Download Print this page

Bay Networks 6300 Supplement Manual

Supplement to the remote annex administrator’s guide for unix

Hide thumbs Also See for 6300:

Hardware installation manual (138 pages)

,

Quick start manual (60 pages)

,

Ordering manual (2 pages)

Table Of Contents

page of 593

/ 593
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual, Installation Manual

Remote Annex

6300

Supplement to the Remote

Annex Administrator's Guide

for UNIX

Part No. 166-024-028

Rev. A

January 1997

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the 6300 and is the answer not in the manual?

Questions and answers

Summary of Contents for Bay Networks 6300

Page 1 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Part No. 166-024-028 Rev. A January 1997...
Page 2 Annex, Remote Annex, Annex Manager, Remote Annex 2000, Remote Annex 4000, Remote Annex 6100, Remote Annex 6300, Remote Annex 5390/Async, Remote Annex 5391/CT1, Remote Annex 5393/PRI, BayStack Remote Annex 2000 Server, Quick2Conﬁg, Bay Networks, Bay Networks Press, and the Bay Networks logo are trademarks of Bay Networks, Inc.
Page 3 Revision Level History Revision Description Initial release. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 4 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 5: Table Of Contents
RA 6300 Management Tools ........
Page 6 Modem Assignments ..............A-81 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 7 Sample Configurations for Dial-out Routing ..........A-134 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 8 AppleTalk-specific RA 6300 Parameters ........
Page 9 Port Passwords and the RA 6300 ........
Page 10 Configuring the RA 6300 for Use with Kerberos Authentication ....... .
Page 11 Controlling PRI Calls Made to the RA 6300 ....... . .
Page 12 Using SNMP set to Send Commands to the RA 6300 .......
Page 13 ................C-54 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 14 ..............C-72 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 15 ............... . C-91 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 16 (RA 6300) ........
Page 17 ................C-115 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 18 Contents xviii Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 19 Figure A-15. Sample Conﬁguration for a route Entry in acp_userinfo ....... . A-262 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 20 Figures Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 21 Table A-39. Options for the acp_dbm Utility ..........Table A-40. PPP Security Parameters and their Effect on RA 6300 Activity ......
Page 22 Table B-25. Preﬁxes for MIB Object Names Related to the RA 6300 ......
Page 23 Table C-36. Supported Arguments for erpcd..........Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 24 Tables xxiv Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 25: Preface
UNIX distributed by the University of California at Berkeley, 4.2BSD and 4.3BSD, or versions of System V. Supported Platforms This document supports the Remote Annex 6300 and the Remote Annex 5393/PRI. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 26: Using This Manual
This manual is a supplement to the Remote Annex Administrator’s Guide for UNIX. It is organized into three books: This manual is called a “supplement” because several of its chapters only describe how the RA 6300 differs from other members of the Remote Annex product family. Supported Version This manual supports Release 4.2 of the Remote Annex 6300 software.
Page 27: Conventions
<cr> lowercase bold lowercase italics CTRL- X Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX In examples, special type indicates system output. Bold special type indicates user input. In command examples, this notation indicates that pressing the Return key enters the default value.
Page 28: Related Documents
Preface Related Documents Each RA 6300 or RA 5393/PRI hardware platform ships with the appropriate hardware guide. The remaining documentation is included with the software. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX xxviii...
Page 29: Introduction To The Remote Annex 6300
It is an affordable alternative to leasing expensive dedicated digital lines or using lower speed analog modems. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Introduction to the Remote his chapter provides overviews of the following: •...
Page 30: Isdn Characteristics
2B+D service. A single BRI can handle multiple devices and simultaneous data, voice, and video trafﬁc. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • B Channels (or Bearer Channels), which are circuit switched channels.
Page 31 All B and D channels operate at 64Kbps and provide 1.544Mbps of total bandwidth. This ﬂavor of PRI service is referred to as 23B+D. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 •...
Page 32: Incorporating Isdn Services
By incorporating ISDN with existing analog links and equipment, users can realize improved communication performance. This is a low cost option. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • Using analog devices and replacing some analog links with ISDN.
Page 33 The devices access BRI service through the use of a device called a terminal adapter (TA). A TA performs two tasks: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 • Call set up, tear down, and management signaling conversion.
Page 34: Obtaining Isdn Service
(e.g., IP or IPX). Obtaining ISDN Service Setting up ISDN service generally involves: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • Selection of service and features available from the local telephone company.
Page 35: Isdn Standards Compliance
Nortel) offered switches with custom ISDN capabilities. As a result, there are differences in the ISDN service features offered by local telephone companies. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 • Identiﬁcation of the switch type used by the telephone company.
Page 36: Ra 6300 Overview
ISDN standards. RA 6300 Overview The RA 6300 described in this document is a PRI ISDN server. It accepts the following kind of trafﬁc: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX •...
Page 37: The Primary Rate Interface
The Primary Rate Interface The RA 6300 provides a single ISDN Primary Rate Interface (PRI). The PRI line connects to a PRI line module within the RA 6300. Two versions of this module are available, one for the United States and another for...
Page 38: Typical Isdn Network Configurations
PRI B channel to carry the data through the telephone network to the RA 6300. The CO also converts the signals describing the characteristics of the call into ISDN out-of-band signaling messages, as deﬁned by the Q.931 standard.
Page 39: Spare Modems
RA 6300 and the CO negotiate to determine whether the speciﬁed B channel is free on the RA 6300 and whether or not the RA 6300 has the resources, such as an available modem, to handle the call. RA 6300 negotiations are based not only on physical resources but also on parameters that you, as network administrator, conﬁgure.
Page 40: V.120 Calls
These frames are transmitted over the BRI line to the appropriate switch at the CO and then sent to the RA 6300 on a negotiated PRI B channel. If negotiations between the CO and the RA 6300 are successful, and if you have properly conﬁgured RA 6300 parameters for this kind of...
Page 41: Synchronous Ppp Calls
CO and the PRI are successful, and if you have properly conﬁgured RA 6300 parameters for this kind of call, the call is accepted. Once a call is accepted (and the user is authenticated), the RA 6300 places the user in the protocol environment you have conﬁgured. Protocols supported for synchronous calls are IPCP (IP over PPP), IPXCP (IPX over PPP), and ATCP (AppleTalk over PPP).
Page 42: Mixed Annex Environment
Figure A-4. Network with Mixed Annex Types Conﬁguring Parameters As mentioned in the previous sections, the RA 6300 does not accept a call unless you have set certain parameters properly. You can set parameters using various RA 6300 management tools.
Page 43: Ra 6300 Management Tools
The RA 6300 software provides network management tools and ﬁles for setting the parameters that control the RA 6300 environment. Parameter Types You conﬁgure the RA 6300 by setting the following types of parameters: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 •...
Page 44: Loading Files
Introduction to the Remote Annex 6300 Loading Files RA 6300 ﬁles can be loaded from a host using either the trivial ﬁle transfer protocol (tftp) or the expedited remote procedure call daemon (erpcd). If a software problem occurs, the RA 6300 can send a memory dump to a host.
Page 45: Configuring The Remote Annex 6300
Book A parameters that apply to an entire RA 6300 or to multiple RA 6300s. This involves deﬁning the unit’s necessary operating and administrative attributes, which include: Please note the two major differences (as described in this chapter) between conﬁguring any other type of Remote Annexes and conﬁguring the Remote Annex 6300: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 46: Configuring Ra 6300 Parameters
All parameters have default settings. Some of these parameters must be set using the ROM Monitor before booting the RA 6300 with its operational code (see the Remote Annex 6300 Series Hardware Installation Guide for more details). Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-18 •...
Page 47: Using The Na Utility
Book A Using the na Utility Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Log into a UNIX host and enter na: % na Annex network administrator Rx.x January 1997 command: Specify one RA 6300, or specify multiple RA 6300s: command: annex 192.9.200.95...
Page 48 Chapter 2 Conﬁguring the Remote Annex 6300 (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-20 Execute the show annex all command to review your changes. Using the example in step 3, the terminal displays:...
Page 49 Book A (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Time Parameters time_broadcast: N timezone_minuteswest: 300 SysLog Parameters syslog_mask: all syslog_host: 192.9.200.95 MOP and "Login" User Parameters pref_mop_host: 00-00-00-00-00-00 mop_password: “<unset>”...
Page 50 Chapter 2 Conﬁguring the Remote Annex 6300 You can conﬁgure more than one RA 6300 simultaneously using one of these sequences: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-22 TMux Parameters tmux_enable: N tmux_delay: 20 DHCP Parameters pref_dhcp1_host: 0.0.0.0...
Page 51: Using The Cli Admin Command
Pressing the attention key or typing quit at the admin prompt terminates the admin session and returns you to the superuser CLI prompt. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 The admin command functions only on the local RA 6300.
Page 52 Chapter 2 Conﬁguring the Remote Annex 6300 (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-24 Execute the show annex all command to review your changes. Using the example in step 3, the terminal displays:...
Page 53 Book A (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Time Parameters time_broadcast: N timezone_minuteswest: 300 SysLog Parameters syslog_mask: all syslog_host: 192.9.200.95 MOP and "Login" User Parameters pref_mop_host: 00-00-00-00-00-00 mop_password: “<unset>”...
Page 54: Local File System
Chapter 2 Conﬁguring the Remote Annex 6300 Local File System The stand-alone ﬁle system allows the RA 6300 to store its conﬁguration and message-of-the-day ﬁles in local non-volatile memory. The conﬁguration ﬁles must have the appropriate ﬁle names for the operational image to locate and load them.
Page 55: The Internet Address
The RA 6300’s Internet address is deﬁned in the inet_addr parameter. This address must be set prior to downloading the operational code to the RA 6300. To do so, use the ROM monitor addr command during the RA 6300’s initial installation. You can reset the address at any time thereafter by changing the inet_addr parameter.
Page 56: Booting And Dumping
UNIX host running tftp, another RA 6300 conﬁgured as a boot server (running the same operational code), or the local media (self-boot). The RA 6300 boots each time it is powered up and upon receipt of a boot command. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-28 •...
Page 57: Setting The Preferred Load Host
Chapter 2 Conﬁguring the Remote Annex 6300 The RA 6300 can dump to a ﬁle server or a host running tftp. The RA 6300 performs a dump upon receipt of either the na command dumpboot or the superuser CLI boot –d command, or automatically when it detects fatal internal errors or failures.
Page 58: Setting The Preferred Dump Host
The arguments are net (for use with a LAN), and self (to boot from the local media). For more details, see load_dump_sequence on page C-68. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-30...
Page 59: Setting An Annex As A Load Server
Argument conﬁg image motd none Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Table A-1 describes the arguments for server_capability; If you conﬁgure an Annex to supply only a copy of the operational code, the default is for the Annexes being booted to broadcast for the conﬁguration and motd ﬁles.
Page 60: Disable Broadcasting For Files During A Boot
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-32 Only ROM revisions 0601 and greater with the self-boot option installed support the boot –l command.
Page 61: Using The Trivial File Transfer Protocol
ﬁle. For environments that support both erpcd and tftp, the Annex may use tftp to transfer one file and erpcd to transfer another file. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-33...
Page 62: Using Annex Security
In addition to these security mechanisms, the Annex provides an administrative password that validates access through the administrative tools. For a detailed description of Annex security, see Using RA 6300 Security on page A-211. Using Name Servers Name servers allow users to enter names in place of addresses in order to access a host or other entity on the network.
Page 63: Defining Name Servers
Internet addresses for network hosts. DNS provides a full range of capabilities that enable its use in very large networks, such as the Internet. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 •...
Page 64 The Annex distribution medium supplies the source for IEN-116 (see Conﬁguring Hosts and Servers on page A-209 for installation instructions). Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-36 •...
Page 65: Using The Rwho Protocol
Setting Conﬁguration Parameters The name_server_1 parameter deﬁnes the type of name service that the primary name server will supply when queried by the RA 6300. Valid service types are dns, ien_116, or none; the default is none. You specify the Internet address of the primary name server by setting the pref_name1_addr parameter.
Page 66 Setting the parameter to N disables the Annex’s rwhod and prevents the Annex from using RWHO messages for building the host table. The default is Y. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-38...
Page 67: Managing The Size Of The Host Table
The minimum uniqueness feature can be turned off entirely by setting the min_unique_hostnames parameter to N. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-39...
Page 68: Using Event Logging
(Reboot the Annex after configuring any parameters related to system logging.) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-40 • The syslog_host parameter deﬁnes the Internet address of the host conﬁgured to log Annex messages.
Page 69: Table A-2. Priority Levels For The Syslog_Mask Parameter
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 If the host to which messages are logged does not support 4.3BSD syslogging, this parameter is ignored and messages are logged only by priority level as deﬁned in the syslog_mask parameter.
Page 70: Using The Time Server
Y. Most UNIX systems provide a time server with the inetd daemon. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-42 Every host on the network that has a timer server will respond to a broadcast for the time.
Page 71: Customizing The Annex Environment
Customizing the Annex Environment You can customize the following Annex attributes: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 • The prompt that displays when a user accesses the CLI.
Page 72: Setting The Cli Prompt
You can also specify a string for the prompt using these codes. The default is %a%c (annex:). describes the codes for the prompt string. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-44 •...
Page 73: Table A-3. Formatting Codes For Annex Prompts
For the superuser CLI prompt, a pound sign (#) and a space replace the code %c; otherwise a # is appended at the end. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Expansion The string annex.
Page 74: Setting A Limit On Virtual Cli Connections
Annex booting process (see Conﬁguring Hosts and Servers on page A-209 for more details on creating and using the conﬁguration ﬁle). Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-46 You can deﬁne a name for the conﬁguration ﬁle using the conﬁguration parameter conﬁg_ﬁle.
Page 75: Setting The Motd File
Instead, it depends on the routing information in the gateway section of the conﬁguration ﬁle. If you disable RIP, deﬁne a default route in the conﬁguration ﬁle. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-47...
Page 76: Setting The Ip Encapsulation Type
By providing a standard tty interface to the host, all standard programs can access the ports through standard serial port devices, and hence perform all of the functions that a standard, directly connected port can perform. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-48...
Page 77: Using The Transport Multiplexing (Tmux) Protocol
Annex (for more details, see AppleTalk on page A-183). Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 The lat_key parameter value is unique for each Annex. If you purchased LAT, contact Xylogics to obtain your key.
Page 78: Configuring Ipx
Annex (see Internetwork Packet Exchange (IPX) Protocol on page A-153 for more details). Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-50 The option_key parameter value is unique for each Annex. If you purchased IPX, contact your supplier to obtain a valid key.
Page 79: Configuring The Pri Interface, Global Ports, And Sessions
Remote Annexes. This chapter describes: Delivering ISDN Calls An ISDN PRI call can arrive on any B channel on the RA 6300 PRI line. During the call SETUP process between the telephone company switch and the RA 6300, the switch dynamically assigns a B channel to the call.
Page 80 Conﬁguring the PRI Interface Once you have ordered your PRI line from the telephone company and have installed the 6300 hardware and software, you are ready to set generic parameters for the PRI interface. The following superuser CLI admin command displays these parameters and their default values: annex# admin ANNEX-PRI Rx.x, 24 async, 32 sync, 32 ta, 24 modem ports...
Page 81: Table A-4. Parameters For The Set Pri Command
Parameter switch_type dsx1_line_length fdl_type (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 3 Conﬁguring the PRI Interface, Global Ports, Description A string specifying the type of switch provided by the telephone company for your PRI line. Valid values are: AT9 (for the AT&T 5ESS switch)
Page 82 Table A-4. Parameters for the set pri Command (continued) Parameter num_b_channels buildout analog_encoding Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-54 Description The maximum number of B channels that can be used with the RA 6300. The default is 0, which the RA 6300 interprets as 23 for T1/PRI connections (in the U.S.) and 30 for E1/PRI connections (in Europe and...
Page 83: Port Handling
– an Ethernet port (referred to as en0) and the PRI interface. However, the RA 6300 assigns internal ports to match the three types of data ISDN can carry on a B channel. You do not explicitly set port parameters for these internal ports.
Page 84: Internal Ports
B channel on which the data arrived. The internal ports are of the following types: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-56 • TA ports manage V.120 calls. The range of port numbers is 1 through 32, the ports are referred to as ta1, ta2, ..., ta32, and calls...
Page 85: Global Port Parameters
Sample displays of show port all and show port sync are shown following the table. These displays show the factory defaults. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 3 •...
Page 86: Table A-5. Keywords For The Show Port Command
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-58 Description Displays all global port parameters values. Displays the global Appletalk parameters. Displays the global CLI line editing parameters used with terminal emulation.
Page 87 Port Security Parameters user_name: "" connect_security: N port_password: "<unset>" ipx_security: N (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 3 Conﬁguring the PRI Interface, Global Ports, location: "" prompt: "" data_bits: 8...
Page 88 PPP Parameters ppp_mru: 1500 ppp_security_protocol: none ppp_password_remote:"<unset>" ppp_sec_auto: N mp_endpoint_class: mac (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-60 Book A login_timeout: N echo: Y telnet_crlf: N map_to_upper: N line_erase: Y...
