3Com Tablet Accessory 86 0621 000 User Manual

Enterprise OS Softw are  
Version 11.4 Release Notes  
3Com provides a CD-ROM that includes all Enterprise OS software version 11.4  
software manuals plus version 11.4 new installation and upgrade manuals. To  
obtain a hardcopy version of the 11.4 documentation, order part number  
C36460T.  
You can order the documentation CD-ROM using part number 3C6461T.  
Additionally, all documentation for Enterprise OS software version 11.4 is  
located on the 3Com website:  
http://w w w .3com.com/  
Part No. 86-0621-000  
Published January 2000  
Download from Www.Somanuals.com. All Manuals Search And Download.  
CONTENTS  
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES  
Encryption Packages Notice  
Supported Platforms  
OfficeConnect NETBuilder and SuperStack II NETBuilder SI Release  
Platforms Not Supported  
New Features and Feature Enhancements  
7
8
9
9
9
JAVA Runtime Environment  
VPN and Security Features  
9
9
Routing Support Features 11  
Traffic Shaping & QoS Features 14  
Dial Service Features 17  
Voice & Multiservice Features 17  
Network Management Features 18  
Transcend VPN Application Suite 21  
11.4 Software Packages 23  
NETBuilder II Bridge/Router 23  
SuperStack II NETBuilder SI 26  
PathBuilder S5xx Series Switch 29  
PathBuilder S400 Series Switches 32  
OfficeConnect NETBuilder Bridge/Routers 34  
OfficeConnect NETBuilder 10/ST 37  
SuperStack II NETBuilder Token Ring 40  
Upgrade Management Utilities 43  
Downloading Upgrade Management Utilities 43  
UNIX Files 43  
Windows Files 43  
Executing  
profile.bat 44  
Version 11.4 Upgrade Management Utilities 44  
Upgrading to 11.4 Utilities with Transcend Upgrade Manager 44  
Transcend Enterprise Manager 44  
Upgrade Management Notes 45  
bcmdiagnose Error Message 45  
SuperStack II NETBuilder Token Ring Upgrades 45  
bcmdiagnose and HP-UX 45  
bcmfdinteg 45  
File Conversion Considerations 46  
UNIX Platform Symbolic Links 46  
Upgrading From Release 8.3 or Earlier 46  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Upgrade Link and Netscape Browser Scroll Bars 46  
Upgrade Link Window Resizing 47  
IBM Protocols and Services Notes 47  
APPN 47  
APPN Connections to 3174 through Token Ring 47  
APPN CP-CP Sessions and SNA Boundary Routing 47  
APPN CP-CP Sessions on Parallel TGs 47  
APPN DLUr Connections to 3174 Systems 47  
BSC and Leased Lines 47  
Boundary Routing and NetView Service Point 48  
Configuring BSC and NCPs 48  
DLSw Circuit Balancing 48  
DLSw and CONNectUsage Parameter Default Change 48  
DLSw Prioritization 48  
DLSw and IBM Boundary Routing in Large Networks 48  
Front-End Processor/Frame Relay Access for LLC2 Traffic 49  
HPR and ISR Configurations 49  
IBM Boundary Routing Topology Disaster Recovery 49  
IBM-Related Services in Token Ring 50  
LAN Network Manager with NETBuilder II Systems 51  
LLC2 Frames and PPP 52  
Maximum BSC Line Speed 52  
SHDLC Half-Duplex Mode 52  
SDLC 52  
SDLC Adjacent Link Stations for APPN 52  
Source Route Transparent Bridging Gateway (SRTG) Interoperability 52  
SDLC Ports and NetView Service Point 52  
UI Response Time With Large SDLC configuration 52  
VTAM Program Temporary Fixes 52  
ATM Services Notes 53  
ATM Emulated LANs 53  
ATM LAN Emulation Clients and Large 802.3 Frames 53  
ATM Connection Table 53  
Deleting ATM Neighbors 53  
Source-Route Transparent Gateway 53  
WAN Protocols and Services Notes 53  
ACCM Not Configurable 53  
Asynch Tunnelling on Serial Ports 53  
Automatic Line Detection 53  
Auto Start-up Does Not Include Async 54  
Bandwidth-on-  
Demand Timer Precedence 54  
Baud Rates for WAN Ports in DCE Mode 54  
BSC Cabling and Clocking 54  
Changing the Transfer Mode Parameter Default Value 54  
Compression Requirements 54  
Dial Idle Timer 55  
Disaster Recovery on Ports Without Leased Lines 55  
Download from Www.Somanuals.com. All Manuals Search And Download.  
DTR Modems 55  
Dynamic Paths 55  
Frame Relay Congestion Control 55  
History-Based Compression Negotiation Failure 55  
History Compression Not Allowed With Async PPP 55  
Multilink PPP Configurations 55  
SPID Wizard Detection Errors 56  
STP AutoMode Does Not Select the Right Mode 56  
Supported Modems 56  
Routing Protocols and Services Notes 56  
BGP Configuration Files 56  
CPU Utilization with XNS Protocol 57  
IPX to Non-IPX Configuration Error 57  
IPX Routing, Route Receive and Route Advertisement Policies 57  
Managing IP Address Assignment 57  
NAT Service - Many to One Outbound Translation 57  
NAT Service - TCP/UDP Port Mappings 57  
OSPF Route Advertisement 57  
PIM-Sparse Mode 57  
PIM-SM Enterprise OS/Cisco Incompatibility 57  
PIM-SM Register Checksum Formats 57  
PM-SM Not Supported Over NBMA Media 58  
RouteDiscovery 58  
VRRP Configuration 58  
Network Management System and Services Notes 58  
ASCII Boot 58  
Boot Cycle Continuous Loop 58  
BootP Server and Autostartup 58  
Bootptab File 58  
Capturing Commands to boot.cfg File 59  
Change Configuration and Diagnostic Menu 59  
CPU Utilization Statistic 59  
File System Error 59  
Firmware Configuration 59  
Firmware Update 59  
IP Quality of Service Bandwidth 59  
IP Quality of Service Configuration 59  
Multiple Paths to BootP Server 59  
Remote Access Default Change 60  
Scheduler RunOnBootFail Completion 60  
V.25bis Modem Setup 60  
Web Link Documentation Path 60  
Web Link Login Support 60  
Zmodem Time Out 60  
VPN Protocols and Services Notes 60  
ACE Security Server 60  
Total Control Security and Accounting Server Availability 60  
Microsoft MPPE Patches and Updates 61  
Download from Www.Somanuals.com. All Manuals Search And Download.  
PKI: Entrust CA Installation Notes 61  
PPTP Tunnel Security Validation 62  
RSA Signature for Phase 1 Authentication 62  
Windows NT MS-CHAP Authentication 62  
Platform Notes 63  
OfficeConnect NETBuilder and SuperStack II NETBuilder SI Additional Memory  
Requirements 63  
Approved DRAM SIMMs 63  
Supported PC Flash Memory Cards 64  
Line Error Reporting on PathBuilder S5xx Series Switch Statistics Display 64  
T3 Bandwidth Limitation 64  
MBRI Ownership During Board Swapping 64  
Multiport MBRI Module SNMP Management 64  
Token Ring+ Modules 64  
Token Ring Auto Start-up 64  
Download from Www.Somanuals.com. All Manuals Search And Download.  
ENTERPRISE OS SOFTWARE VERSION  
11.4 RELEASE NOTES  
These release notes provide information on the following topics for Enterprise OS  
software version 11.4:  
Encryption Packages Notice  
Supported Platforms  
Platforms Not Supported  
New Features and Feature Enhancements  
11.4 Software Packages  
Upgrade Management Utilities  
Upgrade Management Notes  
IBM Protocols and Services Notes  
ATM Services Notes  
WAN Protocols and Services Notes  
Routing Protocols and Services Notes  
Network Management System and Services Notes  
VPN Protocols and Services Notes  
Platform Notes  
If you have questions about the software, the guides, or these release notes,  
contact 3Com or your network supplier.  
For information on the command syntax used in these release notes, see “About  
This Guide” in Using Enterprise OS Software.  
Encryption  
Packages  
Notice  
The Enterprise OS softw are version 11.4 may contain strong data  
encryption that cannot be exported outside the United States or Canada.  
It is unlaw ful to export/re-export or transfer, either physically or  
electronically, the encryption softw are or accompanying documentation  
(or copies thereof) or any product(s) utilizing the encryption softw are or  
such documentation w ithout obtaining w ritten authorization from the US  
Department of Commerce.  
Do not place Enterprise OS version 11.4 packages w ith encryption on  
netw orks or servers that are accessible to users outside of the U.S. and  
Canada.  
Software packages with encryption include the following:  
PathBuilder™ S5xx series switch  
Part No. 86-0621-000  
Published January 2000  
Download from Www.Somanuals.com. All Manuals Search And Download.  
8
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES  
Multiprotocol Router with 40-bit Encryption (PL)  
Multiprotocol Router with 56-bit Encryption (PE)  
Multiprotocol Router with 128-bit Encryption with 3DES (PS)  
PathBuilder S400 switch  
Multiprotocol Router with 40-bit Encryption (ML)  
Multiprotocol Router with 56-bit Encryption (ME)  
Multiprotocol Router with 128-bit Encryption with 3DES (MS)  
IP/IPX/AT Router with 40- and 56-bit Encryption (XE)  
IP/IPX/AT Router with 128-bit Encryption with 3DES (XS)  
NETBuilder II®  
Multiprotocol Router with 40-bit Encryption (DL)  
Multiprotocol Router with 56-bit Encryption (DE)  
Multiprotocol Router with 128-bit Encryption with 3DES (DS)  
SuperStack® II NETBuilder® SI  
IP/IPX/AT Router with 40- and 56-bit Encryption (NE) (SI model)  
IP/IPX/AT Router with 128-bit Encryption with 3DES (NS) (SI model)  
Multiprotocol Router with 40-bit Encryption (CL) (SI model)  
Multiprotocol Router with 56-bit Encryption (CE) (SI model)  
Multiprotocol Router with 128-bit Encryption with 3DES (CS) (SI model)  
SuperStack II NETBuilder  
Multiprotocol Router with 56-bit Encryption (TE) (Token Ring  
models 327 and 527)  
OfficeConnect® NETBuilder  
IP/IPX Router (JW)  
IP/IPX Router with 56-bit Encryption (JE)  
IP/IPX Router with 128-bit Encryption with 3DES (JS)  
IP/IPX/AT Router with 40- and 56-bit Encryption (NE)  
IP/IPX/AT Router with 128-bit Encryption with 3DES (NS)  
Multiprotocol Router with 56-bit Encryption (OE)  
Multiprotocol Router with 128-bit Encryption with 3DES (OS)  
OfficeConnect 10 NETBuilder  
Router (RW)  
Router with 56-bit Encryption (RE)  
Router with 128-bit Encryption with 3DES (RS)  
Supported Platforms  
Enterprise OS software version 11.4 is available for the following platforms:  
NETBuilder II  
SuperStack II NETBuilder models 327 and 527  
SuperStack II NETBuilder SI models 43x, 44x, 45x, 46x, 53x, 54x, 55x, and 56x  
OfficeConnect NETBuilder models 11x, 12x (K and T variants),13x,  
14x (U and ST variants) and 10/ST  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Platforms Not Supported  
9
PathBuilder S5xx series switch models S500, S580, S593, S594, S598 and S599  
PathBuilder S400  
OfficeConnect Due to increased memory requirements, the OfficeConnect NETBuilder and  
NETBuilder and SuperStack II NETBuilder SI will be released after the general release of Enterprise  
SuperStack II OS Software version 11.4. The general release will include support for the  
NETBuilder SI Release following platforms: NETBuilder II, SuperStack II NETBuilder Token Ring,  
PathBuilder S50x, S58x, S59x, and PathBuilder S400 devices. Watch for special  
release announcements for the OfficeConnect NETBuilder and SuperStack II  
NETBuilder SI devices.  
See “OfficeConnect NETBuilder and SuperStack II NETBuilder SI Additional  
Memory Requirements” on page 63 for details about memory requirements for  
the OfficeConnect NETBuilder and SuperStack II NETBuilder SI devices.  
Platforms Not  
Supported  
The Enterprise OS software version 11.4 does not support the following  
bridge/routers:  
Model 227 SuperStack II NETBuilder Router (Ethernet)  
Model 427 SuperStack II NETBuilder Router (Ethernet, ISDN)  
Model 120 OfficeConnect NETBuilder (FRAD)  
Model S574 and S578 PathBuilder Switch  
New Features and  
Feature  
Enhancements  
Enterprise OS is the system software that operates within the NETBuilder and  
PathBuilder WAN products. Enterprise OS devices supported by this release include  
the NETBuilder II, SuperStack II NETBuilder, OfficeConnect NETBuilder  
bridge/router, PathBuilder S5xx tunnel switch (models S500, S580, S593, S590,  
S594, S598, S599), and the PathBuilder S400 WAN convergence switch.  
This section highlights the new features and enhancements contained within  
Enterprise OS software version 11.4.  
JAVA Runtime With 3Com Enterprise OS software version 11.4, in the /tools/jre subdirectory is  
Environment the MS Windows 95/98/NT version of JRE (Java Runtime Environment) written by  
Sun Microsystems. This JRE archive file is a self-extracting executable that contains  
the Java virtual machine, runtime class libraries, and Java application launcher that  
are necessary to run programs written in the Java programming language. The JRE  
is needed to run the following Enterprise OS applications:  
Voice Wizard in Web Link (embedded web interface) on the PathBuilder S400  
devices  
PKI Manager (part of the Transcend VPN Application Suite)  
For more information or to download the UNIX version, see Sun's website:  
VPN and Security VPN and Security features provide Public-Key Infrastructure, Non-Broadcast,  
Features Multi-Access (NHRP) for VPN Tunnels, IP Payload Compression Protocol (IPComp),  
and Tunnel Switching Between Different Tunnel Types.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
10  
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES  
Public-Key Infrastructure (PKI) Implementation  
Applications like IP Security (IPsec) and Internet Key Exchange (IKE) employ  
public-key technology for such security purposes as identifying oneself to remote  
entities, verifying a remote entity's identity, or initiating secure communications  
with remote peers. Such applications require a public-key infrastructure (PKI) to  
securely manage public keys for widely-distributed users or systems. The  
implementation of PKI is based on the X.509 standard.  
New also is PKI Manager, a graphical management application to aid Enterprise OS  
devices in obtaining PKI certificates and Certificate Revocation Lists (CRLs) from  
various Certificate Authorities (CAs). PKI Manager works as a proxy between the  
device and the CA. It is responsible for collecting the certificate requests from the  
devices and generating the CA-specific certificate request syntax (CRS), which in  
turn is sent to the CA. After the CA issues the certificate, PKI Manager retrieves it  
from the CA and send it to the Enterprise OS device. The CAs that are supported  
with this first release are Verisign and Entrust. The application is currently  
supported only on Windows NT. See the “Transcend VPN Application Suite”  
section of this release note for more information.  
Non-Broadcast, Multi-Access (NHRP) for VPN Tunnels  
With the Non-Broadcast, Multi-Access (NBMA) characteristics of a  
Point-To-Multi-Point (P2MP) VPN tunnel (also called IP-Over-IP tunnel), an IP packet  
must be forwarded via a routed tunnel path. These tunnel paths must be  
configured statically between each pair of neighbors. All VPN traffic is allowed to  
flow only through the configured neighboring paths. This makes routing  
inefficient since data forwarding may not always be using the best route with the  
shortest hops. To solve this, the user would have to go to the trouble of  
configuring a fully-meshed VPN so packets could be forwarded with one hop.  
With the Next Hop Resolution Protocol (NHRP) implemented in 11.4, tunnels are  
now established dynamically. NHRP enhances the Point-To-Multi-Point (P2MP) VPN  
tunnel by eliminating the need to statically configure each and every end-point  
virtual port on the device. NHRP resolves the next hop when forwarding data  
through tunnels. The Enterprise OS device will automatically” discover its short  
cut path for routing, without having to manually configure every neighboring  
path.  
IP Payload Compression Protocol (IPComp or IPPCP)  
Enterprise OS software supports data compression to ease bandwidth problems.  
However, in previous software releases the compression mechanism was not  
effective when a data stream was encrypted at layer 3. With 11.4, by using IP  
Payload Compression Protocol (IPComp), RFC 2393, to first reduce the size of the  
IP datagram by compressing the data, then performing encryption, the size of IP  
datagrams has been reduced. This is extremely useful when IPsec encryption is  
applied to IP datagrams, since compression of outbound IP datagrams is done  
before any IP security processing, and the decompression of inbound IP datagrams  
is applied after the completion of all IP security processing. Only dynamic  
negotiations of the IPComp Association (IPCA) via IKE and one compression  
algorithm (LZS) is supported for 11.4. Any negotiation of IPComp is always  
combined with a negotiation of ESP, AH, or both.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
New Features and Feature Enhancements  
11  
Tunnel Sw itching Betw een Different Tunnel Types  
So that tunnel switching between two sessions of different tunnel types can be  
easily implemented and maintained, Enterprise OS software version 11.4 has been  
re-structured to support tunnel switching from PPP over Ethernet (PPPoE) to PPTP,  
and from PPPoE to L2TP. Users can now dial-in through a PPPoE tunnel and  
switch out” through a PPTP or L2TP tunnel. This enables the Enterprise OS device  
to have the flexibility of switching between tunnels of different tunnel types.  
