Page 1 MALL FFICE EMOTE CCESS WITCH ’ UIDE Release 7.2 Cabletron Systems (603) 332-9400 phone (603) 337-3075 fax support@ctron.com...
Page 2 USER’S GUIDE Only qualified personnel should perform installation procedures. CAUTION NOTICE You may post this document on a network server for public use as long as no modifications are made to the document. Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice.
Page 3: Fcc Notice
TRADEMARKS Cabletron Systems, CyberSWITCH, MMAC-Plus, SmartSWITCH, SPECTRUM, and SecureFast Virtual Remote Access Manager are trademarks of Cabletron Systems, Inc. All other product names mentioned in this manual are trademarks or registered trademarks of their respective companies. COPYRIGHTS All of the code for this product is copyrighted by Cabletron Systems, Inc. ©...
Page 4 USER’S GUIDE WARNING: Changes or modifications made to this device which are not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. DOC NOTICE This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.
Page 5: Table Of Contents
CONTENTS Using this Guide 22 Documentation Set 23 Guide Conventions 24 YSTEM VERVIEW The CyberSWITCH 26 The CyberSWITCH Network 26 Unique System Features 27 Interoperability Overview 29 Interoperability Protocols 29 Interoperability Devices 30 Security Overview 31 Network Interface Overview 31 System Components 32 Remote ISDN Devices 32 Switches Supported 33...
Page 6 USER’S GUIDE Ordering BRI ISDN Lines using Provisioning Settings 44 Provisioning Settings for AT&T 5ESS Switches 45 AT&T 5ESS NI-1 Service 45 AT&T 5ESS Custom Point-to-Point Service 46 Provision Settings for Northern Telecom DMS-100 Switches 46 Northern Telecom DMS100 NI-1 Service 47 Northern Telecom DMS100 Custom Service 48 Hardware Installation 49 Pre-Installation Requirements 49...
Page 7 Configuring Resources and Lines 69 Overview 69 Resources 69 Configuring Resources 69 Resource Configuration Elements 71 Resource Background Information 71 Lines 72 Configuring Lines 72 Configuring Changes for a COMMPORT Resource 73 Line Configuration Elements 74 Line Background Information 77 Subaddresses 78 Configuring a Subaddress 78 Subaddress Configuration Elements 78...
Page 8 USER’S GUIDE Routing Information Protocol (RIP) Option 111 Enabling/Disabling IP RIP 111 IP RIP Configuration Elements 112 IP RIP Background Information 112 ECURITY Security Overview 114 Overview 114 Security Level 114 System Options and Information 115 Device Level Databases 115 User Level Databases 116 Off-node Server Information 116 Network Login Information 116...
Page 9 Telnet Server TCP Port Number Background Information 134 Emergency Telnet Server Port Number Background Information 135 Configuring Device Level Databases 136 Overview 136 On-node Device Database 136 Configuring an On-node Device Database 136 On-node Device Entries 137 Configuring On-node Device Entries 137 On-node Device Database Configuration Elements 144 General Configuration Elements 144 ISDN Configuration Elements 144...
Page 10 USER’S GUIDE ACE Authentication Server 166 Configuring an ACE Authentication Server 166 ACE Authentication Server Configuration Elements 167 ACE Authentication Server Background Information 168 Configuring Network Login Information 169 Overview 169 Network Login General Configuration 169 Configuring General Network Login Information 169 Network Login General Configuration Background Information 170 Network Login Banners 171 Configuring Network Login Banners 171...
Page 11 Configuring Advanced Bridging 199 Overview 199 Bridge Dial Out 199 Configuring the Device List for Bridge Dial Out 200 MAC Hardware Filtering 201 Enabling/Disabling MAC Hardware Filtering 201 MAC Hardware Filtering Background Information 201 Spanning Tree Protocol 202 Configuring Spanning Tree Protocol 202 Spanning Tree Protocol Configuration Elements 202 Bridge Mode of Operation 202 Configuring the Bridge Mode of Operation 202...
Page 12 USER’S GUIDE IP Filters 223 Initiating the IP Filter Configuration 223 Configuring Packet Types 224 Configuring the Common IP Portion 225 Configuring TCP 226 Configuring UDP 226 Configuring ICMP 227 Configuring Forwarding Filters 228 Configuring Connection Filters 229 Using CFGEDIT 229 Configuring Exception Filter 230 Modifying the Final Condition for a Filter 231 Applying Filters 231...
Page 13 IPX Network Interfaces 255 Configuring IPX Network Interfaces 255 IPX Network Interface Configuration Elements 257 General IPX Network Interface Configuration Elements 257 RIP IPX Network Interface Configuration Elements 257 SAP IPX Network Interface Configuration Elements 258 IPX Network Interface Background Information 259 IPX Routing Protocols 260 Configuring IPX Routing Protocols 260 IPX Routing Protocol Configuration Elements 260...
Page 14 USER’S GUIDE Configuring SNMP 280 Configuring SNMP 280 SNMP Configuration Elements 282 SNMP Background Information 283 Configuring AppleTalk Routing 287 AppleTalk Routing Option 287 Enabling AppleTalk Routing 287 AppleTalk Routing Option Configuration Element 288 AppleTalk Routing Background Information 288 AppleTalk Ports 288 Configuring AppleTalk Ports 288 AppleTalk Ports Configuration Elements 289 AppleTalk Ports Background Information 290...
Page 15 Bandwidth Reservation 305 Configuring Bandwidth Reservation 305 Bandwidth Reservation Configuration Elements 307 Bandwidth Reservation Background Information 308 Semipermanent Connections 308 Configuring Semipermanent Connections 308 Semipermanent Connections Configuration Elements 310 Semipermanent Connections Background Information 310 Interactions with Other Features 310 VRA Manager as a Call Control Manager 312 Configuring VRA Manager for Call Control 312 Configuration Elements 312 Background Information 313...
Page 16 USER’S GUIDE ROUBLESHOOTING System Verification 335 Verifying Hardware Resources are Operational 335 Verifying WAN Lines are Available for Use 336 Verifying LAN Connection is Operational 336 Verifying Bridge is Initialized 337 Verifying IP Router is Initialized 337 Verifying a Dedicated Connection 338 Verifying a Frame Relay Connection 338 Verifying an X.25 Connection 339 Verifying Remote Device Connectivity 339...
Page 17 Verifying DHCP: Proxy Client 362 Verifying DHCP Proxy Client Initialization 362 Verifying the Proxy Client is Enabled 363 Verifying the Proxy Client is Operational 363 UDP Ports 363 IP Address Pool 364 Verifying a Semipermanent Connection 364 Verifying Proxy ARP is Operational 364 Problem Diagnosis 366 Overview 366 LAN Adapter 366...
Page 18 USER’S GUIDE Call Detail Recording 393 Compression 393 DHCP: Relay Agent 395 Relay Agent Initialization 395 Enabling the Relay Agent 395 Relay Agent Operation 396 DHCP: Proxy Client 396 Proxy Client Initialization 396 Enabling the Proxy Client 396 Proxy Client Operation 397 Proxy ARP Operation 398 LED Indicators 399 Overview 399...
Page 19 SNMP 482 Installation and Configuration 483 Usage Instructions 483 Telnet 484 Installation and Configuration 485 Usage Instructions 485 TFTP 487 Installation and Configuration 487 Usage Instructions 488 Remote Installation with USER2 489 System Commands 491 Overview 491 Accessing Administration Services 491 Setting the IP Address 492 Boot Device Commands 492 Accessing Dynamic Management 493...
Page 20 USER’S GUIDE System Statistics 537 Overview 537 Connectivity Statistics 537 Call Restriction Statistics 538 Call Statistics 538 Throughput Monitoring Statistics 538 AppleTalk Statistics 539 AppleTalk Protocol Statistics 539 AppleTalk Data Delivery Protocol (DDP) Statistics 539 AppleTalk Echo Protocol (AEP) Statistics 540 AppleTalk Routing Table Maintenance Protocol (RTMP) Statistics 541 AppleTalk Zone Information Protocol (ZIP) Statistics 541 AppleTalk Name Binding Protocol (NBP) Statistics 542...
Page 21 WAN Statistics 568 X.25 Statistics 569 X.25 Access Related Statistics 569 X.25 Virtual Circuit (VC) Related Statistics 571 Routine Maintenance 572 Overview 572 Installing/Upgrading System Software 572 Executing Configuration Changes 572 Configuration Files 572 Making Changes Using CFGEDIT 572 Making Changes Using Manage Mode 573 Configuration Backup and Restore 573 Obtaining System Custom Information 573 PPENDICES...
Page 22: Using This Guide
SING THIS UIDE The User’s Guide is divided into the following parts: YSTEM VERVIEW We begin with an overview of bridging, routing, and specific CyberSWITCH features. Next, we provide an overview for both the system software and hardware. YSTEM NSTALLATION In this section of the User’s Guide we provide guidelines for ordering ISDN service in the US, and a step-by-step description of installing hardware and upgrading software.
Page 23: Documentation Set
SING THIS UIDE Documentation Set PPENDICES The User’s Guide provides the following appendices: ETWORK ORKSHEETS These worksheets are provided to help you gather pertinent information for configuring your system. We recommend that you print copies of these blank forms and fill in the appropriate information before you begin configuring your system.
Page 24: Guide Conventions
USER’S GUIDE systems central database access for security authentication purposes. Instructions for obtaining this electronic document can be found in Configuring Off-node Server Information. If you have Internet access, you may obtain this guide by following the steps outlined below: •...
Page 25: System Overview
YSTEM VERVIEW We include the following chapters in the System Overview segment of the User’s Guide. • The CyberSWITCH Provides the “big picture” view of a CyberSWITCH network. We include an overview of unique system features, interoperability, security, interfaces, system components, remote devices, and switches supported.
Page 26: The Cyberswitch
SWITCH YBER Because of the strong personal computer presence in the business environment, a move to graphical user interfaces, and the need to make the best use of available resources, there is a growing demand for high speed LAN access for remote devices. PC users need to be part of a work- group or enterprise LAN, and remote access from home, field offices, and other remote locations has become a necessity.
Page 27: Unique System Features
SWITCH YBER Unique System Features File Server Host CSX150 Remote ISDN Bridge WORKGROUP REMOTE ACCESS SWITCH B-CHANNELS E1 ONLY POWER SERVICE 10BASE-T B9 B11 B13 B15 B17 B19 B21 B23 B25 B27 B10 B12 B14 B16 B18 B20 B22 B24 B26 B28 B30 L1 ISDN...
Page 28 USER’S GUIDE automatically adjust the number of network connections. Thus, your network costs will reflect the actual bandwidth being used. • Filtering Allows you to control the flow of frames through the network. Filtering becomes necessary if you need to restrict remote access or control widespread transmission of sporadic messages. Customer-defined filters can forward messages based on addresses, protocol, or packet data.
Page 29: Interoperability Overview
SWITCH YBER Interoperability Overview • Protocol Discrimination It is possible for multiple types of remote devices to use the same line. The system can determine the device type and the protocol encapsulation used by remote devices. • RS232 Port: Dual Usage If your installation requires you to process PPP-Async data, this feature allows you to use the RS232 port for either console access or a serial data connection.
Page 30: Interoperability Devices
USER’S GUIDE The CyberSWITCH supports the following PPP protocols: • Link Control Protocol (LCP) • Multilink Protocol (MLP) • Authentication Protocols Challenge Handshake Authentication Protocol (CHAP) Password Authentication Protocol (PAP) • Network Control Protocols (NCP) Internet Protocol Control Protocol for TCP/IP (IPCP) Internetwork Packet Exchange Control Protocol for IPX (IPXCP) Bridge Control Protocol for bridges (BCP) •...
Page 31: Security Overview
SWITCH YBER Security Overview ECURITY VERVIEW The system provides several options for validating remote devices and for managing network security. The security options available are dependent on the remote device type, type of access, and the level of security required. Levels of security include no security, device level security, user level security, and multi-level security.
Page 32: System Components
USER’S GUIDE YSTEM OMPONENTS The major components of the CyberSWITCH are: • System hardware consisting of a platform and an administration port provided by the platform. • Four main categories of system software: The boot device gains control at power-up. It runs diagnostics, downloads new versions of operational software, and prepares the host processor for execution of operational software.
Page 33: Switches Supported
SWITCH YBER Switches Supported WITCHES UPPORTED Switch types supported by the CyberSWITCH’s basic rate and primary rate ISDN adapters: Type of Switch Basic Rate Primary Rate AT&T # 4ESS AT&T # 5ESS AT&T Definity AT&T Legend NET3 NET5 NT DMS 100 NT DMS 250 NT SL-100 NI-1...
Page 34: Hardware Overview
ARDWARE VERVIEW The CyberSWITCH is an embedded communications platform. It uses a flash file system (instead of a hard disk) and a two-stage boot device to initialize the platform and download system software. System software is preconfigured to allow immediate connection via a Local Area Network (LAN) or Wide Area Network (WAN) with Telnet and/or TFTP access.
Page 35: System Platforms
ARDWARE VERVIEW System Platforms YSTEM LATFORMS The CyberSWITCH platform consists of a single processor (the Intel 386 EX host processor), system memory, and interface adapters. The front of the platform has a series of LED indicators. These indicators light up to indicate power, service, LAN access, and WAN access. On the back of the platform are connectors for power, the LAN, the WAN, a RESET button, and an administration port for local or remote administration console attachment.
Page 36: Cyberswitch Series
USER’S GUIDE SWITCH S YBER ERIES Front & Back Panels: Small Office Remote Access Switch Termination switches for Multipoint Connections Term 10BT 10B2 Console DCPower Reset Dual Ethernet LAN Port Console Port / AMP POTS Port LAN Port (thinwire coax) (twisted pair) Back Panel as illustrated supports: •...
Page 37: Cyberswitch Back Panel
ARDWARE VERVIEW System Platforms SWITCH B YBER ANEL The back panel provides connectors for WAN and LAN access, as well an RS232 port for an administration console. It also contains termination switches, a DC power input connector and a Reset button. The two connectors available for LAN access are the 10Base-T (RJ-45 Ethernet connector) or the optional 10Base-2 (Ethernet BNC connector).
Page 38 USER’S GUIDE For informational purposes, here are the pin list and signal assignments for the 10Base-T LAN connector: Signal Function Transmit + Transmit - Receive + No Connect No Connect Receive - No Connect No Connect Note: The 10Base-T connector and the WAN connector are both RJ45 connectors. However, they do have different electrical interfaces.
Page 39: Software Overview
OFTWARE VERVIEW VERVIEW The CyberSWITCH software provides: • system software for the CyberSWITCH, LAN and WAN interfaces, and administration functions • system files containing configuration and operational information This chapter provides an overview for each of the above software categories. YSTEM SOFTWARE Included with each CyberSWITCH is a CD containing upgrade software and utility software.
Page 40: Operational Files
USER’S GUIDE node.nei This configuration file contains node-specific information like resources, lines, CyberSWITCH operating mode and security options, along with the Throughput Monitor Configuration information. If enabled, SNMP configuration information is also in this file. lan.nei This file contains configuration information used when the bridge is enabled. This file also contains information for the Spanning Tree protocol used for the bridge.
Page 41: User Level Security Files
OFTWARE VERVIEW System Files The system stores the tables in ASCII format files on the System disk. When the system writes system messages to disk, it stores them in the following location: Directory: \log File Name: rprt_log.nn Where “nn” is an integer that is incremented each time a new file is written. When the system writes system statistics to disk, it stores them in the following locations: Directory: \log...
Page 42: System Installation
YSTEM NSTALLATION We include the following chapters in this segment of the User’s Guide: • Ordering ISDN Service Provides guidelines for ordering ISDN service in the United States. • Hardware Installation Step-by-step instructions for installing hardware components. • Accessing the CyberSWITCH Provides a description of the possible ways to access the CyberSWITCH (for diagnostic purposes or for software upgrades).
Page 43: Ordering Isdn Service (Us Only)
ISDN S (US O RDERING ERVICE VERVIEW This chapter was designed to be a guideline for ordering ISDN service in the United States. If you are using NI-1 lines, try using EZ-ISDN Codes to order BRI service. If your service provider does not support EZ-ISDN Codes, try using the NI-1 ISDN Ordering Codes.
Page 44: For Dual Pots Devices
USER’S GUIDE POTS D EVICES If you have a system with a dual POTS connection, use Capability Package M, plus the ACO option. Capability Package M includes alternate voice/circuit-switched data on two B channels. Data and voice capabilities include Calling Line Id. The ACO option allows an incoming POTS call to disconnect/preempt a data call if enabled.
Page 45: Provisioning Settings For At&T 5Ess Switches
ISDN S (US O RDERING ERVICE Ordering BRI ISDN Lines using Provisioning Settings AT&T 5ESS S ROVISIONING ETTINGS FOR WITCHES The ISDN services supported by AT&T 5ESS switches are as follows (in order of preference of usage): NI-1 AT&T Custom Point-to-Point The sections below provide the settings for each 5ESS service type.
Page 46: At&T 5Ess Custom Point-To-Point Service
USER’S GUIDE AT&T 5ESS C USTOM OINT OINT ERVICE Note that some of the elements below are set per directory number. With Custom Point-to-Point Service, you will have two directory numbers. AT&T Custom Point-to-Point Service Provisioning Element Setting Term Type CA quantity CSV limit CSD limit...
Page 47: Northern Telecom Dms100 Ni-1 Service
ISDN S (US O RDERING ERVICE Ordering BRI ISDN Lines using Provisioning Settings DMS100 NI-1 S ORTHERN ELECOM ERVICE Note that you must set either EKTS or ACO to yes. You may not set both of them to yes. Northern Telecom DMS100 NI-1 Service Provisioning Element Setting signaling...
Page 48: Northern Telecom Dms100 Custom Service
USER’S GUIDE DMS100 C ORTHERN ELECOM USTOM ERVICE Note that you must set either EKTS or ACO to yes. You may not set both of them to yes. Northern Telecom DMS100 Custom Service Provisioning Element Setting signaling functional TEI assignment dynamic maxkeys 3 is preferable...
Page 49: Hardware Installation
ARDWARE NSTALLATION NSTALLATION EQUIREMENTS Before you begin the installation process, be sure to: • Choose a suitable setup location Make sure the location is dry, ventilated, dust free, static free, and free from corrosive chemicals • Verify system power requirements Voltage Range Current and Frequency 85-264 V...
Page 50: Accessing The Cyberswitch
SWITCH CCESSING THE YBER VERVIEW This chapter describes accessing your CyberSWITCH, which includes: • making proper connections • establishing an administration session • powering on the system • accessing Release Notes AKING ONNECTIONS There are a number of ways to make a connection to the system, which include: •...
Page 51 SWITCH CCESSING THE YBER Making Connections Using the provided RS232 null modem cable, attach an administration console to the CyberSWITCH. The administration port is a 9-pin, male RS232 serial adapter as shown below: Null Modem Cable Term 10BT 10B2 Console DCPower Reset Female DB9...
Page 52: Changing The Baud Rate
USER’S GUIDE HANGING THE The baud rate is changeable. The default rate performs well for configuration changes. A faster rate is useful, however, to download new software upgrades to your system. To change the baud rate through CFGEDIT: Select Physical Resources from the main menu. Select Data Line from the physical resources menu.
Page 53: Establishing An Administration Session
SWITCH CCESSING THE YBER Establishing an Administration Session STABLISHING AN DMINISTRATION ESSION If a login prompt is displayed after the power-on initialization, the system software was preinstalled. Complete the login: The login controls which class of commands the user can access. Each access level (guest or administrator) is protected by a unique login password.
Page 54: Accessing The Release Notes
USER’S GUIDE Turn on the administration console, and execute the communications program so that your terminal emulator accesses the RS232 port connected to the system. During power-on initialization, the First Stage Boot (FSB) displays a brief inventory of the system. The FSB then writes the following message to the administration console: Waiting for Commands: During initial installation, no commands need to be entered at this point.
Page 55 SWITCH CCESSING THE YBER Accessing the Release Notes The Release Notes on CD are located in the REL_NOTE.TXT file. This file is a DOS text file you can read on a DOS machine. Insert the CD into the drive, change to the proper directory, and enter the following command at the DOS prompt: [CD-ROM drive]:\[platform directory][ISDN standard directory][option directory]>...
Page 56: Upgrading System Software
PGRADING YSTEM OFTWARE VERVIEW This chapter describes how to install system software onto the CyberSWITCH. Instructions are included for the following actions: • upgrading system software • changing defaults to secure system • returning configuration to factory defaults • accessing Release Notes The following sections provide instructions to help you complete each of these actions.
Page 57: Local Software Upgrade
PGRADING YSTEM OFTWARE Upgrading Software \CSX156\JAPAN\ipipxat.pkt UPGRADE.OSW, DEFLTCFG.OSW, RECOVER1, RECOVER2, REL_NOTE.TXT \CSX156\JAPAN\ipipx.pkt UPGRADE.OSW, DEFLTCFG.OSW, RECOVER1, RECOVER2, REL_NOTE.TXT \CSX156\JAPAN\ipipxat.x25 UPGRADE.OSW, DEFLTCFG.OSW, RECOVER1, RECOVER2, REL_NOTE.TXT For system upgrade, you will need to follow one of the above-mentioned upgrade paths (\product name\country\protocol or access package). This path not only depends upon product, but also the ISDN Standard you will be using and the software options you have purchased.
Page 58: Local Upgrade Of The Operational Software (Osw)
USER’S GUIDE (OSW) OCAL PGRADE OF THE PERATIONAL OFTWARE To locally upgrade the operational software (OSW) of your system, follow these steps: Change the CyberSWITCH system’s baud rate to be the fastest baud rate supported by your communications package (up to 115.2 Kbps). Use the boot device command to autobaud change the baud rate.
Page 59: Remote Upgrade Of The Second Stage Boot (Ssb)
PGRADING YSTEM OFTWARE Upgrading Software OSW, <OSWFileName>, found in the Flash File System. The OSW has not been updated from this file due to insufficient Flash File System space. Please delete unnecessary files from the system. It is possible that you will not have enough room in the \SYSTEM directory to TFTP the upgrade file to the system.
Page 60: Remote Upgrade Of The Operational Software (Osw)
USER’S GUIDE Console Messages during SSB Upgrade: Message Suggested Action can’t open recover file If you entered a filename after the flash recover command, makes sure that the file exists on the system. If you did not enter a filename, make sure that \SYSTEM\RECOVER 1 exists on the system.
Page 61: Change Defaults To Secure System
PGRADING YSTEM OFTWARE Change Defaults to Secure System Using Telnet, reboot the system by issuing the command: restart It should take approximately 3 minutes for the system to restart and install the upgrade. Login via Telnet and type the ver command to confirm that the system software upgraded correctly.
Page 62: Return Configuration To Factory Defaults
USER’S GUIDE Change the admin and guest system passwords. If your system was previously accessed by your distributor, the preconfigured password will be admin (in lower case). Change this password to secure your system. To make this change, enter the following command at the system prompt: pswd Then follow the prompts to enter a new password.
Page 63: Basic Configuration
ASIC ONFIGURATION We define basic configuration as the configuration needed by most users. Basic configuration will get your system up and running. Note that not all configuration steps in this part are required. For example, if you are only using bridging, you will have no need to complete the configuration steps included in Configuring Basic IP Routing.
Page 64: Configuration Tools
ONFIGURATION OOLS VERVIEW We provide the following configuration tools to set up and/or alter your configuration: • CFGEDIT, the configuration utility • Manage Mode, the dynamic management utility Your CyberSWITCH is shipped with a default set of configuration files that are preinstalled. These configuration files provide basic functions which will allow you to perform initial installation tests with no additional configuration.
Page 65: Saving Cfgedit Changes
ONFIGURATION OOLS Dynamic Management As long as there is no other “change” session active (CFGEDIT or Manage Mode), access is granted, and the following menu is displayed: Main Menu: 1) Physical Resources 2) Options 3) Security 4) Save Changes Select function from above or <RET> to exit: From this screen you will begin the configuration process.
Page 66: Utility Dynamic Management Commands
USER’S GUIDE Once Manage Mode is entered, the prompt changes from [system name]> to [system name]: MANAGE>. While operating in Manage Mode, only Dynamic Management commands are available. All other system commands are ignored until you exit Manage Mode. The <CTRL><C> key sequence will terminate the current command and return you to the MANAGE>...
Page 67: Default Configuration
ONFIGURATION OOLS Default Configuration EFAULT ONFIGURATION Your CyberSWITCH is shipped with a default set of configuration files that are preinstalled. These configuration files provide basic functions which will allow you to perform initial installation tests with no additional configuration. The default configuration files will allow IP access over both the LAN and the WAN interfaces. This will allow you to PING, TELNET and TFTP into the CyberSWITCH.
Page 68: Using The Configuration Chapters
USER’S GUIDE SING THE ONFIGURATION HAPTERS The configuration chapters follow a basic format for explaining the configuration process of each system feature. The format is: A brief outline of the configuration procedure using CFGEDIT (if applicable). Note: In this guide we have included a of the configuration utility CFGEDIT.
Page 69: Configuring Resources And Lines
ONFIGURING ESOURCES AND INES VERVIEW Resource refers to the computer resources that are part of the CyberSWITCH. A WAN resource is the physical interface for the attachment of lines (i.e., connections) to your system. Lines are communication facilities from the carriers. These lines directly attach to your system. From the system perspective, lines provide the physical connection to switched networks.
Page 70 USER’S GUIDE United States: For the U.S. resource configuration, switch type is configurable, but Ethernet Resource or COMMPORT is not. Select Resources to display a screen similar to the following: Name Slot Switch Type Basic_Rate BRI_5ESS Ethernet_1 COMMPORT Enter(1)to Change a Resource or press <RET> for previous menu: To configure a different switch type, first select (1) to change the Basic Rate resource.
Page 71: Resource Configuration Elements
ONFIGURING ESOURCES AND INES Resources SING ANAGE OMMANDS resource Displays the current resource configuration. ESOURCE ONFIGURATION LEMENTS ESOURCE The type of adapter (resource) that plug into the system. WAN adapters are the physical interface for the attachment of lines (i.e., connections) to your system. ESOURCE The slot number into which the resource is plugged.
Page 72: Lines
USER’S GUIDE internal Asynchronous Usage Discriminator (AUD), which monitors the data stream. The AUD determines if this is to be a PPP connection, or a remote console connection. This determination is made within a configurable time frame: • if the AUD detects PPP LCP frames, it connects the data to a PPP stack. The CyberSWITCH sends the data to the LAN as appropriate.
Page 73: Configuring Changes For Acommport Resource
ONFIGURING ESOURCES AND INES Lines Add the necessary data links. Select Automatic TEI Negotiation UNLESS this is a point-to-point NTT line. b. If you need to assign a TEI Negotiation value, the default value of 0 is normally correct. Only if you plan on using X.25 over the D-Channel on this line, answer yes to the following prompt: Will this Data Link support X.25 communications (Y/N)? [default N] If the line uses a NI-1 or a DMS-100 switch type, you must also enter the following:...
Page 74: Line Configuration Elements
