dial-out routing. Router A’s dialout conﬁguration: %dialout annex 132.245.1.1...
Page 255 mode: auto_adap type: dial_in prompt: "" speed: 115200 data_bits: 8 parity: none allow_broadcast: Y imask_7bits: N ps_history_buffer: 0 tcp_keepalive: 0 dedicated_port: telnet default_session_mode:interactive dedicated_arguments: "" Flow Control and Signal Parameters control_lines: both input_start_char: ^Q output_flow_control: eia output_stop_char: ^S ixany_flow_control: N forward_key: ""...
Page 256 Dial-up Networking mode: auto_adapt type: dial_in prompt: "" speed: 115200 data_bits: 8 parity: none allow_broadcast: Y imask_7bits: N ps_history_buffer: 0 tcp_keepalive: 0 dedicated_port: telnet default_session_mode: interactive dedicated_arguments: "" Flow Control and Signal Parameters control_lines: both input_start_char: ^Q output_flow_control: eia output_stop_char: ^S ixany_flow_control: N forward_key: ""...
Page 257: Displaying Dynamic Dialing Routes In The Routing Table
Displaying Dynamic Dialing Routes in the Routing Table The CLI netstat –r command displays statistics and information about all available routes in the routing table; dynamic dialing routes that do not have a phone connection established appear without a U in the Flags field. A route comprises a destination host or network and the gateway through which data is forwarded.
Page 258 Dial-up Networking A11-12 893-741-B...
Page 259 Routing interfaces. • IP addressing. • Proxy ARP. Knowing how the Model 5390 server implements these features is crucial to using the Model 5390 server effectively as a full router. • Overview of routing conﬁguration parameters. • Enabling, disabling, and conﬁguring passive RIP.
Page 260: Understanding Ip Routing And Rip
Your Model 5390 server is attached to the network and both are operational. • Any hosts you want to reach are attached to the Ethernet or the Model 5390 server and links to them have been proven to work. •...
Page 261: Routing Versus Forwarding
Do not confuse IP routing with IP forwarding. IP forwarding is the process of sending an IP datagram to the next hop on the way to its destination. IP routing is the algorithm that determines the next hop to use. The Model 5390 kernel performs IP forwarding; Model 5390 RIP performs routing. 893-741-B...
Page 262: Choosing Passive Or Active Rip
Instead, you can use passive RIP, conﬁgure static routes where needed, and deﬁne the gateway to other networks as the default route. The Model 5390 server will use the default route if it knows no other route to a given destination.
Page 263: Route Cache And Routing Table
RIP Versions The Model 5390 server supports both RIP version 1 (STD 34, RFC 1058) and RIP version 2 (RFC 1388). RIP 2 is a backward-compatible extension of RIP 1 that expands the amount of information carried in RIP updates and authenticates them using passwords. RIP 2 broadcasts or multicasts updates, depending on whether or not updates are to be sent to RIP 1 as well as RIP 2 systems.
Page 264: How Hosts Learn Routing Information
Unlike routers, hosts do not run routing applications and do not maintain extensive routing tables. Host table entries tend to be restricted to information learned via ICMP messages generated by routers on the network. When the Model 5390 server is acting as a router, it generates messages to provide hosts with the following information: •...
Page 265: Model 5390 Availability – Router Discovery Mechanism
Better First Hops – Redirect Messages If the Model 5390 server determines that there is a better ﬁrst hop than itself for a datagram it has received, it forwards the datagram and sends an ICMP redirect message to the host that originated the datagram.
Page 266: Avoiding Fragmentation – Path Mtu Discovery
Model 5390 server fragments the datagram. If the next hop’s MTU is exceeded by a datagram in which the DF bit speciﬁes not to fragment, the Model 5390 server returns an ICMP Datagram Too Big message to the source host. This message includes the next-hop MTU and indicates that fragmentation was needed and the DF bit was 1.
Page 267: Non-Operational Interfaces
ROM monitor command addr or the inet_addr parameter). Interface Routes For each operational SLIP or PPP link to the Model 5390 server that is not on the same subnet (or network, if subnetting is not used) as the Model 5390 server, the Model 5390 server creates an interface route to the link’s remote destination, with the Model 5390 server as the next hop.
Page 268: Address Classes
Internet Protocol (IP) Routing IP Addressing Assigning appropriate IP addresses and subnet masks to your network and the interfaces of attached nodes is essential for routing to work properly. The following sections explain basic IP addressing, subnetting, and supernetting. An IP address contains four bytes (octets), expressed in decimal, with a period (dot) separating the octets.
Page 269: Figure A12-1
Example of Class C Address Conﬁguration Figure A12-1 shows a conﬁguration using four Class C node addresses: 194.254.230.1 (host01), 194.254.230.2 (the Model 5390 server), 192.254.230.1 (host02), and 191.250.230.55 (the PC). Class C network 194.254.230.0 194.254.230.1 Figure A12-1.
Page 270: Setting The Model 5390 Ip Address
IP services, including SLIP, PPP, and IP routing, will be available (if conﬁgured properly) but no routes will use the Model 5390 Ethernet interface, if one exists. (If there is no Ethernet interface, you must set the subnet mask to all ones.) Obtaining the IP Address via BOOTP and RARP •...
Page 271: Subnetting Using Subnet Masks
Subnetting Using Subnet Masks Every IP address on the Model 5390 interface or on a node connected to the Model 5390 server has a subnet mask associated with it. You can deﬁne the mask yourself or let the Model 5390 server assume the default.
Page 272: Figure A12-2. Subnetting With Passive Rip
Figure A12-2 shows a simple conﬁguration using subnet addressing. Given a network address of 132.254.0.0, you assign a subnet mask of 255.255.255.0 to host01 and to the Model 5390 server. Assigning this mask deﬁnes your network as a subnet whose address is 132.254.1.0 and indicates that the ﬁnal octet of each remote node deﬁnes the host portion of the node’s address.
Page 273: Proxy Arp For Interfaces On The Same Network
The section Interface Routes on page A12-9 explained that when remote nodes connected directly to the Model 5390 server via SLIP or PPP links are not on the same subnet as the Model 5390 server, the Model 5390 server creates routes for them in its routing table, with the Model 5390 server as the next hop.
Page 274: Figure A12-3. Proxy Arp Versus Routing
Internet Protocol (IP) Routing Figure A12-3. In this ﬁgure, the Model 5390 server uses Proxy ARP for the SLIP link on port1 and routing for the PPP link on port8. NOTE: Do not attempt to conﬁgure a static route whose next-hop address is a Proxy ARP interface.
Page 275: Setting The Broadcast Address
On Model 5390 port8, set the port parameters remote_address and subnet_mask to 132.254.9.7 and 255.255.255.0, respectively. Once you have deﬁned the remote end of the link and the subnet mask, the Model 5390 server applies the link’s local (port) subnet_mask to this remote address to determine the route to the remote link.
Page 276: Overview Of Configuration Parameters
Internet Protocol (IP) Routing If you do not specify one of the broadcast addresses listed above, Model 5390 RIP generates a syslog message. It should be noted that the default for broadcast _addr is 0.0.0.0, which Model 5390 RIP routing does not support (because most hosts do not recognize it).
Page 277 To set the annex parameter, use the na or admin command set annex (see set Command on page C1-21). To deﬁne several Model 5390 servers for subsequent set or show annex commands to act on as a group, use the na command annex (see annex Command on page C1-6).
Page 278: Table A12-3. Interface Parameter Settings
Internet Protocol (IP) Routing You can also use SNMP to set and display Model 5390 and interface parameters. The commands vary with SNMP applications. For information on the Model 5390 SNMP implementation, see Simple Network Management Protocol (SNMP) starting on page B2-1.
Page 279: Enabling And Disabling Passive Rip
Enabling and Disabling Passive RIP The Model 5390 parameter routed must be set to Y (the default) to enable any type of routing other than static routes. Use na, admin, or SNMP to make sure the setting has not been changed to N. If...
Page 280 Deﬁning Routes Typically, your ﬁrst conﬁguration task is to deﬁne a default route and/or static routes that you believe the Model 5390 server will not learn. The Model 5390 server provides two ways to do this: • By entering routes in the Model 5390 conﬁguration ﬁle.
Page 281: Entering Routes In The Model 5390 Conﬁguration File
Purpose of a Default Route The Model 5390 server uses its default route when it cannot ﬁnd a route in the routing table for a particular destination. Initially, no default route is deﬁned. If the Model 5390 server receives a default route in a RIP update, it learns and uses it.
Page 282: Figure A12-4
Internet Protocol (IP) Routing Figure A12-4 shows a conﬁguration in which Model 5390 servers and hosts on the local network must communicate with nodes on a remote network. With only passive RIP enabled on the Model 5390 servers, 5390_01 cannot reach network 132.254.2.0, and host01 and the PC cannot reach either network 132.254.2.0 or 132.254.1.0.
Page 283 On each host and Model 5390 server, and on the PC, deﬁne a subnet mask of 255.255.255.0. For a host or PC, the command you use depends on the operating system. For the Model 5390 server, use the Model 5390 parameter subnet_mask. The following is an example using admin:...
Page 284 Repeat the procedure for port 8 on 5390_02. When the PPP link comes up, each Model 5390 server adds the remote address for its PPP port as a network route in the routing table. For example, 5390_01 adds a route for the 132.254.2.0 network, using 132.254.2.2 as the next hop to that network, with a metric of one (1).
Page 285 [–h] dest_IP_addr subnet_mask gateway_address [metric] In the format above: • annex_IP_addr is the address of the Model 5390 server that will use the route. • dest_IP_addr is the destination IP address. Do not attempt to give a Proxy ARP host address here;...
Page 286: Table A12-4. Values For Bits Field With Corresponding Subnet Masks
RIP generates a syslog LOG_WARN message if the Model 5390 subnet mask or a port subnet mask is left unset. • gateway_address is the IP address of the gateway the Model 5390 server will use as the next hop to the destination address. •...
Page 287 Table A12-4. Values for Bits Field with Corresponding Subnet Masks Bits Mask 893-741-B Hex Value 255.255.224.0 FFFFE000 Internet Protocol (IP) Routing Bits Mask Hex Value 255.255.255.252 FFFFFFFC A12-29...
Page 288 Internet Protocol (IP) Routing For each of the valid network classes and subnet bit counts, Table A12-5, Table A12-6, and Table A12-7 show the total number of subnets, and hosts per subnet, A12-30 893-741-B...
Page 289 Internet Protocol (IP) Routing that are possible. 893-741-B A12-31...
Page 290 A12-5. Table Internet Protocol (IP) Routing A12-5. Table Bits Bits A12-32 Subnets Hosts Bits 4,194,302 2,097,150 1,048,574 Subnets Hosts Bits 16,777,214 Subnets Hosts 8,190 2,046 16,382 1,022 32,766 Subnets Hosts 4,094 4,094 893-741-B...
Page 291 A12-5. Table A12-5. Table Bits Bits 893-741-B Internet Protocol (IP) Routing Subnets Hosts Bits 262,142 131,070 65,534 Subnets Hosts Bits 524,286 Subnets Hosts 131,070 262,142 524,286 Subnets Hosts 65,534 A12-33...
Page 292 Internet Protocol (IP) Routing A12-5. Table Bits A12-34 Subnets Hosts Bits 32,766 Subnets Hosts 1,048,574 893-741-B...
Page 293 A12-5. Table Bits 893-741-B Subnets Hosts Bits 1,022 16,382 Internet Protocol (IP) Routing Subnets Hosts 2,097,150 A12-35...
Page 294 Internet Protocol (IP) Routing A12-5. Table Bits A12-36 Subnets Hosts Bits 2,046 8,190 Subnets Hosts 4,194,302 893-741-B...
Page 295: Table A12-6. Class B: Total Available Subnets And Hosts
Table A12-6. Class B: Total Available Subnets and Hosts Bits Table A12-7. Class C: Total Available Subnets and Hosts (with no Bits 893-741-B Subnets Hosts Bits 65,534 16,382 8,190 4,094 2,046 1,022 supernetting) Subnets Hosts Bits Internet Protocol (IP) Routing Subnets Hosts 1,022...
Page 296 You can change this if you want. • The local address for each Model 5390 server is the remote address for the other, for example, 132.254.1.2 is the remote address of the PPP link from the standpoint of 5390_02.
Page 297: Figure A12-5
• It is assumed that the SLIP/PPP interfaces on 5390_03 are the following networks: 148.254.0.0, 149.12.0.0, 150.14.0, 151.13.0, and 152.254.0.0. SLIP/PPP interfaces to remote networks Internet Border router 132.254.1.8 132.254.1.1 Subnetwork 132.254.1.0 Figure A12-5. Sample Network for Static and Default Routes (Passive RIP) 893-741-B 132.254.1.2 PPP link...
Page 298 To conﬁgure static and default routes for the hosts in Figure A12-5, use the methods appropriate for the hosts’ operating systems. To conﬁgure routes for the Model 5390 servers in Figure A12-5, enter the following gateway deﬁnition in the Model 5390 conﬁguration ﬁle. Specify static and default routes as hardwired if you do not want RIP to replace them with routes it learns over the network.
Page 299: Configuration
Entering Subnet Routes You can create subnet...end in the gateway section of conﬁg.annex. This allows you to deﬁne a static or default route for all Model 5390 servers on a given network or subnet. The syntax is as follows: subnet ip_addr The lines enclosed by the subnet...end block are to be used only by Model 5390 servers on the...
Page 300: Entering Routes Using The Route Command
The CLI superuser route command lets you deﬁne static routes during the Model 5390 session, thereby avoiding the need to change the conﬁguration ﬁle and reboot. However, the route remains deﬁned only for the duration of the session. If the Model 5390 server is rebooted, the route disappears.
Page 301 Table A12-8. Arguments for route Command (continued) Argument –F –fF delete expire replace –h default dest mask 893-741-B Description Flushes all hardwired routes from the route cache and routing table. It does not flush interface routes. Flushes all non-interface routes from the routing table and route cache.
Page 302 –h 131.108.3.0 255.255.255.0 131.254.33.2 2 annex# route add –h 131.108.3.0/24 131.254.33.2 2 Both of the preceding examples conﬁgure the Model 5390 server to use the gateway at 131.254.33.2 as the next hop for any host destination whose address is within the range 131.108.3.1 through 131.108.3.254.
Page 303: Accepting Rip 1 And/Or Rip 2 Packets
ﬁle and then deﬁne another one using the superuser CLI route command, you have no way of knowing which route the Model 5390 server will use. Even if a default route is not in the conﬁguration ﬁle, confusion can arise if the Model 5390 server learns of a default route through a RIP update.
Page 304: Authenticating Incoming Rip 2 Updates And Requests
Internet Protocol (IP) Routing To conﬁgure some or all of the Model 5390 interfaces to accept only version 2 packets, use na or admin to set the rip_recv_version parameter to 2 for all Model 5390 interfaces. The following example shows how to conﬁgure the Model 5390 interface:...
Page 305: Enabling And Disabling Active Rip
• The password in the message matches the value of the rip_auth parameter. The Model 5390 server accepts all RIP 2 messages it authenticates, but does not necessarily discard all unauthenticated messages it receives. Table A12-9 shows how the Model 5390 server accepts or discards a RIP message depending on whether or not the Model 5390 server and/or the message are conﬁgured for authentication and...
Page 306 Step 2. If there is no option key value attached to your Model 5390 server, contact your supplier to obtain a key. The Ethernet address of your Model 5390 server is located on a label that is taped to the unit.
Page 307 RaqbDwv8e Note that the option_key value is case-sensitive. Use na, admin, or SNMP to make sure the Model 5390 parameter routed is set to Y. If it is not, set it to Y. For example, at the CLI superuser level, invoke admin, issue the show annex command...
Page 308 (see rip_advertise on page A12-57). To disable both active and passive RIP, set routed to N and reboot the Model 5390 server. You do not need to reset option_key; setting routed to N disables whatever type of RIP is currently running.
Page 309: Advertising Rip 1 And/Or Rip 2 Updates
To deﬁne default and static routes that remain across Model 5390 server boots, enter them in the conﬁg.annex ﬁle (see Deﬁning Routes on page A12-50). You can deﬁne routes anywhere in the conﬁguration ﬁle, but routes not deﬁned in an annex...end or subnet...end block are discarded and not cached if their interfaces are not operational at boot time.
Page 310: Figure A12-6
132.254.55.222, even though they are on different subnets from that of the Model 5390 server. This is because (1) the Model 5390 server has the rip_sub_advertise parameter set to Y, and (2) all nodes have a subnet mask set (correctly) to 255.255.255.0.
Page 311: Using Split Horizon And Poison Reverse
RIP uses a distance-vector algorithm that removes routes from a routing table by aging them and by determining that their destinations are unreachable (more than 15 hops away). To resolve two problems that can occur with distance-vector algorithms, the default Model 5390 implementation of active RIP uses the split horizon and poison reverse mechanisms.
Page 312: Authenticating Outgoing Updates And Requests
If you want the Model 5390 server to advertise itself as a default router over one or more interfaces, set the rip_default_route parameter to an integer between 1 and 15 for the speciﬁc interfaces. This integer speciﬁes the metric the Model 5390 server advertises for itself as a route.
Page 313: Advertising To A Subset Of Routers
Advertising to a Subset of Routers By default, the Model 5390 server sends one update to the broadcast address every 30 seconds so that all routers on the network can receive it. You can restrict updates to only certain routers by specifying them with the Model 5390 parameter rip_routers.
Page 314: Rip_Accept
The Model 5390 option_key parameter enables active RIP, along with ﬁltering and dial-out (also referred to as demand dialing) on all Model 5390 interfaces that are up and running. The syntax is: option_key value Reboot the Model 5390 server to put this parameter setting into effect.
Page 315: Rip_Advertise
Instead of access_spec, you can enter none or all; none speciﬁes that no RIP messages (updates or requests) are accepted over the interface, while all speciﬁes that RIP updates are accepted for all networks. The default is all. The na commands in the following example turn off the acceptance of any RIP messages (updates or requests) over interface asy4: command: interface asy4 command: set interface rip_accept none...
Page 316 NOTE: When interpreting an address in network_list, RIP uses the intrinsic subnet mask derived from the address class, regardless of the port or the Model 5390 subnet_mask parameter setting. Instead of access_spec, you can enter none or all; none speciﬁes that no RIP updates are advertised over the interface, while all speciﬁes that RIP updates are advertised for all network addresses.
Page 317: Rip_Default_Route
The argument metric is any value from 0 through 15, or off. A value of 1 through 15 indicates the hop count to be advertised for the Model 5390 route. A value of 0 or off turns off advertisement of the Model 5390 server as a default router.
Page 318: Rip_Recv_Version
The interface parameter rip_next_hop controls whether or not a route’s next hop is advertised in RIP Version 2 updates. Valid options are never, needed, or always. The default is needed. This parameter has no effect unless the Model 5390 server is running more than one IP routing protocol. rip_recv_version The interface parameter rip_recv_version controls which RIP version the Model 5390 server accepts: 1 indicates that version 1 or higher packets are accepted but the non-RIP-1-speciﬁc data...
Page 319: Rip_Sub_Advertise
The following na command causes RIP to send updates to the routers at the following addresses: 132.254.33.4, 132.254.1.30, and 132.254.2.2. You must then reboot the Model 5390 server. command: set annex rip_routers 132.254.33.4,132.254.1.30,132.254.2.2 Changes will take effect at next annex boot or...
Page 320: Routed
Internet Protocol (IP) Routing The following na command speciﬁes that RIP does not advertise subnet routes over the Model 5390 Ethernet interface. Note that the Model 5390 server must be rebooted to effect the change to en0. admin: set interface=en0 rip_sub_advertise n...
Page 321: Displaying Rip Statistics
Displays the number of triggered updates transmitted over the interface. The Model 5390 server sends triggered updates whenever it changes the hop count of a route. It transmits them immediately, even if it is not yet time for one of the regular update messages to be transmitted.
Page 322: Displaying The Model 5390 Routing Table
Displaying the Model 5390 Routing Table To display the contents of the Model 5390 routing table, use the CLI netstat –r command, as shown in the example that follows. Note that the command displays AppleTalk routes as well as IP routes.
Page 323: Table A12-11. Ip Fields In Netstat -R Display
255.255.255.0. (For more information, see Deﬁning Routes on page A12-50.) If IP Default appears in the Destination ﬁeld, the entry speciﬁes the route the Model 5390 server uses if it can ﬁnd no other route for a destination. If a name appears in the Destination ﬁeld, the entry is for a host route;...
Page 324 Internet Protocol (IP) Routing Table A12-11. IP Fields in netstat -r Display (continued) Field Flags Second ﬂag Usage A12-66 Explanation The following three ﬂags: First ﬂag (Status) The route is valid (up) and in use. The route is valid but the interface is quiescent, i.e., the interface is not up yet or was brought down by expiration of the timer set by the net_inactivity port parameter.
Page 325: Displaying The Route Cache
If you subtract the value in this ﬁeld from the value of Usage, you can determine how long a route has been in the routing table. The interface over which the Model 5390 server can reach the next hop. Deﬁnition An interface route, where x is the interface name and number, for example, asy8.
Page 326: Using The Ping –T (Traceroute) Option
Internet Protocol (IP) Routing The netstat –C command display looks like this: 5390_01# netstat –C Destination default 74.68.67.0 132.245.124.0 Using the ping –t (traceroute) Option The -t option of the superuser ping command traces the path of a packet from the local host to the destination host and back, displaying information about each router in the path.
Page 327: Figure A12-7. Overview Of Ping -T Actions
The traceroute message indicates whether or not the packet was forwarded. If so, the message includes the incremented hop count and information about the interface over which the packet was forwarded. If the packet could not be forwarded, the router discards it, ping –t terminates, and the traceroute message contains zeros in place of interface information.
Page 328: Figure A12-8. Topology For Ping -T Examples
Internet Protocol (IP) Routing Table A12-13. Fields Displayed by the ping -t Option (continued) Field Hops Speed The sample topology shown in Figure A12-8 is assumed by the ping –t examples that follow it. ping -t source Figure A12-8. Topology for ping –t Examples Given the topology in Figure A12-8, the ping –t command displays output such as the following when a traceroute packet passes successfully to the ping –t destination and back.
Page 329 annex# ping –t 132.254.33.4 PING hobbes: 56 data bytes >>> >>> <<< <<< 64 bytes from 132.254.33.4: time=10. ms In the preceding example: line 1 line 2 line 3 line 4 line 5 line 6 line 7 893-741-B line 1 Router Hops Speed (b/s)
Page 330: Troubleshooting
CLI commands for displaying routing information. • Common conﬁguration errors. • What to do if the Model 5390 server is not advertising updates as expected. • What to do if the Model 5390 server is not receiving updates as expected. A12-72...
Page 331: Cli Commands Providing Routing Information
Depending on Proxy ARP When Routing is More Reliable Figure A12-9 shows a subnet conﬁguration in which a PC can dial into one of two Model 5390 servers. Because all nodes are on the same subnet, it is tempting to assume that host01could reach the PC via Proxy ARP.
Page 332 Internet Protocol (IP) Routing Figure A12-9. Conﬁguration in Which Proxy ARP Can Fail A12-74 132.254.5.10 132.254.5.17 5390_01 Series 5000 hub SLIP dial-in links Network 132.254.5.0 132.254.5.18 5390_02 Series 5000 hub 132.254.5.13 893-741-B 5302...
Page 333: Overlapping Subnet/Network Addresses
To make the conﬁguration shown in Figure A12-10 work, redeﬁne the subnet mask for 5390_01 and host01 as 255.255.255.0. This indicates to the Model 5390 server and to host01 that they are on subnet 132.254.5.0, and that, as a result, host02 is on a different subnet and must be reached via a router (5390_02).