Routing Support Routing support features include OSPF External Route Aggregation, Protocol  
Features Independent Multicast-Sparse Mode (PIM-SM), Multicast Border Router (MBR),  
IGMPv2 Enhancements, PPP over Ethernet (PPPoE), Virtual Router Redundancy  
Protocol (VRRP) for ATM Ethernet LAN Emulation, Virtual Router Redundancy  
Protocol (VRRP) for Virtual LAN (VLAN), Many-to-One NAT Enhancement, BGP-4 &  
IPv6 added to multiprotocol packages for OfficeConnect NETBuilder and  
SuperStack II NETBuilder SI, PathBuilder S400 devices, and RSVP and RSVP Proxy  
added to software packages for OfficeConnect NETBuilder and SuperStack II  
NETBuilder SI and PathBuilder S400 devices.  
OSPF External Route Aggregation  
With OSPF, the user can import routes from external routing sources (for example,  
BGP, RIP, static routes, and directly connected networks). These imported routes  
become OSPF external routes. In some networks, the number of external routes to  
be advertised can cause traffic congestion on the backbone and subsequently to  
all areas.  
Because version 11.4 aggregates the type5 external routes, the user can define  
external route ranges. With user-defined external route ranges, if the external  
route is within the defined range, only then will the network be advertised. This  
reduces the number of external routes advertised in the backbone and regular  
areas.  
Protocol Independent Multicast-Sparse Mode (PIM-SM)  
The periodic broadcasting of information by DVMRP and MOSPF to identify the  
location of interested receivers for a specific multicast session is only useful in  
networks where bandwidth is plentiful or when there is a large number of senders  
and receivers for a multicast session. When senders and receivers to multicast  
sessions are distributed sparsely across a wide area such schemes are not efficient.  
They waste bandwidth on expensive WAN links and require the maintenance of  
routing-state” on routers that are not on the forwarding tree for the multicast  
session. Protocol Independent Multicast-Sparse Mode (PIM-SM), implemented in  
11.4, is an intra-domain multicast routing protocol designed to resolve some of  
the inadequacies with these other multicast protocols.  
PIM-SM is protocol independent” in that it can work with any unicast routing  
protocol. It builds a per-group (or per multicast session) shared multicast  
distribution tree centered at a rendezvous point, and requires receivers to explicitly  
join to this shared distribution tree prior to receiving data traffic. Since a  
shared-tree” mechanism could result in suboptimal paths for data traffic from a  
source to the receivers of a multicast session, PIM-SM also supports the ability to  
switch to a source specific distribution tree if the data traffic warrants it. The  
implementation of PIM-SM supports IPv4 in this release (IPv6 is not supported in  
this release).  
Download from Www.Somanuals.com. All Manuals Search And Download.  
12  
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES  
Multicast Border Router (MBR)  
To allow sources and receivers inside multiple autonomous multicast routing  
domains (each running a different multicast routing protocol -- DVMRP, MOSPF, or  
PIM-SM) to communicate, the regions must be connected by multicast border  
routers (MBRs). The primary role of the MBR is to pull down the traffic from one  
domain to the another domain. This MBR functionality is implemented in the  
Enterprise OS device to allow the efficient interoperation among independent  
multicast routing protocols. A common forwarding cache to forward the multicast  
data packets has been implemented. MBR makes it easier to have a unified  
forwarding table for multicast data traffic. The multicast routing protocols will  
maintain protocol specific routing states and create forwarding entries in the  
unified forwarding table for multicast traffic.  
IGMPv2 Enhancements  
Adding to the IGMPv1 support, 11.4 will be adding support for IGMPv2 (RFC  
2236). Feature enhancements include the following:  
Allowing a host to inform a multicast router when it no longer wants to receive  
traffic for a given multicast group.  
Defines a new procedure for electing the multicast querier on a LAN; the  
multicast router with the lowest IP address is always chosen as the querier.  
Defines a new type of Query message, called the Group-Specific Query. This  
type of message allows a router to transmit a query to a specific multicast  
group rather than all groups that reside on a directly attached subnet.  
PPP over Ethernet (PPPoE)  
With 11.4, PPP over Ethernet (PPPoE) is available to offer a seamless integration of  
broadband access technology into the existing infrastructure and operational  
model of remote access. As specified in the informational RFC 2516, PPPoE  
encapsulates PPP packets over Ethernet. It is intended for use by a host PC to  
interact with a broadband modem (e.g. xDSL, cable, and wireless access devices)  
to achieve access to high-speed data networks. The PPPoE offering is targeted at  
Carriers, ISPs, and NSPs with an ATM backbone for use in a VPN environment for  
broadband access.  
Ethernet is the most proven, familiar, and cost effective LAN technology that exists  
today. PPP is the most popular dial-up transport, created to define negotiating  
connectivity parameters, authenticate users, dynamically assign IP addresses, and  
support multiprotocol environments. In a remote dial-up environment, besides the  
traditional analog and ISDN modems, there are server other high-speed,  
broadband CPEs being rapidly deployed (for example, xDSL, cable, and wireless  
access devices). All high-speed, broadband access equipment requires end users to  
be knowledgeable in their technologies, connectivity, and configuration  
characteristics. With PPPoE, much of the complexity of these broadband devices is  
hidden from the user. In addition to ease of configuration and use for the end  
user, PPPoE also simplifies provisioning, installation, and management for the  
service provider.  
Advantages of PPPoE:  
Supports multiple hosts and users across a dedicated broadband connection  
and a single ATM or Frame Relay PVC with the same Ethernet infrastructure.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
New Features and Feature Enhancements  
13  
Provides end users with ease of installation and configuration; no special  
configuration of the PC or modem is needed.  
Provides services providers with ease of provisioning, services, and  
management.  
Operates independent of access device (that is, works for xDSL, cable, or  
wireless devices) which shields end users from the need to learn complicated  
technologies (for example, ATM).  
Preserves the applications that have been built around Microsoft Windows  
Dial-Up Networking (DUN). A simple PPPoE client driver is used with an  
interface and functionality familiar to the user.  
Virtual Router Redundancy Protocol (VRRP) for ATM Ethernet LAN  
Emulation  
In addition to supporting Virtual Router Redundancy Protocol (VRRP) on Enterprise  
OS platforms with Ethernet, Fiber Distributed Data Interface (FDDI), and Token  
Ring interfaces, 11.4 now supports ATM Ethernet LAN Emulation (ATM LANE).  
LANE operates by maintaining a set of mappings from MAC addresses to ATM  
addresses. When running VRRP on a LANE network, the LANE protocol must be  
notified when a new master router is elected so that it can update the MAC  
address to ATM address mapping within the ELAN for the virtual router's MAC  
address. In essence, while running VRRP over LANE, a virtual MAC address may  
change location from one LEC to another.  
For more information regarding VRRP, consult the Internet Drafts for VRRP  
(draft-ietf-vrrp-spec-v2-03.txt) and VRRP Operation over ATM LAN Emulation  
(draft-ietf-vrrp-lane-01.txt).  
Virtual Router Redundancy Protocol (VRRP) for Virtual LAN (VLAN)  
In addition to supporting Virtual Router Redundancy Protocol (VRRP) over a  
physical LAN, with 11.4 comes support for VRRP for the Virtual LAN (VLAN).  
A VLAN can be seen as a group of end-stations, perhaps on multiple physical LAN  
segments that are not constrained by their physical location and can communicate  
as if they were on a common LAN. With VRRP for VLAN, network operation is  
ensured since dynamic responsibility for a virtual router is transmitted to one of  
the VRRP routers on a VLAN.  
When VRRP is used over a physical LAN, an owner of the Virtual Router ID (VRID)  
may change the MAC address to the Virtual MAC (VMAC) address without  
transitioning to promiscuous mode. For the VLAN implementation, when a VRRP  
router becomes the master (the router that is forwarding the virtual IP packets),  
the VLAN interface will always be in promiscuous mode.  
Many-to-One NAT Enhancement  
When executing large file transfers with a block size that is greater than the  
underlying media can handle, IP will fragment the UDP packet. Since only the first  
fragment contains the UDP header (which indicates the source and destination  
port required by NAT to map to a NAT IP address), the subsequent fragmented  
packets do not contain the UDP header. This results in NAT not having the UDP  
ports to map to the NAT IP address. In previous releases, this condition would  
Download from Www.Somanuals.com. All Manuals Search And Download.  
14  
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES  
occur during, for example, TFTP le transfers using Large Blocksize Negotiation  
(RFC 1783).  
Each fragmented packet contains an IP Identification (ID) number that is used for  
re-assembly. When the first fragment arrives, the ID is stored in the NAT session  
that has already been setup for the TFTP le transfer, so when subsequent  
fragments arrive with no UDP header, a search is made for the session by ID and  
the relevant IP address. After the session is found, the destination and source ports  
are known and NAT can translate.  
BGP-4 & IPv6 added to Multiprotocol Packages for OfficeConnect  
NETBuilder & SuperStack II NETBuilder SI & PathBuilder S400 devices  
Previously, BGP-4 & IPv6 was available only on the NETBuilder II and PathBuilder  
S5xx devices. Starting with 11.4, BGP-4 and IPv6 are supported on the  
OfficeConnect NETBuilder and SuperStack II NETBuilder SI (Ethernet only)  
bridge/routers, as well as on the PathBuilder S400 WAN convergence switch.  
BGP-4 and IPv6 will be available only on the multiprotocol packages for these  
platforms.  
RSVP & RSVP Proxy added to Softw are Packages for OfficeConnect  
NETBuilder & SuperStack II NETBuilder SI & PathBuilder S400 devices  
Previously, RSVP was available only on the NETBuilder II and PathBuilder S5xx  
devices. Starting with 11.4, RSVP and RSVP Proxy are supported on the  
OfficeConnect NETBuilder and SuperStack II NETBuilder SI (Ethernet only)  
bridge/routers, as well as on the PathBuilder S400 wAN convergence Switch.  
Traffic Shaping & QoS Traffic shaping and Quality of Service (QoS) features include Bandwidth on  
Features Demand with Incoming Traffic, and IP Quality of Service (IPQoS).  
Bandw idth on Demand w ith Incoming Traffic  
Bandwidth on Demand is a facility that provides supplementary bandwidth above  
the normal bandwidth levels specified by the user whenever traffic congestion is  
detected. In previous releases, only the transmitted traffic load was used to control  
this feature; with the 11.4 release, incoming traffic is also monitored. The need to  
monitor incoming traffic for Bandwidth on Demand appears in such situations as  
when a router that is connected to an ISP downloads a web-page. The incoming  
traffic bandwidth consumption would be high; it would be desirable at this point  
to add more bandwidth to accommodate the desired burst in traffic.  
IP Quality of Service (IPQoS)  
With the enormous growth in network traffic, robust QoS is required to ensure  
mission-critical and real-time application traffic will get adequate network  
resources to traverse the network regardless of the competing demands for  
bandwidth by other applications.  
Policy-based QoS management will enable network managers to control  
bandwidth allocation and service levels on IP traffic flows. Traffic flows can be  
metered and policed on a per policy base to ensure its bandwidth consumption  
does not exceed the defined rate limits. When multiple flows are aggregated into  
a service class, rate limiting protects conforming flows from the aggressive flows  
hogging network resources that may lead to a denial of service. Flows can also be  
policed to ensure correct marking of the IP/TOS-byte in the IP header as per policy.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
New Features and Feature Enhancements  
15  
Given the scalability problems associated with RSVP, the emerging IETF standard  
for scalable end-to-end QoS–IP Differentiated Service is supported. Incoming  
traffic flows can be classified into service classes for each defined QoS policy with  
the routers providing the service level that corresponds to the Differentiated  
Services Code Point (DSCP), bits 0-5 in the TOS-byte, via the Class-Based Queue  
(CBQ) packet scheduler and Random Early Detection (RED) congestion avoidance  
mechanisms. These queue management policies will only be supported over the  
slower FR and PPP WAN links.  
Brief descriptions of additional QoS features are listed below. For further  
information on IPQoS, consult RFC 2474 (Definition of Differentiated Service Field  
in IP Headers) and RFC 2309 (Recommendations on Queue Management &  
Congestion Avoidance in the Internet).  
Policy-based QoS Management  
Flexible QoS control is configured via the IPQoS Service as port specific policies.  
QoS policies can be applied to the inbound traffic at the ingress port and/or the  
outbound traffic at the egress port. QoS policies are associated with flows.  
Policies are stored in the user-defined precedence order in the QoS policy  
database. The policy action associated with the first matching policy found for  
the packet will be applied. Flow can be defined as either an aggregated flow or  
a specific application flow between two end systems. Flows are classified via  
the generic packet classification service provided by IP.  
A network manager can define the following types of QoS policy:  
Bandwidth control - If rate limiting is specified in a QoS policy, the associated  
traffic flow will be metered and policed. Rate limiting can be applied to traffic  
transmitted or received on an interface. User may also define actions, such as  
forward/discard/remark TOS-byte, to handle traffic that conforms to or exceeds  
the rate limit.  
TOS control - TOS can be set to a specified TOS value. This allows incoming  
packets to be classified into a small number of DSCP-based classes.  
TOS-byte can also be remarked for forwarding to another administration  
domain with a different IP/TOS convention.  
Service class control - A specific service class can be assigned to a flow  
independent of the DSCP value in the TOS byte. By default, the 6-bit DSCP  
value is mapped into a CBQ service class at the outgoing WAN port.  
Traffic redirect - traffic can be redirected at the ingress port.  
IEEE 802.1P Prioritization  
When the ingress port is connected to a VLAN-aware switch that does the  
layer-2 packet classification and 802.1P user priority support is enabled on the  
ingress VLAN port, the 802.1P user priority of the incoming IP packet will  
determine the IP/TOS value based on the default or user-configured mapping.  
When the egress port is connected to a layer-2 VLAN-aware switch that does  
not support packet classification and 802.1P support is enabled on the egress  
VLAN port, the IP/TOS value will determine the 802.1P priority of the outgoing  
packet based on the default or user-configured mapping  
IP traffic can also be classified via a QoS policy to be tagged with a specific  
802.1P priority.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
16  
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES  
Class-Based Queuing (CBQ) Management  
Class-Based Queuing (CBQ) is a link-sharing packet scheduler which is an  
enhanced version of the existing Protocol Reservation queuing policy. It  
performs priority scheduling and supports specific traffic class characteristics,  
such as the average transfer rate. It supports a hierarchy of service classes, each  
associated with a set of QoS attributes (such as, average rate, priority, and max  
delay) and a packet queue to hold packets marked for the service class.  
CBQ provides weighted (based on the allocated bandwidth) round robin  
scheduling when the class is not congested, but switches to the link sharing  
mode during periods of congestion. It regulates each class queue to its  
allocated bandwidth, but allows a congested class to borrow bandwidth from  
its under-utilized parent class.  
When a class queue builds up due to packet arriving at higher rate than the  
classs allocated bandwidth, CBQ employs a packet drop policy to manage the  
queue length/latency. By default, the simple tail drop” is invoked to discard  
the most recently arrived packet for the congested queue/class. The more  
effective RED dropper can also be optionally enabled on a CBQ class queue.  
CBQ also supports traffic prioritization. Higher priority classes are serviced first,  
classes with the same priority are then serviced based on weighted round  
robin. Borrowing is allowed only if a class is configured to allow borrowing  
from its parents.  
The network manager may define any number of CBQ classes. Policies can be  
defined that map the DSCP in the TOS-byte to a specific service class to provide  
the desired QoS. Initial RSVP support will restrict RSVP ows to the well-known  
RSVP” service class.  
Given the significant per packet overhead, CBQ does not scale well with  
multi-level class hierarchies and would perform best with a small number of  
classes in a shallow tree structure on lower speed WAN links.  
CBQ will be supported on PPP/FR ports only.  
RED Congestion Avoidance  
Random Early Discard (RED) actively manages the queue size by dropping  
arriving packets using probability as follows. The probability of packet drops  
increases as the estimated average queue size grows. The average queue size is  
computed using a simple exponentially weighted moving average estimator.  
RED starts dropping arriving packets when the queue size exceeds the defined  
minimum threshold in number of packets), and the drop probability increases  
linearly with the queue size until the defined maximum threshold (in number of  
packets) is reached - at which point all arriving packets are dropped.  
Weighted Random Early Discard (WRED) implements an additional  
drop-precedence based preferential discard mechanism. The drop-precedence  
value is used to determine the minimum and maximum thresholds–such that  
packets tagged with a higher drop-precedence value has a higher drop  
probability. The drop-precedence value is determined by the amount of traffic  
in excess of the rate limit.  
RED congestion avoidance scheme actively manages the queue length to  
efficiently reduce both packet drops and queue latency, resulting in lower delay  
and better service. The random packet drop also effectively breaks up the  
traffic synchronization due to TCPs slow start than speed up” behavior, which  
Download from Www.Somanuals.com. All Manuals Search And Download.  
New Features and Feature Enhancements  
17  
may cause some flows to be locked out of bandwidth if a simple tail drop is  
employed when the queue becomes full. However, RED works well only with  
compliant TCP implementations that backs off when network congestion is  
detected. It has no effect on non-IP or UDP traffic.  
RED is supported on CBQ class queues only.  
Dial Service Features Dial service features include increased asynchronous baud rate for the all  
Enterprise OS platforms.  
In releases prior to 11.3, the maximum baud rate for asynchronous ports was  
57.6 kbps. With the 11.3 release, the maximum baud rate has been increased to  
115.2 kbps only for the OfficeConnect NETBuilder platform. With the 11.4  
release, this feature is expanded to support all other platforms with FlexWAN  
interfaces. This includes the NETBuilder II with the 4-port HSS module, SuperStack  
II NETBuilder SI, PathBuilder S5xx, and PathBuilder S400 devices.  
Voice & Multiservice Voice and multiservice features include voice over Frame Relay, and voice over  
Features VPN. These features are currently available on the PathBuilder S400 platform only.  
Voice Over Frame Relay (VoFR)  
With Frame Relay already providing a flexible and efficient means of transferring  
data, Voice Over Frame Relay (VoFR) consolidates voice and voice-band data (for  
example, analog modems and fax messages) with data services. VoFR lowers the  
cost of calls while increasing the utilization of network resources and maintaining  
the reliability of an existing Frame Relay network.  
