WORKGROUP
REMOTE ACCESS SWITCH
USER’S GUIDE
Release 7.2
Cabletron Systems
(603) 332-9400 phone
(603) 337-3075 fax
support@ctron.com
Download from Www.Somanuals.com. All Manuals Search And Download.
TRADEMARKS
Cabletron Systems, CyberSWITCH, MMAC-Plus, SmartSWITCH, SPECTRUM,
and SecureFast Virtual Remote Access Manager are trademarks of Cabletron
Systems, Inc.
All other product names mentioned in this manual are trademarks or registered
trademarks of their respective companies.
COPYRIGHTS
All of the code for this product is copyrighted by Cabletron Systems, Inc.
© Copyright 1991-1997 Cabletron Systems, Inc. All rights reserved. Printed in the
United States of America.
Portions of the code for this product are copyrighted by the following corporations:
Epilogue Technology Corporation
Copyright 1991-1993 by Epilogue Technology Corporation. All rights reserved.
Livingston Enterprises, Inc.
Copyright 1992 Livingston Enterprises, Inc.
Security Dynamics Technologies Inc.
Copyright 1995 by Security Dynamics Technologies Inc. All rights reserved.
Stac Electronics
Stac Electronics 1993, including one or more U.S. Patents No. 4701745, 5016009,
5126739 and 5146221 and other pending patents.
Telenetworks
Copyright 1991, 92, 93 by Telenetworks. All rights reserved.
FCC NOTICE
This device complies with Part 15 of the FCC rules. Operation is subject to the
following two conditions: (1) this device may not cause harmful interference, and
(2) this device must accept any interference received, including interference that
may cause undesired operation.
NOTE: This equipment has been tested and found to comply with the limits for a
Class A digital device, pursuant to Part 15 of the FCC rules. These limits are
designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment uses,
generates, and can radiate radio frequency energy and if not installed in
accordance with the operator’s manual, may cause harmful interference to radio
communications. Operation of this equipment in a residential area is likely to cause
interference in which case the user will be required to correct the interference at his
own expense.
Workgroup Remote Access Switch
3
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
WARNING: Changes or modifications made to this device which are not expressly
approved by the party responsible for compliance could void the user’s authority
to operate the equipment.
DOC NOTICE
This digital apparatus does not exceed the Class A limits for radio noise emissions
from digital apparatus set out in the Radio Interference Regulations of the
Canadian Department of Communications.
Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les
limites applicables aux appareils numériques de la class A prescrites dans le
Règlement sur le brouillage radioélectrique édicté par le ministère des
Communications du Canada.
VCCI NOTICE
This is a Class 1 product based on the standard of the Voluntary Control Council
for Interference by Information Technology Equipment (VCCI). If this equipment
is used in a domestic environment, radio disturbance may arise. When such
trouble occurs, the user may be required to take corrective actions.
CABLETRON SYSTEMS, INC. PROGRAM LICENSE AGREEMENT
IMPORTANT: Before utilizing this product, carefully read this License Agreement.
This document is an agreement between you, the end user, and Cabletron Systems,
Inc. ("Cabletron") that sets forth your rights and obligations with respect to the
Cabletron software program (the "Program") contained in this package. The
Program may be contained in firmware, chips or other media. BY UTILIZING THE
ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE
TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE
LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO
NOT AGREE TO THE TERMS OF THIS AGREEMENT, PROMPTLY RETURN
THE UNUSED PRODUCT TO THE PLACE OF PURCHASE FOR A FULL
REFUND.
4
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONTENTS
Workgroup Remote Access Switch
5
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
6
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
Workgroup Remote Access Switch
7
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
8
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
Workgroup Remote Access Switch
9
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
10
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
Workgroup Remote Access Switch
11
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
12
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
Workgroup Remote Access Switch
13
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
14
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
Workgroup Remote Access Switch
15
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
16
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
Workgroup Remote Access Switch
17
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
18
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
Workgroup Remote Access Switch
19
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
20
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
Workgroup Remote Access Switch
21
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
22
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
USING THIS GUIDE
The User’s Guide is divided into the following parts:
We begin with an overview of bridging, routing, and specific CyberSWITCH features. Next, we
provide an overview for both the system software and hardware.
In this section of the User’s Guide we provide guidelines for ordering ISDN service in the US, and a
step-by-step description of installing hardware and upgrading software.
We define basic configuration as the configuration needed by most devices. These are the areas of
configuration that will get your system up and running. Note that not all configuration steps in this
part are required. For example, if you are only using bridging, you will have no need to complete
the configuration steps included in the chapter titled Configuring Basic IP Routing.
The CyberSWITCH provides a great variety of security options. For example, you may use device
level security, user level security, or if preferred, no security. You may also perform authentication
of a device/ user in different ways. The security information may be stored on several different
types of databases, either locally or on a variety of remote databases.
System security also allows the configuration of administrative session (Telnet session)
enhancements. This provides secure access to the system along with flexible control.
We define advanced configuration as a way to fine tune your system, or to configure options that
are not necessarily needed by the majority of devices. For example, use this section to configure an
alternate access, or to set up SNMP to manage your system.
Troubleshooting begins with information for verifying your system installation, and continues
with steps to take if there are problems with the installation. Next, it includes a description of
system LED indicators, followed by system messages and trace messages. Each message listing in
these chapters provides the message itself, a message definition, and where appropriate, possible
corrective actions.
In this section, we provide information to help you maintain your CyberSWITCH once it is
operating. System maintenance information includes information regarding remote management,
a chapter on both the system commands and the system statistics, and routine maintenance
procedures.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
The User’s Guide provides the following appendices:
These worksheets are provided to help you gather pertinent information for configuring your
system. We recommend that you print copies of these blank forms and fill in the appropriate
information before you begin configuring your system.
This map provides a guide through the Configuration Editor structure, and may be a helpful
reference when configuring the CyberSWITCH using the CFGEDIT utility.
This appendix provides information for getting assistance if you run into problems when
installing your system. A FAX form is included. You can print this form, fill out the information
requested, and FAX it to Cabletron Systems, using the provided FAX number.
Provides a tabular listing of the system administration console commands and their uses.
Provides a tabular listing of the Manage Mode commands and their uses.
Provides a tabular listing of Q.931 Cause Codes and their meanings. These cause codes may
appear in call trace messages.
DOCUMENTATION SET
This guide, the User’s Guide, provides information to install and configure your system. It also
provides information you may need to refer to keep your system running efficiently after it is up
and running. For example, it provides a listing of system messages. Each message listing provides
a definition of what the message means, and where appropriate, corrective action you can take.
Many other subjects are covered, including routine maintenance, hardware information, system
verification, and problem diagnosis.
This guide is one integral part of the entire documentation set. Please refer to the documents
described below for additional information.
The Example Networks Guide includes several example networks, beginning with a simple network,
and progressing to more complex networks. These example network chapters provide
configuration instructions that you may find helpful in configuring your own similar network.
The Quick Start provides abbreviated installation and configuration instructions for experienced
users. Specific instructions for setting up various types of remote devices are also included.
The RADIUS Authentication User’s Guide describes the setup of the RADIUS server software on a
UNIX-based system. RADIUS (Remote Authentication Dial In User Service) provides multiple
24
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
USING THIS GUIDE
Guide Conventions
systems central database access for security authentication purposes. Instructions for obtaining this
If you have Internet access, you may obtain this guide by following the steps outlined below:
•
Use your Web browser to get to the following address:
http:/ / service.nei.com
•
•
•
From the resulting screen, click on Public.
Click on the Radius directory.
Click on the Docs directory. The guide will be under this directory.
The Release Notes provide release highlights and important information related to this release. The
Release Notes may be displayed during software installation (or upgrade). They may also be
displayed after the system is operating by issuing the list rel_note.txt console command.
GUIDE CONVENTIONS
The following conventions are used throughout the documentation:
System Commands
All system commands (Administration and Manage Mode commands) are italicized, and in a
different font than the general text. For example, if you are instructed to enter the command to test
for proper LAN connections, the command would appear as follows:
lan stats
CFGEDIT SCREENS
Screens that appear on the monitor as you are configuring your system using the CFGEDIT utility
will be displayed using the style shown below:
Main Menu:
1) Physical Resources
2) Options
3) Security
4) Save Changes
Select function from above or <RET> to exit:
MONITOR DISPLAYS
Any messages or text that is displayed on your monitor will be shown in the style below:
LAN Port <port #> is now in the LISTENING state
WAN Port <port #> is now in the FORWARDING state
LAN Port <port #> is now in the LEARNING state
LAN Port <port #> is now in the FORWARDING state
DOCUMENTATION TITLES
All references to CyberSWITCH documentation titles will use the same font as normal text, but will
be italicized. For example, all references to the User’s Guide will appear as:
User’s Guide
Workgroup Remote Access Switch
25
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM OVERVIEW
We include the following chapters in the System Overview segment of the User’s Guide.
Provides the “big picture” view of a CyberSWITCH network. We include an overview of
unique system features, interoperability, security, interfaces, system components, remote
devices, and switches supported.
A description of system platforms.
A description of the CyberSWITCH’s system and administrative software. We also include a
description of system files.
Download from Www.Somanuals.com. All Manuals Search And Download.
THE CYBERSWITCH
Because of the strong personal computer presence in the business environment, a move to
graphical user interfaces, and the need to make the best use of available resources, there is a
growing demand for high speed LAN access for remote devices. PC users need to be part of a work-
group or enterprise LAN, and remote access from home, field offices, and other remote locations
has become a necessity.
With the demand for remote LAN access, the remote device’s requirement for bandwidth has
exceeded the capabilities of traditional analog modems. High-speed digital dedicated lines can
certainly provide sufficient bandwidth for LAN interconnection. However, because of the high
monthly charges associated with dedicated services, the costs are prohibitive for individual users.
New forms of networking are now possible and affordable using the Integrated Services Digital
Network (ISDN). ISDN is being deployed by major telecommunications companies world-wide.
With ISDN services, the costs of LAN interconnection are based on actual usage — the user gets the
bandwidth of dedicated digital service at dial-up prices.
Our products offer internetworking solutions for small businesses as well as large corporations.
THE CYBERSWITCH NETWORK
This particular CyberSWITCH model consists of an embedded communications platform. It uses a
flash file system (instead of a hard disk) and a two-stage boot device to initialize the platform and
download the system software. The system software is preconfigured to allow immediate
connection to a local area network (LAN) or a wide area network (WAN) with Telnet and/ or TFTP
access.
This system is geared toward the small office, supporting two to eight (depending on model)
simultaneous connections. Yet the product offers a small office a variety of internetworking
capabilities.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
File Server
Host
CSX5500
CSX1200
Remote ISDN Bridge
WORKGROUP REMOTE ACCESS SWITCH
BRI
BRI
B-CHANNELS
E1 ONLY
LAN
B1 B3
B2
B5 B7
B6 8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 0
B21 B23
B
B
2
5
B
2
7
B
2
9
B
3
1
POWER
SERVICE
TX
RX 10BASE-T
1
T1
D
B
1
0
1
B
1
B
2
6
2
8
B
3
0
ISDN
BRI
BRI
Workstation
Workstation
Workstation
Workstation
Workstation
PC
(with BRI ISDN TA)
UNIQUE SYSTEM FEATURES
The CyberSWITCH combines unique features that improve cost-effectiveness, reliability, and
performance for wide area network connections to remote devices. These features include:
•
Authentication Servers
Provide a central database for networks with more than one CyberSWITCH. The central
database consists of manageable, informational data (referred to as the Device List or Device
Table). This data is accessed and used for authentication when a new connection is established
to the system.
•
Bandwidth Agility
The system dynamically controls the bandwidth in use between itself and other PPP devices.
This is accomplished by establishing and disconnecting calls. The number of calls is limited
only by the types and number of lines available. The system monitors the connections for
utilization and will add and remove the connections based on user-configurable throughput
parameters. As network bandwidth requirements increase or decrease, the system will
28
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
THE CYBERSWITCH
Unique System Features
automatically adjust the number of network connections. Thus, your network costs will reflect
the actual bandwidth being used.
•
•
Filtering
Allows you to control the flow of frames through the network. Filtering becomes necessary if
you need to restrict remote access or control widespread transmission of sporadic messages.
Customer-defined filters can forward messages based on addresses, protocol, or packet data.
Data Compression
Allows the system to negotiate compression algorithms with another device on the network.
After successfully negotiating compression, data is compressed by the remote device and
transmitted to the system. The system decompresses the data, processes the information
contained in the user data, and forwards the data as required. The system can receive data
coming over a WAN or a LAN, and compress the data before transmitting it to another device
on the network. The net effect is to increase interconnect bandwidth by decreasing
transmission time. If negotiation for compression fails, data is transmitted uncompressed.
•
•
Dial Out Capability
The system will dial out to remote devices. This feature allows the system to accept user data
received on the Ethernet LAN or ISDN network and initiate a data connection to the remote
device specified in the user data. This allows devices on the local LAN to initiate connections
to networks connected to the system over the switched digital network. The system monitors
the connection for utilization and will remove the connection when it becomes idle.
Dynamic Management
Provides a “real-time” management mechanism that allows many system parameters to be
changed without interrupting the current execution state of the system software. This feature
consists of a series of console commands that enable a user to display current system
parameters, change many parameters dynamically, and write changes to disk files so that they
remain permanent.
•
•
High Speed Digital Connections
The system supports 56Kbps and 64Kbps connections to remote locations. These dial-up digital
connections provide reliable high throughput connections for efficient data transfer for the
same cost as analog connections. If any remote devices connected to the system support multi-
link PPP, up to 32 parallel connections can be made at either 56Kbps or 64Kbps.
IP Filters
The IP filters allow you to control the transmission of individual IP packets based on the packet
type. You can specify packet type by IP address (source or destination) or by IP protocol (TCP,
UDP, ICMP).
Once you specify a packet type, two forms of IP filtering are available:
•
Forwarding Filters, applied at discrete points of the IP processing path to determine if a
packet continues its normal processing, and a
•
Connection Filter, which determines if an IP packet requiring a WAN connection may con-
tinue.
•
Packet Capture
In order to monitor incoming LAN data, the CyberSWITCH packet capture feature will allow
you to capture, display, save, and load bridged or routed data packets.
Workgroup Remote Access Switch
29
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
•
•
Protocol Discrimination
It is possible for multiple types of remote devices to use the same line. The system can
determine the device type and the protocol encapsulation used by remote devices.
RS232 Port: Dual Usage
If your installation requires you to process PPP-Async data, this feature allows you to use the
RS232 port for either console access or a serial data connection. This dual usage is possible
through the CyberSWITCH’s support of Autosense mode and Terminal mode:
•
Autosense mode determines whether you are trying to connect using a VT emulation or PPP-
Async, and connects you appropriately. (VT emulation requires you to perform four car-
riage returns to receive a login prompt.)
•
Terminal mode assumes that you only want to connect using VT emulation. A login prompt
is displayed as soon as the connection is made.
•
Security
Security is a key issue for all central site network managers and is a priority with the
CyberSWITCHs. The modules provide high level features that help prevent unauthorized or
inadvertent access to critical data and resources. The modules support extensive security levels
including:
•
•
•
•
•
•
•
•
•
•
PPP PAP and CHAP
User name and password
Calling Line ID (CLID)
Ethernet Address
User Authentication
Device Authentication
SecureFast Virtual Remote Access (SFVRA)
TACACS Client with Radius Server
RADIUS
Security Dynamic’s ACE/ SecurID
•
Simultaneous Connections
The system supports simultaneous connections to multiple locations. These locations can
connect by using different channels on the same line, or they can connect on different lines. This
pooling of lines among many potential locations is more cost effective than alternative point-
to-point lines.
INTEROPERABILITY OVERVIEW
“Interoperability” is the ability to operate and exchange information in a heterogeneous network.
The CyberSWITCH supports interoperability with many different remote devices over ISDN.
INTEROPERABILITY PROTOCOLS
In order to communicate with various remote devices over ISDN, the CyberSWITCH must identify
the device type and the protocol it is using.
The CyberSWITCH supports the following line protocols:
•
•
•
HDLC Ethernet Frames
Ordered Protocol for Ethernet Frames
Point-to-Point Protocol (PPP) Encapsulation for IP Datagrams
30
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
THE CYBERSWITCH
Interoperability Overview
The CyberSWITCH supports the following PPP protocols:
•
•
•
Link Control Protocol (LCP)
Multilink Protocol (MLP)
Authentication Protocols
Challenge Handshake Authentication Protocol (CHAP)
Password Authentication Protocol (PAP)
Network Control Protocols (NCP)
•
Internet Protocol Control Protocol for TCP/ IP (IPCP)
Internetwork Packet Exchange Control Protocol for IPX (IPXCP)
Bridge Control Protocol for bridges (BCP)
Compression Control Protocol (CCP)
AppleTalk Control Protocol (ATCP)
•
•
The CyberSWITCH supports the following AppleTalk protocols:
•
•
•
•
•
•
•
•
EtherTalk Link Access Protocol (ELAP)
AppleTalk Address Resolution Protocol (AARP)
PPP AppleTalk/ AppleTalk Control Protocol (ATCP)
Datagram Delivery Protocol (DDP)
Routing Table Maintenance Protocol (RTMP)
AppleTalk Echo Protocol (AEP)
Name Binding Protocol (NBP)
Zone Information Protocol (ZIP)
INTEROPERABILITY DEVICES
Remote devices that may connect to the CyberSWITCH include the following:
•
•
MAC Layer Bridges
IP Host Devices
•
•
•
IP Router Devices
IPX Routers
AppleTalk Routers
MAC layer bridges connect to the system using the HDLC bridge encapsulation line protocol.