Page 334: Non-Contiguous Subnets
Model 5390 server, reserving the other Model 5390 server for PCs and/or hosts on a different subnet. The second solution is to conﬁgure the ports on the Model 5390 servers to use a subnet mask of 0.0.0.0 (the default), which is interpreted as 255.255.255.255, a host subnet mask.
Page 335 Subnetwork 132.254.0.0 Figure A12-11. Non-contiguous Subnets 893-741-B 5390_01 132.254.5.18 System 5000 hub Modem pools 132.254.7.21 Subnet mask 255.255.255.0 for all nodes Internet Protocol (IP) Routing host01 132.254.5.17 5390_02 132.254.5.19 System 5000 hub 132.254.7.22 5304 A12-77...
Page 336: What To Do If The Model 5390 Server Does Not Advertise Updates
If your Model 5390 server is not sending RIP updates as expected, check the following: Is the Model 5390 parameter routed set to Y? See Enabling and Disabling Active RIP on page A12-47. Did you reboot the Model 5390 server after setting routed? Is the Model 5390 parameter option_key set to allow active RIP, and did you reboot the Model 5390 server after setting option_key? Issue the CLI stats –o command to verify...
Page 337: What To Do If The Model 5390 Server Does Not Receive Updates
If your network is divided into subnets, are the IP subnet addresses and subnet masks set correctly for the Model 5390 server and the SLIP and PPP ports? See Subnetting Using Subnet Masks on page A12-13.
Page 338: Other Documentation
Internet Protocol (IP) Routing Is the Model 5390 broadcast address set correctly? See Setting the Broadcast Address on page A12-17. If subnet routes are not being learned, is rip_sub_accept set to Y (the default)? See rip_sub_accept on page A12-61. Is rip_recv_version set correctly for the version(s) of RIP running on your network? See Authenticating Incoming RIP 2 Updates and Requests on page A12-46 and rip_auth on page A12-59.
Page 339 An effective way to provide this kind of protection is to select one Model 5390 server on the internal network to be the network’s chokepoint or ﬁrewall through which all trafﬁc to and from external networks must pass.
Page 340: Enabling Filtering
Filtering Include and Exclude You conﬁgure the Model 5390 ﬁlter to either include or exclude particular types of packets, based on whether or not the packet types match speciﬁed criteria. Including certain types means the ﬁlter does not affect any other packet type; excluding certain types means only other types are affected by the ﬁlter.
Page 341 Step 2. If there is no option key value attached to your Model 5390 server, contact your supplier to obtain a key. You will need to specify the Ethernet address of your Model 5390 server; it is taped to the unit.
Page 342: Accessing The Filter Subcommands
Reboot the Model 5390 server to put the ﬁltering option_key setting into effect: admin: q annex# boot Reconnect to the Model 5390 server and issue the CLI stats -o command to make sure ﬁltering is keyed on. Accessing the Filter Subcommands Once you have enabled ﬁltering, use the CLI superuser ﬁlter command to access the ﬁlter...
Page 343 To return to the superuser CLI from the ﬁlter subsystem, use the ﬁlter subcommand quit: filter: quit annex# You can also issue ﬁlter subcommands directly at the CLI superuser prompt by using the syntax: ﬁlter subcommand The following shows the list subcommand issued from the CLI superuser prompt. When list completes, you return to the CLI superuser prompt.
Page 344: Filter Numbers
Filtering Filter Numbers When you add a ﬁlter, the Model 5390 server assigns it a number that remains associated with it until you delete the ﬁlter. The ﬁlter subcommand list displays this number, and you specify the number when you delete, enable, or disable a ﬁlter (see Filter Lists on page A13-6 for permissible ways to specify ﬁlters)
Page 345: Filter Subcommands
Table A13-2. Sample Commands using the ﬁlter_list Arguments Argument disable 1, 3–7,10 disable –5 disable 3– enable – enable * enable all enable 5– Filter Subcommands This section describes the subcommands in alphabetical order. 893-741-B Description Disables ﬁlters 1, 3, 4, 5, 6, 7, and 10. If any of these numbers represents a deleted ﬁlter or a ﬁlter for an inactive interface, an error message is displayed for that number;...
Page 346: Table A13-3. Arguments For The Add Subcommand
The add subcommand adds new ﬁlter(s) and enables them in both the currently running system and nonvolatile memory; the Model 5390 server need not be rebooted for the added ﬁlters to take effect. Table A13-3 describes the arguments for add. The syntax is: add interface direction scope [family] criteria actions Table A13-3.
Page 347 To add a dynamic dial-out ﬁlter, conﬁgure the %dialout section of the Model 5390 conﬁguration ﬁle; you cannot add the ﬁlter using the ﬁlter command (see Creating dialout Entries in the Conﬁgu- ration File on page A14-37).
Page 348 Filtering Table A13-4. Keywords for add criteria Argument Keyword Value dst_address {ip_addr[/n] | * | -1} dst_port {pnum | sname |* | -1} src_port {pnum | sname | * | -1} src_address {ip_addr[/n] | * | -1} A13-10 Explanation Matches the packet’s destination IP address. To test only the non-host portion of the address, enter /n after the address, where n is the number of bits in the non-host portion of the subnet mask for this address.
Page 349 Table A13-4. Keywords for add criteria Argument (continued) Keyword Value address_pair {ip_addr1[/n] | * | -1} {ip_addr2[/n] | * | -1} (Enter both addresses on the same line; separate them with a space) port_pair {p1 p2| s1 s2 |*|-1} protocol {protonum|protoname} 893-741-B Explanation...
Page 350 Filtering Table A13-5 shows the standard service names and port numbers you can supply for service name and port number values in Table A13-4. Table A13-5. Standard Service Names and Corresponding Port Service Name domain ﬁnger name nntp rlogin route, routed, router rtelnet sftp smtp, mail...
Page 351: Add Subcommand Examples
ﬁltering to prevent hosts on an external network from using those protocols to access ﬁles on your internal network. To do this, select the Model 5390 server to act as a ﬁrewall between the local and external network and create ﬁlters on it to block NFS and TFTP trafﬁc. For example, you could create the following two ﬁlters, which prevent TFTP or NFS packets from crossing Model 5390...
Page 352: Delete
See Filter Lists on page A13-6 for an explanation of the ﬁlter_list argument. NOTE: Dial-out ﬁlters can be deleted but will be reinstalled after a reboot of the Model 5390 server or a reset of the dial-out subsystem. A13-14 893-741-B...
Page 353: Disable
The enable subcommand immediately enables disabled ﬁlters in the currently running system. Otherwise, disabled ﬁlters are not enabled until the Model 5390 server reboots or until the port resets. A ﬁlter can be disabled only by the disable command. The syntax is: enable ﬁlter_list...
Page 354: Help
Filtering The following example enables ﬁlters 2 through 4: annex# filter filter: enable 2–4 filter 2 enabled filter 3 enabled filter 4 enabled help The help subcommand displays information about one or more ﬁlter subcommands. Entering help with no arguments displays information about all of the subcommands. Entering help and the name of a subcommand displays an explanation of that subcommand.
Page 355: Quit
The list subcommand display looks like this: annex# filter filter: list Num Stat In the preceding example, two ﬁlters are displayed. The ﬁrst ﬁlter: • Is enabled. • Applies to the inbound Ethernet interface. • Includes all IP packets coming from or destined for the TCP/UDP NFS port.
Page 356: Usage
Filtering usage The usage subcommand displays the syntax for one or more ﬁlter subcommands. Entering usage with no arguments prints syntaxes for all the subcommands. Entering usage and the name of a subcommand prints the syntax for that subcommand. For more detailed information about one or more subcommands, see help on page A13-16. A13-18 893-741-B...
Page 357: Installing The Ace/Server Software
/etc/hosts file. The 4.3BSD version of the protocol does not impose this restriction. Add the Model 5390 server to the /etc/hosts file on each 4.2BSD host. Add the new entry near the beginning of the file because UNIX software searches this file sequentially.
Page 358: Installing Software Using Bfs
Setting Up the File Server The Model 5390 server can boot via the block ﬁle server (bfs) program using erpcd or via tftp. Installing Software Using bfs Setting up a ﬁle server for a bfs installation involves loading, compiling, and installing Annex source code on the host.
Page 359: Installing Software Using The Tftp Protocol
Installation Notes for Annex 10.1 UNIX). Parsing the Conﬁguration File The conﬁguration ﬁle contains Model 5390 configuration information. It resides on the preferred boot host and is loaded during the Model 5390 booting process. The conﬁguration ﬁle is parsed one line at a time during the booting process. File entries are grouped into sections.
Page 360: Include Statement
ﬁle to incorporate ﬁles from earlier releases. You can deﬁne a ﬁle name for the conﬁguration ﬁle maintained on the load host using the Model 5390 conﬁg_ﬁle parameter. The default is conﬁg.annex. If the Model 5390 server is conﬁgured for self-booting, the conﬁguration ﬁle must reside in the Model 5390 root directory.
Page 361: Setting Up The Configuration File
Setting Up the Conﬁguration File The following sample configuration file defines the gateway entry first. This entry includes a separate file named test.route followed by macro, rotary, dialout, and service entries. The rotary entry includes another file named test.rotary. #The followings are definitions of the gateways entries %gateway net 129.91.0.0 gateway 132.245.1.1 metric 1 hardwired net 129.122.0.0 gateway 132.245.1.1 metric 1 hardwired...
Page 362 Conﬁguring Hosts and Servers MY MENU SCREEN Choices are: bg db_mgr fg hosts jobs and rlogin command: # service entries %service service adm_modem\ identification ‘system administrator modem’\ password anypasswd3453 ports 5\ connections enabled queue disabled service printer\ identification ‘3rd floor laser printers’\ ports 8,11-12\ connections enabled queue enabled # rotary entries...
Page 363 # dial-out route for jupiter %dialout begin_route5 local 192.9.200.233 remote 192.9.200.234 mode slip ports 6@192.9.200.230 phone 2522555 chat chat3 filter out incl proto icmp disc disabled8:00am-6:00pm Mon-Fri advertisey slip_mtu small slip_tos Y rip_horizon split end_route begin_script chat3 send "Slip\r" end_script Another sample conﬁguration ﬁle containing four include statements follows: # The followings are definitions of the gateways entries %gateway...
Page 364: Creating Gateway Entries In The Configuration File
Conﬁguring Hosts and Servers Creating gateway Entries in the Configuration File You can create gateway entries using any text editor. After the Model 5390 server boots, it downloads the information from the preferred load host. If the Model 5390 server does not locate the configuration file, it assumes the file does not exist on the network.
Page 365: Table A14-2. Supported Keywords For Gateway
This is the default route for the Model 5390 server. The IP address of the next gateway the Model 5390 server uses to get to the destination address. The cost of using this route; typically, this is the number of hops from the Model 5390 server to addr2.
Page 366 Sets the default search path. This path should be set after all other search paths are added. The Model 5390 server propagates this path to the top of the search list and removes it from all of the hosts entries.
Page 367: Gateway Extensions
Gateway Extensions The gateway extensions allow you to define lines in the file that refer only to a specific Model 5390 server, or to all Model 5390 servers, or to a specific subnet. The syntax for an extension that includes a specific IP address is: annex ipaddr The syntax for an extension that matches all Model 5390 servers (useful for local ﬁles and to force...
Page 368 Conﬁguring Hosts and Servers subnet ipaddr The lines enclosed by the subnet...end block are to be used only by Model 5390 servers on the subnet or network with the IP address ipaddr. Any routes enclosed by the subnet...end block are cached.
Page 369: Routing Services And Gateway Entries
Another option for maintaining the routing table is to create gateway entries in the conﬁguration ﬁle for the Model 5390 server in which you deﬁne ﬁxed routes to a destination. If you disable RIP, the Model 5390 server relies only on the gateway entries and ICMP redirects.
Page 370 Routes whose next hops are not yet directly reachable are copied to the RIP and kernel routing tables as soon as their next hops become reachable. The latter technique saves the Model 5390 server the trouble of consulting the conﬁguration ﬁle, which is typically not stored on the Model 5390 server, each time a route’s status changes.
Page 371: Disabling Rip
Conﬁguring Hosts and Servers Disabling RIP Another option for maintaining routing tables is to disable RIP on the Model 5390 server by setting the Model 5390 parameter routed to N. This prevents the Model 5390 server from reacting to RIP broadcasts and using alternate routes.
Page 372 A list of any of the above separated by commas. The whole port_set can be followed by an @ and the name or IP address of the Model 5390 server. If you do not specify the Model 5390 server for a port_set, the macro applies to the specified ports...
Page 373: Table A14-3. Supported Keywords For Macro Entries
Model 5390 server that reads macro. The port_set cannot contain any spaces. If a port_set is not defined for a menu or alias, the entry applies to all ports on the Model 5390 server reading the file and all virtual CLI connections.
Page 374: Table A14-4. Statements Permitted In An Alias Expansion
Conﬁguring Hosts and Servers Table A14-3. Supported Keywords for macro Entries (continued) Keyword cmd_list cmd1,cmd2,... NOTE: Aliases listed in a cmd_list must be valid for the same ports as deﬁned with the keyword keyin that deﬁned the alias. Table A14-4. Statements Permitted in an Alias Expansion Statement >...
Page 375: Examples Of Aliases And Menus
The menu expansion defines the menu that is displayed. Each line of the menu expansion is a separate line of the menu. If no lines are defined between the open and close braces, the Model 5390 server creates a generic menu containing a list of the commands that were defined with the cmd_list keyword and their descriptions.
Page 376 Conﬁguring Hosts and Servers # to only those listed on the menu. # This macro file does not affect any other Annex that boots # from this Unix host. # All other ports on the Annex have full access to cli commands. # Note:Replace annex-address with your Annex’s IP address (e.g., 192.9.200.1).
Page 377 # Do hangup from Annex port. This disconnects the Annex port. alias “Exit” keyin “4” 3,v@ annex-address <hangup # This section defines the actual menu. menu |Generic Menu Header| init_cli 3,v@ annex-address keyin “menu” 3,v@ annex-address cmd_list 1,2,3,4 # The “^[[2J” is a control sequence of VT100-type term commands # CTRL-[ followed by “[2J”...
Page 378 Conﬁguring Hosts and Servers The following example uses the same aliases as in the previous example, but does not provide a menu expansion to define the menu display: menu |Annex menu| init_cli 3,v@ annex-address keyin “menu” 3,v@ annex-address cmd_list 1,2,3,4 This entry creates the following menu: Annex Menu : Connect to System1...
Page 379 Enter selection for desired application (1 - 4) : ^M The following sample macro entries automatically connect any user logging in on ports 1–24 of the defined Model 5390 server to the given system-address, without requiring a keystroke; the virtual ports have normal connection options.
Page 380 5390_01# The reset annex macros command instructs the Model 5390 server to reload macro. Thus, you can modify the macro section of the configuration file and load it onto the Model 5390 server without having to reboot. Creating service Entries in the Conﬁguration File The service entries in the configuration file define the LAT services that the Model 5390 server advertises.
Page 381: Table A14-5. Supported Arguments For Service Entries
The next sample service entry defines a service called adm_modem. The identification field provides additional information about the service. This service is attached to Model 5390 port 5; it is password-protected and it is enabled for connection requests. Request queueing is disabled.
Page 382 Each entry in the modem section of the conﬁguration ﬁle describes the characteristics of a modem or an ISDN TA connected to the Model 5390 server. These include the modem type, related AT commands, commands to reset, dial and set up characteristics, and status values returned by the modem.
Page 383 ﬁle. NOTE: Several standard entries for the modem section of the Model 5390 conﬁguration ﬁle are supplied with the software distribution. These entries, deﬁned for use with the conﬁguration ﬁle, are located in the ﬁle /usr/annex/bfs/modems.annex . If the modem you are using is con- tained within this ﬁle, using the include ﬁlename command tells the...
Page 384 This ﬁeld is required. connect_status This string is used only for outbound connections when the Model 5390 server is initiating a call. It contains a list of all possible successful connect messages, separated by commas, that the modem can return. The Model 5390 server accepts up to 80 numeric status words in one or more connect_status deﬁnition lines.
Page 385 (for example, a no dialtone response). This ﬁeld is optional. If the modem sends a connect_abort message, the Model 5390 server exits the dialer with a fail and goes to the next modem, if available. If there is only one modem, the Model 5390 server resets it and retries the dial.
Page 386 Sends a setup command to all slave ports before a port is opened (via telnet, callback, dynamic dial, etc.). This string should contain all of the conﬁguration information required for the Model 5390 server to initiate an outbound call, for example, it should disable auto-answer, enable modem connect messages, etc. If a ready_status is not received from the modem, the dialout is aborted.
Page 387: Modem Settings For Dynamic Dialing And Dial-Back
Managing Modems At the initial system boot, the Model 5390 server initializes the list of modems in the conﬁguration ﬁle. It scans the modem section of the conﬁguration ﬁle looking for the modems that are deﬁned in the Model 5390 port parameter type_of_modem.
Page 388 • Use the highest possible modem-to-modem data rates (with compression). • Remember all of these settings by saving them to the modem’s non-volatile memory. Typically, the Model 5390 port parameters are set as follows: • control_lines: both. • need_dsr: Y (the modem must force DSR true: &S0).
Page 389: Table A14-7. Valid Options For The Location Argument
• 2-12,16,23@132.245.6.5 The Model 5390 server deﬁned in the location argument must be preceded by an at sign (@) and can be specified using either the IP address or a name specified in a name server database. Table A14-7 describes the options for the location argument; Table A14-8 describes the supported keywords.
Page 390 The keyword raw provides a data stream with no character processing; it is intended primarily for program access to the rotary. The keyword binary causes the Model 5390 server to negotiate with the host to operate in telnet binary mode in both directions.
Page 391 Table A14-8. Supported Keywords for the location Argument Keyword The simplest form for a rotary entry is: HostC: 1-4,18-24@5390_04 The following example deﬁnes a rotary called HostC. This rotary uses ports 1 through 4 and ports 18 through 24 on 5390_04. 893-741-B Conﬁguring Hosts and Servers Description...
Page 392 Conﬁguring Hosts and Servers A user accessing the port server on 5390_04 through a telnet command sees: % telnet 5390_04 Trying... Connected to 5390_04. Escape character is ’^]’. Rotaries Defined: HostC 1-4,18-24 Enter Annex port name or number: Minimum uniqueness applies to rotary names; in this case, users can enter HostC, Hos, or H. Users also can connect to HostC by entering the port number(s).
Page 393 Deﬁnition Marks the beginning of a dial-route entry and deﬁnes the route ID (an integer). The IP address or machine name of the interface’s local end point. If this optional ﬁeld is omitted, the Model 5390 address is used. A14-37...
Page 394 Conﬁguring Hosts and Servers Table A14-9. Field Deﬁnitions for dialout Entries (continued) Field remote mode ports phone chat ﬁlter A14-38 Deﬁnition The IP address or machine name of the remote endpoint of the interface. This mandatory ﬁeld must appear once. The serial protocol to be used, for example, SLIP or PPP.
Page 395 CLI dialout command. Dialing into the Model 5390 server with a disabled route can activate the route if the remote address is within the dial-out’s subnet. For this reason, disabling the route is effective for saving telephone costs but not for providing security.
Page 396: Table A14-10.Parameters That Can Be Set Within The Set Field Of The Dialout Entry
The syntax is: set [parameter parameter_value] Any parameters not speciﬁed in the set ﬁeld are determined by the actual nonvolatile memory settings; the Model 5390 server disregards any duplicate valid parameter settings. Table A14-10. on page A14-40 lists the conﬁguration parameters that can be set within this ﬁeld.
Page 397 Table A14-10.Parameters that can be Set Within the set Field of the port_password allow_compression dialup_addresses do_compression local_address metric slip_allow_dump slip_load_dump_host slip_mtu_size ppp_acm ppp_ipx_network ppp_ipx_node ppp_mru rip_accept rip_advertise rip_default_route rip_horizon rip_next_hop 893-741-B Conﬁguring Hosts and Servers dialout Entry (continued) Port Security Parameters user_name Serial Networking Protocol Parameters net_inactivity...
Page 398: Dial-Out Passwords
(the route_id is speciﬁed in the begin_route entry in the dialout section of the conﬁguration ﬁle). You can conﬁgure the Model 5390 server for any number of dial-out routes and the route_ids do not have to be contiguous. The dial-out route interface names can change only after a system reboot or a reset annex dialout command.
Page 399: Chat Scripts
Chat scripts are also helpful when dialing into the Model 5390 server. For example, a chat script can start a SLIP process on the dialed port by having the slip command in the script.
Page 400 Conﬁguring Hosts and Servers Table A14-11. Field Deﬁnitions for Chat Scripts (continued) Field call sleep send expect expect_case timeout end_script String Formatting Extensions Any character can be inserted into the send, expect, and expect_case strings using the backslash (\) character followed by an octal number of no more than three characters. For example, to send a newline character (octal: 12), insert a \12 in the send string.
Page 401: Table A14-12. Reserved Keywords Used In Place Of A Script Name
To send the backslash character (\), insert it into the string using “\\”. Send a break using “\k”. Reserved Keywords Table A14-12 deﬁnes the four reserved keywords that can be used in place of a script name in the expect, expect_case, and timeout chat script statements. Table A14-12.
Page 402 <script name> used is error. Chat Script Examples The following sample chat script illustrates the Model 5390 chat script language. This script ﬁrst calls the chat script called chat2. If chat2 is successful, chat1 continues (that is, it sleeps for ﬁve seconds).
Page 403 10 end_script The following sample chat script can start a SLIP line on the Model 5390 CLI port. This script sends the string slip with a carriage return. Then it waits ﬁve seconds for a case-sensitive match on the string Switching to SLIP.
Page 404: Setting Up The Motd File
Model 5390 motd_file parameter. The Model 5390 server reads the motd file from the file server host each time it boots, and when the reset annex motd command is issued. Initially, the Model 5390 server requests the file from the preferred load host.
Page 405: Self-Booting Without A Local Ethernet Interface
Boot the Model 5390 server. Using the Model 5390 FTP Daemon Using the Model 5390 FTP daemon, you can upload or download ﬁles (those visible through the superuser CLI ls and edit commands) in the Model 5390 server’s nonvolatile memory (EEPROM) from a remote host.
Page 406: Installing A Time Server
Conﬁguring Hosts and Servers The Model 5390 FTP daemon is primarily useful for saving Model 5390 conﬁguration ﬁles to a host on the network for the purpose of “swapping” Model 5390 servers. NOTE: You cannot “get” or “put” boot images using the Model 5390 FTP daemon.
Page 407: Dump Host Services
The host to which the Model 5390 server sends a dump must have bfs or tftp capability. You can define a preferred dump host to which the Model 5390 server first tries to upload a dump file. If this address is not specified or the host is not available, the Model 5390 server broadcasts a request and dumps to the first host that responds.
Page 408: Table A14-15. Dump File Naming Conventions
195.46.2.15 Conﬁguring Name Servers The Model 5390 server uses various means of creating and maintaining the host table. This table includes the host names and the corresponding IP addresses of hosts known to the Model 5390 server. The host table is generated by querying a name server and/or listening for broadcasts from RWHO daemons running on other hosts.
Page 409: Domain Name Server
Conﬁguring Hosts and Servers If the network is using a domain name server, you must add a resource record for each Model 5390 server to the domain server. If the network does not have any name servers, the Model 5390 distribution provides source for an IEN-116 server that you can install.