With 11.4, VoFR is available in the PathBuilder S400 WAN convergence switch.  
The VoFR capabilities will handle peer-to-peer (end-user to end-user) VoFR voice  
call signaling across the network, providing real-time delivery of voice signals  
without excessive delay.  
Features of the 3Com implementation of VoFR:  
All voice payloads are encapsulated in the FRF.11 formats. Voice and data share  
the same virtual circuit (VC) based on the FRF.11 Annex J (The Use of Reserved  
Subchannels) capabilities as authored by 3Com.  
Fragmentation can consume CPU processing power resulting in degraded  
system performance. Unlike other vendors implementation of VoFR, 3Com's  
proprietary Fragmentation Control Protocol (FCP) is designed to support  
dynamic fragmentation control to turn on-and-off fragmentation at each  
communicating endpoint.  
3Com proprietary VoFR signaling based on Q.931allows dynamic call  
connection and teardown.  
VoFR recovery is built into VoFR signaling to handle system or network  
outage.  
Voice call establishment is regulated by bandwidth requirements of voice  
compression between two communicating DSP peers, as well as by the  
available bandwidth (CIR) of the VC at each end.  
Voice calls between remote offices can be switched through central site  
VoFR.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
18  
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES  
Up to 250 calls can be supported within each VC subject to available  
bandwidth.  
Support for FXS and FXO voice ports.  
Support for FAX data over the voice call.  
Voice Over VPN (VoVPN)  
Due to the interaction between VPN (L2TP or PPTP) and VoIP when they are  
sharing the same system IP (sysip) address, voice calls do not get tunneled over  
L2TP or PPTP. The reason for this is when a VPN tunnel is established with the sysip  
address, the endpoint's sysip address is in each endpoints routing table. If an  
application subsequently uses the same address that is used by the tunnel, the  
routing table would force the packet out on the interface, and not through the  
tunnel. The packet would leave the device unencapsulated.  
To overcome this, voice calls originating from the system will continue to use the  
sysip address as before (in order to utilize the redundancy feature of the sysip). In  
addition, the voice call will also have an option to use a different  
source-destination pair for those calls that need to be tunneled via VPN. After the  
source address is defined, it is linked to the virtual port that represents the VPN  
tunnel, allowing the voice call to get tunneled across the VPN.  
Netw ork Management Network management features include Upgrade Utilities and Upgrade Link, Web  
Features Link Enhancements, Autotargeting for SLA Monitoring/Remote Polling, Console  
Output in Telnet Sessions, Multiple SYSLOG Server Support, Audit Log Messaging  
Enhancements. and Domain Name Use in FTP and TFTP Commands.  
Upgrade Utilities & Upgrade Link  
With the upgrade utilities, you will be able to perform upgrades of all your  
Enterprise OS devices (NETBuilder, PathBuilder S5xx, and PathBuilder S400 devices)  
from an older version of software to a newer version. The version you can upgrade  
to will match your version of the upgrade utilities (for example, with the Upgrade  
Management Utilities version 11.4, you will be able to upgrade a device running  
8.x, 9.x, 10.x, 11.0, 11.1, or 11.2 to any version 9.x, 10.x, 11.0, 11.1, 11.2, 11.3  
or 11.4). Engineered to be reliable and simple to use, the utilities can be executed  
via command line, via the GUI-interface in Transcend® Upgrade Manager, or the  
GUI-interface in Upgrade Link, or via user-defined scripts.  
Enhancements to Upgrades Utilities version 11.4:  
File Transfers via HTTP  
Faster installation of Enterprise OS software images into Upgrade Manager for  
Windows95  
Flexibility of installing the upgrade files into a directory besides /usr/3Com  
Added support for PathBuilder S400 WAN convergence switches  
Web Link Enhancements  
Web Link is an embedded Web-based interface for management of the  
NETBuilder bridge/router (or PathBuilder S5xx tunnel switch starting with 11.1.1).  
Web Link is available on all router platforms running version 11.0 or later. To  
access Web Link, use Netscape 4.08 or later, or Internet Explorer 4.x or later.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
New Features and Feature Enhancements  
19  
Voice Wizard  
Starting with 11.2.2 and with enhancements made in 11.4 for the PathBuilder  
S400 WAN convergence switch, Web Link provides a new Wizard  
configuration tool to aid in the configuration of the voice parameters. The  
Voice Wizard eases the task of configuration by creating a dial plan that can be  
viewed and later edited.  
Performance Management  
Currently available statistics are:  
System Performance  
Interface Performance: physical path statistics and port and virtual port  
statistics  
Protocol Performance: Routing protocols  
IP Routing Protocol: Total IP packets and IP packets per interface  
IPX Routing Protocol: Total IPX packets  
IPX Packets Per Interface  
Frame Relay WAN Protocol  
New Statistics for 11.4  
VPN Performance: VPN tunnels and total active tunnels  
IPsec Performance: Encrypted packets, authenticated packets,  
encrypted-authenticated, packets and discarded packets  
Voice Performance  
Total Successful Calls  
Total Packets  
Total Bytes  
Autotargeting for SLA Monitoring/Remote Polling  
In 11.2, Remote Polling was introduced which provided a mechanism to  
periodically poll a list of up to 100 target devices. By pinging a target list of devices  
for connectivity, logs could be generated and statistics gathered to measure  
latency between devices and to determine service levels. Statistics could also be  
gathered using the 3Com remote polling MIB (3com0019.mib), which can give  
the statistical result of each poll. The MIB variables can be used with 3rd party  
applications, like InfoVista to provide service level monitoring, analysis, and  
reporting. A maximum of 100 target devices can be polled.  
In 11.4, the requirement to manually configure up to 100 target devices that the  
administrator remotely polls has been eliminated. Four predefined “target groups”  
will be used:  
RAS targets are automatically added when a RAS user session is established  
VLL targets are automatically added when a virtual leased line is configured  
Tunnel Peers including PPTP/L2TP/IPIP/DNL are automatically added  
Static targets can still be manually configured, if desired  
Download from Www.Somanuals.com. All Manuals Search And Download.  
20  
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES  
Console Output in Telnet Sessions  
With 11.4, all system messages can be displayed to a Telnet session as well as  
through a terminal attached to the local console port. Administrators will be able  
to view all important status messages from the Telnet session improving  
manageability.  
Audit Log Messaging Enhancements  
Many enhancements are added in the 11.4 release regarding the logging of  
events. These include:  
In previous releases, only one SYSLOG server on the network could be sent the  
audit log messages from an Enterprise OS device. With 11.4, the administrator  
can configure each Enterprise OS device to send it's audit log messages to up  
to six SYSLOG servers.  
In previous releases, only one SYSLOG server on the network could be sent the  
audit log messages from an Enterprise OS device. With 11.4, the administrator  
can configure each Enterprise OS device to send it's audit log messages to up  
to six SYSLOG servers.  
Persistent logging of events across reboots now available across all platforms.  
Previously this feature was available only for NETBuilder II and PathBuilder S5xx  
devices (those devices which could support the partial dump feature). With  
11.4, the partial dump feature is extended to the stackable devices  
(OfficeConnect NETBuilder, SuperStack II NETBuilder SI, and PathBuilder S400  
devices), so reasons for spontaneous failures will be logged both on the device  
and within audit log messages sent to the SYSLOG server(s).  
To provides a clearer understanding of audit log messages, the format of the  
messages has been changed. There is a different format for those messages  
sent to a SYSLOG server vs those saved on the device's local audit log buffer.  
Redundant information was removed and comprehensive definitions are  
provided. A field was added to indicate message severity (0-7 indicating  
Emergency, Alert, Critical, Error, Warning, Notice, Info, and Debug).  
Changes to audit log messages sent to SYSLOG server(s):  
For the SYSLOG messages, a unique message identifier (starting with 100)  
has been added. Specific services have been assigned a range of identifying  
numbers. For example, 100-199 identifies audit log file access status  
messages … dial history messages are 400-499 … IPsec messages are  
600-649 … and Web Link messages are 1400-1499.  
A new message format will have identifying labels. The new syntax is as  
follows:  
priority Seq:SeqNumber Sev:Severity From:Entity/Source Msg:Text  
Changes to audit log messages saved on the device's local audit log buffer:  
The new message format will have identifying labels. The new syntax is as  
follows:  
<priority> Seq:SeqNumber Date/Time Sev:Severity From:Entity/Source  
Msg:Text  
Audit Log Message Filters are now supported. In previous releases, all audit log  
messages were sent to the designated SYSLOG server. With 11.4, the  
administrator can set a LogFilter, whereby specific messages can be sent to  
specific SYSLOG servers. Messages can be filtered based on service, priority,  
Download from Www.Somanuals.com. All Manuals Search And Download.  
New Features and Feature Enhancements  
21  
message identifier(s) and /or SYSLOG server. The action to send all messages to  
the SYSLOG server is still the default when auditing is enabled.  
The audit log messages can also be sent out through an SNMP trap to be  
received by the configured SNMP trap manager(s).  
Domain Name Use in FTP and TFTP Commands  
Starting with 11.4, a domain name can be used in the FTP commands of GET and  
PUT, as well as the TFTP command of COpy to specify the name of the FTP or TFTP  
server. Previously, only the IP address of the FTP or TFTP server could be used for  
these commands. This function assumes that there is a Domain Name server on  
the network with the name/address mapping configured; the Enterprise OS device  
continues to act only as a FTP/TFTP client.  
Transcend VPN With more VPN management applications available and planned for the future,  
Application Suite Secure VPN Manager and the new PKI Manager tools have been bundled  
together–one part number to use for ordering, one CD-ROM to use for  
installation. The new package will be called Transcend VPN Application Suite.  
Secure VPN Manager version 2.2  
Secure VPN Manager is a graphical web-based network management tool that  
presents key information about your virtual private network (VPN). Secure VPN  
Manager provides the assistance necessary to monitor the VPN tunnels terminated  
by the NETBuilder bridge/router or the PathBuilder S5xx series of devices. These  
analyses are possible through the monitoring of the VPN tunnel established for  
remote access (client-to-LAN) connections) and site-to-site (LAN-to-LAN)  
connections. The application is supported only on the Windows NT Server  
platform currently.  
Secure VPN Manager supports the following Microsoft devices as tunnel initiators:  
Window 95 with Microsoft Windows 95 Dial-Up Networking 1.3 Upgrade or  
later  
Window NT with Service Pack 3 and above  
Secure VPN Manager supports the following 3Com devices as tunnel initiators and  
tunnel terminators:  
PathBuilder S5xx series devices running software version 11.3 or later  
NETBuilder bridge/routers running software version 11.3 or later  
PathBuilder S400 series devices software version 11.4 or later  
PKI Manager version 1.0  
PKI Manager is a graphical, management application to aid Enterprise OS devices  
in obtaining PKI certificates and Certificate Revocation Lists (CRLs) from various  
Certificate Authorities (CAs). PKI Manager works as a proxy between the device  
and the CA. It is responsible for collecting the certificate requests from the devices  
and generating the CA-specific certificate request syntax (CRS), which in turn is  
sent to the CA. Once the CA issues the certificate, PKI Manager will retrieve it  
from the CA and send it to the Enterprise OS device. The CAs that are supported  
with this first release are Verisign and Entrust. The application is supported only on  
the Windows NT Server platform currently.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
22  
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES  
Features of PKI Manager version 1.0  
Multi-Enterprise PKI Management: Administrators can use the application to  
manage multiple enterprises (or different business units of an enterprise)  
separately.  
Limited RA functionality: The application uses a proprietary Enrollment key  
mechanism to authenticate Enterprise OS devices.  
Certificate proxy: To eliminate the need of each device talking to the CA, PKI  
Manager negotiates the certificates from the CAs on behalf of the device. PKI  
Manager will receive a generic (PKCS#10) certificate request from the device  
and wrap it into a CA- specific CRS (for example, Versign uses PKCS#7). The  
certificate request will be sent to the CA using the protocol supported by the  
CA (for example, Verisign uses HTTP).  
Certificate Management: The administrator can view the CRLs and certificate  
status (for example, valid/about, expire/expired/revoke,  
requested/revoked/installed, or not installed) using the different views of the  
application.  
System Requirements for Secure VPN Manager version 2.2 and PKI  
Manager 1.0  
Computer: Pentium Processor with 300 MHz minimum clock, minimum 128  
MB of RAM, and minimum 4 GB hard disk space for initial installation &  
database storage  
Operating System: Microsoft Windows NT server 4.0 with Service Pack 3 or  
later, with the TCP/IP stack enabled. Microsoft Windows NT SNMP service  
loaded and active on the server  
Web Server for Secure VPN Manager: Netscape's FastTrack Web Server version  
3.x or Microsoft's Internet Information Server (IIS) version 3.0  
Client for Secure VPN Manager: Web browsers that supports Java applets,  
Netscape Navigator 4.08 or later  
Netscape Communicator 4.5.1 or later  
Microsoft Internet Explorer 4.01 or later  
Download from Www.Somanuals.com. All Manuals Search And Download.  
11.4 Software Packages  
23  
11.4 Softw are  
Packages  
The tables in this section list the features in the packages available in software  
version 11.4 for the NETBuilder and PathBuilder platforms.  
NETBuilder II The NETBuilder II bridge/routers are supported with the following packages:  
Bridge/Router  
AC–APPN Connection Services Router  
DW–Multiprotocol Router  
DLMultiprotocol Router with 40-bit Encryption  
DE–Multiprotocol Router with 56-bit Encryption  
DS–Multiprotocol Router with 128-bit Encryption and 3DES  
Table 1 lists the software features of each package for NETBuilder II bridge/routers.  
Table 1 NETBuilder II Software Features  
Softw are Packages  
AC  
DW  
DL  
DE  
DS  
Feature  
Voice Support (Analog)  
FXO  
FXS  
Voice/FAX over IP  
Voice/FAX over Frame Relay  
Core Features*  
X
X
X
X
X
X
X
X
X
X
Boundary Routing® central node  
Boundary Routing leaf node  
40-Bit Encryption (IPSec)  
56-Bit Encryption (IP Sec)  
128-Bit Encryption (IP Sec)  
IPCP  
X
X
X
X
X
x
IPv6/BGP  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
VRRP (Ethernet/FDDI/Token Ring)  
VRRP for DLSW  
X
X
X
X
X
X
X
X
X
VRRP over VLAN  
RSVP, RSVP Proxy  
Multicast IP, PIM, IGMP, MBR  
IP/OSI Connection Services  
IPX  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
XNS, OSI  
Appletalk  
VINES, DECnet, Ph-IV, Ph-IV/V GW  
DLSW  
X
NetView Service Point  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP  
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/ Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP),  
MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS, Bandwidth on  
Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
24  
Table 1 NETBuilder II Software Features (continued)  
Softw are Packages  
AC  
DW  
DL  
DE  
DS  
Feature  
BRITSS  
APPN  
LNM  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
LAA  
Token Ring in Fast Ethernet (IOS  
not supported)  
ISDN BRI  
X
X
X
X
X
X
X
X
X
X
ISDN PRI  
ISDN T1/E1  
ISDN CT1/CE1  
ISDN T3/E3  
ISDN CT3/CE3  
Data over Analog (Call Originate  
only)  
CSU/DSU Loopback  
SDLC/SHDLC/Polled Async/Bisync  
BSC Conversion  
QLLC/LLC2 Conversion  
Frame Relay  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SMDS  
X.25 Switching/Tunneling  
WANExtender  
MP6E Module  
Fast Ethernet 100Base  
ATM Module/ LANE  
PPPOE  
MPOA Server/Client  
ZMODEM Support in Software  
Flash Load  
LDAP Policy Engine/Client  
Auto Startup  
X
X
X
X
X
X
DES Crypto  
X
X
X
X
X
3DES /3DES 3 KEY  
RC5 Crypto  
X
X
X
MPPE/RC4  
X
X
IKE/IPsec - KEK/ISAKMP Tunnel  
Mode/Fast Tunnel/Policy UI/Policy  
Manager, IPPCP  
IP/IPX RAS, Radius, traps  
X
X
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP  
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/ Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP),  
MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS, Bandwidth on  
Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
11.4 Software Packages  
25  
Table 1 NETBuilder II Software Features (continued)  
Softw are Packages  
AC  
DW  
DL  
DE  
DS  
Feature  
MS-CHAP  
X
X
X
X
X
X
X
X
X
EAP Authentication  
X
X
VPN/PPTP/L2TP/L2TP (FP) Tunnel  
Switch PPTP/L2TP (R2R, VLL)  
X
X
IP (Routing, FireWall, NAT, Proxy,  
ARP, DHCP, DHCP Proxy, Traffic  
Director, Internal IP Ports, IPQoS)  
X
X
X
X
IP OSPF  
X
X
X
X
X
IPX NLSP  
Virtual Ports  
X
X
X
X
X
512  
512  
512  
512  
512  
Restricted Number of DHCP  
Addresses  
Max Physical Voice Ports  
Max Physical Data Ports  
Memory Requirements  
DRAM  
128  
128  
128  
128  
128  
40/80 MB  
10 MB  
40/80 MB 40/80 MB  
40/80 MB  
10 MB  
40/80 MB  
10 MB  
10 MB  
10 MB  
Flash memory (Minimum required  
for Enterprise OS 11.4)  
20 MB  
20 MB  
20 MB  
20 MB  
20 MB  
Flash memory (Minimum required  
for Dual Images)  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP  
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/ Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP),  
MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS, Bandwidth on  
Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
NETBuilder II Firmw are Requirements  
The NETBuilder II I/O modules require firmware upgrades to support the Enterprise  
OS software version 11.4 (see Table 2 for firmware requirements).  