Page 89 1 ppp_mru: 1500 input_is_activity: Y reset_idle_time_on: input net_inactivity_units:minutes mp_mrru: 0 mp_endpoint_class: mac Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 3 Conﬁguring the PRI Interface, Global Ports, at_nodeid: 0.0 arap_v42bis: Y printer_name: "" latb_enable: N port_password: “<unset>”...
Page 90: Changing Global Port Parameter Defaults
Conﬁguring the PRI Interface, Global Ports, and Sessions Changing Global Port Parameter Defaults To change the value of a global port parameter using na: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-62 Log into a UNIX host and enter: % na Annex Network Administrator Rx.x...
Page 91 1@132.245.6.40 1@132.245.6.55 You can also deﬁne all parameters, including global port parameters, for one RA 6300. Use the write command to create a script file on the specified UNIX host containing all the configuration data for that RA 6300.
Page 92: Isdn Sessions And Session Parameter Blocks (Spbs
Conﬁguring the PRI Interface, Global Ports, and Sessions ISDN Sessions and Session Parameter Blocks (SPBs) An ISDN PRI session begins when the RA 6300 accepts a call and ends when the call terminates. You deﬁne how the RA 6300 handles calls (e.g., accepts or rejects them) by creating one or more Session Parameter Blocks (SPBs).
Page 93 All criteria in an SPB must be met by the SETUP information elements in order for the RA 6300 to consider the SPB to be a match. Once the RA 6300 ﬁnds a matching SPB setup criteria section for a particular call, it: Conﬁguring SPBs...
Page 94: Table A-6. Spb Field Deﬁnitions
(continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-66 Deﬁnition Marks the beginning of an SPB and names it. The session name is an alphanumeric string of up to 12 characters. (The RA 6300 will accept longer strings, but 12 is the recommended limit.) You can use this string with the CLI...
Page 95 (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 3 Conﬁguring the PRI Interface, Global Ports, Deﬁnition Typically, you use this number to distinguish the services required for different types of calls. For example, you can have modem users dial into one number, V.120 users dial into another number, and...
Page 96 Keeping the SPB format and ﬁeld deﬁnitions in mind, perform the following steps to conﬁgure SPBs: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-68 Deﬁnition (Optional) If set to yes, speciﬁes a data rate of 56 kilobytes for the B channel, even if the bearer information in the incoming ISDN SETUP message indicates a different rate.
Page 97 Book A (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 3 Using the editor, locate the %pri section of the ﬁle. Following a few lines of introduction, you will see four sample SPBs. Read the explanatory text in the ﬁle to understand how these SPBs...
Page 98 Chapter 3 Conﬁguring the PRI Interface, Global Ports, and Sessions Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-70 # It is not always necessary to discriminate calls based on # called number. If all data calls will be V.120, for # instance, and never sync PPP, then such a distinction is # unnecessary.
Page 99: Setting The Mode Parameter
A session set to arap mode supports the AppleTalk Remote Access Protocol (ARAP). A session set to cli allows access to the RA 6300’s Command Line Interface, which, in turn, provides access to multiple hosts. From the CLI, users can also issue the ipx or ppp command to switch to ipx or (asynchronous) ppp mode.
Page 100: Sample Spbs
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-72 Although you usually set the mode parameter within an SPB, you can also set it globally via na or admin. For example, if all your users...
Page 101: Cli Sessions
Book A The ﬁrst sample SPB handles all modem calls. Since no calling or called number is speciﬁed, this SPB will apply to any voice call the RA 6300 receives. Setting the mode parameter to auto_detect supports CLI, SLIP, PPP (asynchronous), IPX, and ARAP connections.
Page 102 If you deﬁne a terminal emulation type, it must be one that is valid for the host to which the user is connecting. The RA 6300 uses this parameter internally for the edit command only.
Page 103: Configuration Differences
Book A Conﬁguration Differences When conﬁguring the RA 6300, please note the following: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 3 • Pressing an attention key notiﬁes the RA 6300 that the user wants to suspend an ongoing connection to a host and return to the CLI.
Page 104 Chapter 3 Conﬁguring the PRI Interface, Global Ports, and Sessions Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-76 • You cannot set the mode parameter to dedicated. • You cannot set the following ﬂow control parameter: –...
Page 105: The Port Server And Rotaries
Book A describes the Port Server and Rotaries for Remote Annexes other than the RA 6300. When using that chapter for an RA 6300, note the following: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX The Port Server and Rotaries his chapter in the Remote Annex Administrator’s Guide for UNIX...
Page 106: Table A-7. Valid Values For Ports Arguments In Ra 6300 Rotaries
The Port Server and Rotaries Table A-7. Valid values for ports Arguments in RA 6300 rotaries. Argument ports Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-78 Description One of the following values: asy, for asynchronous modem calls.
Page 107 CLI), you issue the telnet command as follows: telnet 123.456.789.1 5000 This takes you directly to the CLI on the RA 6300. You cannot specify any other TCP port numbers in the 5000 range. This is unlike other Remote Annexes, on which specifying the TCP port number 5006, for example, would connect you to port 6.
Page 108 Chapter 4 The Port Server and Rotaries Book A Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-80...
Page 109: Modem Communication Sessions
Modems are assigned dynamically to incoming calls in rotation, moving sequentially through all modems. If no modem is available for an incoming call, the RA 6300 rejects the call with cause code 17 “user busy.” The user hears a busy tone.
Page 110: Spare Modems
Since all available modems are used in rotation, all modems in the RA 6300 are used. If a modem in a PRI/T1 environment fails, it is removed from the rotation and the RA 6300 continues to support a full PRI/T1 of 23 channels.
Page 111: Modem Administration
Book A The RA 6300 does not use any of these call elements to invoke security features such as ACP or SecureID. Once the call is answered, security features are available by employing user data such as user name and password.
Page 112: Set Modem Busy Procedure
The third command displays the status of the deﬁned modem set. Display Modem Status Procedure To display the status of each modem on the RA 6300 via the CLI, use the following superuser CLI command: annex# modem [-m[number_range]] Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 113: Make Modem Available Procedure
This command changes the status of the modem, but has no effect if the modem is already available, is being used for a call, or has been busied out. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Issued without any arguments, the modem command displays the type of modem in use.
Page 114 Chapter 5 Modems Book A Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-86...
Page 115: Point-To-Point Protocol (Ppp)
Book A (RA 6300) for access by remote nodes using the Point-to-Point Protocol (PPP). PPP lets you use the RA 6300 to provide access for remote nodes through the telephone network, using RA 6300 PRI B channels in combination with the following:...
Page 116: Ppp Configuration Overview
RA 6300 uses to assign IP addresses. The addressing methods and their corresponding address_origin values are as follows: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-88 •...
Page 117 Book A You can choose to conﬁgure the RA 6300 for any one of the methods, but setting address_origin to dhcp has priority over addressing using the acp_dialup ﬁle, which has priority over addressing using the asynchronous port parameters. For information about how the RA 6300 operates when both dial-up and ﬁxed addressing are enabled, see...
Page 118 File on page A-276. Any ACP address request that comes from the RA 6300 includes the RA 6300 address and an associated user name, which are used as keys in this file. Once the keys are matched, the corresponding user addresses are returned to the caller on the RA 6300.
Page 119: Step 2: Edit The Annex Configuration File
The type of calls that will be made to the RA 6300 (e.g., modem, V.120, and sync PPP). • If more than one type of call will be made to the RA 6300, then the telephone number associated with the type of call. •...
Page 120 (#) from the beginning of each line. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-92 Go to the pri section in the ﬁle. The section begins with the percent symbol (%) and the name pri. Do the following: •...
Page 121: Step 3: Review And Reset Global Port Parameters
Book A Step 3: Review and Reset Global Port Parameters The RA 6300 ships with a set of default global port parameters already stored in non-volatile RAM. Review the defaults to determine which ones you need to change to satisfy your conﬁguration requirements for PPP, security, etc.
Page 122 How to Change a Global Port Parameter Setting To change a global port parameter setting using na: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-94 Default Setting local minutes 1500 none “<unset>”...
Page 123 COMMAND: prompt. Specify the administrative password for host at the password: prompt. You can specify the RA 6300 by its IP addresses or name. If you intend to change global port parameter settings on more than one RA 6300, separate their IP addresses or names using a comma (,).
Page 124: How To Assign Ip Addresses To Pri B Channels
Use the set pri b command (issued with the remote_address global port parameter) associates IP addresses with PRI B channels. This lets you conﬁgure ﬁxed IP addressing for RA 6300 sessions. You can use na or admin to use this command.
Page 125: Configuration Samples
Figure A-5 shows a conﬁguration in which a remote PC (i.e., user green) is connected to an RA 6300 through a PPP link. The PC appears to the network as directly attached device. This conﬁguration uses addressing enabled through the ﬁle.
Page 126: Figure A-5. Connecting A Single Host Using Ppp
RA 6300 132.245.5.17 Figure A-5. Connecting a Single Host Using PPP To enable this conﬁguration: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-98 Figure A-5 are the steps to complete that implement this acp_dialup ﬁle...
Page 127 Book A Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Use the set pri b command with the remote_address global port parameter to associate a set of IP addresses with the PRI B channels. Step 2 is optional since the RA 6300 ignores the IP address/B channel assignments created using the set pri b command when it uses dial-up addressing.
Page 128: Sample Configuration For Addressing Using Asynchronous Port Parameters
Annex through an asynchronous PPP session. The session is running via a BRI line with a V.120 terminal adapter and the PRI line to the Annex. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-100 •...
Page 129: Figure A-6. Connecting A Single Host Using Ppp With Fixed Addresses
Book A RA 6300 Figure A-6. Connecting a Single Host Using PPP with Fixed Addresses To enable this conﬁguration: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX host03 Network 132.245.5.0 132.245.5.17 Use the set pri b command with the remote_address global port parameter to associate a set of IP addresses with the PRI B channels.
Page 130: Sample Configuration For Connecting Two Subnets
Figure A-7 synchronous PPP over ISDN using an ISDN router (e.g., Nautica Series Marlin) and the Remote Annex 6300. The RA 6300 has security enabled for this PPP session. Following the ﬁgure are the global port parameter settings required for this conﬁguration.
Page 131: Figure A-7. Ppp Link Connecting Two Ethernet Subnets
Book A RA 6300 122.245.10.7 Figure A-7. PPP Link Connecting Two Ethernet Subnets To enable this conﬁguration: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Subnet A 122.245.5.0/24 Marlin Router 122.245.5.9 Telephone Network Subnet B 122.245.10.0/24...
Page 132 Chapter 6 Point-to-Point Protocol (PPP) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-104 Edit the Annex conﬁguration ﬁle to deﬁne an SPB. You can use the default SPBs provided as part of the Annex conﬁguration ﬁle or create them speciﬁcally for your requirements.
Page 133: Routing Across A Ppp Link (Basic Passive Rip
Routing across a PPP Link (Basic Passive RIP) Both active and passive routing are available via the Routing Information Protocol (RIP) on the RA 6300. The following sections deal with using only the most basic features of passive RIP and are intended for administrators who need minimal routing features.
Page 134: Route Cache
Route Cache The route cache is a list of routing entries stored by the RA 6300. When the RA 6300 boots, the route cache is created from the annex...end and subnet...end blocks in the gateway section of the conﬁguration ﬁle.
Page 135: Negotiating The Lcp Options
The RA 6300 requests the ppp_acm parameter as its local mask. If the peer NAKs ppp_acm, the RA 6300 accepts the hint if it is a superset of the RA 6300’s mask; otherwise, it uses the PPP default of 0xFFFFFFFF.
Page 136 Thus, the mask for XON/XOFF (DC1 and DC3) equals the OR function of 0x00020000 and 0x00080000, or 0x000a0000. When the RA 6300 sends an ACCM to the host, it follows this calculation to determine the initial value requested: For example, the initial ACCM sent to the peer is 0x000A0001 if ppp_acm is set to 0x00000001 (i.e., the ASCII NUL character will not...
Page 137 The RA 6300 always requests and accepts PFC from the peer. If (PFC) NAKed, it accepts the PPP default of off. If the peer does not request PFC, the RA 6300 hints for PFC on. If the peer NAKs this hint, the RA 6300 accepts PFC off. Address and ACFC deletes non-ambiguous constant address and control ﬁelds in the...
Page 138: Negotiating The Network Control Protocol
PPP link. Three types of compression are negotiated: These three compression types have higher compression ratios than that provided by V.42 bis in standard modems. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-110 •...
Page 139 Both of these protocols are run over the PPP link after the LCP negotiations are complete. The RA 6300 can require the peer to pass a security check before starting NCP. The RA 6300 negotiates for the security speciﬁed by the ppp_security_protocol parameter.
Page 140 Point-to-Point Protocol (PPP) Negotiating the IP Address The RA 6300 and the peer negotiate the IP address to be used on both sides of the link. Any address sent as zero requests that the peer set the address. Four parameters control the RA 6300 IP address negotiation: address_origin, local_address, remote_address, and enable_security.
Page 141: Bootp Requests
Y, the RA 6300 always negotiates for compression on its side of the link and allows the peer to determine whether to compress data. If allow_compression is set to N, the RA 6300 never requests, and always rejects, TCP/IP header compression; the default is N.
Page 142: Using The Cli Netstat -Ip Command
Ports are speciﬁed by port number alone, or the string asy, ta, or syn followed by the port number (with no intervening white space). Each of the following sample commands specify PPP port 1: netstat -ip1 netstat -ipsyn1 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-114 Book A...
Page 143: Serial Line Internet Protocol (Slip)
Book A Serial Line Internet Protocol (SLIP) applications. Applications include: SLIP lets the RA 6300 establish sessions over its ISDN B channels. Once established, these sessions carry TCP/IP data from remote nodes and other types of RA 6300s that originated as serial trafﬁc. SLIP sessions...
Page 144: Slip Configuration Overview
SLIP packets. The RA 6300’s implementation of CSLIP offers four options: SLIP Conﬁguration Overview To conﬁgure the RA 6300 for SLIP sessions, follow these steps. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-116 • Do compressed SLIP.
Page 145: Step 1: Decide How To Handle Ip Addressing
Dynamic Allocation of Network Addresses on page A-274. Any ACP dial-up address request that comes from the RA 6300 includes the RA 6300 address and an associated user name, which are used as keys in this file. Once the keys are matched, the corresponding dial-up addresses are returned to the caller on the RA 6300.
Page 146: Step 2: Edit The Annex Configuration File
The type of calls that will be made to the RA 6300 (e.g., modem, V.120, and sync PPP). • If more than one type of call will be made to the RA 6300, then the telephone number associated with the type of call. •...
Page 147 (#) from the beginning of each line. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 7 The following instructions describe how to enable and disable the default SPBs that exist within the conﬁguration ﬁle. These default SPBs will handle modem, V.120, and synchronous PPP calls made to...
Page 148: Step 3: Review And Reset Global Port Parameters
Serial Line Internet Protocol (SLIP) Step 3: Review and Reset Global Port Parameters The RA 6300 ships with a set of default global port parameters already stored in non-volatile RAM. Review the defaults to determine which ones you need to change to satisfy your conﬁguration requirements for SLIP, security, etc.
Page 149: Table A-9. Default Serial Networking Parameter Settings
Changing a Global Port Parameter Setting To change a global port parameter setting using na: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 7 Default Setting 0.0.0.0 local minutes 0.0.0.0...
Page 150 COMMAND: prompt. Specify the administrative password for host at the password: prompt. You can specify the RA 6300 by its IP addresses or name. If you intend to change global port parameter settings on more than one RA 6300, separate their IP addresses or names using a comma (,).
Page 151 Use the set pri b command (issued with the remote_address global port parameter) associates IP addresses with PRI B channels. This lets you conﬁgure ﬁxed IP addressing for RA 6300 sessions. You can use na or admin to use this command.
Page 152: Sample Configuration For A Single Remote Node
Figure RA 6300 through a SLIP session. The session is running via a modem and the PRI line to the RA 6300. Once the SLIP session is established, the remote PC appears to the LAN as a directly attached device.
Page 153: Figure A-8. Connecting A Single Host Using Slip
Book A #User smith green cody Figure A-8. Connecting a Single Host Using SLIP To enable this conﬁguration: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 7 acp_dialup ﬁle Annex Remote address 132.245.5.17 132.245.5.45 132.245.5.18 jupiter 132.245.5.47...
Page 154 Chapter 7 Serial Line Internet Protocol (SLIP) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-126 If you choose ﬁxed IP addressing, use the set pri b command with the remote_addresses global port parameter to associate a set of IP addresses with the PRI B channels.
Page 155: Sample Configuration For Connecting Two Subnets
The IP addresses assigned to the end-points of the SLIP link are the hosts’ primary network IP addresses. Figure A-9. SLIP Link with Two IP Addresses Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 7 •...
Page 156 Chapter 7 Serial Line Internet Protocol (SLIP) To enable this conﬁguration: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-128 Edit the conﬁguration ﬁle to add the IP address of the Remote Annex. For more details, see Dynamic Allocation of Network Addresses on page A-274.
Page 157: Routing Across A Slip Link (Basic Passive Rip
RIP, see Routing Information Protocol (RIP) on page A-139. The RA 6300 bases its routing table on the information you specify in the gateway section of the conﬁguration ﬁle. As a passive gateway, the RA 6300 then updates the table according to information it receives from other routers but does not broadcast routing information itself.
Page 158: Routing Between Two Networks
To make other hosts aware of a route over a SLIP link, use active routing in which a host running routed advertises a route for the RA 6300. Create an entry in a host’s /etc/gateways ﬁle. Using the example in Figure A-9 on page A-127, host03, whose Internet address is 132.245.10.9, has the...
Page 159: Route Cache
Book A Route Cache The route cache is a list of routing entries stored by the RA 6300. When the RA 6300 boots, the route cache is created from the annex...end and subnet...end blocks in the gateway section of the conﬁguration ﬁle. When routed starts, entries in the route cache are added to the routing table if their next hops are on a network directly connected to the RA 6300.
Page 160: Bootp Requests
RA 6300. • If a diskless client sends a BOOTP request to the RA 6300 over a SLIP line, the RA 6300 responds with its current local address, remote address, and boot host (the Remote Annex 6300 Hardware Installation Guide describes BOOTP in detail).
Page 161: Dial-Up Networking
Book A describes conﬁguring dynamic dialing (also known as dial-out routing) for Remote Annexes other than the RA 6300. When using that chapter for an RA 6300, note the following changes: Table A-10. Valid Port Types for ports Field in a Dial-out Entry...