Page 410: Ien-116 Name Server
Then review the name server host’s /etc/hosts file and select a host that does not appear in the Model 5390 host table. Using the CLI hosts command, force the Model 5390 server to query the name server (see hosts on page C3-24).
Page 411: Advertised Services
Regardless of the priority level you define, the Model 5390 sends events to the host according to the priority defined in syslog_mask. Following is an example of an entry in /etc/syslog.conf for logging Model 5390 events: # Annex logging local7.debug...
Page 412: Learned Services
Each LAT service has an associated set of group codes. The users on the Model 5390 server will have access to a LAT service only if the service and the Model 5390 server have at least one enabled group code in common. For example, if the desired LAT service has group codes 1 and 3 enabled, the Model 5390 server must have either group code 1 or group code 3 enabled to access the service.
Page 413: Accessing Lat From A Model 5390 Server Port
Conﬁguring Hosts and Servers to the service. The Model 5390 server maintains information only for the services to which its users have access; the services command displays only the services to which Model 5390 users have access. Restricting Access to LAT Services The group_value parameter specifies which remote group codes can access the local services offered by a particular Model 5390 server.
Page 414: Telnet-To-Lat Gateway
Model 5390 server. When a LAT user connects to the Model 5390 vcli service, it is the same as a telnet vcli. If all vclis are in use by Telnet and LAT users, the connection request is rejected.
Page 415: Figure A14-1
The ip_addr on the annex-selector line refers to the specific Model 5390 server offering the gated LAT service. The ip_addr on the translate line is the IP address that translates to a LAT service. Both ip_addr fields are specified in the standard dotted-decimal notation.
Page 416: Lat-To-Telnet Gateway
LAT host can use this service. Also, the Model 5390 server must be rebooted. Using the above sample entry, after the Model 5390 server is rebooted, the LAT user will see an entry for frodo in the services display and the host field will correspond to the service_name set in...
Page 417: Host-Initiated Connections
When a connection is established with a LAT host, the Model 5390 server sends that host a report of the port parameters via a report data-b slot message. If the Model 5390 server receives a set data-b slot message from a connected LAT host, it responds by conﬁguring the port as commanded by the set data-b slot message.
Page 418 Conﬁguring Hosts and Servers request or offers to place it in a queue. After the server accepts the print request, it connects to the host and transfers the data. A14-62 893-741-B...
Page 419: Table A14-16. Variable Definitions For Vms Command File
ﬁle, and a service name is not required on the VMS side. NOTE: Deﬁne the mode parameter for the Model 5390 port used for HIC. The following sample VMS command ﬁle sets up a printer queue directed to the Model 5390 port: $ run sys$system:latcp create port lta901: /log...
Page 420: Miscellaneous Lat Parameters
LAT hosts will refer to the Model 5390 server. After changing the appropriate LAT parameters, the administrator must issue the na command reset annex lat to activate the new parameters.
Page 421: Overview Of Local Password Protection
ﬁts the needs of your environment. To use any security feature, you must enable security for the Model 5390 server by setting the enable_security parameter to Y. This parameter is mandatory if you intend to use any Model 5390 security mechanisms except the administrative password for access to administrative tools.
Page 422: Implementing Local Virtual Cli Password Protection
Local password protection can be used as a back-up security mechanism in case the host-based security servers are unavailable. The passwords set in the following parameters are stored on the Model 5390 server and do not involve the use of a security server: •...
Page 423 You can also use the vcli_password as a back-up to host-based security. When local VCLI password protection is used as a back-up, the Model 5390 server first accesses the security server to validate a CLI connection request. If no response is received from a security server, the Model 5390 server requests the local VCLI password.
Page 424: Administrative Password
Commands starting on page C1-1). Protecting the Superuser CLI The Model 5390 administrative password is required for access to the superuser CLI. The default password is the Model 5390 IP address. There are two ways to change the password: •...
Page 425: Protecting The Na Utility From Unauthorized Access
In addition to the available security schemes, the Model 5390 server provides timers that can reset a port. The cli_inactivity port parameter sets the CLI inactivity timer: when the last session is completed, the Model 5390 server resets the port after the time interval specified for this parameter elapses.
Page 426: Virtual Cli Security
Kerberos authentication. • SecurID authentication. • SafeWord security. • Validation for access to the Model 5390 FTP daemon. • Connection security. • Security event logging. The following subsections describe the basic ACP actions when the enable_security parameter is set to Y.
Page 427: Cli Security
Create an entry in the acp_passwd ﬁle (see Creating User Password Files on page A15-11). • If the vcli_security parameter is set to Y, the Model 5390 server tries to use ACP. If ACP is down, the Model 5390 server prompts for the password speciﬁed in the vcli_password parameter.
Page 428: Connection Security
5390 server does not perform a security check for CLI connections and allows unrestricted access to the CLI. Connection Security You can authorize or deny access to speciﬁc hosts or networks from the Model 5390 server: • If the connect_security parameter is set to Y, the Model 5390 server uses ACP on a connection (telnet, rlogin, etc.) from the CLI.
Page 429: Serial Link Security
Model 5390 server does not try to use ACP (it assumes the connection was opened using ACP on the CLI connection). If the cli_security parameter is set to N, the Model 5390 server tries to use ACP. If ACP is down, the slip or ppp command fails.
Page 430: Setting Up A Security Server
Model 5390 server repeats the query several times. If the Model 5390 server still does not receive a response, it queries the host deﬁned in the pref_secure2_host parameter. If a response is not received from the second...
Page 431: Disable Broadcasting For Security Servers
The network_turnaround parameter specifies the amount of time in seconds in which the Model 5390 server expects a response from the security servers. To reduce the possibility of a retry, the network turnaround time should be long enough to allow for a network transmission to the security server and transmission back to the Model 5390 server;...
Page 432 To have ACP prompt for a port password along with the user name and password, create an entry in the acp_passwd ﬁle as follows: <Annex IP address>.<port_number>::0:0:<test>:: In the following example, the acp_passwd entry for the Model 5390 server on port 1 called Ollie, with the IP address of 132.245.33.11, is: 132.245.33.11.1::0:0:Ollie Dialin modem port password:: After creating this entry, use the ch_passwd command to enter the port password: % ch_passwd 132.245.33.11.1...
Page 433: Encrypting Security Messages
When the security server receives an encrypted message from the Model 5390 server, the server tries to match that key against the key assigned to the Model 5390 server in the file. If no match exists, the Model 5390 server and the server cannot communicate.
Page 434 • Each key can contain a maximum of ﬁfteen characters. Model 5390 servers with no entries are assumed to have no key set. Because wild cards are valid, some entries in the ﬁle may require an explicit “no key” declaration:...
Page 435: Creating The Acp_Dialup File
The acp_dialup file resides in the install directory. Any ACP dial-up address request that comes from the Model 5390 server has an associated user name and an IP address which are used as keys in this file. After the keys are matched, the corresponding dial-up addresses are returned to the caller on the Model 5390 server.
Page 436: Creating The Acp_Userinfo File
4, 5, and 6 through 9. The remote address is 100.30.200.45; the local address is 100.30.200.46. • User green can make a dial-up address request from any port on any Model 5390 server. The remote address is 100.30.200.48; the local address is the address of the Model 5390 server from which the request originates.
Page 437: Accesscode
Description The user is prompted for this code when logging onto a port deﬁned for dial-back security (after the accesscode prompt). A list of one or more of the accesscode entries: phone_no, in_pool_name, out_pool_name, job. Using Model 5390 Security A15-17...
Page 438 If cobb enters the information at each prompt, the Model 5390 server determines whether or not cobb’s access is via the inbound modem pool; if so, cobb receives an annex prompt. If cobb enters prompt phone, the Model 5390 A15-18...
Page 439: Climask
Each user can have a CLI command mask in the acp_userinfo ﬁle that limits which CLI commands the user can execute (see Masking CLI Commands on page A15-82). Table A15-2 lists the entries for climask in the acp_userinfo ﬁle. 893-741-B Using Model 5390 Security A15-19...
Page 440: At_Zone
A list of user level CLI commands, separated by commas, that are not available to the user. The list of restricted command names is sent to the Model 5390 server and the user is prevented from executing those CLI commands. Do...
Page 441: At_Connect_Time
524-n characters, where n is the number of zones in the list. • The reserved keyword end cannot appear as a zone argument. • A string containing a space must be enclosed in double quotation marks. Using Model 5390 Security A15-21...
Page 442: Table A15-4. Entries For At_Connect_Time In The Acp_Userinfo File
Using Model 5390 Security Table A15-4. Entries for at_connect_time in the acp_userinfo File Entry time_value at_nve_ﬁlter NVE ﬁltering controls a remote access Apple user’s view of network resources: when using Chooser to select resources, only the resource set deﬁned for the user by the administrator will be visible.
Page 443: At_Nve_Filter
CAUTION: This method of limiting NBP trafﬁc is not secure, and can be circumvented by a person willing to write some code to probe the network without using NBP. Also, this feature has no local Model 5390 security equivalent. at_passwd Each registered AppleTalk user (as opposed to a guest) must have a password deﬁned in the...
Page 444: Chap_Secret
Using Model 5390 Security The following example illustrates an at_passwd entry in the acp_userinfo ﬁle: #Set up the user entry user cobb at_passwd ned\ ry A guest entry in the acp_userinfo ﬁle looks like this: #Set up a guest user entry that allows guests to connect #for 1 hr.and hides our file servers...
Page 445: Specifying Modem Pools Within The Acp_Userinfo File
Specifying Modem Pools Within the acp_userinfo File A modem pool is a logical grouping of serial ports on one or more Model 5390 servers. A minimum conﬁguration includes at least one modem pool for dial-in and one modem pool for dial-out. You can create a bidirectional modem pool, but this will compromise Model 5390 dial-back security.
Page 446: Ports
The following sample modem pool named inbound includes ports 1–16 and 18–19 on the Model 5390 server called titon, and port 20 on the Model 5390 server with the IP address 132.245.3.86. Model 5390 entries are shown using symbolic and dotted quad notation.
Page 447: Using Dial-Back Security
(few) users require an entry in the acp_userinfo ﬁle. System administrators can disable this policy and reconﬁgure erpcd so that all users are required to have a deﬁned access code to access the Model 5390 (even if dial-back is not used by all users): Edit the ﬁle /usr/annex/src/erpcd/acp_policy.h: Change the line “#deﬁne DEFAULT_NO_USERINFO”...
Page 448 For details on using a PPP link, see Point-to-Point Protocol (PPP) starting on page A8-1. Conﬁguring the Model 5390 Server for Dial-back Security The Model 5390 type_of_modem port parameter is a 16-byte string that speciﬁes the modem type connected to the port(s) used for dial-back. The type_of_modem parameter indexes the modem description table in the modem section of the conﬁguration ﬁle.
Page 449: Using Appletalk Security
For more details on using the conﬁguration parameters, see Conﬁguration Parameters starting on page C2-1. Using AppleTalk Security The Model 5390 implementation of ARA provides three areas of security: • ARA security. • Zone security. • NVE ﬁltering. • Logging.
Page 450: Zone Security
Every user can have a zone list assigned via remote ACP. If a list is not available via ACP, the Model 5390 server provides all the zones it has learned from the network. If local security is used, use the per Model 5390 default_zone_list parameter.
Page 451: Security For Ipx, Auto_Detect, And Auto_Adapt Ports
Logging The Model 5390 server logs activity and errors from the ARA session. The log is accessed via remote ACP (see Logging User and Model 5390 Events on page B1-22 for more details). Using IPXCP Security The Internet Packet Exchange Control Protocol (IPXCP) uses PPP security. For information on PPP security, see Using PPP Security on page A15-46.
Page 452 To authenticate IPX users via passwords, use Model 5390 server-based or UNIX host-based (ACP) security. Model 5390 server-based security is the easier of the two to conﬁgure but allows only port password protection; you cannot use it for access control. UNIX host-based security can provide...
Page 453 Model 5390 based Port Passwords To set Model 5390-based port passwords, set the port parameter ipx_security to N and set the port_password parameter (in addition to setting enable_security to Y). In the following example, passwords are set for ports 3 and 10 using admin:...
Page 454 Using Model 5390 Security If you want the Model 5390 server to broadcast for a security server when the deﬁned servers do not respond, set the Model 5390 security_broadcast parameter to Y. Set the ipx_security port parameter to Y for the ipx or...
Page 455 Enter user names and passwords in the acp_passwd ﬁle on the UNIX security server. For more information, see Creating User Password Files on page A15-11. The following occurs when a FastLink II software user logs into the Model 5390 server from a PC client: •...
Page 456 If you set the port administratively to ipx, npd, auto_detect or auto_adapt, the user is prompted for a password before being connected to the Model 5390 server. If SecurID times out, the user’s password expires. When the user tries to reconnect using the expired password, FastLink II software denies access to the Model 5390 server and the user must enter a new password.
Page 457 IPX users: Make sure the Model 5390 enable_security parameter is set to Y. Set the Model 5390 port to cli mode. Have the user dial into this port from FastLink II terminal mode. Have the user press Return. The Model 5390...
Page 458: Other Acp Security Mechanisms
Annex DOS Dial-out software and the FastLink II software. The Model 5390 server connects the user to one of a set of ports that you reserve for dial-in, and then calls the user back on one of a set of ports that you reserve for dial-back. By reserving different ports for dial-in and dial-back, you avoid tying up dial-in ports for long periods of time.
Page 459 Set the port type_of_modem parameter to the modem type attached to the port (for example, USR_144). This value must match the type_of_modem ﬁeld in the Model 5390 conﬁguration ﬁle, which resides on the host from which your Model 5390 server boots and is named (by default) conﬁg.annex.
Page 460 Pool entries deﬁning the ports in the speciﬁed in_pool and out_pool. In order for the Model 5390 server to initiate a dial-back request, the user must log into one of the ports deﬁned in in_pool. The out_pool entry deﬁnes the ports on which the Model 5390 server dials the user back.
Page 461 If zelda dials into port 8, 9, or 10 on marcom, she is dialed back from port 3 or 4 on stratplan or port 5 or 6 on marcom. • If zelda dials into any other port on any other Model 5390 server, she is connected immediately rather than dialed back. •...
Page 462 For more information, see Recompiling erpcd starting on page A15-84. Charge-back Charge-back allows a user to dial into one or more Model 5390 servers from any phone and be dialed back at any number. This is convenient for users, such as sales representatives, who want to dial in from more locations than can easily be conﬁgured for dial-back but who do not want sessions...
Page 463 User jeremiah can now dial into the Model 5390 server named george or the one named pogo via any Model 5390 server that uses this acp_userinfo ﬁle; jeremiah speciﬁes the call-back number via FastLink II software (refer to the FastLink II Client Pack documentation). After the Model 5390 server authenticates jeremiah and his password, the following occurs: •...
Page 464 • The user need not be concerned about which ports the Model 5390 server uses for dial-in or charge-back. When security is running, which is the case as soon as the erpcd daemon is started on the Unix host, erpcd makes an internal copy of acp_userinfo.
Page 465 5390 server calls the ACP security service on the security host. Each time this security service grants or denies a request to access the Model 5390 server, the service enters a message in a ﬁle deﬁned as acp_logﬁle. This ﬁle is created by erpcd and is located in the install directory along with the other ACP ﬁles, such as acp_passwd (see UNIX-based Passwords on page A15-33).
Page 466: Using Ppp Security
To change the name and/or format of the acp_logﬁle, see Modifying the Supplied Security Application on page A15-74. NOTE: The Model 5390 server logs security events for ndp-mode ports as described in the Administering the Annex DOS Dial-out Software documentation.
Page 467: Password Authentication Protocol (Pap)
Upon receipt, the peer authenticates that combination. When the Model 5390 server requests PAP and the peer ACKs the request, the Model 5390 server handles the incoming PAP user name/password combination as follows: •...
Page 468: Receiving A Chap Challenge
If the slip_ppp_security parameter is set to Y, the Model 5390 server uses ACP to acquire the secret token based on the name field in the response. The Model 5390 server uses local security when ACP is unavailable and the port_password parameter is set; local security ignores the user name and checks the response against port_password.
Page 469: Using The Ppp Security Parameters
CHAP is ACKed during LCP. If the Model 5390 server is ACKed for CHAP, it will seek only one valid response. After the Model 5390 server receives a valid response, it sends challenges at irregular intervals while the link is up.
Page 470 Using Model 5390 Security parameter settings and their effect on Model 5390 activity. Table A15-11.PPP Security Parameters and their Effect on Model 5390 Activity enable_security = N ppp_security_protocol = n/a slip_ppp_security = n/a enable_security = Y ppp_security_protocol = none slip_ppp_security = Y...
Page 471 Table A15-11.PPP Security Parameters and their Effect on Model 5390 Activity (continued) enable_security = Y ppp_security_protocol = chap slip_ppp_security = Y enable_security = Y ppp_security_protocol = chap slip_ppp_security = N enable_security = Y ppp_security_protocol = chap-pap slip_ppp_security = Y enable_security = Y...
Page 472: Using Filters For Security
An effective way to provide this kind of protection is to select one Model 5390 server on the internal network to be the network’s chokepoint or ﬁrewall through which all trafﬁc to and from external networks must pass.
Page 473: Using Kerberos Authentication
Filters can apply to one particular physical interface on the Model 5390 server or to all Model 5390 interfaces and can affect incoming or outgoing packets. An interface is a SLIP port named asyn, where n is the port number, a PPP port named asyn or synn (again, n is the port number), or the Ethernet port (en0).
Page 474: Enabling Kerberos Authentication
ACP servers to use Kerberos authentication for consistency. Conﬁguring the Model 5390 Server for Use with Kerberos Authentication To conﬁgure the Model 5390 server for use with Kerberos authentication, you must set the parameters as indicated in Table A15-12. Table A15-12.Kerberos Parameter Settings...
Page 475: Assigning A Securid Card To A User
The SecurID card is a credit-card sized card containing a microprocessor and an LCD display. This card generates, at a designated interval, a one-time-only, unpredictable code on the LCD display. At the usual system prompt from your Model 5390 server, SecurID card users enter a passcode in order to access your protected system.
Page 476: The Securid Card User Interface
Using Model 5390 Security Clients An ACE/Client is a TCP/IP system connected via a network to the ACE/Server. Whenever a client sends a user-authentication request, the ACE/Server looks up the client’s name. For this name to be found, the network addresses of all clients must be added to the ACE/Server database, and all the network addresses must be known to the server via the /etc/hosts ﬁle or your NIS name server.
Page 477: New-Pin Mode
ACE/Server If the user enters a PIN, ACP prompts for the code’s reentry (the typed characters are not echoed back to the terminal). The reentry prompt looks like this: Please re-enter PIN: 893-741-B Using Model 5390 Security A15-57...
Page 478 Set the Model 5390 parameters password and vcli_password and the port parameter port_password to the null string ("") if you want the ACE/Server system to authenticate all login attempts before allowing access to the Model 5390 server. Also, do not set a port password in the acp_passwd ﬁle when using SecurID.
Page 479 ﬁle unless all the ACP server processes in your network are conﬁgured and installed to do user authentication by calling the ACE/Server. Set the Model 5390 parameter acp_key to its assigned value and enter this value into the Model 5390 server’s host ﬁle acp_keys.
Page 480: Integrating Securid Into Acp
Using Model 5390 Security Integrating SecurID into ACP Integrating the ACE/Server software into ACP requires changes to the erpcd utility. The following instructions assume that the ACE/Server software is installed in a directory called /usr/ace and the Annex software is installed in /usr/annex; if your code is installed in different directories, substitute the appropriate pathnames where applicable.
Page 481 Enable ACP by removing the pound sign (#) from its entry. The edited ﬁle looks like this: 893-741-B # erpc remote programs # prog no verlo verhi name # erpc remote programs # prog no verlo verhi name Using Model 5390 Security A15-61...
Page 482 The hosts that have erpcd running must be registered as clients, and all users with SecurID cards that will log into the Model 5390 server(s) must be allowed to access the host clients. On the Model 5390 server, enable security, conﬁgure the preferred security server, and enable CLI security on the ports to be protected by SecurID.
Page 483: Using Securid And Acp Simultaneously
SecurID (as in the above example). The other ports will use ACP security. You can also alter the USE_SECURID_CHECK reference(s) in the /annex_root/src/erpcd/acp_policy.c ﬁle. For more details on altering the acp_policy.h and acp_policy.c ﬁles, see Modifying the Code on page A15-84. 893-741-B Using Model 5390 Security A15-63...
Page 484: Integrating Safeword Into Acp
Model 5390 server, or dial out from the Model 5390 server (for example, if you telnet to a port in slave mode), the Model 5390 server does not display the SafeWord Failed Access Report. In addition, the Model 5390 server does not run the user’s SafeWord execute program at the end of the authentication process.
Page 485 If erpcd is running on the host, kill the existing erpcd process. (Your process number will vary): # ps –ax | grep erpcd 25493 ? IW 0:00 ./erpcd 25797 p1 S 0:00 grep erpcd # kill -9 25493 893-741-B Using Model 5390 Security A15-65...
Page 486: Safeword Passwords
# make install Restart erpcd: # /usr/annex/erpcd On the Model 5390 server, use admin or na to set pref_secure1_host to the Internet address of the host running SafeWord and erpcd. You can enter the backup host’s address in the pref_secure2_host parameter.
Page 487: Dynamic Passwords
Fixed Passwords System administrators can generate a user’s initial ﬁxed password and can set the password’s expiration date. When an existing password expires, Model 5390 users can choose a new ﬁxed password: If the expiration message appears after you enter your user name and password, press the Escape key and then press Return The Old Fixed Password message appears.
Page 488: Using Safeword And Acp Simultaneously
NOTE: For detailed information about conﬁguring and generating ﬁxed and dynamic passwords, refer to Enigma Logic’s SafeWord docu- mentation. Using SafeWord and ACP Simultaneously You can limit SafeWord to speciﬁc ports on the Model 5390 server by modifying the #ifdef ENIGMA_CHECK macro #ifdef ENIGMA_SAFEWORD * This macro can be changed to select the ports on which * the Enigma system is used.
Page 489: Safeword Backup Security
For more details on altering the acp_policy.h and acp_policy.c ﬁles, see Modifying the Code on page A15-84. SafeWord Backup Security The Model 5390 server uses the following procedures if the server running SafeWord and erpcd is down: • If the Model 5390 server ﬁnds another server running erpcd but not SafeWord, ACP will control Model 5390 security.
Page 490 N, the user is prompted for a user name and a password. The Model 5390 server will accept any user name, but grants ftp access only after checking the password against its administrative password. If the Model 5390 server grants access, the user’s name appears in the who command display.
Page 491: Configuring The Ip Basic Security Option (Ipso)
Return when ﬁrst connected to the port.) The Model 5390 server does not add the option to locally generated system packets, such as ICMP messages and RIP updates. Nor does the Model 5390 server check incoming packets for the presence of the IP Security Option.
Page 492: Setting Up Connection Security
When a router that fully implements IPSO receives a packet with an unacceptable classiﬁcation level, it sends an ICMP security discard message to the packet’s originator. If the Model 5390 server receives a discard message, it passes it to the application running on the port that generated the IPSO packet.
Page 493: Logging Security Events
192.17.5 and grants access. It ﬁnds the restricted deﬁnition for hosts on any other network and does not grant access. The ﬁrst entry unrestricts all IP addresses on network 192.17.5 from all Model 5390 servers on that network, but restricts access to any IP address off that network. 192.17.5.*~ 192.17.5.* 192.17.5.*: *...
Page 494: Modifying The Supplied Security Application
Using Model 5390 Security Each logged message in the acp_logﬁle contains the following ﬁelds: • IP address of the Model 5390 server. • Sequence number. • Port number. • Date. • Time. • Module. • Event. • Packets in. •...