USER’S GUIDE datalink add Allows you to add a data link. The following sample screen shows how a data link is added. Current LINE Configuration: LINE NAME TYPE SLOT PORT -------------------------------------------------------------------------------- LINE.BASICRATE1 BR_ISDN LINE.BASICRATE2 BR_ISDN DMS100.LINE1 BR_ISDN Select line id for new data link or press <RET> to cancel: 3<RET> Automatic TEI negotiation (Y or N) [default = Y]? N<RET>...
Page 75 ONFIGURING ESOURCES AND INES Lines CREENING ETHODS If you select a line interface type of point-multipoint, choose one of the following call screening methods: none, subaddress, or telephone number. The paragraphs below define each method. None All calls will be accepted. Subaddress Uses a configured subaddress for this site.
Page 76 USER’S GUIDE enter the number of digits to verify (starting at the right-most digit), so that when the system receives a phone call it can determine on which bearer to accept the phone call. The maximum number of digits should be 7, which is the default value in most cases. ID (SPID) ERVICE ROFILE...
Page 77: Line Background Information
ONFIGURING ESOURCES AND INES Lines IGITS ERIFIED The number of digits to verify (starting at the rightmost digit), so that when the system receives a phone call it can determine on which bearer to accept the phone call. The maximum number of digits should be 7, which is the default value in most cases.
Page 78: Subaddresses
USER’S GUIDE UBADDRESSES ONFIGURING A UBADDRESS CFGEDIT SING To configure a subaddress, select ISDN Subaddress from the Physical Resources menu. Enter the subaddress. The subaddress is supplied by your Carrier Service. UBADDRESS ONFIGURATION LEMENTS UBADDRESS The subaddress for the system. UBADDRESSES ACKGROUND NFORMATION...
Page 79 ONFIGURING ESOURCES AND INES POTS Option Select POTS from the Physical Resource Menu. Select Lines from the POTS Menu. Press 1 to add a POTS line. Select the jack Id from the list of available jacks. Optional: enter the primary phone number of the POTS line. Select your primary phone number from the displayed list.
Page 80: Pots Configuration Elements
USER’S GUIDE POTS C ONFIGURATION LEMENTS NCODING TANDARD The encoding standard is the type of standard for tone feeding and ring feed. This should be set properly on the switchtype. Only change the value of the encoding standard if you are having difficulties.
Page 81: Configuring Basic Bridging
ONFIGURING ASIC RIDGING VERVIEW This chapter provides information for configuring basic bridging features. Basic bridging configuration includes: • enabling/disabling bridging A separate chapter, Configuring Advanced Bridging, provides information for configuring advanced bridging features. Advanced bridging features include: • bridge dial out •...
Page 82: Mac Layer Bridging Background Information
USER’S GUIDE MAC L AYER RIDGING ACKGROUND NFORMATION You are given the option of either enabling or disabling the MAC layer bridging feature. When bridging is enabled, the system bridges data packets to the proper destination, regardless of the network protocols being used. The default configuration is bridging enabled. Note: If the bridge and the IP options are both enabled, the system will act as a “brouter.”...
Page 83: Configuring Basic Ip Routing
IP R ONFIGURING ASIC OUTING VERVIEW This chapter provides information for configuring basic IP routing features. Basic IP routing configuration includes: • enabling/disabling the Internet Protocol (IP) When you enable this option, the system operates as an IP Router. If you also enable bridging, it will route IP packets and bridge all other packet types.
Page 84: Ip Option Configuration Elements
USER’S GUIDE IP Configuration Menu: IP Routing (Enable/Disable) IP Operating Mode IP Interfaces Static Routes RIP (Enable/Disable) IP Static ARP Table Entries. Isolated mode (Enable/Disable) Static Route Lookup via RADIUS (Enable/Disable) Change IP Address Pool 10) IP filters 11) DHCP Select function from above or <RET>...
Page 85: Ip Operating Mode Configuration Elements
IP R ONFIGURING ASIC OUTING IP Operating Mode IP Configuration Menu: IP Routing (Enable/Disable) IP Operating Mode IP Interfaces Static Routes RIP (Enable/Disable) IP Static ARP Table Entries Isolated Mode (Enable/Disable) Static Route Lookup via RADIUS (Enable/Disable) IP Address Pool 10) IP Filter Information 11) DHCP Select function from above or <RET>...
Page 86: Ip Network Interfaces
USER’S GUIDE Off-node authentication servers are available when IP is enabled regardless of the operating mode. With IP host mode, all traffic is considered bridge traffic, so no IP-specific off-node server lookups are performed. These include: • IP lookup by a next hop IP address or a next hop device name •...
Page 87 IP R ONFIGURING ASIC OUTING IP Network Interfaces n. IP RIP v2 authentication key (required only if the IP RIP v2 authentication control has been configured with a value other than “No Authentication” Note: With the Secondary IP Addressing feature, you may add more than one LAN network interface.
Page 88: Network Interface Configuration Elements
USER’S GUIDE If IP RIP is enabled, enter the following additional information: h. IP RIP send control IP RIP respond control IP RIP receive control k. IP RIP v2 authentication control IP RIP v2 authentication key (required only if the IP RIP v2 authentication control has been configured with a value other than “No Authentication”...
Page 89 IP R ONFIGURING ASIC OUTING IP Network Interfaces UBNET The Subnet Mask value (the number of significant bits for the subnet mask) associated with the IP address specified for this interface. The Subnet mask is specified by entering the number of contiguous bits that are set for the mask.
Page 90 USER’S GUIDE entered for the interface. For example, if the IP address of the interface is 199.120.211.98, the portion of the menu displaying the available transmit broadcast addresses would appear as: Transmit Broadcast Address: 1) 199.120.211.255 2) 199.120.211.0 3) 255.255.255.255 4) 0.0.0.0 5) Specify Explicitly Enter Transmit Broadcast Address [default = 1]? 1...
Page 91 IP R ONFIGURING ASIC OUTING IP Network Interfaces IP RIP S ONTROL If IP RIP is enabled for a specific interface (LAN, WAN RLAN, and/or numbered WAN interfaces), an IP RIP send control must be selected. This element controls how IP RIP update messages are sent on an IP RIP interface.
Page 92 USER’S GUIDE The following table provides the possible choices for IP RIP respond control. Switch Meaning Do Not Respond This switch indicates responding to no IP RIP requests at all. IP RIP v1 Only This switch indicates responding only to IP RIP requests compliant with RFC 1058.
Page 93: Ip Network Interface Background Information
IP R ONFIGURING ASIC OUTING IP Network Interfaces The following table provides the possible choices for IP RIP v2 authentication control Type Meaning No Authentication * This control type indicates that IP RIP v1 and unauthenticated IP RIP v2 messages are accepted. Simple Password This control type indicates that IP RIP v1 messages and IP RIP v2 messages which pass authentication...
Page 94: Ip Rip And The Ip Network Interfaces
USER’S GUIDE An IP Host device has only one network interface that it uses for data transfer. This network interface is assigned an IP address and belongs to one subnet. A remote IP host typically uses an ISDN line for this network interface. All data is sent through this network interface. An IP router device can have multiple network interfaces.
Page 95 IP R ONFIGURING ASIC OUTING IP Network Interfaces The WAN IP Network Interface is used to define remote IP devices (hosts or routers) that require access to the central network. This network interface represents a different subnet than that connected to a LAN network interface. The WAN IP Network Interface is used for both IP Host and PPP remote devices.
Page 96 USER’S GUIDE File Server Subnet 128.1.1.0 Host 128.1.1.8 128.1.1.3 (128.1.1.2 uses WAN Direct Host Interface) Host 128.1.1.1 128.1.1.2 CSX150 Interfaces: LAN Interface 128.1.1.1 WAN Direct Host Interface 192.2.2.1 WAN Interface 192.2.2.1 both WAN Interfaces use one PRI line Subnet 192.2.2.0 Needed for ISDN WAN Interface...
Page 97 IP R ONFIGURING ASIC OUTING IP Network Interfaces unnumbered interfaces (such as Example 2), then the connecting subnet would not be required. File Server Subnet 128.1.1.0 Host 128.1.1.8 128.1.1.3 128.1.1.1 CSX150 Interfaces: B-CHANNELS E1 ONLY POWER SERVICE 10BASE - T B13 B15 B17 B19 B21 B23...
Page 98 USER’S GUIDE configuration. Different interface information must be configured depending on the type of interface used to propagate the IP RIP information. Devices used to directly connect two LANs use a LAN interface for IP RIP information propagation. The example network shown below illustrates this type of network. Network 1 (1.0.0.0) LAN Interface 1 1.0.0.1...
Page 99 IP R ONFIGURING ASIC OUTING IP Network Interfaces See illustration, Example 1. Because SITE1 is the only CyberSWITCH that is connected to the logical network, it is reasonable for SITE1 to advertise the IP RIP information on Network 3 as subnetwork routes, meaning that SITE1 will always advertise the remote IP devices’...
Page 100 USER’S GUIDE Network 1 (1.0.0.0) i/f 1 1.0.0.1 i/f 2 2.0.0.1 Network 2 (2.0.0.0) i/f 1 2.0.0.3 i/f 1 2.0.0.2 CSX150 CSX150 "SITE2" i/f 2 3.0.0.3 i/f 2 3.0.0.2 "SITE1" 3.0.0.11 3.0.0.12 ISDN Network 3 3.0.0.13 (3.0.0.0) WAN RIP Interfaces: Example 2 For the WAN interface to function properly with IP RIP, additional WAN interface information is configured.
Page 101: Ip Rip Over Dedicated Connections
IP R ONFIGURING ASIC OUTING IP Network Interfaces Currently, IP RIP is not supported across an UnNumbered WAN interface. For example, in the following network setup, SITE1 could not advertise IP RIP information across the UnNumbered WAN IP Interface to Router 2 (R2). Therefore, SITE1 would know about Networks 1 and 2, but would not learn anything about Network 3.
Page 102 USER’S GUIDE CSX5500 1.1.1.3 CSX150 ISDN 1.1.1.2 Dedicated Connection 1.1.1.1 CSX150 In the previous graphic, the WAN network interface 1.1.1.1 on SITE1 is used to connect to a dedicated line and an ISDN line. You need to specify to which remote device, either SITE2 or SITE3, SITE1 should exchange RIP packets.
Page 103: Ip Host Operating Mode And The Ip Network Interfaces
IP R ONFIGURING ASIC OUTING IP Network Interfaces IP H IP N PERATING ODE AND THE ETWORK NTERFACES Only one network interface can be configured when the IP operating mode is host. The network interface configuration is not much different from the others available in router mode except that the following configuration items will not be asked: •...
Page 104 USER’S GUIDE with a remote device on a different subnet, the local device will ARP for the remote host’s MAC address. Since routers do not forward ARP requests across subnets, ARPs sent for hosts which are not on the same physical network segment will go unanswered. The proxy ARP feature will potentially generate an ARP reply for remote hosts.
Page 105: Static Routes
IP R ONFIGURING ASIC OUTING Static Routes When a local host ARPs for a remote host, the CyberSWITCH (with Proxy ARP enabled) determines if it provides the best route to the destination. If it does, it will reply to the ARP request with its own MAC address.
Page 106 USER’S GUIDE SING ANAGE OMMANDS iproute Displays the current IP static routing configuration data. The meaning of each displayed field for a route entry is: ESTINATION IP address for the destination network or host. UBNET Subnet mask value for the destination network or host. A value of 255.255.255.255 indicates that this entry is for a specific IP host.
Page 107: Static Route Configuration Elements
IP R ONFIGURING ASIC OUTING Static Routes IP RIP P ROPAGATION ONTROL The IP RIP propagation control determines how a static route is propagated via IP RIP. The following table provides an explanation of how a IP RIP propagation control flag is assigned to a static route.
Page 108 USER’S GUIDE reachable directly and therefore no intermediate router will be used. The default metric value is 2. The range of metric values for static routes is from 0 to 15. You may manipulate the metric value to promote a certain default route, or to impede a default route from being used.
Page 109: Static Route Background Information
IP R ONFIGURING ASIC OUTING Static Routes TATIC OUTE ACKGROUND NFORMATION You only need to configure Static Routing entries if you need to access a WAN network that is not directly connected to the system, or if you need to access a LAN network through a router that does not support IP RIP.
Page 110: Default Routes
USER’S GUIDE EFAULT OUTES ONFIGURING EFAULT OUTES The default route is a form of static route that is useful when there are a large number of networks that can be accessed through a gateway. However, care must be taken when specifying a default route.
Page 111: Routing Information Protocol (Rip) Option
IP R ONFIGURING ASIC OUTING Routing Information Protocol (RIP) Option connection is over a WAN. You may want to assign this route a high number of hops to limit toll charges, in case there is a local route that could be used. IP RIP P ROPAGATION ONTROL...
Page 112: Ip Rip Configuration Elements
USER’S GUIDE SING ANAGE OMMANDS iprip This command tells you if IP RIP is currently enabled or disabled. iprip off If IP RIP is enabled, this command allows you to disable IP RIP. iprip on If IP RIP is disabled, this command allows you to enable IP RIP. IP RIP C ONFIGURATION LEMENTS...
Page 113: Security
ECURITY The CyberSWITCH provides a great variety of security options. These options include device level security, user level security, a combination of the two, or if preferred, no security. There are different ways to authenticate, as well as different locations (both local and remote) to store security information.
Page 114: Security Overview
ECURITY VERVIEW VERVIEW Security is an important issue to consider when you are setting up a network. The CyberSWITCH provides several security options, and this chapter describes the “Big Picture” of how these options work and interoperate. This information will better equip you to proceed with the following phases of security configuration: configuring the level of security configuring system options and information...
Page 115: System Options And Information
ECURITY VERVIEW System Options and Information Multilevel security provides both user level security and device level security for local (on-node) database, Radius, and SFVRA. This provides added protection; first, a device will be authenticated, and then a particular user (on the device) will be authenticated. The feature also allows the configuration of an on-node device database at the same time as an off- node device database.
Page 116: User Level Databases
USER’S GUIDE These environments include an on-node database and a variety of off-node, central authentication databases. The on-node database contains a list of valid devices that can access the network resources connected to the CyberSWITCH. This list of valid devices is configured and stored locally.
Page 117: Configuring Security Level
ONFIGURING ECURITY EVEL VERVIEW The CyberSWITCH offers the following levels of network security: no security, device level security, user level security, or device and user level security. The network security level determines the type of security you want activated on your network. As the name implies, no security is used if you configure your network security level as “no security.”...
Page 118 USER’S GUIDE ISDN ISDN ISDN Router Plan what level(s) of security you will use, and configure them now. You will later assign and configure authentication databases to the network security level you configure and to administration sessions. The table below identifies the types of authentication databases that are applicable (specified by yes) for each type of network security and for administration sessions.
Page 119: No Security
ONFIGURING ECURITY EVEL No Security ECURITY ONFIGURING ECURITY CFGEDIT SING To begin the configuration of an on-node database or any of the Security Database options, start at the main menu and progress through the screens as shown below: Main Menu: 1) Physical Resources 2) Options 3) Security...
Page 120: Device Level Security
USER’S GUIDE EVICE EVEL ECURITY ONFIGURING EVICE EVEL ECURITY CFGEDIT SING Select Device Level Security from the Security Level Menu. If you need guidance to find this menu, refer to the instructions provided in the No Security configuration section. Refer to the chapter Configuring Device Level Databases in order to select and configure the device level database.
Page 121: Overview Of Device Authentication Process
ONFIGURING ECURITY EVEL User Level Security VERVIEW OF EVICE UTHENTICATION ROCESS When a remote device connects, the CyberSWITCH negotiates the required authentication. It then collects the information which is used to identify and authenticate the remote device. The system compares this collected information against information maintained in a device database. If the information collected from the remote device matches the information found in the database, the connection is valid and the device is allowed access to network resources.
Page 122: Authentication Using A Security Token Card
USER’S GUIDE The following sections provide information regarding authentication via SecurId cards, system requirements for user level security, and the authentication process with user level security. UTHENTICATION SING A ECURITY OKEN The CyberSWITCH supports interactive, user level security through the TACACS or ACE server programmed for use with security token cards.
Page 123: System Requirements
ONFIGURING ECURITY EVEL User Level Security Security Server ISDN YSTEM EQUIREMENTS When providing user level security for the CyberSWITCH, you must establish Remote User-to- LAN Connectivity (like terminal servers). You may not establish LAN-to-LAN Connectivity as routers usually do. There are two different ways of establishing Remote User-to-LAN Connectivity: •...
Page 124: Authentication Process With User Level Security
USER’S GUIDE UTHENTICATION ROCESS WITH EVEL ECURITY Making a Telnet Connection In order to access user level security, you must first establish a Telnet connection to the CyberSWITCH. Depending upon your application, the prompts or procedures may vary; however, the information you need to provide is as follows: •...
Page 125: Device And User Level Security
ONFIGURING ECURITY EVEL Device and User Level Security TACACS: with PINPAD SecureID Card Enter login Id (remote machine). Enter password onto SecurID card, which generates a dynamic password. Enter dynamic password onto remote machine’s password prompt. Press <RET> key when prompted for dynamic password. with non-PINPAD SecureID Card Enter login Id (remote machine).
Page 126: Device And User Level Background Information
USER’S GUIDE EVICE AND EVEL ACKGROUND NFORMATION Multi-level security (device and user level) provides you with increased security options for your network. This feature supports device level security for all remote devices. User-level authentication can be performed on top of device level authentication for IP, IPX, AppleTalk and bridge users.
Page 127: Configuring System Options And Information
ONFIGURING YSTEM PTIONS AND NFORMATION VERVIEW System options include security options for remote devices. The security required for the authentication of each device will depend on the information you have entered for that device. System information includes a system name, system password, and a system secret. These values are required only if there are remote devices on the network that require this information for system validation.
Page 128: System Options Configuration Elements
USER’S GUIDE System Options Menu: PPP Link: 1) PAP Password Security ENABLED 2) CHAP Challenge Security ENABLED HDLC Bridge Link: 3) Bridge MAC Address Security ENABLED IP Host (RFC 1294) Link: 4) IP Host Id Security ENABLED ISDN: 5) Calling Line Id Security ENABLED Id of the Option to change or <RET>...
Page 129 ONFIGURING YSTEM PTIONS AND NFORMATION System Options CHAP Bridge MAC Calling Line Id Authentication Authentication Address Authentication Authentication Optional Duplicates allowed for these Devices. Optional Duplicates allowed for these Devices. Optional Duplicates allowed for these Devices. Required Duplicates not allowed. Note: If a system is brought on line with a device that has a required Calling Line Id that is a duplicate of another device’s Calling Line Id, and no other type of authentication is used,...
Page 130: System Options Background Information
USER’S GUIDE The above process applies to the system’s authentication of the remote device. It is also possible that the remote device may wish to authenticate the system itself, a desire that is also negotiated during the LCP initialization of the link. Enabling CHAP via configuration also permits the system to agree to be authenticated via CHAP during LCP negotiation.
Page 131: System Information
ONFIGURING YSTEM PTIONS AND NFORMATION System Information The following table summarizes the identifying and authenticating information used by each remote device type to connect to the system: Device Type Identifier Authenticator HDLC Bridge Bridge Ethernet Bridge Ethernet Address (MAC Layer Address Optional: Password Bridge)
Page 132: System Information Background Information
USER’S GUIDE YSTEM ASSWORD The System Password is a user-defined password that is only required if there are remote devices on the network that require this information for system validation. This is passed in the password field during PAP negotiation. This password can be from 1 to 17 ASCII characters in length. YSTEM ECRET The System Secret is a user-defined shared secret that only needs to be configured if there are...
Page 133: Administrative Session Configuration Elements
ONFIGURING YSTEM PTIONS AND NFORMATION Administrative Session You may specify an authentication database location for administrative sessions that is different from the user authentication database location. Note: If you select RADIUS, TACACS, or ACE, you must be sure that the selected server is active before you initiate an administrative session.
Page 134: Administrative Session Background Information
USER’S GUIDE IMEOUT ALUE Allows you to terminate login sessions after the configured “time-out value” length in time. If “0” is entered, the value will be disabled. The time-out will be enabled by entering a number greater than 0. The range is from 0 to 1,440 minutes. UMBER OF ESSIONS This value disables, or limits the number of Telnet administrative sessions allowed.
Page 135: Emergency Telnet Server Port Number Background Information
ONFIGURING YSTEM PTIONS AND NFORMATION Administrative Session MERGENCY ELNET ERVER UMBER ACKGROUND NFORMATION There are some Telnet client programs that do not clear Telnet connections when terminating Telnet sessions. Since they do not clear the Telnet connections, those connections stay alive and soon all Telnet sessions are used up.
Page 136: Configuring Device Level Databases
ONFIGURING EVICE EVEL ATABASES VERVIEW Device level security is an authentication process between internetworking devices, in which authentication takes place automatically. Both bridges and routers support this form of security.Device level security is available to the network locally through the On-node Device Database or remotely through the VRA Manager or RADIUS Server.
Page 137: On-Node Device Entries
ONFIGURING EVICE EVEL ATABASES On-node Device Entries Device Level Databases Menu: 1) On-node Device Database (Enable/Disable) 2) On-node Device Entries 3) Off-node Device Location Select function from above or <RET> for previous menu: 1 Select option (1) On-node Device Database from the Device level Databases menu. The following screen will be displayed.
Page 138 USER’S GUIDE The Device Table menu will then be displayed similar to the example screen shown below: Device Table Menu: (Device = "DAN") ISDN Frame Relay X.25 Authentication AppleTalk Bridge POTS 10) Compression Select function from above or <RET> for previous menu: 1 We suggest that you first enter the information pertaining to the device’s access type(s).
Page 139 ONFIGURING EVICE EVEL ATABASES On-node Device Entries For Frame Relay devices: Note: You must first configure the Frame Relay Access. Instructions for configuring the access is found in the Frame Relay Accesses section of the Configuring Alternate Accesses chapter. Begin by selecting Frame Relay from the Device Table Menu. A screen similar to the following is displayed: Device Frame Relay Menu: (Device = "DAN") Access Name...
Page 140 USER’S GUIDE If you select PVC, the list of available PVCs are displayed. The LCN of the selected PVC and the X.25 Access Name are stored in the Device Table to bind the device to a particular virtual circuit configuration: Select the type of the Virtual Circuit 1) Permanent Virtual Circuit (PVC) 2) Switched Virtual Circuit (SVC)
Page 141 ONFIGURING EVICE EVEL ATABASES On-node Device Entries For PPP, the ability to enable/disable outbound authentication (selection 3) is available. However, it is generally not necessary to enable outbound authentications on a point-to-point line. If the device is associated with a frame relay virtual circuit, and the PVC name is different than the device name, then outbound authentication is required.
Page 142 USER’S GUIDE Enable or disable IPX routing. b. If you enable IPX routing and want dial-out capabilities to this device, enable the Make Calls feature. If you enable IPX routing, you may enable or disable IPXWAN protocol. d. If you enable IPX routing, select IPX Routing Protocol. Select a routing protocol of none, RIP/ SAP, or Triggered RIP/SAP.
Page 143 ONFIGURING EVICE EVEL ATABASES On-node Device Entries For IP Remote LAN networks, you must explicitly configure the IP (Sub)Network number. For IPX Remote LAN networks, you may configure the IPX external network number, or you may leave the value at NONE. The IPX Spoofing Options for IPX Remote LAN devices are not available at this time.
Page 144: On-Node Device Database Configuration Elements
USER’S GUIDE device change Allows you to change information for a specific device entry. The current device table will be displayed. Enter the device Id or device name of the entry you wish to change. Note that the device name is case sensitive. Step through the configuration information displayed for the device, pressing <return>...
Page 145 ONFIGURING EVICE EVEL ATABASES On-node Device Entries data to begin to flow at greater rates without waiting for the Throughput Monitor to detect an overload condition. Calls will be made until an additional call would exceed the configured value. The value is configured as a number from 2,400 to 1,024,000. For example, if you have configured the Base Data Rate at 64 Kbps, and the Initial Data Rate at 256,000, the system would attempt to initially use four calls (connections) running in parallel (256,000 / 64,000 = 4).
Page 146: Frame Relay Access Configuration Elements
USER’S GUIDE ROFILE The device profile identifies which line or lines are reserved for a particular profile, which in turn are reserved for a particular device(s). The feature that uses this configuration element, Bandwidth Reservation, is described in detail, in the Configuring Call Control chapter. RAME ELAY CCESS...
Page 147 ONFIGURING EVICE EVEL ATABASES On-node Device Entries Information, system secret. As opposed to a password, a CHAP Secret is not sent across the link, and therefore is not susceptible to interception. Instead, a calculation is done on the packets transmitted between the two devices, and the results are compared to the shared CHAP Secret for validation.
Page 148: Ip Information Configuration Elements
USER’S GUIDE (CLID) ALLING DENTIFIER Applicable to ISDN connections only, and only when the CLID option is enabled. You can specify eight CLIDs for each device entry. Each CLID for a given device must be unique. This is the telephone number of the calling party that is connecting to the system. In some areas this information is passed to the system on the ISDN incoming connection message.
Page 149: Appletalk Information Configuration Elements
ONFIGURING EVICE EVEL ATABASES On-node Device Entries ROUTING PROTOCOL Indicates the protocol the remote device will be using to communicate with the CSX system: • none • RIP/SAP • triggered RIP/SAP WAN P Specifies an active WAN peer (receives and sends information at all times) or a passive WAN peer (receives/sends information only when a connection is up).
Page 150: Bridge Information Configuration Elements
USER’S GUIDE RIDGE NFORMATION ONFIGURATION LEMENTS IP (S ETWORK UMBER If the CyberSWITCH uses an IP RLAN interface to connect to a remote bridge, you must provide this information. This address associates the bridge with the IP network to which it connects. Enter this address using dotted decimal notation.