These devices send transparently bridged Ethernet frames to the system. MAC layer bridges do not
process network layer protocols. They forward all packets based on source and destination MAC
addresses.
IP Host devices are single workstations or PCs that connect to the system at the IP network layer.
These devices use either the RFC1294 based protocol or PPP to communicate with the system.
IP router devices are single devices that represent many other IP hosts and routers to the system.
They must use the CHAP or PAP protocol to identify themselves to the system. IP routers usually
provide IP network address information at connection time (and use PPP to send user data to the
system).
IPX routers are single devices that perform network layer tasks (addressing, routing, and
switching) to move packets from one location on the network to another. IPX routers use the
Internetwork Packet Exchange (IPX) protocol, typical of the NetWare environment.
AppleTalk routers route AppleTalk datagrams based on address information. They support the
following protocols: RTMP, NBP, and ZIP.
Workgroup Remote Access Switch
31
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
SECURITY OVERVIEW
The system provides several options for validating remote devices and for managing network
security. The security options available are dependent on the remote device type, type of access,
and the level of security required.
Levels of security include no security, device level security, user level security, and multi-level
security. Device level security is an authentication process between devices, based on protocol and
preconfigured information. Security information is configured either in the system’s On-node
Device Database, or in a central database such as the VRA Manager. Here the network
administrator specifies all of the security information for each individual user. A portion of this
information is used to identify the remote device. The remaining data is used to perform user
validation after user identification has been completed.
User level security is an interactive process. It is currently supported on the system through the
TACACS or ACE server programmed for use with security token cards. With user level security,
the potential network user explicitly connects to the server and must properly “converse” with it
in order to connect with other devices beyond the server.
Important to user level authentication is the security token card. This card, programmed in
conjunction with the authentication server, generates random passwords. These passwords must
be supplied correctly at system login time, or access to the network will be denied. The security
token cards should be issued to each user on the network to properly maintain system integrity.
Multi-level security provides device level security for all remote devices. Individual devices may
be configured for user level authentication as well. In this case, device level authentication takes
place between the system and the remote device. Then a specific user must initiate user level
authentication by starting a Telnet session. Both levels of authentication must be satisfied before
traffic can pass.
NETWORK INTERFACE OVERVIEW
The network interface is the physical connection of the CyberSWITCH to a data network. For
example, the Ethernet resource in the system provides a network interface to an Ethernet LAN. The
ISDN lines in the system provide network interfaces to multiple remote networks. Because of their
switched nature, the ISDN lines provide virtual network interfaces. That is, the same physical ISDN
line can actually connect to different remote networks by dialing a different phone number.
The CyberSWITCH provides a set of network interfaces that give you a wide range of flexibility.
The network interfaces provided by the system are:
•
•
•
•
•
•
•
LAN IP Network Interface
LAN IPX Network Interface
WAN IP Network Interface
WAN (Direct Host) IP Network Interface
WAN RLAN IP Network Interface
WAN RLAN IPX Network Interface
WAN (UnNumbered) Network Interface
32
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
THE CYBERSWITCH
System Components
The variety of network interfaces allows the installation of a wide range of devices at remote sites.
As illustrated below, you can simultaneously choose bridges, routers, or host devices based on the
specific remote site requirements.
192.1.1.2
Host
(or Router)
192.1.1.3
Router
100.1.1.2
(or Host)
128.1.1.3
Host
Remote
Bridge
100.1.1.3
ISDN
128.1.1.2
Host
WAN
Interface
192.1.1.1
Remote
Bridge
RLAN Interface
100.1.1.1
WAN Direct Host
Interface
WORKGROUP REMOTE ACCESS SWITCH
B-CHANNELS
E1 ONLY
LAN
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
5
B
2
7
B
2
9
B
3
1
POWER
SERVICE
TX
RX 10BASE-T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
LAN Interface 128.1.1.1
In the diagram above, the LAN Interface 128.1.1.1 is attached to the IP network 128.1.0.0. The WAN
Direct Host Interface represents LAN Interface 128.1.1.1 and allows the remote IP hosts to share the
network address space of 128.1.0.0. The WAN Interface 192.1.1.1 is logically attached to the IP
network 192.1.1.0. The RLAN Interface 100.1.1.1 is logically attached to the IP network 100.1.1.0.
SYSTEM COMPONENTS
The major components of the CyberSWITCH are:
•
System hardware consisting of a platform and an administration port provided by the
platform.
•
Four main categories of system software:
The boot device gains control at power-up. It runs diagnostics, downloads new versions of
operational software, and prepares the host processor for execution of operational software.
The flash file system stores a compressed image of operational software and I/ O system
software. It also stores other necessary files for configuration and information storage.
The operational software provides system functionality, such as download and initialization of
the I/ O subsystem. The I/ O subsystem handles LAN I/ O.
•
Remote ISDN devices which interoperate with the system and allow device access to network
resources.
More detailed descriptions of system software and hardware are included in the next two chapters.
The following section describes remote ISDN devices.
Workgroup Remote Access Switch
33
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
REMOTE ISDN DEVICES
The CyberSWITCH provides a centralized concentrator function for remote ISDN devices. The
devices can be separated into the following categories:
•
•
•
•
remote ISDN bridge devices
PC based terminal adapters
ISDN enabled workstations
other ISDN routers
Typical remote ISDN bridges provide one Ethernet port and one basic rate ISDN port. The basic
rate port is connected to the switched digital network and is used to make connections to the
CyberSWITCH. The Ethernet port is used to connect to a remote LAN. The remote bridge device
sends Ethernet frames from devices on the remote LAN over the switched network.
PC-based terminal adapters connect to a remote personal computer and use the switched digital
network to connect to the system. The terminal adapter sends network protocol specific frames
from the host PC device over the switched network.
Workstation-based terminal adapters connect to a workstation and use the switched digital
network to connect to the system. The terminal adapter sends network protocol specific frames
from the workstation over the switched network.
34
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
THE CYBERSWITCH
Switches Supported
SWITCHES SUPPORTED
Switch types supported by the CyberSWITCH’s basic rate and primary rate ISDN adapters:
Type of Switch
Basic Rate
NA
Primary Rate
Yes
AT&T #4ESS
AT&T #5ESS
AT&T Definity
AT&T Legend
NET3
Yes
Yes
Yes
Yes
Yes
NA
Yes
NA
NET5
NA
Yes
NT DMS 100
NT DMS 250
NT SL-100
NTT
Yes
Yes
NA
Yes
Yes
Yes
Yes
Yes
NI-1
Yes
NA
TS013
Yes
NA
TS014
NA
Yes
1TR6
Yes
Yes
Switch support may vary from country to country. Use the following as a guideline:
Country
Australia
Germany
Switches supported
(BRI lines)
Switches supported
(PRI lines)
TS013
NET3
TS014
NET5
1TR6
1TR6
NET3
NET5
Japan
NTT
NTT
United States
AT&T 5ESS
AT&T Definity
AT&T Legend
NT DMS 100
NI-1
AT&T 4ESS
AT&T 5ESS
AT&T Definity
NT DMS 100
NT DMS 250
NT SL-100
International
NET3
NET5
Workgroup Remote Access Switch
35
Download from Www.Somanuals.com. All Manuals Search And Download.
HARDWARE OVERVIEW
The CyberSWITCH is an embedded communications platform. It uses a flash file system (instead
of a hard disk) and a two-stage boot device to initialize the platform and download system
software. System software is preconfigured to allow immediate connection via a Local Area
Network (LAN) or Wide Area Network (WAN) with Telnet and/ or TFTP access. The software can
also be accessed via the RS232 port on the system, and a terminal-emulation software package.
The CyberSWITCH offers flexibility. With its internetworking capabilities, you may use it as a
stand-alone device to service small businesses. Or, you may use it as a router with a larger “hub,”
fielding data packets and forwarding them.
The CyberSWITCH works with a mix of bridges, routers, hosts, PCs, and workstations. These
combinations provide internetworking capabilities that will allow LAN-to-LAN applications such
as telecommuting, electronic mail, multi-media transmission, imaging, and CAD.
This chapter includes safety considerations and a description of Workgroup CyberSWITCH
platforms and modules.
SAFETY CONSIDERATIONS
The CyberSWITCH contains a lithium battery to support its time-keeping functions. It is a long-
lasting battery, and was not intended to be user-replaceable. In the unlikely event that you have a
problem with the battery, contact your distributor for replacement.
CAUTION: Danger of explosion if battery is incorrectly replaced. Replace only with the same or
equivalent type recommended by the manufacturer. Discard used batteries according
to the manufacturer’s instructions.
Download from Www.Somanuals.com. All Manuals Search And Download.
HARDWARE OVERVIEW
System Platforms
SYSTEM PLATFORMS
THE CSX1000 AND NE LINK 1000 (A NETWORK EXPRESS PRODUCT)
The following table summarizes the CSX1000 and NE Link 1000 platform options.
Model
# Ports
# Connections
two connections
two connections
four connections
eight connections
CSX1001
one BRI port
one BRI port
two BRI ports
four BRI ports
NE Link 1000-B2
NE Link 1000-B4
NE Link 1000-B8
The platform shown below, the NE Link 1000 B8 platform, supports four BRI ports or eight
connections. The B2’s front panel is similar, but has one bank of WAN LED indicators for its single
BRI line.The B4’s front panel is also similar, but has two banks of WAN LED indicators for its two
BRI lines.
Line
Line
Line
Line
LAN
RX
2
1
3
4
CH-1
CH-2
CH-1
CH-2
CH-1
CH-2
CH-1
CH-2
Power
Network
Express
Service
TX
10BASE
-
T
SYNC D-CHAN
SYNC D-CHAN
SYNC D-CHAN
SYNC D-CHAN
NELINK-1000
CAUTION
!
FOR CONTINUED PROTECTION
AGAINST RISK OF FIRE,
REPLACE
INPUT
85-250V 47-63 1.6A MAX
ONLY WITH SAME TYPE AND
RATING OF FUSE.
-
BRI (Termination switches behind plate; see diagram
FUSE TYPE: IEC 127/ III RATED F1.6AL-250V
CONSOLE
AUI
10Base-T
The NE Link 1000 B8
Workgroup Remote Access Switch
37
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
The CSX1001, shown below, is equivalent to the NE Link 1000 B2.
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
SYNC
AGI
CAUTION
!
FOR CONTINUED PROTECTION
AGAINST RISK OF FIRE,
REPLACE
INPUT
85-250V 47-63 1.6A MAX
ONLY WITH SAME TYPE AND
RATING OF FUSE.
-
BRI (Termination switches behind plate; see diagram
FUSE TYPE: IEC 127/ III RATED F1.6AL-250V
CONSOLE
AUI
10Base-T
The CSX1001
PLATFORM DESCRIPTION
The NE Link 1000 and CSX1000 platforms consists of two processors (the 80386 EX and the 80960
SA), system memory, and interface adapters. The front of the platforms have a series of LED
indicators. These indicators light up to indicate power, service, LAN access, and WAN access. On
the back of the platform is the ON/ OFF switch, connectors for power, the LAN, the WAN, and an
administration port for local or remote administration console attachment. There is a fan housed in
the rear of the platform, as well as side venting on the unit.
The front panel has a series of indicators. The POWER indicator will remain lit while the unit is on.
There are also LAN, WAN, and service indicators. For a more detailed description of each LED
The unit’s ON/ OFF switch is located in the upper right corner of the back panel. Directly below
this switch are the AC power input and fuse box. Note that the unit requires a 250V, 5 x 20 mm time-
lag fuse rated at 1.6 amps. The back panel also provides connectors for WAN and LAN access, as
well an RS232 port for an administration console. The RS232 port is also available for PPP-Async
data transfer. The fan grill on the back panel, as well as the venting on the side panel, should not
be obstructed.
38
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
HARDWARE OVERVIEW
System Platforms
The two connectors available for LAN access are the AUI Ethernet and the 10Base-T. Only one of
the two ports may be activated at a time. If you attempt to use both, the system hardware
automatically defaults to the 10Base-T port. Note that the AUI port has a slide-latch mechanism to
lock that connection into place.
The back panel also provides connectors for BRI lines. Depending upon platform option,
connectors are available for one, two, or four BRI lines (providing from two to eight connections).
These lines are identified by the numbers 1 through 4 stamped on the plate adjacent to the port. The
plate can be removed by taking out the two screws. Underneath this plate are one, two, or four pairs
of DIP switches (again, option dependent). These switches control the terminating resistors for the
Basic Rate Interface and should be set in the same direction. If the switches are UP, the switches are
“on,” meaning the resistors for the connector are providing termination for the BRI line. In the
event that both switches are not set in the same direction, improper operation may result. Note that
the system is shipped with the switches activated (ON). For further clarification, refer to the
following illustration.
BRI port, plate on:
Screws which secure plate
BRI port, plate off:
line 4 switches
line 3 switches line 2 switches
line 1 switches
If both switches in pair are in UP position, switches are ON.
ON
switches 3&4 control line 1 (ON in illustration)
switches 1&2 control line 2 (ON in illustration)
For the B2 platform option, switches 3&4 control line 1;
switches 1&2 are not used.
1
2
3
4
For all types of connections, there must be terminating resistors at each end of the line. For a Point-
to-Point connection, the 1000 platform is at the end of the line, so these DIP switches must be ON
to provide proper termination. In a Point-Multipoint connection, DIP switch settings are dependent
upon the physical configuration of the line. If the 1000 platform is at the end of the line, the
terminating resistors should be activated (DIP switches ON). If another device at the end of the line
is providing termination, the 1000 platform’s terminating resistors should be deactivated (DIP
switches OFF).
Workgroup Remote Access Switch
39
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Refer to the following figure, which illustrates a BRI Point-Multipoint configuration.
Telephone Company
Workstation
(Terminating resistor OFF)
ON
1
2
3
4
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
CH
SYNC
AGI
NT-1
(Terminating resistor ON;
end of the line)
(Terminating resistor ON;
end of the line)
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LAN
RX 10BASE-T
POWER
SERVICE
TX
CH-1
CH-2
D-CH
SYNC
AGI
(Terminating resistor OFF)
Telephone
(Terminating resistor OFF)
OFF
1
2
3
4
SYSTEM CHARACTERISTICS
Physical Characteristics:
Height:
Width:
Depth:
Weight:
76.2 mm (3 in)
304.8 mm (12 in)
228.6 mm (9 in)
approximately 3.2 kg (7 lb)
Environmental Characteristics:
Operating Temp:
0° to 40° C (32° to 104° F)
Operating Humidity:
Operating Altitude:
Non-operating Shock:
Storage Temperature:
5–95% non-condensing
3000 m maximum (10,000 ft maximum)
50 G, 11 ms, 1/ 2 sinewave
-40° to 85° C (-40° to 185° F)
Electrical Characteristics
Voltage:
AC Power Input:
100-125 VAC/ 200-240 VAC
50/ 60 Hz
1.0/ 0.5 amps, 250V
50 watts maximum
Frequency:
Fuse:
Power:
Note: Main circuit card fuse labeled F1 is rated at 0.5A 63V. This fuse protects the 12V
AUI circuitry on the main board. This fuse is a factory serviceable item only.
40
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
HARDWARE OVERVIEW
System Platforms
Regulatory Compliance:
Meets or exceeds the following:
Safety:
UL 1950, CSA C22.2 No. 950, EN 60950, IEC 950,
and 72/ 23/ EEC
EMI:
FCC Part 15, EN 55022, CSA 108.8, EN 50082-1,
VCCI V-3, and 89/ 336/ EEC
Workgroup Remote Access Switch
41
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
THE CSX1200
The following table summarizes the CSX1200 platform options.
Model
# Ports
# Connections
2 connections
8 connections
CSX1201
CSX1204
CSX1223
one BRI port
four BRI ports
one PRI port
23 T1 connections or
30 E1 connections
The platform shown below is the PRI version of the CSX1200 (the CSX1223). Note that all CSX1200’s
WORKGROUP REMOTE ACCESS SWITCH
B-CHANNELS
E1 ONLY
LAN
B1 B3
B2 B4
B5 B7
B6 B8
B9 B11
B13 B15
B17 B19
B18 B20
B21 B23
B22 B24
B25 B27
B29 B31
POWER
SERVICE
TX
RX 10BASE-T
E1
D
T1
D
B10 B12
B14 B16
B26 B28
B30 L1
S
L
O
T
4
S
L
O
T
3
SLOT
1
SLOT
2
AIS
RAI
LOF
LOS
CONSOLE
AUI
10Base-T
CSX1223 - PRI Version
42
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
HARDWARE OVERVIEW
System Platforms
Below we illustrate the front panel of the CSX1204 - the four port BRI version of the CSX1200.
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
AGI
CSX1204 - BRI Version
PLATFORM DESCRIPTION
The CSX1200 platform was designed to provide distributed network access for a branch office or
small central site. The CSX1200 is based on the NE Link 1000 platform with two major additions.
The NE Link 1000 is available only with a BRI interface, whereas the CSX1200 is available with
either a BRI or a PRI interface. Also, unlike the NE Link 1000, the CSX1200 includes two slots for
Refer to the NE Link 1000 platform description for information relevant to the CSX1200’s BRI
version.