Page 495: Disabling User Name And Password Validation
To use the NIS password ﬁle for veriﬁcation through ACP, change (uncomment) the following lines: /* #define NATIVEPASSWD 1 */ /* #define NATIVESHADOW 1 */ 893-741-B #define USER_VALIDATION 0 #define NATIVEPASSWD 1 #define NATIVESHADOW 1 Using Model 5390 Security A15-75...
Page 496 Using Model 5390 Security You can change several other options in the same way: * Uncomment this line to select the use of the\ * standard syslog(3) facility in addition to or in\ * place of the logfile -- the value of "USE_SYSLOG"\ * is used to identify the daemon.(Comment the...
Page 497: Changing The Expected File Names Used By Acp
Using Model 5390 Security Changing the Expected File Names Used by ACP The supplied policy uses names for various ﬁles. For example: acp_passwd, acp_keys, acp_restrict, and acp_logfile. You can change the names of any of these files in the /annex_root/ src/erpcd/acp_policy.h file.
Page 498 Using Model 5390 Security If you decide to use either an existing system or a network-wide password ﬁle instead of the acp_passwd ﬁle, change the following lines in the acp_policy.h ﬁle: #define ACP_PASSWD (str) \ sprintf(str,"%s/acp_passwd",install_dir) #define ACP_PTMP (str) \ sprintf(str,"%s/acp_ptmp",install_dir)
Page 499 */ #define ACP_KEYS(str) \ sprintf(str,"%s/acp_keys",install_dir) define pathanme for annex dialup addresses file */ #define ACP_DIALUP(str) \ sprintf(str,"%s/acp_dialup",install_dir) define pathname for user profile file */ #define ACP_USERINFO(str) \ sprintf(str,"%s/acp_userinfo",install_dir) #define ACP_ESERVICES(str) \ sprintf(str,"%s/eservices",install_dir) 893-741-B Using Model 5390 Security A15-79...
Page 500 Using Model 5390 Security In the same way, you can also change the expected prompts for default applications: #ifndef SECURID_CARD #define ACP_USERPROMPT "Annex username: " #define ACP_PASSPROMPT "Annex password: " #define ACP_PERMGRANTD "\nPermission granted\n" #define ACP_PERMDENIED "\007\nPermission denied\n" #define ACP_INCORRECT "\nUsername/Password Incorrect\n"...
Page 501 #define RETRIES_MAX 3 Locking the acp_logﬁle File To prevent two or more hosts processes from logging a record simultaneously, the Model 5390 erpcd code uses the lockf system call from the host to lock the acp_logﬁle. This locking action prevents other processes from writing the ﬁle until the ﬁle update is complete.
Page 502: Masking Cli Commands
Using Model 5390 Security * Uncomment this line to select the F_LOCK method to lock the * acp_logfile for updating. * A file must be locked for update in order to block other * processes from writing to it simultaneously.
Page 503 #define MASK_NONE0x80000000 NOTE: After changing the code, cd to the /src directory and recompile erpcd. For more speciﬁc command disabling, for example, by user name, you must edit the distribution policy ﬁle /annex_root/src/erpcd/ acp_policy.c. 893-741-B Using Model 5390 Security A15-83...
Page 504: Modifying The Code
/annex_root/src/erpcd/acp_policy.h. The program that executes ACP starts a new version of itself each time a security request is received from a Model 5390 server. A call is made to an ACP remote procedure, which makes calls to functions in the ACP library to prompt for user names, passwords, etc.
Page 505: Restricting Telnet Access To Certain Ports
Using Model 5390 Security Restricting telnet Access to Certain Ports The Model 5390 operational code passes the TCP port number to ACP when doing a telnet on a port with connect_security enabled. This feature allows restrictions on connections to certain TCP ports.
Page 506 Using Model 5390 Security A15-86 893-741-B...
Page 508 Part B Network Administration • Chapter B1, “Network Administration” • Chapter B2, “Simple Network Management Protocol (SNMP)”...
Page 509: Displaying Network Statistics
Manage the Model 5390 host table. Monitoring Network Activity The Model 5390 server provides three CLI commands (netstat, ping, and arp) to monitor network activity (for more details, see Using the CLI Commands starting on page C3-1). Using the CLI commands, you can: •...
Page 510: Active Connections
Network Administration • IPX statistics. • RIP statistics. • Routing table information. • Route cache information. • Dial-out route statistics. • Rotary information. • Filtering statistics. • Memory statistics. • Protocol statistics. Active Connections Entering the netstat command without arguments displays the local and remote addresses, send and receive queue sizes (in bytes), protocol, and the internal state of the protocol for all active connections.
Page 511: Table B1-2. Hardware Interface Statistics For Ethernet
Active connections (including servers) Proto Recv-Q Send-Q Local Address Interface Statistics The netstat –i command displays interface statistics for the Model 5390 server running on an Ethernet LAN. Table B1-2 describes the hardware interface statistics for Ethernet. Table B1-2. Statistic...
Page 512 Network Administration Table B1-2. Statistic CRC Errors Alignment Errors Bad Type/ Length Fields Buffer Drops FIFO Drops Interface Resets TX DMA Underruns RX DMA Overruns Carrier Sense Losses Clear to Send Losses Collisions Detected Max Collision Retries B1-4 Hardware Interface Statistics for Ethernet (continued) Description The number of frames received from the network interface with a bad CRC.
Page 513: Ppp Statistics
The netstat –i command display looks like this: 5390_01# netstat –i Name Network 1500 132.245.66.0 1500 10000–20000 1536 asy2 18358 asy16 1006 132.245.6 asy3 1500 192.9.200 *** Hardware Interface Statistics *** Ethernet Address: Frames Received: Bytes Received: CRC Errors: Bad Type/Length Fields: 6 FIFO Drops: TX DMA Underruns: Carrier Sense Losses:...
Page 514 The states are: The layer has shut down via an administrative or peer request. The Model 5390 server has sent a conﬁgure request and is waiting for an answer. The Model 5390 server has received a conﬁgure ACK and is waiting for a conﬁgure request.
Page 515 The Model 5390 server received and answered a conﬁgure request. Layer negotiation has completed successfully. The link is in process of closing. The Model 5390 server has sent a terminate request and is waiting for a terminate ACK. Shows the states based on the last security messages sent and received;...
Page 516: Slip Statistics
Network Administration Table B1-3. Field CHAP AACK Sent CHAP CHAL Rcvd CHAP CHAL Sent CHAP RESP Rcvd CHAP RESP Sent SLIP Statistics The netstat –iS command displays SLIP data after displaying the hardware interface statistics: 5390_01# netstat –iS Name Network 1500 192.9.200 1536...
Page 517: Appletalk Statistics
1536 asy2 893-741-B Displaying AppleTalk Statistics using the netstat Command Description Displays interface statistics. Displays a speciﬁc Model 5390 PPP interface (see PPP Statistics on page B1-5). Displays the network zone list. Network Address Ipkts Ierrs Opkts 132.245.66.0 worm 26563 0 10000–20000...
Page 518: Rip Statistics
Network Administration *** Hardware Interface Statistics *** Ethernet Address: Frames Received: Bytes Received: CRC Errors: Bad Type/Length Fields: FIFO Drops: TX DMA Underruns: Carrier Sense Losses: Collisions Detected:17526 *** IEEE 802.2 Data Link Layer Statistics *** 802.2 packets received: 1 ATALK packets sent: ATALK packets received: 0 Unknown 802.2 types:...
Page 519: Routing Table Information
Displays the number of triggered updates transmitted over the interface. The Model 5390 server sends triggered updates whenever it changes the hop count of a route. It transmits them immediately, even if it is not yet time for one of the regular update messages to be transmitted.
Page 520: Table B1-6. Displaying Routing Table Information Using The Netstat Command
Network Administration Table B1-6. Field –r –ra –ri The netstat –r command display looks like this: annex: netstat –r Routing tables Destination NextHop 4400 - 4499 4475.129 Apple default 4400.22 IP default 132.245.44.22 US 127.0.0.0/8 132.245.1.0/24 132.245.44.22 UR 132.245.2.0/24 132.245.44.22 UR 132.245.9.0/24 132.245.44.22 UR 132.245.10.0/24 132.245.44.22 UR...
Page 521: Table B1-7. Ip Fields In The Netstat -R Command Display
Deﬁning Routes on page A12-50.) If IP Default appears in the Destination ﬁeld, the entry speciﬁes the route the Model 5390 server uses if it can ﬁnd no other route for a destination. If a name appears in the Destination ﬁeld, the entry is for a host route;...
Page 522: Route Cache Information
ﬁeld from the value of Usage, you can determine how long a route has been in the routing table. The metric for the route. The interface over which the Model 5390 server can reach the next hop. 893-741-B...
Page 523: Dial-Out Route Information
For example, if you deﬁne a subnet mask for a Proxy-ARP serial interface, and that mask is the same as the Model 5390 en0 subnet mask, the routes to that interface will be considered duplicates. As a result,...
Page 524: Rotary Information
1536 127 do1 1500 1 Rotary Information The netstat –R command displays all rotaries configured for the Model 5390 server. Table B1-9 describes the field definitions for the command display. The netstat –R command display looks like this: 5390_01# netstat –R...
Page 525: Filtering Statistics
Filtering Statistics The netstat –f command displays filtering statistics. The statistics are cumulative for the Ethernet ports, that is, changing ﬁlters does not reset the counters. The counters for a SLIP and PPP line reset each time the connection resets. Table B1-10 describes the field definitions for the command display. The netstat –f command display looks like this: 5390_01# netstat –f asy1...
Page 526: Protocol Statistics
Network Administration Memory Statistics The netstat –m command displays statistics for the memory management routines: 5390_01# netstat –m 1127/3599 mbufs in use: 7 mbufs allocated to data 2 mbufs allocated to packet headers 9 mbufs allocated to socket structures 14 mbufs allocated to protocol control blocks 3 mbufs allocated to routing table entries 2 mbufs allocated to socket name 2 mbufs allocated to interface address...
Page 527: Testing The Network
icmp: 2359 calls to icmp_error 0 errors not generated ’cuz old message too short 0 errors not generated ’cuz old message was icmp Output histogram: destination unreachable: 2358 Input histogram: echo reply: 41 tmux: 65 packets from upper levels 0 TMUX packets sent 0 not suitable to TMUX 0 dropped by TMUX 65 not able to TMUX...
Page 528: Table B1-11. Arguments For The Ping Command
–a. Displays the IP and ICMP packet headers for the reply from the host. The host, router, or the Model 5390 server to which the ping is sent. The number of bytes of data in the ICMP Echo Request message.
Page 529: Monitoring Model 5390 Activity
A created entry is permanent unless it is deﬁned as temporary, in which case the entry is deleted after 20 minutes. An entry deﬁned as published causes the Model 5390 server to respond with its hardware address for the speciﬁed host, even though the IP address is not the Model 5390 server’s.
Page 530: Logging User And Model 5390 Events
Logging User and Model 5390 Events The Model 5390 server provides two mechanisms for logging events: host-based security and a 4.3BSD-style syslog daemon (see Using Model 5390 Security starting on page A15-1 for details on host-based security and ACP). Host-based Security Logging Host-based security provides logging capabilities that maintain audit trails of user activity.
Page 531 Each logged message in the acp_logﬁle contains the following ﬁelds: • IP address of the Model 5390 server. • Sequence number. • Port number. • Date. • Time. • Module. • Event. • Packets in. • Packets out. • Bytes in.
Page 532 The size of your network, the number of Model 5390 servers, and the amount of activity generated at each Model 5390 server determines the frequency for moving and compressing the file.
Page 533 Including the call-back message, the new messages generated by ACP while processing ARA logins are: • login User is authenticated and session is started. • logout Session exited via user hang-up, time-out, or administrator reset. • reject Authentication failed. New log messages are generated by the acp_userinfo ﬁle parser if an error is detected when processing the acp_userinfo ﬁle (see Using include Files in the acp_userinfo File on page A15-25 for more details).
Page 534: Event Logging Using Syslog
The next example shows a request for the printer on annex through the port server. May 5 8:17:5 annex rdr[39]:Port-Begin:14:RDP:LPRt10:Actg:ager You can create audit trails and accounting reports for the Model 5390 server and its serial ports by sorting and merging log entries.
Page 535: Displaying User Activity
Displaying User Activity When the CLI who command is issued for the Model 5390 server, it displays the user name, the jobs the user is running, when the connection began, any idle time, and the source of the connection. This command also displays current users on other Model 5390 servers, and on other hosts, if those hosts have fingerd running for who user@host.
Page 536: Displaying Model 5390 Statistics
Network Administration Displaying Model 5390 Statistics The CLI stats command displays general Model 5390 statistics, or statistics for one or more serial ports (see stats on page C3-55 for more details). A typical stats command display for a Remote Model 5390 server on an Ethernet network looks like this:...
Page 537: Monitoring Serial Line Activity
Monitoring Serial Line Activity The Model 5390 server provides two superuser CLI commands that display information about the state of the Model 5390 serial ports: control and tap (see control on page C3-17 and tap on page C3-72 for more details).
Page 538: Managing The Host Table
Number of users (if the entry is updated by RWHO). The CLI hosts command displays all entries in the host table. The Model 5390 server can build and update the host table from RWHO messages and from responses to DNS and/or IEN-116 queries.
Page 539: Loading The Host Table From The Configuration File
60 minutes, the entry is removed from the table. If the host table acquires a new entry after it is full, the Model 5390 server deletes the oldest, least-used entry to make room for the new one. If the host table is too small, it frequently changes.
Page 540: Disabling Software Modules
If you enter more than one module, separate module names using commas. Valid options are admin, atalk, dialout, edit, ﬁngerd, ftpd, ipx, lat, nameserver, ppp, slip, snmp, tn3270, tstty, vci, all, or none. The default is vci (disables the Model 5390 VMS interface). The syntax for disabling several modules is:...
Page 541: Sessions Not Terminated
A port conﬁgured as autobaud may retain the baud rate of the previous session. • The port server session may not be terminated if you try to use an outgoing Model 5390 port as a front end to another host (or to connect to a modem or switch), and the interface at the other end drops DCD (see Modems starting on page A6-1 for more information on using modems).
Page 542: Connection Delays When Using Name Servers
Hosts not Appearing in Hosts Display The Model 5390 hosts command should list any hosts that broadcast RWHO packets if the conﬁguration parameter rwhod is set to Y. If you expect to see a host in the hosts display and it does not appear, wait several minutes and then reissue the hosts command before assuming there is a problem;...
Page 543: Network Logins To Bsd Hosts Are Invisible
Usually, this assumption is correct because routers do not forward broadcast packets. Some RWHO daemons do forward RWHO packets. You can turn off RWHO at the Model 5390 server by setting the rwho parameter to N. RWHO entries are not added to the Model 5390’s host table.
Page 544 Network Administration B1-36 893-741-B...
Page 545: Snmp Protocol Overview
TCP/IP protocol suite. SNMP provides an easier and more efﬁcient means of managing the Model 5390 server. • The SNMP protocol can send queries to the SNMP agents located in each Model 5390 server. • Each SNMP agent collects information about its Model 5390 server and provides that information to the Network Management Station running the Model 5390 server.
Page 546: Snmp Management Stations
The Model 5390 server uses a timeout and retry mechanism to guarantee the SNMP command’s delivery. If a timeout occurs, the Model 5390 server does not know if the agent did not receive the command or if the agent’s response was lost.
Page 547: Configuring The Snmp Agent
Conﬁguring the SNMP Agent Entries in the gateway section of the configuration file, which is downloaded during Model 5390 initialization, both enable the SNMP agent and define the operating characteristics of the SNMP daemon that controls the SNMP agent Parsing the Conﬁguration File on page A14-3...
Page 548 At system startup, the SNMP agent requires at least one community string to be deﬁned in the conﬁguration ﬁle. If the ﬁle does not contain a community string, the Model 5390 server defaults to the community name public (unless SNMP is disabled in the Model 5390 parameter disabled_modules).
Page 549 Traps are unsolicited administrative messages generated by SNMP agents on the network. The keyword traphost defines the host to which SNMP traps are sent. For the Model 5390 server to generate traps, one or more trap host addresses must be defined in the gateway section of the configuration file along with the SNMP community string.
Page 550 (for example, enter LAT, PPP, SLIP to turn these features off). If you disable SNMP, the Model 5390 server will discard all SNMP messages it receives. By default, the SNMP agent on the Model 5390 server is enabled (for more details, see disabled_modules on page C2-21).
Page 551: Using Snmp Set To Send Commands To The Model 5390 Server
When disabled, the Model 5390 server rejects all SNMP set commands; the Model 5390 SNMP agent returns the error no such name for the ﬁrst object in the set command (for more details, see allow_snmp_sets on page C2-11).
Page 552: Standard Mib Support
To reset the Model 5390 subsystem, use SNMP set to write the desired type (all, macros, motd, nameserver, security) to the MIB object anxcReset. • To reset all printer, serial, or virtual ports on the Model 5390 server as a group, use SNMP set to write the desired value to the MIB object anxcReset. •...
Page 553: Describing And Naming Objects
Standard MIBs on page B2-10. Most Model 5390 parameters do not map to standard MIB objects. Instead, they map to MIB objects in a proprietary (or private enterprise) MIB speciﬁc to the Model 5390 server. The private MIB also contains objects that provide status and statistics information to the network manager (see Model 5390 Parameters versus Model 5390 Private Enterprise MIB on page B2-16).
Page 554: Model 5390 Restrictions On Standard Mibs
Simple Network Management Protocol (SNMP) Model 5390 Restrictions on Standard MIBs e Model 5390 SNMP agent does not use all objects in the supported standard MIBs. This section lists the supported standard MIBs and outlines the differences between the Model 5390 server parameters and speciﬁc standard MIB objects.
Page 555: Rfc 1213 Mib-Ii Restrictions
RFC 1213 MIB-II Restrictions The Model 5390 server supports RFC1213’s system, interfaces, at, ip, icmp, tcp, udp, and snmp groups. It does not support the egp group. In addition, some individual objects have the restrictions outlined in Table B2-4. Table B2-4.
Page 556: Rfc 1243 Appletalk Mib Restrictions
Simple Network Management Protocol (SNMP) RFC 1243 AppleTalk MIB Restrictions The Model 5390 server does not support the llap, rtmp, kip, zip, and nbp groups. It supports the aarp, atport, ddp, and atecho groups with the restrictions listed in Table B2-5.
Page 557: Rfc 1398 Ethernet Mib Restrictions
Table B2-6 describes additional restrictions. Table B2-6. Object Name rip2IfStatStatus rip2IfConfDomain RipIfConfAuthKey ripIfConfStatus RFC 1398 Ethernet MIB Restrictions The Model 5390 server supports RFC 1398’s dot3StatsTable and dot3CollTable with the restrictions outlined in Table B2-7. Table B2-7. Object Name dot3StatsSQETestErrors dot3StatsInternalMac ReceiveErrors 893-741-B...
Page 558: Rfc 1316 Character Mib Restrictions
Simple Network Management Protocol (SNMP) RFC 1316 Character MIB Restrictions The Model 5390 server supports the char group with the restrictions outlined in Table B2-8. Table B2-8. Object Name charPortAdminStatus charPortOperStatus charPortInFlowType charPortOutFlowType charPortAdminOrigin charPortName charPortSessionMaximum charSessKill charSessState charSessConnectionId charPort objects for virtual...
Page 559: Rfc 1317 Rs-232 Mib Restrictions
RFC 1317 RS-232 MIB Restrictions The Model 5390 server supports this MIB with the restrictions described in Table B2-9. Table B2-9. Object Name rs232PortInSpeed rs232PortOutSpeed rs232AsyncPortParity rs232AsyncPortStopBits rs232SyncPortTable Setting Port Speed The rs232PortInSpeed, rs232PortOutSpeed, and rs232AsyncPortAutobaud are reserved for the Model 5390’s asynchronous ports.
Page 560: Model 5390 Parameters Versus Model 5390 Private Enterprise Mib
Most of the conﬁguration parameters are provided as objects with read-write access permission in the Model 5390 private enterprise MIB. A number of these parameters can be found in the standard MIBs that the Model 5390 SNMP agent supports.
Page 561: Configuration Parameters Versus Mib Objects
Conﬁguration Parameters versus MIB Objects Table B2-11 lists the Model 5390 conﬁguration parameter and the corresponding MIB Object. Table B2-11. Configuration Parameter versus MIB Object Conﬁguration Parameter acp_key allow_snmp_sets a_router authoritative_agent broadcast_addr cli_prompt conﬁg_ﬁle daylight_savings default_zone_list disabled_modules enable_security host_table_size image_name...
Page 562 Simple Network Management Protocol (SNMP) Table B2-11. Configuration Parameter versus MIB Object Conﬁguration Parameter max_vcli min_unique_hostnames motd_ﬁle name_server_1 name_server_2 nameserver_broadcast network_turnaround node_id option_key password pref_dump_addr pref_load_addr pref_name1_addr pref_name2_addr pref_secure1_host pref_secure2_host rip_auth rip_routers routed rwhod security_broadcast server_capability subnet_mask B2-18 Name (continued) MIB Object anxMaxVcli anxMinUniqueHostNames...
Page 563 Table B2-11. Configuration Parameter versus MIB Object Conﬁguration Parameter syslog_facility syslog_host syslog_mask syslog_port tcp_keepalive tftp_dump_name tfpt_load_dir time_broadcast timezone_minuteswest vcli_password vcli_security zone 893-741-B Simple Network Management Protocol (SNMP) Name (continued) MIB Object anxSysLogFacility anxSysLogHost anxSysLogMask anxSysLogPort anxTcpKeepAlive anxTftpDumpName anxTftpDirName anxTimeBcast anxTimeZone anxVcliPassword anxVcliSecurity anxAppleTalkZone...
Page 564 Simple Network Management Protocol (SNMP) LAT-speciﬁc Conﬁguration Parameters versus MIB Objects Table B2-12 lists the LAT-speciﬁc conﬁguration parameters and the corresponding MIB object names. The string “.iso.org.dod.internet.private.enterprises.xylogics.annex.” precedes the MIB object name Table B2-12. LAT-speciﬁc Conﬁguration Parameters versus MIB Object LAT-speciﬁc na Parameter circuit_timer facility_num...
Page 565: Table B2-13. Lat Statistic Objects
LAT Statistic Objects Table B2-13 lists the LAT statistic objects; these objects provide the same information available in the CLI netstat command. The following string precedes the MIB object names: “.iso.org.dod.internet.private.enterprises.xylogics.annex.”. Table B2-13. LAT Statistic Objects MIB Object Name anxLatRecvRunMsgs anxLatXmitRunMsgs anxLatRecvSlots anxLatXmitSlots...
Page 566 MIB Object Name anxLatRecvSvcMsgs anxLatUsedSvcMsgs TMux-speciﬁc Model 5390 Parameters versus MIB Objects Table B2-14 lists the TMux-speciﬁc Model 5390 parameters and their corresponding MIB object names. The following string precedes the MIB object names: “.iso.org.dod.internet.private.enterprises.xylogics.annex.”. Table B2-14. TMux- speciﬁc Parameters versus MIB Objects...
Page 567 T1-speciﬁc Model 5390 Parameters versus MIB Objects Table B2-16 lists the T1-speciﬁc Model 5390 parameters and their corresponding MIB object names. The following string precedes the MIB object names: “.iso.org.dod.internet.private.enterprises.xylogics.annex.”. Table B2-16. T1- speciﬁc Parameters versus MIB Objects...