You can determine your I/O module firmware version through the software by  
entering:  
SHow -SYS IOI  
Table 2 NETBuilder II Firmware Requirements  
Module  
11.4 Firmw are Version Strings  
FW/DPE-BOOT1,1.7  
DPE  
FW/DPE-BOOT2,1.7  
MP Ethernet 6-port  
Fast Ethernet 100Base  
8-port HSS BRI  
FW/6ETH-FW,1.4.0.70  
FW/ETH100-FW,1.9  
FW/8BRI-FW,1.5  
MP ATMLink  
FW/ATM-FW,1.1.0.70  
FW/HSS3-V35,1.1.11  
FW/HSS3-449,1.1.11  
FW/HSS3-232,1.1.11  
FW/4PORTWAN-FW,1.5  
HSS 3-port (V.35)  
HSS 3-port (RS-449)  
HSS 3-port (RS-232)  
HSS 4-port  
Download from Www.Somanuals.com. All Manuals Search And Download.  
26  
SuperStack II SuperStack II NETBuilder SI bridge/routers are supported with the following  
NETBuilder SI packages:  
BF– Boundary Router  
NW–IP/IPX/AT Router  
NE– IP/IPX/AT Router with 56-bit Encryption  
NS–IP/IPX/AT Router with 128-bit Encryption and 3DES  
CFMultiprotocol Router]  
CLMultiprotocol Router with 40-bit Encryption  
CEMultiprotocol Router with 56-bit Encryption  
CS–Multiprotocol Router with 128-bit Encryption and 3DES  
AX–APPN/Connection Services  
Table 3 lists the software features of each package for SuperStack II SI  
bridge/routers.  
Table 3 SuperStack II NETBuilder SI Software Features  
Softw are Packages  
BF  
NW  
NE  
NS  
CF  
CL  
CE  
CS  
AX  
Feature  
Voice Support (Analog)  
FXO  
FXS  
Voice/FAX over IP  
Voice/FAX over Frame Relay  
Core Features*  
X
X
X
X
X
X
X
X
X
X
X
X
Boundary Routing® central node  
Boundary Routing leaf node  
40-Bit Encryption (IPSec)  
56-Bit Encryption (IP Sec)  
128-Bit Encryption (IP Sec)  
IPCP  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
IPv6/BGP  
VRRP (Ethernet/FDDI/Token Ring)  
VRRP for DLSW  
X
X
X
X
X
X
VRRP over VLAN  
X
X
X
X
X
X
RSVP, RSVP Proxy  
Multicast IP, PIM, IGMP, MBR  
IP/OSI Connection Services  
IPX  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
XNS, OSI  
Appletalk  
VINES, DECnet, Ph-IV, Ph-IV/V GW  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP  
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,  
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
11.4 Software Packages  
27  
Table 3 SuperStack II NETBuilder SI Software Features (continued)  
Softw are Packages  
BF  
NW  
NE  
NS  
CF  
CL  
CE  
CS  
AX  
Feature  
DLSW  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
NetView Service Point  
BRITSS  
APPN  
LNM  
X
LAA  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Token Ring in Fast Ethernet (IOS  
not supported)  
ISDN BRI  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
ISDN PRI  
ISDN T1/E1  
ISDN CT1/CE1  
ISDN T3/E3  
ISDN CT3/CE3  
Data over Analog (Call Originate  
only)  
X
X
X
X
X
X
X
X
X
X
X
X
CSU/DSU Loopback  
SDLC/SHDLC/Polled Async/Bisync  
BSC Conversion  
QLLC/LLC2 Conversion  
Frame Relay  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SMDS  
X.25 Switching/Tunneling  
WANExtender  
X
X
MP6E Module  
Fast Ethernet 100Base  
ATM Module/ LANE  
PPPOE  
X
X
X
X
X
X
X
X
MPOA Server/Client  
ZMODEM Support in Software  
Flash Load  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
LDAP Policy Engine/Client  
Auto Startup  
X
DES Crypto  
3DES /3DES 3 KEY  
RC5 Crypto  
X
X
X
MPPE/RC4  
X
X
X
X
IKE/IPsec - KEK/ISAKMP Tunnel  
Mode/Fast Tunnel/Policy UI/Policy  
Manager, IPPCP  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP  
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,  
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
28  
Table 3 SuperStack II NETBuilder SI Software Features (continued)  
Softw are Packages  
BF  
NW  
NE  
NS  
CF  
CL  
CE  
CS  
AX  
Feature  
IP/IPX RAS, Radius, traps  
MS-CHAP  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
EAP Authentication  
X
X
VPN/PPTP/L2TP/L2TP (FP) Tunnel  
Switch PPTP/L2TP (R2R, VLL)  
X
X
X
X
IP (Routing, FireWall, NAT, Proxy,  
ARP, DHCP, DHCP Proxy, Traffic  
Director, Internal IP Ports, IPQoS)  
X
X
X
X
X
X
IP OSPF  
X
X
X
X
X
X
X
X
IPX NLSP  
Virtual Ports  
X
X
X
X
X
X
X
X
48  
48  
48  
48  
48  
48  
48  
48  
48  
Restricted Number of DHCP  
Addresses  
Max Physical Voice Ports  
Memory Requirements  
DRAM  
16 MB  
8 MB  
16 MB  
8 MB  
16 MB  
8 MB  
16 MB  
8 MB  
24 MB  
12 MB  
24 MB  
12 MB  
24 MB  
12 MB  
24 MB  
12 MB  
16 MB  
12 MB  
Flash memory (Minimum required  
for Enterprise OS 11.4)  
8 MB  
8 MB  
8 MB  
8 MB  
12 MB  
12 MB  
12 MB  
12 MB  
12 MB  
Flash memory (Minimum required  
for Dual Images)  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP  
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,  
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
11.4 Software Packages  
29  
PathBuilder S5xx Series The PathBuilder S5xx Series Switches support the following software packages:  
Sw itch  
PW–Multiprotocol Router  
PE–Multiprotocol Router with 56-bit Encryption  
PLMultiprotocol Router with 40-bit Encryption  
PS–Multiprotocol Router with 128-bit Encryption and 3DES  
Table 4 lists the software features in each package for the PathBuilder S5xx series  
switches.  
Table 4 PathBuilder S5xx Series Switches Software Features  
Softw are Package  
PW  
PL  
PE  
PS  
Feature  
Voice Support (Analog)  
FXO  
FXS  
Voice/FAX over IP  
Voice/FAX over Frame Relay  
Core Features*  
X
X
X
X
X
X
X
X
Boundary Routing® central node  
Boundary Routing leaf node  
40-Bit Encryption (IPSec)  
56-Bit Encryption (IP Sec)  
128-Bit Encryption (IP Sec)  
IPCP  
X
X
X
X
X
X
IPv6/BGP  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
VRRP (Ethernet/FDDI/Token Ring)  
VRRP for DLSW  
VRRP over VLAN  
RSVP, RSVP Proxy  
Multicast IP, PIM, IGMP, MBR  
IP/OSI Connection Services  
IPX  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
XNS, OSI  
Appletalk  
VINES, DECnet, Ph-IV, Ph-IV/V GW  
DLSW  
NetView Service Point  
BRITSS  
APPN  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP  
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link Health Monitor/ HTTP client, PPP  
(PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS,  
Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP  
tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
30  
Table 4 PathBuilder S5xx Series Switches Software Features (continued)  
Softw are Package  
PW  
PL  
PE  
PS  
Feature  
LNM  
LAA  
X
X
X
X
X
X
X
X
Token Ring in Fast Ethernet (IOS  
not supported)  
ISDN BRI  
ISDN PRI  
X
X
X
X
X
X
X
X
ISDN T1/E1  
ISDN CT1/CE1  
ISDN T3/E3  
ISDN CT3/CE3  
X
X
X
X
Data over Analog (Call Originate  
only)  
CSU/DSU Loopback  
SDLC/SHDLC/Polled Async/Bisync  
BSC Conversion  
QLLC/LLC2 Conversion  
Frame Relay  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SMDS  
X.25 Switching/Tunneling  
WANExtender  
MP6E Module  
Fast Ethernet 100Base  
ATM Module/ LANE  
PPPOE  
X
X
X
X
X
X
X
X
MPOA Server/Client  
ZMODEM Support in Software  
Flash Load  
X
X
X
X
X
X
X
X
LDAP Policy Engine/Client  
Auto Startup  
DES Crypto  
X
X
X
X
X
X
3DES /3DES 3 KEY  
RC5 Crypto  
X
X
X
MPPE/RC4  
X
IKE/IPsec - KEK/ISAKMP Tunnel  
Mode/Fast Tunnel/Policy UI/Policy  
Manager, IPPCP  
IP/IPX RAS, Radius, traps  
MS-CHAP  
X
X
X
X
X
X
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP  
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link Health Monitor/ HTTP client, PPP  
(PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS,  
Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP  
tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
11.4 Software Packages  
31  
Table 4 PathBuilder S5xx Series Switches Software Features (continued)  
Softw are Package  
PW  
PL  
PE  
PS  
Feature  
EAP Authentication  
X
X
X
X
X
X
X
X
VPN/PPTP/L2TP/L2TP (FP) Tunnel  
Switch PPTP/L2TP (R2R, VLL)  
IP (Routing, FireWall, NAT, Proxy,  
ARP, DHCP, DHCP Proxy, Traffic  
Director, Internal IP Ports, IPQoS)  
X
X
X
X
IP OSPF  
X
X
X
X
IPX NLSP  
X
X
X
X
Virtual Ports  
2048  
2048  
2048  
2048  
Max Physical Voice Ports  
Max Physical Data Ports  
Memory Requirements  
DRAM  
18  
18  
18  
18  
160 MB  
16 MB  
160 MB  
16 MB  
160 MB  
16 MB  
160 MB  
16 MB  
Flash memory (Minimum  
required for Enterprise OS  
11.4)  
Flash memory (Minimum  
required for Dual Images)  
16 MB  
16 MB  
16 MB  
16 MB  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP  
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link Health Monitor/ HTTP client, PPP  
(PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS,  
Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP  
tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
32  
PathBuilder S400 Series The PathBuilder S400 series switches support the following software packages:  
Sw itches  
XWIP/IPX/AT Data/Voice Router  
XEIP/IPX/AT Data/Voice Router with 56-bit Encryption  
XLIP/IPX/AT Data/Voice Router with 40-bit Encryption  
XS-IP/IPX/AT Data/Voice Router with 128-bit Encryption and 3DES  
MW–Multiprotocol Data/Voice Router  
MEMultiprotocol Router with 56-bit Encryption  
MLMultiprotocol Router with 40-bit Encryption  
MS–Multiprotocol Router with 128-bit Encryption and 3DES  
Table 5 lists the software features in each package for the PathBuilder S400 series  
switches.  
Table 5 PathBuilder S400 Series Switches Software Features  
Softw are Package  
XW  
XL  
XE  
XS  
MW  
ML  
ME  
MS  
Feature  
Voice Support (Analog)  
FXO  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
FXS  
Voice/FAX over IP  
Voice/FAX over Frame Relay  
Core Features*  
Boundary Routing® central node  
Boundary Routing leaf node  
40-Bit Encryption (IPSec)  
56-Bit Encryption (IP Sec)  
128-Bit Encryption (IP Sec)  
IPCP  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
IPv6/BGP  
VRRP (Ethernet/FDDI/Token Ring)  
VRRP for DLSW  
X
VRRP over VLAN  
RSVP, RSVP Proxy  
Multicast IP, PIM, IGMP, MBR  
IP/OSI Connection Services  
IPX  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
XNS, OSI  
Appletalk  
VINES, DECnet, Ph-IV, Ph-IV/V GW  
DLSW  
NetView Service Point  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP  
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,  
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
11.4 Software Packages  
33  
Table 5 PathBuilder S400 Series Switches Software Features (continued)  
Softw are Package  
XW  
XL  
XE  
XS  
MW  
ML  
ME  
MS  
Feature  
BRITSS  
APPN  
LNM  
X
X
X
X
LAA  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Token Ring in Fast Ethernet (IOS  
not supported)  
ISDN BRI  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
ISDN PRI  
ISDN T1/E1  
ISDN CT1/CE1  
ISDN T3/E3  
ISDN CT3/CE3  
Data over Analog (Call Originate  
only)  
X
X
X
X
X
X
X
X
X
X
X
X
CSU/DSU Loopback  
SDLC/SHDLC/Polled Async/Bisync  
BSC Conversion  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
QLLC/LLC2 Conversion  
Frame Relay  
X
X
X
X
X
X
X
X
X
X
X
X
SMDS  
X.25 Switching/Tunneling  
WANExtender  
MP6E Module  
Fast Ethernet 100Base  
ATM Module/ LANE  
PPPOE  
X
X
X
X
X
X
X
X
MPOA Server/Client  
ZMODEM Support in Software  
Flash Load  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
LDAP Policy Engine/Client  
Auto Startup  
DES Crypto  
3DES /3DES 3 KEY  
RC5 Crypto  
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP  
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,  
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
34  
Table 5 PathBuilder S400 Series Switches Software Features (continued)  
Softw are Package  
XW  
XL  
XE  
XS  
MW  
ML  
ME  
MS  
Feature  
MPPE/RC4  
X
X
X
X
X
IP/IPX RAS, Radius, traps  
X
X
X
X
X
X
X
X
X
X
IKE/IPsec - KEK/ISAKMP Tunnel  
Mode/Fast Tunnel/Policy UI/Policy  
Manager, IPPCP  
MS-CHAP  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
EAP Authentication  
VPN/PPTP/L2TP/L2TP (FP) Tunnel  
Switch PPTP/L2TP (R2R, VLL)  
X
X
X
X
X
X
IP (Routing, FireWall, NAT, Proxy,  
ARP, DHCP, DHCP Proxy, Traffic  
Director, Internal IP Ports, IPQoS)  
X
X
X
X
X
X
X
X
X
X
IP OSPF  
X
IPX NLSP  
Virtual Ports  
256  
12  
256  
12  
256  
12  
256  
12  
256  
12  
256  
12  
256  
12  
256  
12  
Max Physical Voice Ports  
Memory Requirements  
DRAM  
32 MB 32 MB 32 MB 32 MB  
64 MB  
16 MB  
64 MB  
16 MB  
64 MB  
16 MB  
64 MB  
16 MB  
Flash memory (Minimum required 16 MB 16 MB 16 MB 16 MB  
for Enterprise OS 11.4)  
Flash memory (Minimum required 16 MB 16 MB 16 MB 16 MB  
for Dual Images)  
16 MB  
16 MB  
16 MB  
16 MB  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP  
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,  
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
OfficeConnect The OfficeConnect NETBuilder bridge/routers support the following software  
NETBuilder packages for the specified models:  
Bridge/Routers  
JW–IP/IPX Router  
JE–IP/IPX Router with 56-bit encryption  
JS–IP/IPX Router with 128-bit encryption and 3DES  
BFBoundary Routing  
NW–IP/IPX/AT Router  
NE–IP/IPX/AT Router with 56-bit Encryption  
NS–IP/IPX/AT Router with 128-bit Encryption and 3DES  
AF–APPN Router  
OFMultiprotocol Router  
OEMultiprotocol Router with 56-bit Encryption  
OLMultiprotocol Router with 40-bit Encryption  
OS–Multiprotocol Router with 128-bit Encryption and 3DES  
Download from Www.Somanuals.com. All Manuals Search And Download.  
11.4 Software Packages  
35  
Table 6 lists the software features in each package for the OfficeConnect  
NETBuilder bridge/routers.  