The chassis of the CSX1200’s PRI version is similar to the BRI version with the following
differences:
•
the line LEDs are labeled differently (front panel), reflecting the differences between PRI and
BRI lines
•
•
the PRI version has an extra bank of LEDs on its back panel
there is no removable plate over the PRI connector (no DIP switches to set for the PRI version)
SYSTEM CHARACTERISTICS
Physical Characteristics:
Height:
76.2 mm (3 in)
Width:
304.8 mm (12 in)
Depth:
228.6 mm (9 in)
Weight:
approximately 3.2 kg (7 lb)
Environmental Characteristics:
Operating Temp:
5° to 40° C (41° to 104° F)
Operating Humidity:
Operating Altitude:
Non-operating Shock:
Storage Temperature:
5 to 95% non-condensing
3000 m maximum (10,000 ft maximum)
50 G, 11 ms, 1/ 2 sinewave
-30° to 90° C (-22° to 194° F)
Workgroup Remote Access Switch
43
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Electrical Characteristics
AC Power Input:
100-125 VAC/ 200-240 VAC
50/ 60 Hz
1.0/ 0.5 amps, 250V
50 watts maximum
Voltage:
Frequency:
Fuse:
Power:
Note: Main circuit card fuse labeled F1 is rated at 0.5A 63V. This fuse protects the 12V
AUI circuitry on the main board. This fuse is a factory serviceable item only.
Regulatory Compliance
Meets or exceeds the following:
Safety:
UL 1950, CSA C22.2 No. 950, EN 60950, IEC 950,
and 72/ 23/ EEC
EMI:
FCC Part 15, EN 55022, CSA 108.8, EN 50082-1,
VCCI V-3, and 89/ 336/ EEC
CABLING INFORMATION
The following sections provide cabling information for the following accesses:
LAN ACCESS
The CyberSWITCH’s internal Ethernet interface provides direct support for a single Ethernet (or
802.3) LAN, which allows remote routing of LAN data. Since the system is a factory-customized
product, there is no need to install specific adapter boards. Access to the LAN is very simple via
connectors on the system’s back panel. Connections to the Ethernet LAN may be made either
through the 15-pin AUI connector (10Base5) or the RJ45 connector (10Base-T). A 10Base2
connection is also possible with the AUI connector by using a 10Base2 conversion MAU. Once a
particular connection is made to either the AUI or the 10Base-T, the system’s LAN interface
hardware activates that connection.
For coax connections, a Media Access Unit (MAU) is required for the LAN port on the
CyberSWITCH. This is not normally included with our product. To reiterate, the options for
connection are:
1. 10Base-T (Twisted Wire Ethernet) RJ-45
2. 10Base5
3. 10Base2
(Thick Ethernet)
(Thick Ethernet)
AUI
AUI
External MAU required
10Base2 conversion MAU required
An AUI cable can be used between the Ethernet LAN adapter and the MAU. The AUI cables (as
well as the MAU) are not shipped with our product.
44
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
HARDWARE OVERVIEW
System Platforms
For informational purposes, here are the pin list and signal assignments for the 10Base-T LAN
connector:
Pin
Signal
Function
1
Transmit +
2
3
Transmit -
Receive +
4
5
6
NC
NC
No Connect
No Connect
Receive -
7
8
NC
NC
No Connect
No Connect
Note: The 10Base-T connector and the WAN connector are both RJ45 connectors. However, they
do have different electrical interfaces. Take care to keep these separate.
BACK-TO-BACK SETUP
A back-to-back setup allows you to connect a CyberSWITCH to a PC (or other device) using 10Base-
T and without going through the LAN Hub. In order to accommodate such a setup, you will need
a 10Base-T crossover patch cord. (This patch cord plugs into the 10Base-T LAN port on the
CyberSWITCH, and then directly connects to the other device). This patch cord should be
terminated with two RJ 45 connectors, with the following wire crossover:
Ethernet 10Base-T Crossover Patch Cord
wht/ora
1
2
4
5
3
6
7
8
1
2
4
5
3
6
7
8
ora/wht
wht/blu
blu/wht
wht/grn
grn/wht
wht/brn
brn/wht
12345678
12345678
Workgroup Remote Access Switch
45
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
WAN ACCESS
Since the CyberSWITCH is a factory-customized product, there is no need to install specific adapter
boards in order to access the WAN. Connections for the internal BRI interface are made at the sys-
tem’s back panel. On the B2, a basic rate line will connect to the RJ-45 connector labeled 1. On the
B4, up to two basic rate lines will connect to the ports labeled 1 and 2. On the B8, up to four basic
rate lines will connect to the ports labeled 1 through 4.
For informational purposes, the pin list for the BRI connector follows:
Pin and Signal Assignment for the RJ-45 Connector
Pin
1
Signal
NC
Function
No Connect
2
NC
No Connect
3
TX + to Network
RX + from Network
RX - from Network
TX - to Network
NC
Transmit to Line (T)
Receive from Line (T)
Receive from Line (R)
Transmit to Line (R)
No Connect
4
5
6
7
8
NC
No Connect
Note: The 10Base-T connector and the WAN connector are both RJ45 connectors. However, they
do have different electrical interfaces. Take care to keep these separate.
Basic Rate Interface
Accessing services such as NTT's INS-64, BOC's Centrex Basic Rate ISDN, or PBX's basic rate lines
is possible using the system’s BRI interface.
Each BRI port on the system provides two 64 Kbps channels for data and a 16Kbps signaling
channel (2B+D). Both B channel connections can be active at the same time, to the same or different
destinations.
The internal BRI interface provides up to four 4-wire S/ T interfaces with separate RJ-45 connectors.
It uses external NT1s (when necessary) to connect to the public ISDN. External ISDN terminal
adapters are not needed.
In Japan, NTT provides a dedicated service called High Speed Digital-I that uses the same BRI
interface. This can be either a 64Kb or 128Kbps leased circuit. The BRI interface supports from one
to four HSD-I circuits, depending on the model.
46
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
HARDWARE OVERVIEW
System Platforms
ADMINISTRATION CONSOLE ACCESS
The Console connector is an RS232 connector which provides dedicated asynchronous connection.
This async connection is available for administration console management or PPP-Async data
transfer. The internal RS232 interface is preconfigured for DTE, providing a male 9-pin port
connector for the administration console hook-up. The default baud rate is 9600.
For informational purposes, the pin list for the console follows:
Pin and Signal Assignment for the RS232 Connector(s)
Pin
1
Signal
CD
Function
Carrier Detect
Receive Data
2
RXD
TXD
DTR
GND
DSR
RTS
CTS
RI
3
Transmit Data
Data Terminal Ready
Ground
4
5
6
Data Set Ready
Request to Send
Clear to Send
Ring Indicator
7
8
9
Workgroup Remote Access Switch
47
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
SYSTEM MODULES
THE CSX1200-E11-MOD
The CSX1200-E11-MOD is an internal 11 port Ethernet hub option card for the CSX1200 family. The
CSX1200-E11-MOD is available for both the BRI (CSX1201, CSX1204) and PRI (CSX1223) models.
The CSX1223 is shown below.
WORKGROUP REMOTE ACCESS SWITCH
B-CHANNELS
E1 ONLY
LAN
B1 B3
B2 B4
B5 B7
B6 B8
B9 B11
B13 B15
B17 B19
B18 B20
B21 B23
B22 B24
B25 B27
B29 B31
POWER
SERVICE
TX
RX 10BASE-T
E1
D
T1
D
B10 B12
B14 B16
B26 B28
B30 L1
11
10
9
8
7
6
5
4
3
2
1
S
L
O
T
4
S
L
O
T
3
SLOT
1
SLOT
2
AIS
RAI
LOF
LOS
CONSOLE
AUI
10Base-T
CSX1223 with CSX1200-E11-MOD
The internal hub addition provides affordable LAN device connectivity. The backplane has eleven
RJ-45 modular jacks. Ten of those jacks may be used to connect to PCs. One jack is used to provide
the internal hub with LAN connectivity to the CSX1200 device (see following graphic).
48
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
HARDWARE OVERVIEW
System Modules
11
10
9
8
7
6
5
4
3
2
1
S
L
O
T
4
S
L
O
T
3
SLOT
1
SL
2
AIS
RAI
LOF
LOS
CONSOLE
A
10Base-T
LAN
Connectivity
PC Connectivity
The hub is equipped with LANVIEW LEDs. These LEDs are comprised of three types: receive, link,
Workgroup Remote Access Switch
49
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
THE CSX1200-U4-MOD
The CSX1200-U4-MOD is a U-interface option card for the CSX1200 family. This module is only
relevant for applications in North America, since North American telephone companies typically
do not provide the needed U-interface conversion. The CSX1200-U4-MOD performs the function
of an external NT1, and is available for the BRI (1201, 1204) CSX1200 models. Below, we show the
module installed in a CSX1223.
WORKGROUP REMOTE ACCESS SWITCH
B-CHANNELS
E1 ONLY
LAN
B1 B3
B2 B4
B5 B7
B6 B8
B9 B11
B13 B15
B17 B19
B18 B20
B21 B23
B22 B24
B25 B27
B29 B31
POWER
SERVICE
TX
RX 10BASE-T
E1
D
T1
D
B10 B12
B14 B16
B26 B28
B30 L1
S
L
O
T
4
S/T
U
S/T
U
S/T
U
S/T
U
S
L
O
T
4
3
2
1
3
SLOT
1
SLOT
2
CONSOLE
AUI
10Base-T
CSX1223 with CSX1200-U4-MOD
The module consists of four pairs of numbered RJ45 ports. To activate the installed module, you
must properly connect the CSX1200 BRI ports to the corresponding S/ T interface ports on the U4
Installation chapter.
This module is also equipped with four NT1 Status LEDs to indicate the status of each of the ports.
50
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SOFTWARE OVERVIEW
OVERVIEW
The CyberSWITCH software provides:
•
system software for the CyberSWITCH, LAN and WAN interfaces, and administration
functions
•
system files containing configuration and operational information
This chapter provides an overview for each of the above software categories.
SYSTEM SOFTWARE
Included with each CyberSWITCH is a CD containing upgrade software and utility software. (Note
that initial system software is factory-installed). The following system software files are available
on the CD:
upgrade.osw
All the system files needed for upgrading the CyberSWITCH are combined in this file.
defltcfg.osw
All of the system files needed to return your system configuration to the factory default are
combined in this file.
SYSTEM FILES
The CyberSWITCH uses a flash file system (instead of a hard disk) and a two-stage boot device to
initialize the platform and download the system software. The flash file system basically performs
the same as a hard disk, but it has no drive letter. Just as on a hard disk, the flash file has directories
with files.
CONFIGURATION FILES
The configuration files store the configuration data. These files are located in the system’s
\configdirectory. You can maintain these files by using the CFGEDIT configuration utility,
which is delivered with the system. You can also make changes to these files through Manage
Mode.
The configuration files associated with the system are:
network.nei
This configuration file contains information about the switched network.
devdb.nei
This file contains the On-node Device Database configuration information about each remote
device.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
node.nei
This configuration file contains node-specific information like resources, lines, CyberSWITCH
operating mode and security options, along with the Throughput Monitor Configuration
information. If enabled, SNMP configuration information is also in this file.
lan.nei
This file contains configuration information used when the bridge is enabled. This file also contains
information for the Spanning Tree protocol used for the bridge. Information from this file is
configured and used only when the bridge is enabled.
ip.nei
This file contains configuration information used when the IP routing is enabled. This file also
contains information regarding network interfaces, RIP, and static routes. Information from this file
is configured and used only when the IP routing is enabled.
ipx.nei
This file contains configuration information used when the IPX routing is enabled. This file also
contains information regarding network interfaces, RIP, and static routes. Information from this file
is configured and used only when the IPX routing is enabled.
filter.nei
This file contains all filter configuration information (bridge, hardware, and IP). This file is new to
Release 7.2 software, but is compatible with previous software versions, which contained filter
information in the lan.neiand/ or ip.neifiles. With Release 7.2 configuration changes and
configuration file updates, this filter information will be moved to filter.nei.
atalk.nei
This file contains configuration information used when AppleTalk Routing is enabled. This file also
contains information regarding ports and static routes. Information from this file is configured and
used only when the AppleTalk routing is enabled.
sdconf.rec
This is not a system file; it is a configuration file delivered on the ACE Server. However, you may
TFTP this file to the system’s \configdirectory as an alternate method of providing the system
with ACE Server configuration information.
OPERATIONAL FILES
While the CyberSWITCH is running, it collects system statistics and logs system messages. The
system maintains these statistics and messages in two separate memory-resident tables. The ten
most recent versions of each table are available on the system disk.
You can retrieve and view the current memory-resident tables at any time by using the following
console commands:
dr
ds
This command will display system messages.
This command will display system statistics.
You can write the tables to disk by using the following commands:
wr
ws
This command will write the current system messages to disk.
This command will write the current system statistics to disk.
Note: When the system is shut down, the tables are automatically written to disk.
52
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SOFTWARE OVERVIEW
System Files
The system stores the tables in ASCII format files on the System disk. When the system writes
system messages to disk, it stores them in the following location:
Directory:
File Name:
\log
rprt_log.nn
Where “nn” is an integer that is incremented each time a new file is written.
When the system writes system statistics to disk, it stores them in the following locations:
Directory:
File Name:
\log
stat_log.nn
Where “nn” is an integer that is incremented each time a new file is written.
USER LEVEL SECURITY FILES
As administrator, you may create a welcome banner file as well as a message-of-the-day file to
display at login with user level security. Neither file should exceed the limits of 80 characters in
width and 21 lines in length, and must reside in the \configdirectory. The creation of these files
is optional; if you choose to use them, create the files, and TFTP them to the CyberSWITCH.
welcome.nei
This file contains the text of the administrator-defined welcome banner. It is displayed when a user
initiates a network login.
motd.nei
This file contains the text for the administrator-defined message of the day. It is displayed when the
user is validated after log-in.
Workgroup Remote Access Switch
53
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM INSTALLATION
We include the following chapters in this segment of the User’s Guide:
Provides guidelines for ordering ISDN service in the United States.
Step-by-step instructions for installing hardware components.
Provides a description of the possible ways to access the CyberSWITCH (for diagnostic
purposes, or for software upgrade).
A description of the software upgrade process.
Download from Www.Somanuals.com. All Manuals Search And Download.
Workgroup Remote Access Switch 55
Download from Www.Somanuals.com. All Manuals Search And Download.
ORDERING ISDN SERVICE (US ONLY)
OVERVIEW
This chapter was designed to be a guideline for ordering ISDN service in the United States.
For BRI ISDN Service:
If your service providers does not support either types of codes, or, if you are using a non-NI-1 line,
For PRI ISDN Service:
ORDERING NI-1 LINES USING EZ-ISDN CODES
If you are using a NI-1 switch type and your service provider supports EZ-ISDN codes, we
recommend using the EZ-ISDN 1 code. EZ-ISDN 1 provides alternate circuit-switched voice/ data
on both B-Channels. There is a CSV/ D terminal associated with each of the B-channels.
The B-channels will be given a unique primary directory number capable of making/ receiving one
circuit-switched voice or circuit-switched data call. Additionally, calling line Id is also supported.
ORDERING NI-1 LINES USING NI-1 ISDN ORDERING CODES
If you are using a NI-1 switch type and your service provider supports ordering codes, we
recommend NI-1 ISDN Capability Package I. This package includes circuit-switched data on two B
channels. Data capabilities include Calling Line Id. No voice capabilities are provided. The lack of
voice feature may save you money. However, package K or M will also work.
ORDERING BRI ISDN LINES USING PROVISIONING SETTINGS
If your service provider does not support EZ-ISDN or ISDN Ordering Codes, or you are using a
non-NI-1 line, use this section when ordering your BRI ISDN line.
When the phone company installs the line, they assign it certain characteristics. These are different
depending on the type of ISDN switch to which the line is attached. AT&T’s 5ESS NI-1 and
Northern Telecom’s DMS100 NI-1 are among the most popular.
When ordering an ISDN line, there are general steps to follow that apply to all types, and there are
steps specific to your line type. The general steps to follow are:
1. Contact your service provider to determine the type of available switch.
2. Ask your service provider for the available types of ISDN services.
Download from Www.Somanuals.com. All Manuals Search And Download.
ORDERING ISDN SERVICE (US ONLY)
Ordering BRI ISDN Lines using Provisioning Settings
If the AT&T 5ESS switch type is available, the ISDN services available will be one of the
following:
•
•
NI-1
Custom Point-to-Point
If Northern Telecom DMS-100 switch type is available, the ISDN services available will be one
of the following:
•
•
NI-1
DMS-100 Custom
3. Refer to section in this document that applies to your service type.
ISDN line.
5. If necessary, provide your service provider with the appropriate provisioning settings in this
document.
6. After installation, make sure you have the following information:
•
•
•
switch type
telephone numbers
SPIDs
The following sections provide provisioning settings for your specific service type.
PROVISIONING SETTINGS FOR AT&T 5ESS SWITCHES
The ISDN services supported by AT&T 5ESS switches are as follows (in order of preference of
usage):
The sections below provide the settings for each 5ESS service type. Note that your service provider
may not be able to offer all of the features listed.
Workgroup Remote Access Switch
57
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
AT&T 5ESS NI-1 SERVICE
Note that some of the elements below are set per directory number. With NI-1 Service, you will
typically have two directory numbers.