Page 568: Table B2-17. Interface Parameters Versus Mib Objects
Simple Network Management Protocol (SNMP) Interface Parameters versus MIB Objects Table B2-17 lists the interface parameters and the corresponding MIB object names. The string “.iso.org.dod.internet.mgmt.mib-2.interfaces.” precedes the MIB object names. Table B2-17. Interface Parameters versus MIB Objects Interface Parameter rip_accept rip_advertise rip_default_route rip_horizon...
Page 569: Table B2-18. Serial Port Parameters Versus Mib Object
Serial Port Parameters versus MIB Objects Table B2-18 lists the serial port parameters corresponding to the MIB object names. Table B2-19 lists the PPP and SLIP port parameters and the corresponding MIB object names. Table B2-16 lists the T1-speciﬁc parameters and the corresponding MIB object names. •...
Page 570 Simple Network Management Protocol (SNMP) Table B2-18. Serial Port Parameters versus MIB Object Serial Port Parameter cli_security connect_security control_lines data_bits forward_key line_erase location long_break dedicated_address dedicated_arguments dedicated_port echo erase_char erase_line erase_word forwarding_count forwarding_timer hardware_tabs imask_7bits inactivity_timer input_buffer_size input_ﬂow_control B2-26 Names (continued) MIB Object anxpCliSecurity anxpConnectSecurity...
Page 571 Table B2-18. Serial Port Parameters versus MIB Object Serial Port Parameter input_is_activity input_start_char input_stop_char ixany_ﬂow_control latb_enable map_to_lower map_to_upper max_session_count mode modem_var need_dsr newline_terminal net_inactivity net_inactivity_units output_ﬂow_control output_is_activity output_start_char output_stop_char parity phone_number port_password 893-741-B Simple Network Management Protocol (SNMP) Names (continued) MIB Object anxpInputIsActivity anxpInputStartChar...
Page 572 Simple Network Management Protocol (SNMP) Table B2-18. Serial Port Parameters versus MIB Object Serial Port Parameter port_server_security ppp_ipx_network ppp_ipx_node prompt ps_history_buffer redisplay_line reset_idle_time_on short_break tcp_keepalive speed stop_bits tcp_keepalive telnet_crlf telnet_escape term_var tn3270_printer_host tn3270_printer_name toggle_output type user_name B2-28 Names (continued) MIB Object anxpPortServerSecurity anxpPppIpxNetwork anxpPppIpxNode...
Page 573: Table B2-19. Ppp And Slip Port Parameters Versus Ib Objects
Table B2-19. PPP and SLIP Port Parameters versus IB Objects PPP/SLIP Port Parameter allow_compression dialup_addresses do_compression local_address metric ppp_acm ppp_mru ppp_ncp ppp_password_remote ppp_security_protocol ppp_username_remote remote_address slip_allow_dump slip_load_dump_host slip_mtu_size slip_no_icmp slip_ppp_security slip_tos subnet_mask 893-741-B Simple Network Management Protocol (SNMP) MIB Object anxpAllowCompression anxpPppDialupAddr anxpDoCompression...
Page 574 Simple Network Management Protocol (SNMP) B2-30 893-741-B...
Page 576 Part C Reference • Chapter C1, “na Commands” • Chapter C2, “Conﬁguration Parameters” • Chapter C3, “Using the CLI Commands” • Chapter C4, “Utilities” • Chapter C5, “Network Protocols”...
Page 577 NOTE: The na utility is stored on and accessed from a UNIX host. The Model 5390 server stores the parameters set using na in nonvolatile memory. After a reboot or a reset, the Model 5390 server updates its run-time parameters with the nonvolatile parameters changed by na.
Page 578: Command Notation
) returns you to the command prompt. CTRL-C Arguments for the na Commands Description A symbolic name or an IP address assigned to the Model 5390 server: 0xC0.0x9.0xC8.0x64 A list of one or more annex_identifiers separated by commas: support ,132.245.254.42,lab 132.245.254.38...
Page 579 An interface is the Model 5390 port over which a network protocol can run. Ethernet, SLIP, and PPP ports are interfaces; CLI and LAT ports are not. The name of the Ethernet interface is en0.
Page 580: Table C1-1. Arguments For The Na Commands
A list of one or more port_identifiers separated by semicolons. A port_set can include ports on different Model 5390 servers: 5@132.245.254.42;1-8@lab A list of one or more Model 5390 parameters and values separated by white space (space, tab, new line): pref_load_addr 132.245.254.66 pref_dump_addr 132.245.254.66...
Page 581 893-741-B The na Commands (continued) Description Deﬁnes a default administrative password used to communicate with the Model 5390 server. Deﬁnes a default port_set used with subsequent commands. Deﬁnes a default printer_set used with subsequent commands. Terminates na.
Page 582: Annex Command
Model 5390 servers you specify using the annex command become the default annex_list. You can group several Model 5390 servers into a single list, and then issue one command for the entire group of Model 5390 servers. The syntax is:...
Page 583: Boot Command
If the password is incorrect a second time, na drops the Model 5390 server from the annex_list. If the Model 5390 server in the list does not respond, na ignores that Model 5390 server and prints a status message: 132.245.6.1: Not responding...
Page 584: Table C1-3. Supported Arguments For The Boot Command
+2:15 indicates a boot will occur in two hours and ﬁfteen minutes. Speciﬁes the Model 5390 servers to be booted. If you do not include an annex_list, the command prompts for it. Pressing the Return key accepts the default annex_list.
Page 585: Broadcast Command
Shutting down for PM The Model 5390 server can request its boot ﬁle from a deﬁned preferred load host. If that host is not deﬁned, or does not respond, the Model 5390 server broadcasts its request and boots from the ﬁrst load host to respond.
Page 586: Copy Command
Command NOTE: The copy command requires superuser privileges. The copy command copies a given set of parameters from one Model 5390 server (or port) to another Model 5390 server (or port). Table C1-5 defines each copy command. The syntax is: copy annex annex_identiﬁer annex_list...
Page 587: Dumpboot Command
Diagnostic testing The Model 5390 server sends the dump to a deﬁned preferred dump host. If that host is not deﬁned or does not respond, the Model 5390 server broadcasts its dump request and dumps to the ﬁrst host that responds.
Page 588: Echo Command
If you do not enter a ﬁle name, the Model 5390 server prompts for one. Pressing the Return key at the prompt directs the Model 5390 server to boot the default ﬁle name. The Model 5390 server requests the boot ﬁle from a preferred load host if it is deﬁned and available;...
Page 589 Table C1-7. Argument syntax The help command_name display looks like this: command: help boot command: bootSyntax: boot [–adlq][[+][HH:][MM]]\ [<filename>] [<warning> The help parameter_name display looks like this: command: help timezone_minuteswest timezone_minuteswest (annex parameter): Minutes west of GMT: an integer Entering help followed by the first letter or first few letters of the command or parameter name displays all entries beginning with the string.
Page 590: Interface Command
The syntax is: interface interface_set | all If you do not identify a speciﬁc Model 5390 server using the @ symbol and a name or Internet address when entering the interface_set, all Model 5390 servers in the current annex_list are used.
Page 591: Port Command
[port | asynchronous] [port_set | keyword] If you do not identify a speciﬁc Model 5390 server using the @ symbol and a name or Internet address when entering the port_set, all Model 5390 servers in the current annex_list are used. A port_set referring to the default annex_list is updated if a new annex command is issued.
Page 592: Quit Command
The next example deﬁnes ports 1–5 on the same Model 5390 server as the default port_set: command: port 1–5@132.245.6.34 This example deﬁnes all but port 6 on every Model 5390 server in the default annex_ list: command: port 1–5,7–16 quit Command The quit command terminates the na program from a script file;...
Page 593: Read Command
If a script ﬁle was written from the Model 5390 server that had option_key enabled, and you are reading the ﬁle to the Model 5390 server on which option_key has not been enabled, delete the option_key and all related parameters from the script ﬁle before issuing a read.
Page 594: Reset Command
The reset command (available from na or admin) changes some of the current attributes of all the Model 5390 servers in the default annex_list without rebooting them. Unless you use the reset command, changes to configuration parameters for a specific port, virtual CLI connection, security, or name server become effective only after booting the Model 5390 server.
Page 595 The syntax is: reset annex [=annex_list] annex_subsystem reset interface [=interface_list | keyword] reset printer [=printer_port_list | keyword] reset [port |asynchronous] [=async_port_list | keyword] The allowed values for annex_subsystem are security, motd, nameserver, macros, dialout, modem_table, lat, syslog, and all. The reset t1 command resets the T1 engine and T1 statistics information. This command is used to change the T1 engine’s parameter conﬁguration.
Page 596: Table C1-9. Keywords For The Reset Command
Model 5390 conﬁguration ﬁle. Resets the LAT-speciﬁc Model 5390 parameters so that any future LAT circuits (connections) will use the new values; existing circuits will continue to use the old values.
Page 597: Set Command
Table C1-10. Keywords for the reset t1 Command Keyword soft hard set Command NOTE: The set command requires superuser privileges. The set command modifies Model 5390 configuration parameters: set annex set interface set [port | asynchronous] set t1 The syntax is:...
Page 598: Show Command
9600 data_bits 7 stop_bits 1 command:parity odd control_lines none type hardwired command:mode cli inactivity_timer 120 show Command The show command displays current Model 5390 server, interface, printer, or port parameters: show annex show interface show [port | asynchronous]...
Page 599: Table C1-11. Keywords For The Show Annex Command
Table C1-11. Keywords for the show annex Command Keyword appletalk generic nameserver router 893-741-B Parameters Displays all Model 5390 parameters. a_router, default_zone_list, node_id, zone inet_addr, subnet_mask, pref_load_addr, pref_dump_addr, load_broadcast, broadcast_addr, load_dump_gateway, load_dump_sequence, image_name, motd_ﬁle, conﬁg_ﬁle, authoritative_agent, routed, server_capability, disabled_modules, tftp_load_dir, tftp_dump_name, ipencap_type, ip_forward_broadcast, tcp_keepalive, option_key, output_ttl, session_limit ipx_frame_type, ipx_ﬁle_server, ipx_dump_username,...
Page 600: Table C1-12. Keywords For The Show Interface Command
na Commands Table C1-11. Keywords for the show annex Command (continued) Keyword security syslog time tmux vcli Table C1-12. Keywords for the show interface Command Keyword asyn asyn–n C1-24 Parameters enable_security, security_broadcast, pref_secur1_host, pref_secure2_host, network_turnaround, acp_key, password, allow_snmp_sets, loose_source_route, lock_enable, passwd_limit, chap_auth_name syslog_mask, syslog_facility, syslog_host, syslog_port time_broadcast, daylight_savings, timezone_minuteswest, time_server...
Page 601: Table C1-13. Keywords For The Show [Port | Asynchronous]
Table C1-13. Keywords for the show [port | asynchronous] Keyword appletalk editing ﬂow generic security serial 893-741-B Command Parameters Displays all asynchronous port parameters. at_guest, at_nodeid, at_security, arap_v42bis attn_string, echo, telnet_escape, telnet_crlf, map_to_lower, map_to_upper, char_erase, line_erase, hardware_tabs, erase_char, erase_word, erase_line, redisplay_line, toggle_output, newline_terminal control_lines, input_ﬂow_control, input_start_char, input_stop_char, output_ﬂow_control, output_start_char,...
Page 602: Table C1-14. Keywords For The Show T1 Command
na Commands Table C1-13. Keywords for the show [port | asynchronous] Keyword slip timers tn3270 Table C1-14. Keywords for the show t1 Command Keyword alarmsyslog bypass ring sigproto t1_info tdi_distance C1-26 Command (continued) Parameters local_address, remote_address, dialup_addresses, metric, slip_ppp_security, demand_dial, net_inactivity, phone_number, do_compression, allow_compression from the serial group and subnet_mask, slip_load_dump_host, slip_allow_dump, slip_mtu_size, slip_no_icmp, slip_tos...
Page 603 Table C1-14. Keywords for the show t1 Command (continued) Keyword tdi_framing tdi_line_code tni_circuit_id tni_clock tni_esf_fdl tni_framing tni_line_buildout tni_line_code tni_ones_density 893-741-B Description Displays the super frame format used on the T1 Drop/Insert Interface as d4 (super frame) or esf (extended super frame). The default is esf. Displays the T1 Drop/Insert Interface line code setting as either ami or b8zs.
Page 604: Write Command
You can modify this script file using any text editor. Use the write command either to back up the current Model 5390 conﬁguration or copy it to multiple Model 5390 servers. Once you write a script ﬁle, issuing the read command activates the Model 5390 parameter settings contained in the ﬁle (for more details, see read Command on page C1-17).
Page 605 The following example uses the write and read commands to install a new Model 5390 server and to create a backup copy of the Model 5390 server. The first line writes configuration data for the Model 5390 server thirdfloor to a file named thirdfloor.prm. The data from thirdfloor is copied to the new Model 5390 server specified in the annex_list defined using the annex command.
Page 606 na Commands C1-30 893-741-B...
Page 607: Entering Parameter Values
There are three ways in which you can configure and manage these parameters: • The host-based na utility sends requests to the Model 5390 server to read, set, reset, show, or copy conﬁguration parameters (see na Commands starting on page C1-1 for more details).
Page 608: Setting Parameters To Supplied Defaults
Setting Parameters to Supplied Defaults Each configuration parameter, except the Model 5390 server’s IP address, has a default value. Using the na command set, you can return any parameter to its default setting (for more details, see set Command on page C1-21). Depending on the parameter type, the syntax options are:...
Page 609 set annex annex_parameter default The set annex annex_parameter default command sets all other parameters. These parameters are set by choosing either an option from a known list or a yes/no response. For example, to set enable_security to its default, N, enter: command: set annex enable_security default Setting Interface Parameters To set an interface parameter to its default value, use the set interface command:...
Page 610: Parameter Descriptions
Setting All Parameters To set all of the Model 5390 parameters to the supplied defaults, use the ROM monitor erase command (for more information, refer to Installing the Model 5390 Communications Server). This command erases all parameters, including the Model 5390 server’s IP address. After issuing erase, you must reenter the Model 5390 server’s IP address and reconfigure the Model 5390 server.
Page 611: Table C2-1. Keywords For The Show Annex Command
893-741-B Keywords for the show annex Command Parameters Displays all Model 5390 parameters inet_addr, subnet_mask, pref_load_addr, pref_dump_addr, load_broadcast, broadcast_addr, load_dump_gateway, load_dump_sequence, image_name, motd_ﬁle, conﬁg_ﬁle, authoritative_agent, routed, server_capability, disabled_modules, tftp_load_dir, tftp_dump_name, ipencap_type, ip_forward_broadcast, tcp_keepalive, option_key, session_limit, output_ttl...
Page 612: Table C2-2. Keywords For The Show Interface Command
Conﬁguration Parameters Table C2-1. Keyword appletalk router tmux Table C2-2. Keyword asyn asyn–n C2-6 Keywords for the show annex Command (continued) Parameters lat_key, facility_num, server_name, sys_location, lat_queue_max, service_limit, keep_alive_timer, circuit_timer, retrans_limit, group_value, vcli_groups, multicast_timer a_router, default_zone_list, node_id, zone rip_routers, rip_auth ipx_ﬁle_server, ipx_frame_type, ipx_dump_username, ipx_dump_password, ipx_dump_path, ipx_do_checksum tmux_enable, tmux_max_host, tmux_delay,...
Page 613: Table C2-3. Keywords For The Show [Port | Asynchronous]
Table C2-3. Keyword generic ﬂow timers security editing serial slip 893-741-B Keywords for the show [port | asynchronous] Command Parameters Displays all asynchronous port parameters mode, location, type, term_var, prompt, cli_interface, speed, autobaud, data_bits, stop_bits, parity, max_session_count, allow_broadcast, broadcast_direction, imask_7bits, cli_imask7, ps_history_buffer, banner, tcp_keepalive, dedicated_address, dedicated_port, type_of_modem, default_session_mode, dedicated_arguments, backward_key, forward_key...
Page 614: Table C2-4. Keywords For The Show T1 Command
Conﬁguration Parameters Table C2-3. Keyword appletalk tn3270 Table C2-4. Keyword alarmsyslog bypass ring sigproto t1_info tdi_distance C2-8 Keywords for the show [port | asynchronous] Command (continued) Parameters ppp_acm, ppp_mru, ppp_security_protocol, ppp_ipx_network, ppp_ipx_node, ppp_username_remote, ppp_password_remote, ppp_ncp as well as the serial parameters local_address, remote_address, dialup_addresses, metric, slip_ppp_security, net_inactivity, phone_number, do_compression, allow_compression...
Page 615 Table C2-4. Keyword tdi_framing tdi_line_code tni_circuit_id tni_clock tni_esf_fdl tni_framing tni_line_buildout tni_line_code tni_ones_density The parameter descriptions that follow are in alphabetical order. The Software Reference starting on page D1-1 provides a series of tables that list the parameters in functional groupings. 893-741-B Keywords for the show t1 command (continued) Description...
Page 616: A_Router
Conﬁguration Parameters a_router The Ethernet address of the network’s A_Router. The Model 5390 server uses this value as a hint at startup. When a Routing Table Maintenance Protocol (RTMP) message arrives from this Ethernet address, the Model 5390 server gleans the AppleTalk DDP address from the packet and tries to talk to the AppleTalk router.
Page 617: Allow_Snmp_Sets
SNMP set commands. When disabled, the Model 5390 server rejects all SNMP set commands; the Model 5390 SNMP agent returns the error no such name for the ﬁrst object in the set command. A Y enables this parameter, an N disables it. The default is N.
Page 618: Authoritative_Agent
This asynchronous port parameter specifies the LAT protocol remote group codes that are accessible to users on a given Model 5390 port. You can enter all, none, a series of numbers between 0 and 255 separated by commas (for example, 1, 5,7) or a range of numbers between 0 and 255 separated by dashes (for example, 1–5,200–255) followed by enabled or disabled.
Page 619: Broadcast_Addr
And you set the host portion of the broadcast address to all 1-bits. Finally, you can set a limited broadcast address of 255.255.255.255 that reaches all nodes on the subnet. However, if you have more than one subnet on the same physical cable, the Model 5390 893-741-B C2-13...
Page 620: Broadcast_Direction
If you specify network, the Model 5390 server sends administrative broadcast messages out the network side of the connection to the initiator. If you specify port, the Model 5390 server sends broadcast messages out the port side of the connection.
Page 621: Char_Erase
Conﬁguration Parameters char_erase When this asynchronous port parameter is enabled, the Model 5390 server echoes both the character erase and the word erase characters for a video terminal; that is, the previous character (or word) looks as if it has been erased. A Y enables this parameter, an N disables it. The default is Y.
Page 622: Cli_Inactivity
Entering 0 disables the timer; entering 255 causes the Model 5390 server to disconnect as soon as it exits from its last job. Entering immediate causes the Model 5390 server to hang up the port immediately after exiting the last job.
Page 623: Cli_Interface
This Model 5390 parameter deﬁnes the Model 5390 server prompt for all CLI users. This parameter uses formatting codes consisting of the percent character (%) and a single lowercase letter. You can combine up to 16 of these codes (for example, %a%c). You can also enter text that will appear in the prompt as long as the entry as a whole does not exceed 32 characters.
Page 624: Connect_Security
NOTE: When cli_security is enabled, the Model 5390 server logs PPP/SLIP logins/logouts to the acp_logﬁle. conﬁg_ﬁle This Model 5390 parameter deﬁnes the ﬁle name for the conﬁguration ﬁle maintained on the load host. This ﬁle contains information about gateways, rotaries, macros, and services; it must reside in the directory /usr/spool/erpcd/bfs.
Page 625: Dedicated_Address
This Model 5390 parameter deﬁnes the daylight savings time for your geographic location. The Model 5390 server uses this parameter to adjust the time display for daylight savings time. Valid options are us, australian, british, canadian, east_european, mid_european, west_european, and none;...
Page 626: Dedicated_Arguments
TCP. Otherwise, the Model 5390 server uses telnet. default_zone_list This Model 5390 parameter contains the zone list that is sent to AppleTalk clients if an ACP failure occurs. The string size ranges from 1 to 100 characters. You must use spaces to separate zone names (for example, general engineering lab).
Page 627: Default_Session_Mode
The default is interactive. dialup_addresses This asynchronous port parameter enables the Model 5390 server to request an end point address from the host-based security server based on a user’s login and/or port number. This parameter works only when the mode parameter is set to slip or ppp. A Y enables this parameter, an N disables it.
Page 628: Do_Compression
The default is N. echo This asynchronous port parameter directs the Model 5390 server to echo all characters as a user types. This echo occurs only at the CLI level. A Y enables this parameter, an N disables it. The default is Y.
Page 629: Enable_Security
The default is CTRL-W (^W) facility_num This Model 5390 parameter identiﬁes a LAT host by number. Allowable values range from 0 to 32767. The default value is 0. forward_key This asynchronous port parameter speciﬁes a character or string that reopens the next available, higher numbered session already established at your port.
Page 630: Forwarding_Count
Model 5390 server forwards received data. If new data arrives before the timer expires, the Model 5390 server resets the timer. Allowable values range from 0 to 255 or off. The default is 5 (50 ms); if you set the value to 0, the Model 5390 server uses 5.
Page 631: Hardware_Tabs (Asynchronous)
0 to 255. Entering 255 allows an unlimited number of entries; entering 254 indicates that there is no host table. In this case, the Model 5390 server requires a name server to resolve every host name. The default is 64.
Page 632: Inactivity_Timer
Conﬁguration Parameters imask_7bits This asynchronous port parameter enables the Model 5390 server to mask input to seven bits. When disabled, the Model 5390 server expects eight-bit ASCII input. This parameter has no effect on transmitted characters. A Y enables this parameter, an N disables it. The default is N.
Page 633: Input_Flow_Control
This asynchronous port parameter deﬁnes activity as input. When enabled, the Model 5390 server sets the inactivity timer when it receives input at the port. A Y enables this parameter, an N disables it. The default is Y.
Page 634: Ip_Forward_Broadcast
The default is ethernet. ip_forward_broadcast This Model 5390 parameter allows the Model 5390 server to broadcast a packet to the SLIP or PPP interfaces. When the Model 5390 server receives a packet sent to a broadcast address (except 0.0.0.0 and 255.255.255.255), it scans the list of installed interfaces and matches the broadcast address...
Page 635: Ipx_Dump_Password
This Model 5390 parameter contains a user password for logging on to the Novell ﬁle server before the Model 5390 server sends a dump ﬁle to the server. The string size ranges from 0 to 16 characters. The default is “<unset>”.
Page 636: Keep_Alive_Timer
N. keep_alive_timer This Model 5390 parameter deﬁnes the number of seconds between the transmission of identiﬁcation packets during times of network inactivity. This parameter works only for the LAT protocol. The packets serve only as notices to remote nodes that the host’s services are available. Allowable values range from 10 to 255 (seconds).
Page 637: Lat_Queue_Max
This Model 5390 parameter restricts access to LAT-related Model 5390 commands, parameters, functions, and the LAT protocol within the Model 5390 server. Each Model 5390 requires a unique key value (contact your supplier to obtain a LAT key). After setting the key, your system administrator must reboot the Model 5390 server.
Page 638: Load_Dump_Sequence
This Model 5390 parameter speciﬁes the gateway’s IP address. A gateway is required if the preferred load or dump host is on a different network or subnet than the Model 5390 server. The default is 0.0.0.0 (no gateway). load_dump_sequence This Model 5390 parameter speciﬁes available network interfaces (Ethernet, SLIP, or self) and the order...