Page 162: Sample Configurations For Dial-Out Routing
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-134 • If you specify a rotary instead of a port type, the RA 6300 uses the phone number speciﬁed in the rotary deﬁnition instead of the phone number speciﬁed in the dial-out entry. (The rotary also speciﬁes a port type –...
Page 163: Figure A-10. Ra 6300S To Be Used For Dial-Out
Router A’s dialout conﬁguration: %dialout annex 132.245.1.1 begin_route mode local remote phone (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Subnet 132.232.1.0 RA 6300 Router A 122.232.1.1 Telephone Network RA 6300 Router B 122.232.2.1...
Page 164 Chapter 8 Dial-up Networking advertise ports filter filter end_route In the previous example: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-136 do_compression Y allow_compression Y net_inactivity_units minutes subnet_mask 255.255.255.0 rip_sub_advertise Y rip_sub_accept Y rip_advertise all...
Page 165 SPB handles Router B’s dial-out calls when they arrive at Router A. %pri begin_session sync called_no 16175554321 call_action sync set mode ppp end_session Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 8 122.232.2.1 122.232.1.1 net_inactivity 20 16175554321 do_compression Y allow_compression Y net_inactivity_units minutes subnet_mask 255.255.255.0...
Page 166 Dial-up Networking Book A The framework for this SPB is included in the default RA 6300 conﬁguration ﬁle. To activate the SPB, remove the comment character (#) from the beginning of each line that is not a comment, and specify the called number, so that the SPB resembles the example above.
Page 167 Annex implementation of IP routing and the Routing Information Protocol (RIP) for SLIP, PPP, and Ethernet ports. When using that chapter for conﬁguring routing on an RA 6300, note the following: (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Routing Information Protocol (RIP) his chapter in the Remote Annex Administrator’s Guide for UNIX...
Page 168: Figure A-11. Sample Ppp Routing Conﬁguration
Chapter 9 Routing Information Protocol (RIP) 132.254.9.7 calling_no 6173335555 called_no 6175559999 Figure A-11. Sample PPP Routing Conﬁguration Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-140 begin_session routing_2 calling_no 6173330291 called_no 6175559999 call_action modem set mode ppp set subnet mask 255.255.255.0...
Page 169 ﬁle. For detailed information, see remote_address on page C-92. • You do not need to reboot the RA 6300 to activate a parameter change for en0. Instead, issue the admin or na command reset interface en0. Routing Information Protocol (RIP)
Page 170 Chapter 9 Routing Information Protocol (RIP) Book A Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-142...
Page 171: Filtering
The add subcommand adds new ﬁlter(s) and enables them in both the currently running system and non-volatile memory; the RA 6300 need not be rebooted for the added ﬁlters to take effect. Please note the description of the interface, scope, netact, and...
Page 172: Table A-11. Arguments For The Add Subcommand
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-144 Description Speciﬁes the physical interface to which this ﬁlter applies. Valid values are en0 (for Ethernet) or “*”. Specifying input applies the ﬁlter to incoming packets.
Page 173: Table A-12. Keywords For The Add Criteria Argument
Table A-12. Keywords for the add criteria Argument Keyword dst_address dst_port (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX lists valid keywords and values for the add subcommand’s Value Explanation {ip_addr[/n] | * | -1} Matches the packet’s...
Page 174 Table A-12. Keywords for the add criteria Argument (continued) Keyword src_port src_address (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-146 Value Explanation {pnum | sname | * | -1} Matches the TCP or UDP source port number.
Page 175 Book A Table A-12. Keywords for the add criteria Argument (continued) Keyword address_pair (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Value Explanation {ip_addr1[/n] | * | -1} Matches packets passing in...
Page 176 Chapter 10 Filtering Table A-12. Keywords for the add criteria Argument (continued) Keyword port_pair protocol Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-148 Value Explanation {p1 p2| s1 s2 |*|-1} Matches packets passing in either direction between the two speciﬁed TCP or UDP port...
Page 177: Table A-13. Standard Service Names And Port Numbers
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX shows the standard service names and port numbers you can Port Number 2049 Multiple service names shown on the same line in synonyms.
Page 178: Using The Add Subcommand
ﬁles on your internal network. To do this, pick an RA 6300 to act as a ﬁrewall between the local and external network and create ﬁlters on it to block NFS and TFTP trafﬁc. For example, you could create the following two ﬁlters, which prevent TFTP...
Page 179 132.254.100.3 *\ > protocol udp discard Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • When one of these ﬁlters matches a packet, the RA 6300 discards the packet and sends the ICMP message destination unreachable, communication administratively prohibited to the originator of packet.
Page 180: Using The List Subcommand
Argument Description –e –i –a Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-152 describes the arguments for the list subcommand. Lists the ﬁlters stored in non-volatile memory instead of the ﬁlters in the currently running system. Using list –e eliminates the status column from the display because the enabled/disabled status is not saved in non-volatile memory.
Page 181: Internetwork Packet Exchange (Ipx) Protocol
(Ethernet, Token Ring, or Arcnet) to access ﬁles and services. The most common client and server hardware platforms are PCs. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX his chapter describes how to conﬁgure the RA 6300 for access by •...
Page 182: Ipxcp Features
The RA 6300 implements standards-based IPX (IPX over PPP) via the IPX Control Protocol (IPXCP) described in RFC 1552. IPXCP allows a PC to dial into an RA 6300 as an endpoint node on an IPX network. The same PC can also simultaneously run IP over the connection, allowing the user to use either IP or IPX services as the need arises.
Page 183: Enabling Ipx
Chapter 11 Obtain a valid IPX value for the RA 6300 option_key parameter. Some option key values are attached to the bottom of the RA 6300. If you ﬁnd the value there, enter it as described in Step 2, below.
Page 184 Chapter 11 Internetwork Packet Exchange (IPX) Protocol Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-156 The DISABLED MODULES ﬁeld displays any software modules that have been disabled via the RA 6300 disabled_modules parameter. (See disabled_modules on page C-51.) If this ﬁeld displays ipx , then IPX is unavailable even if the IPX option_key parameter is set correctly.
Page 185: Default Ipx Parameter Settings
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 11 Reconnect to the RA 6300 and issue the CLI stats –o command to make sure that IPX is Keyed On and that ipx is not listed as a disabled module.
Page 186: Ipx Configuration Overview
Step 1: Decide How to Handle Addressing The RA 6300 handles IPX nodes using one of the following methods: You can choose to conﬁgure the RA 6300 for both methods, but dial-up addressing has priority over ﬁxed addressing. For information about how the RA 6300 operates when both dial-up and ﬁxed addressing are enabled,...
Page 187 ﬁle, see Creating the acp_dialup File on page A-276. Any ACP dial-up address request that comes from the RA 6300 includes the RA 6300 address and an associated user name, which are used as keys in this file. Once the keys are matched, the corresponding dial-up addresses are returned to the caller on the RA 6300.
Page 188: Step 2: Edit The Annex Configuration File
The type of calls that will be made to the RA 6300 (e.g., modem, V.120, and sync PPP). • If more than one type of call will be made to the RA 6300, then the telephone number associated with the type of call. •...
Page 189 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 11 Go to the pri section in the ﬁle. The section begins with the percent symbol (%) and the name pri. Do the following: Read the information that precedes each default SPB provided in the conﬁguration ﬁle.
Page 190: Step 3: Review And Reset Global Port Parameters
Internetwork Packet Exchange (IPX) Protocol Step 3: Review and Reset Global Port Parameters The RA 6300 ships with a set of default global port parameters already stored in non-volatile RAM. Review the defaults to determine which ones you need to change to satisfy your conﬁguration requirements for PPP, security, etc.
Page 191: Table A-16. Default Ppp-Related Global Port Parameter Settings
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 11 Internetwork Packet Exchange (IPX) Protocol Default Setting local 0.0.0.0 minutes 1500 “<unset>” none ““ A-163...
Page 192: How To Change A Global Port Parameter Setting
COMMAND: prompt. Specify the administrative password for host at the password: prompt. You can specify the RA 6300 by its IPX nodes or name. If you intend to change global port parameter settings on more than one RA 6300, separate their IPX nodes or names using a comma (,).
Page 193: Assigning Ipx Networks Or Nodes To B Channels
– in hexadecimal, with dashes separating the octets. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 11 To review your changes, issue the show port all command at the COMMAND: prompt.
Page 194 IPX nodes are assigned in sequence based on the increment value. The following example speciﬁes the entire set of B channels available with a T1-based RA 6300 PRI module (23), an IPX node of 00-00-00- 00-00-a0, and an increment of 2: set pri b=1-23 ipx_node 00-00-00-00-00-a0 2...
Page 195: Configuration Samples
PPP conﬁgurations. Sample Conﬁguration Using Dial-up Addresses Figure A-12 is connected to an RA 6300 through a PPP link. The PC appears to the network as directly attached device. This conﬁguration uses dial-up addressing through the BRI line with a V.120 terminal adapter and the PRI line to the RA 6300.
Page 196 However, if the host where the ACP server resides is unreachable by the RA 6300, or there is no entry in the acp_dialup ﬁle for a particular user, the RA 6300 relies on the IPX nodes assigned to the B channel to provide a remote address for the link.
Page 197: Sample Configuration Using Fixed Addressing
RA 6300 through an asynchronous PPP session. The session is running via a BRI line with a V.120 terminal adapter and the PRI line to the Annex. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 11 Internetwork Packet Exchange (IPX) Protocol •...
Page 198: Figure A-13. Connecting A Single Host Using Ppp With Fixed Addresses
Internetwork Packet Exchange (IPX) Protocol RA 6300 Figure A-13. Connecting a Single Host Using PPP with Fixed Addresses To enable this conﬁguration, follow these steps: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-170 host03 Network 132.245.5.0 132.245.5.10...
Page 199: Obtaining Ipx Information
IPX information is available from several sources, including log messages the RA 6300 creates automatically and output that various commands display. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 11 Internetwork Packet Exchange (IPX) Protocol •...
Page 200: System Logs
Internetwork Packet Exchange (IPX) Protocol System Logs The RA 6300 automatically logs ppp and auto_detect events to a 4.3BSD system log daemon (syslogd) on the RA 6300. For more information on syslogging, see Using Event Logging on page A-40 and Logging Security Events on page A-324.
Page 201: Table A-17. Fields In (Ncp) Ipxcp Status Display
Table A-17. Fields in (NCP) IPXCP Status Display Field State ACK received Options Routing Proto Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 11 Table A-17. Explanation Shows the current and prior state of the IPXCP link.
Page 202: Ipx Interfaces, Memory Buffers, Routes, And Servers
Service Advertising Protocol (SAP) services on the RA 6300. NICs indicates the number of active IPX interfaces (including en0) on the RA 6300, and RIPs indicates the number of Novell networks the RA 6300 can reach. The netstat -x command display looks like this: annex: netstat –x...
Page 203 The following is a sample display: The ﬁeld headings in the above display indicate the following: Name Network 00001234 asy18 00003456 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 11 -xr [network] -xs [server_name] -xS [server_name] Tics C0 •...
Page 204: Ipx Buffer Pools
If you change the conﬁguration, then reboot the RA 6300 so it can allot the proper amount of buffer memory. annex: netstat -xm Large IPX Buffer Pool: Free = 0125 Total = 0125 Min = Small IPX Buffer Pool: Free = 0125 Total = 0125 Min = Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 205: Ipx Routes
-xr Network 2d90ab99 00000042 00000043 00000044 00001234 The ﬁeld headings in the above display indicate the following: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 11 Gateway 0000a2816349 0000a2816349 0000a2816349 0020af07dec4 ffffffffffff •...
Page 206: Ipx Servers
Internetwork Packet Exchange (IPX) Protocol Issuing the netstat -xr command followed by a network number displays the RA 6300 route for that network. The following example shows how to display the route for network 42 (you can omit the leading zeros when...
Page 207 Book A Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 11 – TimeSync VAP – Dynamic SAP – Annex NCS – Annex NAS – Advert(ised) Print – Btrieve (5.0) VAP – SQL VAP – TES-NetW(are) VMS –...
Page 208: Ipx Frame Type And Network Number
Ethernet addr: 00-60-2d-04-ec-bbBroadcast addr: 132.245.11.255 Primary NS: 132.255.32.7 QUICC Ver: 130 IPX Frame Type: EthernetII (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-180 [00000012] 00802d009930 [e480] [0beef123] 000000000001 [8104] [0beef123] 000000000001 [0451]...
Page 209: Ipx State
The following is an example of a who command display: annex: who Port Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 11 Internetwork Packet Exchange (IPX) Protocol If a 0 is displayed for the IPX network number, either the ipx_frame_type parameter was not conﬁgured properly or there is no...
Page 210: Statistics For All Interfaces And For 802.2
Chapter 11 Internetwork Packet Exchange (IPX) Protocol Statistics for All Interfaces and for 802.2 Use the CLI command netstat –i to display statistics for current RA 6300 interfaces and for the 802.2 data-link layer. An example follows: annex: netstat –i...
Page 211: Appletalk
AppleTalk Remote Access (ARA) server, a remote ARA user can dial into the RA 6300 and become a directly connected ARA network user. The RA 6300 is transparent to the ARA user; it behaves like an AppleTalk end node.
Page 212: Configuring The Ra 6300 For Appletalk
The way to obtain a key depends on the conﬁguration and type of RA 6300 you purchased. Some option key values are physically attached to the bottom of the RA 6300. If the number is there, use it. If not, contact your supplier for an After the reboot, the RA 6300 automatically determines the appropriate network information, e.g., its AppleTalk node ID, etc.
Page 213: Appletalk-Specific Configuration Parameters
Ethernet address matches the address deﬁned in the RA 6300 parameter a_router, the RA 6300 discards the current router information and tracks to this new router. If the RA 6300 does not hear from the current A_Router for 50 seconds it selects a new A_Router. This 50 second hold- down prevents the RA 6300 from bouncing between routers.
Page 214: Table A-18. Appletalk-Speciﬁc Ra 6300 Parameters
Since AppleTalk uses dynamic addressing, AppleTalk addresses are acquired at boot time. The a_router, zone, and node_id parameters are hints for the RA 6300 to use at start-up. If another AppleTalk node is using an address deﬁned as a hint, the RA 6300 chooses a different address.
Page 215 This is the address the RA 6300 tries to acquire at start-up. If this address is in use, the RA 6300 must acquire a new node ID. The node_id is an AppleTalk address in the form net.node. Valid net values are 0 to 65534;...
Page 216: Appletalk-Specific Global Port Parameters
The arap_v42bis parameter enables/disables V.42bis compression during an ARA session. A Y enables the parameter; an N disables it. The default is Y. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-188 Default Purpose Enables/disables V.42bis compression during an ARA session.
Page 217: Cli Appletalk Commands
The at_guest parameter allows guests to log into an ARA service. When this parameter is enabled and a client requests guest access, the RA 6300 asks ACP for user name (guest) privileges. A Y enables guest privileges; an N disables guest privileges. The default is N.
Page 218: Command Syntax
You can shorten any CLI command or host name to the minimum number of letters that make the name unique. This is referred to as minimum uniqueness. If you do not want the RA 6300 to interpret a host name using minimum uniqueness, enclose the name in double quotes (""). For example, entering hosts “new”...
Page 219: Arap
Annex switching line to ARAP. The arp command displays and, optionally, modifies the IP-to-hardware address translation table that the Address Resolution Protocol (ARP) uses. Since the RA 6300 builds the ARP table dynamically, you rarely need to modify it. The syntax is: arp [–ads] [host] [addr] [temp | pub]...
Page 220: Appletalk Over Ara
An ARA user can dial into a remote AppleTalk network and use all the available services as if that user is physically connected to the network through EtherTalk. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-192 Description Displays the current ARP table entry for that host.
Page 221: Appletalk Configuration Overview
RA 6300. The way to obtain a key depends on the conﬁguration and type of RA 6300 you purchased. Some option key values are physically attached to the bottom of the RA 6300. If the number is there, use it. If not, contact your supplier for an...
Page 222: Step 2: Edit The Annex Configuration File
The following instructions describe how to enable and disable the default SPBs that exist within the conﬁguration ﬁle. To edit the conﬁguration ﬁle: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-194 • The type of calls that will be made to the RA 6300.
Page 223 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Go to the pri section in the ﬁle. The section begins with the percent symbol (%) and the name pri. Do the following: •...
Page 224: Step 3: Review And Reset Global Port Parameters
COMMAND: prompt. Specify the administrative password for host at the password: prompt. You can specify the RA 6300 by its IP addresses or name. If you intend to change global port parameter settings on more than one RA 6300, separate their IP addresses or names using a comma (,).
Page 225: Sample Appletalk Configuration
Figure A-14 conﬁguration, a Macintosh connected to an RA 6300 through an ARA link appears to the network as an attached node. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX For example: COMMAND:annex 132.245.6.40 or annex 132.245.6.40,132.245.6.45...
Page 226: Figure A-14. Connecting A Macintosh Using Ara
Chapter 12 AppleTalk A_Router Figure A-14. Connecting a Macintosh Using ARA To enable this conﬁguration: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-198 user mikeo 12.8 user guest Zone engine Net 12.15 RA 6300 12.7 14.1...
Page 227: Ara Security
(where the passwords are stored on the RA 6300). Optionally, you can use local password protection as a back- up to host-based security.
Page 228: Security Features
The RA 6300 provides protection through the use of an administrative password that controls access to the superuser CLI commands. This password can also protect access to an RA 6300 through na. The security system provides audit trails that monitor users and their activities. The...
Page 229: Network-Visible Entity (Nve) Filtering
Every user can have a zone list assigned via remote ACP. If a list is not available via ACP, the RA 6300 provides all the zones it has learned from the network. If local security is used, use the per RA 6300 parameter default_zone_list.
Page 230: Appletalk Over Ppp
Macintosh can also simultaneously run IP over the connection, allowing the user to use either IP or AppleTalk services as the need arises. When the RA 6300 opens a PPP connection, it negotiates for link-level options, and then runs an optional security phase to authenticate the user.
Page 231: Using The Ccl Converter
Using the CCL Converter The Macintosh CCL Converter application converts the CCL modem conﬁguration ﬁle to allow access to the RA 6300 via ARAP (Versions 1 and 2). Typically, the CCL ﬁle sets up the modem and issues the dial command.
Page 232: Table A-22. Selecting Security Type
CLI Security ARAP V1/Autodetect Delay and CLI Security CLI Security ARAP V1/Autodetect Delay and CLI Security Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-204 Port Parameter Settings Security Result at_security=Y ARAP ACP security. at_security=N Normal (non-ARAP)
Page 233: Running The Application
Skip to Running the Application, below. If you selected either CLI security or both, and you have modiﬁed the CLI prompt and/or the ACP Policy ﬁle on the RA 6300, you must use the CCL Converter’s Customize menu to conﬁgure for the Macintosh any prompts you changed on the RA 6300.