AT&T #5ESS NI-1 Service
Provisioning Element
Term Type
CSV
Setting
A
1
CSV ACO
CSV limit
CSV NB limit
CSD
unrestricted
2
1
1
CSD ACO
CSD limit
CSD NB limit
EKTS
unrestricted
2
1
no
yes
ACO
58
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
ORDERING ISDN SERVICE (US ONLY)
Ordering BRI ISDN Lines using Provisioning Settings
AT&T 5ESS CUSTOM POINT-TO-POINT SERVICE
Note that some of the elements below are set per directory number. With Custom Point-to-Point
Service, you will have two directory numbers.
AT&T Custom Point-to-Point Service
Provisioning Element
Term Type
CA
Setting
E
1
CA quantity
CSV
1
0
CSV CHL
CSV limit
CSD
no
2
2
CSD CHL
CSD limit
DSL CLS
any
2
PP
Workgroup Remote Access Switch
59
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
PROVISION SETTINGS FOR NORTHERN TELECOM DMS-100 SWITCHES
The ISDN services supported by Northern Telecom DMS-100 switches are as follows (in order of
preference of usage):
1. NI-1
2. Custom Service
The sections below provide the settings for each DMS-100 service type. Note that your service
provider may not be able to offer all of the features listed.
NORTHERN TELECOM DMS100 NI-1 SERVICE
Note that you must set either EKTS or ACO to yes. You may not set both of them to yes.
Northern Telecom DMS100 NI-1 Service
Provisioning Element
signaling
Setting
functional
2
PVC
TEI assignment
maxkeys
dynamic
3 is preferable
1-64 is acceptable
release key
ringing indicator
EKTS
no
no
no
ACO
yes
number of call
appearances
2 is standard
number may vary depending
on voice features ordered
notification busy limit
LCC
1
(always one less than number
of call appearances)
ISDNKSET
60
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
ORDERING ISDN SERVICE (US ONLY)
Ordering BRI ISDN Lines using Provisioning Settings
NORTHERN TELECOM DMS100 CUSTOM SERVICE
Note that you must set either EKTS or ACO to yes. You may not set both of them to yes.
Northern Telecom DMS100 Custom Service
Provisioning Element
signaling
Setting
functional
1
PVC
TEI assignment
maxkeys
dynamic
3 is preferable
1-64 is acceptable
release key
ringing indicator
EKTS
no
no
no
yes
2
ACO
number of call
appearances
LCC
version
CS
ISDNKSET
functional
yes
PS
no
BASIC INFORMATION FOR ORDERING PRI ISDN LINES
ISDN Primary Rate is a communications service that allows the system to make up to 23
connections over a single line. It uses a 4-wire T1 line that carries 24 channels, each providing 64000
bps bandwidth. The service uses channels 1 to 23 as bearer (B) channels to carry connections
between two systems. The 24th channel is used for signaling information (the data link).
The customer should request the following options for a Primary Rate Line that is connected
directly to a CyberSWITCH:
•
•
•
•
•
•
B8ZS encoding
ESF framing
all channels should be Circuit Switched Data
Hunt Group (if desired)
call bandwidth supported (56Kbps, 64Kbps, and/ or 384Kbps)
CLID (calling line Id); usually there is no charge for this
In order to connect to the Primary Rate line, the customer needs a Channel Service Unit (CSU),
which is now integrated into the CyberSWITCH. If the line is provided by a LEC or IXC, the CSU
is required by the phone company to protect the phone network from any problems with customer
Workgroup Remote Access Switch
61
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
premise equipment. At the time that the line is ordered, the customer may be asked for the FCC
registration number for the CyberSWITCH that is being used.
The cabling between the wall jack and the CyberSWITCH is very important, and is also where most
problems occur. The system’s PRI RJ-45 adapter uses the international standard of pins 3, 4, 5, and
6 for transmit and receive. Most T1 lines in the United States use the traditional 1, 2, 4, and 5 pins.
We provide an RJ-45 to RJ-45 Adapter that will convert between the two wiring systems.
When the line is installed, the customer must ask the phone company the following questions:
1. What are the phone numbers for the line? (There may be more than one.)
2. Do I need to use any prefix when I dial? (For example, “9” for a Centrex line.)
3. What type of switch is the line connected to?
4. For #4ESS, what release of software is running on the switch?
When the phone company installs the line, they assign it certain characteristics (sometimes called
translations). These are different depending on the type of ISDN switch to which the line is
attached. The customer must know what type of switch is being used.
The following table provides correct settings for important configuration options.
Option
Local Bell Operating Company
AT&T
Network
U.S. Sprint &
MCI
Type of Switch
Encoding
#5ESS
B8ZS
ESF
DMS100
B8ZS
ESF
#4ESS
B8ZS
ESF
DMS250
B8ZS
ESF
Framing
Network
Facilities
NA
NA
SDS or
Call-By-Call
NA
Echo
NA
NA
NA
OFF
Cancellation
(Disabled)
62
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
HARDWARE INSTALLATION
PRE-INSTALLATION REQUIREMENTS
Before you begin the installation process, be sure to:
•
•
Choose a suitable setup location
Make sure the location is dry, ventilated, dust free, static free, and free from corrosive
chemicals
Verify system power requirements
Voltage Range
Current and Frequency
85-264 V
.6 A
47-63 Hz
The appropriate standard power cord is supplied with the system. The power supply will
accept any input voltage from 85 to 264 volts without the need to select a voltage range.
•
Verify cabling requirements
The cabling shipped with your system should include:
•
•
BRI/ PRI/ LAN patch cables, 5 meters each.
RS232 cable, 1.8 meters. This is for the console port. This cable is a 9-pin female to 9-pin
female null modem cable. Jack screws are included.
Note: The BRI/ PRI/ LAN cables are straight-through CAT5 patch cables. The quantity
shipped varies, based on device requirements. These cables are not distinguished
from each other in the carton.
We provide a cable for the 10Base-T port since it is typically used for the LAN connection.
However, if you plan to use the AUI port instead, you must provide your own cabling and
MAU for this connection. If you need additional cabling (other than what was shipped),
contact your distributor.
•
Verify administration console requirements
In order to install system software, you must have a PC or workstation available. (One is
not provided with the system.) This PC or workstation will connect up to the system via
the RS232 port. You will also need a communications package that supports terminal
emulation software (in order to transfer software to the system).
For details on software installation, refer to the Software Installation chapter.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
INSTALLING THE CSX1200-E11-MOD
The CSX1200-E11-MOD (E11) is an internal 11 port Ethernet hub option card for the CSX1200
family. The CSX1200-E11-MOD can be installed in the BRI (1201, 1204) and PRI (1223) CSX1200
models.
To help eliminate any potential problems during or after installation, please be sure to read and
understand all instructions in this section and in the release notes supplied with the E11.
Only qualified personnel should perform installation procedures.
!
To avoid damage due to static discharge, use the antistatic wrist strap supplied
with the E11 and observe all antistatic precautions during this procedure. Failure
to do so could result in damage to the CSX1200, E11, or both.
CAUTION
The E11 can be installed in either of the two slots at the top, rear of the CSX1200 chassis. To install
the E11:
1. Power down the CSX1200.
2. Attach one end of the antistatic wrist strap to your wrist and the other end to an approved
electrical ground.
3. Unpack the E11 carefully, first removing it from the shipping box, then removing its protective
bag. Do not cut the bag, this could damage the module. If there are any signs of damage, contact
Cabletron Support.
4. Remove the CSX1200’s cover plate.
5. Holding the sides of the E11, align the E11 with the guide rails on the chassis, as shown below.
Ensure that the port numbers on the E11 faceplate are aligned correctly.
6. Slide the E11 into the chassis until it is completely seated. Be sure the E11 slides in straight.
7. Secure the E11 to the chassis by tightening the E11 faceplate screws.
S
L
O
T
11
10
9
8
7
6
5
4
3
2
1
4
S
L
O
T
3
SLOT
1
SLOT
2
AIS
RAI
LOF
LOS
AUI
10Base-T
CONSOLE
64
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
HARDWARE INSTALLATION
Installing the CSX1200-U4-MOD
INSTALLING THE CSX1200-U4-MOD
The CSX1200-U4-MOD (U4) is a U-interface option card for the CSX1200 family. The CSX1200-U4-
MOD can be installed in the BRI (1201, 1204) CSX1200 models.
To help eliminate any potential problems during or after installation, please be sure to read and
understand all instructions in this section and in the release notes supplied with the U4.
Only qualified personnel should perform installation procedures.
!
To avoid damage due to static discharge, use the antistatic wrist strap supplied
with the U4 and observe all antistatic precautions during this procedure. Failure
to do so could result in damage to the CSX1200, U4, or both.
CAUTION
The U4 can be installed in either of the two slots at the top, rear of the CSX1200 chassis. To install
the U4:
1. Power down the CSX1200.
2. Attach one end of the antistatic wrist strap to your wrist and the other end to an approved
electrical ground.
3. Unpack the U4 carefully, first removing it from the shipping box, then removing its protective
bag. Do not cut the bag, as this could damage the module. If there are any signs of damage,
contact Cabletron Support.
4. Remove the CSX1200’s cover plate.
5. Holding the sides of the U4, align the U4 with the guide rails on the chassis, as shown below.
Ensure that the port numbers on the U4 faceplate are aligned correctly.
6. Slide the U4 into the chassis until it is completely seated. Be sure the U4 slides in straight.
7. Secure the U4 to the chassis by tightening the U4 faceplate screws.
S
L
O
T
4
S
L
O
T
S/T
U
S/T
U
S/T
U
S/T
U
3
4
3
2
1
AUI
10Base-T
CONSOLE
Workgroup Remote Access Switch
65
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
CABLING
Note that the module consists of four pairs of numbered RJ45 ports; you must properly connect the
CSX1200 BRI ports to the corresponding U4 S/ T interface ports of each pair on the module. We
provide four 6-inch, category 5, twisted-pair cables (with RJ45 connectors) for this purpose:
1. Using the twisted-pair cables, connect BRI port 1 to the S/ T interface port labelled number 1,
BRI port 2 to S/ T interface port number 2, and so on. The module then converts the S/ T
interface to a U interface for each pair of ports.
2. Next, use the category 5 straight-through interface cables (with RJ45 connectors) to link the U-
port in each pair to the service provider’s ISDN jack.
Note: For network safety, use only 26AWG or heavier (i.e., a lower numerical value) cable for all
CSX1200 and U4 interfaces.
TELEPHONE
SWITCH
S
L
O
T
4
ST
U
ST
U
ST
U
ST
U
S
L
O
T
4
3
2
1
3
SLOT
1
SLOT
2
CONSOLE
AUI
10Base-T
66
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
ACCESSING THE CYBERSWITCH
OVERVIEW
This chapter describes accessing your CyberSWITCH, which includes:
MAKING CONNECTIONS
There are a number of ways to make a connection to the system, which include:
•
•
•
•
direct connection using a terminal
null-modem connection using a null-modem cable and a PC
remote connection using Telnet
remote connection using modems and a remote PC
All connections but the Telnet connection use the serial port (labeled COMMPORT or Console) on
the back of the system. The Telnet connection is made through the system’s ISDN line.
DIRECT CONNECTION
This is the simplest connection; you merely connect up an ASCII terminal to the Console port. How-
ever, this method can only be used to configure or manage the system. To install or upgrade system
software, you must use the null-modem connection.
NULL-MODEM CONNECTION TO A PC
To install or upgrade system software, you must use a PC or workstation to connect to the system.
Since the CyberSWITCH does not have a CD-ROM drive, you must upgrade or install the software
through an attached PC, UNIX workstation, or any device that meets the following requirements:
•
•
•
provides an RS232 terminal program
has X-Modem communications capability (required for software upgrade only)
has ASCII transfer capability (required for SSB recovery)
Any computer or terminal that meets these requirements and connects to the administration port
on the system can operate as an administration console.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Using the provided RS232 null modem cable, attach an administration console to the system. The
administration port is a 9-pin, male RS232 serial adapter as shown below:
CAUTION
!
FOR CONTINUED PROTECTION
AGAINST RISK OF FIRE,
REPLACE
INPUT
85-250V 47-63 1.6A MAX
ONLY WITH SAME TYPE AND
RATING OF FUSE.
-
BRI (Termination switches behind plate; see diagram
FUSE TYPE: IEC 127/ III RATED F1.6AL-250V
AUI
10Base-T
CONSOLE
RS232 Adapter
Connect one end of a null modem cable to the console port on the CyberSWITCH, and the other
end to the communication port on the PC. On the PC you must then execute a communication
package to emulate a terminal (VT100). Your communication package should support file transfer
(Xmodem and ASCII) for software upgrades and installations.
Use the following default values for your communication package:
Baud rate
Parity
Data bits
Stop bits
Duplex
9600
None
8
1
Full
CHANGING THE BAUD RATE
The baud rate is changeable. The default rate performs well for configuration changes. A faster rate
is useful, however, to download new software upgrades to your system.
To change the baud rate through CFGEDIT:
1. Select Physical Resources from the main menu.
2. Select Data Line from the physical resources menu.
3. Follow the instructions to make changes to the ASYNCMDM.
4. When asked, enter the baud rate you want to use.
5. Step through the remaining parameters. The last entry will ask you if you would like to save
your changes. Answer yes.
6. To make the new baud rate effective, restart the system (with the restart command).
7. Change the communications package you are using to the same baud rate.
68
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
ACCESSING THE CYBERSWITCH
Making Connections
REMOTE CONNECTION USING TELNET
You can access the CyberSWITCH with Telnet. To do this, you must use Telnet client software.The
CyberSWITCH has default IP addresses configured to allow Telnet access. The default LAN IP
address is 1.1.1.1. To access the CyberSWITCH you must set the device’s IP address to be on the
same subnet as the CyberSWITCH. We recommend that you use 1.1.1.2 and do this on a LAN that
is not connected to the internet. Then place the CyberSWITCH on the LAN and Telnet to the
address.
This default address allows immediate access to the system for installation purposes. Be sure to
change this IP address as soon as possible to one on your local subnet.
Note: Do NOT place more than one CyberSWITCH on a LAN with the default setting. With both
having the same IP address, unpredictable results will occur.
You may also Telnet in via the WAN connection. The general procedures are:
1. Connect the system to the (WAN) ISDN line.
2. From a remote device that supports unnumbered IP connections, dial in as a PPP CHAP device
USER1 (USER1 as secret). Provide Telnet with the CyberSWITCH address.
3. From a remote device only supporting numbered IP connections, set up an IP Address 2.2.2. 3
and have it dial as a PPP CHAP device USER2 (USER2 as secret). Provide Telnet with the
CyberSWITCH address of 2.2.2.2.
After you make a Telnet connection, you will be presented with a login prompt. Proceed to
REMOTE CONNECTION USING A MODEM
In order to establish an administration session via an analog line, you must have a preconfigured
modem for attachment to the CyberSWITCH. Note that the modem is NOT configurable through the
CyberSWITCH! The modem must be configured to a baud rate that is either equal to or less than
that of the CyberSWITCH.
Once the modem is properly configured, attach it to the serial port of the CyberSWITCH. You may
now access the CyberSWITCH through a remote PC and modem by dialing into the modem
attached to the CyberSWITCH. Note that the CyberSWITCH supports dual usage of its serial port
for either async-PPP data transfer or administration console management. Async-PPP data transfer
(through autosense mode) is the default.
To establish an administration console session from the remote site, the remote user must type four
carriage returns within five seconds of call connection. Refer to Resources and the background
Workgroup Remote Access Switch
69
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
ESTABLISHING AN ADMINISTRATION SESSION
If a login prompt is displayed after the power-on initialization, the system software was preinstalled.
Complete the login:
1. The login controls which class of commands the user can access. Each access level (guest or
administrator) is protected by a unique login password. This allows managers to assign
different responsibility levels to their system users. Enter the following login:
admin
101 different login names, from admin and admin00 to admin99. These different login
names must be configured on the off-node server in order to function properly. For
local administration access, only the guest and the singular admin login access levels are
valid.
2. All preinstalled systems are preconfigured with the same password. This is the password that
is used the first time a login occurs. Using all lowercase letters, enter the preconfigured
password as shown below:
admin
3. It is recommended that the preconfigured password be changed to a user-defined password.
To do this, enter the following command at the system prompt:
pswd
Follow the prompts to change the current password. A password must be a 3 to 16 nonblank
character string. Passwords are uppercase and lowercase sensitive.
Note: User-level security is not available at time of initial installation and configuration.
However, once this option is configured, you will have additional security steps before
Configuring Security Level chapter for more information.
If a DOS prompt is displayed after the power-on initialization, the software has not been preinstalled.
You must first boot up with diskette #1 before continuing:
1. Insert software diskette #1 into the system diskette drive.
2. Reboot the CyberSWITCH.
At this point, if you need to install new or upgraded software, refer to the Upgrading System Software
chapter. If software has been preinstalled by your distributor, skip to Configuration Tools chapter to
begin the configuration process.
POWERING ON
1. Ensure that the POWER-ON button is in the OFF position for both the administration console
and the CyberSWITCH.
2. Ensure that the administration console is properly connected to the administration port on the
CyberSWITCH (an RS232 cable attached to each machine through the RS232 serial adapters).
70
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
ACCESSING THE CYBERSWITCH
Powering On
3. Plug the system’s power cord into a grounded electrical outlet. An appropriate standard power
cord is supplied with the system for your specific country.