Page 639: Local_Address
This asynchronous port parameter deﬁnes the IP address for the asynchronous port on the Model 5390 server side of the link. This IP address is used only when the mode parameter is set to slip or ppp. The default is 0.0.0.0.
Page 640: Login_Port_Password
This Model 5390 parameter speciﬁes the password for all ports using a VMS interface. The string size ranges from 0 to 16 characters. For security reasons, the Model 5390 server displays this value as “<set>” or “<unset>.” The default is “<unset>.”...
Page 641: Loose_Source_Route
Routing and Record or Loose Source Routing and Record options set. The Model 5390 server accepts these packets only if the Model 5390 server itself is the ultimate destination. If the packets are not addressed to the Model 5390 server, they are dropped and the Model 5390 server sends an ICMP type Destination Unreachable message with a code of Source Route Failed to the originator.
Page 642: Map_To_Lower
This asynchronous port parameter enables the Model 5390 server to convert uppercase characters sent from a terminal into lowercase characters. This conversion occurs only at the CLI level. Enable this parameter for older terminals that do not support lower case characters. A Y enables this parameter, an N disables it.
Page 643: Map_To_Upper (Asynchronous)
Modify this parameter only if you want the Model 5390 server to use a route other than the SLIP or PPP interfaces to the remote end. Allowable values are 1 to 15. The default is 1.
Page 644: Table C2-10. Valid Options For The Mode Parameter
Conﬁguration Parameters through the Model 5390 server to the device. Table C2-10 describes the valid options; the default is cli. Table C2-10. Valid Options for the mode Parameter Option adaptive arap auto_adapt auto_detect connect dedicated C2-38 Description Allows a port to have both slave and cli capabilities. If a connection is initiated on the serial side, the port enters cli mode;...
Page 645: Mop_Password
This Model 5390 parameter contains the MOP maintenance password. In this 8-byte password, each byte consists of two hexadecimal digits. The string size ranges from 0 to 16 characters. For security reasons, the Model 5390 server displays values as “<set>” or “<unset>.” The default is “<unset>.” motd_ﬁle This Model 5390 parameter deﬁnes the ﬁle name for the message-of-the-day ﬁle maintained on the...
Page 646: Nameserver_Broadcast
The Model 5390 server will not allow connection to a slave port and will not activate the CLI until the DSR signal is active. If DSR is deactivated, the connection to a slave line is terminated and the CLI is deactivated.
Page 647: Net_Inactivity_Units
When disabled, the DSR signal is not required to connect to a slave line, and DSR is not required to activate a CLI line (see Modem Signals on page A6-1 for details on using need_dsr in conjunction with modem control). DSR is always considered active on ports that do not have a DSR signal (ports with partial modem control lines).
Page 648: Network_Turnaround
This Model 5390 parameter speciﬁes the address the Model 5390 server tries to acquire at startup. If this address is in use, the Model 5390 server must acquire a new node ID. The node_id is an AppleTalk address in the form net.node. Valid net values are 0 to 65534; valid node values are 0 to 254.
Page 649: Output_Flow_Control
These features are available separately or in any combination. Each Model 5390 server requires a unique key value for the feature(s) you choose; contact your supplier to obtain an option_key value. output _ flow _ control This asynchronous port parameter deﬁnes the method that a device uses to stop output from the Model 5390 server.
Page 650: Output_Start_Char
Conﬁguration Parameters Model 5390 server also places an entry in the who table. A Y enables this parameter, an N disables it. The default is N. output _ start _ char This asynchronous port parameter deﬁnes the control character sequence that restarts output if output_ﬂow_control is set to start/stop.
Page 651: Passwd_Limit
This Model 5390 parameter deﬁnes the maximum number of times a user can try to enter a password before the Model 5390 server resets the port. Entering zero (0) sets the limit to 3. Allowable values range from 0 to 10 (entering 0 sets the value to the default). The default is 3.
Page 652: Port_Server_Security
The Model 5390 server requests the ppp_acm parameter as its local mask. If the peer rejects ppp_acm, the Model 5390 server accepts the hint if it is a superset of the Model 5390 server’s mask; otherwise, it uses the PPP default of 0xFFFFFFFF. The Model 5390 server accepts any mask from the peer.
Page 653: Ppp_Ipx_Network
This asynchronous port parameter is a string of 12 hexadecimal digits representing the six-byte, nonzero node number the Model 5390 server suggests for the node number of the remote PC client on an IPXCP (IPX over PPP) link. Valid values are 000000000000 to FFFFFFFFFFFE, except for multicast addresses.
Page 654: Ppp_Security_Protocol
ﬁle, if that ﬁeld is conﬁgured correctly. If the node number is not set in acp_dialup or through the ppp_ipx_node parameter, and no value is suggested by the client, the Model 5390 server uses its own Ethernet address plus one (1).
Page 655: Ppp_Username_Remote
The default is a null string (""). pref_dump_addr This Model 5390 parameter speciﬁes the IP address for the preferred dump host. This is the host to which the Model 5390 server ﬁrst tries to dump. The default is 0.0.0.0.
Page 656: Pref_Secure1_Host
Y. The default is 0.0.0.0. pref_secure2_host This Model 5390 parameter speciﬁes the IP address of the host that is the backup server if the host speciﬁed in pref_secure1_host is not available. This parameter works only if the enable_security parameter is set to Y.
Page 657: Ps_History_Buffer
String sizes smaller than 32 characters are rejected as bad values if they cannot be stored into 16 characters in nonvolatile memory after the formatting codes are compressed into single characters. Table C2-5 on page C2-17 lists and describes these codes. The Model 5390 server cli_prompt parameter deﬁnes the default prompt.
Page 658: Retrans_Limit
Conﬁguration Parameters retrans_limit This Model 5390 parameter deﬁnes the number of times the Model 5390 server retransmits a packet before notifying the LAT user about a network failure. Allowable values range from 4 to 120. The default value is 8.
Page 659: Rip_Default_Route
This Model 5390 parameter contains the password that controls authentication for RIP packets. The string size ranges from 0 to 16 characters. The Model 5390 server displays this parameter’s value as “<set>” if a password is entered or “<unset>” if a null string is entered. When “<unset>,”...
Page 660: Rip_Recv_Version
This Model 5390 parameter lets you force RIP to direct periodic RIP updates to a router list rather than broadcasting updates. Valid values are the IP addresses of up to eight directly reachable routers. The Model 5390 server ignores any address that is not on an attached subnet. Specifying the default, all, restores broadcasting.
Page 661: Routed
Model 5390 server performs active RIP routing only if the option_key parameter is set to the correct value. If option_key is not set correctly, the Model 5390 server performs only passive RIP routing when the daemon is enabled. When disabled, no RIP routing occurs. A Y enables this parameter, an N disables it.
Page 662: Security_Broadcast
N disables it. The default is Y. server_capability This Model 5390 parameter deﬁnes the Model 5390 server as a ﬁle server host. The Model 5390 server can provide operational code only for another Model 5390 server. Table C2-17 describes the valid options;...
Page 663: Service_Limit
When the table is full, the Model 5390 server removes the service that has been idle longest. If all services are busy and the table is full, the Model 5390 server discards a new service. Allowable values range from 16 to 2048. The default is 256.
Page 664: Slip_Allow_Dump
Conﬁguration Parameters slip_allow_dump This asynchronous port parameter enables the Model 5390 server to dump its operational code across a SLIP link. A Y enables this parameter, an N disables it. The default is Y. C2-58 893-741-B...
Page 665: Slip_Load_Dump_Host
This asynchronous port parameter deﬁnes the IP address of the host from which the Model 5390 server receives a load or to which the Model 5390 server sends dumps over the SLIP interface. If the load_dump_sequence parameter is set to slnn, you must enter a valid address here. This parameter’s value overrides values in pref_load_addr and pref_dump_addr.
Page 666: Subnet_Mask (Port)
1, 1.5, or 2. The default is 1. subnet_mask (Model 5390) This Model 5390 parameter deﬁnes the Model 5390 IP subnet mask. It is used to divide a network into subnets. The parameter’s default is based on the network portion of the Model 5390 IP address.
Page 667: Syslog_Facility
(deﬁned by syslog_mask). syslog_host This Model 5390 parameter deﬁnes the IP address of the host that logs Model 5390 messages. The default, 0.0.0.0, causes the Model 5390 server to broadcast its log messages.
Page 668: Tcp_Keepalive (Asynchronous)
ASCII characters. tcp_keepalive (Model 5390) This Model 5390 parameter speciﬁes the length of time a TCP connection must be idle before the Model 5390 server sends keep-alive messages. A keep-alive message contains no data but solicits an acknowledgment from the other end of a connection to determine whether the connection is still active.
Page 669: Telnet_Crlf
This asynchronous port parameter identiﬁes the type of terminal using the CLI connection. You must enter a valid terminal type for the host.The Model 5390 server passes the terminal type setting to the host. The string size ranges from 0 to 16 characters. The default is a null string ("").
Page 670: Time_Broadcast
This Model 5390 parameter defines the string that precedes all files (the image name, configuration, and motd files are examples) when you boot the Model 5390 server via tftp. This string’s value is determined by the system serving the tftp requests. This string does not precede the tftp_dump_name.
Page 671: Timezone_Minuteswest
This Model 5390 parameter deﬁnes the time zone in which the Model 5390 server resides. Enter a positive number of minutes for time zones west of GMT, or a negative number for time zones east of GMT. For example, enter 300 for U.S. Eastern Standard Time, which is ﬁve hours west of GMT, or -60 for Paris, which is one hour east of GMT.
Page 672: Tni_Circuit_Id
Conﬁguration Parameters tmux_max_mpx This Model 5390 parameter speciﬁes the largest user packet that can be placed in a TMux packet. The Model 5390 server does not multiplex larger packets, but passes them directly to the IP layer. Allowable values are 5 through 65535; the default is 700.
Page 673: Type (Asynchronous)
This asynchronous port parameter affects the operation of two portions of the Model 5390 code: the who database (the data set that the Model 5390 server queries when the CLI who command is issued or when the Model 5390 server is ﬁngered from a remote host) and the action of dedicated ports.
Page 674: Type_Of_Modem
This asynchronous port parameter deﬁnes a 16-byte string that speciﬁes the modem type connected to the port. The modem type indexes a modem description table that is loaded into the Model 5390 server at boot time. This string must match the type_of_modem ﬁeld in the modem section of the last read conﬁguration ﬁle;...
Page 675: Vcli_Password
This Model 5390 parameter deﬁnes a password required for virtual CLI connections to the Model 5390 server. The string size ranges from 0 to 15 characters. This parameter is useful for local password protection and as a backup to host-based security. For local password protection, set the enable_security parameter to Y, set the vcli_security parameter to N, and deﬁne a password for...
Page 676 Conﬁguration Parameters C2-70 893-741-B...
Page 677: Squelch
If six consecutive CLI errors occur within six seconds (for example, an invalid command, noise on the line, etc.), the Model 5390 server triggers a squelch, that is, stops all I/O for approximately four seconds after receiving the sixth error. Pressing Return after this period of time returns you to the CLI prompt.
Page 678 To access the superuser CLI commands, issue the su command at the user CLI prompt and enter the Model 5390 administrative (su) password (for more details on the superuser password, see su on page C3-71). The default superuser prompt is a # symbol instead of a colon:...
Page 679: Table C3-1. Cli Commands
Sends ICMP Echo Request packets to a host. user Converts a CLI port to a PPP interface port. superuser Displays processes at the Model 5390 server. user Displays information about queued HIC requests or removes a particular HIC request from the queue.
Page 680 Telnet protocol. This command is available only if the network administrator has set the option_key parameter to the correct value. superuser Connects to the speciﬁed host using the TSTTY protocol. user Displays Model 5390 users. 893-741-B...
Page 681: Table C3-2. Nonprivileged Model 5390 Vms Commands
If the option_key parameter is enabled for the Model 5390 interface for VMS environments, you will also have access to the non-privileged and privileged VMS commands listed in Table C3-2 and Table C3-3. For more details on these commands, refer to the Interface for VMS Environments Administrator’s Guide and the Interface for VMS Environments User’s Guide.
Page 682 Speciﬁes handling of the Break key during a session. Speciﬁes the number of bits in data characters exchanged between the port and the Model 5390 server. Indicates CLI behavior as related to logging in, passwords, inactivity timers and the port default prompt.
Page 683 893-741-B Privileged Model 5390 VMS Commands (continued) Description Speciﬁes ﬂow control. Determines if the communications sever automatically logs out of a port after a period of inactivity. Speciﬁes input ﬂow control.
Page 684 Limits the number of connected sessions on the port. Speciﬁes the port speed in bits per second. Tells the Model 5390 server to use 1, 1.5, or 2 stop bits when outputting a character. Deﬁnes or changes the type of terminal connected to your port, the ports speciﬁed in the...
Page 685 893-741-B Privileged Model 5390 VMS Commands (continued) Description Speciﬁes a facility number for the Model 5390 server. Speciﬁes the number of times a user can try to enter the correct password for any password-protected Model 5390 operation.
Page 686: Admin
These CLI admin commands function like their na counterparts, with the following exceptions: • CLI admin commands work only on the local Model 5390 server. • When issuing admin with command line arguments (not as a subsystem) you must include the port_set.
Page 687 The show command displays the Model 5390, port, or printer parameter values for the local Model 5390 server. If there are more than 24 lines of information to display, a more prompt appears after the 24th line. Pressing q for quit returns to the admin prompt; the attention character terminates the admin session;...
Page 688: Arap
The superuser arp command displays and, optionally, modifies the IP-to-hardware address translation table used by the Address Resolution Protocol (ARP). Because the Model 5390 server builds the ARP table dynamically, you rarely need to modify it. Table C3-5 defines the arguments for this command.
Page 689: Table C3-5. Arguments For The Superuser Arp Command
CLI command that created it, and an ampersand (&) to indicate that the job is in the background. The Model 5390 server forwards output generated by the background job to the terminal, if another job is active. If another job is not active, the output is held until you activate a job by issuing the fg command.
Page 690: Boot
The superuser boot command reboots the Model 5390 server and, optionally, produces a dump of the Model 5390 operational code. You can set a time at which the boot is to take place. The boot command also sends a warning message to users attached to the Model 5390 server. Table C3-7 describes the arguments for boot.
Page 691 –l –q –r time ﬁlename warning The following command line requests that the Model 5390 server reboot an hour and ﬁfteen minutes from the time of entry: annex# boot +1:15 bootfile: <cr> warning: Shutting down for PM 893-741-B Arguments for the boot Command (continued) Causes a diagnostics boot.
Page 692: Connect
Using the CLI Commands The Model 5390 server can request its boot ﬁle from a deﬁned preferred load host. If that host is not deﬁned, or does not respond, the Model 5390 server broadcasts its request and boots from the ﬁrst load host to respond (assuming the load_broadcast parameter is set to Y).
Page 693: Control
Entering connect with the service, hostname, and port causes the Model 5390 server to attempt to connect to that service on that port on that host.
Page 694: Table C3-8. Arguments For The Superuser Control Command
The source_filename is the file to be copied; the destination_filename is the new file. The Model 5390 server overwrites the destination file if it exists; it reports an error if the source file does not exist. C3-18 Arguments for the Superuser control Command Speciﬁes the port;...
Page 695: Dialout
NOTE: Only ROM revisions 0600 and greater with the self-boot option installed support this command. dialout The superuser dialout command displays the current dial-out database. The syntax is: dialout [–l] route_name Issuing the dialout command displays the dial-out routes and chat scripts. For example: annex# dialout Route do1: local...
Page 696: Filter
The fg (foreground) command resumes a job that has been suspended or placed in the background. If the Model 5390 server saved any output from the host while the job was interrupted, the output appears on the terminal immediately after reconnecting. Otherwise, nothing appears until you enter a carriage return.
Page 697 %hostname ﬁlter The superuser ﬁlter command allows you to ﬁlter the trafﬁc that crosses the Model 5390 server. It affects both the currently running conﬁguration and the conﬁguration stored in non-volatile memory. The ﬁlter command has eight subcommands: add, list, enable, disable, delete, help, usage, and quit.
Page 698: Hangup
Using the CLI Commands If you use the ﬁrst syntax, the Model 5390 server enters the ﬁltering subsystem and displays the ﬁlter prompt. At this prompt, you can issue any of the eight subcommands. You return to the CLI prompt from the subsystem by issuing the quit subcommand.
Page 699: Help –M
CLI commands and macros available on the current port. help –m The superuser help –m command displays a list of all macros and their assigned port_set for that Model 5390 server. The syntax is: help –m [macro_name] The help –m display looks like this: 5390_01# help –m...
Page 700: Hosts
Other restrictions may apply. hosts The hosts command displays the names and addresses of hosts and other Model 5390 servers listed in the Model 5390 host table (known hosts). The command also displays any status information that a host broadcasts. Table C3-10 describes the arguments for hosts; Table C3-11 describes the status ﬁeld in the hosts command display.
Page 701: Table C3-10. Arguments For The Hosts Command
? 2.01 Displays only the names of known hosts. Displays data from the Model 5390 list of name server hosts, rather than the list of all hosts, as well as the default domain and domain search list contents. Displays information for host. Specify host as a name or an IP address.
Page 702: Hosts
Displays only the names of known hosts. Adds new name servers to the name server table; these entries are not saved in non-volatile memory and are lost when the Model 5390 server is rebooted. The syntax is: hosts –an host [protocol [max_retry [time-out_retry [base [multiplier]]]]] All omitted values are set to defaults: time-out_retry is measured in minutes;...
Page 703: Jobs
IPX administrators to take full advantage of security features such as SecurID and Enigma. When a Fastlink II user in terminal mode logs into the Model 5390 CLI port, the Model 5390 server authenticates the user according to the value of the cli_security parameter and the conﬁguration of Model 5390 security parameters.
Page 704: Lock
The lock command blanks the screen and prompts the user to enter a password when any attempt is made to access the Model 5390 server. Access to the port is denied until the user enters the correct password required to unlock the port.The syntax is: lock [time-out] A Key prompt appears after the port is locked and remains until you enter the correct password.
Page 705 Model 5390 server from the terminal connected to the console port. For example: annex: lock 60 Entering the Model 5390 server’s administrative password, or resetting the port, unlocks the console port. The superuser ls command displays the image name along with revision information for the operational image stored in the self-boot ROM.
Page 706: Modem
The superuser modem command lists the modem types supported by the Model 5390 server. The Model 5390 server supports a modem type if it is deﬁned in the modem section of the conﬁguration ﬁle and at least one of the Model 5390 ports has the conﬁguration parameter type_of_modem set to that modem type.
Page 707: More
The superuser mv command renames a file in the local file system. The syntax is: mv source_ﬁlename destination_ﬁlename The source_filename is the existing file; the destination_filename is the new file. The Model 5390 server overwrites the destination file if it exists; it reports an error if the source file does not exist.
Page 708: Netstat
The display format varies according to the options selected and the network protocols implemented for the Model 5390 server (see Displaying Network Statistics on page B1-1 for sample display formats). Entering netstat without arguments displays the local and remote addresses, the send and receive queue sizes (in bytes), the protocol, and the internal state of the protocol for all active connections.
Page 709: Table C3-14. Arguments For The Netstat Command
Displays the contents of the route cache. Displays the state of the hardware interfaces, e.g., AppleTalk, SLIP, PPP, as well as a dial-out route’s interface name. Displays statistics for a speciﬁc Model 5390 ARA interface. Displays the current state of a PPP interface. Displays interface queues.
Page 710: Displays The Network Zone List For Appletalk
Displays information about the amount of memory available in the large and small IPX buffer pools. Displays the routes deﬁned in the Model 5390 IPX routing table. Displays the Model 5390 route for that network. Displays server names, types, and addresses.
Page 711: Passwd
Use the superuser ping (packet internet groper) command to determine whether a remote host, router, or Model 5390 server can be reached and to view statistics about packet loss and delivery time. The ping command sends an Internet Control Message Protocol (ICMP) Echo Request message to elicit an ICMP Echo Response from the specified host, router, or Model 5390 server.
Page 712: Table C3-15. Arguments For The Superuser Ping Command
Displays the IP and ICMP packet headers for the reply from the host. The host, router, or Model 5390 to which the ping is sent. The number of bytes of data in the ICMP Echo Request message. The default is 56.
Page 713 Using the CLI Commands Each Echo Request includes a timestamp if the number of data bytes is greater than eight. This timestamp calculates the round-trip time and is returned unchanged in the Echo Response. The default packet size is 64 bytes, 56 of which are data and 8 are header. You can change the number of data bytes using the databytes argument.
Page 714: Sample Displays Using The –A And –V Options
Using the CLI Commands Sample Displays Using the –a and –v Options The following is a sample ping –a display for a Macintosh: annex# ping –a 03fe.88 PING xenna: 56 data bytes ---- zinc PING Statistics ---- 64 bytes from 03fe.88: aep_seq=0. time=7. ms 64 bytes from 03fe.88: aep_seq=1.
Page 715: Using The –T (Traceroute) Option
Using the –t (traceroute) Option The ping –t command sends only one ICMP Echo Request. This request, called the outbound packet, contains an IP traceroute option and a traceroute hop count of zero. If an outbound packet crosses routers on the path to its destination, each router increments the hop count by one, forwards the packet, if possible, and returns a traceroute message to the originator (Figure C3-1 illustrates an outbound packet that crosses two routers).
Page 716: Table C3-16. Fields Displayed By The Ping -T Option
Using the CLI Commands Using the information carried in the outbound packet, along with the return packet and the traceroute messages, ping –t displays the path of the packets and the characteristics of the routing interfaces along the way and back. And, if a packet cannot be forwarded, ping –t locates the failure. Table C3-16 describes the ﬁelds displayed by ping –t.
Page 717: Figure C3-2. Topology For Ping -T Examples
ping -t source Figure C3-2. Topology for ping –t Examples Given the topology in Figure C3-2, the ping –t command displays output such as the following when a traceroute packet passes successfully to the ping –t destination and back (see Table C3-17). NOTE: The line numbers at the right of this example are for reference only;...
Page 718: Table C3-17. The Ping -T Command Display
Using the CLI Commands annex# ping –t 132.254.33.4 PING hobbes: 56 data bytes line 1 >>> >>> <<< <<< 64 bytes from 132.254.33.4: time=10. ms Table C3-17. The ping –t Command Display Line line 1 line 2 line 3 line 4 line 5 C3-42 Router...
Page 719 >>> The ppp command allows a user at a remote host to dial into a modem attached to the Model 5390 server and convert the CLI port to a PPP interface. Resetting the port returns it to CLI mode. The...
Page 720: Procs
The superuser procs command displays information about Model 5390 processes in a tabular format. It is used for debugging Annex software. Table C3-18 describes the arguments for procs; Table C3-19 describes the fields in the procs command display; and Table C3-20 describes the Model 5390-specific processes.
Page 721: Table C3-19. The Superuser Procs Command Display
Table C3-19. The Superuser procs Command Display Command PPID STACK SSIZ USPTR CTIME CPU TIME NAME 893-741-B Description Process ID in decimal. Parent process ID in decimal. Status: S (sleeping), W (semaphore wait), R (runable), X (executing—always the CLI process executing procs), E (event wait), and Z (zombie, waiting for parent to collect exit status).
Page 722: Table C3-20. Model 5390 Processes
Using the CLI Commands Table C3-20. Model 5390 Processes Process adm_timer connect_rdr connect_wtr dp_mon erpcd ﬁngerd_lis line_adm arap atalkd netdattimer ping p_srvr_conv reset_mach rlogin_rdr rlogin_wtr root routed rwhod slip snmpd C3-46 Purpose Watches serial ports for activity (idle timer, inactivity timer).