Page 234 Chapter 12 AppleTalk Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-206 Quit the CCL Converter. Select the converted CCL ﬁle from the remote access client (see your Apple Remote Access Client documentation). Book A...
Page 235 Book A Chapter 13 Printers he Remote Annex 6300 does not support printers. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-207...
Page 236 Chapter 13 Printers Book A Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-208...
Page 237: Configuring Hosts And Servers
Annex services: For the RA 6300, please note the following changes: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Conﬁguring Hosts and Servers hapter 14 in the Remote Annex Administrator’s Guide for UNIX •...
Page 238 Chapter 14 Conﬁguring Hosts and Servers Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-210 • In the section Parsing the Conﬁguration ﬁle, please note that a new conﬁguration section has been added for the RA 6300. The new section begins with the keyword pri and contains Session Parameter Blocks that deﬁne how the Annex handles PRI calls.
Page 239: Using Ra 6300 Security
About RA 6300 Ports Rather than a set of physical ports, the RA 6300 implements a set of internal ports which use the B channels that make up an ISDN PRI line.
Page 240 RA 6300. As a result, the RA 6300 relies on a set of parameters to conﬁgure each port when performing the negotiations necessary to set up a call and establish a session (i.e., dynamic conﬁguration). See Conﬁguring the PRI Interface, Global Ports, and Sessions on page A-51, for more information.
Page 241: Internal Port Types
This RA 6300 Port Type: Port Passwords and the RA 6300 Since there is not any way to predict which RA 6300 internal port a user will establish a session through, you cannot associate passwords with speciﬁc RA 6300 internal ports.
Page 242: Guidelines For Creating Acp-Related Files
Chapter 15 Using RA 6300 Security Guidelines for Creating ACP-related Files To create ACP-related ﬁles for use with the RA 6300 that will not impede its operation, observe the following guidelines: Information for Users of Other Remote Annexes If you are using other Remote Annex products, your existing ACP-related ﬁles should not be used with the Remote Annex 6300 without...
Page 243: Editing Existing Acp Files
RA 6300 in the following ways: Editing Existing ACP Files When editing existing ACP ﬁles for use with the RA 6300, keep in mind that ACP proﬁle criteria cannot be port speciﬁc and that you need to modify your existing ﬁles accordingly.
Page 244: About Setting Security-Related Parameters
1-5: user group=eng;ports=asy clismask telnet end If the former were used in an environment with the RA 6300, the climask would inconsistently apply to modem connections because the dynamic allocation of ports will not be constrained to ports 1–5.
Page 245: About Host-Based Security
ﬁts the needs of your environment. enable_security Parameter To use any security feature, you must enable security for the RA 6300 by setting the enable_security parameter to Y. This parameter is mandatory if you intend to use any security mechanisms (except the administrative password for access to administrative tools).
Page 246: Implementing Local Virtual Cli Password Protection
Chapter 15 Using RA 6300 Security The passwords set in the following parameters are stored on the RA 6300 and do not involve the use of a security server: Implementing Local Virtual CLI Password Protection Local password protection can be implemented for the RA 6300 in one of two ways: The vcli_password parameter allows you to deﬁne a local password for...
Page 247 The RA 6300 acts as follows: You can also use the vcli_password as a back-up to host-based security. When local VCLI password protection is used as a back-up, the RA 6300 first accesses the security server to validate a CLI connection request. If no response is received from a security server, the RA 6300 requests the local VCLI password.
Page 248: Administrative Password
RA 6300’s IP address. When the show annex command displays the password as “<unset>”, use the default administrative password for: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-220 •...
Page 249: Protecting The Superuser Cli
Using either method, the new password takes effect immediately for access to the superuser CLI. Reset the password to the RA 6300’s IP address by either: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX The administrative password never displays.
Page 250: Protecting Resources From Unauthorized Access
RA 6300 provides timers that can terminate a session. The default cli_inactivity parameter (default setting: off) sets the CLI inactivity timer. When enabled, the RA 6300 terminates the session after the amount of time specified in this parameter has elapsed or the last session is completed.
Page 251: Overview Of Host-Based Security
Overview of Host-based Security ACP security has three requirements: 1) at least one UNIX host on the network must act as a security server running RA 6300 security software; 2) security must be enabled on the RA 6300 (the enable_security parameter is set to Y);...
Page 252 Chapter 15 Using RA 6300 Security The following sections describe these aspects of ACP security: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-224 • Basic ACP Conﬁguration on page 15-225. • Encrypting Security Messages •...
Page 253: Basic Acp Configuration
If ACP is down, the RA 6300 acts as follows: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Set the cli_security parameter to Y, so that the RA 6300 will use ACP. Deﬁne a security server using the pref_secure1_host, pref_secure2_host, or security_broadcast parameter (see Conﬁguring the Security Server...
Page 254: Virtual Cli Security
You can set up host-based security for virtual CLI (VCLI) connections in which users must provide a valid user name and password before they are granted access to a virtual CLI: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-226 •...
Page 255: Connection Security
You can authorize or deny IP or CLI access to speciﬁc hosts, host ports, or networks for a particular user, group, time of day, or protocol in use. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX •...
Page 256 Set the mode parameter to cli and have the user issue the slip or ppp command from the CLI. If the mode parameter is set to slip, the RA 6300 does not perform a security check. If you want authentication performed on the CLI connection...
Page 257: Port Server Security
If ACP is down, the RA 6300 acts as follows: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX The RA 6300 never uses local security with the slip or ppp command.
Page 258: Configuring The Security Server
# symbol in front of the ACP entry in the eservices ﬁle. For example: # erpc remote programs # prog no. verlo Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-230 • If the port_password parameter is not set (“<unset>”), the RA 6300 fails the port connection attempt.
Page 259: Specifying The Security Hosts
If a response is not received within the time deﬁned in the network_turnaround parameter, the RA 6300 repeats the query several times. If the RA 6300 still does not receive a response, it queries the host deﬁned in the pref_secure2_host parameter.
Page 260: Encrypting Security Messages
Servers on page A-209). The encryption key also validates the security host: the host must know the RA 6300’s ACP key for the RA 6300 to consider the host valid. Without the appropriate key, the RA 6300 denies the user’s request even if the host is deﬁned as a preferred security host.
Page 261: Creating The Acp_Keys File
IP addresses separated by commas and an encryption key for those RA 6300s. The RA 6300 or the list of RA 6300s and the key are separated by a colon. The order of placement in the ﬁle is important, as the ﬁle is read sequentially.
Page 262 RA 6300 whose IP address is 132.245.6.15, no encryption for the RA 6300 whose IP address is 132.245.6.75, and Piano as the key for all other RA 6300s on the 132.245.6 subnet. The last entry specifies gl12ch as the key for annex01, annex02, and annex03.
Page 263: Defining Security Profiles
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 15 Description The user’s userid. The name of a group to which the user belongs, as deﬁned in the /etc/groups or acp_group ﬁle; see on page 15-244.
Page 264: Overview Of Security Profile Criteria
The following examples could appear in any or all of the acp_regime, acp_userinfo, and acp_restrict ﬁles. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-236 •...
Page 265 When user chris connects to annex03, erpcd records all the conditions related to the connection – the userid and any group associations (as deﬁned in the acp_group or /etc/group ﬁle), the RA 6300 and port that chris connects to, the time of connection, and the connection protocol –...
Page 266 Once erpcd has found all the matching proﬁle criteria in acp_regime, acp_userinfo, and acp_restrict (using the one-match-per ﬁle rule where appropriate) for a given set of connection conditions, the result is a single security proﬁle. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-238...
Page 267 Additional information and examples are supplied in the sections on acp_regime, acp_userinfo, and acp_restrict. Username and The username criterion lets you control security based on the RA 6300 Group Criteria userid (the name the user speciﬁes at login). The group criterion lets you control security based on a user’s membership in a group.
Page 268 – time2 date2 ” Enclose the time criterion in quotation marks and specify the arguments as follows: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-240 • For day, specify a weekday, e.g., Sunday or Monday. The time criterion will apply to that entire day.
Page 269 RA 6300 and RA 6300 port type that the user tries to access. You can use an asterisk (*) symbol as a wild card in place of an RA 6300 name or the host port of an RA 6300 IP address. The following are valid annex and port type speciﬁcations:...
Page 270 To specify more than one protocol, you must specify multiple security proﬁle deﬁnitions. For example, to specify both PPP and SLIP, enter: protocol=ppp protocol=slip The default is any protocol. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-242 You cannot abbreviate the ports keyword. • slip •...
Page 271: Overview Of Files Used To Define Security Profiles
It is based on answers you supply to prompts from install, and it contains a single authentication scheme, such as acp, to be used for authenticating all RA 6300 users. It also contains the name of a password ﬁle, if the regime is acp or kerberos.
Page 272: Creating User Groups
There is no arbitrary limit to the number of names in userlist. Fields are separated by the colon (:) character. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-244 Changing the Expected File Names Used by ACP The acp_group ﬁle must have the same format as the...
Page 273: Configuring The Acp_Regime File
Conﬁguring the acp_regime File The initial security regime that the RA 6300 uses to authenticate all users is deﬁned in the acp_regime ﬁle. This ﬁle is created the ﬁrst time the network administrator runs the RA 6300 install program. The program prompts for a security regime and, if the regime requires it, a password ﬁle name.
Page 274: Table A-24. Authentication Regimes
Table A-24. Authentication Regimes Regime safeword kerberos native none securid Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-246 on page 15-236. Valid regimes are Table A-24. Description ACP authentication, using the password ﬁle you specify.
Page 275: Creating User Password Files
ﬁle (which must reside in the RA 6300 install directory). Even if user jack is deﬁned in ﬁnance, if he logs in between 9:00 A.M. and 10: P.M., erpcd nevertheless tries to authenticate him via SecurID, since the...
Page 276 After creating this entry, use the ch_passwd command to enter the port password: % ch_passwd 132.245.33.11.1 New password: <password> Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-248 If you are using a System V.4 or V.5 host, use the /etc/shadow ﬁle rather than the /etc/passwd file.
Page 277: Creating The Acp_Userinfo File
If no password ﬁle is speciﬁed, erpcd looks for /temp/ tkt_erpcd_ in the install directory (default is /usr/annex). If erpcd does not ﬁnd a match in that ﬁle, the user is denied access to the RA 6300. For more information, see...
Page 278 In searching acp_userinfo, erpcd looks only for a ﬁrst match, whether that match is a single userid or all the criteria in a proﬁle criteria speciﬁcation. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-250 entry Book A Proﬁle Criteria Syntax...
Page 279 You can specify the following entry options (the following subsections discuss these options in detail): Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX climask slip ppp end clicmd ppp end deny In the above example, user username=jill can also be speciﬁed as...
Page 280: Table A-25. Entries For Accesscode In The Acp_Userinfo File
Table A-25. Entries for accesscode in the acp_userinfo File Entry code accesscode_entry (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-252 Table A-25). The syntax is: accesscode_entry Description A character string deﬁned by the administrator. The user is prompted for this string (after the user name and password prompts) when logging onto a port deﬁned...
Page 281 Morse into the host amos, the job entry is: job rlogin amos -1 Morse end Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-253...
Page 282 If so, one of the following occurs: user cobb pool inbound pool outbound Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-254 • If cobb enters access at the accesscode prompt, the RA 6300 calls cobb back at the number 9–765–4321 and then logs cobb...
Page 283: Table A-26. Arguments For The Clicmd Entry In The Acp_Userinfo File
If the RA 6300 detects an error in a command, erpcd stops sending commands, syslogs an error, and denies access to the user.
Page 284 9:00 A.M. and 5:00 P.M. on the speciﬁed days, the RA 6300 executes the ppp command (after authenticating kip at the CLI level). The port to which kip is connected is thereby converted from CLI to PPP mode.
Page 285: Table A-27. Entry For Climask In The Acp_Userinfo File
The following is an example of climask: user username=sam;time=”9:00am-10:30pm Friday-Monday” If user sam logs into any RA 6300 between 9:00 A.M. and 10:30 P.M. on the speciﬁed days, he cannot issue the ppp or arap command. In all other situations, this particular user...end block is ignored. For example, if sam logs into an RA 6300 at 11:00 PM, the entry is ignored.
Page 286: Table A-28. Entry For Deny In The Acp_Userinfo File
For a single user or for conditions that meet proﬁle criteria, you can deny access to the RA 6300 in the acp_userinfo ﬁle. If the proﬁle criteria are met or the user name in the user entry matches the userid supplied at login, ACP refuses access to the RA 6300.
Page 287: Table A-29. Entry For Filter In The Acp_Userinfo File
Table A-29. Entry for ﬁlter in the acp_userinfo File Entry ﬁlter_deﬁnition Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Table A-29 describes the entry for ﬁlter in the Filters are session-speciﬁc; they are dynamically applied to each internal port for the duration of a session based on the entries in the acp_userinfo ﬁle.
Page 288 You cannot use a route entry in acp_userinfo to deﬁne a default route. The syntax for the route entry is: route [–h] dest mask gateway [metric] end Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-260 filter output include dst_address 132.245.4.33 discard end clicmd special_setup end filter output include dst_address 132.245.4.33 discard end...
Page 289: Table A-30. Argument For Route Entry In The Acp_Userinfo File
Typically, a route entry in acp_userinfo is used when a router attached to a small network dials into the RA 6300 but does not want to incur the overhead of running a routing protocol itself. Consider the conﬁguration Figure Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 290 Figure A-15. Sample Conﬁguration for a route Entry in acp_userinfo Given the conﬁguration in route on the RA 6300 that will be used for routerA (e.g., Bay Networks CLAM). This route allows packets to be sent back and forth between the company network and the remote PC with the IP address 131.108.33.0.
Page 291: Table A-31. Entry For At_Zone In The Acp_Userinfo File
Table A-31. Entry for at_zone in the acp_userinfo File Entry zone Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX lists the entry for at_zone in the acp_userinfo ﬁle. The syntax is: Description A list of one or more ASCII character strings. You can have any number of zones speciﬁed in a zone list, subject to the...
Page 292: Table A-32. Entries For At_Connect_Time In The Acp_Userinfo File
ﬁle. The syntax is: at_connect_time time_value Table A-32. Entries for at_connect_time in the acp_userinfo File Entry time_value Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-264 at_zone bn-33net bn-55net end at_zone bn-11net bn-22net end Description The format for this argument is <minutes>. For example:...
Page 293: Table A-33. Entries For At_Nve_Filter In The Acp_Userinfo File
Table A-33. Entries for at_nve_ﬁlter in the acp_userinfo File Entry include| exclude tuple Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 15 Description The include or exclude qualiﬁer controls how ﬁlters are used: include ﬁlters allow only matching answers; exclude ﬁlters discard matching answers and allow non-matching answers.
Page 294 (e.g., membership in a group). the acp_userinfo ﬁle. The syntax is: at_passwd string Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-266 at_passwd klot at_nve_filter include Frick\CPU:*@eng end...
Page 295: Table A-34. Entry For At_Passwd In The Acp_Userinfo File
#Set up a guest user entry that allows guests to connect #for 1 hr.and hides our file servers user username=<Guest> Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Description A string of up to nine alphanumeric characters (the un- encrypted password).
Page 296: Table A-35. Entry For Chap_Secret In The Acp_Userinfo File
ﬁle: user username=smith For more details on CHAP and secret tokens, see Protocol (CHAP) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-268 Table A-35 Description A string from 1 to 32 bytes long; 16 bytes is recommended due to the operation of the MD5 encryption algorithm.
Page 297: Limiting Access To Hosts Via Acp_Restrict
IP access to a speciﬁc host or host-port combination. This security mechanism uses a host-resident file that lists the hosts and host ports to which access is restricted and specifies the RA 6300 or the profile criteria to which the restrictions apply. By default, there are no host or host-port restrictions.
Page 298: Table A-36. Arguments In The Acp_Restrict File Entries
: (colon) ~ (tilde) restricted host (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-270 Description The name or IP address of the RA 6300 initiating the access. This argument is supported for backward compatibility with Release 10.1 and earlier releases but...
Page 299 In the next example, which shows the use of proﬁle criteria, user carl is blocked from using telnet or rlogin to access hosts atlas and steam: username=carl;protocol=cli:atlas,steam Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 15 Description The name or IP address of an unrestricted host (including RA 6300s).
Page 300 To put these restrictions into effect, the RA 6300 would generate the following four ﬁlters, in which 132.245.33.1 is the address of mailhub and 132.245.33.2 is the address of dns_srv.
Page 301 Finally, ﬁlters apply to IP packets only; IPX and AppleTalk packets cannot be ﬁltered. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • One or more hosts cannot be reached and all other hosts can.
Page 302: Using Include Files In The Acp_Userinfo File
Remote Annex. This eliminates the need to assign an IP address manually (and the subsequent need to reconﬁgure and reboot) each time that a host is added or moved to a new subnet location. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-274 Description The name of a ﬁle located in the same directory as...
Page 303: Non-Supported Features Of Dhcp
Non-supported Features of DHCP Some aspects of DHCP are not relevant to its use on a Remote Annex, speciﬁcally: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Creating the acp_dialup File • A Remote Annex does not implement the BOOTP Relay function.
Page 304: Cautions
RA 6300 address and port number, and an associated user name, which are used as keys in this file. Once the keys are matched, the corresponding dial-up addresses are returned to the caller on the RA 6300. If no match is found, the RA 6300 uses the port’s remote_address and local_address...
Page 305 You can specify the RA 6300 by name, IP address, or wild card (*); the wild card means that any incoming address request with that user name will match. The ﬁle format allows one entry per line; the RA 6300 ignores any data following the comment character (#);...
Page 306: Determining Dial-Up Addresses Using The Acp_Dialup File