Page 151: Pots Information
ONFIGURING EVICE EVEL ATABASES On-node Device Entries POTS I NFORMATION RIORITY There are three different selections available for POTS priority. They are: • Preemption of 2nd B-Channel by POTS Appropriate when both B-channels are active to the device. If you select this priority, one of the two active data calls to this device will be preempted to service an incoming/outgoing phone call.
Page 152: On-Node Device Database Security Requirements
USER’S GUIDE NODE EVICE ATABASE ECURITY EQUIREMENTS The following sections provide the On-node Device Table configuration requirements for possible security option configurations for each category of remote device. Categories are defined by the operating mode (bridging or routing), and the line protocol in use. Bridging with HDLC Bridge Devices To allow a Bridge device to connect to the CyberSWITCH, you must have MAC Layer Bridging enabled.
Page 153 ONFIGURING EVICE EVEL ATABASES On-node Device Entries The following table identifies the configuration requirements for possible security options for IP Routing with Bridge Devices. Security Mode On-node Device Table Configuration Data Configuration Calling Bridge Calling Line Id Bridge Bridge Password IP (Sub) Network Line Id Ethernet...
Page 154 USER’S GUIDE The following table identifies the configuration requirements for possible security options for PPP IP Devices. Security Mode Configuration On-node Device Table Configuration Data Calling Line Id PAP or CHAP Calling Line Id PAP Password IP Address Security CHAP Secret Disabled Enabled Not Requested...
Page 155 ONFIGURING EVICE EVEL ATABASES On-node Device Entries IP Routing with PPP Bridge Devices (Using BCP) To allow devices to connect to the CyberSWITCH using IP routing through a PPP Bridge device, you must configure a RLAN IP Network Interface. IP routing must also be enabled. For each PPP Bridge using this type of connection, you may need to enter the Device Name, a Calling Line Id, a PAP Password or a CHAP Secret, and an IP (Sub) Network Number.
Page 156: Off-Node Device Database Location
USER’S GUIDE NODE EVICE ATABASE OCATION ONFIGURING NODE EVICE ATABASE OCATION CFGEDIT SING Select Off-node Device Database Location from the Device Level Databases menu. If you need guidance to find this menu, refer to the instructions provided in the On-node Device Database configuration section.
Page 157: Configuring User Level Databases
ONFIGURING EVEL ATABASES VERVIEW User level security is an authentication process between a specific user and a device. The authentication process is interactive; users connect to a terminal server and need to interact with it in order to communicate with other devices beyond the server. The CyberSWITCH supports user level security through the RADIUS, TACACS, or ACE server.
Page 158: User Level Authentication Database Location Configuration Elements
USER’S GUIDE EVEL UTHENTICATION ATABASE OCATION ONFIGURATION LEMENTS ATABASE OCATION The database location for user level security. Choices are: RADIUS Server, TACACS Server, or ACE Server. ATABASE ELNET UMBER You must also specify the Telnet port number to be used for authentication with the selected server. This port number is a unique number that identifies the server.
Page 159: Configuring Off-Node Server Information
ONFIGURING NODE ERVER NFORMATION VERVIEW You can configure both local device entries and remote authentication databases for device authentication. When a device needs to be authenticated, the CyberSWITCH will first look the device up locally, and, if there is no device entry, will then check the remote database for device authentication.
Page 160: Vra Manager Authentication Server
USER’S GUIDE VRA M ANAGER UTHENTICATION ERVER VRA M ONFIGURING ANAGER UTHENTICATION ERVER Notes: In order for the CyberSWITCH to reference VRA Manager for device authentication, the following configuration steps must first be completed: • IP Routing must be enabled. If you try to enable the VRA Manager before IP routing has been enabled, an error message will be displayed.
Page 161: Vra Manager Authentication Server Configuration Elements
ONFIGURING NODE ERVER NFORMATION RADIUS Authentication Server VRA M ANAGER UTHENTICATION ERVER ONFIGURATION LEMENTS TCP P UMBER The TCP port number used by the VRA Manager. Note that you can assign a device-defined port number, but that the VRA Manager TCP port number must be entered identically on both the CyberSWITCH and the VRA Manager.
Page 162 USER’S GUIDE CFGEDIT SING Select option (2), RADIUS from the Off-node Server Information menu. If you need guidance to find this menu, refer to the instructions provided in the VRA Manager Authentication Server configuration section. The following screen will be displayed: RADIUS Authentication Server Menu: Primary Server IP Address...
Page 163: Radius Authentication Server Configuration Elements
ONFIGURING NODE ERVER NFORMATION RADIUS Authentication Server RADIUS A UTHENTICATION ERVER ONFIGURATION LEMENTS IP A DDRESS The IP address in dotted decimal notation for the RADIUS Server. This information is required for the Primary RADIUS Server, and also required if a Secondary RADIUS Server is configured. If a Secondary RADIUS Server is configured, it must have a different IP address than the Primary RADIUS Server.
Page 164: Tacacs Authentication Server
USER’S GUIDE information from the secondary server if one is configured. The connection will be released if neither server responds to the access requests. The section titled On-node Device Table Security Requirements describes the device authentication information required for each type of remote device. The information you need to configure depends upon what you have configured for the CyberSWITCH operating mode (bridging and/or routing), and the security options you select.
Page 165: Tacacs Authentication Server Configuration Elements
ONFIGURING NODE ERVER NFORMATION TACACS Authentication Server Optional: configure a secondary TACACS Server with selection (2). In the event that the primary server does not respond to system requests, the secondary server will be queried for device authentication information. The address and port number of the Secondary Server must not be the same as the Primary Server.
Page 166: Ace Authentication Server
USER’S GUIDE system will send an access request retry if the primary server does not respond. After the configured number of retries, the system will request authentication information from the secondary server if one is configured. The connection will be released if neither server responds to the access requests.
Page 167: Ace Authentication Server Configuration Elements
ONFIGURING NODE ERVER NFORMATION ACE Authentication Server Select Miscellaneous Information to finish the configuration. Specify the number of access request retries that the system will send to the Authentication Server. b. Specify the time between retries. Choose between the DES or SDI Encryption Method. The algorithm you select must be compatible with the ACE Server setup.
Page 168: Ace Authentication Server Background Information
USER’S GUIDE UMBER OF CCESS EQUEST ETRIES The number of Access Request Retries that the system will send to the ACE Server. The initial default value is 3. The acceptable range is from 0 to 32,767. IME BETWEEN CCESS EQUEST ETRIES The time between Access Request Retries sent from the system.
Page 169: Configuring Network Login Information
ONFIGURING ETWORK OGIN NFORMATION VERVIEW The CyberSWITCH offers a number of configurable options to control the login process for this system and for off-node authentication servers. These options include: • general network login configuration • network login banners • login configuration specific to RADIUS •...
Page 170: Network Login General Configuration Background Information
USER’S GUIDE Concerning item (9), Authentication Timeout, note the following recommendation: If using the Security Dynamics Ace Server, modify the timeout value to be greater than the change frequency value of the SecurID cards. Refer to the Security Dynamics documentation for more information on this change frequency value.
Page 171: Network Login Banners Background Information
ONFIGURING ETWORK OGIN NFORMATION Network Login Banners ETWORK OGIN ANNERS ONFIGURING ETWORK OGIN ANNERS CFGEDIT SING Select option (2), Network Login Banners from the Network Login Information menu. If you need guidance to find this menu, refer to the instructions provided in the Network Login General Configuration configuration section.
Page 172: Login Configuration Specific To Radius Server
USER’S GUIDE RADIUS S OGIN ONFIGURATION PECIFIC TO ERVER RADIUS S ONFIGURING ERVER OGIN NFORMATION CFGEDIT SING Select option (3), Login Configuration Specific to RADIUS Server from the Network Login Information menu. If you need guidance to find this menu, refer to the instructions provided in the Network Login General Configuration configuration section.
Page 173: Login Configuration Specific To Radius Server Background Information
ONFIGURING ETWORK OGIN NFORMATION Login Configuration Specific to TACACS Server SING ANAGE netlogin Displays the current network login configuration data. After entering the netlogin command, you will be prompted for the type of login configuration information you want. The prompt will resemble the CFGEDIT screen in which this information was originally configured.
Page 174 USER’S GUIDE Selection (1) from the TACACS Specific Device Login Menu allows you to change the password control character: Enter control character used to switch from LOGIN to CHANGE PASSWORD mode. Select the control character that you wish to us by typing caret (‘^’) followed by another character (example: ^A), or ‘0’...
Page 175: Login Configuration Specific To Tacacs Server Background Information
ONFIGURING ETWORK OGIN NFORMATION Login Configuration Specific to TACACS Server netlogin change Allows you to change the current network login configuration data. After entering the netlogin change command, you will be prompted for the type of login configuration information you want to change. The prompt will resemble the CFGEDIT screen in which this information was originally configured.
Page 176: Advanced Configuration
DVANCED ONFIGURATION We define advanced configuration as the configuration you may use to fine tune your system, or to configure options that are not necessarily needed by the majority of users. For example, if you would like to configure an alternate access (an alternate to ISDN access); this would be considered advanced configuration.
Page 177: Configuring Alternate Accesses
ONFIGURING LTERNATE CCESSES VERVIEW An access defines the connection details the CyberSWITCH uses to reach the network. The default access is ISDN access, a switched-network access. Configurable accesses are required for dedicated network connections, for packet-switched network connections including X.25 and frame relay connections.
Page 178: Dedicated Access Background Information
USER’S GUIDE ROTOCOL Designates the type of line protocol that will be used on the dedicated connection. PPP line protocol is the correct selection for most configurations. HDLC protocol may work for devices that only support HDLC protocol. EVICE PTIONAL Optional parameter.
Page 179: Accesses
ONFIGURING LTERNATE CCESSES X.25 Accesses X.25 A CCESSES X.25 A ONFIGURING AN CCESS Note the following: • X.25 accesses are available only if you have purchased the additional software module for packet switched accesses. • To establish virtual circuits over X.25, you must enable device level security (page 120).
Page 180: Lapb Configuration Information
USER’S GUIDE Enter a list of bearers (a channel map).The range of channels is from 1 to 2. Separate bearer channels by commas, and/or list a range by using a dash (-). LAPB C ONFIGURATION NFORMATION Note: You will not be prompted for this information if you are using X.25 over a D-Channel. The system will “know”...
Page 181 ONFIGURING LTERNATE CCESSES X.25 Accesses Configure the X.25 Reliability, Windows, and Acknowledgment Facilities. Select the type of sequence numbers to be used for X.25: regular or extended. Extended sequence numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128), as opposed to 0-7 (modulo 8).
Page 182: Permanent Virtual Circuit Information
USER’S GUIDE ERMANENT IRTUAL IRCUIT NFORMATION Note: SVCs and PVCs are specified in the X.25 Logical Channel Assignments section of the configuration. However, PVCs require additional configuration, which is done in this section. Follow the onscreen instructions to begin the configuration of a virtual circuit. Note: Default values are configured for each PVC when an access is newly created.
Page 183: Lapb Configuration Elements
ONFIGURING LTERNATE CCESSES X.25 Accesses EARER HANNELS A list of bearers (a channel map) that will be used on the line associated with this X.25 access. The range of channels is from 1 to 2. Separate bearer channels by commas, and/or list a range by using a dash (-).
Page 184: Access Configuration Elements
USER’S GUIDE X.25 A CCESS ONFIGURATION LEMENTS The X.25 Access configuration elements are divided into seven different categories: • X.25 Logical Channel Assignments • X.25 Timer Configuration • X.25 Reliability, Windows, and Acknowledgment Facilities • X.25 Quality-of-Service Facilities • X-25 Charging -Related Facilities •...
Page 185 ONFIGURING LTERNATE CCESSES X.25 Accesses X.25 R ELIABILITY INDOWS CKNOWLEDGMENT X.25 S EQUENCE UMBER ANGE The type of sequence numbers to be used for X.25; regular or extended. Extended sequence numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128), as opposed to 0-7 (modulo 8).
Page 186 USER’S GUIDE ONSTANDARD EFAULT RANSMIT INDOW The number of frames that a DTE can send without receiving an acknowledgment. Using modulo 128, the DTEs can send up to 127 frames without receiving an acknowledgment. Using modulo 8, the DTEs can send up to 7 frames without receiving an acknowledgment. The default value for both modulo 8 and modulo 128 is 2.
Page 187: Pvc Configuration Elements
ONFIGURING LTERNATE CCESSES X.25 Accesses X.25 R ESTRICTION ACILITIES These facilities are used to place restrictions upon incoming and outgoing X.25 calls. ARRING NCOMING ALLS Allows to you bar X.25 calls coming in to the system. The default configuration is to not bar incoming X.25 calls.
Page 188: Access Background Information
USER’S GUIDE ONSTANDARD EFAULT ECEIVE INDOW The number of frames that a DTE can receive without receiving an acknowledgment. Using modulo 128, the DTEs can send up to 127 frames without receiving an acknowledgment. Using modulo 8, the DTEs can send up to 7 frames without receiving an acknowledgment. The default value for both modulo 8 and modulo 128 is 2.
Page 189 ONFIGURING LTERNATE CCESSES X.25 Accesses a virtual path, although it appears that a real circuit exits, in reality, the network routes the device’s information packets to the designated designation. Any given path may be shared by several devices. When the virtual circuit is established, a logical channel number is assigned to it at the originating end.
Page 190: Current X.25 Restrictions
USER’S GUIDE X.25 R URRENT ESTRICTIONS • X.25 virtual circuits must be two-way logical channels; one-way incoming and one-way out- going channels are not currently supported. • Each system can have only one X.25 access. The X.25 access can use only one line. •...
Page 191: Configuring Apvc
ONFIGURING LTERNATE CCESSES Frame Relay Accesses Enter a list of bearers (a channel map). The range of channels is from 1 to 2. Separate bearer channels by commas, and/or list a range by using a dash (-). Enter the maximum frame size supported by the network (including the endpoints). Select whether or not HDLC Data is inverted.
Page 192: Frame Relay General Configuration Elements
USER’S GUIDE Enter the Rate Measurement Interval in msecs. Note: You must restart the CyberSWITCH in order to associate the PVC with a device. After all of the above PVC information is entered, an index number will be assigned to the associated DLCI.
Page 193: Frame Relay Pvc Configuration Elements
ONFIGURING LTERNATE CCESSES Frame Relay Accesses Indicates whether or not this frame relay access will support the Local Management Interface (LMI). If this frame relay access supports LMI, LMI information can be displayed by entering the fr lmi command at the system console prompt. For further LMI information, refer to the Local Management Interface Overview.
Page 194 USER’S GUIDE PVC L ROTOCOL The PVC line protocol determines which type of data encapsulation will be used on the PVC. The options are PPP Point to Point Protocol or FR_IETF. PPP allows PPP authentication for the associated device. FR_IETF is a multiprotocol encapsulation for Frame Relay, currently specified by RFC 1490.
Page 195: Frame Relay Access Background Information
ONFIGURING LTERNATE CCESSES Frame Relay Accesses RAME ELAY CCESS ACKGROUND NFORMATION Frame Relay is a frame mode service in which data is switched on a per frame basis, as opposed to a circuit mode service that delivers packets on a call-by-call basis. This feature will allow the system to efficiently handle high-speed, bursty data over wide area networks.
Page 196: The Local Management Interface Overview
USER’S GUIDE configured in the device table. It will find the PVC and the line protocol that corresponds to the PVC name and change its PVC name to match the corresponding device name. Notes: VRA Manager is currently the only off-node device database supported by the CyberSWITCH for Frame Relay.
Page 197: Congestion Control Overview
ONFIGURING LTERNATE CCESSES Frame Relay Accesses -- the rate at which data frames may be sent into the network without incurring congestion. This is generally accepted as the end-to-end available bandwidth at which frame relay service devices may enjoy sustained frame transmission. By definition this must be less than the throughput that the actual physical access link can support.
Page 198 USER’S GUIDE However, under the above stated conditions, the network configuration shown below would not be allowed: DLCI 1 -> NE2 CSX150 Frame Relay "Site1" DLCI 2 ->NE 2 CSX150 NOT ALLOWED "Site2" Switched connections can only be used as a backup to frame relay. As such, a switched connection would be made to a given node connected by a frame relay access only after that frame relay access had failed.
Page 199: Configuring Advanced Bridging
ONFIGURING DVANCED RIDGING VERVIEW When bridging is enabled, optional advanced features are available. Optional bridging features include: • bridge dial out • enabling/disabling MAC hardware filtering • Spanning Tree Protocol • mode of operation • mode of hardware filtering • bridging filters •...
Page 200: Configuring The Device List For Bridge Dial Out
USER’S GUIDE ONFIGURING THE EVICE IST FOR RIDGE Note: Configuring Device Level Databases chapter contains the information needed to completely configure an on-node device entry. The following section provides instructions for entering on-node device information specific to the bridge dial out feature. CFGEDIT SING Select Security from the main menu.
Page 201: Mac Hardware Filtering
ONFIGURING DVANCED RIDGING MAC Hardware Filtering Device Bridging: (Device = "DAN") 1) IP (sub)network number None 2) Bridging ENABLED 3) Make Calls for bridge data None 4) IPX Network Number None 5) IPX Spoofing Options Id of option to change or press <RET> for previous menu? 3 Enable Bridging.
Page 202: Spanning Tree Protocol
USER’S GUIDE PANNING ROTOCOL ONFIGURING PANNING ROTOCOL CFGEDIT SING Select Spanning Tree from the Bridging menu. Enter the bridge age time. PANNING ROTOCOL ONFIGURATION LEMENTS RIDGE If you are using bridge dial out, you may wish to increase this value to prevent the connection from aging out before the call is made.
Page 203: Restricted Bridge Mode
ONFIGURING DVANCED RIDGING Mode of Hardware Filtering • If the packet matches no filter, the packet is forwarded. The specific forwarding action depends upon whether or not the destination is known. (See following descriptions.) No Filter Match - Destination Known If the destination is known and the corresponding device is on the Known Connect List, the connection is made and the packet is then forwarded to the specific destination.
Page 204: Manual Mode Hardware Filtering
USER’S GUIDE ANUAL ARDWARE ILTERING When the system software initializes in the manual mode, no bridge learning occurs. Instead, the bridge will skip the learning phase and move directly to the forwarding phase. The system will check to see if the incoming packet’s destination bridge address is on the configured list of addressees.
Page 205 ONFIGURING DVANCED RIDGING Bridge Filters Configure protocol filters. Select to add a protocol filter. b. Select a protocol definition Id. Select a distribution list. Configure packet data filters. Select to add a packet data filter. b. Enter the off set value. Enter the mask in hex.
Page 206 USER’S GUIDE srcfilt change Allows the current source address filter configuration to be changed. srcfilt delete Allows a source address filter to be deleted from the current configuration. Destination MAC Filter Commands destfilt Displays the current destination address filter configuration data. destfilt add Allows a destination address filter to be added to the current configuration.
Page 207: Bridge Filter Configuration Elements
ONFIGURING DVANCED RIDGING Bridge Filters Hardware Filter Commands hwfilt Displays the current hardware filter configuration data hwfilt add Allows a hardware filter to be added to the current configuration. hwfilt change Allows the current hardware filter configuration data to be changed. hwfilt delete Allows a hardware filter to be deleted from the current configuration.
Page 208: Hardware Filter Configuration Elements
USER’S GUIDE ALUE Hexadecimal number up to 80 characters in length that specifies the value used to determine if the packet matches the filter. The value field must be a subset of the mask field. That is, the value field logically “anded”...
Page 209: Bridge Filters Background Information
ONFIGURING DVANCED RIDGING Bridge Filters RIDGE ILTERS ACKGROUND NFORMATION User-defined bridge filters allow you to filter unwanted traffic out of the network. The following table lists the four different types of bridge filters and the maximum number of filters that can be configured for each type: Filter Type Maximum...
Page 210: Bridge Filter Definitions
USER’S GUIDE Two of the more common protocols used today are: • The IP Protocol Id, which identifies DOD Internet Protocol packets with Ethernet type equal to hexadecimal 800, or 802.3 LSAP equal to hexadecimal 6060. • The IPX Protocol Id, which identifies Novell (old) NetWare IPX packets with Ethernet type equal to hexadecimal 8137, or 802.3 LSAP equal to hexadecimal E0E0.
Page 211 ONFIGURING DVANCED RIDGING Bridge Filters DESTINATION MAC-address DISCARD < distribution list > This filter allows you to discard MAC frames addressed to the specified MAC address. When the specified MAC address appears in the destination address field of the MAC frame, the frame will NOT be forwarded as specified in the distribution list.
Page 212 USER’S GUIDE The following charts summarize the filter actions available for Unrestricted Bridging: Filter Action Distribution Result List DISCARD A packet matching this filter will not be forwarded on any LAN port. The packet will be sent to remote sites connected over the WAN according to the normal learning bridge methods.
Page 213 ONFIGURING DVANCED RIDGING Bridge Filters Restricted Mode Bridge Filters Restricted Mode Forwarding Action Type of Filter available SOURCE FORWARD SOURCE CONNECT DESTINATION FORWARD DESTINATION CONNECT PROTOCOL FORWARD PROTOCOL CONNECT PACKET FORWARD PACKET DISCARD PACKET CONNECT SOURCE unicast-address FORWARD <distribution list> This filter allows you to stipulate access privileges of a given device.
Page 214 USER’S GUIDE PROTOCOL protocol-Id FORWARD < distribution list > This filter allows you to restrict packets based on the Ethernet protocol Id field or the corresponding 802.3 LSAP field. You can specify the protocol Id that is to be forwarded. The filtering mechanism will determine if the packet is Ethernet format or 802.3 format.
Page 215 ONFIGURING DVANCED RIDGING Bridge Filters The following chart summarizes the forward filter actions available for Restricted Bridging: Filter Distribution Result Action List FORWARD A packet matching this filter will only be forward- ed on the LAN ports. The packet will not be sent to any remote sites connected over the WAN.
Page 216: Dial Out Using Bridge Filters
USER’S GUIDE SING RIDGE ILTERS Each type of bridge filter for each operating mode supports a different set of “forwarding actions.” Your particular set up and device configuration will determine which type of filter and forwarding arrangement will be the most useful. For our purposes, we will illustrate what we feel to be the most commonly used filter arrangement: the Destination MAC Address Filter used in Unrestricted Mode.
Page 217: Small Office Remote Access Switch
ONFIGURING DVANCED RIDGING Bridge Filters Bridge Filter Menu: 1) Protocol Definition 2) Source MAC Address Filter 3) Destination MAC Address Filter 4) Protocol Filter 5) Packet Data Filter 6) Hardware Filters Select function from above or <RET> for previous menu: 3 Current Destination Address Filter: DEST ADDRESS ACTION...
Page 218: Known Connect List
USER’S GUIDE Current Destination Address Filter Configuration: DEST ADDRESS ACTION DISTRIBUTION LIST -------------------------------------------------------- 112233445566 CONNECT John (1) Add, (2) Change, (3) Delete a Destination Address Filter or <RET> to return to the previous menu? Your filter is now configured for this example. Remember, each type of filter for each operating mode supports a different set of “forwarding actions.”...
Page 219: Known Connect List Configuration Elements
ONFIGURING DVANCED RIDGING Known Connect List NOWN ONNECT ONFIGURATION LEMENTS EVICE The name of a bridge device that has been preconfigured in the On-node Device Database section of the Configuring Device Level Databases chapter. This is a device to which you want the system to connect and forward bridged unicast packets.
Page 220: Configuring Advanced Ip Routing
IP R ONFIGURING DVANCED OUTING VERVIEW By default, IP routing is disabled when you first install your system software. After IP routing is enabled, there are optional advanced features available. Optional advanced IP routing features include: • Static ARP Table Entries ARP (Address Resolution Protocol) is used to translate IP addresses to Ethernet addresses.
Page 221: Isolated Mode Configuration Elements
IP R ONFIGURING DVANCED OUTING Static Route Lookup via RADIUS SOLATED ONFIGURATION LEMENTS SOLATED TATUS You may enable or disable the Isolated Mode option. SOLATED ACKGROUND NFORMATION When operating with isolated mode enabled, the CyberSWITCH does not relay IP datagrams received from the WAN to other IP routers/hosts located on the WAN.
Page 222: Ip Address Pool
USER’S GUIDE server by enabling this feature. The systems will download necessary static routes information from the server when needed. Refer to this guide’s RADIUS configuration information. The RADIUS Authentication Server User’s Guide (an electronic document) also provides information on the RADIUS Authentication Server. Refer to Configuring the RADIUS Server for instructions on obtaining this document.
Page 223: Ip Filters
IP R ONFIGURING DVANCED OUTING IP Filters When a PPP connection is established to the system, the system and the remote device exchange their IP addresses during the IPCP (IP Control Protocol) phase. If the remote device does not know its own IP address, the system will assign a proper IP address to it.
Page 224: Configuring Packet Types
USER’S GUIDE IP Routing Menu: IP Routing (Enable/Disable) IP Operating Mode IP Interfaces IP Static Routes RIP (Enable/Disable) IP Static ARP Table Entries Isolated Mode(Enable/Disable) Static Route Lookup via RADIUS(Enable/Disable) IP Address Pool 10) DHCP Configuration 11) IP Filter Information. Select function from above or <RET>...
Page 225: Configuring The Common Ip Portion
IP R ONFIGURING DVANCED OUTING IP Filters The screen identifies the common portion of the packet type, which includes the IP addresses and protocol information. To modify these values, refer to the following section entitled Configuring the Common IP Portion. The criteria for IP addresses includes the: •...
Page 226: Configuring Tcp
USER’S GUIDE ONFIGURING If you have selected TCP as your IP protocol, a screen similar to the following is displayed. Note that the following TCP defaults constitute a wild card match for any TCP packet: PACKET TYPE "Type_One": 1) IP Source Address AND 0.0.0.0 EQUAL 0.0.0.0 2) IP Destination Address AND 0.0.0.0 EQUAL 0.0.0.0...
Page 227: Configuring Icmp