4. Turn on the administration console, and execute the communications program so that your
terminal emulator accesses the RS232 port connected to the system.
5. Turn on the system by pressing the POWER-ON switch located on the back of the machine. The
power light emitting diode (LED) on the front panel confirms the power supply is functioning
properly.
6. During power-on initialization, the First Stage Boot (FSB) displays a brief inventory of the
system. The FSB then writes the following message to the administration console:
Waiting for Commands:
During initial installation, no commands need to be entered at this point. Once this message is
displayed, the system waits 10 seconds before proceeding with the Second Stage Boot (stored
in flash memory). If this message is not displayed, and the Service LED is blinking, refer to the
LED Indicators chapter for instructions.
7. When the Second Stage Boot (SSB) begins executing, it performs a series of diagnostic tests
called the power-on self tests (POSTs). Nothing is displayed while these tests are running
unless a failure is detected. In the unlikely event of a failure, messages are displayed on the
console screen. Immediately after the POSTs have been completed, a summary of available
resources and system information is displayed similar to the following:
SSB Ver: 001.003.001
4 MBytes DRAM Detected.
3 MBytes Flash Detected.
512 KBytes I/O DRAM Detected.
512 KBytes BUF DRAM Detected.
If no First Stage Boot commands were entered, and valid system software is detected, the
Second Stage Boot begins to load the system software. Dots (...) are displayed to indicate
progress. The display will look like the following:
Booting System Software...............
Successfully Loaded Release 7.1 Issue 8
8. Log-in and password prompts will be displayed after completion of power-on initialization
(approximately 15 seconds after the “Booting System Software” message):
Administration session active
Enter login id:
The log-in for the system controls which class of commands users can access. A unique log-in
password protects each access level (“guest” or “administrator”). This lets managers assign
different responsibility levels to system users. Enter the following login:
admin
9. Follow the prompts to enter a new password. A password must be a 3 to 16 character string
without blanks. Passwords are case sensitive. If your software was previously accessed by your
distributor, your password will be admin (in lower case).
Workgroup Remote Access Switch
71
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
ACCESSING THE RELEASE NOTES
The Release Notes provide release highlights and important information related to this release that
should be reviewed before you begin the system’s installation and configuration.
The Release Notes are located on CD, and they are also located on the system’s FLASH file system.
The Release Notes on CD are located in the REL_NOTE.TXT file. This file is a DOS text file you can
read on a DOS machine. Insert the CD into the drive, change to the proper directory, and enter the
following command at the DOS prompt:
[CD-ROM drive]:\ [platform directory][ISDN standard directory][option directory]> type
REL_NOTE.TXT | more
For example, if your CD-ROM is designated as drive D, the platform you are installing is a
CSX1200, you are using US ISDN standards, and have purchased the IPX option, you would use
the following path:
D:\ CSX1200\ US\ IPX> type REL_NOTE.TXT | more
The release notes located on the system’s FLASH file system are also in a file called
REL_NOTE.TXT. To display the release notes on the system, enter the following command at the
system prompt:
[product name]> LIST REL_NOTE.TXT
72
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
UPGRADING SYSTEM SOFTWARE
OVERVIEW
This chapter describes how to install system software onto the CyberSWITCH. Instructions are
included for the following actions:
The following sections provide instructions to help you complete each of these actions.
UPGRADING SOFTWARE
An upgrade of system software may involve the upgrade of two components: the second stage boot
(SSB) and the operational software (OSW). For most upgrades, if you have a working SSB, you will
only need to upgrade the OSW. If the new OSW requires an upgraded SSB, you will be alerted in
the Release Notes.
The CyberSWITCH offers two different methods of upgrade—local and remote.
•
is performed via the administration console attached to the system’s RS232 port).
grade is performed over the network using Telnet and TFTP).
•
For countries other than Japan, upgrade files are located on the CSX1200 CD. Refer to the immedi-
ately following section for CD file structure information.
For Japan, refer to the CSX1200 CD for documentation only. Note that Japanese upgrade files are
provided on diskettes. Keep this in mind while reading through the following file structure and
upgrade instructions.
CD FILE STRUCTURE
The CSX1200 CD contains installation, user documentation and upgrade files. The CD file structure
is as follows:
Directory
Contents
<ROOT>\
installation program files (SETUP.*)
CSX1200 user documentation and Acrobat reader
\ CSXDOCS\
\ product name\ country or switch-
type\ protocol or access package
UPGRADE.OSW, DEFLTCFG.OSW, RECOVER1,
RECOVER2, REL_NOTE.TXT
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
For system upgrade, you will need to follow a specific upgrade path (\ product name\ country or
switchtype\ protocol or access package). This path not only depends upon product, but also the ISDN
Standard you will be using, the software options you have purchased, and in many cases, the
switch type. For example:
•
If you are installing a CSX1223 in a geographical area that uses US ISDN standards, and you
have purchased the IP/ IPX software option, use the files found in the \ CSX1223\ US\ ipipx di-
rectory.
•
If you are installing a CSX1204 using a NET3 international switch, and have purchased the IP,
IPX, AppleTalk and Frame Relay options, use the files found in the \ CSX1204\ intnet3\ ipipx-
at.fr directory.
The following chart lists possible upgrade path directories. For more information on the switches
Product
Country or
Switchtype
Directories
CSX1201
USA
NET3
1TR6
TS013
csx1201\ us\ ipipx
\ ipipx.fr
\ ipipx.x25
\ ipipxat
\ ipipxat.fr
\ ipipxat.pkt
\ ipipx.pkt
\ ipipxat.x25
CSX1201
CSX1201
CSX1201
csx1201\ intnet3\ ipipx
\ ipipx.fr
\ ipipx.x25
\ ipipxat
\ ipipxat.fr
\ ipipxat.pkt
\ ipipx.pkt
\ ipipxat.x25
csx1201\ int1tr6\ ipipx
\ ipipx.fr
\ ipipx.x25
\ ipipxat
\ ipipxat.fr
\ ipipxat.pkt
\ ipipx.pkt
\ ipipxat.x25
csx1201\ intts013\ ipipx
\ ipipx.fr
\ ipipx.x25
\ ipipxat
\ ipipxat.fr
\ ipipxat.pkt
\ ipipx.pkt
\ ipipxat.x25
74
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
UPGRADING SYSTEM SOFTWARE
Upgrading Software
CSX1204
CSX1204
CSX1204
CSX1204
CSX1223
CSX1223
USA
NET3
1TR6
TS013
USA
csx1204\ us\ ipipx
\ ipipx.fr
\ ipipx.x25
\ ipipxat
\ ipipxat.fr
\ ipipxat.pkt
\ ipipx.pkt
\ ipipxat.x25
csx1204\ intnet3\ ipipx
\ ipipx.fr
\ ipipx.x25
\ ipipxat
\ ipipxat.fr
\ ipipxat.pkt
\ ipipx.pkt
\ ipipxat.x25
csx1204\ int1tr6\ ipipx
\ ipipx.fr
\ ipipx.x25
\ ipipxat
\ ipipxat.fr
\ ipipxat.pkt
\ ipipx.pkt
\ ipipxat.x25
csx1204\ intts013\ ipipx
\ ipipx.fr
\ ipipx.x25
\ ipipxat
\ ipipxat.fr
\ ipipxat.pkt
\ ipipx.pkt
\ ipipxat.x25
csx1223\ us\ ipipx
\ ipipx.fr
\ ipipx.x25
\ ipipxat
\ ipipxat.fr
\ ipipxat.pkt
\ ipipx.pkt
\ ipipxat.x25
NET5
csx1223\ intnet5\ ipipx
\ ipipx.fr
\ ipipx.x25
\ ipipxat
\ ipipxat.fr
\ ipipxat.pkt
\ ipipx.pkt
\ ipipxat.x25
Workgroup Remote Access Switch
75
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
CSX1223
1TR6
csx1223\ int1tr6\ ipipx
\ ipipx.fr
\ ipipx.x25
\ ipipxat
\ ipipxat.fr
\ ipipxat.pkt
\ ipipx.pkt
\ ipipxat.x25
CSX1223
TS014
csx1204\ intts014\ ipipx
\ ipipx.fr
\ ipipx.x25
\ ipipxat
\ ipipxat.fr
\ ipipxat.pkt
\ ipipx.pkt
\ ipipxat.x25
If you choose to install this CD information onto your hard drive, it will be placed under the
following base directory:
([drive]:\ Program Files\ Cabletron Systems, Inc.\ )
Note that these files will be specific to the configuration options you choose during installation.
LOCAL SOFTWARE UPGRADE
with the update of the OSW.
LOCAL UPGRADE OF THE SECOND STAGE BOOT (SSB)
1. Restart the CyberSWITCH.
2. When “Waiting for Commands:” appears on the system screen, enter the following command:
recover
3. Wait for the system to respond with the prompt “Ready for Hex Download”. Using your
communications program:
•
Select ASCII to be the protocol used for the file transfer. Note that your communications
program may use other terminology in place of “ASCII,” for example, some programs use
“Send as a text file.”
•
Change character spacing to “0”. (This may be called by another name in some
communications packages. For example, some programs call it character pacing.)
Set line spacing (or pacing) to “0”.
Insert the CSX CD into the CD drive of your administration console.
Enter the name of the file to be transferred, using the complete pathname. For example,
D:\CSX1204\US\IPIPX\RECOVER1.
•
•
•
4. You will receive a message if the upgrade completes successfully. The system will then
automatically reboot.
76
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
UPGRADING SYSTEM SOFTWARE
Upgrading Software
LOCAL UPGRADE OF THE OPERATIONAL SOFTWARE (OSW)
To locally upgrade the operational software (OSW) of your system, follow these steps:
1. Change the CyberSWITCH system’s baud rate to be the fastest baud rate supported by your
change the baud rate.
2. Login to the CyberSWITCH as admin.
3. At the system prompt, enter the command:
flash update
This message is displayed:
>flash update
WARNING: You are about to restart the system.
You should allow 30 seconds before a system restart occurs.
Do you still wish to restart (Y or N)?
4. At this time you should press “Y” <RET>. After 30 seconds, you will see the startup messages.
5. When it displays the download message, “Ready for Xmodem Download,” return to your
communication program and use the “XMODEM” protocol for the software download.
6. Enter the name of the file that is to be downloaded, using the complete pathname. For example,
D:\CSX1204\US\IPIPX\UPGRADE.OSW.
Note: Your terminal program may display a character for the NAK control code, typically the
character “§“. This will be displayed every second until the download has started.
7. After the file has been downloaded, the system will reboot automatically and load using the
new software.
REMOTE SOFTWARE UPGRADE
Note: For security purposes, we recommend that you disable the TFTP Server after the upgrade
is complete.
The following remote upgrade procedure is supported for version 1.1.1 or newer of the Second
Stage Boot (SSB), and software release 1.2 or greater of the Operational Software (OSW). If you are
unsure of the version of software currently running on your CyberSWITCH, issue the ver
command to display this information.
To remotely upgrade the system, you are required to have a PC/ workstation that is connected to
the system’s network. It must have the following features:
•
•
•
ability to read CDs
TELNET client
TFTP client
Workgroup Remote Access Switch
77
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
To perform a remote upgrade, first upgrade to the latest SSB, if required, then upgrade the OSW.
The Release Notes will indicate whether or not the SSB needs to be upgraded.
Note: If, during a remote upgrade, the compressed file set cannot be uncompressed into the Flash
File System due to a lack of space, the compressed file set will not be deleted from the Flash
File System and the previous version of the OSW will be booted. If the OSW determines
there is a compressed file set (a file suffix of .OSW) in the Flash File System, then the
following message is logged in the system log:
OSW, <OSWFileName>, found in the Flash File System. The OSW has not been
updated from this file due to insufficient Flash File System space.
Please delete unnecessary files from the system.
It is possible that you will not have enough room in the \ SYSTEMdirectory to TFTP the
upgrade file to the system. In this case:
•
•
Delete all files in the directory except nex.binand iop.bin.
Issue a flash reclaimcommand to gain the lost space (this will destroy the backup
copy of your configuration, you will be unable to issue restore command unless you
have saved at least one set of changes).
•
If the upgrade still fails, delete the nex.binand iop.binand again reclaim the space.
Your upgrade should now work. IMPORTANT: Do not restart the CyberSWITCH until
the upgrade is complete.
If you are upgrading from a previous version of system software, the above message will
not be displayed. In this case, the system continually restarts, attempting to install the OSW
package each time.
REMOTE UPGRADE OF THE SECOND STAGE BOOT (SSB)
WARNING:
If power is lost on the remote CyberSWITCH during this process, a local upgrade of the
SSB may be necessary before the system can again function.
To remotely upgrade the SSB, follow these steps:
1. Telnet to the CyberSWITCH and login as admin.
3. Using the TFTP client on the remote workstation, TFTP the recover1file to the
CyberSWITCH in binary mode. Be sure to use the file’s full pathname (for example:
D:\CSX1204\US\IPIPX\RECOVER1). The exact method to transfer varies, depending upon
your TFTP client.
4. At the system prompt, recover the SSB by issuing the following command:
flash recover
The system will ask you if you are sure you want to remotely recover the SSB, and warn you
of the potential risk in case of a power failure while the SSB is being recovered. Answer “yes”
to the prompt. The window of vulnerability ends after 5 or 10 seconds, when the system tells
you that the SSB was successfully recovered.
78
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
UPGRADING SYSTEM SOFTWARE
Upgrading Software
5. After the recovery, delete the file by issuing the command:
del \system\recover1
6. Recover lost space with the command:
flash reclaim
Console Messages during SSB Upgrade:
Message
Suggested Action
can’t open recover file
If you entered a filename after the flash recover
command, makes sure that the file exists on the system.
If you did not enter a filename, make sure that
\ SYSTEM\ RECOVER 1 exists on the system.
not enough DRAM to
create binary image
Remove DRAM-greedy activities on the system, such as
connections to other devices, compression, and
authentication. Reboot if necessary.
error in recovery file
Make sure that the recover file that you are using is
correct. Delete, Recover, and reTFTP if necessary.
Unable to remotely
recover SSB
Hardware failure in the boot device. Contact your
distributor immediately for a replacement.
successfully updated
The SSB has been successfully updated.
REMOTE UPGRADE OF THE OPERATIONAL SOFTWARE (OSW)
To remotely upgrade the operational software, follow these steps:
1. From the PC/ workstation, Telnet to the CyberSWITCH and login as admin.
2. Verify that the system is ready to receive TFTP upgrades:
•
•
Enter MANAGE MODE by typing manage<RET> at the system prompt.
Using the MANAGE MODE command tftp, verify that:
•
•
•
TFTP feature is enabled
TFTP server is enabled
TFTP server is assigned ADMIN file access rights
•
•
Using the MANAGE MODE command fileattr, verify that:
•
•
ADMIN has READ/ WRITE access to CONFIG files
ADMIN has READ/ WRITE access to OTHER files
Exit MANAGE MODE by typing exit<RET>.
3. Using the TFTP client on the remote workstation, TFTP the UPGRADE.OSWfile to the
CyberSWITCH in binary mode. Be sure to include the file’s full pathname (for example:
D:\CSX1204\US\IPIPX\UPGRADE.OSW). The exact method to transfer varies, depending
upon your TFTP client.
Note: If you experience a transmission timeout, check the retransmission setting on the TFTP
package. A retransmission rate of 10 seconds is usually sufficient; values less than that
may not work properly.
Workgroup Remote Access Switch
79
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
If you experience a problem transferring the file with TFTP, wait about three minutes
for the TFTP to fail, delete the incomplete file, and try again.
4. Using Telnet, reboot the system by issuing the command:
restart
It should take approximately 3 minutes for the system to restart and install the upgrade.
5. Login via Telnet and type the vercommand to confirm that the system software upgraded
correctly. If the upgrade did not occur, check the system log with the drcommand to find any
potential problems, and retry.
CHANGE DEFAULTS TO SECURE SYSTEM
The system is preconfigured with defaults that were designed to make it possible to have your
system up and running quickly. After your machine is functioning properly, some of these defaults
should be changed to make your system more secure. The following configuration changes are
needed to provide this security:
1. Either delete User1 and User2 or change their names and secrets.
Use Dynamic Management’s manage mode to carry out either of these functions. To enter the
manage mode, type manageat the system prompt. If you have no need for these types of
devices (PPP devices), simply delete these two devices. At the manage mode prompt, enter the
following command:
device delete
Follow the onscreen instructions for deleting each device.
To change the preconfigured devices’ names and secrets to secure the access to the system,
enter the following command at the manage mode prompt:
device change
Follow the prompts to change the device name and secret for User1 and User2. After you have
either deleted or changed the device information, make these changes permanent by entering
the commitcommand
2. Disable TFTP Server.
Disable through Dynamic Management’s manage mode. This will secure important device
information. Device information must be secure to prevent unauthorized access to the
CyberSWITCH. To disable this access, enter the following command at the manage mode
prompt:
tftp change
Then follow the onscreen instructions to disable the TFTP feature.
80
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
UPGRADING SYSTEM SOFTWARE
Return Configuration to Factory Defaults
3. Change the admin and guest system passwords.
If your system was previously accessed by your distributor, the preconfigured password will
be admin (in lower case). Change this password to secure your system. To make this change,
enter the following command at the system prompt:
pswd
Then follow the prompts to enter a new password. Your password must be a 3 to 16 nonblank
character string. Be careful, passwords are uppercase and lowercase sensitive.