When address_origin is set to acp, the RA 6300 searches for the remote client’s user name in the acp_dialup ﬁle. RA 6300 behavior at this point depends on whether or not the RA 6300 ﬁnds a matching user name in acp_dialup: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 307: Enhancing Password Security
– If the local_address parameter is set but the remote_address parameter is not set, the RA 6300 forces the use of the value in the local_address parameter and negotiates for the remote address value with the remote PPP client. (If these conditions are true for a remote SLIP client, the connection is denied.)
Page 308 Use the convert program, located in the erpcd directory, to change the integrated passwd form to the passwd/shadow form (and vice-versa). Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-280 •...
Page 309: Enabling And Configuring Password Histories
To turn on the password history feature and (optionally) enable aging via shadow ﬁles: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Use na or admin to make sure that the enable_security parameter is set to Y for the RA 6300(s) you are conﬁguring.
Page 310 Chapter 15 Using RA 6300 Security Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-282 • Look for the following lines to deﬁne STORED_PASS, which are already uncommented. The lines deﬁne the number of passwords that will be stored to prevent them from being re-used.
Page 311 Book A Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX If you plan to use only the password history feature and not blacklisting as well, follow the instructions in Steps 8 through 11, below. If you are also using blacklisting, wait to do this until you have conﬁgured both features.
Page 312: Overview Of Blacklisting
Overview of Blacklisting A user account is considered under attack, and therefore blacklisted, when either (or both) of the following occurs: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-284 # ./erpcd hobbes fritz •...
Page 313 The absence of an acp_dbm database indicates that no password histories exist and no failed login attempts have occurred. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX on page 15-288. Blacklisting makes the RA 6300 susceptible to denial-of- service attacks.
Page 314: Configuring Blacklisting
To monitor the blacklist status of one or more users, go to the directory (on the security host) that contains acp_dbm utility (see page 15-288). Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-286 • By editing #deﬁne statements in the acp_policy.h ﬁle.
Page 315: Table A-38. Erpcd Options And Acp_Policy.h Variables
Book A Table A-38. erpcd Options and acp_policy.h Variables erpcd Option –bmax_con –xmax_total –gperiod Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 15 Equivalent Description acp_policy.h Variable MAX_BL_CON The number of consecutive login failures a user is permitted before being blacklisted.
Page 316: Viewing And Managing The Acp_Dbm Database
In this message, userid is the user name for the account that has been blacklisted. The syntax for the acp_dbm utility is: acp_dbm [–s username] [–c username] [–d username] [–l] Table A-39 explains the options. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-288...
Page 317: Deleting The Acp_Dbm Database
Deleting the acp_dbm Database The only way to delete the acp_dbm database is via the UNIX rm command. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 15 Description Sends information about username from the acp_dbm database to standard output.
Page 318 Using RA 6300 Security Error Handling for Password Histories and Blacklisting The following error conditions can occur: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-290 • If erpcd cannot read or write to the acp_dbm database or...
Page 319: Using Appletalk Security
Using AppleTalk Security The RA 6300 implementation of ARA provides three areas of security: ARA Security The basic ARA security features are: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • ARA security. • Zone security.
Page 320: Logging
Every user can have a zone list assigned via remote ACP. If a list is not available via ACP, the RA 6300 provides all the zones it has learned from the network. If local security is used, use the per RA 6300 parameter default_zone_list.
Page 321: Using Ipxcp Security
Upon receipt, the peer authenticates that combination. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Windows ‘95 IPXCP clients must make sure that SPAP security is not enabled on their PCs.
Page 322 Chapter 15 Using RA 6300 Security When the RA 6300 requests PAP and the peer ACKs the request, the RA 6300 handles the incoming PAP user name/password combination as follows: When the RA 6300 agrees to PAP, it sends the PAP user name/password combination as follows: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 323: Challenge-Handshake Protocol (Chap
CHAP is a three-way handshake that depends on a secret token. The secret token is known to both sides of the peer-to-peer link. When the challenge is sent by the RA 6300, the peer responds with a one- way encrypted value. The authenticator then runs the same encryption on the challenge message using the peer’s secret token.
Page 324 Chapter 15 Using RA 6300 Security If the slip_ppp_security parameter is set to Y, the RA 6300 sends the username, challenge message, and challenge response to ACP for authentication. The RA 6300 uses local security when ACP is unavailable and the port_password parameter is set; local security ignores the user name and checks the response against port_password using the port_password to encrypt the challenge message.
Page 325 The Annex sends a challenge only if the enable_security and slip_ppp_security parameters are set to Y, the ppp_security_protocol parameter is set to chap, and CHAP is ACKed during LCP. If the RA 6300 is ACKed for CHAP, it will seek only one valid response.
Page 326: Using The Ppp Security Parameters
Table A-40 The following two statements are true for all cases listed in 40. First, if a remote side of a link demands PAP, the RA 6300 uses ppp_username_remote and ppp_password_remote for the username and password. Second, if ppp_username_remote and ppp_password_remote are not set, the connection fails.
Page 327 Book A Table A-40. PPP Security Parameters and their Effect on RA 6300 Activity (continued) enable_security = Y ppp_security_protocol = pap slip_ppp_security = N enable_security = Y ppp_security_protocol = chap slip_ppp_security = Y enable_security = Y ppp_security_protocol = chap slip_ppp_security = N...
Page 328: Using Filters For Security
ﬁltering to prevent users on your internal network from accessing external hosts and services. An effective way to provide this kind of protection is to pick one RA 6300 on the internal network to be the network’s chokepoint or ﬁrewall through which all trafﬁc to and from external networks must pass.
Page 329: Using Kerberos Authentication
To enable Kerberos authentication, you must rebuild the erpcd process, and then use this process instead of the default version. To rebuild erpcd: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Edit the make.conﬁg ﬁle in the /annex_root/src directory and look for the keyword CFG_STUBLINKING, at the bottom of the ﬁle.
Page 330: Configuring The Ra 6300 For Use With Kerberos Authentication
ACP servers support Kerberos authentication for consistency. Conﬁguring the RA 6300 for Use with Kerberos Authentication To conﬁgure the RA 6300 for use with Kerberos authentication, you must set the parameters as indicated in Table A-41. Kerberos Parameter Settings Parameter...
Page 331: Using The Ace/Server
LCD display. This card generates, at a designated interval, a one- time-only, unpredictable code on the LCD display. At the usual system prompt from your RA 6300, SecurID card users enter a passcode in order to access your protected system.
Page 332: Assigning A Securid Card To A User
When a user tries to log into your system, the ACE/Server prompts for the user name and passcode. The user enters the PIN number followed by the current SecurID card code displayed on the SecurID card. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-304 Book A...
Page 333: Generating Pins
Before installing the ACE/Server software, you must determine which of the above options your site will use. The following is an overview of the available options. See the ACE/Server Manual for more information. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • Port-to-port RA 6300 •...
Page 334: Installation
During the Remote Annex software installation, you must copy the src/sdclient following library and ﬁles from your ACE/Server distribution media to the src/sdclient directory: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-306 • sdclient.a library •...
Page 335: Makefile Switches
#SECURIDOFILES=fflush.o SECURIDCFILES=fflush.c SECURIDOFILES=fflush.o Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX To integrate SecurID into ACP, you must make changes in the erpcd utility. When you have made the necessary changes to the Makeﬁle, rebuild the Remote Annex software. See Re-compiling erpcd, later in this chapter.
Page 336: New-Pin Mode
PIN or chooses to leave the card in New- Pin mode, the login attempt is terminated. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-308 The minimum and maximum PIN lengths and the choice between digits only or alphanumeric characters is determined by the system administrator when installing the ACE/Server.
Page 337: Configuring The Ra 6300 For Use With Securid
Book A Conﬁguring the RA 6300 for Use with SecurID To use the SecurID card, security must be enabled on the RA 6300: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Set the following RA 6300 parameters to Y: •...
Page 338: Integrating Securid Into Acp
Integrating the ACE/Server software into ACP requires changes to the erpcd utility. The following instructions assume that the ACE/Server software is installed in a directory called /usr/ace and the RA 6300 software is installed in /usr/annex; if your code is installed in different directories, substitute the appropriate pathnames where applicable.
Page 339 Book A Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Copy the required header ﬁles and libraries from the ACE/ Server directories: If you have ACE/Server Release 2.1.1 or 2.2: # cp /usr/ace/sdiclient.a sdclient # cp /usr/ace/prog/*.h sdclient This sequence requires that these ﬁles are installed on the...
Page 340 Chapter 15 Using RA 6300 Security Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-312 Make sure that ACP is enabled in the eservices ﬁle (the default is ACP disabled). The default ﬁle looks like this:...
Page 341: Securid Backup Security
The hosts where erpcd is running must be registered as clients, and all users with SecurID cards that will log into the RA 6300(s) must be allowed to access the host clients. 11. On the RA 6300, enable security, conﬁgure the preferred security server, and enable CLI security on the ports to be protected by SecurID.
Page 342: Using Safeword As Security
Also, another difference is that clients are allowed to be on different hosts. You can use SafeWord software for: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-314 ACP hosts serve as clients to SafeWord AS.
Page 343: Installing Safeword As
Therefore, when you dial in to the network through an RA 6300, or dial out from an RA 6300 (e.g., if you telnet to a port in slave mode), the RA 6300 does not display the SafeWord Failed Access Report.
Page 344: Makefile Switches
12. Copy the sid.cfg ﬁle into the installation directory. sid.cfg File 13. Rename the sid.cfg ﬁle to safeword.cfg. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-316 “__assert” comes up undeﬁned (the default). You must uncomment...
Page 345: Integrating Safeword Into Acp
23 Status Message Label: sid-7482 Integrating SafeWord into ACP Before you use SafeWord, you need to integrate SafeWord into ACP: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX yourservername 0 0 7482 As a superuser, change to the /usr/annex/src directory:...
Page 346 Chapter 15 Using RA 6300 Security 10. On the RA 6300, use admin or na to set pref_secure1_host to the Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-318 Edit the make.conﬁg ﬁle in the /annex/root/src directory: # vi make.config...
Page 347: Safeword Passwords
When an existing password expires, RA 6300 users can choose a new ﬁxed password: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX While SafeWord’s IDUTIL program allows administrators to create up to three levels of authentication for each user, RA 6300 access allows you to combine one dynamic and one ﬁxed password: you...
Page 348: Dynamic Passwords
Asynchronous modes: For detailed information about conﬁguring and generating ﬁxed and dynamic passwords, refer to Enigma Logic’s SafeWord documentation. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-320 • In Synchronous mode authentication, the token generates a dynamic password that you enter at your terminal.
Page 349: Safeword Backup Security
Y but a preferred security server is not conﬁgured, or if enable_security is set to N, the user is prompted for a user name and a password. The RA 6300 will accept any user name, but grants FTP access only after checking the password against its administrative password.
Page 350 ﬁle with the user’s name and password as entered and the service set to SERVICE_FTP. If ACP grants access, the FTP daemon will ask for an “account.” The RA 6300 compares the text entered at this prompt against its administrative password for an added level of security.
Page 351: Configuring The Ip Basic Security Option (Ipso
RFC 1108. The RA 6300 partially implements this security option by adding the IPSO classiﬁcation level to packets generated by telnet or rlogin running on an RA 6300 dedicated, adaptive, or CLI port. (The CLI port can be an auto_detect or auto_adapt port that the user has put into cli mode by pressing Return when ﬁrst connected to the port.) The...
Page 352: Logging Security Events
When a router that fully implements IPSO receives a packet with an unacceptable classiﬁcation level, it sends an ICMP security discard message to the packet’s originator. If the RA 6300 receives a discard message, it passes it to the application running on the port that generated the IPSO packet.
Page 353: Modifying The Supplied Security Application
Some simple modiﬁcations involve changing system deﬁnitions in the ﬁle /annex_root/src/erpcd/acp_policy.h. More elaborate security policies may require modifying or replacing functions in the file /annex_root/src/erpcd/acp_policy.c. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • Bytes in. • Bytes out.
Page 354: Disabling User Name And Password Validation
To use the NIS password ﬁle for veriﬁcation through ACP, change (uncomment) the following lines: /* #define NATIVEPASSWD 1 */ /* #define NATIVESHADOW 1 */ Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-326 #define USER_VALIDATION 0 #define NATIVEPASSWD 1...
Page 355: Modifying Message Formats In The Acp Log File
< annex_name >:< logid >:#< port >:< seconds_since_1970 >:\ <service>:<event>:<pkts in>:<pkts out>:<bytes in>:\ <bytes out>:<msg> Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX * Uncomment this line to select the use of the\ * standard syslog(3) facility in addition to or in\ * place of the logfile -- the value of "USE_SYSLOG"\...
Page 356: Changing The Expected File Names Used By Acp
Since you do not need the temporary file if you are using an existing system file, comment out the line for the temporary file. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-328 sprintf(str,"%s/acp_passwd",install_dir) sprintf(str,"%s/acp_ptmp",install_dir)
Page 357 #define ACP_GROUP(str)\ #else #define ACP_SHADOW(str)\ #define ACP_STMP(str)\ #define ACP_LOCKFILE(str)\ #define ACP_GROUP(str)\ #endif #define ACP_LOGFILE(str) \ (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX strcpy(str,"/etc/shadow") strcpy(str,"/etc/shadow.tmp") strcpy(str,"/etc/.pwd.lock") strcpy(str,"/etc/group") sprintf(str,"%s/acp_shadow",install_dir) sprintf(str,"%s/acp_stmp",install_dir) sprintf(str,"%s/.pwd.lock",install_dir) sprintf(str,"%s/acp_group",install_dir) define pathname of accounting file*/ sprintf(str,"%s/acp_logfile",install_dir)
Page 358 #define ACP_PERMGRANTD "\nPASSCODE accepted\n" #define ACP_PERMDENIED "\007\nAccess Denied\n" #define ACP_INCORRECT "\nUsername/PASSCODE Incorrect\n" #endif (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-330 sprintf(str,"%s/acp_restrict",install_dir) define pathanme for annex acp_keys file */ sprintf(str,"%s/acp_keys",install_dir) define pathanme for annex dialup addresses file */ sprintf(str,"%s/acp_dialup",install_dir)
Page 359 #define ACP_PINSZRANGE "%d to %d" #define ACP_NEWPINPROMPT "Enter your new PIN containing %\ (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX in %ld days unless changed.\n" tomorrow unless changed.\n" today unless changed.\n"...
Page 360: Locking The Acp Log File
Locking the ACP Log File To prevent two or more host processes from logging a record simultaneously, the RA 6300 erpcd code uses the host system call lockf to lock the ACP log ﬁle. This lock prevents other processes from writing the ﬁle until the ﬁle update is complete.
Page 361: Masking Cli Commands
To disable rlogin and telnet for all users that enter the system through ACP security, modify the deﬁnition line to read: #define CLI_MASK (unsigned long) (MASK_RLOGIN | MASK_TELNET) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-333...
Page 362 #define MASK_SLIP #define MASK_CONNECT 0x00020000 #define MASK_SERVICES 0x00040000 (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-334 Superuser CLI mode overrides ACP command masking. define bit to disable each maskable CLI command*/...
Page 363: Modifying The Code
RA 6300. A call is made to an ACP remote procedure, which makes calls to functions in the ACP library to prompt for user names, passwords, etc.
Page 364: Re-Compiling Erpcd
ACP password file from acp_passwd. The source files are in /annex_root/src/erpcd, where annex_root is the directory to which the RA 6300’s source code was copied. To re-compile: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX A-336 cd to /annex_root/src.
Page 365: Using The Ch_Passwd Utility
A superuser can change the password for any user. The superuser syntax ch_passwd [username] [–s directory] Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Table A-42 describes the supported argument for To change an RA 6300 user password, the username in the acp_passwd ﬁle must match the username in the /etc/passwd (or /...
Page 366 If you change the name of the ACP password ﬁle, you must recompile both erpcd and the ch_passwd utility. The source files for both are provided with the RA 6300 software distribution and are located in the / annex_root/src/erpcd directory. For instructions on recompiling both, see Conﬁguring Hosts and Servers on page A-209.
Page 367: Network Administration
Test RA 6300 network links Display RA 6300 statistics (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Network Administration his chapter discusses typical network administration tasks you can Related CLI Command and/or...
Page 368 Host ARP (Address Resolution Protocol) Table Disable RA 6300 Software modules Troubleshoot conﬁguration problems Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Related CLI Command Instructions for Use and/or Parameter who command Displaying User Activity...
Page 369: Displaying Pri Information
The superuser CLI pri command displays information about the RA 6300 PRI module and its connections. Using pri you can display information that includes: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • PRI module ﬁrmware version information (module version and ﬁrmware revision).
Page 370: Pri Command Syntax
Displaying PRI B Channel Assignments The superuser CLI pri b command displays information about active B channels that includes: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • Call setup information elements received during call establishment that includes: called number, calling number, and bearer.
Page 371: Pri B Command Syntax
Allow which lets the RA 6300 accept calls made to it. • Stop which denies acceptance of new calls, but lets currently established calls to continue. By default the RA 6300 accepts calls made to it. The RA 6300 reverts to this default following a restart. Chapter 1 Network Administration...
Page 372: Pri Call Command Syntax
Stop acceptance of new outgoing calls pri call Sample Display Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • Incoming which are calls made to the RA 6300 • Outgoing which are calls made from the RA 6300 The RA 6300 does not currently support outgoing calls.
Page 373: Displaying Active Session Parameter Blocks
SPB name and setup criteria for a single active SPB SPB name, setup criteria, and parameter settings for a single active SPBs sessions Sample Display Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 Network Administration Issue this command sessions sessions -a sessions -l <spb_name>...
Page 374: Displaying Network Statistics
Network Administration Displaying Network Statistics The CLI netstat command displays information that the RA 6300 has obtained from the network. Using netstat you can display: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • Active connections. •...