IP R ONFIGURING DVANCED OUTING IP Filters If you have chosen the comparison operator of “RANGE”, you will be prompted for upper-range and lower-range values. If you have chosen a comparison operator other than “RANGE”, you will be prompted for a specific UDP port number. Select UDP Destination Port.
Page 228: Configuring Forwarding Filters
USER’S GUIDE ONFIGURING ORWARDING ILTERS The configuration of Forwarding Filters is a two-part process. First you must name the filter, and then you must create a list of conditions for the filter. To add a condition, you must name a previously-created packet type, and then name the action to perform on the specified packet type (i.e., forward or discard).
Page 229: Configuring Connection Filters
IP R ONFIGURING DVANCED OUTING IP Filters ONFIGURING ONNECTION ILTERS The IP Connection Filter is used at the point when an IP packet attempts to establish an outbound connection in order to continue the forwarding process. Its configuration parallels that of forwarding filters.
Page 230: Configuring Exception Filter
USER’S GUIDE ONFIGURING XCEPTION ILTER The IP Exception Filter is intended for temporary, special conditions within an existing forwarding filter. When enabled, it is logically appended to the beginning of each forwarding filter in effect. CFGEDIT SING Select Exception Filter from the IP Filter menu. Enable the Exception Filter.
Page 231: Modifying The Final Condition For A Filter
IP R ONFIGURING DVANCED OUTING IP Filters ODIFYING THE INAL ONDITION FOR A ILTER To change the final condition for a filter, select Change Default Condition (currently selection (5) on the Conditions for Filter menu. PPLYING ILTERS Once you have defined your forwarding filters, you must apply them to selected points in the IP routing process.
Page 232: Ip Filters Configuration Elements
USER’S GUIDE Select IP Information. Select either IP Input Filter or IP Output filter. Provide the filter name. IP F ILTERS ONFIGURATION LEMENTS The following elements are described in terms of the individual comparisons which make up the packet types. When an IP packet is subjected to a filter, the following comparisons are executed. The final result of the comparisons is a “match”...
Page 233: Ip Filters Background Information
IP R ONFIGURING DVANCED OUTING IP Filters equal to <port> not equal to <port> less than <port> greater than <port> RANGE inclusive range <port1> <= packet port value> = <port2> Examples: EQ 23: TCP port for the Telnet protocol. RANGE 0 65535:Any TCP port (wild card and default). TCP C ONTROL This element accesses the control bits of the TCP header, which are utilized to initiate and maintain...
Page 234: Filter Composition
USER’S GUIDE FILTER IP Packet Discard Type 3 Discard Action: Conditions Type 1 Discard/Forward Forward Type 4 Packet Types: Type 1: www,www,www Type 2: xxx,xxx,xxx Type 3: yyy,yyy Type 4: zzz,zzz Final Discard All Other Types Condition ILTER OMPOSITION The IP filtering mechanism is composed of three fundamental building blocks: Packet Types The criteria for describing an IP datagram’s contents: IP Source and Destination Addresses, Protocol (TCP, UDP, etc.), Protocol-specific fields (TCP port, etc.).
Page 235: Role Of Filters In The Ip Processing Flow
IP R ONFIGURING DVANCED OUTING IP Filters • through the Output Network Interface: applies the filter only to packets which are transmitted on a specific attached network (i.e. after the Routing process has determined the next-hop net- work for the datagram). •...
Page 236: Packet Types
USER’S GUIDE Because the Packet Types within the conditions specify both source and destination address information, Global application may often be sufficient to filter IP traffic across the entire system. However, the Input, Output and User-Based application points are defined in case the administrator needs to apply a finer level of filtering which cannot be obtained on a Global basis.
Page 237: Limitations
IP R ONFIGURING DVANCED OUTING IP Filters Common Portion: IP Source Address AND mmm.mmm.mmm.mmm EQ/NEQ ttt.ttt.ttt.ttt IP Destination Address AND mmm.mmm.mmm.mmm EQ/NEQ ttt.ttt.ttt.ttt Protocol Field EQ/NEQ TCP/UDP/ICMP/ANY/<n> Protocol-Specific Portion TCP: Source Port EQ <port> / NEQ < port > /GT < port > / LT < port > / RANGE <p1>...
Page 238: Example Of An Ip Filter Configuration
USER’S GUIDE IP F XAMPLE OF AN ILTER ONFIGURATION This example provides a simple filtering scenario in which a corporate LAN utilizes a CyberSWITCH to provide WAN access to both dial-in devices as well as the global Internet. A Netserver resides on the LAN to provide configuration support for the CyberSWITCH. Also on the LAN are an anonymous FTP server and a WWW server.
Page 239 IP R ONFIGURING DVANCED OUTING IP Filters FORWARD IP Src 0.0.0.0, 0.0.0.0 Permits any host to access the FTP IP Dst: 255.255.255.255, 128.131.25.10 Server. IP Prot: ANY FORWARD IP Src 0.0.0.0, 0.0.0.0 Permits any host to access the WWW IP Dst: 255.255.255.255, 128.131.25.12 Server IP Prot: ANY FORWARD...
Page 240: Dhcp Relay Agent
USER’S GUIDE FORWARD IP Src 255.255.255.255, 201.55.89.100 Allows specific host to access the Net- IP Dst: 255.255.255.255, 128.131.25.11 server. IP Prot: ANY FORWARD All other packet types If no match, let filter execution contin- ue with the existing input filter. Once the offsite maintenance is completed, the Exception filter would be disabled.
Page 241: Dhcp Configuration Elements
IP R ONFIGURING DVANCED OUTING DHCP Relay Agent DHCP C ONFIGURATION LEMENTS DHCP/BOOTP R ELAY GENT NABLE ISABLE A global flag that indicates whether the system is relaying the DHCP/BOOTP BOOTREQUEST messages or not. The relay agent is disabled by default. IP A ELAY ESTINATION...
Page 242 USER’S GUIDE Bridge to Bridge Environment CSX150 Using bridging DHCP DHCP Server Remote Bridge DHCP Client DHCP Client As shown in the picture above, when a remote LAN is connected with bridge devices, the DHCP server and clients communicate with each other as if they were on the same LAN. This is one example configuration of how DHCP can be used to accomplish the dynamic IP address assignment to the remote IP devices.
Page 243: Example Dhcp Configurations
IP R ONFIGURING DVANCED OUTING DHCP Relay Agent DHCP CSX150 Using routing DHCP Server Remote Bridge DHCP DHCP Client DHCP Client DHCP C XAMPLE ONFIGURATIONS Below we have included a common DHCP scenario. It may help you configure your own DHCP feature.
Page 244 USER’S GUIDE Routers shown in the diagram above. Sample configurations for the objects in the above network diagram are as follows: Configuration for IP Router "Alex" Configuration for IP Router "Ruby" System Information: System Information: System Name = Alex System Name = Ruby System Password = stone System Password = rubble Security Level = Device Level (On-node...
Page 245 IP R ONFIGURING DVANCED OUTING DHCP Relay Agent Remote Bridge to IP Router (w/Relay Agent) This configuration is useful when requests by a DHCP Client must be “bridged” to an IP Router that is also a DHCP/BOOTP Relay Agent. Our equipment is shown in this example, but any remote bridge device should work.
Page 246 USER’S GUIDE Configuration for IP Router "Alex" Configuration for Remote Bridge "Ruby" System Information: System Information: System Name = Alex System Name = Ruby System Password = stone System Password = rubble Security Level = Device Level (On-node Security Level = Device Level (On-node Device Database, PAP security) Device Database, PAP security) Bridging disabled...
Page 247: Dhcp Proxy Client
IP R ONFIGURING DVANCED OUTING DHCP Proxy Client DHCP P ROXY LIENT DHCP P ONFIGURING THE ROXY LIENT In order to configure the DHCP Proxy Client, you must first enable the client, and then configure client information for a WAN or a WAN (Direct Host) type interface. CFGEDIT SING Select DHCP Configuration from the IP menu.
Page 248: Dhcp Configuration Elements
USER’S GUIDE DHCP C ONFIGURATION LEMENTS DHCP P ROXY LIENT NABLE ISABLE A global flag that indicates whether the DHCP Proxy Client feature is enabled or not. The proxy client is disabled by default. IP A AXIMUM UMBER OF DDRESSES Refers to the maximum number of IP addresses obtained from DHCP servers for this network interface.
Page 249: Sample Configuration: Ip Router With Dhcp Proxy Client
IP R ONFIGURING DVANCED OUTING DHCP Proxy Client The DHCP Proxy Client feature is not applicable for the CyberSWITCH running in IP HOST mode. DHCP servers must support use of the broadcast bit in order to obtain IP addresses for WAN (Direct Host) interfaces.
Page 250 USER’S GUIDE Configuration for IP Router “Chloe” System Information: System Name = Chloe System Password =pets Security Level = Device Level (On-node Device Database, PAP security) Bridging disabled IP enabled (router mode) I/F = LAN (192.168.1.168); LAN port 1 I/F = WAN explicit (192.168.10.168) DHCP related: max addrs to obtain=10 num addrs to pre-fetch=5...
Page 251: Configuring Ipx
ONFIGURING VERVIEW IPX protocol accepts data from remote devices and formats the data for transmission onto the network, and conversely, accepts data from the LAN and formats it so it can be understood by remote devices. In short, IPX allows remote devices and their servers to communicate. The CyberSWITCH supports the standard method of routing datagrams over a network.
Page 252: Configuring Ipx Information
USER’S GUIDE IPX I ONFIGURING NFORMATION Note: IPX is available only if you have purchased the additional software module for our IPX feature. To help you configure your IPX information, we have included an illustration of a sample network. As we explain the steps, we provide sample CFGEDIT screens. The screens include information from the sample network.
Page 253: Ipx Routing Option
ONFIGURING IPX Routing Option IPX R OUTING PTION NABLING ISABLING Note: The CyberSWITCH does not currently provide IPX data transfer over X.25 links. CFGEDIT SING Select Options from the main menu. Select IPX Routing from the Options menu. The following menu will be displayed: IPX Menu: 1) IPX Routing (Enable/Disable) Select function from above or <RET>...
Page 254: Ipx Option Background Information
USER’S GUIDE IPX O PTION ACKGROUND NFORMATION The Internetwork Packet Exchange (IPX) protocol is a datagram, connectionless protocol in the NetWare environment analogous to the Internet Protocol (IP) in the TCP/IP environment. With the help of Routing Information Protocol (RIP) and Service Advertising Protocol (SAP), the IPX router performs the network layer tasks of addressing, routing and switching information packets, to move packets from one location to another in a complex network.
Page 255: Ipx Network Number Background Information
ONFIGURING IPX Network Interfaces IPX N ETWORK UMBER ACKGROUND NFORMATION Novell NetWare networks use IPX external and internal network numbers. An IPX internal network number is a unique identification number assigned to a network server or router at the time of installation.
Page 256 USER’S GUIDE If IPX RIP has been enabled for the system, enter the following: RIP send control (do not respond or respond) b. frequency (in seconds) of sending RIP updates RIP receive control (do not respond or respond) d. time (in seconds) to age RIP entries RIP respond control (do not respond or respond) 10.
Page 257: Ipx Network Interface Configuration Elements
ONFIGURING IPX Network Interfaces IPX N ETWORK NTERFACE ONFIGURATION LEMENTS IPX N ENERAL ETWORK NTERFACE ONFIGURATION LEMENTS NTERFACE When configuring an IPX Network interface, this parameter specifies the type of network segment to which the network interface connects. The network Interface type of LAN indicates that the system is physically connected to an Ethernet LAN segment.
Page 258: Sap Ipx Network Interface Configuration Elements
USER’S GUIDE REQUENCY Specifies the frequency at which the system will transmit RIP packets, if the Send control parameter is set to send for this interface. This parameter is a decimal value specified in seconds from 1 to 300. The default value is 60 seconds. ECEIVE ONTROL Specifies how the system will process RIP packets received on this network interface.
Page 259: Ipx Network Interface Background Information
ONFIGURING IPX Network Interfaces IPX N ETWORK NTERFACE ACKGROUND NFORMATION Traditional routing products ask you to define the network interfaces to which the router is directly connected: LAN I NTERFACES LAN network interfaces are fixed broadcast media type interfaces. These interfaces are assigned a specific network number and all devices on that LAN must agree on the IPX network number used on the LAN segment.
Page 260: Ipx Routing Protocols
USER’S GUIDE IPX R OUTING ROTOCOLS IPX R ONFIGURING OUTING ROTOCOLS CFGEDIT SING Select Routing Protocols from the IPX menu. The following will be displayed: IPX Routing Protocol Menu: IPX RIP Processing is currently ENABLED IPX RIP Table maximum is 282141 IPX SAP Processing is currently ENABLED IPX SAP Table maximum number of entries is 282141 Select function from above or <RET>...
Page 261: Ipx Routing Protocol Background Information
ONFIGURING IPX Routing Protocols RIP/SAP N UMBER OF ABLE NTRIES Specifies the maximum number of routing entries which can be stored in the route or service table. You may select a number between 20 and 3072. The default value is 141 IPX R OUTING ROTOCOL...
Page 262: Special Considerations - Remote Lan Interface
USER’S GUIDE Static services are configured locally on the system. SAP entries are learned from incoming SAP packets. All services are stored, used internally and advertised to other routers. The same factors that affect the maximum number of routes stored also affect the maximum number of services stored.
Page 263: Ipx Static Routes
ONFIGURING IPX Static Routes IPX S TATIC OUTES Note: With the availability of Triggered RIP/SAP (page 274), the configuration of static routes is no longer necessary but still supported. Situations may arise in which a remote router does not support our implementation of Triggered RIP/SAP. In this case, it would be necessary to configure a static route to that particular router.
Page 264: Ipx Static Routes Configuration Elements
USER’S GUIDE SING ANAGE OMMANDS ipxroute Displays the current IPX routes (both statically entered and "learned"). ipxroute [add/change/delete] Allows you to add/change/delete an IPX route. IPX S TATIC OUTES ONFIGURATION LEMENTS ESTINATION ETWORK The IPX network number reachable through this static route entry. This parameter is a hexadecimal value from 1 to 4 bytes in length.
Page 265: Ipx Netware Static Services
ONFIGURING IPX NetWare Static Services IPX N TATIC ERVICES Note: With the availability of Triggered RIP/SAP (page 274), the configuration of static services is no longer necessary but still supported. Situations may arise in which a remote router does not support our implementation of Triggered RIP/SAP. In this case, it would be necessary to configure a static service for that particular router.
Page 266: Ipx Netware Static Services Configuration Elements
USER’S GUIDE IPX N TATIC ERVICES ONFIGURATION LEMENTS ERVICE Specifies the NetWare service name that is the target of this static service definition. This parameter is a 48 character NetWare service name. ERVICE Indicates the type of NetWare service that is the target of this static service definition. You may enter the hexadecimal service type value, or request a list of common service types.
Page 267: Ipx Netware Static Services Background Information
ONFIGURING IPX Spoofing IPX N TATIC ERVICES ACKGROUND NFORMATION This IPX feature allows you to configure service servers that are on networks across the WAN. The IPX NetWare Static Services configuration tells the system which servers are available for access. The static route configuration tells the system how to get to the network on which the servers are located.
Page 268: Ipx Spoofing Configuration Elements
USER’S GUIDE b. Press 2 to select the system serialization packet handling level. The default values for all parameters will be displayed. Enter the Id of any parameters you need to change. Follow the onscreen instructions for changing the default values. Return to the IPX spoofing menu. Press 4 to configure the message packet handling.
Page 269: Watchdog Protocol
ONFIGURING IPX Spoofing ATCHDOG ROTOCOL Watchdog Protocol is used by NetWare Servers to detect “dead” clients. If no traffic has been seen by a server from an attached client for a configurable amount of time, the server sends a watchdog packet to the client to determine if the client is still alive or merely inactive.
Page 270: Ipx Type 20 Packet Handling
USER’S GUIDE Some of these <SYS> packets are overloaded in that they are not just keep-alive packets but are control packets needed for the application to run successfully and hence have to be routed like regular SPX data packets. If any NetWare application does not seem to work across WANs, it may be because of the mishandling of these <SYS>...
Page 271: Ipx Type 20 Packet Handling Configuration Elements
ONFIGURING IPX Isolated Mode IPX T 20 P ACKET ANDLING ONFIGURATION LEMENTS IPX T 20 P ACKET ANDLING TATUS You may enable or disable IPX type 20 packet WAN forwarding. When it is enabled, you may specify devices that can use this feature. IPX T 20 P ACKET...
Page 272: Ipx Isolated Mode Background Information
USER’S GUIDE IPX I SOLATED ACKGROUND NFORMATION When operating with isolated mode enabled, the CyberSWITCH does not relay IPX datagrams received from the WAN to other IPX routers/hosts located on the WAN. IPX datagrams received from the WAN will be discarded if they need to be forwarded over the WAN. IPX datagrams received on the LAN interface are forwarded to the proper interface.
Page 273: Configuring Triggered Rip/Sap Global Timers
ONFIGURING IPX Triggered RIP/SAP RIP/SAP G ONFIGURING RIGGERED LOBAL IMERS CFGEDIT SING Select Triggered RIP/SAP from the IPX Routing Menu. Select Global Triggered RIP/SAP Timers. A menu similar to the following will be displayed: Global Triggered RIP/SAP Timers Options: Current Settings Database Timer 180 sec.
Page 274: Triggered Rip/Sap Background Information
USER’S GUIDE SUBSCRIPTION IMER Over subscription is the situation in which there are more next-hop routers on the WAN that need updates than there are channels available. When a WAN circuit goes down, a delay (per the over- subscription timer) is incorporated in marking the routes unreachable. This allows the calls to time- multiplex over the limited channels.
Page 275 ONFIGURING IPX-Specific Information for Devices Press 1 to add a device. Enter the device’s name and press <RET>. You should provide ISDN Authentication information first. Select IPX. A screen similar to the following will be displayed: Device IPX Configuration Menu: (Device = "remote1") IPX Routing DISABLED Make calls for IPX data...
Page 276 USER’S GUIDE Device Level IPX Watchdog Spoofing Menu: 1) Default Handling is Discard 2) Handling while the connection is up is Forward 3) Handling for the special period after disconnecting is Spoof 4) Special period of time after disconnecting is 120 Minutes Select function from above or <RET>...
Page 277: Remote Lan Devices
ONFIGURING IPX-Specific Information for Devices LAN D EMOTE EVICES Remote LAN devices are configured in a slightly different way than WAN devices. Since the remote device is a bridge and not an IPX router, the IPX options for Remote LAN devices are configured under the bridge-level options, as follows: CFGEDIT SING...
Page 278: Ipx Configuration Elements For Devices
USER’S GUIDE IPX C ONFIGURATION LEMENTS FOR EVICES IPX R OUTING Indicates that the remote device is an IPX router and that the system should route IPX datagrams to this device. The system will forward IPX datagrams to this device based on IPX network layer information if this parameter is set to enabled.
Page 279: Ipx Background Information For Devices
ONFIGURING IPX-Specific Information for Devices RIDGING Defines the remote device as a bridge and not an IPX router. Since bridges operate at the MAC layer, the system must provide MAC layer emulation for remote bridge devices, while continuing to route the network layer IPX protocol. This field must be enabled for remote LAN devices. AKE CALLS FOR BRIDGE DATA This feature is not yet supported for IPX Remote LANs.
Page 280: Configuring Snmp
SNMP ONFIGURING VERVIEW A Network Management Station (NMS) is a device that contains SNMP-specific software, giving it the ability to query SNMPAgents using various SNMP commands. If you have purchased an NMS (such as Cabletron’s SPECTRUM® Management Platform), you should enable and configure the CyberSWITCH to be an SNMP Agent.
Page 281 SNMP ONFIGURING Configuring SNMP The steps to configure SNMP are: Enable IP routing if you have not already done so. Select SNMP from the Options menu. Follow the onscreen instructions to enable SNMP. The following SNMP menu will then be displayed: SNMP Menu: SNMP (Enable/Disable)
Page 282: Snmp Configuration Elements
USER’S GUIDE SING ANAGE OMMANDS Currently you cannot configure SNMP using the Manage Mode, but the following command is available: snmp This Manage Mode command displays the current SNMP configuration data. An example output screen is shown below: MANAGE> SNMP The SNMP feature is enabled.
Page 283: Snmp Background Information
SNMP ONFIGURING SNMP Background Information IP A DDRESS The IP address assigned to the management station that should receive Trap PDUs. OMMUNITY A list of configured Community Names will be displayed. Select the Community Name that should be inserted in the Trap PDUs to be sent to the NMS with the corresponding IP address. UTHENTICATION AILURE RAPS...
Page 284 USER’S GUIDE ASN. 1 File CSX150 128.111.1.1 LAN A MIB Formatter 128.111.1.1 Network Management Station Network Management Station The SNMP Agent will process all SNMP Protocol Data Units (PDUs) which are received at a LAN port or which are received at a WAN port. (A PDU contains both data and control (protocol) information that allows the two processes to coordinate their interactions.
Page 285 SNMP ONFIGURING SNMP Background Information Currently, each object in the above MIB-2 groups can be retrieved via an SNMP GetRequest or GetNextRequest PDU. However, only the snmpEnableAuthenTraps object in the SNMP group can be changed via the SNMP SetRequest PDU. Note: Any system object that is changed via an SNMP SetRequest will be returned to its initial value when that system is restarted due to power loss or the action of an system operator.
Page 286 USER’S GUIDE • authTimeout Trap An SNMP Agent will generate an authTimeout Trap PDU anytime an off-node server times out. • clidDisconnect Trap An SNMP Agent will generate an clidDisconnect Trap PDU anytime there is a configuration problem with a device’s Calling Line Id. •...
Page 287: Configuring Appletalk Routing
ONFIGURING PPLE OUTING VERVIEW The AppleTalk routing feature allows the CyberSWITCH to efficiently route AppleTalk data as opposed to bridging all data relating to the protocol. With the addition of the AppleTalk Remote LAN feature, the CyberSWITCH can be configured to be a router, bridge or a mix of both when handling AppleTalk traffic.
Page 288: Appletalk Routing Option Configuration Element
USER’S GUIDE PPLE OUTING PTION ONFIGURATION LEMENT PPLE PERATIONAL TATUS You can enable or disable the AppleTalk Routing option. When AppleTalk Routing is enabled, the CyberSWITCH acts as an AppleTalk Router, routing AppleTalk datagrams based on AppleTalk address information. When AppleTalk Routing is disabled, the CyberSWITCH will simply bridge AppleTalk protocol network traffic.
Page 289: Appletalk Ports Configuration Elements
ONFIGURING PPLE OUTING AppleTalk Ports If you are configuring your system in the nondiscovery mode (you entered numbers other than 0 or 0-0 for the network range/number), complete the following: Enter either the suggested AppleTalk address or the suggested AppleTalk node Id (depending on AppleTalk network type configured).
Page 290: Appletalk Ports Background Information
USER’S GUIDE PPLE ETWORK ANGE UMBER The AppleTalk network range (for Extended network) or the AppleTalk network number (for NonExtended network) of the LAN segment that the port is connected to. Specifying 0.0 (for Extended) or 0 (for NonExtended) places the port in discovery mode (a.k.a., non-seed router), in which the system learns its configuration information from the seed router.
Page 291: The Zone Concept
ONFIGURING PPLE OUTING AppleTalk Ports ONCEPT A zone is a logical group of nodes on an internet, much like the concept of subnetting with the world of IP. Within the framework of Phase 2 the logical assignment of zones is limited to 255 zone names for a network.
Page 292: Appletalk Static Routes
USER’S GUIDE number/range configured for the Remote LAN port differs from the network number/range that is being broadcasted in RTMP packets by other remote routers, the port becomes unusable. Configuration In order to properly set up an AppleTalk Remote LAN, you must: •...
Page 293: Appletalk Routing Static Routes Configuration Elements
ONFIGURING PPLE OUTING AppleTalk Capacities PPLE OUTING TATIC OUTES ONFIGURATION LEMENTS PPLE ETWORK The AppleTalk network type used by the destination network of this static route. Type can be either Extended Network or NonExtended Network. ESTINATION ETWORK ANGE UMBER The remote AppleTalk network range (for Extended network) or network number (for NonExtended network) reachable through this static route entry.
Page 294: Appletalk Capacities Background Information
USER’S GUIDE PPLE APACITIES ACKGROUND NFORMATION This option allows you to control the maximum number of table entries (routing and zone tables) for your network. PPLE SOLATED ONFIGURING THE PPLE SOLATED CFGEDIT SING Select Isolated Mode (Enable/Disable) from the AppleTalk Routing Menu. Follow the onscreen instructions to either enable or disable the isolated mode.
Page 295: Configuring Call Control
ONFIGURING ONTROL VERVIEW The CyberSWITCH offers a number of configurable options to control how the system will make and accept calls. These options include: • configuring throughput monitor parameters • configuring call interval parameters • configuring monthly call charge parameters •...
Page 296: Throughput Monitor Configuration Elements
USER’S GUIDE Follow the onscreen instructions to keep the feature enabled. Enter the sample rate in seconds. Enter the overload trigger number. Enter the overload window size. Enter the overload percentage utilization. Enter the underload trigger number. Enter the underload window size. 10.
Page 297: Throughput Monitor Background Information
ONFIGURING ONTROL Throughput Monitor NDERLOAD RIGGER UMBER The number of samples within the window that must be below the next lowest target capacity for the UNDERLOAD condition to occur. NDERLOAD INDOW The number of sample periods (up to 32) that you should use as the sliding window. RIGGER UMBER The number of samples within the window that must be below the specified utilization for the...
Page 298: Overload Condition Monitoring
USER’S GUIDE The throughput monitor feature constantly monitors the use of the connections and looks for the following conditions: • The overload condition, which indicates that demand exceeds the current aggregate capacity of the WAN connections. The system can add more bandwidth when this occurs. •...
Page 299: Idle Condition Monitoring
ONFIGURING ONTROL Throughput Monitor ONDITION ONITORING The CyberSWITCH monitors for the idle condition when only one connection to another site remains. The system detects when there is no longer a need to maintain connectivity with the other site. An absolute idle condition is defined as a number of consecutive sample periods with zero bytes transferred.
Page 300: Call Interval Parameters
USER’S GUIDE The average throughput is 40% for the third sample rate period. This is less than the configured utilization, so out of the last 3 samples (a sliding window is in use), 1 out of 3 samples have throughput that is greater than the configured utilization. The overload condition has still not been met.
Page 301: Monthly Call Charge
ONFIGURING ONTROL Monthly Call Charge more than 3 call attempts within 2 seconds. This prevents certain model switches from being overloaded. In areas where these low capacity switches are not installed, calls can be made more frequently. Before the system initiates a data connection, it first checks the time at which the last connection was initiated.
Page 302: Call Restrictions
USER’S GUIDE ESTRICTIONS ONFIGURING ESTRICTIONS Note: Certain restrictions apply to the use of Call Restrictions and Semipermanent Connections. Refer to the Background Information discussion. CFGEDIT SING Select Call Restrictions from the Call Control Options menu. Follow the onscreen instructions for enabling this feature. The current call restriction configuration will be displayed.
Page 303 ONFIGURING ONTROL Call Restrictions The following chart provides the numbers you should use to represent the am and pm hours of the hours calls are allowed: From: 12:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:59 1:59 2:59 3:59...