Page 723: Queue
Table C3-20. Model 5390 Processes (continued) Process syslog_port telnet_cmd telnet_rdr telnetd_lis telnetd_rdr telnetd_wri timed watcher queue The queue command displays information about queued HIC requests or removes a particular HIC request from the queue. It is available only after LAT is conﬁgured. Table C3-21 describes the arguments for queue.
Page 724 Using the CLI Commands Entering the command without arguments displays all of the requests in the queue. For each entry, queue displays: • The service_name and the port_number requested (if speciﬁed). • Host requesting the service. • The entry_id assigned to each queued request. •...
Page 725: Rlogin
The following example shows a display using queue –h host_name: annex: queue –h vax_marketing position in queue host (from) The following example shows a display using queue –r entry_id: annex: queue –r 538 Entry 538: removed The following example shows a display using queue –v: annex: queue –v Service Name TERMINAL...
Page 726: Route
The superuser rm command deletes one or more files in the local file system. The syntax is: rm ﬁlename ... The Model 5390 server reports an error if a speciﬁed ﬁle does not exist, and continues with the next ﬁle name in the list.
Page 727: Table C3-22. Arguments For The Superuser Route Command
An interface route is a route to a network directly connected to the Model 5390 server. Model 5390 RIP automatically enters these routes into the routing cache and table. Flushes all routes from the routing table and cache.
Page 728: Services
Using the CLI Commands services The services command displays information about available LAT services that have been advertised by LAT hosts. The format of this display depends on the arguments and information that you supply on the command line. Table C3-23 describes the arguments for services; Table C3-24 describes the command display.
Page 729 If multiple services have the same name, the summary includes only the service of the highest rating. For example: annex: services Local Server Name : ALPHA Service Name Host Status TERMINAL Reachable DA08 Unreachable LAT_00802D0018B6 Reachable WPVAX Reachable The following example displays services –v: annex: services –v terminal Local Server Name: ALPHA Service Name : TERMINAL...
Page 730: Slip
Host Status Facility Number slip The slip command allows a user at a remote host to dial into a modem attached to the Model 5390 server and convert the CLI port to a SLIP interface. The syntax is: slip The command display looks like this:...
Page 731: Stats
Resetting the port returns it to CLI mode. You cannot use the minimum uniqueness feature with the slip command. stats The stats command displays Model 5390 statistics. Table C3-25 describes the arguments for stats. The syntax is: stats [–sm [ports][time] |[–op] Table C3-25.
Page 732 Using the CLI Commands NOTE: If you specify a time interval, the Model 5390 server ignores an attention string that contains multiple characters. The stats command display looks like this: stats annex: S/W Version: Remote Access R10.1 Build #2: Thu Sep 14 20:37:27 EDT 1995 H/W: Remote Annex 4000 Comm: eth-aui&twi/64asy/1par...
Page 733: Stats –C
The stats –m command displays statistics for active control lines and displays the modem controls for all active and inactive control lines rather than displaying idle. 5390_01# stats –m P# Control 64 cts RTS DTR The stats –o command displays the status of the server-keyed options and the disabled modules: 5390_01# stats –o KEYED OPTIONS: dialout/RIP/filtering: keyed off...
Page 734: Stats –T
Using the CLI Commands stats –T The stats -T command displays T1 network interface statistics for the Model 5390 server. Table C3-26 describes the arguments for stats -T. The syntax is: stats -T [ current | total | all | interval_set | clear_alarm ] Table C3-26.
Page 735: Table C3-27. The Stats -T Command Display
The stats -T current command display looks like this: annex# stats -T current alarm history:[no blue no red no yellow], Fri July 28 16:48:37 19 Alarms: engine: serial number: 0811 circuit ID: T1 info: unit ID: XYLOGICS T1-ENGINE 085234 Rev. A 07/19/95 6343 loopback mode: No loopback uptime: 69:07:49 number of valid seconds: bursty errored seconds (ESF only):0...
Page 736 Using the CLI Commands Table C3-27. The stats -T Command Display (continued) Field Blue Alarm Red Alarm Yellow Alarm Loopback Online Up Time C3-60 Description When the Blue Alarm is true, the T1 engine is receiving AIS (all ones unframed) from the network. When the Blue alarm is false, the T1 engine is not receiving AIS.
Page 737 Table C3-27. The stats -T Command Display (continued) Field Serial Number Circuit ID Unit ID DII Sync Interval Number of Valid Seconds Number of 15-minute Periods Bursty Errored Seconds Controlled Slip Seconds Errored Seconds 893-741-B Description The T1 engine’s serial number. The T1 engine’s Circuit ID displayed from the tni_circuit_id parameter.
Page 738: Stty
Using the CLI Commands Table C3-27. The stats -T Command Display (continued) Field Severely Errored Seconds Unavailable Seconds Out of Frame Errors BiPolar Violations CRC Errors Controlled Slips Receive Network Alarm Seconds stty Using the stty command, which is similar to the UNIX stty command, you can display and change port parameters that control terminal characteristics, CLI connection options, and special characters.
Page 739 –imask7 annex: You can modify these parameters using the stty command. Rebooting the Model 5390 server, resetting the port, or issuing a hangup command returns the parameters to their original values. There are several ways to enter a new parameter value: •...
Page 740: Table C3-28. Setting Parameters Using The Stty Command
Using the CLI Commands To undefine or turn off a parameter that requires a value, enter one of the following values along with the parameter: • undef (or u). • none (or n). • The two characters ^ and @ (indicating a null string) for parameters that require control characters.
Page 741 Deﬁnes a break as an attention signal. Generally, the break is generated by a key labeled Break. Setting –break turns off Break as an attention signal. Enables the terminal to display Model 5390 administrative messages. Setting the parameter –broadcast prevents any display of administrative messages. The default is broadcast.
Page 742 1–16 characters. Speciﬁes the method the Model 5390 server uses to stop input from the terminal if the Model 5390 input buffer is about to overﬂow. The default is bell. Possible values are: none Speciﬁes no ﬂow control;...
Page 743 893-741-B Description Controls case conversion for characters sent from the terminal to the Model 5390 server. Use is lower for older terminals without lowercase characters. The Model 5390 server converts typed uppercase characters to lowercase. The default, –ilower, does not change case.
Page 744 Has the same effect as setting the parameter to none. Controls case conversion for characters sent from the Model 5390 server to the terminal. Setting olower converts lowercase characters to uppercase. The default, –olower, does not change case. Sets the restart output character. The default is Sets the stop output character.
Page 745: Table C3-29. Displaying Parameters Using Stty
Table C3-28. Setting Parameters Using the stty Command (continued) Parameter stopb argument tabs –tabs term string tesc character fwdtimer time user name wera character Table C3-29. Displaying Parameters Using stty Parameter cliidletimer time 893-741-B Description The port number. The string port. A space.
Page 746 Description Displays the function of the hardware control lines. The default is none. Possible values are: none The Model 5390 server ignores the hardware control lines. ﬂow Conﬁgures CTS and RTS for ﬂow control, but does not activate hardware ﬂow control.
Page 747: T1_Loopback
Model 5390 password parameter or via the CLI passwd command), the password is a null string ("") . If the Model 5390 server is not conﬁgured with an IP address and boots via MOP, IPX, or from FLASH ROM, the default password is a null string ("") and entering a carriage return at...
Page 748 The tap command creates a Model 5390 job in the same way as the telnet and rlogin commands. You can break back to the CLI prompt and execute other CLI commands. However, when tap is not the active job, all activity on the tapped port is suspended.
Page 749: Table C3-31. Arguments For The Superuser Tap Command
The who command displays a tap on a port only when it is invoked locally in superuser mode using the CLI su command. Table C3-31. Arguments for the Superuser tap Command Argument –a –k –s –v 893-741-B Description Use ANSI enhanced display mode escape sequences instead of angle brackets for highlighting all input displayed by –k.
Page 750: Telnet
The number of the port to be tapped. In character-at-a-time mode, if neither side negotiates for echo, telnet –l directs the Model 5390 server to send a LF character to the terminal for each CR received. Do not issue a telnet –l if stty echo is turned on.
Page 751 • If the user connects to the Model 5390 server via a serial port through a modem or a terminal, the local port is chosen as 10000 + port*100 + sequential, where port is the serial line number (1 to 99), and sequential is a number (0 to 99) that distinguishes connections, and is chosen sequentially.
Page 752: Table C3-33. Issuing Commands Using Telnet
Speciﬁes the input mode. The value for type is speciﬁed as line for line-by-line and character for character-at-a-time. The echo argument speciﬁes whether echoing is performed by the Model 5390 server (local_echo) or by the host (remote_echo). The defaults for echo are remote_echo for character mode and local_echo for line mode.
Page 753 Table C3-33. Issuing Commands Using telnet (continued) Command set [special character] 893-741-B Description escape Sends the current Telnet escape character. Sends a Telnet Go Ahead sequence. Sends a Telnet Interrupt Process sequence. Sends a Telnet No Operation sequence. synch Sends a Telnet Synch sequence. Displays help information for the send command.
Page 754 Using the CLI Commands Table C3-33. Issuing Commands Using telnet (continued) Command toggle argument C3-78 Description kill Sets the line erase character that, when entered, sends the send el command (if the Telnet session is in localchars mode and in character-at-a-time mode).
Page 755: Tn3270
The tn3270 command is a variation of telnet that allows you to log on to an IBM host from an ASCII terminal attached to the Model 5390 server. The IBM host to which you connect can be running either the Virtual Machine/Conversational Monitor System (VM/CMS) or the Multiple Virtual Systems (MVS).
Page 756: Table C3-34. Arguments For The Tn3270 Command
Using the CLI Commands 3278 (Model 2) full-screen terminal. This is the only member of the IBM 3270 family of terminals that the Model 5390 server tn3270 supports. Table C3-34 describes the arguments for tn3270. The syntax is: tn3270 [host [port]] Table C3-34.
Page 757: Ascii Terminal Requirements And Setup
NOTE: A second escape character is deﬁned in the map3270 ﬁle. You can use this escape character instead of the one that displays when a connection is opened. Entering the tn3270 command puts the Model 5390 server in tn3270 command mode and displays the tn3270 prompt: annex: tn3270...
Page 758: Print Screen And Transparent Mode
ﬁle (see Conﬁguration Check List on page C3-89). Print Screen and Transparent Mode The Model 5390 tn3270 has two features not available with the Berkeley version of tn3270 on which it is based. These are: •...
Page 759: Terminal Emulation
ﬁeld. An ASCII terminal does not have this key. To simulate the 3278 keys, tn3270 maps them to key sequences you can enter from an ASCII terminal. The key sequences tn3270 uses depend on the Model 5390 terminal type and are deﬁned in the standard UNIX ﬁle /etc/map3270.
Page 760 Using the CLI Commands avt | vt100 | vt100nam | pt100 | vt125 | vt102 enter = ’^m’; clear = ’^z’ | ’\EOM’; #for tn3270 print-screen function lprt = ’\Ep’; nl = ’^?’; tab = ’^i’; btab = ’^b’; left = ’^h’ | ’\E[D’; right = ’^l’...
Page 761 In reality, it is not likely that you would be required to type a three-character escape sequence, because most of these sequences are mapped to special keys such as those on the numeric keypad. For example, on a VT220 terminal that has Keypad mode set to Application, you can send the sequence \EOM by pressing the Enter key.
Page 762 Using the CLI Commands Table C3-36. Default Key Mappings for tn3270 (continued) IBM 3270 Key Name ASCII Key Sequence DELETE CRTL-d EEOF CTRL-e EINP CTRL-w INSRT ESC<space> Program Function Keys PFK1 – PFK9 ESC 1 – ESC 9 or ESC [ 1 – ESC [ 9 or ESC O 1 –...
Page 763: Tn3270 Command Mode
Table C3-36. Default Key Mappings for tn3270 (continued) IBM 3270 Key Name ASCII Key Sequence CTRL-p 2 CTRL-p 3 Local Control Keys ESCAPE CTRL-c FLINP CTRL-x MASTER_RESET CTRL-g RESHOW CTRL-v RESET CTRL-t ESC d or ESC [ d or ESC O d ESC f or ESC [ f or ESC O f FERASE CTRL-u...
Page 764: Table C3-37. Commands Used In Tn3270 Command Mode
C3-88 Description Closes the connection to the remote host and returns you to the CLI prompt. On the Model 5390 server, this method of ending a connection is equivalent to using quit (see Ending a tn3270 Session on page C3-89).
Page 765: Ending A Tn3270 Session
Model 5390 port on which tn3270 is to run. If your Model 5390 server boots from a load host that has the standard UNIX ﬁles /etc/ termcap and /etc/map3270, copy those ﬁles into the directory that contains the Model 5390 operational image.
Page 766 At the same time, if your terminal has a keypad, you may want to conﬁgure the terminal to take advantage of the map3270 keypad mappings. For example, if you are using the Model 5390 term_var of vt100 but the terminal has a numeric keypad (which an actual vt100 does not), you can conﬁgure the terminal as VT200 7 bit, VT300 7bit, or VT400 7bit, which do support...
Page 767 To set the emulation mode to VT200 7 bit, enter the following string in an is control sequence in the portion of termcap that corresponds to the terminal’s term_var port parameter: \E[62;1”p To set emulation mode to VT300 7 bit, enter: \E[63;1”p NOTE: Do not confuse control sequence length with data bits (which can also be set to 7 or 8 via the setup utility).
Page 768: Tstty
Model 5390 server. Each Model 5390 server requires a unique option_key value. On some Model 5390 servers, the option_key value is afﬁxed to the underside of the box. If you do not ﬁnd it there, contact your supplier. Until this key is set properly, the parameters discussed in the next step are not available.
Page 769: Table C3-38. Arguments For The Who Command
The who command displays information on the current users of the Model 5390 ports. This command also displays current users on other Model 5390 servers, and on remote hosts, if those hosts have fingerd running for who @host. The command accepts one or more arguments. The syntax is: who [[h=]host | [u=]user |[p=]port | @host |user@host | –l @host]...
Page 770: Table C3-39. The Who Command Display
A speciﬁc user at the speciﬁed host. If host is a 4.3BSD system, the display is the same as the ﬁnger user command. If host is a Model 5390 server, the display is the same as the who user command.
Page 771 Displays the amount of time (hours and minutes) since the last activity on the port. Displays the source of the connection. The name or network address indicates the host or Model 5390 server originating the connection; [local] indicates a serial port. Using the CLI Commands...
Page 772 Using the CLI Commands C3-96 893-741-B...
Page 773 • rtelnet. aprint The aprint utility sends files directly to the Model 5390 printer connected to the serial line port. The aprint utility can be used as a direct command or integrated with the standard host print- spooling mechanis Table C4-1 describes the arguments for aprint.
Page 774 Utilities Table C4-1. Argument –Fstring ﬁlename The aprint utility provides the following error messages: • Command syntax errors Usage: aprint [–Aannex][–L#][–Fstring][–f][file]... Old style –Pprinter ﬂag cannot be combined with new ﬂags: Can’t mix –A and –P flags Can’t mix –L and –P flags Out of range number used for –L# option: invalid serial/parallel unit number N •...
Page 775 Unexpected SIGPIPE error from system software: Annex connection was lost unexpectedly Annex connection was lost during attempt to spool “filename” –Pprinter found in /etc/printcap, but it is not the Model 5390 printer: NAME is not an Annex printer 893-741-B Utilities...
Page 776: Erpcd
When operational code is being downloaded to Model 5390 servers, a minimum of one host, accessible to the Model 5390 server, must be running erpcd with the bfs program enabled. A UDP port (121) for erpcd must be defined in the services database and the eservices file must be configured properly.
Page 777: Table C4-2. Supported Arguments For Erpcd
Model 5390 CLI. These are documented in the acp_policy.doc ﬁle; the acp_policy.c ﬁle contains examples (for more details on implementing code changes, see Modifying the Supplied Security Application on page A15-74 and Modifying the Code on page A15-84).
Page 778: Default User Name And Password Verification
–u Default User Name and Password Veriﬁcation The Model 5390 server supports both native and proprietary support routines and integrated passwd and passwd/shadow ﬁles (for more details, see Creating User Password Files starting on page A15-11 and Modifying the Supplied Security Application starting on page A15-74).
Page 779: Ch_Passwd
The ch_passwd utility enables users to change their password when accessing the Model 5390 server through the Access Control Protocol (ACP) security system. This utility affects only passwords in the acp_passwd or acp_shadow file. Table C4-3 describes the supported argument for ch_passwd.
Page 780: Rtelnet
Argument Description –s rtelnet The rtelnet daemon establishes a Telnet connection between a serial line on the Model 5390 server and a character special file on the host (/dev file). Table C4-4 describes the arguments for rtelnet. The syntax is: rtelnet [–abcdfhkmnoprstCDFOPRTV] [-lﬁle] [-uuser] [-Mmode] annex_id annex_port /dev/...
Page 781: Table C4-4. Supported Arguments For Rtelnet
Resets the Model 5390 port when the connection closes; valid only if the Model 5390 password parameter is not set. Use in conjunction with –m. Periodically retries network connection ('keepalive').
Page 782 Forces rtelnet to fork into background, even in debug mode. Sets default pseudo-device file mode to <mode> (given in octal). Disables out-of-band telnet data (for pre-R7.0 Model 5390 servers). Interprets the port number as a TCP port (1–65535 or name).
Page 783: Local Area Network Protocols
802.3 speciﬁcations handle IP encapsulation differently. Although the differences are minor, these methods are not compatible; hosts using one encapsulation method cannot communicate with hosts using the other. The Model 5390 server can be conﬁgured to use either method; it is compatible with both Ethernet Rev. 2 and IEEE 802.3 transceivers.
Page 784: Ethernet Addresses
An Ethernet address consists of six octets of hexadecimal digits, for example: 00-08-2D-00-00-37. The Model 5390 Ethernet address is assigned at the factory; it is permanently stored in ROM. You can display this address using either the ROM Monitor or the CLI stats command. Sometimes, Ethernet addresses are used for testing the local area network.
Page 785: Network Address To Hardware Address Translation
Network Protocols Internet Protocol Addressing The Model 5390 server is a host on the Internet. For the network layer (IP) to route packets to the Model 5390 server, it requires a unique Internet address. Typically, an Internet address is a 32-bit address divided into four 8-bit ﬁelds, with each ﬁeld separated by periods, and speciﬁed as a decimal...
Page 786: Network Classes
The Internet protocol divides the address into a network section and a local or host section. The address has ﬁve classes, of which three can be used for hosts such as the Model 5390 server. The class for the address is determined by the number of bits assigned for the network section of the address.
Page 787: Subnet Addressing
Network Protocols The Internet address 129.091.000.063 is a Class B address. It can be speciﬁed as 129.91.0.63. The network address is represented by the decimal numbers 129.91; the host address is 63. The combination of network address and host address is used to maintain a unique Internet address for each host.
Page 788: Broadcast Addresses
2) obtained from the host’s Internet address, and 3) sending out an ICMP Address Mask Request and receiving a reply from an authoritative agent. The Model 5390 server can be conﬁgured as an authoritative agent on the network and reply to ICMP Address Mask Requests.
Page 789: Internet Trailer Packets
Internet Trailer Packets The Model 5390 server on an Ethernet supports the trailer packets used in 4.2BSD UNIX. Trailer packets are not recommended, as they are more overhead for the Model 5390 server. A host uses trailers for 512-byte blocks only.
Page 790: Local Area Transport (Lat) Protocol
(typically once per minute). A host can provide multiple services. When a user broadcasts a service request and there are multiple providers of that service, the Model 5390 server logs the user onto the host with the highest service rating.
Page 791: Virtual Circuit Layer
LAT Architecture LAT architecture consists of two layers: the virtual circuit layer and the slot layer. Virtual Circuit Layer The virtual circuit layer creates and maintains a virtual circuit between communicating LAT machines. It also provides a data transport service for the slot layer. The virtual circuit translates host names to Ethernet addresses.
Page 792: Host Initiated Connections
Each entry specifies the type, Telnet to LAT or LAT to Telnet. With an established connection through the gateway, the translating Model 5390 server has two connections, one for the TCP/IP side and one for the LAT side. C5-10...
Page 793 Network Protocols In the Telnet to LAT direction, the destination service in the translation entry must be in the Model 5390 learned service database. In the LAT to Telnet direction, the translation name is made an advertised service on the network.
Page 794 Network Protocols C5-12 893-741-B...
Page 796 Part D Appendixes • Appendix D1, “Software Reference”...
Page 797 Table D1-2 on page D1-31 is a list of Model 5390 parameters. • Table D1-3 on page D1-40 is a list of AppleTalk-speciﬁc Model 5390 parameters. • Table D1-4 on page D1-40 is a list of LAT-speciﬁc Model 5390 parameters.
Page 798 Software Reference Miscellaneous • Table D1-20 on page D1-65 is a list of formatting codes for Model 5390 prompts. • Table D1-21 on page D1-66 is a list of variable arguments. • Table D1-22 on page D1-66 is a list of Model 5390 processes.
Page 799: Summary Of All Parameters
Enables ACP service for the port. "" Deﬁnes a control character sequence as an attention character or string. virtual CLI=^ Enables the Model 5390 server to reply to an ICMP Address Mask Request. Software Reference D1-3...
Page 800 Speciﬁes which remote group codes are accessible to users on a particular Model 5390 port. Determines whether or not the Model 5390 server automatically detects line speed when a connection is opened, and whether or not it sets matching terminal port characteristics on the next login.
Page 801: Table D1-1. All Parameters
Description Allows you to control the prompt that appears for VMS or UNIX environments. %a%c Customizes the CLI prompt. Enables/disables CLI security for the Model 5390 server. conﬁg. Speciﬁes the name of the conﬁguration annex ﬁle. Enables/disables the host-based security policy for access from the CLI to the network.
Page 802 Software Reference Table D1-1. All Parameters (continued) Parameter Values dedicated_port telnet, rlogin, call, TCP port number default_zone_list 100-character string default_session_mode interactive, passthru, passall, transparent dialup_addresses Y or N disabled_modules admin, atalk, dialout, edit, ﬁngerd, ftpd, ipx, lat, nameserver, ppp, slip, snmp, tn3270, tstty, vci, all, none...
Page 803 Sets the maximum number of entries in the host table. "" Speciﬁes the name of the ﬁle containing the Model 5390 operational code. When enabled, the Model 5390 port ignores the eighth bit of received characters. 0 (off) Speciﬁes the amount of time, in minutes, a port can remain inactive before all sessions are terminated and the port reset.
Page 804 Deﬁnes the control character sequence that stops input. ethernet Sets the IP encapsulation type. Enables the Model 5390 server to scan the interface list and copy broadcast packets. none Speciﬁes the U.S. Department of Defense basic IP Security Option (IPSO) classiﬁcation level included in TCP...
Page 805: Model 5390 Parameters
Enables/disables the LAT protocol as well as LAT-speciﬁc Model 5390 parameters. Limits the number of HIC requests that the Model 5390 server can queue. Enables the Model 5390 server to decode a LAT host’s data-b packet. Enables/disables echoing line erase for a CRT.
Page 806 D1-10 Default Description "" Deﬁnes a string that represents the port’s location. Enables any port to use the Model 5390 Interface for VMS Environment’s lock command. <unset> Speciﬁes the password for all ports using a VMS interface. Enables the port password when the VMS command interface is conﬁgured (that is,...
Page 807 Speciﬁes the number of active sessions (jobs) allowed per port. unlimited Sets the maximum number of virtual CLIs the Model 5390 server can create at one time. Deﬁnes the hop count to the remote end of the serial line. Enables/disables using minimum uniqueness for host names.