Page 375: Netstat Command Syntax
-ia port -ip port (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX describes the display observed using the netstat command with Description Displays default active connection information. Information displayed includes: local and remote addresses,...
Page 376 Network Administration Table B-2. Arguments for the netstat Command (continued) Argument (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-10 Description Displays all network addresses as numbers rather than names or symbols; can be used in combination with –...
Page 377: Netstat Sample Displays
Table B-3. Arguments for the netstat Command Argument –A –a Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 Description Displays information about the amount of memory available in the large and small IPX buffer pools.
Page 378: Interface Statistics
Proto Recv-Q Send-Q Local Address Foreign Interface Statistics The netstat –i command displays interface statistics for an RA 6300 running on an Ethernet LAN. statistics for Ethernet. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-12 annex1.telnet test1.4759 annex1.883 annex1.1085 annex1.1081...
Page 379: Table B-4. Hardware Interface Statistics For Ethernet)
Buffer Drops FIFO Drops Interface Resets TX DMA Underruns (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 Description The number of packets received from the network interface. interface. The number of bytes received from the network interface.
Page 380 FIFO Drops: TX DMA Underruns: Carrier Sense Losses: Collisions Detected: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-14 Description The number of times a frame reception is terminated due to lack of system bus bandwidth.
Page 381: Ppp Statistics
ﬁelds in the netstat –ip command display. The netstat –ip command display for an asy port (asynchronous port) on the RA 6300 looks like this. annex# netstat -ip asy22 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-15...
Page 382 RA 6300 looks like this: annex# netstat -ip ta10 The netstat –ip command display for a syn port (synchronous PPP) on the RA 6300 looks like this: annex# netstat -ip syn7 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-16...
Page 383: Table B-5. Field Deﬁnitions For The Netstat -Ip Command
The RA 6300 received and answered a conﬁgure request. Layer negotiation has completed successfully. The link is in process of closing. The RA 6300 has sent a terminate request and is waiting for a terminate ACK. Shows the states based on the last security messages sent and received;...
Page 384 CHAP AACK Sent CHAP CHAL Rcvd CHAP CHAL Sent CHAP RESP Rcvd CHAP RESP Sent Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-18 Deﬁnition No PAP security has been initiated. The RA 6300 has received the Authenticate-Request message and currently is processing it.
Page 385: Slip Statistics
Bad Type/Length Fields:0 FIFO Drops: TX DMA Underruns: Carrier Sense Losses: Collisions Detected: SLIP rcvr: SLIP xmit: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Network Address Ipkts Ierrs Opkts 192.9.200 annex1 648918 0 127.0.0.1 0 192.9.200...
Page 386: Table B-6. Displaying Appletalk Statistics Using The Netstat Command
Carrier Sense Losses: Collisions Detected: (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-20 deﬁnes the arguments for displaying AppleTalk statistics. Description Displays interface statistics. Displays a speciﬁc RA 6300 PPP interface (see Statistics on page 1-15).
Page 387: Rip Statistics
Field Intf Bad Pkts Bad Rtes (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX *** IEEE 802.2 Data Link Layer Statistics *** 802.2 packets sent: AARP packets sent: AARP packets received: Unknown 802.2 SAP’s:...
Page 388: Routing Table Information
–r command display. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-22 Deﬁnition Displays the number of triggered updates transmitted over the interface.
Page 389: Table B-8. Displaying Routing Table Information Using The Netstat Command
132.245.66.0/24 132.245.44.22 UR 132.245.77.0/24 132.245.44.22 UR Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Deﬁnition Displays statistics and information about all available routes in the routing table. A route comprises a destination host or network and the gateway through which data is forwarded.
Page 390: Table B-9. Ip Fields In The Netstat -R Command Display
24 bits (eight octets), or 255.255.255.0. If IP Default appears in the Destination ﬁeld, the entry speciﬁes the route the RA 6300 uses if it can ﬁnd no other route for a destination. If a name appears in the Destination ﬁeld, the entry is for a host route;...
Page 391 (Source) Third ﬂag Usage UseCount Interface Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Explanation Second ﬂag The route was learned via an ICMP redirect. This can occur only when IP routing is disabled (by setting the routed parameter to N).
Page 392: Route Cache Information
–C Destination default 74.68.67.0 132.245.124.0 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-26 describes the ﬂags for the command display. Deﬁnition An interface route, where x is the interface name and number, e.g., asy8. This can be a back-up route for a an interface that has a duplicate deﬁnition in the routing...
Page 393: Filtering Statistics
Table B-11. Field Deﬁnitions for the netstat –f Command Field In-hits Out-hits Drop ICMP Syslog Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Table B-11 describes the field definitions for the In-hits Out-hits Drop Deﬁnition Displays the interface.
Page 394: Protocol Statistics
Y; DDP statistics display only if the correct option_key value is set. A truncated view looks something like this: annex01# netstat –s Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-28 7 mbufs allocated to data 2 mbufs allocated to packet headers...
Page 395 Book B Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX 613422 total packets received 0 bad header checksums 4 output packets we did frag 5 output fragments we created icmp: 2359 calls to icmp_error 0 errors not generated ’cuz old message too short 0 errors not generated ’cuz old message was icmp...
Page 396: Using The Ping Command To Test Network Links
Table B-12. Arguments for the ping Command Argument –a –r (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-30 lists the arguments for this command. Description Generates AppleTalk Echo Protocol (AEP) echo request packets to a target node.
Page 397: Ping Sample Display
----caddy PING Statistics---- 4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max = 12/20/37 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 Description Traces the path of a packet from the local host to the destination host and back, displaying information about each router in the path.
Page 398: Managing The Arp Table
You can use arp to modify the table for hosts that do not implement ARP, enabling communications between the host and the RA 6300. Using arp, you can delete a specified entry and/ or create an entry for a host.quit A created entry is permanent unless it is deﬁned as temporary, in which...
Page 399: Logging User And Ra 6300 Events
Supplied Security Application on page A-325. Each logged message in the ACP log ﬁle can contain any of the following ﬁelds: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • IP address of the RA 6300.
Page 400 6175552536: cld# 0300: cldsa : br voice 132.245.11.14:210201c6:#24:960603:104649:cli hook:login:smith 132.245.11.14:210201ca:#24:960603:105032:cli hook:logout:smith 132.245.11.14:210201cb:#24:960603:105032:cli hook:acct:0:0:72:2978:smith 132.245.11.14:210201cc:#24:960603:105032:PRI manager:call disconnect:clg# 6175552536: cld# 0300: cldsa : br voice Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-34 • Bytes in. • Bytes out. •...
Page 401 PRI Manager call accept clg# cld# cldsa Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 Description This is the IP address of the RA 6300 logging the entry. This is the entry number in the log ﬁle This is the RA 6300 internal port number.
Page 402 RA 6300 determines the frequency for moving and compressing the file. Events written while using ARA or the dial-back security feature have their own messages: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-36 Description Packets in...
Page 403: Event Logging Using Syslog
Event Logging Using syslog The RA 6300 can log events for a system running a 4.3BSD-style syslog daemon or syslog to a port on the RA 6300. The RA 6300 parameter syslog_port deﬁnes the port to which logged messages are sent (for more details, see Using Event Logging on page A-40.
Page 404: Displaying User Activity
Displaying User Activity When the CLI who command is issued for an RA 6300, it displays the user name, the jobs the user is running, when the connection began, any idle time, and the source of the connection. This command also displays current users on other RA 6300s, and on other hosts, if those hosts have fingerd running for who user@host.
Page 405: Displaying Internal Modem Information
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • All users connecting to or from a speciﬁc host(s). • A single user or a group of users connected to the RA 6300. • All users connected to speciﬁc port or virtual CLI. •...
Page 406: Table B-13. Arguments For The Modem Command
-u <modem-range> -m <modem-range> modem Sample Display The modem command display looks like this: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-40 Description Displays a information that identifys the type of modems internal to the RA 6300.
Page 407: Displaying Ra 6300 Statistics
The CLI stats command displays general RA 6300 statistics, or statistics for one or more port types. It can also display statistics for the internal CSU (if present). A typical stats command display for an RA 6300 on an Ethernet network looks like this: The stats –s command displays statistics for all port types:...
Page 408 > displays statistics for synchronous (syn) number_range ports in the number range. For example, specifying a range of 1 through 4 (stats -ssyn1-4) displays statistics for the ﬁrst four synchronous ports. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-42...
Page 409: Table B-14. Arguments For The Stats -T Command
–T {clear|current|total|all} Table B-14. Arguments for the stats –T Command Argument current total clear Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 Table B-14 Description Displays T1/PRI statistics information for the current 15-minute interval.
Page 410 Circuit ID: T1 info: Loopback mode: no loopback Current Statistics: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-44 describes the ﬁelds that stats –T displays. The following is a Thu Oct 10 12:29:33 1996 EDT...
Page 411: Table B-15. Fields In The Stats -T Command Display
Field Alarm History Current Alarms (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 Description Displays the ﬁrst alarm that occurred after a boot or a stats -T clear command, preceded by the time at which the alarm occurred.
Page 412 ESF Error Event Errored Seconds (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-46 Description The T1/PRI engine’s Circuit ID displayed from the tni_circuit_id parameter. The loopback status has the following possible states: Loopback –...
Page 413 Loss of Frame Count Controlled Slip Seconds Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 Description A Severely Errored Second is a second with 320 or more CRC error events or one or more OOFs.
Page 414: Monitoring Session Activity
The superuser CLI tap command accesses (wire taps) a serial port from a terminal. Using tap, you can: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-48 The tap command will not work with PPP.
Page 415: Managing The Host Table
If these changes occur too rapidly, they may be lost. Managing the Host Table The host table contains this information for each host: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • Provide on-line advice and instructions to users at their terminals.
Page 416 32 days, it is deleted. The RA 6300 expects to receive an RWHO message from a host at least every six minutes; if no message is received in that time period, the host table status entry for that host is changed to down?.
Page 417 Book B If the host table acquires a new entry after it is full, the RA 6300 deletes the oldest, least-used entry to make room for the new one. If the host table is too small, it frequently changes. Increasing the size of the host table using the RA 6300 parameter host_table_size reduces these changes.
Page 418: Disabling Software Modules
The default is vci (disables the RA 6300 VMS interface). The syntax for disabling several modules is: set annex disabled_modules lat,snmp,ppp,slip Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-52 You should exercise extreme caution when disabling modules: •...
Page 419: Typical Configuration Problems
Each RA 6300 hardware platform provides a hardware installation guide that contains troubleshooting information. Many problems that occur after an RA 6300 is running are due to improper conﬁguration of the RA 6300 or a host. The following subsections describe the symptoms of several common conﬁguration problems.
Page 420: Wrong Host Address In Host Table
Wrong Host Address in Host Table The RA 6300 assumes that the host described in the data part of the RWHO packet sent the packet, and the IP header’s source-Internet- address field contains the host’s address. Usually, this assumption is correct because routers do not forward broadcast packets.
Page 421: All Network Ports Are In Use
The error message all network ports in use indicates that all available pseudo-terminals are in use. On BSD hosts, update /etc/ttys and create more pseudo-terminals in /dev. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-55...
Page 422 Chapter 1 Network Administration Book B Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-56...
Page 423: Simple Network Management Protocol (Snmp)
• Each SNMP agent collects information about its RA 6300 and provides that information to the Network Management Station running the RA 6300. The agent process acts as a server in a typical client-server model. • Management Information Bases (MIBs) located on the SNMP Network Management Station describe the information that comes from the agents.
Page 424: Snmp Management Stations
The RA 6300 uses a time-out and retry mechanism to guarantee the SNMP command’s delivery. If a time-out occurs, the RA 6300 does not know if the agent did not receive the command or if the agent’s response was lost.
Page 425: Configuring The Ra 6300 For Snmp
A sample entry in the gateway section of the conﬁguration ﬁle looks like this: annex 132.245.6.34 snmp community public snmp traphost 132.245.6.50 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) • community •...
Page 426 The keyword community defines an SNMP community name from which the RA 6300 responds to requests. At system start-up, the SNMP agent requires at least one community string to be deﬁned in the conﬁguration ﬁle. If the ﬁle does not contain a community string, the RA 6300 defaults to the community name public (unless SNMP is disabled in the parameter disabled_modules).
Page 427: Table B-16. Supported Snmp Traps
Traps are unsolicited administrative messages generated by SNMP agents on the network. The keyword traphost defines the host to which SNMP traps are sent. For the RA 6300 to generate traps, one or more trap host addresses must be deﬁned in the gateway section of the configuration file along with the SNMP community string.
Page 428: Snmp Commands
The parameter disabled_modules allows you to turn off certain features during software initialization (e.g., enter LAT, PPP, SLIP to turn these features off). If you disable SNMP, the RA 6300 will discard all SNMP messages it receives. By default, the SNMP agent on the RA 6300 is enabled (for more details, see disabled_modules on page C-51).
Page 429: Using Snmp Set To Send Commands To The Ra 6300
Using SNMP set to Send Commands to the RA 6300 The private enterprise MIB objects allow you to change the conﬁguration of the RA 6300. These conﬁguration changes do not take effect until the RA 6300 is rebooted. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 430 (all, macros, motd, nameserver, security) to the MIB object anxcReset. • To reset the RA 6300, use SNMP set to write the desired value to the MIB object anxcReset. • To reset a single serial port, use SNMP set to write the appropriate value to the character MIB object charPortReset (deﬁned in RFC 1316) that corresponds to the serial port to...
Page 431: Ra 6300 Standard Mib Support
The following standard MIBs are supported as read objects only: Character MIB RS232-like MIB Ethernet MIB Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) Deﬁned in... For information on restrictions...
Page 432: Mib Object Hierarchy
(see This section explains the relationship between the RA 6300 (and other Remote Annexes) and standard MIBs, listing the exceptions and restrictions placed on standard MIBs by the RA 6300 SNMP agent. This section includes: MIB Object Hierarchy MIBs deﬁne the hierarchy of managed objects. MIB objects represent data that the RA 6300 can retrieve or conﬁguration information that it...
Page 433: Restrictions On Standard Mibs
Object Name ifAdminStatus ifOperStatus atEntry (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) • A name (also referred to as an Object Identiﬁer (OID)). •...
Page 434: Table B-19. Rfc 1243 Appletalk
RFC 1243 AppleTalk MIB Restrictions The RA 6300 does not support the llap, rtmp, kip, zip, and nbp groups. It supports the aarp, atport, ddp, and atecho groups with the restrictions listed in Table B-19. RFC 1243 AppleTalk...
Page 435: Table B-20. Rfc 1389 Ripv2 Mib Objects
It does not support rip2PeerTable. Table B-20. RFC 1389 RIPv2 MIB Objects Object Name rip2IfStatStatus rip2IfConfDomain RipIfConfAuthKey ripIfConfStatus Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) Restrictions Read Object Limitations Read only None...
Page 436: Table B-21. Rfc 1398 Ethernet Mib Objects
Table B-21. RFC 1398 Ethernet MIB Objects Object Name dot3StatsSQETestErrors dot3StatsInternalMac ReceiveErrors RFC 1316 Character MIB Restrictions The RA 6300 supports the char group with the restrictions outlined in Table Table B-22. RFC 1316 Character MIB Objects Object Name charPortAdminStatus charPortOperStatus...
Page 437: Table B-23. Rfc 1317 Rs-232 Mib Objects
Table Table B-23. RFC 1317 RS-232 MIB Objects Object Name rs232AsyncPortParity rs232AsyncPortStopBits rs232SyncPortTable Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) Restrictions Read only Read only Maximum value is...
Page 438: Table B-24. Rfc 1406 Ds1 Mib Objects
Simple Network Management Protocol (SNMP) RFC 1406 DS1 MIB Restrictions All DS1 MIB objects necessary to conﬁgure the RA 6300 PRI interface are supported, but, for some objects you are limited to setting default values. RA 6300 supports this MIB with the restrictions described in Table B-24.
Page 439: Parameters Vs. Private Enterprise Mib
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) The RA 6300 supports a subset of the private MIB objects. For example, objects related to parallel ports are not supported by the RA 6300.
Page 440: Table B-25. Preﬁxes For Mib Object Names Related To The Ra 6300
All MIB object names have a preﬁx that indicates the MIB in which it is deﬁned; Table B-26 object names. Table B-25. Preﬁxes for MIB Object Names Related to the RA 6300 Preﬁx call anxt1 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX...
Page 441: Configuration Parameters Vs. Mib Objects
(continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) lists the conﬁguration parameter and the corresponding MIB MIB Object anxAcpKey ** not applicable **...
Page 442 (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-76 MIB Object anxLatKey anxLoadBcast anxLoadDumpGateway anxLoadDumpSeq anxLooseSrcRoute anxMaxVcli anxMinUniqueHostNames anxMotdFile anxNameServer1Type anxNameServer2Type...
Page 443 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) MIB Object anxSecurServer1Addr anxSecurServer2Addr anxRipAuth anxRipRouteList anxRouted anxRwhod anxSecurBcast anxServerCap...
Page 444: Table B-27. Lat-Speciﬁc Conﬁguration Parameters Vs. Mib Object Name
LAT-speciﬁc na Parameter circuit_timer facility_num group_value keep_alive_timer lat_queue_max retrans_limit server_name service_limit sys_location vcli_groups Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-78 lists the LAT-speciﬁc conﬁguration parameters and the MIB Object anxCircuitTimer anxFacilityNum anxLatGroupVal anxKeepAliveTimer anxLatQueueMax anxReXmitLimit anxServerName...
Page 445: Lat Statistic Objects
(continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) lists the LAT statistic objects; these objects provide the same Description total received run messages...
Page 446 MIB Object Name anxLatRecvFrames anxLatXmitFrames anxLatIllegalFrames anxLatCircuitTimeouts anxLatXmitSvcMsgs anxLatRecvSvcMsgs anxLatUsedSvcMsgs Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-80 Description total received frames total transmitted frames total illegal frames total circuit time-outs total transmitted service messages...
Page 447: Tmux-Specific Parameters Vs. Mib Objects