Table 6 OfficeConnect NETBuilder Bridge/Router Software Features  
Softw are Packages  
JW  
JE  
JS  
BF  
NW NE  
NS  
AF  
OF  
OL  
OE  
OS  
Feature  
Voice Support (Analog)  
FXO  
FXS  
Voice/FAX over IP  
Voice/FAX over Frame Relay  
Core Features*  
Boundary Routing® central node  
Boundary Routing leaf node  
40-Bit Encryption (IPSec)  
56-Bit Encryption (IP Sec)  
128-Bit Encryption (IP Sec)  
IPCP  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
IPv6/BGP  
VRRP (Ethernet/FDDI/Token Ring)  
VRRP for DLSW  
VRRP over VLAN  
RSVP, RSVP Proxy  
Multicast IP, PIM, IGMP, MBR  
IP/OSI Connection Services  
IPX  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
XNS, OSI  
Appletalk  
VINES, DECnet, Ph-IV, Ph-IV/V GW  
DLSW  
X
X
NetView Service Point  
BRITSS  
APPN  
X
LNM  
LAA  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Token Ring in Fast Ethernet (IOS  
not supported)  
X
X
X
X
X
X
X
X
ISDN BRI  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
ISDN PRI  
ISDN T1/E1  
ISDN CT1/CE1  
ISDN T3/E3  
X
X
X
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP  
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,  
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
36  
Table 6 OfficeConnect NETBuilder Bridge/Router Software Features (continued)  
Softw are Packages  
JW  
JE  
JS  
BF  
NW NE  
NS  
AF  
OF  
OL  
OE  
OS  
Feature  
ISDN CT3/CE3  
Data over Analog (Call Originate  
only)  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
CSU/DSU Loopback  
SDLC/SHDLC/Polled Async/Bisync  
BSC Conversion  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
QLLC/LLC2 Conversion  
Frame Relay  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SMDS  
X.25 Switching/Tunneling  
WANExtender  
MP6E Module  
Fast Ethernet 100Base  
ATM Module/ LANE  
PPPOE  
MPOA Server/Client  
ZMODEM Support in Software  
Flash Load  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
LDAP Policy Engine/Client  
Auto Startup  
X
X
X
X
X
X
IKE/IPsec - KEK/ISAKMP Tunnel  
Mode/Fast Tunnel/Policy UI/Policy  
Manager, IPPCP  
DES Crypto  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
3DES /3DES 3 KEY  
RC5 Crypto  
X
X
X
X
X
X
X
X
X
X
X
X
MPPE/RC4  
X
X
X
X
X
X
IP/IPX RAS, Radius, traps  
MS-CHAP  
X
X
X
X
X
EAP Authentication  
X
X
X
X
VPN/PPTP/L2TP/L2TP (FP) Tunnel  
Switch PPTP/L2TP (R2R, VLL)  
X
X
X
X
IP (Routing, FireWall, NAT, Proxy,  
ARP, DHCP, DHCP Proxy, Traffic  
Director, Internal IP Ports, IPQoS)  
X
X
X
X
X
X
X
X
X
IP OSPF  
X
X
X
X
X
X
X
X
IPX NLSP  
Virtual Ports  
X
X
X
X
X
X
X
X
10  
10  
10  
28  
28  
28  
28  
28  
28  
28  
28  
28  
Restricted Number of DHCP  
Addresses  
256  
256  
256  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP  
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,  
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
11.4 Software Packages  
37  
Table 6 OfficeConnect NETBuilder Bridge/Router Software Features (continued)  
Softw are Packages  
JW  
JE  
JS  
BF  
NW NE  
NS  
AF  
OF  
OL  
OE  
OS  
Feature  
Max Physical Voice Ports  
Memory Requirements  
DRAM  
16 MB  
4 MB  
16 MB 16 MB 16 MB 16 MB 16 MB 16 MB 16 MB 16 MB 16 MB  
16 MB  
8 MB  
16 MB  
8 MB  
4 MB  
4 MB  
4 MB 8 MB 8 MB 8 MB 8 MB  
8 MB  
8 MB  
Flash memory (Minimum required  
for Enterprise OS 11.4)  
8 MB  
8MB  
8 MB  
8 MB 12 MB 12 MB 12 MB 12 MB 12 MB 12 MB  
12 MB  
12 MB  
Flash memory (Minimum required  
for Dual Images)  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP  
Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner,  
SLAMS, Bandwidth on Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
OfficeConnect The OfficeConnect NETBuilder 10/ST bridge/router supports the following  
NETBuilder 10/ST software packages:  
RW–Multiprotocol Router  
REMultiprotocol Router with 56-bit Encryption  
RS–Multiprotocol Router with 128-bit Encryption and 3DES  
Table 7 lists the software features in each package for OfficeConnect NETBuilder  
10/ST bridge/router.  
Table 7 OfficeConnect NETBuilder 10/ST Bridge/Router Software Features  
Softw are Packages  
RW  
RE  
RS  
Feature  
Voice Support (Analog)  
FXO  
FXS  
Voice/FAX over IP  
Voice/FAX over Frame Relay  
Core Features*  
X
X
X
Boundary Routing® central node  
Boundary Routing leaf node  
40-Bit Encryption (IPSec)  
56-Bit Encryption (IP Sec)  
128-Bit Encryption (IP Sec)  
X
X
X
X
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS  
Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link  
Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and  
ASCII Capture, Login Banner, SLAMS, Bandwidth on Demand/incoming, SLAM  
Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
38  
Table 7 OfficeConnect NETBuilder 10/ST Bridge/Router Software Features (continued)  
Softw are Packages  
RW  
RE  
RS  
Feature  
IPCP  
X
X
X
IPv6/BGP  
VRRP (Ethernet/FDDI/Token Ring)  
VRRP for DLSW  
VRRP over VLAN  
RSVP, RSVP Proxy  
Multicast IP, PIM, IGMP, MBR  
IP/OSI Connection Services  
IPX  
X
X
X
XNS, OSI  
Appletalk  
VINES, DECnet, Ph-IV, Ph-IV/V GW  
DLSW  
NetView Service Point  
BRITSS  
APPN  
LNM  
LAA  
Token Ring in Fast Ethernet (IOS  
not supported)  
X
X
X
X
X
X
ISDN BRI  
ISDN PRI  
ISDN T1/E1  
ISDN CT1/CE1  
ISDN T3/E3  
ISDN CT3/CE3  
X
X
X
Data over Analog (Call Originate  
only)  
X
X
X
X
X
X
CSU/DSU Loopback  
SDLC/SHDLC/Polled Async/Bisync  
BSC Conversion  
QLLC/LLC2 Conversion  
Frame Relay  
SMDS  
X.25 Switching/Tunneling  
WANExtender  
MP6E Module  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS  
Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link  
Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and  
ASCII Capture, Login Banner, SLAMS, Bandwidth on Demand/incoming, SLAM  
Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
11.4 Software Packages  
39  
Table 7 OfficeConnect NETBuilder 10/ST Bridge/Router Software Features (continued)  
Softw are Packages  
RW  
RE  
RS  
Feature  
Fast Ethernet 100Base  
ATM Module/ LANE  
PPPOE  
MPOA Server/Client  
ZMODEM Support in Software  
Flash Load  
X
X
X
X
X
X
LDAP Policy Engine/Client  
Auto Startup  
X
X
X
X
IKE/IPsec - KEK/ISAKMP Tunnel  
Mode/Fast Tunnel/Policy UI/Policy  
Manager, IPPCP  
DES Crypto  
X
X
3DES /3DES 3 KEY  
RC5 Crypto  
MPPE/RC4  
X
X
X
X
X
IP/IPX RAS, Radius, traps  
MS-CHAP  
X
X
X
EAP Authentication  
VPN/PPTP/L2TP/L2TP (FP) Tunnel  
Switch PPTP/L2TP (R2R, VLL)  
X
X
IP (Routing, FireWall, NAT, Proxy,  
ARP, DHCP, DHCP Proxy, Traffic  
Director, Internal IP Ports, IPQoS)  
X
X
IP OSPF  
IPX NLSP  
Virtual Ports  
5
5
5
Restricted Number of DHCP  
Addresses  
50  
50  
50  
Max Physical Voice Ports  
Max Physical Data Ports  
Memory Requirements  
DRAM  
16 MB  
16 MB  
4 MB  
16 MB  
4 MB  
Flash memory (Minimum required 4 MB  
for Enterprise OS 11.4)  
Flash memory (Minimum required 8 MB  
for Dual Images)  
8 MB  
8 MB  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS  
Authentication, IP RIP, IP RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link  
Health Monitor/ HTTP client, PPP (PAP/CHAP), MLP, CCP, X.25, Dial, ASCII Boot and  
ASCII Capture, Login Banner, SLAMS, Bandwidth on Demand/incoming, SLAM  
Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
40  
SuperStack II NETBuilder SuperStack II Token Ring bridge/routers support the following packages for the  
Token Ring specified models.  
CFMultiprotocol Router  
TEMultiprotocol Router with 56-bit encryption  
Table 8 lists software features for each package for the SuperStack II Token Ring  
bridge/routers.  
Table 8 SuperStack II NETBuilder Token Ring Software Features  
Softw are Package  
CF for  
TE for  
CF for  
TE for  
Feature  
model 327 model 327  
model 527 model 527  
Voice Support (Analog)  
FXO  
FXS  
Voice/FAX over IP  
Voice/FAX over Frame Relay  
Core Features*  
Boundary Routing® central node  
Boundary Routing leaf node  
40-Bit Encryption (IPSec)  
56-Bit Encryption (IP Sec)  
128-Bit Encryption (IP Sec)  
IPCP  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
IPv6/BGP  
VRRP (Ethernet/FDDI/Token Ring)  
VRRP for DLSW  
VRRP over VLAN  
RSVP, RSVP Proxy  
Multicast IP, PIM, IGMP, MBR  
IP/OSI Connection Services  
IPX  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
XNS, OSI  
Appletalk  
VINES, DECnet, Ph-IV, Ph-IV/V GW  
DLSW  
NetView Service Point  
BRITSS  
X
X
X
X
APPN  
LNM  
LAA  
X
X
X
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP  
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP),  
MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS, Bandwidth on  
Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
11.4 Software Packages  
41  
Table 8 SuperStack II NETBuilder Token Ring Software Features (continued)  
Softw are Package  
CF for  
TE for  
CF for  
TE for  
Feature  
model 327 model 327  
model 527 model 527  
Token Ring in Fast Ethernet (IOS  
not supported)  
ISDN BRI  
X
X
ISDN PRI  
ISDN T1/E1  
ISDN CT1/CE1  
ISDN T3/E3  
ISDN CT3/CE3  
Data over Analog (Call Originate  
only)  
X
X
X
X
CSU/DSU Loopback  
SDLC/SHDLC/Polled Async/Bisync  
BSC Conversion  
QLLC/LLC2 Conversion  
Frame Relay  
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SMDS  
X.25 Switching/Tunneling  
WANExtender  
MP6E Module  
Fast Ethernet 100Base  
ATM Module/ LANE  
PPPOE  
MPOA Server/Client  
ZMODEM Support in Software  
Flash Load  
X
X
X
X
X
X
X
X
X
X
X
X
LDAP Policy Engine/Client  
Auto Startup  
DES Crypto  
3DES /3DES 3 KEY  
RC5 Crypto  
X
X
MPPE/RC4  
IKE/IPsec - KEK/ISAKMP Tunnel  
Mode/Fast Tunnel/Policy UI/Policy  
Manager, IPPCP  
IP/IPX RAS, Radius, traps  
MS-CHAP  
EAP Authentication  
VPN/PPTP/L2TP/L2TP (FP) Tunnel  
Switch PPTP/L2TP (R2R, VLL)  
X
X
X
X
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP  
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP),  
MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS, Bandwidth on  
Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
42  
Table 8 SuperStack II NETBuilder Token Ring Software Features (continued)  
Softw are Package  
CF for  
TE for  
CF for  
TE for  
Feature  
model 327 model 327  
model 527 model 527  
IP (Routing, FireWall, NAT, Proxy,  
ARP, DHCP, DHCP Proxy, Traffic  
Director, Internal IP Ports, IPQos)  
X
X
X
X
IP OSPF  
X
X
X
X
IPX NLSP  
X
X
X
X
Virtual Ports  
28  
28  
28  
28  
Max Physical Voice Ports  
Max Physical Data Ports  
Memory Requirements  
DRAM  
18  
18  
18  
18  
12 MB  
4 MB  
12 MB  
4 MB  
12 MB  
4 MB  
12 MB  
4 MB  
Flash memory (Minimum  
required for Enterprise OS  
11.4)  
Flash memory (Minimum  
required for Dual Images)  
8 MB  
8 MB  
8 MB  
8 MB  
* Core Features include: Bridging (MLN & SRTG in NBII), Telnet, RADIUS Authentication, IP RIP, IP  
RIPv2/NTP, FTP, TFTP, HTTP Server/Web Link/Web Link Health Monitor/ HTTP client, PPP (PAP/CHAP),  
MLP, CCP, X.25, Dial, ASCII Boot and ASCII Capture, Login Banner, SLAMS, Bandwidth on  
Demand/incoming, SLAM Autotargeting, Domain Name Support, NHRP for IP tunnels.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Upgrade Management Utilities  
43  
Upgrade Management  
Utilities  
This section includes information about Enterprise OS software version 11.4  
Upgrade Management Utilities. The Upgrade Management Utilities can be  
executed using the command line, via the GUI-interface in Transcend Upgrade  
Manager, the GUI-interface in Upgrade Link, or via user-defined scripts.  
The Enterprise OS software version 11.4 Upgrade Management Utilities support  
upgrades from NETBuilder bridge/routers running version 8.x through 11.4. If you  
need to upgrade from version 7.x to 11.4, you need to perform the upgrade in  
two steps. The first step requires upgrading from 7.x to 9.3.1. After the NETBuilder  
bridge/router configuration files have been converted to 9.3.1, they can then be  
further upgraded to support the 11.4 release. The 9.3.1 Upgrade Utilities and  
manual are available on the 3Com InfoDeli website.  
Dow nloading Upgrade The Upgrade Management Utilities are shipped on the CD-ROM with every  
Management Utilities Enterprise OS software release. In addition, these utilities can be downloaded from  
the FTP site (ftp.3com.com), from the World Wide Web access through  
Software Downloads, System Software.  
UNIX Files The Upgrade Management Utilities are UNIX les compressed with the UNIX  
compression utility. To use the downloaded files, you must first expand the files  
using the UNIX expansion utility. For instructions on how to download and expand  
the utilities, see the ruu114.txt file.  
The UNIX files are as follows:  
ruusol114.Z Contains the UNIX-compressed Upgrade Management Utilities for  
the Solaris 2.5 platforms.  
ruuhp114.Z Contains the UNIX-compressed Upgrade Management Utilities for  
the HP-UX 10.x platforms.  
ruuaix114.Z Contains the UNIX-compressed Upgrade Management Utilities for  
the IBM AIX 4.1.1 through 4.2.X platforms.  
ruu114.txt  
Contains the instructions for downloading and expanding the  
Upgrade Management Utilities and Upgrade Link. This file also  
contains instructions on how to integrate the utilities into the  
Transcend Network Control Services application.  
Window s Files The Upgrade Management Utilities are Windows files compressed with a  
compression utility. To use the downloaded files, you must first expand them using  
the decompress utility PKUNZip. PKUNZip can be downloaded from the following  
URLs:  
or  
For instructions on how to decompress and install the utilities, see the  
ruu114.txt file.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
44  
The Windows files are as follows:  
ruu114.zip Contains the compressed Upgrade Management Utilities for  
Windows95/98 and Windows NT platforms.  
ruu114.txt Contains the instructions for downloading and expanding the  
Upgrade Management Utilities and Upgrade Link. This file also  
contains instructions on how to integrate the utilities into the  
Transcend Network Control Services Manager application.  
Executing When using the Upgrade Management Utilities from a Windows command line,  
profile.bat you must execute the profile.bat (/user/3com/common/data/profile.bat) file. This  
file sets up the path to \usr\3com\common\bin where the utilities reside.  
Alternatively you can reboot your system so that the changed in the a  
autoexec.bat file can take effect.  
Version 11.4 Upgrade The upgrade utilities, can be integrated into Transcend Network Control Services  
Management Utilities Manager for Windows 95 version 6.1, and Transcend Network Control Services  
Manager for Windows NT are available for use on Windows 95 and Windows NT  
platforms. These utilities can also be integrated into Transcend Enterprise Manager  
for UNIX version 4.2.1 and 4.2.2 and are shipped preinstalled in Transcend  
Network Control Services for UNIX 5.0. The utilities are pre-shipped with  
Transcend Network Control Services for Windows version 6.2 and Windows NT  
1.1. The Upgrade Management Utilities are designed to work with or without  
Transcend Network Control Services Manager Network Admin Tools. See  
Upgrading Enterprise OS Software for details about integrating the Upgrade  
Management Utilities into the Transcend Network Control Services Manager.  
Upgrading to 11.4 The proper installation order for integrating the Upgrade Management Utilities  
Utilities w ith Transcend into Transcend is:  
Upgrade Manager  
1 Stop Transcend.  
2 Install the Upgrade Management Utilities using bcmsetup. Do this if Transcend  
does not have the Upgrade Management Utilities bundled or if you want to install  
a newer version of the Upgrade Management Utilities.  
3 Start Transcend. The Transcend Upgrade Manager, Baseline Manager, and Alarm  
Manager will then support the latest Enterprise OS software version.  
Transcend Enterprise The following notes apply to users of the Transcend network management  
Manager application.  
BCMUSETFTP Environment Variable  
Transcend Enterprise Manager for Windows and Transcend Enterprise Manager for  
UNIX 4.x users should set the BCMUSETFTP environment variable to 1 to force the  
Upgrade Management Utilities to use TFTP le transfer during upgrading. The  
environment variable can be set by executing or adding the following line to the  
autoexec.bat or .login file:  
set BCMUSETFTP=1  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Upgrade Management Notes  
45  
EncryptionLicenseRead Environment Variable  
Transcend Enterprise Manager for Windows Upgrade Manager and Transcend  
Enterprise Manager for UNXI Upgrade Manager 4.2.x will not allow you to  
upgrade 3Com NETBuilder bridge/routers with encryption technology unless you  
set the EncryptionLicenseRead environment variable to 1. Setting this variable  
implies that you have read and agree to the export regulations enforced by the US  
Department of Commerce. This environment variable can be set by executing or  
adding the following line to the autoexec.bat or .login file:  
set EncryptionLicenseRead=1  
Upgrade Management  
Notes  
This section contains known upgrade management issues.  
bcmdiagnose Error When you execute bcmdiagnose on HP-UX and the TFTP server is configured to  
Message use the Safe Directory method, the error message “No TFTP user found in  
/etc/passwd. You must add an entry” can be ignored.  
Installation of a new version of the Remote Upgrade Utilities onto a UNIX NMS  
saves an existing /usr/3Com/bcmutil.conf, into /etc/3Com/bcmutil.conf.backup.  
This file is used by the Transcend Enterprise Manager for UNIX (TEM/U). If a user  
has made modifications to this file, they must either restore their original file or  
add the changes to the new file.  
If you are using the Remote Upgrade Utilities in stand-alone mode or with the  
Transcend Enterprise Manager for UNIX (TEM/U), you can specify SNMP  
community strings of different devices in /etc/snmp.cfg file. More information  
about the snmp.cfg file can be found in the help pages  
(file://usr/3Com/bcm/gui/hlp/bcm-intro.html).  
SuperStack II NETBuilder If SuperStack II NETBuilder systems that are running software version 8.3 have a  
Token Ring Upgrades boot image named “bundle.68K,” the SuperStack II NETBuilder Token Ring system  
is not upgradeable to software version 11.4 unless the sys file is present on the  
flash drive. To work around this, either rename the image to “boot.68k,” or copy  
the 8.3 sys file to the primary boot directory on the NETBuilder bridge/router.  
bcmdiagnose and HP-UX If you are using HP-UX and have difficulties passing the tftp portion of  
bcmdiagnose, you may need to modify the /etc/passwd file. Follow the  
instructions printed during bcmsetup. You may need to add the following line to  
the /etc/passwd file:  
tftp::510:200:,,,:/tftpboot:/bin/false  
See the HP-UX tftpd man page for more information.  
bcmfdinteg Read the following warning regarding the bcmfdinteg utility.  