RETURN CONFIGURATION TO FACTORY DEFAULTS
The default configuration files are located on the CSX1200 CD. If you wish to return to the
default configuration, download the DEFLTCFG.OSWfile. Follow the same steps for Local or
Remote Upgrade except download the file DEFLTCFG.OSWinstead of the UPGRADE.OSWfile.
ACCESSING THE RELEASE NOTES
The Release Notes provide release highlights and important information related to this release that
should be reviewed before you begin the system’s installation and configuration.
The Release Notes are located on CD as well as on the system’s FLASH file system.
The Release Notes on CD are located in the REL_NOTE.TXT file. This file is a DOS text file you can
read on a DOS machine. Insert the CD into the drive, change to the proper directory, and enter the
following command at the DOS prompt:
[CD-ROM drive]:\ [platform directory][ISDN standard directory][option directory]> type
REL_NOTE.TXT | more
For example, if your CD-ROM is designated as drive D, you are installing a CSX1204, using US
ISDN standards and the IP/ IPX option, you would use the following path:
D:\ CSX1204\ US\ IPIPX> type REL_NOTE.TXT | more
Workgroup Remote Access Switch
81
Download from Www.Somanuals.com. All Manuals Search And Download.
BASIC CONFIGURATION
We define basic configuration as the configuration needed by most users. Basic configuration will
get your system up and running. Note that not all configuration steps in this part are required. For
example, if you are only using bridging, you will have no need to complete the configuration steps
included in Configuring Basic IP Routing.
We include the following chapters in the Basic Configuration segment of the User’s Guide:
A description of the configuration tools provided for configuring the CyberSWITCH.
Instructions for configuring your system’s lines and resources.
Instructions for configuring your system’s basic bridging information. Basic bridging includes:
enabling/ disabling bridging and bridge dial-out.
Instructions for configuring your system’s basic IP routing information. Basic IP routing
includes enabling/ disabling IP, IP operating mode, network interfaces, static routes, and
enabling/ disabling IP RIP.
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURATION TOOLS
OVERVIEW
We provide the following configuration tools to set up and/ or alter your configuration:
•
•
CFGEDIT, the configuration utility
Manage Mode, the dynamic management utility
configuration files provide basic functions which will allow you to perform initial installation tests
with no additional configuration. However, once you perform these initial installation tests, you
will need to customize your configuration to suit your needs.
CFGEDIT is the comprehensive utility you use to initially set up your system; you may use it later
to make configuration changes as well. However, CFGEDIT is NOT dynamic. This means you will
have to interrupt normal system operations in order to update configuration files. (You may do so
by either rebooting, or issuing the restartcommand).
Manage Mode provides a real-time management mechanism that allows you to change the
configuration, without interrupting the current execution state of the system software. But, because
it is dynamic, Manage Mode does have its limitations. So, when making configuration changes, you
usually need to use a combination of both of these two tools.
You may only have one CFGEDIT or Dynamic Management session active at a time per system. For
example, if a user is making changes directly to the system using Dynamic Management, and then
a second person at a different location using Telnet attempts changes, access will be denied to the
second person.
With two exceptions, it is possible to completely configure your system using CFGEDIT. The
exceptions are:
1. TFTP configuration
2. file attributes configuration
These two elements can only be configured using Manage Mode.
CFGEDIT
CFGEDIT is a menu-driven utility. It consists of multiple, detailed submenus which allow you to
set up or change configuration parameters. To better understand the structure of CFGEDIT, refer
CFGEDIT allows you to configure your system while the system software is still executing. These
configuration changes are saved in a temporary copy of configuration data. At a convenient time,
you may then reboot the system to make these changes permanent.
EXECUTING CFGEDIT
After the system software has been loaded, you can start CFGEDIT by entering the following
command at the system prompt as shown below:
[product name]>cfgedit
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
As long as there is no other “change” session active (CFGEDIT or Manage Mode), access is granted,
and the following menu is displayed:
Main Menu:
1) Physical Resources
2) Options
3) Security
4) Save Changes
Select function from above or <RET> to exit:
succeeding chapters for details on using this utility to perform specific configuration tasks.
Remember, changes to CFGEDIT are NOT dynamic. Changes are saved in a temporary copy of
configuration data, and will not affect the current operation of the system in any way.
SAVING CFGEDIT CHANGES
To terminate the session, return to the main CFGEDIT menu. If you have made changes, select
option 4 (Save Changes) before exiting. If you attempt to exit without saving, you will be prompted
to do one of the following:
•
•
•
save changes (Y) and exit
do not save changes (N) and exit
do not save changes as yet, but return to the Main Menu for further configuration <RET>
To save changes at this point, answer Y for yes:
Save changes and exit (Y or N)? or press <RET> for previous menu:
The save process also includes all unsaved Manage Mode changes which were made prior to the
CFGEDIT session, if any.
At your earliest possible convenience, restart the CyberSWITCH. This will then activate the new
configuration data.
DYNAMIC MANAGEMENT
EXECUTING DYNAMIC MANAGEMENT
The Dynamic Management feature provides a real-time management mechanism; allowing you to
change the system’s configuration without interrupting the execution of the system software. This
feature consists of console commands that enable you to display current system parameter, change
many parameters dynamically, and write changes to disk files so that they remain permanent.
Before using Dynamic Management commands, you must first enter the special Manage Mode by
typing the following command at the system prompt:
>manage
84
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURATION TOOLS
Dynamic Management
Once Manage Mode is entered, the prompt changes from [system name]>to [system name]:
MANAGE>. While operating in Manage Mode, only Dynamic Management commands are available.
All other system commands are ignored until you exit Manage Mode.
The <CTRL><C> key sequence will terminate the current command and return you to the
MANAGE>prompt. This is useful if you are in the process of responding to a series of prompts and
you wish to abort the command without responding to the remaining prompts.
Note: To use a command, you may enter the full command name as it appears in the HELP list,
or you may shorten the command to the point that it can still be distinguished from all
other Dynamic Management commands.
UTILITY DYNAMIC MANAGEMENT COMMANDS
There are several Manage Mode commands that are used for functions other than to configure the
system. They are as follows:
cls
Clears the display screen. This command is also available as an administration command.
help
The Manage Mode help command lists the available Dynamic Management commands and
instructs the user to enter the command followed by a question mark to see help information
for that specific command.
readme
Displays helpful tips on how to use the Dynamic Management commands.
SAVING DYNAMIC MANAGEMENT CHANGES
The Dynamic Management commands allow system data to be changed in real-time. These
changes take effect immediately upon the execution of the command and remain in effect until the
system is restarted. Once a software restart occurs, the changes are lost because the software reads
its initial system data values from a series of configuration files.
To prevent desired data changes from being overwritten by the restart process, the commit
command should be executed. This command writes the current system data to the appropriate
disk files, thus making all changes permanent, even if the system software is restarted.
The commit statuscommand displays the number of dynamic changes that have been made
using each Dynamic Management command since the last commitwas performed.
To return to the normal operating mode after you have committed your changes, issue the
following command:
MANAGE> exit
Workgroup Remote Access Switch
85
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
DEFAULT CONFIGURATION
Your CyberSWITCH is shipped with a default set of configuration files that are preinstalled. These
configuration files provide basic functions which will allow you to perform initial installation tests
with no additional configuration.
The default configuration files will allow IP access over both the LAN and the WAN interfaces. This
will allow you to PING, TELNET and TFTP into the CyberSWITCH. For example, these defaults
will allow you to TELNET into the system and log in. Once logged in, you may execute any of the
console commands available.
Once you perform initial testing, you must set the proper IP addresses. Most of these defaults will
be country-independent. As with any set of defaults, there may be specific cases where these are
not correct and must be changed before the units are connected to the networks.
Default Configuration Summary:
•
•
•
•
•
•
•
•
Bridging Disabled
IP Routing Enabled
IP LAN Interface with IP address 1.1.1.1
Device Level Security
CHAP enabled
USER1 configured as PPP device (USER1 as secret) UnNumbered IP
USER2 configured as PPP device (USER2 as secret) IP address 002.002.002.003
Single BRI line and resource configured on country-specific basis (for BRI platforms):
JAPAN:
Point-Multipoint Automatic TEI
Switch type: NTT INS
Point-Multipoint Automatic TEI
Switch type: NET3
EUROPE:
(default country code: Norway)
Point-to-point lines
U.S.:
BRI_5ESS
•
Single PRI line and resource configured on country-specific basis (for PRI platforms):
JAPAN:
EUROPE:
Switch type: NTT INS
Switch type: NET5
(default country code: Norway)
4ESS
U.S.:
•
•
•
•
Single data link (with no SPID) configured (for BRI platforms)
IP WAN Interface with IP address 2.2.2.2
TELNET and TFTP enabled
TFTP allows all files to be changed by ADMIN
USING THE NETWORK WORKSHEETS
requirements worksheets are:
•
•
•
•
Network Topology Worksheet
System Details Worksheet
System Device List Worksheet(s)
Bridging/ Routing Worksheets
86
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURATION TOOLS
Using the Configuration Chapters
These worksheets will be helpful in configuring and managing your system. They capture
important network information. To see examples of completed worksheets, refer to the Example
Networks Guide.
USING THE CONFIGURATION CHAPTERS
The configuration chapters follow a basic format for explaining the configuration process of each
system feature. The format is:
1. A brief outline of the configuration procedure using CFGEDIT (if applicable).
2. A brief outline of the configuration procedure using Manage Mode (if applicable).
3. A definition of each configuration element.
4. Background feature information providing a more detailed explanation of the feature.
Workgroup Remote Access Switch
87
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING RESOURCES AND LINES
OVERVIEW
Resource refers to the computer resources that are part of the CyberSWITCH. A WAN resource is
the physical interface for the attachment of lines (i.e., connections) to your system.
Lines are communication facilities from the carriers. These lines directly attach to your system.
From the system perspective, lines provide the physical connection to switched networks. Lines are
not required for LAN connections.
There is an optional element, the system subaddress, that you may configure for a point-multipoint
line. This element is a call screening method. A subaddress is only needed if you have a line
interface type of point-multipoint, and you choose the subaddress call screening method.
RESOURCES
Physical Resources may or may not be configurable, depending upon the country of operation.
The WAN resource, Ethernet resource and Serial resource (COMMPORT) are preinstalled and
preconfigured on all systems. However, switch type selection is country-dependent. Refer to the
country or switch type descriptions below.
CONFIGURING RESOURCES
USING CFGEDIT
To configure the CyberSWITCH’s resources, select Physical Resources from the Main Menu. The
following will then be displayed:
Physical Resources
1) Resources
2) Data Lines
3) Accesses
4) ISDN Subaddress
Select function from above or <RET> for previous menu:
1. Press 1 to begin the configuration of the resources. This selection will provide a display of
preconfigured resources, and the pertinent slot numbers and switch types for those resources.
2. Refer to the following country-dependent (or switch type) information to determine which
options are configurable.
Japan, 1TR6, TS013 and TS014:
For these configurations, the Current Resource Configuration is not changeable. Upon selection of
this option, you will view a display of preconfigured resources only.
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING RESOURCES AND LINES
Resources
United States:
For the U.S. resource configuration, switch type is configurable, but Ethernet Resource or
COMMPORT is not. Select Resources to display a screen similar to the following:
id
1
2
Name
Slot
1
2
Switch Type
BRI_5ESS
Basic_Rate
Ethernet_1
COMMPORT
3
Enter(1)to Change a Resource or press <RET> for previous menu:
To configure a different switch type, first select (1) to change the Basic Rate or Primary Rate
resource. Then select the switch type from the list presented.
If you select the Ethernet or COMMPORT resource, you are informed that there are no user-
configurable options for this resource. Press any key to continue.
For all others (International configurations other than Japan, US, 1TR6, TS013 and TS014 users):
The default switch type is NET3 (or NET5 for primary rate). You must specify the region and then
country in which the switch is to operate. Select Resources to display the following:
id
1
2
Name
Slot
1
2
Switch Type
NET3
Basic_Rate
Ethernet_1
COMMPORT
3
Enter(1)to Change a Resource or press <RET> for previous menu:
1. Enter (1) to Change a Resource.
2. Select NET3 or NET5. This will bring up the following Region Menu:
1)
2)
3)
4)
5)
6)
DEFAULT
AFRICA
AMERICAS
ASIA
EUROPEAN
PACIFIC-RIM
Region from above [default = 1]:
3. Select the appropriate region. Based upon the region you select, a list of countries will be
displayed.
4. Select the country of operation.
5. If you cannot find your country on any list, return to the Region Menu and select the default
value (1).
Notes: In addition to NET3 or NET5, some countries support other switch types (such as 1TR6 in
Germany or TS013/ TS014 in Australia). In order to use your CyberSWITCH with one of
these other switches, you must download the specific software for the switch you plan to
this alternate switch type.
Preconfigured resources (i.e., the Ethernet or COMMPORT resource) and their slot
numbers are not configurable.
Workgroup Remote Access Switch
89
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
USING MANAGE MODE COMMANDS
resource
Displays the current resource configuration.
RESOURCE CONFIGURATION ELEMENTS
RESOURCE TYPE
The type of adapter (resource) that plug into the system. WAN adapters are the physical interface
for the attachment of lines (i.e., connections) to your system.
RESOURCE SLOT
The slot number into which the resource is plugged.
INTERNAL SWITCH TYPE
For ISDN resources (BRI and PRI) only. The switch type you wish to configure.
REGION
For NET3 and NET5 switchtypes. When configuring switches, first identify the region of operation,
and then the country.
COUNTRY
For the NET3 and NET5 switchtypes. The country in which the system is operating.
GENERIC NUMBER
For PRI_4ESS primary rate switch type only. The software load (generic #) the switch is running.
SYNCHRONIZATION TYPE
For Primary adapters only. Every framed transmission line requires a clock source from which it
must derive the appropriate bit timing and channel timing relative to the start of a frame. For most
CPE gear, the clocking is derived from the received signal and the transmission clock is thus a
“slave” to the network. However, if the line is to provide its own clocking, it must derive a clock
from an internal source rather than a received signal. The line is then a “master” clock source.
RESOURCE BACKGROUND INFORMATION
The basic rate (BRI) resource directly terminates a standard USOC RJ45 connector. It is supplied
with a standard S/ T interface. A U interface option is not available for this adapter. The BRI
resource supports 1 or 4 connections/ ports depending on which option you purchase. It provides
support for the following switch types:
•
•
•
•
•
•
•
•
•
NTT
5ESS
DMS100
NI1
1TR6
NET3
Definity
Legend
TS0-13
90
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING RESOURCES AND LINES
Resources
The T1-E1-PRI can be used for any T1, E1, or PRI resource, and directly terminates a standard
USOC RJ45 connector. It is supplied with a standard S/ T interface and supports one port. It also
provides support for the following switch types:
•
•
•
•
•
•
•
•
•
NTT
4ESS
5ESS
Definity
DMS100, DMS250
SL100
NET5
1TR6
TS0-14
The ethernet-1 resource provides direct support for one standard AUI LAN connection. These AUI
interfaces provide connections for 10Base2, 10Base5 or 10BaseT transceivers.
The COMMPORT resource provides access to the CyberSWITCH’s serial port (COM 1) for serial
(asynchronous) communications. This includes access for local console management, as well as
local async-PPP data transfer.
The following figure illustrates how the CyberSWITCH handles this asynchronous data when it is
in autosense mode (the system default). The data arrives through the COM 1 port, and is sent to an
internal Asynchronous Usage Discriminator (AUD), which monitors the data stream. The AUD
determines if this is to be a PPP connection, or a remote console connection. This determination is
made within a configurable time frame:
•
•
•
if the AUD detects PPP LCP frames, it connects the data to a PPP stack. The CyberSWITCH sends
the data to the LAN as appropriate.
if the AUD detects four carriage returns from a console device, it will provide analog console ac-
cess by presenting a CyberSWITCH login prompt to the console.
if neither situation is detected within the configured time frame, the connection is turned over
to PPP.
PPP
Stack
PPP LCP
Frames
Asynchronous
Usage
Discriminator
Console
Port
Null Modem
Connection
Console
Manager
(Login Prompt)
4 CRs
(Carriage Returns)
Workgroup Remote Access Switch
91
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
LINES
To parallel the preconfigured serial resource (COMMPORT), there is also a preconfigured serial
line named ASYNDMPORT. This line may not be deleted from the CyberSWITCH configuration,
but its values (including mode of operation) are changeable.
A single WAN line and resource are also preconfigured.
To change configuration or configure additional lines, follow the instructions below.
CONFIGURING LINES
USING CFGEDIT
To configure lines, select Data Lines from the Physical Resources menu. Follow the instructions below
for the type of line you are configuring.
CONFIGURING A LINE FOR A BRI RESOURCE
1. Enter the line name.
2. Select the line’s slot and port combination.
3. Choose either a point-to-point or a point-multipoint interface type.
4. If you select a line interface type of point-multipoint, you will need to choose one of the
following call screening methods: none, subaddress, or telephone number. If you choose the
5. Add the necessary data links.
a. Select Automatic TEI Negotiation UNLESS this is a point-to-point NTT line.
b. If you need to assign a TEI Negotiation value, the default value of 0 is normally correct.
c. Only if you plan on using X.25 over the D-Channel on this line, answer yes to the following
prompt:
Will this Data Link support X.25 communications (Y/N)? [default N]
6. If the line uses a NI-1 or a DMS-100 switch type, you must also enter the following:
a. SPID(s) - supplied by your carrier
b. Directory Number(s) associated with the SPID(s) - supplied by your carrier
c. Number of digits to verify.