IPX Parameter ipx_do_checksum ipx_dump_password ipx_dump_path ipx_dump_username ipx_ﬁle_server ipx_frame_type Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) lists the TMux-speciﬁc parameters and their corresponding MIB Object Name anxTmuxDelay anxTmuxEnable anxTmuxMaxHost anxTmuxMaxMpx lists the IPX-speciﬁc parameters and their corresponding MIB...
Page 448: Interface Parameters Vs. Mib Objects
Table B-31. Interface Parameters vs. MIB Objects Interface Parameter rip_accept rip_advertise rip_default_route rip_horizon rip_recv_version rip_send_version rip_sub_accept rip_sub_advertise Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-82 lists the interface parameters and the corresponding MIB MIB Object interfaceRipAccept interfaceRipAdvertise interfaceRipDefRoute interfaceRipHorizon interfaceRipRecvVersion interfaceRipSendVersion...
Page 449: Global Port Parameters Vs. Mib Objects
(continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) lists the global port parameters corresponding to the MIB Table B-33 lists the PPP and SLIP port parameters and the •...
Page 450 (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-84 MIB Object gpSignalBackwardKey callSignalBackwardKey gpGenericBanner callGenericBanner gpBcastDirection callBcastDirection gpLineEditCharErase callLineEditCharErase gpGenericCliImask callGenericCliImask...
Page 451 (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) MIB Object gpLineEditEcho callLineEditEcho gpLineEditEraseChar callLineEditEraseChar gpLineEditEraseLine callLineEditEraseLine gpLineEditEraseWord...
Page 452 (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-86 MIB Object anxpLatbEnable gpLineEditMapToLower callLineEditMapToLower gpLineEditMapToUpper gpLineEditMapToLower anxMaxChapChallInt charPortTable.charPortEntry. charPortSessionMaximum gpGenericMode callGenericMode...
Page 453 (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) MIB Object gpTimerOutputIsActivity callTimerOutputIsActivity gpSignalOutputStartChar callSignalOutputStartChar gpSignalOutputStopChar callSignalOutputStopChar rs232AsyncPortTable.rs232AsyncPortEntry.
Page 454: Table B-33. Ppp And Slip Port Parameters Vs. Mib Objects
Table B-33. PPP and SLIP Port Parameters vs. MIB Objects PPP/SLIP Parameter allow_compression address_origin do_compression local_address metric (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-88 MIB Object gpGenericTermVar callGenericTermVar gpTn3270PrinterHost callTn3270PrinterHost gpTn3270PrinterName...
Page 455: Table B-34. Ppp And Slip Port Parameters Vs. Mib Objects (Continued)
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Simple Network Management Protocol (SNMP) MIB Object gpPPPAcm callPPPAcm gpPPPMru callPPPMru gpPPPNcp callPPPNcp anxPppNcp anxSyncPppNcp...
Page 456: Table B-35. Multi-Link Ppp Parameters Vs. Mib Objects
Chapter 2 Simple Network Management Protocol (SNMP) Table B-35. Multi-Link PPP Parameters vs. MIB Objects Multi-Link PPP Parameter MIB Object mp_mrru mp_endpoint_option mp_endpoint_value Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX B-90 mpMrru mpEndPointClass mpEndPointValue Book B...
Page 457: Na Commands
The RA 6300 stores the parameters set using na in non-volatile memory. After a reboot or a reset, the RA 6300 updates its run-time parameters with the non-volatile parameters changed by na. The na utility can communicate with the RA 6300 only when the RA 6300 is running its operational code.
Page 458: Command Notation
Additionally, na permits comments when the # character is present at the beginning of a comment line. All characters between the # and the next new line are ignored. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • You can abbreviate commands and parameter names to the minimum number of characters that uniquely distinguish the name from any other name that may appear in the same context.
Page 459: Table C-1. Arguments For The Na Commands
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 Description A symbolic name or an IP address assigned to an RA 6300: 132.245.254.38 0xC0.0x9.0xC8.0x64 A list of one or more annex_identifiers separated by commas: support,132.245.254.42,lab...
Page 460: Commands
(continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX lists the na commands; the following subsections describe Description Deﬁnes a default annex_list used with subsequent commands. Boots the RA 6300.
Page 461: Annex
The annex command establishes a default annex_list that is used in subsequent commands. Before issuing an na command, specify the RA 6300 to which the executed command refers. The RA 6300s you specify using the annex command become the default annex_list. You can group several RA 6300s into a single list, and then issue one command for the entire group of RA 6300s.
Page 462 132.245.6.40,frontlobby The following annex command displays a message identifying the specified RA 6300, its Internet address, the number of serial lines it has, and its software version: command: annex 132.245.6.1 132.245.6.1: Remote Annex 6300 Rx.x...
Page 463: Boot
If the password is incorrect a second time, na drops the RA 6300 from the annex_list. If an RA 6300 in the list does not respond, na ignores that RA 6300 and prints a status message: 132.245.6.1: Not responding...
Page 464: Table C-3. Supported Arguments For The Boot Command
Pressing the Return key accepts the default annex_list. Identiﬁes the name of the ﬁle in which the RA 6300’s image is maintained. If you do not enter a ﬁlename, the RA 6300 prompts for one. Pressing the Return key at the prompt directs the RA 6300 to boot the default ﬁlename.
Page 465: Broadcast
(return for default): <cr> warning: Shutting down for PM The RA 6300 can request its boot ﬁle from a deﬁned preferred load host. If that host is not deﬁned, or does not respond, the RA 6300 broadcasts its request and boots from the ﬁrst load host to respond.
Page 466: Copy
Chapter 1 na Commands copy The copy command copies a given set of parameters from one RA 6300 (or global port) to another RA 6300 (or global port). each copy command. The syntax is: copy annex annex_identiﬁer annex_list copy interface interface_name@annex_identiﬁer interface_set copy printer printer_number@annex_identiﬁer printer_set...
Page 467: Dumpboot
The dumpboot command performs a dump of every RA 6300 specified in the annex_list and then reboots the RA 6300. You can set the boot time, and the dumpboot command sends a warning message to users attached to the RA 6300.
Page 468: Table C-6. Arguments For The Dumpboot Command
Pressing the Return key accepts the default annex_list. Identiﬁes the name of the ﬁle in which the RA 6300’s image is maintained. If you do not enter a ﬁlename, the RA 6300 prompts for one. Pressing the Return key at the prompt directs the RA 6300 to boot the default ﬁlename.
Page 469: Echo
Table C-7. Arguments for the help Command command_name parameter_name syntax Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX defines the arguments for help. The syntax is: Displays the command syntax, along with a description of the command and its arguments.
Page 470 (annex parameter): Minutes west of GMT: an integer toggle_output (serial port parameter): character used to toggle output: a character type (printer parameter): printer interface style: (dataproducts or centronics) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-14...
Page 471: Interface
| port | all If you do not identify a speciﬁc RA 6300 using the @ symbol and a name or Internet address when entering the interface_set, all RA 6300s in the current annex_list are used. An interface_set referring to the default annex_list is updated if a new annex command is issued.
Page 472: Password
RA 6300-specific administrative password. Enter a password for a given RA 6300 only once during an na session, even if the RA 6300 is dropped or the default annex_list is changed.
Page 473: Read
Use read either to restore an RA 6300 configuration that has been lost, or to copy parameter settings from one RA 6300 to another. The syntax is: read ﬁlename...
Page 474: Reset
The allowed values for annex_subsystem are security, motd, nameserver, macros, lat, syslog, and all. The reset annex session command causes the RA 6300 to re-read the Session Parameter Blocks from the conﬁguration ﬁle. Existing calls are not reset. No new calls are answered while the reset is in progress.
Page 475: Table C-8. Keywords For The Reset Command
Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Deﬁnition Resets all serial ports and virtual CLI connections. Resets the message-of-the-day, the Session Parameter Blocks, the security, name server, LAT, and syslog subsystems, and customized user interface macros.
Page 476: Set
If you are entering multiple parameter arguments that require a new line, precede the new line with the ‘‘\’’ character. Changes made to parameters take effect after booting or resetting the RA 6300 or the port(s). Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-20 The set command requires superuser privileges.
Page 477: Show
[=interface_list] [keyword | interface_parameters] show port [keyword | port_parameters] show pri [keyword | pri_line parameters] show pri b [=range] b_channel_parameters Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 1 Displays RA 6300 parameters. Displays interface parameters.
Page 478: Table C-9. Keywords For The Show Annex Command
Table C-9. Keywords for the show annex Command Keyword appletalk generic (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-22 • Table C-9 lists the keywords and associated parameters for the show annex command.
Page 479: Table C-10. Keywords For The Show Interface Command
Table C-10. Keywords for the show interface Command Keyword port Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Parameters pref_mop_host, mop_password, login_prompt, login_password, login_timer nameserver_broadcast, rwhod, pref_name1_addr, pref_name2_addr, name_server_1, name_server_2, host_table_size, min_unique_hostnames...
Page 480: Table C-11. Keywords For The Show Port Command
ﬂow generic security serial (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-24 Parameters Displays all asynchronous port parameters. at_guest, at_nodeid, at_security, arap_v42bis attn_string, echo, telnet_escape, telnet_crlf, map_to_lower, map_to_upper, char_erase, line_erase, hardware_tabs,...
Page 481: Table C-12. Keywords For The Show Pri Command
Table C-12. Keywords for the show pri Command Keyword Table C-13. Keywords for the show pri b Command Keyword Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Parameters local_address, address_origin, metric, slip_ppp_security, net_inactivity, do_compression, allow_compression, net_inactivity units, subnet_mask, slip_mtu_size,...
Page 482: Write
The write command creates a script file from the configuration data for a specific RA 6300. You can modify this script file using any text editor. Use the write command either to back up the current RA 6300’s conﬁguration or copy it to multiple RA 6300s. Once you write a script ﬁle, issuing the read command activates the RA 6300 parameter settings...
Page 483 The following example uses the write and read commands to install a new RA 6300 and to create a back-up copy of an RA 6300. The first line writes configuration data for the RA 6300 thirdfloor to a file named thirdfloor.prm.
Page 484 Chapter 1 na Commands Book C Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-28...
Page 485: Configuration Parameters
Book C Administrator’s Guide for UNIX. The conﬁguration parameters define the operating characteristics for a given RA 6300. There are three ways in which you can configure and manage these parameters: This chapter includes the following sections: Parameter Conventions This section describes the conventions for entering parameter values and returning those values to the supplied defaults.
Page 486: Entering Parameter Values
Entering Parameter Values The conventions for entering parameter values depend on the type of information the parameter deﬁnes. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-30 • For parameters requiring an IP address, specify the address in dot notation as a decimal number (from 0 to 255), a hexadecimal number, or a combination of both: 192.9.200.100,...
Page 487: Setting Parameters To Supplied Defaults
To set an interface parameter to its default value, use the set interface Parameters command: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX set annex annex_parameter 0 The set annex annex_parameter 0 command sets parameters that require a numeric value.
Page 488 These parameters are set by choosing either an option from a known list or a yes/no response. The keyword default sets these parameters to their default values. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-32 set port port_parameter ^@ set port port_parameter ""...
Page 489: Parameter Descriptions
Book C Setting All Parameters To set all of the RA 6300’s parameters to the supplied defaults, use the ROM monitor erase command (see the appropriate Annex Hardware Installation Guide). This command erases all parameters, including the RA 6300’s IP address. After issuing erase, you must re-enter the RA 6300’s IP address and re-configure the RA 6300.
Page 490: Table C-14. Keywords For The Show Annex Command
(continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-34 The AppleTalk, tn3270, and IPX parameters are visible only when the option_key parameter is set to the correct key value.
Page 491: Table C-15. Keywords For The Show Interface Command
Table C-15. Keywords for the show interface Command Keyword port Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Parameters pref_mop_host, mop_password, login_prompt, login_password, login_timer lat_key, facility_num, server_name, sys_location, lat_queue_max, service_limit, keep_alive_timer,...
Page 492: Table C-16. Keywords For The Show Port Command
ﬂow timers security editing (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-36 Parameters Displays all asynchronous port parameters mode, location, type, term_var, prompt, cli_interface, speed, autobaud, data_bits, stop_bits, parity, max_session_count,...
Page 493: Table C-17. Keywords For The Show Pri Command
Table C-17. Keywords for the show pri Command Keyword Table C-18. Keywords for the show pri b Command Keyword Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Parameters local_address, address_origin, metric, slip_ppp_security, net_inactivity, do_compression, allow_compression,...
Page 494: A_Router
The parameter descriptions that follow are in alphabetical order. a_router The Ethernet address of the network’s A_Router. The RA 6300 uses this value as a hint at start-up. When a Routing Table Maintenance Protocol (RTMP) message arrives from this Ethernet address, the RA 6300 gleans the AppleTalk DDP address from the packet and tries to talk to the AppleTalk router.
Page 495: Address_Origin
PPP/IPCP link. Table C-19. Valid Options for address_origin Parameter Option local dhcp Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Table C-19 describes the options. The default is local. Description RA 6300 passes its own address, and the user name and port, to the ACP host.
Page 496: Allow_Broadcast
This Annex parameter enables the RA 6300 to accept and process SNMP set commands. When disabled, the RA 6300 rejects all SNMP set commands; the RA 6300 SNMP agent returns the error no such name for the ﬁrst object in the set command. A Y enables this parameter, an N disables it.
Page 497: At_Guest
RA 6300 uses ACP to get security information about the client, including authentication, logging, and zone access. If at_security is not enabled, the RA 6300 uses only local security. A Y enables this parameter, an N disables it. The default is N.
Page 498: Attn_String
PPP. If the number of seconds is exceeded or the user enters a carriage return before the call is detected as PPP, the RA 6300 places the user in CLI mode. Valid values are 1–60. The default is 30.
Page 499: Authorized_Groups
This asynchronous port parameter specifies the LAT protocol remote group codes that are accessible to users on a given RA 6300 port. You can enter all, none, a series of numbers between 0 and 255 separated by commas (e.g., 1, 5,7) or a range of numbers between 0 and 255 separated by dashes (e.g., 1–5,200–255) followed by enabled or disabled.
Page 500: Broadcast_Addr
However, if you have more than one subnet on the same physical cable, the RA 6300 will broadcast to all nodes on all of the subnets. This can be troublesome if some of the subnets or nodes do not recognize the broadcast.
Page 501: Broadcast_Direction
(deﬁned by the mode parameter). If you specify network, the RA 6300 sends administrative broadcast messages out the network side of the connection to the initiator. If you specify port, the RA 6300 sends broadcast messages out the port side of the connection. buildout This PRI line parameter is applicable only to RA 6300s with internal CSUs.
Page 502: Circuit_Timer
When this asynchronous port parameter is enabled, the RA 6300 masks CLI input to seven bits. The RA 6300 masks input only at the CLI. When cli_imask7 is disabled, the RA 6300 expects eight-bit ASCII input. A Y enables this parameter, an N disables it. The default is Y.
Page 503: Cli_Inactivity
Entering 0 disables the timer; entering 255 causes the RA 6300 to disconnect as soon as it exits from its last job. Entering immediate causes the RA 6300 to hang up the port immediately after exiting the last job. cli_interface This asynchronous port parameter allows you to control the prompt that appears for VMS or UNIX environments.
Page 504: Cli_Security
RA 6300 security mechanism other than the administrative password for CLI ports. A Y enables this parameter, an N disables it. The default is N. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-48 Expansion The string annex.
Page 505: Daylight_Savings
The supplied security policy scans the ﬁle /install-directory/acp_restrict to authorize a connection to a host from the RA 6300. If authorization is not granted, the connection is not made. A Y enables this parameter, an N disables it. The default is N.
Page 506: Dedicated_Arguments
You must use spaces to separate zone names (e.g., general engineering lab). To escape embedded spaces within a zone name, use the backslash (\) character. If you do not set this parameter, the RA 6300 provides the network zone list. The default is a null string ("").
Page 507: Disabled_Modules
Valid options are admin, atalk, edit, ﬁngerd, ftpd, ipx, lat, nameserver, ppp, slip, snmp, tn3270, tstty, vci, all, or none. The default is vci (disables the RA 6300 VMS interface). Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX You should exercise extreme caution when disabling modules: •...
Page 508: Echo
This PRI line parameter speciﬁes the approximate distance, in meters, from the RA 6300 PRI interface to the external CSU. Enter this as a range, e.g., 0–25, as a single number, e.g., 30, or as a unique part of a range, e.g., 136–.
Page 509: Enable_Security
PRI line. Valid values are att and ansi. This parameter is applicable only to internal CSUs used with T1/PRI lines. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-53...
Page 510: Erase_Word
On non-virtual ports, a forward_key string can range from 1 to 16 characters. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-54...
Page 511: Forwarding_Count
Allowable values range from 0 to 255 or off. The default is 5 (50 ms); if you set the value to 0, the RA 6300 uses 5. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX If you use both forwarding_count and forwarding_timer, the RA 6300 uses the value that occurs ﬁrst.
Page 512: Group_Value
Allowable values range from 0 to 255. Entering 255 allows an unlimited number of entries; entering 254 indicates that there is no host table. In this case, the RA 6300 requires a name server to resolve every host name. The default is 64.
Page 513: Imask_7Bits
N disables it. The default is N. inactivity_timer This asynchronous port parameter speciﬁes the number of minutes that a port can remain inactive. If the timer expires, the RA 6300 terminates all sessions and resets the port. You can use the input_is_activity and output_is_activity parameters to deﬁne activity as input to the port or output from the port.
Page 514: Inet_Addr
Table C-21. Valid Options for the input_ﬂow_control Parameter Option bell start/stop none Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-58 describes the valid options; the default is bell. Description The RA 6300 rings the terminal bell (sends buffer is full.
Page 515: Input_Is_Activity
This asynchronous port parameter deﬁnes activity as input. When enabled, the RA 6300 sets the inactivity timer when it receives input at the port. A Y enables this parameter, an N disables it. The default is Y. input _ start _ char This asynchronous port parameter deﬁnes the control character sequence...
Page 516: Ipso_Class
This Annex parameter allows an RA 6300 to broadcast a packet to the SLIP or PPP interfaces. When the RA 6300 receives a packet sent to a broadcast address (except 0.0.0.0 and 255.255.255.255), it scans the list of installed interfaces and matches the broadcast address against the interface’s remote address using a subnet or net mask.
Page 517: Ipx_Do_Checksum