WARNING: Do not use the bcmfdinteg utility. The bcmfdinteg utility is used  
internally by the bcminstall utility. The bcmfdinteg utility should not be used by  
itself, because by default it removes all files from the current directory.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
46  
File Conversion This section describes file conversion considerations for APPN, bridge static routes,  
Considerations DLSw, the PROfile service, and X.25 SVCs.  
APPN  
APPN file conversion is supported in software version 8.2 and later. Upgrading  
from software versions prior to 8.2 requires manual configuration.  
High Performance Routing (HPR) is a new feature for the NETBuilder bridge/router  
after software version 8.3. If you use the Upgrade Management Utilities to convert  
your APPN data file from version 8.3 (or later) to 11.4, be sure to turn on HPR if  
HPR is desired using:  
SETDefault !<port> -APPN PortDef = <DLC type> HPR=yes  
Bridge Static Routes  
A static bridge route configured with the off option does not convert properly. You  
must manually reconfigure this route.  
DLSw  
Initial Bandwidth for Peer is a new parameter for software version 8.3 and later.  
The default for version 11.0 is 8000. If you use the Upgrade Management Utilities  
to convert your DLSw data files from version 8.3 (or later) to 11.4, be sure to set  
the value of the parameter to the desired value using:  
SETDefault <tunnel id> -Dlsw PEER = <IP address> <PrioMode> <8000 | other  
value>  
UNIX Platform Symbolic When installing Enterprise OS software version 11.4 from a UNIX platform, do not  
Links follow symbolic links to reach a particular file (image or tar file) when using the  
Browse” option. Double-clicking a directory name that is a symbolic link will not  
connect to the directory. To open a directory, type the directory name and press  
Enter.”  
Upgrading From Release If you are upgrading a bridge/router from software version 8.3 or earlier, you must  
8.3 or Earlier disable user verification by specifying the -NA flag on bcmnbrus or Upgrade Link.  
For example:  
bcmnbrus -NA  
or  
UpgradeLink -NA  
Otherwise, an error dialog box is returned with the message “Could not verify  
user.”  
If you use tftp, the “Verify Upgrade Services” step does not need the user or  
password to be verified, so those entries as well as the FTP Client User Name and  
Password, should be ignored.  
Upgrade Link and Netscape version 4.05 with AWT patch 1.1.5 has the Java support required by  
Netscape Brow ser Scroll Enterprise OS software version 11.4 Upgrade Link. Certain problems have been  
Bars found with this Netscape patch release, such as sometimes the Netscape browser  
Download from Www.Somanuals.com. All Manuals Search And Download.  
IBM Protocols and Services Notes  
47  
fails to add scroll bars with text fields. If you experience this or other problems,  
you may want to use a later version of Netscape when it becomes available.  
Upgrade Link Window  
Since Enterprise OS software version 11.4 Upgrade Link cannot resize the browser  
Resizing window, you should maximize the browser window so that all of the Upgrade Link  
dialog boxes are fully visible without scrolling.  
IBM Protocols and  
Services Notes  
This section describes notes, cautions, and other considerations to be aware of  
when using the Enterprise OS software when with IBM protocols and services. The  
topics are presented in alphabetical order.  
APPN In software version 11.4, APPN does not support SMDS.  
APPN Connections to When you connect to a 3174 on a token ring, you may need to enable transparent  
3174 through bridging on the bridge/router. The 3174 may send exchange identification (XID) as  
Token Ring a non-source routed frame.  
APPN CP-CP Sessions If you set up APPN routing in an SNA Boundary Routing configuration from a  
and SNA Boundary NETBuilder II bridge/router to a leaf node bridge/router, CP-CP sessions between  
Routing the remote site PC and the NETBuilder II bridge/router are established before you  
can configure the Boundary Routing configuration on the NETBuilder II  
bridge/router. However, after you set the -BCN CONTrol parameter for IBM traffic  
and enable the -BCN Service, the NETBuilder II bridge/router no longer receives the  
CP-CP sessions. To work around this problem, first turn off BOOTP on the  
NETBuilder II port at the central site. An alternative work around is to configure  
APPN with DLSw at the central site and to use the CECs MAC address at the  
remote site.  
APPN CP-CP Sessions on When parallel transmission groups (TGs) are configured between 3Com network  
Parallel TGs nodes and both TGs support CP-CP sessions, a CP-CP session on one TG does not  
switch to the other TG if the user disables the port or path. This happens because  
both sides learn about the link failure at different times. The network node with  
the disabled port or path learns about the link failure right away and tries to bring  
CP-CP sessions up on the second TG. However, the second network node does  
not learn about the link failure until LLC2 times out; because it thinks the link is  
still up, the second network node does not allow CP-CP sessions to start on the  
second TG. After five attempts at bringing up CP-CP sessions on the second TG,  
the second TG will be flagged as not supporting CP-CP sessions, preventing CP-CP  
sessions from coming up on that second TG. To prevent this situation, manually  
stop the first TG by entering the SET -APPN LinkStaCONTrol <LinkName>  
Deactivate command before disabling the port/path. By doing this, both network  
nodes will learn that the link has gone down at the same time, and CP-CP session  
can be activated on the second TG.  
APPN DLUr Connections When you configure an APPN dependent LU requestor (DLUr) connection from a  
to 3174 Systems NETBuilder II bridge/router to a 3174 cluster controller, the NETBuilder II network  
node and the 3174 must be on the same ring. In this configuration, the  
NETBuilder II token ring port must be set to transparent bridging only.  
BSC and Leased Lines The BSC pass-through feature is limited to leased lines and cannot use dialup links.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
48  
Boundary Routing and When configuring NetView Service Point in a Boundary Routing environment,  
NetView Service Point note that the SSCP-PU session actually flows over LLC2 rather than DLSw, even  
though the -SNA PortDef parameter is defined as DLSw. As a result, the session  
does not show up as a DLSw circuit.  
Configuring BSC When connecting a NETBuilder bridge/router to an Network Control Program  
and NCPs (NCP) for a BSC configuration, be careful when disabling the 3780/2780 EP lines.  
If you try to pull the cable out, the NCP may go into a state that will require the  
NCP to be rebooted. Check with your IBM service representative for additional  
details.  
DLSw Circuit Balancing Circuit balancing does not work properly if WAN links are set to different speeds.  
For circuit balancing to work properly, you must have WAN links of the same  
speed. If the WAN links are different speeds, for example, T1 and 64 K, the  
bridge/router with circuit balancing learns the route from the T1 link before  
learning the route from the 64 K link. All circuits are directed to the DLSw tunnel  
on the T1 link instead of being distributed on both 64 K and T1 DLSw tunnels.  
Only after alternate routes are in the circuit-balancing router cache will  
subsequent session establishment be balanced.  
DLSw and The default value of the -SYS CONNectUsage parameter is High for NETBuilder  
CONNectUsage bridge/routers with a DPE module. The default value of CONNectUsage for all  
Parameter other platforms is Low. This difference simplifies DLSw configurations.  
Default Change  
When the DPE module is used in a non-DLSw configuration, a small amount of  
memory is allocated (226 K of approximately 12 MB). Non-DLSw configurations in  
very large networks running OSPF and BGP may require that the CONNectUsage  
parameter be changed to Low to recapture this 226 K of memory. For all other  
configurations, this additional small memory allocation should have no effect.  
DLSw Prioritization The FLush -SYS STATistics command does not flush DLSw priority statistics. You  
must use the FLush -DLSw PRioritySTATistics command.  
DLSw and IBM Boundary The following considerations are related to DLSw in large networks.  
Routing in Large  
Leaf Node Sessions Support  
Netw orks  
When a leaf node has more than 50 end stations, use the following tuning  
parameters:  
SETDefault !<port> -LLC2 TransmitWindow = 1  
SETDefault !<port> -LLC2 RetryCount = 20  
SETDefault !<port> -LLC2 TImerReply = 10000  
Use these parameters for the leaf node and central node WAN ports.  
Number of DLSw Circuits  
The -SYS CONNectionUsage parameter controls the maximum number of DLSw  
circuits. The default value of the CONNectionUsage parameter is High for  
NETBuilder bridge/router with a DPE module and for the boundary router  
peripheral node, but the default value is low for all other NETBuilder bridge/router  
platforms. Change this value using:  
SETDefault -SYS CONNectionUsage = Low | Medium | High  
Download from Www.Somanuals.com. All Manuals Search And Download.  
IBM Protocols and Services Notes  
49  
You must reboot the bridge/router before this change takes effect. Table 9 shows  
the maximum number of circuits possible with the different CONNectionUsage  
parameter settings. The practical limit may be lower and depends on the traffic  
load, CPU, and memory usage by other services.  
Table 9 DLSw Circuit Maximums with CONNectionUsage Parameter Settings  
Maximum Number of DLSw Circuits  
System  
Low  
Medium  
High  
OfficeConnect and SuperStack II  
NETBuilder bridge/routers  
190  
390  
790  
Boundary router peripheral node*  
NETBuilder II bridge/router  
DPE modules  
n/a  
n/a  
790†  
390  
790  
7990  
* The CONNectionUsage parameter is set to High by the Boundary Router Peripheral node software; it  
cannot be changes.  
The IBM Boundary Router peripheral node uses two LLC2 circuits to support one LLC2 end system.  
Therefore, the maximum number of LLC2 end systems supported by an IBM Boundary Router peripheral  
node is 395.  
Number of TCP Connections  
3Com LLC2 tunneling uses one TCP connection for each LLC2 session. DLSw  
scales to large networks better than LLC2 tunneling because it multiplexes all LLC2  
sessions over one TCP connection per tunnel. Each Telnet session also uses one  
TCP connection. Table 10 shows the maximum number of TCP connections  
possible with the different CONNectionUsage parameter settings. The practical  
limit may be lower and depends on the traffic load, CPU, and memory usage by  
other services.  
Table 10 TCP Circuit Maximums with CONNectionUsage Parameter Settings  
Maximum Number of TCP Circuits  
System  
Low  
Medium  
High  
OfficeConnect and SuperStack II  
NETBuilder bridge/routers  
32  
256  
512  
Boundary router peripheral node*  
NETBuilder II bridge/router  
DPE module  
n/a  
n/a  
790  
32  
512  
2048  
* The CONNectionUsage parameter is set to High by the Boundary Router peripheral node software; it  
cannot be changed.  
Front-End The maximum number of FradMap entries that may be defined for each Frame  
Processor/Frame Relay Relay port is 50.  
Access for LLC2 Traffic  
HPR and ISR High Performance Routing (HPR) is enabled by default. Therefore, if you are  
Configurations configuring APPN Intermediate Session Routing (ISR), you must disable HPR on  
both the PortDef and the AdjLinkSta parameters by setting HPR = No.  
IBM Boundary Routing In an IBM Boundary Routing topology that uses disaster recovery through PPP  
Topology Disaster (when two paths are mapped to one port), a disruption to existing SNA and  
Recovery  
Download from Www.Somanuals.com. All Manuals Search And Download.  
50  
NetBIOS sessions occurs if the primary link fails and the redundant link is activated.  
If this happens, end users need to log on and initiate another session.  
IBM-Related Services in IBM-related services such as DLSw and APPN are affected by parameter settings in  
Token Ring the BRidge, SR, and LLC2 Services. Table 11 shows the required settings in source  
route (SR), source route transparent (SRT), and transparent bridging environments  
for each of the IBM-related services. When a NETBuilder bridge/router token-ring  
port is configured for both an IBM service such as DLSw and transparent bridging  
or SRT bridging, connectivity problems and frame copy errors can occur. For this  
reason, 3Com recommends configuring token ring ports for source route only  
when possible.  
In Table 11, DLSw refers to data link switching, and LNM refers to LAN Net  
Manager. The settings are shown in abbreviated form. 3Com-recommended  
configurations are shaded and shown in bold.  
Table 11 IBM-Related Feature Settings for Token Ring Ports  
Port  
Source Route Transparen  
Route  
Configurat Bridging  
t Bridging  
(-BR TB)  
Bridging  
(-BR CONT) (-SR RD)  
Discovery LLC2 CONTrol Frame Copy  
Services  
Bridging only  
Bridging only  
Bridging only  
LNM  
ion  
SR  
SRT  
T
(-SR SRB)  
SRB  
(-LLC2 CONT) Errors  
NTB  
TB  
B
NoLLC2  
NoLLC2  
NoLLC2  
LLC2  
Disable  
Disable  
Disable  
Enable  
Enable  
Enable  
Enable  
Disable  
Disable  
Disable  
Disable  
None  
SRB  
B
Low # Possible  
Low # Possible  
None  
NSRB  
SRB  
TB  
B
SR  
SR  
SRT  
T
NTB  
NTB  
TB  
B
DLSw  
SRB  
NB | B  
NB* | B*  
NB* | B*  
NB | B  
NB | B  
NB | B  
NB  
LLC2  
None  
DLSw  
SRB  
LLC2  
High # Possible  
High # Possible  
None  
DLSw  
NSRB  
SRB  
TB  
NoLLC2  
LLC2  
APPN  
SR  
SRT  
T
NTB  
TB  
APPN  
SRB  
LLC2  
None  
APPN  
NSRB  
SRB  
TB  
LLC2  
None  
Default Setting  
SRT  
TB  
NoLLC2  
None  
* 3Com recommends that you disable global bridging for this configuration. However, with global bridging disabled, the token-ring hardware does not  
filter unwanted transparent packets. The token-ring hardware copies each transparent packet for processing by the Enterprise OS software. This can  
generate many frame copy errors (see Token Ring Frame Copy Errors below for more information.) If you are seeing many Frame Copy Errors, consider  
setting global bridging on, which allows the hardware to learn and filter unwanted transparent packets. Since DLSw cannot block bridging loops, you  
must insure that none exist. As an alternative, you can prevent the bridge from forwarding by entering the following command: SETDefault -BRidge  
CONTrol = NoForward. The NoForward parameter allows the hardware to filter unwanted transparent packets, allows DLSw to send and receive LLC2  
SNA and NetBIOS packets, but prevents these and other packets from bridging.  
The row in Table 11 labeled DLSw with port configuration SR represents DLSw in a  
source-route-only port configuration. The entries in this row expand to the  
following Enterprise OS software configuration syntax:  
SETDefault -BRidge CONTrol = Bridge | NoBridge  
SETDefault !<port> -SR SrcRouBridge = SrcRouBridge  
SETDefault !<port> -BRidge TransparentBridge = NoTransparentBridge  
SETDefault !<port> -SR RingNumber = <number> (1–4095) | 0x<number> (1-FFF)  
SETDefault !<port> -SR BridgeNumber = <number> (0-15) | 0x<number> (0-F)  
SETDefault !<port> -SR RouteDiscovery = LLC2  
SETDefault !<port> -LLC2 CONTrol = Enable  
In this configuration, global bridging (-BRidge CONTrol) can be set to either Bridge  
or NoBridge. Transparent bridging is disabled on token ring ports, source routing  
Download from Www.Somanuals.com. All Manuals Search And Download.  
IBM Protocols and Services Notes  
51  
and route discovery are configured, bridge numbers must be unique for each  
bridge/router on the same ring, and LLC2 is enabled on token ring ports.  
Token Ring Frame Copy Errors  
For transparent bridge or source route transparent configurations, token ring end  
systems may generate a small number of MAC frame copy error reports when the  
NETBuilder II bridge/router token ring interface is initializing or when the  
bridge/router ages out a MAC address from its bridge table.  
For the bridge/router to learn the MAC addresses of transparent end systems on  
the token ring, it copies a packet with an unknown source address and sets the  
address-recognized (A) and frame-copied (C) bits in the Frame Status (FS) field. A  
problem occurs when the FS (A) and (C) bits have been set and the destination of  
the frame is an end system on the local ring. The destination end system expects  
the (A) and (C) bits to be zeros. When it receives a frame with these values already  
set, it reports an error. The end system counts these errors and accumulates them  
until the MAC layer Soft Error Report Timer period is reached; the default is two  
seconds. A MAC Report Error packet is then sent to the Ring Error Monitor (REM)  
Network Management entity.  
A source route only configuration eliminates frame copy errors. Frame copy errors  
do not occur in source route only environments when the NETBuilder  
bridge/routers are configured properly. This is because the NETBuilder  
bridge/router hardware filters source-routed packets based on the route  
information field, not the MAC address. If the bridge/router is configured for  
source route only, it never copies frames destined for a station on the local ring.  
Frame copy errors can be eliminated by running in source-route-only mode.  
Table 12 shows the features supported on the NETBuilder II and NETBuilder  
SuperStack II token ring bridge/routers.  
Table 12 3Com Bridge/Routers and Supported Features  
Source Route  
Transparent  
Bridging  
Source Route  
Transparent  
Routing Gatew ay  
Platform  
Source Routing  
NETBuilder II  
Yes  
Yes  
Yes  
Yes  
No  
Yes  
Yes  
SuperStack II NETBuilder No  
Token Ring  
Frame Copy Errors under LAN Net Manager  
Whenever LAN Net Manager is enabled, the token ring driver is set to N-way  
bridging mode, which means the bridge/router copies all frames that match the  
bridge number specified on the receiving port. If two NETBuilder bridge/routers  
are connected to the same ring with the same bridge number, frame copy errors  
will occur. To prevent this problem, do not configure two NETBuilder  
bridge/routers with the same bridge number on the same ring.  