Page 304: Call Restrictions Background Information
USER’S GUIDE INUTES PER The limit of number of call minutes per day. The default value is 240 call minutes per day. Call minutes will be calculated periodically while calls are active (not when a call is disconnected). Statistics will be kept to track the total number of call minutes made per day. This statistic will be written to the statistics log every half hour, and available through the ds command.
Page 305: Bandwidth Reservation
ONFIGURING ONTROL Bandwidth Reservation Notes: It is important to note that the Call Restriction feature only applies to outbound calls from the system. When a condition occurs that triggers a warning to be written to the log, the message will be written only once for the duration of the condition.
Page 306 USER’S GUIDE the port number. This example shows that there is only one BRI adapter, and it is installed in slot number one, and has four ports. There is a line for each port number. Press 1 to add a device profile. Enter a user-defined unique name to identify the profile.
Page 307: Bandwidth Reservation Configuration Elements
ONFIGURING ONTROL Bandwidth Reservation Under ISDN information, enter the profile information. This is a profile name you configured in the previous section. Remember from the previous section that each configured profile reserves specific lines. By assigning this profile to the device, you are reserving specific lines for this device.
Page 308: Bandwidth Reservation Background Information
USER’S GUIDE ANDWIDTH ESERVATION ACKGROUND NFORMATION This feature allows a portion of the possible connections to always be available to specific devices for both inbound and outbound calls. To increase flexibility, this feature may be configured to either allow or prevent bandwidth overlap. Bandwidth overlap will allow normal devices to use a certain number of lines, while a special class of super devices would be allowed access to both the normal bandwidth (designated in the default profile) as well as special super device bandwidth (designated in the configured device profile).
Page 309 ONFIGURING ONTROL Semipermanent Connections Determine if the CyberSWITCH should always retry a call. If yes, then configuration for the device is done, the device is entered into the semipermanent device list, and appears as shown below. If no, continue to step 7. Semipermanent Connections Menu: Device Name Max Retries...
Page 310: Semipermanent Connections Configuration Elements
USER’S GUIDE EMIPERMANENT ONNECTIONS ONFIGURATION LEMENTS EVICE Specify the device name (from the Device List) that you wish to make a semipermanent connection. Once specified, the semipermanent feature will (at least) keep the Initial Data Rate active to the specified device, as long as it is not prohibited by call restrictions or a physical or configuration problem.
Page 311 ONFIGURING ONTROL Semipermanent Connections Call Restrictions You may wish to disable call restrictions when using semipermanent connections. Call restrictions are mainly intended for use in areas where “per minute” ISDN tariffs are in place. Typically, this in not the case if semipermanent connections are in use. If you decide not to disable Call Restrictions, we recommend that you make the following Call Restriction parameter alterations: •...
Page 312: Vra Manager As A Call Control Manager
USER’S GUIDE VRA M ANAGER AS A ONTROL ANAGER This feature allows you to use the Virtual Remote Access (VRA) Manager for call control management only. This feature allows you to continue to use other authentication servers (e.g., RADIUS, ACE) yet still gain the benefits of VRA call control management. VRA M ONFIGURING ANAGER FOR...
Page 313: Background Information
ONFIGURING ONTROL VRA Manager as a Call Control Manager UTHENTICATION IMEOUT IMER This timer represents the amount of time the CyberSWITCH will wait for the Authentication Agent to handle a login attempt before timing out. If VRA is enabled as Call Control Manager, this time- out value must then represent the amount of time for both: •...
Page 314: Limitations/Considerations
USER’S GUIDE • User Level Security If you use user level security for authentication: configure devices on the VRA manager as well. This will provide access to the following VRA call control management features: call restrictions, maximum bandwidth, and grouping (in addition to the call logging feature). User level security and VRA call control management work together as follows: VRA allows a device to connect under an alias name until the user can be verified by its authentication server.
Page 315: Configuring Other Advanced Options
ONFIGURING THER DVANCED PTIONS VERVIEW This chapter provides information for configuring advanced system options that are not covered in the previous chapters. These options include: • configuring PPP • configuring default line protocol • configuring log options • configuring system compression options •...
Page 316: Ppp Configuration Elements
USER’S GUIDE PPP C ONFIGURATION LEMENTS ERMINATE The number of Terminate-Request packets sent without receiving a Terminate-Ack before assuming that the peer is unable to respond. ONFIGURE The number of Configure-Request packets sent without receiving a valid Configure-Ack, Configure-Nak or Configure-Reject before assuming that the peer is unable to respond. AILURE The number of Configure-Nak packets sent without sending a Configure-Ack before assuming that configuration is not converging.
Page 317: Ppp Background Information
ONFIGURING THER DVANCED PTIONS PPP Configuration AILURE ETECTION TATUS You can enable or disable the link failure detection feature. If enabled, there will be a periodic transmission of Echo-Request frames, a maintenance type frame provided by PPP’s Link Control Protocol. Reception of the appropriate Echo-Reply frame indicates a properly functioning connection;...
Page 318: Ppp Reference Documents
USER’S GUIDE However, the PPP link exists on an end-to-end basis with the remote peer, a domain which exceeds that controlled by the signalling-type entities just cited. Thus, not every end-to-end failure will be detected. Some examples of such failures include: •...
Page 319: Default Line Protocol
ONFIGURING THER DVANCED PTIONS Default Line Protocol EFAULT ROTOCOL The default values for this feature are adequate for most situations. Instructions are included for the rare instance that you need to alter the configuration. Note: This feature does not apply to analog connections (including digital modem). ONFIGURING EFAULT ROTOCOL...
Page 320: Log Options
USER’S GUIDE PTIONS Log options allow you to direct log reports to a specific location. Reports an be directed to a local log file, or to a UNIX-style syslogs server. Currently, only call detail recording (CDR) reports can be directed to a specific location. ONFIGURING PTIONS CFGEDIT...
Page 321: Log Options Background Information
ONFIGURING THER DVANCED PTIONS Log Options one version of UNIX to the next, the system allows you to set the entire priority value as an integer. This integer will be prepended to all messages sent to this Syslog server. Note: You do not have to configure a Syslog Server name.
Page 322: Cdr Log Report Overview
USER’S GUIDE files and devices depending upon its configuration. Refer to your UNIX system documentation for more information on syslogd. Each log message sent to a syslogd server has a priority tag associated with it. The priority tag is encoded as a combination: facility.level. The facility identifies the part of the system creating the log message and the level describes the severity of the condition which caused the log message to be written.
Page 323 ONFIGURING THER DVANCED PTIONS Log Options .2, and so on up to .10. The file extension cycles through the values 1 through 10 with each write command, similar to the current report log file and status log file, so that the ten most recent versions of the CDR log are available on the system disk.
Page 324 USER’S GUIDE Event Report Contents A CDR event triggers a report which can consist of one or more records. Each record corresponds to a line in the log file. This alleviates any constraints of having to fit a report in an 80 character string.
Page 325 ONFIGURING THER DVANCED PTIONS Log Options This field indicates the data rate for a B channel. The possible values are 56 Kb, 64 Kb and 384 Kb. URATION This field reflects the time that a connection is active; it is presented in hours, minutes and seconds. The precise meaning varies somewhat for a successful connection versus a call rejection.
Page 326 USER’S GUIDE Disconnect Event Report Contents On a disconnect event, records 1 through 4 are used. The event type is DISCONNECT. The timestamp reflects the time that the decision to disconnect was made. The phone number displayed is the phone number in the Connect report. The duration is calculated by subtracting the connect event time from the disconnect time.
Page 327: Compression Options
ONFIGURING THER DVANCED PTIONS Compression Options OMPRESSION PTIONS Compression allows the CyberSWITCH to compress outgoing data and decompress incoming data. This allows user devices on the WAN to initiate a connection to the system over the switched digital network and transmit and receive compressed data, thereby increasing the amount of data that can be transmitted over the line and decreasing the transmission time.
Page 328: Compression Options Background Information
USER’S GUIDE compression enable/disable state based on this value when no value is delivered by the off-node database. You may later change a specific device’s enable/disable state. The per-device compression enable/disable state is only supported for connections using the PPP protocol.
Page 329: Compression And Ccp
ONFIGURING THER DVANCED PTIONS Compression Options algorithm. The peer and remote compression algorithms must be synchronized, this is accomplished by negotiating compression at channel connect time. Once this has been accomplished compressed data can be transmitted. If a transmission problem should ever occur the problem is detected and compression re-synchronized by the execution of a pre-defined protocol.
Page 330: Tftp
USER’S GUIDE to operate, albeit without compression. An error message will be logged indicating an internal decompression failure. Compression is negotiated independently on inbound and outbound channels. It is possible to provide compression in one direction while not in the opposite direction. Should the peer not support PPP compression, CCP will fail to converge and the link will continue to operate without providing compression.
Page 331: Tftp Configuration Elements
ONFIGURING THER DVANCED PTIONS TFTP TFTP C ONFIGURATION LEMENTS TFTP F PERATIONAL TATUS OF EATURE You can enable or disable the TFTP feature. TFTP C PERATIONAL TATUS OF LIENT You can enable or disable the TFTP client feature. The TFTP client functions are achieved through administration console commands.
Page 332: File Attributes
USER’S GUIDE When a device remotely access the TFTP server, it doesn’t matter what level the device is logged in as. What matters is the device level that is configured for the Server on the system that is being logged into. It is this file access level (or device login level) that controls all remote devices accesses. TTRIBUTES ONFIGURING TTRIBUTES...
Page 333 ONFIGURING THER DVANCED PTIONS File Attributes • “RW” is for read and write access • “N” is for no access rights for the corresponding file type The file types that fall under the headings shown above are as follows: File category File types included in the category REPORT RPRT_LOG.1 -...
Page 334: Troubleshooting
ROUBLESHOOTING We include the following chapters in the Troubleshooting segment of the User’s Guide: • System Verification After your CyberSWITCH has been configured, and before proceeding with normal system operations, you may want to verify that the system is functional. System Verification provides instructions for verifying the system hardware and system configuration.
Page 335: System Verification
YSTEM ERIFICATION VERVIEW After your CyberSWITCH has been configured, and before proceeding with normal system operation, it is necessary to verify that the system is functional. This chapter provides instructions for verifying the system hardware and system configuration. You only need to perform the verification procedures for the options that apply to your configuration.
Page 336: Verifying Wan Lines Are Available For Use
USER’S GUIDE WAN L ERIFYING INES ARE VAILABLE FOR To verify the availability of WAN lines, the WAN resource must already be operational. Also, the WAN lines must already be configured and connected to the CyberSWITCH. To verify the availability of WAN lines: Check the Line SYNC LED for the BRI line.
Page 337: Verifying Bridge Is Initialized
YSTEM ERIFICATION Verifying Bridge is Initialized If the system displays this message, then the test packet was transmitted correctly. If this message IS NOT displayed, then the LAN connection failed. Refer to LAN Attachment the Problem Diagnosis chapter. ERIFYING RIDGE IS NITIALIZED To verify that bridging has initialized properly: Determine if the bridge is in the forwarding state by viewing the system messages.
Page 338: Verifying A Dedicated Connection
USER’S GUIDE ERIFYING A EDICATED ONNECTION To verify a dedicated connection to the CyberSWITCH, the WAN lines that are connected to the system must be available for use, and the routing option must be properly initialized. To verify that you have a dedicated connection: View the system messages by entering the following console command: dr <return>...
Page 339: Verifying An X.25 Connection
YSTEM ERIFICATION Verifying an X.25 Connection X.25 C ERIFYING AN ONNECTION To verify an X.25 to the CyberSWITCH, the WAN lines that are connected to the System must be available for use, and the routing option must be properly initialized. Follow the steps below to verify that you have an X.25 connection.
Page 340 USER’S GUIDE Below is an example of a configuration used to verify multi-level security over an IP WAN UnNumbered interface. It uses IP addresses specific to the example. Substitute the IP address of your network when you perform the multi-level security verification steps. It also uses the “ping” command.
Page 341: Verifying Ip Host Mode Is Operational
YSTEM ERIFICATION Verifying IP Host Mode is Operational IP H ERIFYING ODE IS PERATIONAL The follow sections provide methods of verifying that the IP Host Mode has properly initialized and that the feature is operational. IP H ERIFYING OST IS NITIALIZED If you have configured the IP feature in the Host mode, follow the steps below to verify that it has initialized properly.
Page 342: Verifying Ip Host Mode Operation Over A Wan Connection
USER’S GUIDE If a message similar to the following is displayed, the IP host mode feature over the specified LAN port is operational. Repeat this step for each LAN port on your Ethernet resource. 100.0.0.2 is alive If this message is not displayed, then the IP Host mode feature over the LAN connection is not operational.
Page 343: Verifying Ip Routing Over Awan Interface
YSTEM ERIFICATION Verifying IP Routing Over Interfaces CSX150 100.0.0.1 100.0.0.0 100.0.0.2 Host A To verify IP Routing over a LAN connection: Determine if the CyberSWITCH can access the local IP host. On the administration console type: ip ping 100.0.0.2 <return> Issuing this command will result in a response similar to the following: 100.000.000.002 is alive If the system displays this message, then IP routing over that LAN port is operational.
Page 344 USER’S GUIDE 192.100.1.1 CSX150 ISDN 100.0.0.1 100.0.0.0 Host B 192.100.1.3 Host A 100.0.0.2 The steps to verify the operation of IP routing over a WAN interface are: Determine if a remote IP host can access the WAN interface of the CyberSWITCH over the WAN connection.
Page 345: Verifying Ip Routing Over A Wan (Direct Host) Interface
YSTEM ERIFICATION Verifying IP Routing Over Interfaces IP R WAN (D ERIFYING OUTING VER A IRECT NTERFACE To verify that IP routing is properly operational over a WAN (Direct Host) interface, a remote IP Host must be operational and available to initiate connections. Also, a local IP host must be connected to the local LAN port on the CyberSWITCH.
Page 346: Verifying Ip Routing Over A Wan Remote Lan Interface
USER’S GUIDE IP R WAN R LAN I ERIFYING OUTING VER A EMOTE NTERFACE To verify that IP routing is properly operational over a WAN Remote LAN interface, a remote IP Host must be operational and connected to the remote LAN. The remote bridge device must be operational and available to initiate connections.
Page 347: Verifying Ip Routing Over A Wan Unnumbered Interface
YSTEM ERIFICATION Verifying IP Routing Over Interfaces If the remote IP host successfully pings to the local IP host, then IP routing over the WAN Remote LAN interface is operational. Repeat the above steps for each WAN Remote LAN interface through which you wish to get access. If the remote IP host CANNOT ping to the local IP host, refer to IP Routing over a WAN Remote LAN Interface Connection...
Page 348: Verifying Ip Filters
USER’S GUIDE IP F ERIFYING ILTERS To verify that IP Filters are functioning, perform the following test: Configure and apply at least one IP filter that contains at least one condition whose action is to DISCARD the matching packet. Perform a trace on discarded packets. On the administration console issue the command: ip filter trace discard <return>...
Page 349: Verifying Ip Rip Output Processing On A Lan Interface
YSTEM ERIFICATION Verifying IP RIP IP RIP O LAN I ERIFYING UTPUT ROCESSING ON A NTERFACE To verify that IP RIP Output Processing (routes advertisement) is properly operational on a LAN interface, the IP RIP processing must be successfully initialized. Also, a local IP host (router) must be connected to the local LAN port on the system and capable of learning routes information via RIP.
Page 350: Verifying Ip Rip Input Processing On A Lan Interface
USER’S GUIDE IP RIP I LAN I ERIFYING NPUT ROCESSING ON A NTERFACE To verify that IP RIP Input Processing (routes learning) is properly operational on a LAN interface, IP RIP processing must be successfully initialized. Also, a local IP router must be connected to the local LAN port on the system and capable of propagating routes information via RIP.
Page 351: Verify Ip Rip Input Processing Operational On A Wan Interface
YSTEM ERIFICATION Verifying IP RIP command is used by a specific router to display the IP routing table. Substitute the equivalent command for your IP router. CSX150 Router Dedicated Connection 100.1.1.1 192.1.2.1 192.1.1.1 100.1.1.2 The steps to verify the operation of IP RIP output processing on a WAN interface are: Make sure that a dedicated connection between system and Router is up and operational.
Page 352: Verifying Ipx Router Is Initialized
USER’S GUIDE IPX R ERIFYING OUTER IS NITIALIZED To verify that the IPX Routing option has initialized properly. Determine if IPX routing has been initialized on the CyberSWITCH by viewing the system messages. To display the messages enter the following console command: dr <return>...
Page 353: Verifying Ipx Routing Over A Lan Connection
YSTEM ERIFICATION Verifying IPX Routing is Operational IPX R LAN C ERIFYING OUTING OVER A ONNECTION To verify the operation of IPX Routing over a LAN connection: Determine if SITE1 can access the local NetWare Server “local.” On SITE1’s administration console type: ipx diag cc:1 <return>...
Page 354: Verifying Ipx Routing Over Awan Connection
USER’S GUIDE IPX R WAN C ERIFYING OUTING OVER A ONNECTION To verify the operation of IPX Routing over a WAN connection: Determine if NetWare Client A can see the remote NetWare Server “remote.” To do this, activate NetWare Client A’s desktop network neighborhood feature. Then check to see if “remote”...
Page 355: Verifying Appletalk Routing Is Operational
YSTEM ERIFICATION Verifying the AppleTalk Routing Feature Look for the following message among the system messages: AppleTalk routing initialized successfully For the AppleTalk port that has been configured, the following port initialization message should be displayed among the system messages: AppleTalk successfully initialized on <port-type>...
Page 356: Verifying Appletalk Routing Operational Over The Lan Connection
USER’S GUIDE ERIFYING PPLE OUTING PERATIONAL OVER THE CONNECTION The steps to verify the operation of AppleTalk Routing feature over a LAN connection are: Determine if the local Macintosh can see all zones. Bring up the Chooser on the Local Mac: If a list of all zones (Left Zone and Right Zone) appear in the Chooser as shown above, then the AppleTalk Routing over a LAN connection is operational.
Page 357: Verifying Snmp Is Operational
YSTEM ERIFICATION Verifying SNMP is Operational If Remote Mac appears in Select a file server: box, then AppleTalk Routing over the WAN connection is operational. If Remote Mac IS NOT displayed, then AppleTalk Routing feature over the WAN connection is not operational. Refer to AppleTalk Routing Operation Over the WAN Connection in the Problem Diagnosis chapter.
Page 358: Verifying The Dial Out Feature
USER’S GUIDE ERIFYING THE EATURE To perform the Dial Out verification for a remote device, you need to know the configured device name associated with the device’s device table entry. Note that the device name is case sensitive. If you already know the device name, skip to step 4. Otherwise, begin the verification process with step 1.
Page 359: Verifying Compression Is Operational
YSTEM ERIFICATION Verifying Compression is Operational ERIFYING OMPRESSION IS PERATIONAL Make sure compression is enabled on a system-wide basis. Cause a call to be established with a device for which per-device compression is enabled. To verify that compression is in effect with the device, issue the cmp stats <devicename> console command while the connection is in place.
Page 360: Verifying Dhcp Relay Agent
USER’S GUIDE Set up two systems in a back-to-back, dedicated, BRI scenario where at least one of the systems is a PC-Platform. Configure a dedicated access between the 2 systems. The usage of a PC-platform exploits the fact that the layer 1 of a PC-based BRI board stays active even when you exit the software.
Page 361: Verifying The Relay Agent Is Enabled
YSTEM ERIFICATION Verifying DHCP Relay Agent ERIFYING THE ELAY GENT IS NABLED If the Relay Agent has been enabled via configuration, it will attempt to open a UDP port for use. A message describing the outcome of this operation will appear in the report log. Examine the report log.
Page 362: Verifying Dhcp: Proxy Client
USER’S GUIDE Shortly after a DHCP Client is powered on, it will attempt to get its IP address from a DHCP Server. If it is successful, its IP-related features (e.g., ping, telnet, etc.) will become operational. If the client could not obtain its IP address, it will retry periodically to do so. From the DHCP Client, attempt to ping the Relay Agent (“Ruby”) that is on the same LAN: C:\>...
Page 363: Verifying The Proxy Client Is Enabled
YSTEM ERIFICATION Verifying DHCP: Proxy Client If you do not see this message in the report log, the DHCP Proxy Client has successfully performed its initialization processing. If this message is contained in the report log, refer to DHCP Proxy Client Initialization in the Problem Diagnosis chapter.
Page 364: Ip Address Pool
USER’S GUIDE IP A DDRESS As IP addresses are obtained from DHCP servers, they are placed into the system’s IP Address Pool. To verify the presence of these DHCP-obtained IP addresses, perform the following: Examine the address pool. Type: ip addrpool <return> Look for addresses with an origin of DHCP.
Page 365 YSTEM ERIFICATION Verifying Proxy ARP is Operational Try to have an IP host device on one Ethernet segment communicate with an IP host device on the other Ethernet segment. For example, ping from Host A to Host B. If the communication between two IP devices across the WAN is successfully established, then the proxy ARP feature is properly working.
Page 366: Problem Diagnosis
ROBLEM IAGNOSIS VERVIEW This chapter, when used in conjunction with the System Verification chapter, helps diagnose and correct problems encountered in the verification process. During some of the diagnosis procedures, we ask you to enter an administration console command. To enter these commands, you must have an active administration session. If you need instructions for starting an administration session, refer to Accessing the CyberSWITCH.
Page 367: Bridge Initialization
ROBLEM IAGNOSIS Bridge Initialization RIDGE NITIALIZATION Problem: The system does not display the following bridge initialization messages: LAN Port <port #> is now in the LISTENING state LAN Port <port #> is now in the LEARNING state LAN Port <port #> is now in the FORWARDING state Action: Make sure the LAN Adapter...
Page 368 USER’S GUIDE Problem: The system does not display the WAN line availability messages. Instead, the system displays the following message after the status console command is issued: Out Svc 1 (slot #, port #) This means that Layer 1 cannot be established, most likely due to WAN cabling problems. Action: If the system has been operational for longer than 2 minutes, verify that the line is correctly attached to the proper system resource and port.
Page 369: Dedicated Connections
ROBLEM IAGNOSIS Dedicated Connections Problem: A WAN line is unavailable, and the following two messages are displayed together (to display messages, issue the dr console command): WAN card in slot <slot #> signals it is operational Abnormal response rcvd: state=-1 msg=73 reason=6 cc state=-1 Action: Check the configuration.
Page 370: Connections
USER’S GUIDE X.25 C ONNECTIONS Problem: An X.25 access is configured, but the x.25 stats command response is: No X.25 Access configured Action: Verify that the proper line and port have been selected. Enter the er command to erase the report log. Enter the trace lapb on command.
Page 371: Remote Device Connectivity
ROBLEM IAGNOSIS Remote Device Connectivity EMOTE EVICE ONNECTIVITY Problem: A remote device is not able to connect to the CyberSWITCH. Set-up: The system software should be up and running. (At the administration console: if you are in the Connection Monitor window, exit to the “[System Name] >” prompt.) Enable the call trace messages with the trace on console command.
Page 372: Multi-Level Security
USER’S GUIDE IP Security Rejection - Digit string wrong length IP Security Rejection - Invalid Security ID <Id string> Review the system configuration for the Device List. You can also refer to the System Messages chapter for the message meanings and the appropriate actions to be taken. The first two messages indicate that the system did not receive the required protocol data.
Page 373: Ip Host Mode
ROBLEM IAGNOSIS IP Host Mode IP H The following sections provide diagnostic procedures for the IP Host Mode. IP H NITIALIZATION Problem: The system does not display the correct IP Host Initialization messages. Or, instead, it displays the following message: [IP] IP Router is initialized successfully Action: Check the configuration.
Page 374: Ip Host Mode Operation Over The Wan Connection
USER’S GUIDE Verify that the hardware address (MAC address) for the IP Host in the CyberSWITCH’s ARP cache is correct. If it is not correct, verify the configuration in the IP Host. IP H PERATION OVER THE CONNECTION Problem: The remote IP Host connected to a WAN RLAN interface on the CyberSWITCH does not receive a ping response from the WAN RLAN interface.
Page 375: Ip Routing Over Awan Interface Connection
ROBLEM IAGNOSIS IP Routing Over Interface Connections encapsulations. Correct the IP Host or system configuration (through CFGEDIT) for encapsulation type. Try to ping the Host from another device on the LAN. If this is also unsuccessful, this may indicate a problem with the Host. Verify that the hardware address (MAC address) for the IP Host in the system’s ARP cache is correct.
Page 376: Ip Routing Over A Wan (Direct Host) Interface Connection
USER’S GUIDE Host, the remote IP Host may need a proper route entry for the local network where the CyberSWITCH is located. Make corrections to the remote IP Host configuration. Problem: The remote IP Host connected to a WAN interface on the CyberSWITCH does not receive a ping response from the local IP Host.
Page 377: Ip Routing Over Awan Rlan Interface Connection
ROBLEM IAGNOSIS IP Routing Over Interface Connections Action: Verify that the remote IP Host can access the LAN interface of the CyberSWITCH. If it can, continue with the next step. If the remote Host is unable to access the LAN interface, refer to the preceding problem and action.
Page 378: Ip Routing Over A Wan Unnumbered Interface Connection