This Annex parameter contains a user password for logging on to the Novell ﬁle server before the RA 6300 sends a dump ﬁle to the server. The string size ranges from 0 to 16 characters. The default is “<unset>”.
Page 518: Ipx_File_Server
Book C ipx_ﬁle_server This Annex parameter contains the name of the Novell ﬁle server from which the RA 6300 boots. The string size ranges from 0 to 48 characters. This parameter has no default value. ipx_frame_type This Annex parameter deﬁnes the framing used for IPX packets on the Ethernet interface.
Page 519: Table C-22. Arguments Used With Ipx_Network Parameter
Table C-22. Arguments used with ipx_network parameter Argument channel_range net_number increment Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Table C-27. Description An integer specifying the number of a single B channel, a...
Page 520: Ipx_Node
ﬁeld of the acp_dialup ﬁle, if that ﬁeld is conﬁgured correctly. If the node number is not set in acp_dialup or through the ipx_node parameter, and no value is suggested by the client, the RA 6300 uses its own Ethernet address plus 1.
Page 521: Ipx_Security
This asynchronous port parameter controls whether or not IPX security is enabled on the port. A Y enables this parameter, an N disables it. The default is N. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Description...
Page 522: Ixany_Flow_Control
This Annex parameter restricts access to LAT-related RA 6300 commands, parameters, functions, and the LAT protocol within the RA 6300. Each RA 6300 requires a unique key value (contact your supplier to obtain a LAT key). After setting the key, your system administrator must reboot the RA 6300.
Page 523: Load_Broadcast
This asynchronous port parameter allows an RA 6300 to echo line erase for a video terminal. When enabled, the RA 6300 erases all characters on the line and moves the cursor back to the beginning of the line. When...
Page 524: Load_Dump_Gateway
This asynchronous/synchronous global port parameter deﬁnes the IP address for the asy, ta, or syn port on the RA 6300 side of a link. This IP address is used only when the mode parameter is set to slip or ppp. The default is 0.0.0.0.
Page 525: Location
0 to 16 characters. The default is a null string (""). lock_enable This Annex parameter enables any port to use the RA 6300 interface for VMS Environment’s lock command. A Y enables this parameter, an N disables it. The default is N.
Page 526: Long_Break
This asynchronous port parameter enables an RA 6300 to return a user to the CLI prompt after receiving a break signal of more than two seconds. When disabled, the RA 6300 passes the break to the local application. A Y enables this parameter, an N disables it. The default is Y.
Page 527: Loose_Source_Route
Routing and Record options set. The RA 6300 accepts these packets only if the RA 6300 itself is the ultimate destination. If the packets are not addressed to the RA 6300, they are dropped and the RA 6300 sends an ICMP type Destination Unreachable message with a code of Source Route Failed will to the originator.
Page 528: Map_To_Upper
This Annex parameter determines the maximum number of virtual CLI connections the RA 6300 can create at a time. Allowable values are the string unlimited or a decimal number from 0 to 254. A value of 0 prevents any virtual CLI connections. The default is unlimited.
Page 529: Metric
Modify this parameter only if you want the RA 6300 to use a route other than the SLIP or PPP interfaces to the remote end. Allowable values are 1 to 15. The default is 1.
Page 530: Mop_Password
This Annex parameter contains the MOP maintenance password. In this 8-byte password, each byte consists of two hexadecimal digits. The string size ranges from 0 to 16 characters. For security reasons, the RA 6300 displays values as “<set>” or “<unset>.” The default is “<unset>.”...
Page 531: Motd_File
This Annex parameter deﬁnes the type of name service used with the primary name server. When using this parameter, you must specify a host using the pref_name1_addr. The options are dns, ien_116, or none. The default is none. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-75...
Page 532: Name_Server_2
The options are dns, ien_116, or none. The default is none. nameserver_broadcast This Annex parameter deﬁnes whether or not the RA 6300 broadcasts a name server request if the preferred name servers do not respond. A Y enables this parameter, an N disables it. The default is N.
Page 533: Net_Inactivity
To set an inactivity timer of two minutes, set: net_inactivity_units=minutes net_inactivity=2 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Since the accuracy of the inactivity timer is within ﬁve seconds, if net_inactivity_units is set to seconds, we recommend using a value for net_inactivity that is a multiple of ﬁve.
Page 534: Network_Turnaround
This Annex parameter deﬁnes the approximate number of seconds that an RA 6300 waits for a response from a security server (an algorithm deﬁnes the actual time which typically is longer than the deﬁned value). This parameter works only when the enable_security parameter is set to Y.
Page 535: Node_Id
This Annex parameter speciﬁes the address the RA 6300 tries to acquire at start-up. If this address is in use, the RA 6300 must acquire a new node ID. The node_id is an AppleTalk address in the form net.node. Valid net values are 0 to 65534;...
Page 536: Output_Flow_Control
Option bell start/ stop both none Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-80 Table C-26 Description Comparable to setting the parameter to none. Selects hardware ﬂow control; eia works only if the control_lines parameter is set to ﬂow control or both and the device is wired properly.
Page 537: Output_Is_Activity
RA 6300 resets the inactivity timer when it sends output from the port. If the line type is hardwired, the RA 6300 also places an entry in the who table. A Y enables this parameter, an N disables it. The default is N.
Page 538: Parity
RA 6300’s IP address in dotted- decimal notation . If the RA 6300 is not yet conﬁgured with an IP address and the administrative password has not been modiﬁed (either via this parameter or via the CLI passwd command), the default password is a null string ("") .
Page 539: Passwd_Limit
This Annex parameter deﬁnes the maximum number of times a user can try to enter a password before an RA 6300 resets the port. Entering zero sets the limit to 3. Allowable values range from 0 to 10 (entering 0 sets the value to the default).
Page 540: Ppp_Acm
The RA 6300 requests the ppp_acm parameter as its local mask. If the peer rejects ppp_acm, the RA 6300 accepts the hint if it is a superset of the RA 6300’s mask; otherwise, it uses the PPP default of 0xFFFFFFFF.
Page 541 The CLI command netstat –ipnn, where nn is the port number, displays the true mask (ACCM) value, i.e., the value negotiated between the two PPP processes. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • If input_ﬂow_control is set to start/stop, the following two additions are made: If input_start_char is 0–31 decimal, the bit indexed by this...
Page 542: Ppp_Mru
(MRU) that the RA 6300 requests as its local MRU. If NAKed and the remote hint is less than this value, the RA 6300 accepts the hint; otherwise, the RA 6300 requests the PPP default (1500). Values range from 64 to 1500.
Page 543: Ppp_Sec_Auto
Y and N. If ppp_sec_auto is set to Y and enable_security is set to Y, and if the user accesses the RA 6300 in CLI mode (e.g., by entering a carriage return after dialing in) and then switches to ppp mode (by issuing the ppp command), the RA 6300 treats the ppp_security_protocol as if it were set to none.
Page 544: Ppp_Username_Remote
(""). pref_dump_addr This Annex parameter speciﬁes the IP address for the preferred dump host. This is the host to which the RA 6300 ﬁrst tries to dump. The default is 0.0.0.0. pref_load_addr This Annex parameter speciﬁes the IP address for the preferred load host.
Page 545: Pref_Dhcp1_Addr
This Annex parameter speciﬁes the IP address of the host speciﬁed in the name_server_2 parameter or a back-up host that serves if name_server_2 is set to none. The default is 0.0.0.0. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-89...
Page 546: Pref_Secure1_Host
This asynchronous port parameter speciﬁes the IP address or fully qualiﬁed domain name of a machine running a Berkeley-style lpd server. The tn3270 command uses this server for the print-screen function. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-90...
Page 547: Printer_Name
This asynchronous port parameter deﬁnes the reprint line character for CLI users. The allowable value is a control character sequence. The default is CTRL-R (^R) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-91...
Page 548: Remote_Address
Table C-27. Arguments for the remote_address Parameter Argument channel_range ip_addr increment Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-92 describes the arguments used with remote_address. Description An integer specifying the number of a single B channel,...
Page 549: Reset_Idle_Time_On
Table C-28. Valid Options for the rip_accept Parameter Option access_spec none Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Chapter 2 Table C-28 lists the valid options; the default Description Uses the form [include | exclude] network_list where...
Page 550: Rip_Advertise
(""). rip_default_route This interface parameter allows an RA 6300 to advertise that it is the default router. Valid values are 0 through 15, or off. A value of 1 through 15 indicates the hop count that will be advertised. A value of 0 or off turns off the advertisement.
Page 551: Rip_Horizon
Table C-31. Valid Options for the rip_recv_version Parameter Option both Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX describes the valid options for this parameter. The default is Description Disables split horizon. Enables split horizon without poison reverse.
Page 552: Rip_Routers
This Annex parameter lets you force RIP to direct periodic RIP updates to a router list rather than broadcasting updates. Valid values are the IP addresses of up to eight directly reachable routers. The RA 6300 ignores any address that is not on an attached subnet. Specifying the default, all, restores broadcasting.
Page 553: Rwhod
When enabled, the RA 6300 broadcasts for security; when disabled, the RA 6300 does not broadcast for security. A Y enables this parameter, an N disables it. The default is Y.
Page 554: Server_Capability
This Annex parameter deﬁnes the maximum number of LAT services that an RA 6300 can maintain in its local service table. When the table is full, the RA 6300 removes the service that has been idle longest. If all services are busy and the table is full, the RA 6300 discards a new service.
Page 555: Short_Break
This Annex parameter speciﬁes the maximum number of active sessions the RA 6300 allows at one time. Allowable values range from 1 to 1152 or none (entering none sets the value to 1152). The default is 1152. short _ break This asynchronous port parameter allows an RA 6300 to return a user to the CLI prompt after receiving a break of less than two seconds.
Page 556: Stop_Bits
This asynchronous port parameter controls dial-up SLIP/PPP access. When this parameter and the enable_security parameter are enabled, the RA 6300 determines whether or not the user at the CLI is authorized to execute a slip or ppp command. A Y enables this parameter, an N disables it.
Page 557: Subnet_Mask (Port
The switch type parameter is not case-sensitive. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Setting this parameter incorrectly can cause routing problems. , a blank string. The RA 6300 interprets this as the switch ""...
Page 558: Syslog_Facility
(deﬁned by syslog_mask). syslog_host This Annex parameter deﬁnes the IP address of the host that logs RA 6300 messages. The default, 0.0.0.0, causes the RA 6300 to broadcast its log messages.
Page 559: Tcp_Keepalive (Ra 6300
If the recipient does not acknowledge the message after eight retries, the RA 6300 drops the connection. Valid values are 0 through 255 (minutes). A value of 0 sets the keep-alive time to 120 minutes, which is the default;...
Page 560: Term_Var
CLI connection. You must enter a valid terminal type for the host. The RA 6300 passes the terminal type setting to the host. The string size ranges from 0 to 16 characters. The default is a null string ("").
Page 561: Tftp_Dump_Name
This Annex parameter provides the file name used to dump an RA 6300’s core image via tftp if the RA 6300 operational image and erpcd fail. The parameter must include the entire path of the dump file, including parent directories.
Page 562: Timezone_Minuteswest
Send queries to given broadcast address –– may require timezone_minuteswest This Annex parameter deﬁnes the time zone in which the RA 6300 resides. Enter a positive number of minutes for time zones west of GMT, or a negative number for time zones east of GMT. For example, enter 300 for U.S.
Page 563: Tmux_Enable
This Annex parameter speciﬁes the largest user packet that can be placed in a TMux packet. The RA 6300 does not multiplex larger packets, but passes them directly to the IP layer. Allowable values are 5 through 65535; the default is 700.
Page 564: User_Name
Following the range, specify the keyword enable or disable. Allowable values are all, none, or numbers between 0 and 255. Following the range, specify the keyword enable or disable. The default is none enable. Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-108...
Page 565: Vcli_Inactivity
This Annex parameter enables user validation on virtual CLI connections to and from an RA 6300 for the duration of the connection. When enabled, the RA 6300 enables connection security for all virtual CLI connections and executes the same user validation, including user name and password, that it uses with CLI security on asynchronous ports.
Page 566: Zone
Book C zone This Annex parameter deﬁnes the AppleTalk zone name that the RA 6300 uses at start-up. The string size ranges from 0 to 32 characters. You must separate zone names with spaces (e.g., general pubs lab). To escape embedded spaces, use the backslash (\) character.
Page 567: Using The Cli Commands
Command Line Interpreter (CLI) commands. When using that chapter with an RA 6300, note that: Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Using the CLI Commands his chapter in the Remote Annex Administrator’s Guide for UNIX •...
Page 568 Chapter 3 Using the CLI Commands Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-112 synn (where n is an integer specifying the number of an internal synchronous port.) tan (where n is an integer specifying the number of an internal TA (V.120) port.
Page 569 Book C Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX • For the RA 6300, the default value for the baud parameter set by the stty command is 115200, not 9600. Also, the default value for the oﬂow argument is eia for the RA 6300.
Page 570 Chapter 3 Using the CLI Commands Book C Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-114...
Page 571: Erpcd
Annex boot, dump, and ACP security requests. This daemon contains two programs: Table C-36 /etc/erpcd [ [–D[level]] [–c [maxnumber] [–d [udpport][–f [directory]\ Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX his chapter in the Remote Annex Administrator’s Guide for UNIX • aprint.
Page 572: Table C-36. Supported Arguments For Erpcd
–Dlevel –c maxnumber –d udpport (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-116 For expert C coders only: the host erpcd daemon can implement macros, extended commands, command logging, and arbitrary security restrictions through a set of interface routines to the Annex CLI.
Page 573 –s directory –u f ilename –b max_con (continued on next page) Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX Description Speciﬁes the location of the bfs ﬁles (load/dump); defaults to the deﬁned bfs directory (usually /usr/spool/erpcd/bfs).
Page 574 –lL –aA –n –tT –v Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX C-118 Description The number of non-consecutive login failures a user is permitted before being blacklisted. Valid values are 0-20. A value of 0 enables blacklisting upon any login failure (not recommended).
Page 575 A-99, A-102, A-168, A-171 locking A-332 acp_passwd file A-336, C-83 for use with Kerberos A-301 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX acp_policy.c file C-116 acp_policy.doc file C-116 acp_policy.h file A-332 acp_regime file A-245 to A-247...
Page 576 A-199 to A-201, A-291 ARAP A-183 arap command A-191 arap_v42bis parameter A-188, C-41 Index-2 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX table management B-32 arp command A-191 at_connect_time A-264 at_guest parameter A-189 at_nodeid parameter A-189, C-41...
Page 577 A-296 chap_auth_name parameter A-296, C-45 chap_secret A-268, A-295 char_erase parameter C-46 circuit_timer parameter C-46 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX masking commands A-333 prompt, setting for environment customization A-44 to A-45 protecting A-221...
Page 578 C-68 load_dump_sequence C-68 lock_enable C-69 login_password C-69 login_prompt C-70 login_timer C-70 loose_source_route C-71 Index-4 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX max_chap_chall_int C-72 max_vcli C-72 min_unique_hostnames C-73 mop_password C-74 motd_file C-75 multicast_timer C-75 name_server_1 C-75...
Page 579 C-53 erase_word C-54 forward_key C-54 forwarding_count C-55 forwarding_timer C-55 hardware_tabs C-56 imask_7bits C-57 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX inactivity_timer C-57 input_flow_control C-58 input_is_activity C-59 input_start_char C-59 input_stop_char C-59 ipso_class C-60 ipx_security C-65...
Page 580 C-52 fdl_type C-53 num_b_channels C-79 switch_type C-101 RIP-specific interface rip_accept C-93 rip_advertise C-94 Index-6 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX rip_default_route C-94 rip_horizon C-95 rip_next_hop C-95 rip_recv_version C-95 rip_send_version C-96 rip_sub_accept C-96 rip_sub_advertise C-97...
Page 581 C-52 dump host setting for Annex configuration A-30 dumpboot command C-11 arguments for C-12 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX dumping configuring for Annex A-28 to A-33 using tftp A-33 Dynamic Host Configuration Protocol...
Page 582 MIB objects B-83 to B-88 group profile criterion A-239 group_value parameter C-56 groups Index-8 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX creating for security A-244 hardware_tabs parameter asynchronous port C-56 help command C-13 to C-14...
Page 583 IPX protocol A-153 to A-182 accessing IP nodes via FastLink II A-171 buffer pools A-176 configuring for Annex A-50 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX configuring standards-based A-171 disabling A-157 enabling A-155 to A-157 information, obtaining A-171 to A-182 and statistics for interfaces/802.2 A-182...
Page 584 C-68 load-dump sequence setting for Annex configuration A-30 loading files A-16 Index-10 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX local password protection for Annex A-34 for virtual CLI (VCLI) connections A-218 overview A-217 to A-222...
Page 585 A-47, C-75 multicast_timer parameter C-75 multisessions_enable parameter C-75 annex command C-5 to C-7 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX boot command C-7 to C-9 broadcast command C-9 command notation C-2 to C-4...
Page 586 A-180 netstat -xs command using to display server names, types, and addresses A-178 Index-12 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX network active connections B-11 administration B-1 interfaces, for IPX A-175 number, IPX A-180...
Page 587 AppleTalk over A-202 authentication type A-111 connecting single host using A-98, A-167 connecting to single host using with fixed Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX addresses A-101, A-170 connecting two subnets A-102 link connecting two subnets A-103...
Page 588 B-4, B-5 pri call B-5, B-6 sample display B-4 pri commands Index-14 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX pri b A-118, A-123, A-124 PRI interface configuring A-52 to A-54 PRI line A-212...
Page 589 B-26 routed parameter A-47, C-97 routes IPX A-177 routing Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX across PPP link (basic passive RIP) A-105 table statistics and information B-22 to B-25 RWHO protocol A-37, B-49...
Page 590 A-231 setting up ACP encryption key A-233 SLIP and PPP A-228 Index-16 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX using filters for A-300 using Kerberos authentication for A-301 security profiles configuring /etc/group file A-244...
Page 591 SLIP Configuration Samples A-124 to A-128 connecting a single device A-124 to A-127 connecting two subnets A-127, A-128 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX SLIP Overview for the RA 6300 A-115 slip_mtu_size parameter C-99...
Page 592 -o command A-157 stats -p command using to display statistics for parallel ports B- Index-18 Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX object stats -s command using to display statistics for serial ports B- stats –T command C-111...
Page 593 A-48 tuple in nve_filter entries A-265 to A-266 User Datagram Protocol. See UDP user validation Remote Annex 6300 Supplement to the Remote Annex Administrator’s Guide for UNIX disabling A-326 user_name parameter C-108 username profile criterion A-239 utilities...