LAN Netw ork Manager If you have previously configured your LAN Network Manager to use the  
w ith NETBuilder II NETBuilder II system as a virtual ring, and you want to use it as a physical ring, you  
Systems must set your virtual ring number back to None.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
52  
LLC2 Frames and PPP LLC2 frames are not sent or received over PPP unless global bridging is enabled  
using the SETDefault -BRidge CONTrol = Enabled command. You must enable  
LLC2 on the port using:  
SETDefault !<port> -LLC2 CONTrol = Enabled.  
If bridging is enabled and you do not want bridging, either set the -BRidge  
CONTrol parameter to NoForward, or disable bridging on individual ports by  
setting the following command:  
SETDefault -BRidge TransparentBridge = NoTransparentBridge  
Maximum BSC Line For V.35 and RS-232 links, the maximum baud rate supported for BSC traffic is  
Speed 38.4. If the baud rate is higher, BSC traffic suffers errors and retransmissions.  
SHDLC Half-Duplex SHDLC does not support physical half-duplex mode.  
Mode  
SDLC SDLC requires the following:  
XID spoofing must be turned on if the IBM Communication Manager is used  
for 3270 communications and is defined as a PU type 2.0. Use the following  
syntax:  
SETDefault !<PU name> -SDLC CUXId = <value> (8 Hexadecimal digits)  
SETDefault !<PU name> -SDLC CUXidDefined = Yes  
SDLC end-to-end through local switching (conversion to a single LLC2 LAN  
connection between two NETBuilder bridge/routers) requires different virtual  
ring numbers in the LLC2 Service.  
SDLC Adjacent Link When you configure SDLC adjacent link stations for APPN, if an active link  
Stations for APPN becomes inactive and you change the port definition using the PortDef parameter,  
the link remains inactive. If you try to reactivate the link using the SET -APPN  
LinkStaCONTrol command, the link reactivates within 30 seconds. To activate the  
link immediately, you must enable the APPN port using the SET -APPN PortControl  
= Enable command.  
Source Route The NETBuilder II bridge/router cannot interoperate with Cisco or IBM routers if  
Transparent Bridging the NETBuilder bridge/router is configured using Source Route Transparent  
Gatew ay (SRTG) Gateway (SRTG) with Source Route bridging on the token ring LAN port and  
Interoperability Transparent Bridging on the PPP or Frame Relay WAN ports. In this configuration,  
the NETBuilder II bridge/router is sending using PPP bridge encapsulation 802.5  
token ring format, while the IBM 6611 and the Cisco 400 router are using PPP  
bridge encapsulation 802.3 Ethernet format.  
SDLC Ports and NetView  
Service Point  
An SDLC port defined for NetView Service Point cannot be used for SDLC-to-LLC2.  
UI Response Time With When NETBuilder bridge/router is configured with many SDLC PUs, SETDefault  
Large SDLC commands may take a long time to complete. Using the Defrag command to  
configuration streamline the flash that contains the configuration files can fix the problem.  
VTAM Program VTAM Program Temporary Fixes (PTFs) are required on a mainframe when APPN  
Temporary Fixes DLU services are used. Mainframe network management (NetView) services will  
not function for downstream physical units (PUs) if the PTFs are not installed.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
ATM Services Notes  
53  
VTAM Version 4.2 requires PTF #UW20787. VTAM Version 4.3 requires PTF  
#UW20788.  
Visible symptoms of this problem can be seen as a lack of network management  
data for PUs that are downstream of a NETBuilder II bridge/router using APPN DLU  
services. The NetView message “AAU251I AAUDRTIB 02 UNEXPECTED SENSE  
CODE X'1002' ENCOUNTERED FOR TARGET=pu_name” is printed in the log file  
when this problem occurs.  
ATM Services Notes  
This section describes notes, cautions, and other considerations to be aware of  
when using the Enterprise OS software with ATM services. The topics are  
presented in alphabetical order.  
ATM Emulated LANs Enterprise OS software supports a system maximum of 32 ATM emulated LANs.  
ATM LAN Emulation This release of LAN emulation software does not support large 802.3 frame  
Clients and Large 802.3 encapsulation as specified in the LANE standard 1.0. When IP routing is used from  
Frames FDDI to an emulated LAN, packets larger than 1500 are sent fragmented per IP  
fragmentation rules.  
ATM Connection Table In a LAN Emulation environment with many LAN Emulation Servers (LESs), a  
performance drop may occur when the NETBuilder bridge/router is able to  
connect to the LAN Emulation Configuration Server (LECS), but many of the LESs  
are down or unreachable. Disabling the ETHATM virtual ports corresponding to  
the unreachable LESs will alleviate this situation.  
Deleting ATM Neighbors Bridge ATM Neighbors must be deleted before the associated virtual ports can be  
deleted.  
Source-Route The source-route transparent gateway is not currently supported on ATM LAN  
Transparent Gatew ay emulation ports.  
WAN Protocols and  
Services Notes  
This section describes notes, cautions, and other considerations to be aware of  
when using the Enterprise OS software with WAN protocols and services. The  
topics are presented in alphabetical order.  
ACCM Not Configurable The ACCM (Async Control Character Map) used for Async PPP cannot be  
configured. During LCP negotiation, the NETBuilder bridge/router always proposes  
an ACCM of all zeros and agrees to whatever the peer negotiates.  
Asynch Tunnelling on For best results, set the LineType parameter to Leased and set the SuperStack II  
Serial Ports NETBuilder bridge/router model 32x connector type for the universal port to  
RS-232. For the path to come up, the bridge/router must see a DTR or DSR control  
signal from the device. Or, if the device does not generate a control signal, a  
loopback connector should be used to supply the control signal.  
Automatic Line When set to the value of Auto, the -PATH LineType parameter first attempts to  
Detection bring up the path as a leased line by raising the data terminal ready (DTR) signal. If  
the path comes up but a DTR-base dial modem is attached to the path, the  
modem does not hang up until brought down manually with the HangUp  
command. To avoid this situation, set the -PATH LineType parameter to Dialup.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
54  
Auto Start-up Does Not Automatic detection of the line type (LineType=Auto) and link protocol  
Include Async (OWNer=Auto) do not include recognition of Async PPP and AT dial. For Async PPP  
and AT dial (which must be used together), the following parameters must be  
explicitly configured:  
-PATH LineType=Dialup  
-PATH DialMode=ATdial  
-PATH ExDevType=Async  
-PORT OWNer=PPP  
The PATH service parameter TransferMode should not be changed from its default  
value of AUto. Other settings of this parameter are reserved for future extensions.  
Bandw idth-on- Two PORT Service parameters are used to configure bandwidth-on-demand ports.  
Demand Timer The DialIdleTime parameter sets the time in seconds before all dialup lines in a  
Precedence port are disconnected if the port is not in use. The DialSamplPeriod parameter sets  
the time (in seconds) to sample before taking an action to bring additional paths  
up or down, based on traffic load for bandwidth-on-demand. The value specified  
for the DialIdleTime parameter takes precedence over the value specified for the  
DialSamplPeriod parameter.  
Baud Rates for WAN The following baud rates are supported in DCE mode (synchronous, internal  
Ports in DCE Mode clocking):  
1200  
1800  
2400  
3600  
7200  
9600  
19 K  
38 K  
56 K  
64 K  
112 K  
128 K  
256 K  
384 K  
448 K  
768 K  
1344 K  
1536 K  
1580 K  
2048 K  
If you configure a baud rate that is different from those listed, the system will fall  
back to the nearest lower supported rate.  
BSC Cabling and The data communication equipment (DCE) cable for SuperStack II bridge/routers  
Clocking should be 07-264-000-01 (rev. 1) to work in BSC internal clocking mode.  
Changing the Transfer The PATH service parameter TransferMode should not be changed from its default  
Mode Parameter Default value of AUto. Other settings of this parameter are reserved for future extensions.  
Value  
Compression Compression must use the same configuration at both ends of the connection. If  
Requirements one side of a connection is configured as per-packet and the other is configured as  
history, the PPP link does not come up.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
WAN Protocols and Services Notes  
55  
Dial Idle Timer The dial idle timer is not accurate and it will take a client longer to idle out than is  
configured. For a 180 second dial idle time it takes approximately 8.5 minutes for  
the client to idle out if no traffic is ever sent. To workaround this problem, disable  
bootp on !0 by entering the following command:  
Setd !0 -bootp control=disable"  
Disaster Recovery on The Port Service DialControl parameter controls port attributes for a dial-up port in  
Ports Without Leased the event the bandwidth set for a leased line drops below what has been set as  
Lines the normal bandwidth. Setting this parameter to DisasterRecovery for a port  
without leased lines prevents port idle out.  
DTR Modems DTR modems should not be configured as a dynamic path and a dial pool.  
Dynamic Paths Dynamic paths might not be released back into the dial pool from the port if an  
incoming call arrives during a disconnect state. If the SHow -POrt PAths command  
indicates that a path from the dial pool is attached to a port but is no longer in  
use, it can be released by re-enabling the port.  
Frame Relay Congestion The current implementation of Frame Relay congestion control requires that you  
Control set the committed burst size (Bc) and the committed information rate (cir) to the  
same value so that the time interval (Tc) equals 1 second using the formula  
Tc= <Bc>/<cir>. If Tc is not 1 second, the Frame Relay frames may be erroneously  
dropped due to the incorrect calculation of the throughput rate threshold.  
History-Based If you are using history-based compression on a line with excessive errors and the  
Compression negotiation attempts exceed the retry count, the device must be rebooted to clear  
Negotiation Failure the condition and reset the retry count.  
History Compression Not A port using Async PPP (AT dial) cannot be configured for history compression.  
Allow ed With Async PPP The user interface will not prevent you from configuring the port for history  
compression, however, if history compression is selected the path will not come  
up.  
Multilink PPP Multilink PPP (MLP) is supported for multiple WAN links connected to the same  
Configurations port running PPP.  
When configuring MLP:  
For maximum performance on a NETBuilder II bridge/router, 3Com  
recommends that similar hardware interface types be configured for each MLP  
bundle. For instance, bundle HSS modules with HSS modules, and bundle HSS  
3-port module links with HSS 3-port module links.  
For the best performance, use MLP on interfaces with matched line speeds.  
Avoid mismatched baud rates of ratios greater than 10 to 1 for bundled links.  
If your baud rate ratios on two links are greater than 4 to 1, the MLP feature  
automatically turns off fragmentation. For baud ratios of less than 4 to 1, you  
may choose to turn off fragmentation for performance considerations. Turn off  
fragmentation using the MlpCONTrol parameter in the PPP Service.  
MLP does not support the HSSI module.  
Before you re-enable a port running MLP, disable the port and allow the remote  
port to go down. This action prevents loss of packet sequence numbers  
Download from Www.Somanuals.com. All Manuals Search And Download.  
56  
synchronization, which causes packets to be dropped when the MLP port is  
enabled.  
SPID Wizard Detection If the two routers are connected to a single NT-1, SPID Wizard cannot detect the  
Errors correct switch type and corresponding SPIDs. To work around the problem,  
disconnect one of the routers from the NT-1 before running SPID Wizard.  
Reconnect the router after SPID Wizard completes the detection process.  
STP AutoMode Does Not When a NETBuilder II TI is connected over X.25 to a NETBuilder II bridge/router  
Select the Right Mode that has Ethernet or token ring, and the Ethernet is transparent bridging to other  
routers over X.25 and the token ring interface requires source route bridging to  
the NETBuilder II TI, STP does not select the right mode when the default value is  
AutoMode. Set the STP value to SRTMode.  
Supported Modems Table 13 lists asynchronous and Table 14 list synchronous modems supported by  
3Com.  
Table 13 Supported Asynchronous Modems  
Modems  
Hayes (Accura 33.6)  
Motorola (ModemSURFR 33,600)  
3Com/USR (Courier, Sportster)  
Multitech (MT1932ZDX)  
3Com/USR (Impact IQ)  
Table 14 Supported Synchronous Modem  
Modem  
3Com/USR (Courier)  
Routing Protocols and  
Services Notes  
This section describes notes, cautions, and other considerations to be aware of  
when using the Enterprise OS software and routing protocols and services. The  
topics are presented in alphabetical order.  
BGP Configuration Files Prior to software version 10.1, BGP configuration files were written to flash  
memory every 10 SETDs, ADDs, or Deletes. Beginning with version 10.1, BGP  
configurations are saved to flash memory immediately after each change, which  
practically eliminates the need for the SAVEbgp command.  
3Com recommends that you pay special attention to bridge/router platforms  
running software version 10.1 and greater with pre-10.1 releases in the same  
network. Always enter the SAVEbgp command on any bridge/router running  
software previous to version 10.1 to make sure that all the BGP configurations are  
written to flash memory. Failure to do so may result in all the BGP configurations  
being lost after the next reboot.  
Prior to software version 10.1, all IGP routes except OSPF External routes were  
imported into the BGP routing table by default. Beginning with software version  
10.1, the “import” of IBP routes into BGP is controlled by the BGP IntPolDefault  
parameter.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Routing Protocols and Services Notes  
57  
CPU Utilization w ith XNS When the PathBuilder S5xx switch is configured for 2048 tunnels and XNS  
Protocol protocol, very high CPU utilization will occur.  
IPX to Non-IPX A mechanism does not exist to prevent adding a path from a non-IPX routing port  
Configuration Error to an IPX routing port. If this situation occurs, the router stops routing IPX traffic,  
even though the primary port has been up the whole time. To restart IPX routing,  
re-enable the port.  
IPX Routing, Route When you route IPX over a Frame Relay meshed topology and configure the SAP  
Receive and Route Route Receive and Route Advertisement policies on the Frame Relay port, these  
Advertisement Policies policies do not take effect until the SAP table is flushed.  
Managing IP Address When assigning IP address to virtual ports of directly connected networks, it is  
Assignment important to ensure that the assigned address is valid. As LCP supports multiple  
Network Control Protocols (NCPs), IP does not verify that the address is valid  
before bringing the port state up or down, as there may be other protocols which  
are utilizing that port. It is possible to have an UP port state, yet have a lack of IP  
connectivity.  
NAT Service - Many to NAT Many to One Outbound does not translate properly when multiple addresses,  
One Outbound on LHS, are specified using comma (,) notation. But NAT Many to One Outbound  
Translation translates properly when multiple addresses, on LHS, are specified in 10.3.1.0/24  
notation.  
NAT Service - TCP/UDP When the NETBuilder bridge/router is configured to use TCP/UDP Port Mapping  
Port Mappings from port 23 (Telnet) to any other port number, the first command executed over  
the session will fail due to extra characters inserted into the command string. All  
subsequent commands issued for that session will succeed. If you encounter this  
problem, execute the command again.  
OSPF Route If your network is expecting more than 4000 OSPF routes you need to set the  
Advertisement ospfholdtime variable to 30.  
PIM-Sparse Mode In Release 11.4, PIM-SparseMode does not look into the BGP routing table for RPF  
(reverse path forwarding) lookups. RPF lookups for IP addresses reachable only via  
BGP will result in RPF failures.  
This has the following implications.  
A PIM-SM router will drop multicast data packets sent from a source reachable  
only via BGP.  
PIM-SM Rendezvous Points which are reachable only via BGP will not get  
added to the local RendezvousPoint set (the set of routers capable of  
functioning as PIM-SM RPs).  
PIM-SM Cisco IOS currently forwards the boot strap router (BSR) message packets without  
Enterprise OS/Cisco modifying the source IP address field. This implementation is incompatible with  
Incompatibility 3Com Enterprise OS and there is no workaround when a PIM-SM domain contains  
both Cisco IOS and 3Com Enterprise OS devices.  
PIM-SM Register Cisco IOS currently sends register packets with register checksum on the entire IP  
Checksum Formats payload, and IOS rendezvous points (RPs) also expect register checksums done on  
the entire IP payload. However, 3Com Enterprise OS devices generate register  
Download from Www.Somanuals.com. All Manuals Search And Download.  
58  
checksums on the PIM headers only. Enterprise OS devices, when acting as RPs,  
are capable of accepting register checksums in both formats. In the scenario  
where Cisco IOS devices are the RPs and Enterprise OS devices act as sender  
designated routers (DRs), a super user command 'SU PIM RegCksum FullPayload'  
is required on the Enterprise OS devices.  
PM-SM Not Supported Currently PIM-SM is not supported over non-broadcast, multiaccess (NBMA)  
Over NBMA Media datalink media. Such media include IP-IP Point-to-Multipoint (P2MP) tunnels and  
Frame Relay configured on parent ports.  
RouteDiscovery If RouteDiscovery is enabled on all protocols (-SR RouteDiscovery = All), in the  
maximum packet forwarding rate drops significantly during route discovery. 3Com  
recommends that you enable RouteDiscovery only for the protocols you use.  
Increasing the value of the -SR HoldTime parameter minimizes the drop in  
forwarding rate for these protocols.  
VRRP Configuration VRRP cannot coexist with DECnet, LAA, OSI, or IPv6.  
Netw ork  
Management System  
and Services Notes  
This section describes notes, cautions, and other considerations to be aware of  
when using the Enterprise OS software when working with network management  
system services. The topics are presented in alphabetical order.  
ASCII Boot When using the ASCII Boot feature on a NETBuilder II bridge/router with intelligent  
I/O modules or a PathBuilder S5xx series switch, configuration commands that  
apply to the physical ports on the intelligent I/O modules or to the physical ports  
on the PathBuilder may not get configured correctly if they are the first commands  
executed in the boot.cfg file. There is a small timing window where the  
commands affecting the physical ports will not execute successfully because the  
software drivers have not finished initializing the ports.  