CONFIGURING CHANGES FOR A COMMPORT RESOURCE
1. Select Change from the Data Lines menu of Physical Resources.
2. Select ASYNCDMPORT.
3. You will be prompted to accept the default or provide new information for the following:
a. baud rate
b. data bits
c. stop bits
92
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING RESOURCES AND LINES
Lines
d. parity value
e. flow control type
f. mode:
•
Autosense (default): can be either terminal or PPP-async. Requires user interaction
(four carriage returns) to get to terminal mode.
•
Term: terminal mode only. Login prompt automatically sent to remote console.
CONFIGURING A LINE FOR A PRI RESOURCE
1. Enter the line name.
2. Select the line’s slot and port combination.
3. Select following line characteristics:
•
•
•
framing type
line coding type
T1 signaling method
If you are unsure of your line's characteristics, try the following defaults:
Characteristic
Framing type
PRI/T1 lines
ESF
E1 line
Multiframe CRC
N/A
Line coding type
Signaling Method
B8ZS
Common_Channel
N/A
4. Select the correct T1 line build out value (US only). If you are using an external CSU, specify a
short haul build out (line length in meters). If you do not have an external CSU, specify a long
haul build out (decibel attenuation value from Telco).
5. A data link is assigned to the line upon completion of the line configuration. Add more data
links or modify the existing data link.
a. Only if you plan on using X.25 over the D-Channel on this line, answer yes to the following
prompt:
Will this Data Link support X.25 communications (Y/N)? [default N]
b. Assign a TEI Negotiation value of 0.
Note: You must delete the data link for a Robbed Bit line.
USING MANAGE MODE COMMANDS
line
Displays the current line configuration.
datalink
Display the current data link configuration.
Workgroup Remote Access Switch
93
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
datalink add
Allows you to add a data link. The following sample screen shows how a data link is added.
Current LINE Configuration:
id
LINE NAME
TYPE
SLOT
PORT
--------------------------------------------------------------------------------
1
2
3
LINE.BASICRATE1
LINE.BASICRATE2
DMS100.LINE1
BR_ISDN
BR_ISDN
BR_ISDN
1
1
2
1
2
1
Select line id for new data link or press <RET> to cancel: 3<RET>
Automatic TEI negotiation (Y or N) [default = Y]? N<RET>
TEI value [default = 1]? <RET>
Service Profile ID (enter 0 for no SPID)
[default = NO SPID]? 13135551212<RET>
Directory number [default = 13135551212]? 5551212<RET>
Number of digits to verify [default = 7]? <RET>
The DATALINK configuration has been updated successfully.
datalink change
Changes an existing data link.
datalink delete
Deletes an existing data link.
ampconf
Allows you to change the AMP port configuration.
LINE CONFIGURATION ELEMENTS
LINE NAME
A 1 to 16 user-defined character string (using all non-blank characters) that identifies the line. Each
line must have a unique name.
LINE SLOT
The slot number assigned to the resource that will terminate this line.
LINE PORT
The port number of the resource that will terminate this line.
LINE INTERFACE TYPE
For basic rate lines only. Choice of point-to-point or point-multipoint. The point-to-point interface
type is the type most often used in the U.S.; point-multipoint is most often used in Japan.
AUTO TEI
For basic rate lines only.The default setting for automatic TEI negotiation is “yes”. For #5ESS and
DMS100 lines, you should not change the setting. For NTT point-to-point lines, you should disable
the automatic TEI negotiation by answering “no” to the prompt for this feature.
94
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING RESOURCES AND LINES
Lines
CALL SCREENING METHODS
For basic rate lines only. If you select a line interface type of point-multipoint, choose one of the
following call screening methods: none, subaddress, or telephone number. The paragraphs below
define each method.
1. None
All calls will be accepted.
2. Subaddress
Uses a configured subaddress for this site. If the subaddress method is chosen, and a
subaddress has not been configured for this site, an error message will be displayed. You must
either choose another method, or configure a subaddress for this site.
3. Telephone Number
Telephone number(s) for your site used for call screening. Only calls directed to that specific
telephone number will be accepted. If there is more than one, enter the list of telephone
numbers separated by commas. After entering the telephone numbers, you will then be asked
to enter the maximum number of digits (starting at the rightmost digit) to be verified.
Note: If the telephone number(s) entered here do not exactly match the number(s) for the site,
you will be warned at this time. (The number of digits compared will be the number of
digits you chose to use for verification.)
DATA LINKS
A data link is a data communications link to the telephone switch. Your Carrier Service can provide
you with the data link values you need to configure. All switch types, except the DMS100 and the
NI-1, require a single data link per line. The NI-1 switch type can have either one or two data links
per line. The DMS100s generally require two data links per line, one for each B channel. For both
NI-1 and DMS100 switch types, contact your Service Provider for the number of data links
required.
The table below summarizes the number of data links and SPIDs that are required for each switch
type.
Switch Type
Number of Data
Links
Number of SPIDs
Number of
Directory Numbers
DMS100 custom
NI-1
2
1 or 2
1
2
1 or 2
0
2
1 or 2
0
all other
When adding a data link for BRI lines, designate whether to use Automatic TEI Negotiation.
Automatic TEI Negotiation is used UNLESS this is a point-to-point NTT line. If you do not use
Automatic TEI Negotiation, a TEI value is required. The default TEI value is 0, which is normally
correct for a point-to-point NTT line. For PRI lines, use the default TEI value of 0.
Data links are handled differently for DMS and NI-1 switches. For most switches, the BRI line has
only one phone number (for the Data Link), but it can handle two calls (one for each bearer
Workgroup Remote Access Switch
95
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
channel). For DMS and NI-1 switches, the BRI line has two SPIDs, and two phone numbers. Note
that either SPID can use either bearer channel. There is no one-to-one correspondence. You must
enter the number of digits to verify (starting at the right-most digit), so that when the system
receives a phone call it can determine on which bearer to accept the phone call. The maximum
number of digits should be 7, which is the default value in most cases.
SERVICE PROFILE ID (SPID)
For basic rate lines only. SPIDs are only required for DMS100 and NI-1 switch types. A SPID is a
number that identifies ISDN equipment attached to your ISDN line. Depending on the type of
ISDN service you have, you may have one, 2, or no SPIDs. When ordering your ISDN service, your
service provider should supply you with SPID information.
A SPID is usually derived from the ISDN line’s telephone number. It may include the area code. It
may also include a special prefix and/ or suffix (for example, a prefix of 9 for Centrex lines).
The SPID format for AT&T 5ESS NI-1 Service is:
01nnnnnnn0tt
where nnnnnnn is the 7 digit phone number (no area code) of the BRI line
tt is a user assigned 2 digit terminal Id code, 00 is normally used
The SPID format for AT&T 5ESS Custom Multipoint Service is:
01nnnnnnn0
where nnnnnnn is the 7 digit phone number (no area code) of the BRI line
The SPID format for Northern Telecom DMS-100 NI-1 Service is:
aaannnnnnnss
where aaa is the 3 digit area code of the BRI line
nnnnnnn is the 7 digit phone number of the BRI line
ss is the SPID suffix (optional, 01 can be used for one number, 02 for the other)
The SPID format for Northern Telecom DMS-100 Custom Service is:
aaannnnnnnsstt
where aaa is the 3 digit area code of the BRI line
nnnnnnn is the 7 digit phone number of the BRI line
ss is the SPID suffix (optional, 01 can be used for one number, 02 for the other)
tt is a user assigned 2 digit terminal Id code, 00 is normally used
If the DMS100 requires two data links per line, it will also have two “Service Profile Identifiers
(SPIDs)” and two directory numbers. If the NI-1 has two data links per line, two SPIDs and two
directory numbers are required, otherwise one SPID and one directory number is required. A SPID
is paired with a directory number to define a data link.
Note that if your line does not require a SPID, enter a SPID value of 0.
DIRECTORY NUMBERS
If your line requires a SPID (if you entered a SPID with a value other than “0”), you will be required
to enter the site's directory number. That directory number is paired with the above entered SPID
for this data link. The directory number is used to match an incoming call with the correct data link.
96
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING RESOURCES AND LINES
Lines
DIGITS VERIFIED
The number of digits to verify (starting at the rightmost digit), so that when the system receives a
phone call it can determine on which bearer to accept the phone call. The maximum number of
digits should be 7, which is the default value in most cases.
FRAMING TYPES
For primary rate lines only. The normal line transmission method employed on a PRI line is a time-
division multiplexed (TDM) scheme of repeating fixed-length frames. For T1 lines, of each frame,
a single bit is used to convey such things as a frame alignment pattern, data checksums, and in more
advanced networks, maintenance commands, between the network and the Customer Premise
Equipment (CPE). For E1 lines, all of channel 0 is used for this. The two most common framing
types for PRI/ T1 lines are SF and ESF, which are 12- and 24-frame formats, respectively. E1 lines
can use one of three framing types: doubleframe, multiframe with no CRC, or multiframe with
CRC, with the most common being multiframe CRC.
LINE ENCODING
For Primary Rate lines only. Line encoding specifies the nature of the signals that are used to
represent binary one and zero at the physical layer. Two encoding methods are Alternate Mark
Inversion (AMI) and Bipolar 8 Zero Substitution (B8ZS). AMI as the encoding scheme implies that
the applications using the transmission line must guarantee a certain number of 1s in the signal to
help prevent a loss of synchronization in the network. This is possible if the voltage level of the
signal remains zero for too long a period of time (i.e., too many logical 0s in the transmitted data).
B8ZS enforces no such limits on the application using the transmission medium since it introduces
bipolar violations in the signal. These violations are in turn interpreted at the receiving end not as
errors, but simply as the substitution of a 1 for a 0 after certain number of consecutive 0s were
detected in the transmitted signal.
SIGNALING METHOD
For primary rate lines only. The signaling method dictates how and where the call signaling is to
be carried. The two methods available are Common Channel and Robbed Bit Signaling.
COMMON CHANNEL
In the Common Channel signaling case, one of the 24 channels of the PRI frame is devoted
to call control messaging.
ROBBED BIT SIGNALING
Robbed Bit Signaling is not supported for the CyberSWITCH.
LINE BUILD OUT
For primary rate lines only. No matter what the quality of the cabling employed in a network, each
and every line experiences some signal loss or degradation. Line Build Out describes the degree of
attenuation to be applied to the transmission signal in order to have the correct signal levels and
shape arrive at the receiver. Generally, the longer the line connecting the CPE and the network
equipment, the less the transmitted signal is attenuated.
CFGEDIT will use short or long haul information to determine the correct Line Build Out (i.e.,
degree of attenuation) for your lines. The value you input (in CFGEDIT) to determine attenuation
depends on whether or not you are using an external Channel Service Unit (CSU).
If you are using an external CSU, you will specify a value under Short Haul Build Out. Specify the
length of the line, in meters, from CPE to the CSU by selecting a range from zero to 210 meters.
Workgroup Remote Access Switch
97
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
If you are not using an external CSU, specify a value under Long Haul Build Out. On long hauls, your
telephone company will provide you with a decibel attenuation value when they install the lines.
The installers may specify option labels A, B, or C during installation. If so, these labels correspond,
respectively, to Long Haul Build Out values of -0.0dB, -7.5dB, and -15.0dB. The value is dependent
on distance, type and condition of physical line, and other environmental factors. For example, if
the distance to the Telco switch is great (6000 foot maximum), or the line is old, you may need a
decibel value of 0.0 (meaning no attenuation). If the distance is much closer (for example, 1000 ft.),
the decibel value may be -15.0 (i.e., the signal is strong enough that it needs a certain amount of
attenuation).
LINE TYPE
For V.35 and RS232 lines only. This parameter differentiates the network connections from
connections to local computing devices. The network line type should be specified for lines that will
be used by a Dedicated, Frame Relay, or X.25 Access.
COMMPORT INFORMATION
For systems using the asynchronous management port (COMMPORT) for out-of-band
management. These elements control how the port will function. Elements include:
•
•
•
•
•
•
•
modem name
baud rate
data bits
stop bits
parity value
flow control type
mode of operation
Mode of operation determines whether this port operates in autosense mode or terminal mode.
Autosense mode offers the flexibility to use this port for console access, or to send PPP-async data.
For console access, the remote user must press <Enter> or <Return> four times upon call
connection. If no carriage returns are detected, the CyberSWITCH assumes it will receive PPP data.
Terminal mode requires no interaction. It automatically sends the attached device a login prompt
for console access.
LINE BACKGROUND INFORMATION
Lines are communication facilities from the carriers. These lines directly attach to the system. From
the system perspective, lines provide the physical connection to switched networks. Lines are not
required for LAN connections.
98
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING RESOURCES AND LINES
Subaddresses
SUBADDRESSES
CONFIGURING A SUBADDRESS
USING CFGEDIT
1. To configure a subaddress, select ISDN Subaddress from the Physical Resources menu.
2. Enter the subaddress. The subaddress is supplied by your Carrier Service.
SUBADDRESS CONFIGURATION ELEMENTS
SUBADDRESS
The subaddress for the system.
SUBADDRESSES BACKGROUND INFORMATION
A subaddress may be configured for a point-multipoint line. This element is a call screening
method. A subaddress is only needed if you have a line interface type of point-multipoint, and you
choose the subaddress call screening method.
Workgroup Remote Access Switch
99
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC BRIDGING
OVERVIEW
This chapter provides information for configuring basic bridging features. Basic bridging
configuration includes:
bridging features. Advanced bridging features include:
•
•
•
•
•
bridge dial out
Spanning Tree Protocol
mode of operation
bridging filters
known connect lists
MAC LAYER BRIDGING OPTION
ENABLING/DISABLING BRIDGING
USING CFGEDIT
1. Select Bridging from the Options Menu. The following menu will then be displayed:
Bridging Menu:
1) Enable/Disable Bridging
2) Spanning Tree
3) Mode of Operation
4) Bridge Filters
5) Known Connect List
Select function from above or <RET> for previous menu:
2. Select Enable/Disable Bridging.
3. Follow the onscreen instructions to complete the configuration.
MAC LAYER BRIDGING CONFIGURATION ELEMENTS
STATUS
The MAC Layer Bridging status is either enabled or disabled. As a default it is enabled.
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC BRIDGING
MAC Layer Bridging Option
MAC LAYER BRIDGING BACKGROUND INFORMATION
You are given the option of either enabling or disabling the MAC layer bridging feature. When
bridging is enabled, the system bridges data packets to the proper destination, regardless of the
network protocols being used. The default configuration is bridging enabled.
Note: If the bridge and the IP options are both enabled, the system will act as a “brouter.” A
brouter operates as a router for protocols it can route, and operates as a bridge for protocols
it cannot route.
Workgroup Remote Access Switch
101
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
OVERVIEW
This chapter provides information for configuring basic IP routing features. Basic IP routing
configuration includes:
When you enable this option, the system operates as an IP Router. If you also enable bridging,
it will route IP packets and bridge all other packet types.
The operating mode may be either host or router. The router operating mode is the default. The
IP host mode allows you to use IP applications, such as Telnet and SNMP, without enabling IP
routing.
Network Interfaces define the IP networks to which the CyberSWITCH provides access. If IP
RIP is enabled, this also includes IP RIP interface information.
Other routers on the network that support IP RIP will not need static routes; IP RIP will
maintain those routes. However, static routes must be configured to identify remote networks
connected across the WAN, and for routers that do not support IP RIP.
•
IP RIP automates the maintenance of routing tables on IP devices.
advanced IP routing features. Advanced IP routing features include:
•
•
•
•
•
•
configuring static ARP table entries
enabling/ disabling the isolated mode
enabling/ disabling static route lookup via RADIUS
configuring the IP address pool
configuring IP filters
configuring DHCP
INTERNET PROTOCOL (IP) OPTION
ENABLING IP
USING CFGEDIT
1. Internet Protocol (IP) routing is disabled as a default. To begin the IP routing configuration, you
must first enable IP routing. Select IP Routing from the Options menu.
2. Follow the onscreen instructions for enabling IP routing. Once IP has been enabled, the full IP
Configuration menu will be displayed as shown below:
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
IP Operating Mode
IP Configuration Menu:
1) IP Routing (Enable/Disable)
2) IP Operating Mode
3) IP Interfaces
4) Static Routes
5) RIP (Enable/Disable)
6) IP Static ARP Table Entries.
7) Isolated mode (Enable/Disable)
8) Static Route Lookup via RADIUS (Enable/Disable)
9) Change IP Address Pool
10) IP filters
11) DHCP
Select function from above or <RET> for previous menu:
IP OPTION CONFIGURATION ELEMENTS
IP OPERATIONAL STATUS
You can enable or disable the Internet Protocol (IP) option. The default is disabled.
IP BACKGROUND INFORMATION
When IP is enabled, the system acts as a router, routing IP datagrams based on IP address
information. The default configuration is IP disabled.
Note: If the bridge and the IP options are enabled, the CyberSWITCH will act as a brouter. A
brouter operates as a router for protocols it can route, and operates as a bridge for protocols
it cannot route.
IP OPERATING MODE
The operating mode may be either host or router. The router operating mode is the default. The IP
host mode (which allows you to use IP applications, such as Telnet and SNMP, on a bridged
network) is a selectable option.