USER’S GUIDE Verify that the remote bridge device is initiating a call to the CyberSWITCH. Since the CyberSWITCH LAN interface has an IP address assigned with a different network number than the one for the remote IP Host, the remote IP Host may need a proper route entry for the local network where the CyberSWITCH is located.
Page 379: Ip Rip
ROBLEM IAGNOSIS IP RIP For packet types, it is important to verify that the contents of the packet in question are indeed correctly specified (IP Addresses, Protocol, TCP Ports, etc.). b. For configured filters, keep in mind that component conditions are executed in the order in which they appear in the configuration.
Page 380: Ip Rip Output Processing On Alan Interface
USER’S GUIDE IP RIP O LAN I UTPUT ROCESSING ON A NTERFACE Problem: The local IP Host does not display the correct route entry, for example, the IP Host does not seem to be learning route information from the CyberSWITCH via RIP. Action: Using the ipnetif Manage Mode command, verify that the IP RIP Send Control is set to a RIP version that the IP Host can understand.
Page 381: Ip Rip Output Processing On A Wan Interface
ROBLEM IAGNOSIS IP RIP Also look for the IfStatRcvBadPackets and IfStatRcvBadRoutes counters. If these counters are not 0, there may be something wrong with the Router. If these counters are 0, there is an unexpected condition present within the CyberSWITCH software.
Page 382: Ipx Routing
USER’S GUIDE Enter the ip rip stats administration console command. Look for the IfStatRcvResponses counter for the interface. This statistics is the number of RIP update messages received on the interface. If the total number of these counters is 0, check the Router to verify that it is configured to send IP RIP update messages.
Page 383: Ipx Routing Over The Remote Lan Connection
ROBLEM IAGNOSIS IPX Routing indicate if it is static (L- locally configured) or dynamically learned via RIP (R). If it is learned via RIP, then basic communication between the CyberSWITCH and the local NetWare server is operational, and it is uncertain why the NetWare server does not respond to the ping request. Contact Customer Support.
Page 384: Ipx Routing Over The Wan Connection
USER’S GUIDE Verify device configuration on remote bridge. Bridge devices should be configured to make calls over the interface defined to go to the router. Problem: The router does not forward typical data (RIP, SAP, Type 20 packets) to the remote bridge. Action: Make sure a call is up.
Page 385: Ipx Routing And Service Tables
ROBLEM IAGNOSIS IPX Routing and Service Tables IPX R OUTING AND ERVICE ABLES Problem: The routing table on the CyberSWITCH is full. Action: The number of entries in the routing table is a configurable entity. This parameter may be between the values of 20 and 3072, and should be based on system need and system memory constraints.
Page 386: Triggered Rip/Sap Start Up
USER’S GUIDE RIP/SAP S RIGGERED TART Problem: The CyberSWITCH does not display a triggered RIP/SAP starting message for a WAN peer. Action: Verify that the WAN peer is properly configured. Issue the device command in Manage Mode to display the current Device List. Or, you may view the WAN peer list through CFGEDIT, Options, IPX Configuration, Triggered RIP/SAP.
Page 387: Appletalk Routing Initialization
ROBLEM IAGNOSIS AppleTalk Routing ISDN CSX1200 CSX150 "Site2" "Site1" WORKGROUP REMOTE ACCESS SWITCH LINE LINE LINE LINE POWER SERVICE 10BASE-T CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH Net Range: 10-11 Net Range: 20-21 Zone: Left Zone Zone: Right Zone Local Mac...
Page 388 USER’S GUIDE If EtherTalk is selected, and no zones are displayed, then contact your Distributor or Customer Support. If you are using Open Transport, verify that Local Mac has chosen a proper AppleTalk address within the valid network range (this would be 10-11 for the example network) by opening the AppleTalk control panel as shown below:...
Page 389: Appletalk Routing Operational Over The Wan Connection
ROBLEM IAGNOSIS AppleTalk Routing If the AppleTalk address for the router is not same as the one displayed when issuing atalk port console command, then the Local Mac is getting the information from another router. Please refer to the document for the router. If the AppleTalk address for Router is the same as the one displayed after issuing the atalk port console command, contact your Distributor or Customer Support.
Page 390: Snmp
USER’S GUIDE If the remote resources can not be seen even when the connection is up, then make sure the AppleTalk address of the remote device is valid. If the remote device is on an unnumbered network, then AppleTalk an address of 0.0 must be configured for the remote device in the device table.
Page 391 ROBLEM IAGNOSIS SNMP Problem: The CyberSWITCH does not generate SNMP Trap PDUs. Action: Enter the snmp stats command at the administrative console. If an “SNMP is not enabled” message appears, you must first enable the SNMP Agent (using CFGEDIT). If the SNMP statistics are displayed, check the value of the “snmpOutTraps” statistic. If this counter is zero, the SNMP agent has not generated any Traps.
Page 392: Dial Out
USER’S GUIDE Problem: A Dial Out call was not completed successfully. Action: If you issued the call device <device name> console command to initiate the call, check to see that you entered the device name correctly. Device names are case sensitive. If you issued the call peer <telephone number data rate>...
Page 393: Call Detail Recording
ROBLEM IAGNOSIS Call Detail Recording If there are no problems with actions 1 and 2, proceed to action 3. Check for the following system messages: In - proceeding <#,#> In - disconnect <#,#> - <disconnect cause> If the system reports these messages, then the network disconnected the call attempt. For the disconnect cause meaning, refer to the Cause Code table.
Page 394 USER’S GUIDE Verify that the device to which the connection is being established has compression enabled. If the device is another CyberSWITCH, refer to the previous step for instructions. Use the trace console command to examine the CCP frames exchanged with the device. This is typically accomplished by issuing the trace ppp on command, erasing the log contents, establishing the call, and then examining the log again (by issuing the dr console command) to view the frame trace.
Page 395: Dhcp: Relay Agent
ROBLEM IAGNOSIS DHCP: Relay Agent DHCP: R ELAY GENT ELAY GENT NITIALIZATION Problem: The following messages appear in the report log, after system initialization: [DHCP-R] Failed to allocated memory for transmit buffer pool [DHCP-R] Relay Agent initialization failed Action: These messages indicate that an error occurred during initialization of the DHCP/BOOTP Relay Agent.
Page 396: Relay Agent Operation
USER’S GUIDE ELAY GENT PERATION Problem: The DHCP client is not able to obtain its IP address from a DHCP server. Action: Check the DHCP configuration. This can be done by using CFGEDIT, or by using the dhcp Manage Mode command. Make sure that the Relay Agent is enabled on the desired machine.
Page 397: Proxy Client Operation
ROBLEM IAGNOSIS DHCP: Proxy Client Action: This message indicated that an internal error occurred while the DHCP Proxy Client was trying to register as a provider of addresses for the IP Address Pool. Therefore, the proxy client will not operate correctly. Contact your Distributor or Customer Support. Problem: The following message is NOT found in the report log after system initialization: [DHCP-P] Proxy Client enabled...
Page 398: Proxy Arp Operation
USER’S GUIDE Problem: The DHCP Proxy Client is enabled, and it has opened its UDP port, but there aren’t any “DHCP- obtained” addresses in the IP Address Pool. Action: Check the DHCP-related configuration for WAN and WAN (Direct Host) IP network interfaces which should have IP addresses obtained from DHCP servers for them.
Page 399: Led Indicators
LED I NDICATORS VERVIEW The front panel of the CyberSWITCH has several LED indicators. The POWER indicator will remain lit while the unit is on. There is a series of three LAN indicators: they will light to indicate transmissions, receptions, or good link integrity on the 10Base-T port. The bank of WAN indicators provide you with the status of each WAN line.
Page 400: Service Indicator
USER’S GUIDE D-CHAN LED status One Data Link Multiple Data Links* no activity no activity flashing trying to bring up not all data links are up (mostly off) data link flashing activity activity (mostly on) data link is up data link is up on solid no activity no activity...
Page 401: Service Indicator Remains Lit
LED I NDICATORS Service Indicator ERVICE NDICATOR EMAINS If the Service indicator remains lit during the power-on sequence, this means the system software is unable to boot. The system may be having some type of operational problem. While the Service indicator remains lit, the other LEDs will blink a certain number of times, pause, then blink that number of times again (See following table).
Page 402 USER’S GUIDE These messages indicate a problem with the LAN or BRI connections, or an incorrectly programmed SPID. The Service indicator will also blink if semipermanent devices are configured, and a connection to one of these devices is faulty. Use the sp command to check the status of the semipermanent connection.
Page 403: System Messages
YSTEM ESSAGES VERVIEW System Messages provide useful system information. They are listed in the system’s report log, a memory resident table. To manipulate the report log, use the following commands at the administrative console: dr or ds display reports or display statistics er or es erase current messages/statistics from memory wr or ws...
Page 404: Boot Messages
USER’S GUIDE ESSAGES The system boot is accomplished in two stages: a first stage boot and a second stage boot (FSB and SSB). If the FSB or SSB detects an error, the system’s service LED will light. The first bank of LEDs will blink in a pattern, as described in the LED Indicators chapter.
Page 405: Spanning Tree Messages
YSTEM ESSAGES Warning Messages PANNING ESSAGES The Spanning Tree protocol is only supported by the Ethernet-2 interface card. Spanning Tree protocol messages are prefaced with [STP]. During normal operation, when Spanning Tree protocol is enabled, the system may report informational messages such as: [STP] A new Root Bridge has been detected [STP] LAN Port <port #>...
Page 406 USER’S GUIDE 1 port LAN Adapter, operating in remote mode only This is an initialization message. It identifies the Ethernet adapter type (Ethernet-1), and operating mode. Remote bridging is supported. 2 port LAN Adapter, operating in local and remote mode This is an initialization message.
Page 407 YSTEM ESSAGES System Message Summary AppleTalk routing RTMP initialization error, AppleTalk disabled AppleTalk is disabled because there is an initialization problem with the Routing Table Maintenance Protocol (RTMP). Contact your distributor or Customer Support. AppleTalk routing ZIP initialization error, AppleTalk disabled AppleTalk is disabled because there is an initialization problem with the Zone Information Protocol (ZIP).
Page 408 USER’S GUIDE [AUTH] ACE Encryption configured for DES: not supported. The ACE server is configured for DES encryption. Only SDI encryption is currently supported by the ACE client. [AUTH] ACE Error receiving server log message acknowledgment. A client syntax error occurred during an authentication attempt via ACE. The server did not respond to the logging of the message.
Page 409 YSTEM ESSAGES System Message Summary [AUTH] RADIUS IP HOST rejected IP Host id: <IP host Id> The remote Authentication server rejected the IP Host id. This indicates that one of the following has occurred: The <IP Host Id> is not in the remote Authentication server’s database. The <IP Host Id>...
Page 410 USER’S GUIDE [AUTH] TACACS LOGIN rejected user: <user name> The remote Authentication server rejected the named user. This indicates that one of the following has occurred: The <user name> is not in the remote Authentication server’s database. The <user name> is entered incorrectly in the remote Authentication server’s database. [AUTH] TACACS No server configured for designated database location.
Page 411 YSTEM ESSAGES System Message Summary [AUTH] Warning code: 0010 Received unexpected authentication response code from server A message was received from an authentication server that contained an invalid response message identifier. [AUTH] Warning code: 0011 An unexpected server responded to the access request An access response message was received from an authentication server that is not configured in the System.
Page 412 USER’S GUIDE Bridge is operating in RESTRICTED mode Bridge is operating in UNRESTRICTED mode One of the above messages will be displayed to indicate the configured Bridge mode of operation. Calculating CRC’s..An X-Modem transfer has been completed and the received data is being checked for integrity. Call control detected near end problem - Slot=<slot # >...
Page 413 YSTEM ESSAGES System Message Summary Call Restriction statistics reset for new day Call Restriction device information. Call Restriction statistics reset for new month Call Restriction device information. Call Restrictions will allow calls to be made this hour Call Restriction device information. Call Restrictions will allow calls, but this hour is restricted Calls are restricted during this hour but the action configured is to “Warn”.
Page 414 USER’S GUIDE Capability description processing error - <caperror>. System is in minimal configuration mode. A problem has occurred during system installation. The <caperror> will further identify the problem: • File not found • Could not open file • File already exists •...
Page 415 YSTEM ESSAGES System Message Summary Cause <cause code> received for DLCI <dlci index> A CLLM message was received indicating that the PVC associated with the indicated DLCI is subject to the event denoted by the indicated cause code. These events are listed below with their corresponding cause code: Cause Code Event...
Page 416 USER’S GUIDE CHANNEL in use in HOST_CALL_REQUEST The system software sent a message to the RBS state machine that the state machine was unable to recognize or the information was incorrect. If this message is displayed in the log messages, contact your Distributor or Customer Support.
Page 417 YSTEM ESSAGES System Message Summary CNTR-TMR:Timed out waiting for TMR <number> interrupt! The i386s specified timer did not respond during a POST testing its interrupt capabilities. The boot process should continue; however, make note of the error message in the event of a future problem. Configured adapter # ’x’...
Page 418 USER’S GUIDE Dedicated connection down: <slot # , port # > The dedicated connection is down. Switched backup connections will be used, if available. This message will occur if the other system is down, or if the network interface line is not connected, or if the authentication of the remote device failed.
Page 419 YSTEM ESSAGES System Message Summary [DHCP-P] Proxy Client disabled This message indicates that the DHCP Proxy Client has been successfully disabled. This message will appear after the DHCP Proxy Client has been disabled from Manage Mode. [DHCP-P] Proxy Client enabled This message will appear whenever the DHCP Proxy Client has been successfully enabled.
Page 420 USER’S GUIDE [DHCP-R] Relay Agent enabled The DHCP Relay Agent has been successfully enabled. This could be during system initialization (if configuration values have enabled it), or after the DHCP Relay Agent has been enabled from Manage Mode. [DHCP-R] Relay Agent initialization failed This message indicates that the DHCP Relay Agent did not initialize successfully.
Page 421 YSTEM ESSAGES System Message Summary DM card in slot <slot # > is not functional The system was unable to initialize the Digital Modem in the specified slot correctly. Check all switch and/or jumper settings on the board to ensure they match the values in CFGEDIT. If the board is configured properly, and this message still appears, contact your Distributor or Customer Support.
Page 422 USER’S GUIDE DM upgrade success. Board=<board # >, Modem=<modem # > The system has successfully updated the firmware of the specified modem on the Digital Modem card. DM: TimeSlot driver circuit id already in use on CREATE DM: No TimeSlot driver circuits available for CREATE DM: TimeSlot driver circuit id not in use on REMOVE DM: TimeSlot driver circuit id not found on REMOVE There were problems related to the Digital Modem’s use of the TDM bus.
Page 423 YSTEM ESSAGES System Message Summary EDS-DES Board Absent EDS-FEAL Board Absent The encryption board is either physically not in the backplane, or the dip switches on the board are set incorrectly. Check for the board; verify the switch settings. Error closing file ’s’ The WAN card initialization subsystem encountered an error while downloading a WAN card.
Page 424 USER’S GUIDE Error mapping WAN adapter # ’x’ into Host memory map The configured memory location of the indicated WAN card conflicts with another WAN card or device. Review the configuration for the indicated adapter. Error opening file <file name> Error opening file <file name>, section = <section name>...
Page 425 YSTEM ESSAGES System Message Summary Error reading platform type: couldn’t open file C:\SYSTEM\PLATFORM.NEI Error reading platform type: error reading C:\SYSTEM\PLATFORM.NEI Error reading platform type: there is no “plat name” field Error reading platform type: there was no “=” in the string Error reading platform type: type value is too large Error reading platform type: type was not converted to an int There is a problem with the platform.nei file.
Page 426 USER’S GUIDE Failed to obtain Terminal info in smgr_proc_terminal_auth_sess 0 A session control block was not found for this authentication session. Contact your Distributor or Customer Support. Failed to start a Terminal Auth session. Device + User level Security not enabled A terminal mode connection was received and Device + User level security was not enabled.
Page 427 YSTEM ESSAGES System Message Summary DM rcvd The Network will not allow establishment of the data link at this time. An attempt will be made to re-establish the data link after a switchtype dependent delay. MDL_ERR_RESP rcvd The Network has not responded to TEI requests - no data link was established. An attempt will be made to re-establish the data link after a switchtype dependent delay.
Page 428 USER’S GUIDE The Network sent a Layer 2 frame with a control field error. This is typically an unimplemented frame. The Network sent a Layer 2 frame with an illegal Info field. The Network sent a Layer 2 frame with an incorrect length. The Network sent a Layer 2 frame that was too long.
Page 429 YSTEM ESSAGES System Message Summary Frame Relay PVC connection down: Slot=<slot number>, Port=<port number> The Frame Relay PVC connection is down for the indicated slot and port number. Frame Relay PVC connection up: Slot=<slot number>, Port=<port number>, DLCI=<DLCI index> The Frame Relay PVC connection is up for the indicated slot, port, and DLCI index. FrBufFree: error <error code>...
Page 430 USER’S GUIDE Invalid CLLM received on Access <access index> An invalid CLLM message was received on the indicated Frame Relay Access. The message had either missing elements or invalid contents. Invalid LAN Adapter identifier The system has detected invalid LAN adapter hardware. Check for proper LAN adapter configuration and hardware installation.
Page 431 YSTEM ESSAGES System Message Summary [IPAP] ResMem returned invalid device maximum value (x) A memory allocation failure was encountered by the IP Address Pool Manager during initialization processing. Contact your Distributor or Customer Support. [IP] Cannot get system memory for xxxx There is not enough system memory available for IP software to operate (“xxxx”...
Page 432 USER’S GUIDE [IP] Invalid RLAN IP Address <IP address>, RLAN IP Stream Closed The connection from a HDLC Bridge or a PPP device came up and the IP (sub-) network number configured for it is invalid; it does not belong to any of the WAN (RLAN) interfaces. Correct the IP address for the remote device.
Page 433 YSTEM ESSAGES System Message Summary [IP] WAN (Direct Host) Interface <WAN interface name>, invalid associated LAN interface <LAN interface name> The WAN (Direct Host) type interface could not come up; the associated LAN network interface, specified by configuration, was not found. Use CFGEDIT to delete old WAN (Direct Host) interface.
Page 434 USER’S GUIDE [IP Host] Security Rejection - Invalid Security ID <Id string> The system has received an IP Host Id, <Id string>, from a remote device that is not configured in the Device List. The system has rejected the incoming call. Verify that the IP Host ID in the Device List information is identical to the IP Host Id configured in the remote device.
Page 435 YSTEM ESSAGES System Message Summary [IP RIP] Unable to open RIP/UDP port 520 The UDP port for RIP was unable to be opened. There are 63 possible UDP ports, and none are available for use at this time. No RIP information can be transmitted or received. Contact your Distributor or Customer Support.
Page 436 USER’S GUIDE [IPX RIP] Shutdown complete. The IPX RIP protocol was successfully shutdown via Dynamic Management. No IPX RIP routing information will be transmitted or received. Any routes learned via IPX RIP will soon expire. [IPX RIP] Space available in routing table A route entry has become available in the full route table.
Page 437 YSTEM ESSAGES System Message Summary L3_CallRefSelect Call Reference wrapped Status message indicating that Layer 3’s call reference value has wrapped. If this message is posted frequently, report the problem. LAN Adapter Abort The Ethernet adapter or subsystem is being interrupted as part of the error recovery process. If the system fails to operate normally, or the warning continues to occur, then report the event using the problem reporting form included in Getting Assistance.
Page 438 USER’S GUIDE LAN Adapter out of receive buffers for the WAN port The LAN adapter is temporarily out of the buffers it uses to receive packets from the WAN port. This condition should clear itself. If the condition persists, contact your Distributor or Customer Support.
Page 439 YSTEM ESSAGES System Message Summary LAN Port <port # > detected shorted LAN media The system detected a problem with the physical LAN on the indicated port. The LAN is not properly terminated or the LAN is not fully connected to the system. Check for proper LAN installation.
Page 440 USER’S GUIDE Manage Mode updates have been successfully committed The above message indicates that the Dynamic Management commit command was successfully completed. Manual intervention required: please replace LAN card Older versions of the Ethernet adapter may need to be updated or replaced to run Release 2.3 or greater.
Page 441 YSTEM ESSAGES System Message Summary Mismatch of configured and installed DM card in slot <slot # > The switch and/or jumper settings on the specified Digital Modem card are not properly set to match how the card is configured in software. Check the hardware and software configuration and restart.
Page 442 USER’S GUIDE Network sent Cause - SPID not supported - <slot # , port # > The indicated line does not support SPIDs; however, a SPID is configured for use on the line. Is the SPID configured incorrectly? Do you have the right switch type? Check the configuration. If the message persists, contact your BRI provider to determine corrective action.
Page 443 YSTEM ESSAGES System Message Summary Not enough memory for Security module Not enough system memory available to operate security module. Contact your Distributor or Customer Support. No UA seen in response to SABMEs - Slot=<slot # > Port=<port # > Ces=<communication endpoint suffix> Layer 2 cannot be established between the system and the switch.
Page 444 USER’S GUIDE Out Svc # <slot # , port # > ISDN line failure. The line connected to the indicated slot and port is out of service for the reason indicated by # . 1 = No layer 1 sync for 5 seconds This problem normally occurs due to WAN cabling problems.
Page 445 YSTEM ESSAGES System Message Summary [PAP] Remote device rejected System Information <error message> The system received the PAP Authenticate-Nak packet with the error message <error message> against the previous PAP Authenticate-Request sent by the system. The <error message> is from the remote device, and is device-specific.
Page 446 USER’S GUIDE PVC for DLCI <dlci index> not ACTIVE A frame was received on the PVC associated with the indicated DLCI which was not active. This is a temporary condition, and results from an asynchronous operation between the network and customer-premise equipment regarding the state of the individual PVCs.
Page 447 YSTEM ESSAGES System Message Summary system to start dialing. Contact the telephone company and ensure that the line is configured for wink-start. RBS: Unexpected event chan = <channel # >, state = <state ID> An illegal signaling event occurred in the RBS task on the specified channel. Ensure that the line is configured correctly and that it is using the expected RBS protocol.
Page 448 USER’S GUIDE Resmem_gettotal: Enabled size <size>, greater than Checksize <size> for <sub name> Internal error that should be reported to Customer Support. ResMem_Malloc failure for subsystem <sub name> (size=<size>, type=<type>, class=<class>, ra=<hex return address>) ResMem_Malloc Size <size> too large for subsystem <sub name> (type=<type>, class=<class> ra=<hex return address>) ResMem_Malloc Device not registered (ra=<hex return address>) ResMem_Obtainable Device not registered (ra=<hex return address>)
Page 449 YSTEM ESSAGES System Message Summary Security Rejection - No Password given by caller A properly formed Bridge Security negotiation packet was received, and the bridge is registered in the system Device Table, but a password is required and none was provided by the calling bridge. Check configuration.
Page 450 USER’S GUIDE Semipermanent. Device "x" reconnected by admin. The administrator has issued the call device <device name> command after issuing the disc device <device name> command. This restarts the semipermanent feature for the indicated device. Severe congestion CLLM received for DLCI <dlci index> A CLLM message was received indicating severe congestion may be expected on the PVC associated with the indicated DLCI.
Page 451 YSTEM ESSAGES System Message Summary SPID FSM got unidentifiable INFO msg - Slot=<slot # > Port=<port # > Ces=<communication endpoint suffix> An unexpected information message was received from the network on the indicated line. If you are having trouble establishing calls on this line, the problem should be reported to your phone company.
Page 452 USER’S GUIDE SSB: Post 28 i960lan_82596sx FAILURE The i960 failed its LAN Coprocessor test. The boot process should continue; however, make note of the error message in the event of a future problem. SSB: Post 29 i960lan_82503 FAILURE The i960 failed its LAN transceiver test. The boot process should continue; however, make note of the error message in the event of a future problem.
Page 453 YSTEM ESSAGES System Message Summary [STP] A BLAN Topology Change has been detected The system has detected a topology change in the Spanning Tree environment. [STP] A new Root Bridge has been detected The system has detected a new root bridge for the Spanning Tree environment. [STP] LAN Port <port # >...
Page 454 USER’S GUIDE [TFTP] Data buffer allocated successfully All parts of the TFTP feature (both Server and Client) were successfully initialized. Note: The following “[TFTP] Local error...” messages generated during client operations will be displayed on the console only and will not be logged to disk. [TFTP] Local error # 2: Feature not initialized The TFTP feature was not initialized properly.
Page 455 YSTEM ESSAGES System Message Summary [TFTP] Local error # 13: Received unexpected opcode <filename> The TFTP protocol received a packet that was not expected. There may be a problem with the specified file; try replacing it. If this message appears consistently, contact your Distributor or Customer Support.
Page 456 USER’S GUIDE [TFTP] Remote error # 0: (Text from Remote Host) Undefined error. The accompanying text (if any) should describe the error. The file being transferred may be corrupted. [TFTP] Remote error # 1: (Text from Remote Host) The REMOTE HOST could not find the file specified on its system. No file transfer will be attempted.
Page 457 YSTEM ESSAGES System Message Summary The call is allowed to continue A call has been up longer than the amount of time configured, but it has not been taken down. The compression subsystem is not enabled Check CFGEDIT; verify that compression is enabled. The conformance selection is prior to CCITT 1988 Verify that the facilities provided by the service provider are CCITT 1988.