This problem can be avoided by either including a PAuse command at the  
beginning of the boot.cfg file to delay the execution of the first configuration  
command by a few seconds or by putting the configuration commands that do  
not apply to the physical ports at the beginning of the boot.cfg file. The intelligent  
I/O modules on the NETBuilder II bridge/router are the HSS 4-Port WAN Module,  
the MP ATMLink Module, the MP Ethernet 6-Port 10BASE-FL Module, and the HSS  
8-Port BRI Module. Support for the PAuse command by the ASCII Boot feature  
(and LoadConfigs) is new with the Enterprise OS software version 11.4.  
Boot Cycle If the OfficeConnect bridge/router fails to complete the boot cycle and enters a  
Continuous Loop boot cycle loop (for example, if the boot image is corrupted), press the ESC key to  
interrupt the boot cycle and enter monitor mode.  
BootP Server and To use the Enterprise OS software version 11.4 Autostartup feature, you must  
Autostartup upgrade the remote node, the central site, and if you are using the 3Com BootP  
server, you must upgrade that as well. Autostartup supports a non-3Com BootP  
server if the remote node is identified by its MAC address.  
Bootptab File The 3Com BOOTP Server for Windows does not read the bootptab file for any  
date greater than 2000. The problem resides in Microsoft's system libraries. A  
patch can be downloaded from Microsoft. This patch can be found at the  
following URL:  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Network Management System and Services Notes  
59  
Capturing Commands to When using Capture to save commands to the boot.cfg, the commands are not  
boot.cfg File immediately written to the boot.cfg file. A system crash or reboot may occur at a  
time when commands that have been executed have not been written to the  
boot.cfg file causing these commands to be lost.  
Change Configuration The options on the Change Configuration and Diagnostic menu do not apply to  
and Diagnostic Menu the model 1x1 OfficeConnect bridge/router because ISDN ports are not present on  
this system.  
CPU Utilization Statistic For the NETBuilder Remote Office bridge/routers, the CPU utilization statistic  
indicates a high percentage of utilization regardless of actual use. CPU utilization  
is displayed on the first line of the response to the SHow STATistics command. This  
incorrect display statistic will be fixed in a future release of the Enterprise OS  
bridge/router software.  
File System Error Occasionally a false file system error message telling you to format and restore  
configuration files will appear on the console. These false errors appear when the  
background processing in the NETBuilder bridge/router is performing file  
operations and you attempt a write operation (such as a SETDefault command,  
DEFRag command, and FORMAT command). In these programmatic lockouts  
rather than media related error conditions, the flash file system will NOT need to  
be reformatted. Examining the results of the attempted command (such as SHow  
to examine the results of the attempted SETDefault) can indicate whether the file  
system error is a false indication or not.  
Firmw are Configuration To select BootP as your Address Discovery protocol, you must set all five IP address  
options to None.  
Firmw are Update The bridge/router updates firmware as part of its software boot process. In some  
cases, some text is displayed during the firmware upgrade process, which appears  
similar to the following:  
>>>>updating firmware boot bank A  
>>>>famd_blk_erase: block addr less than 512K: 0x10000  
>>>>famd_blk_erase: block addr less than 512K: 0x20000  
>>>>Firmware boot bank update is complete.  
These messages do not indicate a problem and can be ignored.  
IP Quality of Service There is a bug in the software that exhibits itself when setting the bandwidth of a  
Bandw idth QoS Policy to be 8k or lower. The workaround is to assign a bandwidth greater  
than 8k to the policy.  
IP Quality of Service When using the IP Quality of Service (IP QoS) features, there are two methods for  
Configuration configure priority queueing. The older method uses the IP Filter Service and the  
new method uses the IPQoS Service. Assigning a priority to IP packets in IP QOS  
does not work. For the 11.4 release, if you wish to create a policy to configure  
priority queueing use the IP Filter Service Policy command to establish filtering  
policies.  
Multiple Paths to BootP Multiple paths to a BootP server may cause a BootP reply to fail. If a BootP reply is  
Server transmitted by a BootP server and not received by the router, ush the IP Routing  
Download from Www.Somanuals.com. All Manuals Search And Download.  
60  
table and re-enable BootP on the port waiting for the IP address. BootP must be  
re-enabled before route update are received.  
Remote Access To increase network security, the default value for the NetAccess parameter in the  
Default Change SYS Service is set to NoRemote. This means that by default, no remote connection  
attempts will be accepted by the bridge/router. If you are accustomed to or want  
to use remote access, you must specifically set the value of the NetAccess  
parameter to Remote.  
Scheduler When RunOnBootFail is specified, event-based macro execution (EBME) is enabled  
RunOnBootFail when the primary connections fail to establish within 5 minutes after the switch  
Completion boots. After the initial 5 minutes, PortDown event processing happens at the rate  
of approximately one port per second. When the PathBuilder S5xx series switch is  
configured for 2048 virtual ports it takes about 45 minutes after the system  
initializes for the RunOnBootFail processing to be completed on all ports.  
V.25bis Modem Setup If you are using a V.25bis modem with a NETBuilder boundary routing leaf node,  
and you configure the line type explicitly as dial rather than auto, be certain to also  
set the DialMode to V.25bis rather than use the default of DTR.  
Web Link When you set the DocumentPath parameter in the WebLink service to a local file,  
Documentation Path drive C for example (le:///c:), the Web Link assumes that access to the  
NETBuilder bridge/router takes place only from the computer to which the file is  
local. If Web Link is used from any other computer, the browser looks on its local  
C” drive for the help pages. If the computer is a UNIX machine and these files are  
not present as expected, unpredictable browser behavior will result.  
Web Link Login Support When you access the Web Link application for the first time, you are prompted to  
enter a username and password. This username and password remains valid on  
the NETBuilder bridge/router for two hours. Because most browsers cache user  
login information, it is recommended that you log out of Web Link by selecting  
the “Logout” icon on the home page.  
Zmodem Time Out A Zmodem file transfer from a PC to a SuperStack II or OfficeConnect  
bridge/router can take a long time. To minimize the possibility that the PC  
Zmodem software will time out during the download, run the DEFRag command  
on the SuperStack II bridge/router before beginning the file transfer. The DEFRag  
command reclaims dirty space in flash memory. Dirty space is memory that has  
been written on and cannot be used again until it has been erased.  
VPN Protocols and  
Services Notes  
This section describes notes, cautions, and other considerations to be aware of  
when using the Enterprise OS software with VPN protocols and services. The  
topics are presented in alphabetical order.  
ACE Security Server When interoperating with the ACE Security Server for Token-based login support,  
you may need to change the RAS Retransmit Timer value to a higher value (for  
example, 7) to prevent access-request time-outs.  
Total Control Security The Total Control™ Security and Accounting Server provides call authentication,  
and Accounting Server authorization, and accounting for your Enterprise OS devices. At the time of  
Availability publication of these release notes, the required version number of the SAS server  
Download from Www.Somanuals.com. All Manuals Search And Download.  
VPN Protocols and Services Notes  
61  
was unavailable. To determine the required version, refer to the online version of  
these release notes available on the 3Com website:  
Microsoft MPPE Patches Microsoft has acknowledged performance problems with their original  
and Updates implementation of MPPE. You should use MSDUN1.2c or later for Windows 95  
and apply Hot Fixes in article Q162230 for Windows NT. Contact your Microsoft  
service provider for additional information and updates when they become  
available.  
PKI: Entrust CA A Certificate Authority (CA) product can be purchased separately from Entrust.  
Installation Notes This packaged CA server must be installed and configured on a Windows NT 4.0  
system. This package actually consists of two Entrust products:  
Entrust/PKI 4.0 Authority/Admin/Directory is installed on a Windows NT 4.0  
server. This product provides the CA server, a facility to administer the CA, and  
an optional local LDAP-compliant directory that can serve as a repository for  
certificates and CRLs. This product should be installed first.  
Entrust/PKI 4.0 VPN Connector can be installed with Entrust PKI 4.0  
Authority/Admin/Directory on a Windows NT 4.0 server, or installed separately  
on a Windows NT 4.0 workstation with network connectivity to the Entrust CA  
server. This product provides a front-end to the Entrust CA server for enrolling  
VPN devices such as routers with the Entrust CA in order to obtain certificates  
for those devices. This product must be installed after the Entrust/PKI 4.0  
Authority/Admin/Directory product is installed.  
The following are some guidelines for installing the Entrust/PKI 4.0  
Authority/Admin/Directory product:  
The Entrust installation guide gives instructions for installing the Entrust/PKI 4.0  
Authority/Admin/Directory product. It is recommended that the Entrust  
directory be installed with the CA server. The installation guide specifies the  
exact system requirements. It is strongly recommended that the installation  
guide be reviewed carefully before attempting the installation.  
The Entrust CA environment assumes a hierarchy of security personnel that  
manage various aspects of operation of the CA, although all of the various  
management roles can be assumed by a single person. It is recommended that  
the various passwords for the various personnel be carefully recorded, and the  
records placed in a secure location. The installation provides various  
worksheets, and the information requested in these must be determined prior  
to the installation.  
A Windows NT server administrator password must be set prior to the  
installation. Do not use an empty password consisting only of a carriage return.  
After installation, if the Entrust directory was installed with the Entrust CA  
software, by default, the directory records for certificates and CRLs will be  
stored internally in an ASCII format. The directory records should be stored in a  
binary format. To change the format, edit the Entrust ENTMGR.INI file and  
Bridge/Router PKI Configuration search for the line serverType =  
Entrustslapd”. Change this line to read “serverType = External. See Appendix  
D of the Entrust/PKI 4.0 Administration Guide for more information. After  
editing this file, run the Master Control application and invoke the Restore to  
Download from Www.Somanuals.com. All Manuals Search And Download.  
62  
Directory operation to reinitialize the directory in binary mode. See Chapter 2  
of the Entrust/PKI 4.0 Administration Guide.  
The following are guidelines for installing the Entrust/PKI 4.0 VPN Connector  
product: n The Entrust installation guide provides instructions for installing the  
Entrust/PKI 4.0 VPN Connector product. The installation guide specifies the  
exact system requirements. It is strongly recommended that the installation  
guide be reviewed carefully before attempting the installation. n The  
installation provides various worksheets, and the information requested in  
these must be determined prior to the installation.  
The CEP features of VPN Connector are not required in a 3Com bridge/router  
PKI environment. Skip those steps relating to the CEP installation and  
configuration.  
PPTP Tunnel Security Authentication problems may occur when connecting a Windows 95 or NT client  
Validation via a Total Controlhub to a NETBuilder II bridge/router where the Total Control  
hub is setting up a PPTP tunnel to the bridge/router.  
This problem is a combination of the security protocol between the client and the  
LS (in this case the Total Control Hub) and the time it takes to validate a Radius  
request on the Radius server. In addition, the setting of the DefaultAptCtl  
parameter needs to be considered because this determines which security protocol  
the NETBuilder bridge/router will use.  
If the client and the LS negotiate to use PAP, the client will send PAP configure  
requests but at that time the LS is busy setting up the PPTP tunnel and will forward  
the PAP requests to the NETBuilder bridge/router. The bridge/router by default  
sends CHAP challenge to the client and normally the client responds immediately.  
Then the NETBuilder bridge/router sends a request to the Radius server for  
validation.  
If there is another PAP request from the client to the bridge/router while the  
bridge/router is waiting for validation from the Radius server, the bridge/router will  
send a PAP NAK to the client and the session is terminated. If the CHAP success  
message is received before the next PAP message, the PAP message is discarded  
and the connection is established.  
Solutions include disabling CHAP on the NETBuilder DAC or disabling PAP  
between the client and the LS.  
This situation does not arise when the NETBuilder bridge/router is using internal  
security because it is fast enough to check the CHAP response before the next PAP  
message is generated.  
RSA Signature for Phase When using RSA Signature for phase 1 authentication, and an IP address is used  
1 Authentication for Distinguished Name Common Name or Subject Alternate Name, the only port  
on the device that will perform IPSec is the one that corresponds to that IP  
address. Using a domain name for the Distinguished Name Common Name or  
Subject Alternate Name does not impose this limitation.  
Window s NT MS-CHAP Although the 11.4 RAS service supports 64 character user names and passwords,  
Authentication any Windows NT user with a password greater than 14 characters long will fail  
MS-CHAP authentication. Per the IETF MS-CHAP v2 draft current versions of  
Windows NT limit passwords to 14 characters.  
Download from Www.Somanuals.com. All Manuals Search And Download.  
Platform Notes  
63  
Platform Notes  
This section describes the supported PC flash memory cards, approved DRAM  
SIMMS, notes, cautions, and other considerations to be aware of when using the  
Enterprise OS software on the various NETBuilder bridge/router and PathBuilder  
platforms. The topics are presented in alphabetical order.  
OfficeConnect In order for OfficeConnect NETBuilder and SuperStack II SI NETBuilder  
NETBuilder and bridge/routers to support selected Enterprise OS software version 11.4 packages,  
SuperStack II the minimum memory requirements must be met for DRAM and FLASH. These  
NETBuilder SI Additional requirements are mentioned in Table 15 and in the Software Features table for the  
Memory Requirements specific platform in 11.4 Software Packages” on page 23. The upgrade kits that  
available to meet these memory requirements are listed in Table 16. New  
equipment shipped pre-loaded with Enterprise OS software version 11.4 has  
adequate DRAM and Flash memory installed prior to shipment.  
Table 15 Memory Requirements for OfficeConnect NETBuilder and SuperStack II NETBuilder SI  
11.4 Dual  
11.4 DRAM  
11.4 FLASH  
Image FLASH  
Platform  
Description  
Package ID  
RW, RE, RS  
JW, JE, JS  
Requirements Requirements Requirements  
OfficeConnect NETBuilder 10  
OfficeConnect NETBuilder  
IP/IPX Router  
IP/IPX Router  
IP/IPX/AT Router  
16MB  
16MB  
16MB  
4MB  
4MB  
8MB  
8MB  
8MB  
12MB  
NW, NE, NS  
Multiprotocol Router  
Boundary Router  
OF, OL, OE, OS 16MB  
8MB  
4MB  
8MB  
12MB  
8MB  
BF  
AF  
16MB  
16MB  
APPN/Connection  
Services Router  
12MB  
SuperStack II NETBuilder SI  
IP/IPX/AT Router  
NW, NE, NS  
16MB  
8MB  
8MB  
Multiprotocol Router  
Boundary Router  
CF, CL, CE, CS 24MB  
12MB  
8MB  
12MB  
12MB  
12MB  
BF  
16MB  
16MB  
APPN/Connection  
Services Router  
AX  
12MB  
Table 16 Order Numbers for Memory Upgrade Kits  
3C# of Kit  
3C8104  
3C8108  
3C8080  
3C8105  
Description  
4MB FLASH for OfficeConnect NETBuilder & SuperStack II NETBuilder SI  
8MB FLASH for OfficeConnect NETBuilder  
8MB DRAM for OfficeConnect NETBuilder  
16MB DRAM for SuperStack II NETBuilder SI  
Approved DRAM SIMMs Table 17 lists 3Com–approved vendors of the 32 MB DRAM SIMM for  
upgrading the NETBuilder II DPE 40 module.  
Table 17 3Com-approved DRAM SIMMs  
Size  
Vendor and Description  
Part Number  
32 MB  
NEC  
MC428000A32B-60  
THM328020S-60  
THM328020B5-60  
72-pin 8Mx32 60 ns page mode  
Toshiba  
Toshiba  
Download from Www.Somanuals.com. All Manuals Search And Download.  
64  
Supported PC Flash Table 18 lists 3Com-approved vendors of the PC flash memory card.  
Memory Cards  
The 20 MB flash memory card has a formatted capacity of 19.86 MB. For dual  
image and full dump capability, 3Com recommends using a 20 MB card used in  
the NETBuilder II bridge/router.  
You can also purchase the blank flash memory card from 3Com:  
DPE 20 MB card is 3C6086  
Table 18 3Com-approved 20 MB Flash Memory Cards  
Vendor and Description  
Intel Series 2  
Part Number  
iMC020FLSA  
iMC020FLSP  
AmC020DFLKA  
Intel Series 2+  
AMD Series D  
Line Error Reporting on The PathBuilder series switch reports FSI CRCs under the path statistics. This entry  
PathBuilder S5xx Series reflects line errors after hardware error assisted recovery has taken place. The  
Sw itch Statistics Display number of actual line errors present before hardware error assisted recovery has  
taken place may be much higher.  
T3 Bandw idth Limitation Due to a driver limitation you cannot combine two T3 paths to double the  
bandwidth.  
MBRI Ow nership During Port ownership and port/path naming inconsistencies can occur as MBRI boards  
Board Sw apping are swapped in and out of a NETBuilder II bridge/router chassis. Replacing an MBRI  
board with a non-MBRI board in the same slot requires that the NETBuilder II  
bridge/router be rebooted. After the bridge/router is rebooted, there are no  
port/path naming problems.  
Multiport MBRI Module The Multiport MBRI module cannot be configured using SNMP.  
SNMP Management  
Token Ring+ Modules The maximum physical frame size that can be forwarded by the Token Ring+  
modules with Enterprise OS software is 4,500 bytes. This software limitation  
affects routing, source route bridging, and transparent bridging.  
Token Ring Auto The Token Ring and Token Ring+ modules may enter the ring at the wrong speed  
Start-up with certain MAU or station configurations. You can manually configure the -PATH  
BAud value to 16,000 or 4,000 to avoid this situation.  
Download from Www.Somanuals.com. All Manuals Search And Download.  

Actron Automobile Parts 9620 User Manual
Agilent Technologies Computer Accessories G1978B User Manual
Agilent Technologies Computer Drive FS4100 User Manual
Aiphone TV Mount AI PN100 User Manual
Alliance Laundry Systems Washer Dryer SWD441C User Manual
Allied Telesis Network Card POTS24 User Manual
Axis Communications Security Camera M3014 User Manual
Axis Communications Security Camera P3346 V User Manual
Behringer Music Pedal AB200 User Manual
Beko Refrigerator CN232230 User Manual