Page 808 Contains the address the Model 5390 server tries to acquire at the start of an AppleTalk session. If this address is in use, the Model 5390 server must acquire a new node ID. This new ID is stored in non-volatile RAM.
Page 809 TCP/IP packet will be escaped before being sent to the network. randomly a 4-byte, Novell network number Speciﬁes generated the Model 5390 server suggests for the number remote PC client on an IPXCP link. Ethernet Speciﬁes a string of 12 hexadecimal digits address...
Page 810 Software Reference Table D1-1. All Parameters (continued) Parameter Values ppp_password_remote <unset> or a string ppp_security_protocol pap, chap-pap, none ppp_username_remote <unset> or a string pref_dump_addr Internet address pref_load_addr Internet address pref_mop_host Ethernet address pref_name1_addr Internet address pref_name2_addr Internet address pref_secure1_host Internet address pref_secure2_host Internet address printer_crlf...
Page 811 Controls which routes are accepted from RIP updates. Controls which routes are advertised. "" Enables/disables RIP authentication. 0 (off) Advertises that the Model 5390 server is the default router and indicates the hop count. poison Controls the split horizon algorithm. needed Speciﬁes whether or not the next hop value...
Page 812 Enables/disables broadcasting for a security server host in case preferred hosts are not available. none Allows the Model 5390 server to act as a load host. physical A string of characters used to name the Ethernet Model 5390 server in the LAT protocol.
Page 813 DS0. Enables/disables dumping across a SLIP link. 0.0.0.0 Deﬁnes the host from which the Model 5390 server receives a load or to which the Model 5390 server dumps over the SLIP link. small Forces SLIP interface to use large (1006) or small (256) maximum transmission units.
Page 814 Supplies host location or identiﬁcation information. log_local7 Deﬁnes the facility for logging Model 5390 syslog messages. 0.0.0.0 Deﬁnes the host for logging Model 5390 messages. none Determines the priority levels that are to be logged. Routes syslog messages to a serial port.
Page 815 ﬁle names for tftp transfers. Enables/disables broadcasting for a time server host in case the preferred load host is not available. 0.0.0.0 Determines whether or not the Model 5390 server queries for time service. Software Reference D1-19...
Page 816 Deﬁnes the maximum number of milliseconds during which small packets can accumulate to form larger packets. When the time expires, the Model 5390 server sends the multiplexed packet. Controls whether or not the Model 5390 server uses TMux to multiplex small TCP packets into a single IP packet.
Page 817 Table D1-1. All Parameters (continued) Parameter Values toggle_output control char. sequence type hardwired or (serial port) dial_in type_of_modem 16-byte string user_name string vcli_groups Remote group codes for virtual CLI users vcli_password <unset> or a string vcli_security Y or N zone 32-byte string 893-741-B Default...
Page 818: Model 5390 Parameters
Software Reference Model 5390 Parameters Table D1-2 lists the Model 5390 parameters. Table D1-2. Model 5390 Parameters Parameter Values a_router 0–253 acp_key <unset> or a string allow_snmp_sets Y or N authoritative_agent Y or N broadcast_addr all zeros (network.0) or all ones (network.1)
Page 819: Table D1-2. Model 5390 Parameters
Identiﬁes a LAT host by number. all disabled Security mechanism that restricts access to LAT services for all users on the Model 5390 server. Sets the maximum number of entries in the host table. "" Speciﬁes the name of the ﬁle containing the Model 5390 operational code.
Page 820 D1-24 Default Description ethernet Sets the IP encapsulation type. Enables the Model 5390 server to scan the interface list and copy broadcast packets. Controls whether or not the Model 5390 server enables an IPX checksum. <unset> Controls whether or not the Model 5390 server enables an IPX checksum.
Page 821 0–254 893-741-B Default Description Limits the number of HIC requests that the Model 5390 server can queue. Enables/disables broadcasting for ﬁles other than the image if one or all are not available. 0.0.0.0 Speciﬁes the gateway’s Internet address. A gateway is required if...
Page 822 Sets the number of seconds to wait for an answer from a security host. Contains the address the Model 5390 server tries to acquire at the start of an AppleTalk session. If this address is in use, the Model 5390 server must acquire a new node ID.
Page 823 <unset> Sets the Model 5390 administrative password. Deﬁnes the maximum number of times a user can try to enter a password before the Model 5390 server resets the port. 0.0.0.0 Deﬁnes the Internet address for the preferred dump host. 0.0.0.0 Deﬁnes the Internet address for...
Page 824 RWHO broadcasts. Enables/disables broadcasting for a security server host in case preferred hosts are not available. none Allows the Model 5390 server to act as a load host. physical ethernet A string of characters used to address appended to name the Model 5390 server in string LAT_ the LAT protocol.
Page 825 TCP connections. host- Provides the name of the ﬁle to dependent use when dumping the core image using tftp if the Model 5390 operational image and erpcd fail. host- The string prepended to the dependent image, motd, and conﬁguration ﬁle names for tftp transfers.
Page 826 When the time expires, the Model 5390 server sends the multiplexed packet. Controls whether or not the Model 5390 server uses TMux to multiplex small TCP packets into a single IP packet. Speciﬁes the maximum number of host addresses allowed in the TMux address table.
Page 827 Description The Ethernet address of the network’s A_Router. "" This zone list is sent to ARA clients as the local backup to ACP. The address the Model 5390 server tries to acquire at startup. "" Enables/disables AppleTalk. "" The AppleTalk zone for use at start-up.
Page 828 Model 5390 server in the LAT protocol. address appended to string LAT_ The upper bound on the number of services that the Model 5390 server can maintain in its local service table. "" Supplies host location or identiﬁcation information. none Speciﬁes which remote group codes are...
Page 829 RIP-speciﬁc Model 5390 Parameters Table D1-5 lists RIP-speciﬁc Model 5390 parameters. Table D1-5. RIP-speciﬁc Model 5390 Parameters Parameter Values option_key unique output_ttl 1–255 rip_auth <set> or <unset> rip_routers router_list, routed Y or N T1-speciﬁc Model 5390 Parameters Table D1-6 lists T1-speciﬁc Model 5390 parameters.
Page 830 Speciﬁes the largest user packet that can be placed in a TMux packet. Default Description Enables any port to use the Model 5390 Interface for VMS Environment’s lock command. <unset> Speciﬁes the password for all ports using a VMS interface.
Page 831 Description Controls which routes are accepted from RIP updates. Controls which routes are advertised. 0 (off) Advertises that the Model 5390 server is the default router and indicates the hop count. poison Controls the split horizon algorithm. needed Speciﬁes whether or not the next hop value is included in RIP version 2 advertisements.
Page 832: Table D1-10. Asynchronous Port Parameters
CLI=^ Speciﬁes which remote group codes are disabled accessible to users on a particular Model 5390 port. Determines whether or not the Model 5390 server automatically detects line speed when a connection is opened, and whether or not it sets matching terminal port characteristics on the next login.
Page 833 CRT. Enables/disables masking CLI input to seven bits. 0 (off) Sets the amount of time that the Model 5390 server waits before hanging up the port after it becomes idle. Allows you to control the prompt that appears for VMS or UNIX environments.
Page 834 Sets the amount of time, in tens of milliseconds, that will elapse before forwarding received data. Allows the terminal to expand ASCII tab characters if the terminal does not support hardware tabs. When enabled, the Model 5390 port ignores the eighth bit of received characters. 893-741-B...
Page 835 Treats any input character as a start (XON) character if output has been suspended by a stop (XOFF) character. Enables the Model 5390 server to decode a LAT host’s data-b packet. Enables/disables echoing line erase for a CRT. 0.0.0.0 Deﬁnes the Internet address for the port on the...
Page 836 Enables a login timer when the VMS command interface is conﬁgured (that is, when cli_interface is set to vci). When enabled, the Model 5390 server returns the user to the CLI prompt after receiving a break longer than two seconds.
Page 837 TCP/IP packet will be escaped before being sent to the network. randomly a 4-byte, Novell network number the Speciﬁes generated Model 5390 server suggests for the remote PC number client on an IPXCP (IPX over PPP) link. Software Reference D1-41...
Page 838 Speciﬁes a string of 12 hexadecimal digits address representing the 6-byte, nonzero node number plus one the Model 5390 server suggests for the node number of the remote PC client on an IPXCP (IPX over PPP) link. 1500 Deﬁnes the maximum receive unit used with PPP.
Page 839 CLI prompt after receiving a break shorter than two seconds. Enables/disables dumping across a SLIP link. 0.0.0.0 Deﬁnes the host from which the Model 5390 server receives a load or to which the Model 5390 server dumps over the SLIP link. small Forces SLIP interface to use large (1006) or small (256) maximum transmission units.
Page 840 D1-44 Default Description Overrides the Model 5390 tcp_keepalive parameter for one or more speciﬁc serial ports. When enabled, a carriage return translates to a carriage return followed by a line feed; when disabled, a carriage return translates to a carriage return followed by a null string("").
Page 841 Speciﬁes which protocol to run on the interface. Default Description Speciﬁes which remote group codes are accessible to disabled users on a particular Model 5390 port. Enables the Model 5390 server to decode a LAT host’s data-b packet. Software Reference D1-45...
Page 842 Y or N subnet_mask Internet subnet mask D1-46 Default Description The Model 5390 server uses TCP/IP header compression if the PPP link’s end point initiates compression. Enables/disables requesting dial-up address from ACP. 0.0.0.0 Deﬁnes the IP address for the port (Model 5390 side).
Page 843 Enables/disables dumping across a SLIP link. 0.0.0.0 Deﬁnes the host from which the Model 5390 server receives a load or to which the Model 5390 server dumps over the SLIP link. small Forces SLIP interface to use large (1006) or small (256) maximum transmission units.
Page 844 Y or N D1-48 Default Description Determines whether or not the Model 5390 server automatically detects line speed when a connection is opened, and whether or not it sets matching terminal port characteristics on the next login. "" Reopens the next lower numbered session from within the current session without returning to local mode.
Page 845: Table D1-16. Na Commands
893-741-B Software Reference Description Sets the default annex_list. Reboots the Model 5390 server. Only ROM revisions 0600 and greater with the self-boot option installed support the –l argument. Sends a broadcast message to a port(s). Copies Model 5390 parameters to other Model 5390 servers.
Page 846 Resets an asynchronous port parameter(s) without rebooting the Model 5390 server. T1 command used to reset the T1 engine and ESF statistics. Modiﬁes the value of the Model 5390 parameter(s). Modiﬁes the value of an interface parameter(s) Modiﬁes the value of an asynchronous port parameter(s).
Page 847: Table D1-17. Cli Commands
Disconnects all jobs and resets all CLI connections. Displays help information on CLI commands. Displays the names and addresses of hosts and other Model 5390 servers listed in the Model 5390 host table. Converts a CLI port to an ipx mode port. D1-51...
Page 848 Connects to a host using rlogin. Displays LAT services that have been advertised by LAT hosts. Converts a CLI port to a SLIP port. Displays Model 5390 statistics. Displays the status and statistics of the T1 Network Interface. Displays and modiﬁes CLI port parameters.
Page 849: Table D1-18. Cli Superuser Commands
Description Enters administrative mode. Displays/modiﬁes the Internet-to-hardware address translation table. Reboots the Model 5390 server. Only ROM revisions 0600 and greater with the self-boot option installed support the –l argument. Sends a broadcast message to a port or ports. Consolidates all valid records to the beginning of the EEPROM.
Page 850 Sends ICMP Echo Request packets to host. Enters the default port_set. Enters the default printer_set. Enters the default printer_set. Displaces processes at the Model 5390 server. Terminates the admin session. Resets a port or subsystem. Deletes a ﬁle in the local ﬁle system.
Page 851: Table D1-19. Rom Monitor Commands
Displays the unit’s ROM-resident Ethernet address in hexadecimal notation or prompts for values. Boots and loads Model 5390 operational code. Only ROM revisions 0600 and greater with the self-boot option installed support the –l argument. Displays the current hardware conﬁguration and revision levels.
Page 852: Table D1-20. Formatting Codes For Model 5390 Prompts
[–d] [port] stats –slip Formatting Codes for Model 5390 Prompts Table D1-20 lists the formatting codes for Model 5390 prompts. Table D1-20. Formatting Codes for Model 5390 Prompts Code Expansion The string annex. A colon followed by a space.
Page 853: Table D1-21. Variable Arguments
| lat | interface | device | editing time [[+] [HH:] [MM]] Model 5390 Processes Table D1-22 lists Model 5390 processes. Table D1-22. Model 5390 Processes Process Purpose adm_timer Watches serial ports for activity (idle timer, inactivity timer).
Page 854 Software Reference Table D1-22. Model 5390 Processes (continued) Process Purpose dp_mon Listens for dedicated port requests. erpcd Listens for incoming erpcd requests. ﬁngerd_lis User information for listener. line_adm Port and virtual line administrator. Listens for aprint commands. netdattimer Ages the host table.
Page 855 Index Symbols /etc/printcap file A5-3 editing A5-5 /etc/services file A14-2 Numerics 4.2BSD hosts, accessing A14-1 4.3BSD event logging using syslog syslogging A2-19 9-28 setting up host for A14-54 a_router parameter A10-2 A10-4 accesscode A15-17 A15-19 entries example A15-19 ACE/Server software installing A14-1 ACP security...
Page 856 Network to Hardware translation Network to Name translation subnet C5-5 admin command A1-2 A12-46 reference C3-10 set descriptions C3-10 using to configure Model 5390 parameters A2-6 A2-8 A10-3 admin prompt C3-10 using with quit command administrative password configuring A15-4 using with su command...
Page 857 C1-9 arguments, for CLI reference, for CLI supported arguments for boot server configuring Model 5390 server as C2-11 boot-d command booting configuring for Model 5390 server A2-14 A3-10 self- A6-6 A3-10 using SLIP...
Page 858 IPX 9-32 bypass parameter C2-14 cables, printer A5-1 call-back B1-24 camp-on A1-5 port server feature A4-3 capabilities, Model 5390 server CCL Converter A10-19 A10-22 configuration A10-20 running application A10-22 setting for selecting security type using for AppleTalk A10-19 ch_passwd command...
Page 859 PPP configuring for dial-in SLIP C3-54 configuring for dialup PPP configuring for inbound modems C3-57 using for CLI security C3-55 climask codes, formatting C3-70 list of, for Model 5390 prompts D1-65 C3-72 C3-74 C3-79 C3-79 C3-92 C3-92 A10-14 C3-93 A8-9...
Page 860: Config_File
Index Command Line Interpreter. See CLI compact command reference C3-16 Compressed Serial Line Internet Protocol. See CSLIP CompuServe xlii config.annex file A12-51 config_file parameter A2-25 configuration file A2-9 creating dialout entries in creating macro entries in creating modem entries in A14-32 creating rotary entries in creating service entries in...
Page 861: Ipx_File_Server
C2-60 subnet_mask C2-60 tcp_keepalive C2-62 telnet_crlf C2-63 telnet_escape C2-63 term_var C2-63 toggle_output C2-67 type C2-67 893-741-B list of all Model 5390 server C2-48 C2-48 C2-59 type_of_modem C2-68 user_name C2-68 D1-3 D1-21 a_router A10-4 C2-10 acp_key C2-10 allow_snmp_sets B2-7 C2-11...
Page 862: Motd_File
Index load_dump_sequence lock_enable C2-33 login_password C2-34 login_prompt C2-34 login_timer C2-34 loose_source_route C2-35 max_vcli C2-37 min_unique_hostnames mop_password C2-39 motd_file C2-39 multicast_timer C2-40 name_server_1 C2-40 name_server_2 C2-40 nameserver_broadcast network_turnaround node_id A10-4 C2-42 option_key A10-3 A10-5 output_ttl C2-44 passwd_limit C2-45 password C2-44 pref_dump_addr C2-49 pref_load_addr C2-49...
Page 863 893-741-B IPX, standards-based C2-49 LAT services Model 5390 parameters Model 5390 server parameters for serial printer ports rotaries for TSTTY security for Model 5390 FTP daemon B2-19 A15-70 connect command multi-protocol support and reference A14-64 connect mode 9-25 using for port configuration...
Page 864 A1-9 A1-11 Apple PowerBook and Macintosh computers using ARA Apple PowerBook and Macintosh computers using PPP A1-11 devices to Model 5390 server hosts without a network interface modems A1-10 A1-9 printers A1-10 terminals A1-9 X Window terminals...
Page 865 DNS. See Domain Name System server A11-10 do_compression parameter configuring for dial-in SLIP Domain Name System server See also name servers example of PTR entry using for Model 5390 configuration dump host file naming services setting for Model 5390 configuration dumpboot command arguments for...
Page 866: Default User Name And Password Verification
Index-12 using syslog exclude filters 9-24 A3-10 facility_num parameter A3-12 FastLink II accessing IP nodes via A5-1 A3-13 configuring Model 5390 ports for IP access A4-7 9-11 fg command A15-3 A15-31 arguments reference file configuration C4-7 A14-2...
Page 867 A2-10 setting up using bfs A14-2 setting up using tftp A14-3 system, local for configuring Model 5390 server A2-9 filt.c filter program A5-3 filter command A13-9 filter list command C3-22 filter lists A13-6 filter numbers A13-6 filter subcommands A13-7 add subcommand...
Page 868 C3-25 ICMP redirect messages A12-7 router discovery A12-7 IEN-116 name server A14-54 Index-14 See also name servers using for Model 5390 configuration A2-18 image file location of A14-12 B1-31 image_name parameter imask_7bits parameter inactivity_timer parameter B1-31 C2-25...
Page 869 Internetwork Packet Exchange protocol. See IPX protocol introduction to Model 5390 server A1-11 See also RIP addressing A12-10 A12-15 Basic Security Option (IPSO) configuring for Model 5390 security A15-71 encapsulation type setting A2-26 forwarding versus routing nodes accessing via FastLink II...
Page 870: Ixany_Flow_Control
A13-3 lat_queue_max parameter latb_enable parameter line_erase parameter link control protocol (LCP) list subcommand arguments display example load host setting for Model 5390 configuration setting up load server setting for Model 5390 configuration C5-11 load_broadcast parameter A14-15 load_dump_gateway parameter load_dump_sequence parameter...
Page 871 SLIP link valid options for C2-32 load-dump sequence setting for Model 5390 configuration loading files A1-3 Local Area Network. See LAN protocol Local Area Transport. See LAT protocol local password protection configuring for port server for Model 5390 server...
Page 872 MIB objects IPX-specific parameters vs. MIB objects B2-22 MIB object hierarchy B2-9 Model 5390 private enterprise MIB vs. Model 5390 parameters Model 5390 restrictions on prefixes for MIB Object Names serial port parameters vs. MIB objects B2-25...
Page 873 893-741-B reset command A6-4 set command A6-3 show command using for AppleTalk-specific configuration A6-4 parameters using for Model 5390 configuration B1-29 A2-5 B1-21 using for port configuration write command name servers See also Domain Name System server, IEN-116 name server...
Page 874 Index-20 protocol interfaces, memory buffers, routes (RIPs), and servers netstat -xi command netstat -xm command netstat -xr command using to display Model 5390 route for B1-17 network netstat -xS command using to display additional line of information for each server...
Page 875 PPP dial–up configuring for PPP link configuring for serial printer configuring for SLIP link for Model 5390 server A6-1 setting for dynamic dialing output_is_activity parameter configuring for bidirectional modems configuring for outbound modems...
Page 876 CLI security 9-26 9-25 port_server_security parameter 9-14 C2-46 configuring for Model 5390 server configuring for outbound modems ports command A8-1 AppleTalk over authentication type configuring for dial-in with dial-up A10-15...
Page 877 A2-17 893-741-B pref_name2_addr parameter pref_secure1_host parameter C2-50 pref_secure2_host parameter A15-49 preferred dump host setting for Model 5390 configuration preferred load host setting for Model 5390 configuration printer_host parameter A8-2 9-11 9-14 printer_name parameter printers aprint and rtelnet utilities...
Page 878 Index integrating rtelnet with lp spooler A5-10 using aprint with interface file processes, Model 5390 server list of D1-66 procs command arguments C3-44 command display C3-45 Model 5390-specific processes reference C3-44 prompt parameter A2-23 C2-51 prompts setting for environment customization...
Page 879: Defining Routes
A12-3 ICMP redirect messages A12-7 interface routes A12-9 IP addressing A12-10 A12-15 address classes A12-10 obtaining IP network addresses setting the Model 5390 IP address A12-12 netstat -r option A12-64 non-operational interfaces passive RIP configuring A12-22 defining routes A12-22 disabling...
Page 880: Defining Multiple Rotaries With One Entry
C3-51 A2-26 A12-62 A14-13 A14-15 A12-7 A14-15 A14-11 A12-2 A14-42 9-32 A1-8 C5-6 gateway entries and A14-13 A12-6 displaying Model 5390 server statistics and information B1-11 B1-14 A6-8 C4-10 C4-8 C4-10 C4-8 C4-8 A3-15 A5-10 A5-6 A1-6 A1-10 A1-10 A5-10...
Page 881 A15-55 clients A15-56 PIN mode A15-57 user interface A15-56 using A15-55 configuring Model 5390 server for installing ACE/Server software and integrating into ACP A15-60 using with ACP simultaneously security See also ACP security, SafeWord, SecurID A15-5 A15-9 changing ACP file names...
Page 882 MIB objects B2-25 serial port printers configuring A5-1 server_capability parameter A2-11 arguments A2-12 A14-49 setting to configure Model 5390 server as boot server A14-48 server_name parameter A14-58 servers See also name servers, Domain Name System server, IEN-116 name server BIND A14-53...
Page 883: Defining Trap Hosts And Traps
Model 5390 parameters A10-3 gateway entry for community string gateways file entry for trap hosts message delivery A3-6 MIB object hierarchy MIBs supported by Model 5390 server A7-8 C2-59 A7-8 C2-59 A7-7 C2-59 A7-7...
Page 884 B2-13 MIB-II, and object restrictions RIPv2 MIB, and object restrictions B2-13 RS-232 MIB, and object restrictions B2-15 Model 5390 parameters vs. Model 5390 private enterprise MIB LAT statistic objects PPP and SLIP port parameters vs. MIB objects B2-29 serial port parameters vs. MIB objects...
Page 885 C3-62 C3-69 setting parameters with C3-62 su command C3-2 reference C3-71 subnet addressing C5-5 mask configuring for Model 5390 server A2-9 routes entering A12-41 subnet...end blocks A8-4 A12-41 route cache and A7-14 using to configure active RIP subnet_mask parameter A2-9...
Page 886: Configuration Check List
A1-3 using for booting and dumping tftp_dump_name parameter A2-11 tftp_load_dir parameter C2-64 time server enabling broadcasting for installing A14-50 using for Model 5390 configuration A2-22 time_broadcast parameter A2-21 time_server parameter C2-64 addresses C2-64 timezone_minuteswest parameter setting up to access modem...
Page 887: Defining Tcp Port Numbers
A4-22 configuring rotaries for A4-22 defining TCP port numbers description of A4-18 devices, naming A4-21 interaction with Model 5390 port parameters A4-18 A4-20 using for environment customization tstty command reference C3-92 tuple in nve_filter entries A15-22 type parameter 9-11 asynchronous...
Page 888 Index commands C3-6 who command A10-14 A15-70 arguments C3-93 command display C3-93 reference C3-93 using to obtain information for IPX protocol connections 9-36 World Wide Web xliii write command C1-28 C2-2 using for port configuration XON/XOFF flow control for bidirectional modems for inbound modems A6-4 for outbound modems...