Page 458 USER’S GUIDE Transmit rate increased to <transmit rate>: Access <access index>, DLCI <dlci index> The effective transmit rate has been increased to the indicated rate for the indicated DLCI under the indicated access. Transmit rate reduced to CIR <transmit rate>: Access <access index>, DLCI <dlci index> The effective transmit rate has been limited to the Committed Information Rate which is the rate for the indicated DLCI under the indicated access.
Page 459 YSTEM ESSAGES System Message Summary Unable to Identify a remote device A device that was not identified by any active security measures (for example, PAP or CHAP) was rejected. Unable to Identify a remote device - <calling line id A device that was not identified by any active security measures (for example, PAP or CHAP) was rejected and is identified by its Calling Line Id.
Page 460 USER’S GUIDE Unexpected error during transmission of LMI frame A system error occurred during the actual transmit request for an LMI frame. Contact your Distributor or Customer Support. Unknown Calling Bridge <MAC address> MAC address security is enabled and the remote Combinet does not match any of the defined devices.
Page 461 YSTEM ESSAGES System Message Summary WAN: RBS Not Available on this card. A RBS debugging command was attempted on a PRI card that is not configured for RBS. Check the card configuration and ensure you have the proper type of card. Watchdog timeout detected on DM board in slot <slot # >...
Page 462 USER’S GUIDE X25 facilities error, reverse charging not accepted The reverse charging facility was selected by the DTE. Verify that reverse charging is enabled by both DTE’s and the service provider. X25 facilities error, fast select not available The fast select facility was selected by the DTE. Verify that fast select is enabled by both DTE’s and the service provider.
Page 463 YSTEM ESSAGES System Message Summary X25 facilities warning, NUI not available Network device identification not available. No action required. X25 permanent virtual circuit down: Access=<access index>, PVC=<PVC index>, LCN=<LCN> The indicated X.25 virtual circuit is down. Switched backup connections will be used, if available. This message will occur if the other system is down, or if the network interface line is not connected, or if the authentication of the remote device failed.
Page 464: Trace Messages
RACE ESSAGES VERVIEW Trace messages include the following categories of messages: Call Trace Messages IP Filter Trace Messages PPP Packet Trace Messages WAN FR_IETF Trace Messages X.25 Trace Messages X.25 (LAPB) Trace Messages Before trace messages can be logged to the system report log, you must first enable the type of trace you would like to use.
Page 465: Call Trace Messages
RACE ESSAGES Call Trace Messages RACE ESSAGES A feature of the CyberSWITCH console is the ability to save and display a record of the high level ISDN calls between the system and the local telephone switch. If calls are unable to be completed, this is normally the first area to look.
Page 466: Call Trace Message Summary
USER’S GUIDE RACE ESSAGE UMMARY Access information discarded cause Call trace message. This message is used to indicate additional details on the <cause value> received in the “call progress” information message. Alerting off Informational call trace message. The alerting signal information element is off. This indicates additional details on the <signal value>...
Page 467 RACE ESSAGES Call Trace Messages In - ABNORMAL RPT Call Id=<call Id> Slot=<slot # > Port=<port # > ConnId=<connect Id> Ces=<communication endpoint suffix> The system has detected an internal error condition. The <parameters> are included for your Distributor or Cabletron Customer Support. An error message describing the problem should be reported following this trace message.
Page 468 USER’S GUIDE In - DISCONNECT Call Id=<call Id> Slot=<slot # > Port=<port # > Loc=<location> Cause=<cause value> Ces=<communication endpoint suffix> ConnId=<connect Id> The system has received a disconnect message from the network. The Call Id and Ces values are for your Distributor or Cabletron Customer Support.
Page 469 RACE ESSAGES Call Trace Messages In - PROGRESS Call Id=<call Id> Slot=<slot # > Port=<port # > Chans=<bearer channel map> CauseLoc=<cause location> Cause=<cause value> Signal=<signal value> ProgLoc=<progress location> Prog=<progress value> Ces=<communication endpoint suffix> ConnId=<connect Id> The system has received a call progress message from the network. This is usually received in response to sending a call request.
Page 470 USER’S GUIDE Out - DL CFG Slot=<slot # > Port=<port # > Ces=<communication endpoint suffix> The system is initializing the indicated data link. Out - DSL CFG Slot=<slot # > Port=<port # > The system is initializing the indicated line. Out - init data link <slot # , port # , ces>...
Page 471: Ip Filters Trace Messages
RACE ESSAGES IP Filters Trace Messages IP F ILTERS RACE ESSAGES You can trace packets that are discarded as a result of IP Filters. Enable this feature by using the ip filter trace discard command, and disable it with ip filter trace off . Note that when you enable this feature, the report log has the potential of filling quickly.
Page 472: Ppp Packet Trace Messages
USER’S GUIDE PPP P ACKET RACE ESSAGES PPP Packet Trace allows you to display the PPP protocol negotiation that takes place when a link is established. This information is useful when diagnosing mismatches in configuration between two systems. PPP Packet Trace puts PPP packet information into the Report log, which can be accessed by using the dr command.
Page 473 RACE ESSAGES PPP Packet Trace Messages • Configure Request The Configure Request is used to indicate the options that are supported by this sending device. The Request contains an option list and the desired values if they are different from the default value. •...
Page 474: Wan Fr_Ietf Trace Messages
USER’S GUIDE • Echo Reply The Echo Reply is transmitted in response to an Echo Request. The Echo Reply packet contains the magic number of the sending device. Until the magic number option has been negotiated the value must be set to zero. •...
Page 475 RACE ESSAGES X.25 Trace Messages In - X25 CONNECTION CONFIRMATION ConnId=<connection Id> Access=<access index> RemDteAddr=<x121 address or protocol/route id> The system has received a connect message from the network. This indicates that a new call is now established. In - X25 CONNECTION INDICATION ConnId=<connection Id> Access=<access index > RemDteAddr=<x121 address or protocol/route id>...
Page 476 USER’S GUIDE Out - X25 Call Accept LCN <logical channel number>, <number of bytes> bytes The DTE is accepting an SVC call. Out - X25 Call Request LCN <logical channel number>, <number of bytes> bytes The DTE is attempting to place an SVC call. Out - X25 Clear Ind LCN <logical channel number>, <number of bytes>...
Page 477: Lapb) Trace Messages
RACE ESSAGES X.25 (LAPB) Trace Messages Out - X25 DTE RR LCN <logical channel number>, <number of bytes> bytes The DTE is acknowledging 1 or more data packets received from the DCE. Out - X25 Reset Ind LCN <logical channel number>, <number of bytes> bytes The DCE is resetting a virtual circuit.
Page 478 USER’S GUIDE In - LAPB SABME The DCE is resetting the link layer. In - LAPB UA The DCE is acknowledging a SABM or SABME from the DTE. Out - LAPB DISC The DTE link layer is going off-line. Out - LAPB DM The DTE is going off-line.
Page 479: System Maintenance
YSTEM AINTENANCE This grouping of information provides information to help you maintain your CyberSWITCH once it is operating. Note that the included system statistics information may also prove valuable in troubleshooting. We include the following chapters in the System Maintenance segment of the User’s Guide: •...
Page 480: Remote Management
EMOTE ANAGEMENT VERVIEW Once your system is initially configured (and thus assigned an IP address), you may use a variety of methods to remotely access and manage your system. This chapter describes many of these methods. For information on first-time access (either local or remote), refer to Accessing the CyberSWITCH.
Page 481: Usage Instructions
EMOTE ANAGEMENT AMP Out-of-Band Management • connect a modem to the CyberSWITCH (using the Console connection) • connect the modem to the analog line (use a standard PC modem RS232 cable for this, do not use the supplied cable) At the remote management site: •...
Page 482 USER’S GUIDE SNMP SITE.HQ Network Management Station ISDN SITE.2 SNMP: The NMS gathers information (including problem reports) from any CyberSWITCH SNMP (Simple Network Management Protocol) is a standard way of monitoring communication devices in IP networks. With SNMP, you purchase and then set up a Network Management Station (such as SPECTRUM®...
Page 483 EMOTE ANAGEMENT SNMP NSTALLATION AND ONFIGURATION SNMP has two basic components: the SNMP Agent, which is executed on the CyberSWITCH, and the Network Management Station (NMS), which you purchase separately for the environment. This section will describe how to install and configure the SNMP Agent. Refer to the specific NMS documentation for its installation instructions.
Page 484 USER’S GUIDE ELNET IN_A> LAN TEST Telnet Client LAN Test Passed IN_A> LAN TEST LAN Test Passed SITE HQ CSX150 CSX150 ISDN CSX150 Remote 1 SITE.2 Telnet is the standard way of providing remote login service. With Telnet, any user on the LAN or WAN executing a standard Telnet client program can remotely login to the CyberSWITCH and get an CyberSWITCH console session.
Page 485 EMOTE ANAGEMENT Telnet on the same subnetwork as the Telnet client on System 1’s LAN, a static route is needed to allow System 2 to communicate with devices on Network 1. Because the CyberSWITCH had no Telnet client capabilities in previous releases, the only way to fix the problem was to physically go to the remote site and add a static route.
Page 486 USER’S GUIDE IP address of the CyberSWITCH. You will then be presented with the “Enter Login id:” prompt. Now enter commands as if directly connected to the CyberSWITCH. When finished with the session, enter the exit command at the system prompt to end the session with the CyberSWITCH.
Page 487 EMOTE ANAGEMENT TFTP TFTP TFTP Client PC SITE HQ CSX1200 CSX1200 ISDN CSX1200 Remote 1 Remote 1 SITE.2 TFTP (Trivial File Transfer Protocol) is the standard way of providing file transfers between devices. With TFTP any WAN or LAN user executing a standard TFTP client program can transfer files to and from the CyberSWITCH.
Page 488 USER’S GUIDE The default file access for the GUEST user is “read” access to all files. The default file access for the ADMIN user is “read” access to the report and statistics files, and “read and write” access to all other files.
Page 489 EMOTE ANAGEMENT Remote Installation with USER2 USER2 EMOTE NSTALLATION WITH The CyberSWITCH is delivered with a default configuration. This default configuration includes a configured device, USER2. Advanced users may use the default configuration to perform the configuration of a remote CyberSWITCH. The network must be setup as illustrated below to take advantage of remote configuration through USER2.
Page 490 USER’S GUIDE If you are using an CyberSWITCH as your local ISDN device, you can either configure an outbound phone number for the CyberSWITCH site or use the call peer command to call the CyberSWITCH without configuring the phone number for the device explicitly. Modify the switch type and the line type (point-to-point or point-multipoint) to match your local ISDN line.
Page 491 YSTEM OMMANDS VERVIEW Two classes of system administration commands are available on the CyberSWITCH: guest commands and administrator commands. Guest commands provide current operational information only, and are available to all security levels. Administrator commands allows access to the complete system command set. The log-in to the system controls command access.
Page 492 USER’S GUIDE logout Terminates the administration session by logging-out the current administrator. You can start another session by using one of the two log-in commands outlined above. pswd Changes the password for the current access level (administrator or guest). Your password must be a 3 to 8 nonblank character string.
Page 493 YSTEM OMMANDS Accessing Dynamic Management autobaud This command notifies the boot device to check the baud rate. It prepares the boot device to recognize an imminent change. At this time, you should be prepared to set or change the baud rate in your communications package.
Page 494 USER’S GUIDE Displays the list of connected devices along with the data rate for each device. The output for this command contains the connection time for each device along with a detailed breakdown (per connection type) of channel usage and available data rates. If there is at least one device connected, the display will look as follows.
Page 495 YSTEM OMMANDS Viewing Operational Information number, and the operational status of each interface (up or down). This information can help to determine system problems by identifying those physical interfaces that are not operating as expected. Refer to the following example: [System Name]>...
Page 496 USER’S GUIDE RYING The system is attempting to call the device. Some connections may be up, but not at the initial data rate. status Displays initialization, current status, and connection information, as well as any errors that have been detected. led status Allows you to view a snapshot of LED information from a remote terminal.
Page 497 YSTEM OMMANDS Viewing Throughput Information connections available is less than that amount (33). This means that any of the following combinations of connections would be allowed: Physical Connections X.25 Frame Relay If there was enough memory for all connections, the connection table would reflect both potential and actual connections as the same number.
Page 498 USER’S GUIDE Throughput Monitor Wide Area Network Bandwidth Utilization to site sitename @ current bandwidth Kbps = UNDERLOAD BANDWIDTH = ACTUAL BANDWIDTH UTILIZATION % of current bandwidth Samples Throughput Parameters Sample Rate (seconds): Overload: Trigger Window Utilization (%) 10 Underload: Trigger Window Idle:...
Page 499 YSTEM OMMANDS Saving Operational Information # 4. Example of three samples where actual bandwidth utilization was around 70% and underload was being monitored at around 25% utilization of current bandwidth. In this example, overload is occurring on all three samples. # 5.
Page 500 USER’S GUIDE ONFIGURATION ELATED OMMANDS The following commands provide configuration file information, and restore backup configuration files: Provides information on the status of system configuration changes. With Manage Mode and/ or CFGEDIT, you can make changes to the system configuration. (This, in turn, changes the .nei files.) If you do not commit these changes (Manage Mode) or restart your system (CFGEDIT), these changes do not become current.
Page 501 YSTEM OMMANDS Setting the Date and Time ETTING THE ATE AND The following commands are used to set the date and the time on the system: date <month, day, year> Changes the date on the system as specified. The <month> can be specified as a numeral from 1 to 12, spelled out in full (January), or abbreviated to 3 letters (JAN).
Page 502 USER’S GUIDE list <filename> [/c] [BIN] Displays an ASCII file - pausing after every 24 lines. If the “/c” option is used, pausing is disabled. If the BINary option is selected, the files will be displayed in UUENCODED format. del <filename> Deletes the specified file (assuming you have the appropriate access level to do so).
Page 503 YSTEM OMMANDS AppleTalk Routing Commands Note: If you have configured multiple admin login names on your off-node server, the login- id field will not distinguish between the various names. Use the sess-id field to help identify the different admin users. session kill <session id>...
Page 504 USER’S GUIDE atalk port This command will display AppleTalk port information. A sample output screen is shown below: Port 1 type: LAN state: UP address: 20.20 network range 20-21 flags: extended phase-2 soft-seed default zone: zone1 lan port: 1 physical address: 00409A001AB3 Port 2 type: WAN state: UP...
Page 505 YSTEM OMMANDS AppleTalk Routing Commands network range For a LAN port, this specifies the AppleTalk network range of the LAN segment to which the port is connected. For a WAN port, this specifies the AppleTalk network range of the logical segment to which the port is connected.
Page 506 USER’S GUIDE distance The number of AppleTalk routers that are traversed in order to reach the destination AppleTalk network. state The state of the route. Possible values are: good - This indicates that this is a valid route. bad - This indicates that the indicated router has not been heard from in a while; it has timed out.
Page 507 YSTEM OMMANDS Bridge Commands atalk zone This command will display AppleTalk zone information. A sample output screen is shown below: zone network range ------------------ ------------- zone1 225 - 226 zone2 236 - 237 The fields in this display are defined as follows: zone The AppleTalk zone name for the network that the AppleTalk port is connected to.
Page 508 USER’S GUIDE The TYPE field is Ethernet type field of the LAN frame. This hexadecimal field represents the protocol identifier for an Ethernet formatted frame. For an 802.3 formatted frame, it is the length of the data unit. The COUNT field is the number of frames transferred for that destination address, source address, and Ethernet type combination.
Page 509 YSTEM OMMANDS Call Control Commands <device name> could not be found in the Device Table Indicates that the device name could not be found in the table of configured device names. <device name> is already connected Indicates that a connection to a device can not be initiated if there is already a connection to that device.
Page 510 USER’S GUIDE bearer This field applies only to Digital Modem calls. The valid values are: • SPEECH (the default if no bearer type is specified) • 3.1KHZ The call peer command allows you to make a connection with another device. For example, to call a site with the configured phone number of 13135552222 and a data rate of 64Kbps, you would enter call peer 13135552222 64.
Page 511 YSTEM OMMANDS Call Detail Recording Commands disc device <device name> Disconnects all calls to the specified device. To obtain the device name, enter the Manage Mode and issue the device command. Note that the device name is case sensitive. In response to the disc device command, one of the following responses will be displayed: Disconnecting <device name>...
Page 512 USER’S GUIDE cdr verify Generates a sample message to all servers that have been configured for CDR. A message similar to the following will be displayed: <system name> CDR VERIFY 1 of 1 Refer to Log Commands for the commands that will allow you to display or erase CDR log reports. ESTRICTION OMMANDS When the Call Restriction feature is enabled on the CyberSWITCH, the following command is...
Page 513: Small Office Remote Access Switch
YSTEM OMMANDS Frame Relay Commands ip addrpool Displays the current IP address pool. Refer to the ip addrpool command description under IP Routing Commands. RAME ELAY OMMANDS The following commands are used to display information concerning both the status and traffic statistics of a particular frame relay connection.
Page 514 USER’S GUIDE LMI State The condition of the LMI link. Possible settings for this item are WAIT FULL STATUS (S1), WAIT T391 TIMEOUT (S2), and WAIT LIV STATUS (S3). The possible settings are defined as follows: WAIT FULL STATUS The LMI state entered when the local frame relay software has transmitted a STATUS ENQUIRY message requesting a FULL REPORT STATUS message.
Page 515 YSTEM OMMANDS IP Routing Commands fr cong Displays the congestion control information for the last 32 Rate Measurement Intervals for the currently selected access and DLCI. It is provided mainly for debug support of frame relay PVCs in order to monitor PVC usage. IP R OUTING OMMANDS...
Page 516 USER’S GUIDE always displayed on one line. If the IP protocol is one of the explicitly recognized values (ICMP, UDP, TCP) the next line will contain a decode of the key fields of that protocol. Disables the trace. ip ping <host IP address> [timeout /dnnnn] Sends an ICMP Echo message to a specified host.
Page 517 YSTEM OMMANDS IP Routing Commands ip rip routes Displays information pertaining to the routing table(s) that are maintained by the IP RIP protocol. The following example screen illustrates the output from this command. Following the table is an explanation of the fields displayed for each route. [System Name]>...
Page 518 USER’S GUIDE ip rip send Used to send the IP RIP update messages to a particular interface on demand. The example screen below demonstrates how you use this command. [System Name]> ip rip send 2.2.2.2 Sending IP RIP Update Message to Network 2.0.0.0 ip rip stats Displays global RIP statistics and also statistics for each configured RIP interface.
Page 519 YSTEM OMMANDS IPX Routing Commands ip route <IP address> Displays the routing information for the indicated device. The meaning of each displayed field for a route entry is included in the above ip route command explanation. ip stats Displays the current IP related statistics. Refer to Statistics, for a list of available statistics and their definitions.
Page 520 USER’S GUIDE Optional parameter that indicates the number of seconds to wait for a reply. The valid range for the time out value is 1 to 60 seconds. The default value is 10. Note: The ipx diag and the ipx ping commands both test device connectivity (although both send back different types of responses).
Page 521 YSTEM OMMANDS ISDN Usage Commands ipx stats Displays the IPX statistics. Refer to IPX General Statistics, for a list of available statistics and their definitions. ipx trigreq [device] Generates a triggered RIP/SAP update request to the specified device. You may use this command to initiate an update request to synchronize with the routing database of a particular WAN device.
Page 522 USER’S GUIDE LAN C OMMANDS The following commands are used to display current system LAN diagnostic information: lan stats Displays the current LAN packet forwarding statistics, including the number of frames received and transmitted from LAN and WAN connections. Refer to Statistics, for a list of available statistics and their definitions.
Page 523 YSTEM OMMANDS Packet Capture Commands pkt capture [all/idle/reqd/pend/actv/none] Specifies which packets will be captured by the Packet Capture feature. A definition of each possible parameter follows. All packets will be captured. none No packets will be captured. reqd Only packets causing a connection to be requested will be captured. pend Only packets received while a requested connection is pending will be captured.
Page 524 USER’S GUIDE The following is an example pkt display screen: Time(mSEC) Len Dest Addr Source Addr Type Conn 0001 0000000000 0064 00004440259C 02608C4C0EAD 8137 PEND 0002 0000000000 0064 00004440259C 02608C4C0EAD 8137 PEND 0003 0000000000 0064 00AA00302D25 02608C4C0EAD 8137 PEND 0004 0000000000 0064 00AA00302D25 02608C4C0EAD 8137 PEND 0005 0000001980 0064 00004440259C...
Page 525 YSTEM OMMANDS Packet Capture Commands Banyan Vines Packet Detail Screen (Bridged Packet) Packet Number Received at Time Packet Length 0021 0000022190 mSEC 0060 Destination Address Source Address FFFFFFFFFFFF 02608C9BED38 EtherNet Type is 0BAD, VINES IP Check Sum Packet Length Protocol Type D75D 0x001A 04, ARP...
Page 526 USER’S GUIDE RADIUS C OMMANDS The following console commands may be used to diagnose problems with: • connections to the off-node RADIUS authentication server • CyberSWITCH configuration • authentication server device database entries radius chap Attempts an authentication session using CHAP. The following is an example display of the screen.
Page 527 YSTEM OMMANDS RADIUS Commands radius ipres Attempts an authentication session using the IP resolution. The following is an example display of the screen. [System Name]>radius ipres IP Address of the Host logging in (<RET> to abort)? 19.63.4.5 Send Radius Authentication Request... Please wait [AUTH] Warning code: 0001 Timeout.
Page 528 USER’S GUIDE SNMP C OMMANDS When the SNMP Agent is enabled on the CyberSWITCH, the following command is available: snmp stats Displays the current SNMP related statistics. Refer to SNMP Statistics, for a list of available statistics and their definitions. TCP C OMMANDS TCP (Transmit Control Protocol) provides a connection-oriented reliable communication for...
Page 529 YSTEM OMMANDS Telnet Commands telnet ? Displays the help screen for the telnet command. The help screen provides the syntax for the command described below. telnet <ip-address> [port number] Begins a Telnet session for the Telnet host at the indicated IP address. The port number is an optional parameter that can be used to specify the destination port number.
Page 530 USER’S GUIDE The possible send parameters are defined as follows: send ayt The send ayt command sends the Telnet command function for “Are You There?” to the target host. This can be used to determine whether or not the target host is still responding. The target host is not required to respond to “are you there?"...
Page 531 YSTEM OMMANDS Terminal Commands • <CTRL><char>, where <char> is in the range of ASCII 'A' to ASCII '_' • <CTRL><char>, where <char> is in the range of ASCII 'a' to ASCII 'z' (note that lower case letters are converted to upper case before they are used) •...
Page 532 USER’S GUIDE TFTP C OMMANDS The TFTP feature and its commands are only available when IP routing is enabled. The TFTP feature and file access are enabled by default when the system software is installed. Using the Manage Mode, configuration changes may be made that will limit file access. The following TFTP commands are available: tftp get Allows you to perform the “TFTP GET”...
Page 533 YSTEM OMMANDS Trace Commands session information for a TFTP session that has terminated. The screen below illustrates the use of this command. > TFTP SESSION Id Sess-Id Local file Type/Mode Bytes Xmit Retries ---------------------------------------------------------- 5 temp.txt Client/Put 12752 6 tmp Server/Get 7 text.txt Server/Put...
Page 534 USER’S GUIDE trace x25 [on/off] Enables or disables the X.25 packet tracing option. This feature displays up to 15 octets of the packet. To display the log file, issue the dr console command. This option is initially disabled. wan fr-ietf trace [on/off] [in/out] [device/fr_accessname_dlci] [prot] Enables or disables the tracing of incoming and out going frame relay IETF packets.
Page 535 YSTEM OMMANDS WAN Commands sentry ace Attempts an authentication session using ACE. The system will report whether the authentication attempted was successful or rejected. WAN C OMMANDS The following commands are used to display current system WAN diagnostic information: wan fr-ietf stats [device/fr_accessname_dlci] [prot] Displays the current frame relay IETF related statistics.
Page 536 USER’S GUIDE x25 a <access name> The “a” option will set the access name specified by <access name> as the default access for subsequent commands entered without an explicit access specifier. This access name will remain the current access, until it is changed through issuing another x25 a <access name> command.
Page 537 YSTEM TATISTICS VERVIEW Statistics can either be generated by issuing the ds command to display the set of statistics known as the System Statistics, or by issuing a specific command to display statistics in a specific category. In addition to using the ds command to display the system statistics, they are also automatically written to a statistics log every 30 minutes.
Page 538 USER’S GUIDE ESTRICTION TATISTICS The system keeps a tally of the following Call Restriction statistics. These statistics can be compared to the limits you have configured. These statistics can be displayed by issuing the cr stats or the ds command at the administration console. call minutes (day) The total call minutes that have been logged for the day.
Page 539 YSTEM TATISTICS AppleTalk Statistics PPLE TATISTICS You may display AppleTalk protocol statistics (subdivided into six subgroups) and AppleTalk port statistics. You can display all six subgroups of the AppleTalk protocol statistics by issuing the atalk stats command, or you can display the individual subgroups by adding an extra variable to the atalk stats command.
Page 540 USER’S GUIDE ddpTooShortErrors The total number of input DDP datagrams dropped because the received data length was less than the data length specified in the DDP header or the received data length was less than the length of the expected DDP header. ddpTooLongErrors The total number of input DDP datagrams dropped because they exceeded the maximum DDP datagram size.
Page 541 YSTEM TATISTICS AppleTalk Statistics atechoInReplies The count of AppleTalk Echo replies received. (RTMP) S PPLE OUTING ABLE AINTENANCE ROTOCOL TATISTICS You can display this subgroup of AppleTalk statistics by issuing the atalk stats rtmp console command. rtmpInDataPkts A count of the number of good RTMP data packets received by this system. rtmpOutDataPkts A count of the number of RTMP packets sent by this system.
Page 542 USER’S GUIDE zip ZoneConflctErrors The number of times a conflict has been detected between this entity’s zone information and another system’s zone information. zipInObsoletes The number of ZIP Takedown or ZIP Bringup packets received by this system. Note that as the ZIP Takedown and ZIP Bringup packets have been obsoleted, the receipt of one of these packets indicates that a node sent it in error.
Page 543 YSTEM TATISTICS AppleTalk Statistics atpRetryCntExceeds The number of times the retry count was exceeded, and an error was returned to the client of ATP. PPLE TATISTICS You can display the AppleTalk port statistics by issuing the atalk port stats console command.
Page 544 USER’S GUIDE RIDGE TATISTICS The system collects bridge statistics for each LAN port and for WAN connections. These bridge statistics include information on the number of frames received, forwarded, discarded or transmitted. If the system is configured for two LAN ports, there is a line of counters for each LAN port.
Page 545 YSTEM TATISTICS Compression Statistics OMPRESSION TATISTICS The system collects the following compression statistics for each active compression connection. These statistics can be displayed by issuing the cmp stats or the cmp stats <device name> command at the administration console. The cmp stats command will display the compression statistics for all active connections.
Page 546 USER’S GUIDE peer sent resets The number of decompression resets sent from peer devices. system sent resets The number of decompression resets sent from the System. dropped pkts The number of dropped packets that could not be queued. fcs errors The number of frame checksum errors.
Page 547 YSTEM TATISTICS DHCP Statistics DHCP R ELAY GENT TATISTICS BOOTREQUEST msgs rcvd Incremented whenever the system identifies a UDP datagram as a DHCP/BOOTP BOOTREQUEST message. This datagram has passed the initial consistency checks. BOOTREQUEST msgs rlyd Incremented whenever the system has successfully “relayed” a BOOTREQUEST message to a configured destination (i.e., another Relay Agent, or a DHCP/BOOTP server).
Page 548 USER’S GUIDE BOOTREPLY bad ’giaddr’: Number of DHCP/BOOTP BOOTREPLY messages that were discarded by the DHCP Relay Agent because the ’giaddr’ (gateway IP address) field could not be mapped to one of the system’s IP network interfaces. BOOTREPLY arp_add0 fail Number of times that the DHCP/BOOTP Relay Agent failed to add a client’s IP address/hardware address pair to the ARP table.
Page 549 YSTEM TATISTICS Frame Relay Statistics DHCPNAKs rcvd Incremented whenever the DHCP Proxy Client has received a DHCPNAK message from a DHCP server. Invalid DHCP pkts rcvd Incremented whenever the DHCP Proxy Client encounters a DHCP message that is invalid due to either of the following: •...
Page 550 USER’S GUIDE # Line Not Ready Count The number of times the physical link underlying the Frame Relay Access has become unusable. # Frames Received The total number of frames received on the Frame Relay Access. This is the sum of the number of frames received on each PVC associated with this access.
Page 551 YSTEM TATISTICS Frame Relay Statistics # NEW & Existing PVC The number of times a NEW PVC was indicated by a LMI STATUS message—but the frame relay software believed the PVC already existed. # PVC Not Configured The number of times a frame was received containing an unknown DLCI value, and hence, an unconfigured PVC.
Page 552 USER’S GUIDE # Bytes received The total number of bytes received on the PVC. # Frames sent The total number of frames sent on the PVC. # Bytes sent The total number of bytes sent on the PVC. # Flow Control Events The number of times the PVC was congested due to busy transmit hardware.
Page 553 YSTEM TATISTICS IP Statistics IP S TATISTICS You can access IP statistics by using the ip stats console command. These statistics are parts of the IP Group and the ICMP Group MIB variables that are defined in RFC-1213:MIB-II. IP G ROUP TATISTICS ipForwarding...
Page 554 USER’S GUIDE ipOutRequests The total number of IP datagrams which local IP device-protocols (including ICMP) supplied to IP in requests for transmission. ipOutDiscards The number of output IP datagrams for which no problem was encountered that would prevent their transmission to their destination, but which were discarded (e.g., for lack of buffer space). Note that this counter would include datagrams counted in ipForwDatagrams if any such packets met this (discretionary) discard criterion.
Page 555 YSTEM TATISTICS IP Statistics icmpInDestUnreachs The number of ICMP Destination Unreachable messages received. icmpInTimeExcds The number of ICMP Time Exceeded messages received. icmpInParmProbs The number of ICMP Parameter Problem messages received. icmpInSrcQuenchs The number of ICMP Source Quench messages received. icmpInRedirects The number of ICMP Redirect messages received.
Page 556 USER’S GUIDE icmpOutSrcQuenchs The number of ICMP Source Quench messages sent. icmpOutRedirects The number of ICMP Redirect messages sent. For a host, this will always be zero, since hosts do not send redirects. icmpOutEchos The number of ICMP Echo (request) messages sent. icmpOutEchoReps The number of ICMP Echo Reply messages sent.
Page 557 YSTEM TATISTICS IPX Statistics ipxBasicSysInHdrErrors The number of IPX packets discarded due to errors in their headers, including any IPX packet with a size less than the minimum of 30 bytes. ipxBasicSysInUnknownSockets The number of IPX packets discarded because the destination socket was not open. ipxBasicSysInDiscards The number of IPX packets received but discarded due to reasons other than those accounted for by ipxBasicSysInHdrErrors, ipxBasicSysInUnknownSockets, ipxAdvSysInDiscards, and...
Page 558 USER’S GUIDE ipxAdvSysInTooManyHops The number of IPX packets discarded due to exceeding the maximum hop count. ipxAdvSysInFiltered The number of incoming IPX packets discarded due to filtering. ipxAdvSysInCompressDiscards The number of incoming IPX packets discarded due to decompression errors. ipxAdvSysNETBIOSPackets The number of NETBIOS packets received.
Page 559 YSTEM TATISTICS IPX Statistics IPX T RIP S RIGGERED TATISTICS You can access IPX triggered RIP statistics by using the ipx trigrip stats command. trigRipUpdateRequestsSent Number of triggered RIP update requests sent. trigRipUpdateRequestsRcvd Number of triggered RIP update requests received. trigRipUpdateResponsesSent Number of triggered RIP update responses sent.
Page 560 USER’S GUIDE IPX SAP S TATISTICS You can access IPX SAP statistics by using the ipx sap stats console command. sapInstance With the CyberSWITCH, the value of this statistic is always 1. With other products, this statistic is useful. Currently, it is not useful for the CyberSWITCH. sapIncorrectPackets The number of times incorrect SAP packets were received.
Page 561 YSTEM TATISTICS RIP Statistics Maximum Services Maximum number of services this router is configured to handle. Available Services Number of services currently available on this router. High Water Mark Peak number of services this router has used. RIP S TATISTICS You can access RIP statistics by using the ip rip stats console command.
Page 562 USER’S GUIDE IfStatSentResponses The number of RIP messages with ‘response’ command code sent on this interface. IfStatSentUpdates The number of triggered RIP updates actually sent on this interface. This explicitly does NOT include full updates sent containing new information. SNMP S TATISTICS If the SNMP Agent is enabled, you can access SNMP statistics by using the snmp stats command.
Page 563 YSTEM TATISTICS SNMP Statistics snmpInReadOnlys The total number of valid SNMP PDUs that were delivered to the SNMP Agent and for which the value of the error-status field is “readOnly”. It should be noted that it is a protocol error to generate an SNMP PDU that contains the value “readOnly”...
Page 564 USER’S GUIDE snmpOutGetRequests The total number of SNMP Get-Request PDUs that have been generated by the SNMP Agent. snmpOutGetNexts The total number of SNMP Get-Next PDUs that have been generated by the SNMP Agent. snmpOutSetRequests The total number of SNMP Set-Request PDUs that have been generated by the SNMP Agent. snmpOutGetResponses The total number of SNMP Get-Response PDUs that have been generated by the SNMP Agent.
Page 565 YSTEM TATISTICS TFTP Statistics tcpAttemptFails The number of times TCP connections have made a direct transition to the CLOSED state from either the SYN-SENT state or the SYN-RCVD state, plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN-RCVD state. tcpEstabResets The number of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSE-WAIT state.
Page 566 USER’S GUIDE Failed file gets Displays the count of failed gets. (Remote host failed to download a file from the local system.) Total bytes put Displays the total number of bytes successfully put. (Number of bytes uploaded to the local system by remote hosts.) Total bytes get Displays the total number of bytes successfully gotten.
Page 567 YSTEM TATISTICS UDP Statistics Data Packets Sent Displays the total number of Data Packets sent. Data Packets Received Displays the total number of Data Packets received. Error Packets Sent Displays the total number of Error Packets sent. Error Packets Received Displays the total number of Error Packets received.
Page 568 USER’S GUIDE WAN FR_IETF S TATISTICS You can access FR_IETF statistics by issuing the wan fr-ietf stats [device/ fr_accessname_dlci] [prot] console command. Protocol The line protocol of the packets transmitted or received. Frames Sent The number of frames sent for the indicated protocol. Octets Sent The number of octets sent for the indicated protocol.
Page 569 YSTEM TATISTICS X.25 Statistics connection request failure A counter that is incremented each time a connection is requested and no response has been received after a connection request failure period of time. rcv fail A counter that is incremented each time an incoming connection is accepted and no response has been received after a connection receive failure period of time.
Page 570 USER’S GUIDE # Normal Disconnect The number of SVC connections that terminated normally. # Abnrml Disconnect The number of VC connections that terminated due to LAPB problems. # Packets Sent count The number of X.25 data packets sent. # Packets Received The number of X.25 data packets received.
Page 571 YSTEM TATISTICS X.25 Statistics # Bytes Received The total number of data bytes received. X.25 V (VC) R IRTUAL IRCUIT ELATED TATISTICS You can access these statistics by issuing the x25 vc stats console command. The statistics displayed will be associated with the currently selected default VC. Access Name The name of the access on which this VC resides.
Page 572 OUTINE AINTENANCE VERVIEW The information in this chapter provides instructions for performing routing maintenance on the CyberSWITCH. The information falls into the following categories: • installing/upgrading system software • executing configuration changes • performing a configuration backup and restore • obtaining system custom information NSTALLING PGRADING...
Page 573 OUTINE AINTENANCE Configuration Backup and Restore changes are NOT dynamic. The changes are saved in a temporary copy of configuration data, and will not affect the current run-time operation of the system in any way. To terminate the session, return to the main CFGEDIT menu. Select the save changes option. Then press <RET>...
Page 574 PPENDICES The User’s Guide includes the following appendices: • System Worksheets We have designed a set of worksheets you can fill out before you begin your CyberSWITCH configuration. Once filled out, they will contain information you will need for the configuration process.
Page 575 YSTEM ORKSHEETS The worksheets included in this appendix will be helpful in configuring and managing your system. They capture important network information. To see examples of completed worksheets, refer to the Example Networks Guide. Worksheets included in this appendix are: Network Topology Worksheet.
Page 576 USER’S GUIDE ETWORK OPOLOGY CyberSWITCH...
Page 577 YSTEM ORKSHEETS System Details YSTEM ETAILS System Name: _____________________ PAP Password:_______________ CHAP Secret:___________________ ESOURCES Type Slot Switch type Synchronization type INES BRI Lines Name Slot Port Line type Call screen SPID Directory number Small Office Remote Access Switch...
Page 578 USER’S GUIDE CCESSES Dedicated Accesses Over ISDN: Line name Data rate Bearer Line Device tied to this channels protocol access 56 Kbps 64 Kbps 56 Kbps 64 Kbps 56 Kbps 64 Kbps 56 Kbps 64 Kbps Over Serial connection: Line name Clocking Data rate Line...
Page 579 YSTEM ORKSHEETS Device Information EVICE NFORMATION Device Name: _____________________________ Calling (ISDN, FR, etc.) Information X.25 Information Line Protocol Base Data Rate Initial Data Rate Max Data Rate Dial-Out Number(s) Authentication Information : Frame Relay Information PAP Password DLCI CHAP Secret IP Host ID Bridge Ethernet Address* Bridge Password*...
Page 580 USER’S GUIDE RIDGING AND OUTING NFORMATION RIDGING Bridging enabled disabled Mode of Operation restricted unrestricted Bridge Filters Bridge Dial Out/ Known Connect List IP R OUTING IP Routing enabled disabled Mode of Operation router IP host Network Interface Information Name IP address Mask Unnumbered WAN...
Page 581 YSTEM ORKSHEETS Bridging and Routing Information IP R OUTING CONTINUED Static Routes Destination network address Mask Next hop default? default? default? default? IPX R OUTING Routing Information IPX routing enabled disabled Internal network number Network Interface Information Name External network number Remote LAN Name External network number...
Page 582 USER’S GUIDE PPLE OUTING AppleTalk Routing/Port Information AppleTalk routing enabled disabled Name Port number Network type extended nonextended Netwk range/ number AppleTalk address Zone name(s) Name Network type extended extended extended nonextended nonextended nonextended Netwk range/ number AppleTalk address Zone name(s) Unnumbered WAN need don’t need...
Page 583 CFGEDIT M VERVIEW The following pages provide an outline of the CyberSWITCH CFGEDIT configuration utility. As you configure your system, you may find it helpful to use this outline as a map to help you navigate through CFGEDIT. Note: All options listed may not be available on your particular system. The availability of these options depends upon the platform and software you have ordered, as well as your configuration choices.
Page 584 USER’S GUIDE HYSICAL ESOURCES ESOURCES • Basic Rate switch type • T1/E1/PRI switch type synchronization • DES, FEAL INES • Name/Slot/Port/Framing/Line coding/Signalling/Line build out • Datalinks PPP: TEI negotiation PMP: Call Screen Method name subaddress telephone number CCESSES • Dedicated Data rate Bearers list Line protocol...
Page 585 CFGEDIT M Options Menu PTIONS RIDGING • Enable/Disable • Spanning Tree • Mode of Operation unrestricted, restricted • Bridge Filters protocol definition filters (source, destination, protocol, packet data) • Known Connect List IP R OUTING • Enable/Disable • IP Operating Mode (host/router) •...
Page 586 USER’S GUIDE • Routing Protocols IPX RIP, IPX SAP number table entries • IPX Static Routes RIP info number of ticks, hops next hop destination IPX number • Netware Static Services SAP info number of hops to service service IPX socket number service IPX node number service IPX network number service type...
Page 587 CFGEDIT M Options Menu ONTROL • Throughput Monitor • Call Interval • Monthly call charges • Call Restrictions • Device Profile • Bandwidth Reservation • Semipermanent Connection • VRA Manager for Call Control enable/disable TCP port number EFAULT ROTOCOL • Action Timeout •...
Page 588 USER’S GUIDE ECURITY ECURITY EVEL • No Security • Device Level Security • User Level Security • Device and User Level Security YSTEM PTIONS AND NFORMATION • System Options PAP password CHAP challenge Bridge MAC address IP Host ID Calling Line ID •...
Page 589 CFGEDIT M Security Menu Authentication PAP password CHAP secret outbound authentication user level authentication IP host ID bridge Ethernet calling line ID IP information IP address IP enable/disable make calls for IP data enable/disable calls for IPX data IPXWAN IPX routing none RIP/SAP trig RIP/SAP...
Page 590 USER’S GUIDE NODE ERVER NFORMATION • VRA Manager TCP port • RADIUS Primary Server Secondary Server Miscellaneous info number of retries time between retries • TACACS Primary Server Secondary Server Miscellaneous info number of retries time between retries packet format •...
Page 591 ETTING SSISTANCE EPORTING ROBLEMS For a fast response, please take the time to fill out the System Problem Report to inform us of any difficulties you have with our products. A copy of this report can be found at the end of this chapter.
Page 592 DATE: ______________ NUMBER OF PAGES INCLUDING THIS PAGE: ______ TO: CUSTOMER SERVICE FROM: ______________________________________ Cabletron Systems COMPANY:_______________________________________ (603) 332-9400 PHONE ADDRESS: ______________________________________ (603) 337-3075 FAX ______________________________________ PHONE: ______________________________________ FAX: ______________________________________ _____________________________________________________________________________________________ ABLETRON YSTEMS YSTEM ROBLEM EPORT OFTWARE Release: __________ Issue: __________ Version: ___________ ARDWARE Platform...
Page 593 DMINISTRATIVE ONSOLE OMMANDS ABLE The following table lists all system administration commands. Guest commands are identified in the command column. Command (GUEST) displays help screen autobaud notifies boot device to check baud rate atalk arp displays the AARP cache atalk ping <dnet>.<dnode> pings a specified device, where: {timeout/dnnn] dnet = destination network number (required)
Page 594 USER’S GUIDE Command cdr stats clear (GUEST) clears current call detail recording statistics cdr verify (GUEST) verifies call detail recording servers are configured provides information on changes to configuration files cfgedit starts the CFGEDIT configuration utility (GUEST) clears administration screen cmp stats displays the compression connection statistics for all active connections...
Page 595 DMINISTRATIVE ONSOLE OMMANDS ABLE Command (GUEST) displays system statistics erases current system messages in memory erases current system statistics in memory exit (GUEST) terminates a session flash reclaim searches the flashfile system for files marked as deleted, then reclaims space flash recover starts the remote upgrade perform only upon recommendation of Customer...
Page 596 USER’S GUIDE Command ip rip send forces an IP RIP update message to be sent ip rip stats displays IP RIP statistics ip route displays the current routing table ip route <IP address> displays the routing information for the indicated device ip stats displays or resets current IP related statistics ipconfig...
Page 597 DMINISTRATIVE ONSOLE OMMANDS ABLE Command list [file name] displays the indicated file useful for displaying Release Notes (“list rel_notes.txt”) log cdr display (GUEST) local log file only - displays the call detail recording log report log cdr erase (GUEST) local log file only - erases the call detail recording log report log cdr write (GUEST)
Page 598 USER’S GUIDE Command sentry radius attempts an authentication session using RADIUS sentry status displays current status of user level authentication servers sentry log logs rejection messages from the authentication server session displays the current active administration sessions session kill <session id> terminates the active session specified by the session id snmp stats displays current SNMP related statistics...
Page 599 DMINISTRATIVE ONSOLE OMMANDS ABLE Command trace lapb[on/off] enables or disables the packet tracing option for LAPB data link information trace ppp [on/off] enables or disables the tracing of ppp packets trace x25 [on/off] enables or disables the packet tracing option for X.25 connection information udp conns displays UDP connection status...
Page 600 USER’S GUIDE CyberSWITCH...
Page 601 ANAGE OMMANDS ABLE The following table displays the available Dynamic Management commands: Command displays ACE off-node server configuration ace change allows changes to the ACE off-node server configuration ace reinit reinitializes the CyberSWITCH ACE client admlogin [change] displays [or allows you to change] the current administrative session configuration information alarm displays the current enabled status of the call restriction alarm...
Page 602 USER’S GUIDE Command exit exits from Manage Mode and returns to the normal system command mode fileattr displays the current user file access rights (guest or admin) fileattr change allows the current file access rights configuration data to be changed help displays a list of the valid Manage Mode commands hwfilt...
Page 603 ANAGE OMMANDS ABLE Command ipxsap displays the current IPX SAP status (enabled or disabled) ipxsap [off/on] disables/enables IPX SAP ipxsvc displays current IPX service data ipxsvc [add/change/delete] adds/changes/deletes an IPX service ipxspoof allows you to configure system level spoofing data ipxt20 allows you to configure IPX type 20 information line...
Page 604 USER’S GUIDE Command snmp displays the current SNMP configuration data seclevel displays current security level semiperm allows you to add or delete device entries for semipermanent connections srcfilt [add/change/delete] adds/changes/deletes the a source address filter tacacs displays TACACS off-node server configuration tacacs change allows changes to the TACACS off-node server configuration...
Page 605 AUSE ODES ABLE The following table provides Q.931 cause codes and their corresponding meanings. Cause codes may appear in Call Trace Messages. Dec Value Hex Value Q.931 Cause valid cause code not yet received unallocated (unassigned number) Indicates that, although the ISDN number was presented in a valid format, it is not currently assigned to any destination equipment.
Page 606 USER’S GUIDE Dec Value Hex Value Q.931 Cause no answer from device (device alerted) Indicates that the destination has responded to the connection request but has failed to complete the connection within the prescribed time. Problem at remote end. call rejected Indicates that the destination was capable of accepting the call (was neither busy nor incompatible) but rejected the call for some reason.
Page 607 AUSE ODES ABLE Dec Value Hex Value Q.931 Cause no circuit/channel available Indicates that the connection could not be established because there was no appropriate channel available to handle the call. destination unattainable degraded service network (WAN) out of order Indicates that the destination could not be reached because the network was not functioning correctly and that the condition is expected to last for a relatively long time.
Page 608 USER’S GUIDE Dec Value Hex Value Q.931 Cause outgoing calls barred outgoing calls barred within CUG incoming calls barred incoming calls barred within CUG call waiting not subscribed bearer capability not authorized Indicates that the device has requested a bearer capability that the network is able to provide, but that the device is not authorized to use.
Page 609 AUSE ODES ABLE Dec Value Hex Value Q.931 Cause invalid call reference value Indicates that the remote equipment has received a call with a call reference that is not currently in use by the device-network interface. identified channel does not exist Indicates that the receiving equipment has been requested to use a channel that is not activated on the interface for calls.
Page 610 USER’S GUIDE Dec Value Hex Value Q.931 Cause message type non-existent or not implemented Indicates that the receiving equipment received a message that was not recognized either because the message type was invalid, or because the message type was valid but not supported. This is either a problem with the remote configuration or a problem with the local D-channel.
Page 611 AUSE ODES ABLE Dec Value Hex Value Q.931 Cause UNKNOWN Indicates that an event occurrent but that the network does not provide causes for the actions that it takes, therefore the precise nature of the event cannot be ascertained. This may, or may not, indicate the occurrence of an error.
Page 612 USER’S GUIDE autosense mode NDEX backup redundant configurations bandwidth 305, 308, 359 bandwidth reservation 165, 168 access request retries limitations accesses base data rate alternate accesses basic rate ISDN lines X.25 auto TEI accessing the CyberSWITCH line interface type B-channel ACE Authentication Server boot device commands alternate method of configuring...
Page 613: Small Office Remote Access Switch
64, 572 64, 67 CFGEDIT default 39, 572 files cfgedit packet types CHAP secret restoring CLID tools 66, 493 CFGEDIT cmp commands dynamic management commands congestion control 229, 235 administration services connection filters AppleTalk connections table bridging connectivity statistics call control console connections call detail recording using telnet...
Page 614 USER’S GUIDE DHCP filters commands See also bridging, dialout, IP filters diagnosis final condition example configurations flash commands in a bridge to bridge environment flattening (network) 79, 80 in a router to bridge environment forward incoming (POTS) 228, 234 proxy client forwarding filters proxy client verification fr commands...
Page 615 ip addrpool ipconfig ip commands IPCP 223, 233 IP filters address negotiation initiation applying filters ipfilt configuration elements ipnetif connection filters ipradius example iprip exception filter iproute forwarding filters ipx commands global ipx route stats ICMP configuration IPX routing network interfaces background information packet type configuration commands...
Page 616 USER’S GUIDE isolated mode maintenance 148, 278 make calls option 65, 493 manage known connect list 64, 66, 493, 573, 601 Manage Mode maximum data rate maximum retransmissions LAN adapter 494, 497 366, 372 problem diagnosis messages verification messages boot lan commands system messages LAN connection...
Page 617 problem diagnosis AppleTalk routing off-node server information bridge initialization on-node device table configuration elements compression operational files dedicated connections outbound authentication dial out overload condition IP filters over-subscription timer (triggered RIP/SAP) IP routing IPX routing initialization LAN adapter packet data filter commands multi-level security 224, 234, 236 packet types...
Page 618 USER’S GUIDE 114, 122 remote management SecurID card AMP out-of-band security SNMP authentication databases Telnet authentication process TFTP device level databases reporting problems network login information resource off-node server information 69, 71 resources overview See also adapters token card restart user level databases restore security level...
Page 619 226, 232, 237 statistics AppleTalk routing statistics bridging tcp commands 52, 484 call detail recording Telnet call restriction remote management call statistics telnet commands compression term commands connectivity term set DHCP terminal mode 330, 487 TFTP configuration elements IPX route remote management statistics SNMP...
Page 620 USER’S GUIDE unrestricted bridge mode WAN adapter update line problem diagnosis upgrading software WAN direct host interface user level authentication WAN IP interface user level databases verification 114, 121 user level security WAN IP UnNumbered interface 121, 158 configuration WAN LED indicators 274, 277 configuration specific to IPX WAN lines...

This manual is also suitable for:

Cyberswitch csx154 Cyberswitch csx155 Cyberswitch 150

Cabletron Systems CyberSWITCH CSX150 User Manual

Using this Guide

System Overview

The Cyberswitch

Hardware Overview

Software Overview

System Installation

Ordering ISDN Service (US Only)

Hardware Installation

Accessing the Cyberswitch

Upgrading System Software

Basic Configuration

Configuration Tools

Configuring Resources and Lines

Configuring Basic Bridging

Configuring Basic IP Routing

Security

Security Overview

Configuring Security Level

Configuring System Options and Information

Configuring Device Level Databases

Configuring User Level Databases

Configuring Off-Node Server Information

Configuring Network Login Information

Advanced Configuration

Configuring Alternate Accesses

Configuring Advanced Bridging

Quick Links

Related Manuals for Cabletron Systems CyberSWITCH CSX150

Summary of Contents for Cabletron Systems CyberSWITCH CSX150