The Simple Remote Bridging chapter of the Examples Guide provides an example of a simple bridged
network that uses the IP host operating mode for the purpose of easy administrative access.
CONFIGURING THE IP OPERATING MODE
USING CFGEDIT
1. Select IP Operating Mode from the IP configuration menu.
2. Select either the IP router or IP host operating mode.
a. If you select IP router, the following menu is displayed:
Workgroup Remote Access Switch
103
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IP Configuration Menu:
1) IP Routing (Enable/Disable)
2) IP Operating Mode
3) IP Interfaces
4) Static Routes
5) RIP (Enable/Disable)
6) IP Static ARP Table Entries
7) Isolated Mode (Enable/Disable)
8) Static Route Lookup via RADIUS (Enable/Disable)
9) IP Address Pool
10) IP Filter Information
11) DHCP
Select function from above or <RET> for previous menu:
b. If you select the IP host operating mode, an abbreviated IP configuration is displayed:
IP Configuration Menu:
1) IP Routing (Enable/Disable)
2) IP Operating Mode.
3) IP Interfaces
4) Static Routes
5) RIP (Enable/Disable)
6) IP Filter Information
7) DHCP
Select function from above or <RET> for previous menu:
Notes: Static ARP entries, isolated mode, static route lookup via RADIUS, and IP address pool
capabilities are not available in IP host operating mode. IP operating mode can not be
set to host unless bridging is enabled. The network interface information required will
also be different if the IP host operating mode is configured.
IP OPERATING MODE CONFIGURATION ELEMENTS
IP OPERATING MODE
The IP operating mode may be configured as either router or host. The default is IP router operating
mode.
IP OPERATING MODE BACKGROUND INFORMATION
The IP router operating mode provides a broad range of IP routing capabilities, including support for
static ARP entries, isolated mode, static route lookup, and IP address pool. IP router operating
mode requires each network interface to have a different subnet number assigned to it.
The IP host operating mode allows the management of a device using IP applications (such as Telnet
and SNMP) while operating as a bridge. IP host mode is useful in situations where segmenting a
network into subnets is not desirable, but remote management is required. Bridging must be
enabled before IP host mode is enabled. Only one IP address is assignable, and this IP address is
not associated with any physical interface. All IP traffic destined for the system is processed
internally, while all other traffic is bridged. With IP host mode, AppleTALK and/ or IPX routing
may also be enabled.
104
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
IP Network Interfaces
Off-node authentication servers are available when IP is enabled regardless of the operating mode.
With IP host mode, all traffic is considered bridge traffic, so no IP-specific off-node server lookups
are performed. These include:
•
•
IP lookup by a next hop IP address or a next hop device name
Route lookup by a destination IP address
When the IP operating mode is changed from one mode to the other, changes are automatically
made to the configuration sensitive to the IP operating mode.
The IP network interfaces in the router mode and the IP network interface in the host mode are
internally stored separately, and therefore they are preserved between the mode switching.
IP static routes are not actually sensitive to the IP operating mode, but they are sensitive to IP
network interfaces. As a result, changing the IP operating mode (i.e., changing the network
interface configuration) may result in invalidating some of the static routes. Be sure to check this.
Correct invalid static routes before restarting the system to avoid the deletion of these routes.
IP NETWORK INTERFACES
CONFIGURING INTERFACES
USING CFGEDIT
Note: IP RIP v1 refers to IP RIP Version 1, and IP RIP v2 refers to IP RIP Version 2. IP RIP v1
supports broadcasting, and IP RIP v2 supports multicasting. The CyberSWITCH supports
either version. If you are using IP RIP, you need to know what version of IP RIP the other
devices using the IP RIP LAN interface supports.
1. Configure all required IP interfaces. If you previously configured the IP operating mode as
routing, the interfaces described in steps 2 through 6 are available. If you previously configured
the IP operating mode as host, only one interface will be available. That interface type is
described in step 7. To begin, select IP Interfaces from the IP configuration menu. Select Add.
2. For a LAN IP network interface enter the following information. (Note: you may add more than
one LAN IP network interface.)
a. interface name
b. IP address assigned to this interface
c. subnet mask
d. LAN port number
e. packet encapsulation type
f. MTU size
g. enable/ disable Proxy ARP feature
h. transmit broadcast address
i. input/ output filter name
If IP RIP is enabled, enter the following additional information:
j. IP RIP send control
k. IP RIP respond control
l. IP RIP receive control
m. IP RIP v2 authentication control
Workgroup Remote Access Switch
105
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
n. IP RIP v2 authentication key (required only if the IP RIP v2 authentication control has been
configured with a value other than “No Authentication”
Note: With the Secondary IP Addressing feature, you may add more than one LAN network
interface. Upon adding a second LAN interface, you must provide a unique interface
name and address. You will also need to specify whether this new interface is to be the
Background Information for usage details.
3. For a WAN IP network interface enter the following information:
a. interface name
b. IP address assigned to this interface
c. subnet mask
d. MTU size
e. transmit broadcast address
Note: If this interface uses RIP over a dedicated connection, select “Specific Explicitly” for the
transmit broadcast address. You will then enter one address. This is because the system
can only exchange RIP packets with one device over this type of connection. Refer to
If IP RIP is enabled, enter the following additional information:
f. the transmit broadcast IP address (requested if you selected “Specify Explicitly” for the
transmit broadcast address)
g. IP RIP host routes propagation scheme
h. RIP send control
i. RIP receive control
j. RIP respond control
k. IP RIP v2 authentication control
l. IP RIP v2 authentication key (required only if the IP RIP v2 authentication control has been
configured with a value other than “No Authentication”
4. For a WAN (Direct Host) IP network interface enter the following information:
a. Direct Host interface name
b. associated LAN interface
c. MTU size
5. For a WAN (RLAN) IP network interface enter the following information:
a. interface name
b. IP address assigned to this interface
c. subnet mask
d. packet encapsulation type
e. MTU size
f. enable/ disable Proxy ARP feature
g. transmit broadcast address
106
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
IP Network Interfaces
If IP RIP is enabled, enter the following additional information:
h. IP RIP send control
i. IP RIP respond control
j. IP RIP receive control
k. IP RIP v2 authentication control
l. IP RIP v2 authentication key (required only if the IP RIP v2 authentication control has been
configured with a value other than “No Authentication”
6. For a WAN IP UnNumbered network interface enter the following information:
a. MTU size
7. For a system configured in the IP host operating mode, the following information will be
required for a network interface:
a. IP address assigned to this interface
b. subnet mask
c. MTU size
d. transmit broadcast address
If IP RIP is enabled, enter the following additional information:
e. IP RIP receive control
f. IP RIP respond control
g. IP RIP v2 authentication control
h. IP RIP v2 authentication key (required only if the IP RIP v2 authentication control has been
configured with a value other than “No Authentication”
USING MANAGE MODE COMMANDS
ipnetif
This command displays the current IP network interface configuration.
NETWORK INTERFACE CONFIGURATION ELEMENTS
TYPE
Specifies the interface type: LAN, WAN, WAN Direct Host, WAN RLAN (Remote LAN), or WAN
UnNumbered. For the LAN, you may configure both primary and secondary interfaces. The
primary interface specifies how RIP, IP filters, and proxy ARP operate on all LAN network
interfaces for a specified LAN port.
NAME
User-defined. An interface name is a 1 to 16 character user-defined string that identifies the
interface to the system administrator. Each interface (LAN or WAN) must have a unique name.
IP ADDRESS
The IP address (using dotted decimal notation) assigned to this interface. The IP address applies to
LAN type interfaces and WAN type interfaces only. Each LAN interface must be configured with
a unique IP address.
Workgroup Remote Access Switch
107
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
SUBNET MASK
The Subnet Mask value (the number of significant bits for the subnet mask) associated with the IP
address specified for this interface. The Subnet mask is specified by entering the number of
contiguous bits that are set for the mask. The mask bits start at the most significant bit of the IP
address field and proceed to the least significant bit. Subnet Mask applies to LAN, WAN, and WAN
RLAN type interfaces only. WAN Direct Host network interfaces use the subnet mask from the
associated LAN network interface.
PORT
If the interface type is LAN, then this indicates the port number on the Ethernet-2 resource to which
the physical LAN for this interface is connected. The LAN port can support multiple network
interfaces.
If the interface type is WAN Direct Host, then this indicates the port number on the Ethernet-2
resource of which this interface is a logical extension.
ENCAPSULATION
If the interface is LAN or WAN RLAN, this specifies the encapsulation type for IP datagrams
transferred on this interface. Ethernet type encapsulation specifies that IP datagrams are
transferred in standard Ethernet frames as specified in RFC-894. SNAP type encapsulation specifies
that IP datagrams are transferred in 802.3 format frames using the Sub Network Access Protocol
(SNAP) as specified in RFC-1042.
For multiple LAN network interfaces, you may specify different encapsulations for each.
MTU
This specifies the maximum number of bytes that can be transmitted on the network interface.
Some devices on the network may not be able to receive large data packets. This parameter allows
you to maintain compatibility with these devices by setting the MTU to agree with that supported
by the device. This parameter is a decimal value from 60 to 1500, depending on the type of
datagram encapsulation selected.
For multiple LAN network interfaces, you may specify different MTU sizes for each.
PROXY ARP
You may enable or disable proxy ARP for a LAN or RLAN interface. Proxy ARP helps hosts, with
no routing knowledge, communicate with hosts on other IP subnets. It works as follows: when a
CyberSWITCH receives an ARP request for a host that is not on the same IP subnet as the requester,
the CyberSWITCH checks to see if it provides the best route to the remote host. If it does, the
CyberSWITCH will reply to this ARP request with its own MAC address. The host that has sent the
ARP request then communicates with the remote host by sending packets to the CyberSWITCH.
The CyberSWITCH will forward those packets using standard IP routing.
For multiple LAN network interfaces, the setting on the primary network interface also applies to
all secondary network interfaces configured for the physical LAN port. You cannot change the
proxy ARP setting on secondary network interfaces.
TRANSMIT BROADCAST ADDRESS
Specifies the transmit broadcast address on numbered interfaces (meaning all interfaces except
interfaces that have been defined as unnumbered). This information is used by all network
applications (protocols) that use broadcasting capabilities. There are five selections available for the
transmit broadcast address. The first four selections are produced from the IP address that is
108
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
IP Network Interfaces
entered for the interface. For example, if the IP address of the interface is 199.120.211.98, the portion
of the menu displaying the available transmit broadcast addresses would appear as:
Transmit Broadcast Address:
1) 199.120.211.255
2) 199.120.211.0
3) 255.255.255.255
4) 0.0.0.0
5) Specify Explicitly
Enter Transmit Broadcast Address [default = 1]? 1
In almost all cases, the default transmit address is used (1). The only time any of the other numerical
addresses are used is if the default has been configured, and the machines are not responding to IP
RIP or some other broadcast protocol. If this happens, try the other Transmit Broadcast Address
menu selections. Some older UNIX machines may work with selection (2) or (4). Regardless of
which address is selected, the goal is to allow broadcasts from the defined interface to all devices
on the local network.
If you plan to exchange IP RIP packets with devices connected over dedicated links or semi-
permanent connections, select Specify Explicitly. You can then explicitly specify the device (only
one) with which the CyberSWITCH will be exchanging packets. You may also select this option to
support a unicast address feature for a numbered WAN interface. (See RIP Send Control options.)
This will avoid sending packets to all remote devices on the IP network.
TRANSMIT BROADCAST IP ADDRESS
Requested only if you selected Specify Explicitly for the transmit broadcast address. The IP address
of the device with whom the CyberSWITCH will be exchanging RIP packets.
For multiple LAN network interfaces, you must have an associated transmit broadcast address for
each interface.
INPUT/ OUTPUT FILTER NAME
A filter is a list of conditions which modifies the normal processing flow of packets. You may
specify the name of a predefined input and/or output filter for the primary interface on a LAN port.
All secondary interfaces assigned to the same LAN port are subject to the actions specified by these
filters. When configuring a secondary LAN interface, you cannot change the filter information.
RIP INFORMATION
(See individual Send Control, Receive Control, Respond Control and Authentication Control
elements). You may configure one set of RIP parameters for the primary network interface on a
LAN port. All other secondary interfaces assigned to the same LAN port are subject to the same
actions specified by these parameters. When configuring a secondary LAN interface, you cannot
change the RIP information.
You may also configure a set of RIP parameters for each RLAN or numbered WAN interface.
Workgroup Remote Access Switch
109
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IP RIP SEND CONTROL
If IP RIP is enabled for a specific interface (LAN, WAN RLAN, and/ or numbered WAN interfaces),
an IP RIP send control must be selected. This element controls how IP RIP update messages are sent
on an IP RIP interface. There is a different default value depending on the type of interface
configured. The default value is automatically preconfigured when IP RIP is enabled.
The following tables provide the possible options for IP RIP send control.
For LAN and WAN RLAN interfaces:
Send Control Options
Do Not Send*
IP RIP v1**
Description
RIP Version Sent
(none)
Indicates no IP RIP packets to be sent.
Compliant with RFC 1058. Uses standard
(broadcast) addressing.
RIP v1
IP RIP v1 Compatible Uses RFC 1058 route subsumption rules with
standard (broadcast) addressing
RIP v2
RIP v2
IP RIP v2
Compliant with RFC 1723. Uses standard
(multicast) addressing
(*) The default switch for WAN RLAN interface.
(**) The default switch for LAN interfaces.
For numbered WAN interfaces:
Send Control Options
Do Not Send*
IP RIP v1
Description
RIP Version Sent
(none)
Indicates no IP RIP packets to be sent.
Compliant with RFC 1058. Use with unicast
RIP v1
IP RIP v1 Compatible Uses RFC 1058 route subsumption rules. Use
option)
RIP v2
RIP v2
IP RIP v2
Compliant with RFC 1723. Uses standard
(multicast) addressing
(*) The default switch for numbered WAN interfaces.
IP RIP RESPOND CONTROL
If IP RIP is enabled for a specific interface, then designation of this element is required.
This element controls how the system responds to IP RIP requests on the interface. The default
value is automatically preconfigured when IP RIP is enabled.
110
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
IP Network Interfaces
The following table provides the possible choices for IP RIP respond control.
Switch
Meaning
Do Not Respond
This switch indicates responding to no IP RIP
requests at all.
IP RIP v1 Only
IP RIP v2 Only
This switch indicates responding only to IP RIP
requests compliant with RFC 1058.
This switch indicates responding only to IP RIP v2
requests compliant with RFC 1723.
IP RIP v1 or IP RIP v2 * This switch indicates responding with the same IP
RIP version format as the version of the request.
*The default switch.
IP RIP RECEIVE CONTROL
If IP RIP is enabled for a specific interface, then this element is required.
This controls which version of IP RIP updates are to be accepted. The default value is automatically
preconfigured when IP RIP is enabled.
The following table provides the possible choices for IP RIP receive control.
Switch
Meaning
Do Not Receive
This switch indicates accepting no IP RIP updates
at all.
IP RIP v1 Only
IP RIP v2 Only
This switch indicates accepting only IP RIP
updates compliant with RFC 1058.
This switch indicates accepting only IP RIP v2
updates compliant with RFC 1723.
IP RIP v1 or IP RIP v2 * This switch indicates accepting either IP RIP v1 or
IP RIP v2 updates.
* The default switch.
IP RIP V2 AUTHENTICATION CONTROL
If IP RIP is enabled for a specific interface, this element is required.
This controls the type of authentication the CyberSWITCH uses on the interface. The default value
is automatically preconfigured when IP RIP is enabled.
Workgroup Remote Access Switch
111
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
The following table provides the possible choices for IP RIP v2 authentication control
Type Meaning
No Authentication * This control type indicates that IP RIP v1 and
unauthenticated IP RIP v2 messages are accepted.
Simple Password
This control type indicates that IP RIP v1 messages
and IP RIP v2 messages which pass authentication
test are accepted. The authentication test is done
using a simple password.
* This is the default switch.
IP RIP V2 AUTHENTICATION KEY
If IP RIP is enabled for a specific interface, this key is required if the following condition has been
met: the “IP RIP v2 Authentication Control” has been configured with a value other than “No
Authentication.” The authentication key is a user-defined password, 1-16 characters in length.
IP RIP HOST ROUTES PROPAGATION SCHEME
If RIP is enabled for a WAN interface, this is required. This controls how the IP RIP packets will be
propagated. The default value is “Host Routes Propagation is currently DISABLED.” With the
default, WAN local routes are propagated as subnetwork routes. If Host routes propagation is
enabled, host routes will be propagated on other network interfaces only while each remote IP
device is connected to the CyberSWITCH.
When the IP RIP host propagation scheme is enabled, it will allow multiple systems on the same
LAN to work properly. IP RIP information is then advertised as multiple host routes as they
connect to the CyberSWITCH.
For more information, refer to the diagrams and explanation provided on WAN interfaces
IP NETWORK INTERFACE BACKGROUND INFORMATION
Network Interface is a term used to represent the physical connection of the system to a data
network. For example, the Ethernet resource provides a network interface to an Ethernet LAN. The
ISDN lines provide network interfaces to multiple remote networks. Because of their switched
nature, the ISDN lines provide virtual network interfaces. That is, the same physical ISDN line can
actually connect to different remote networks by dialing a different phone number.
A bridge device refers to its network interfaces as ports. It simply forwards packets from one port
to another without looking at the network protocol information. A typical ISDN bridge has one
Ethernet port and one ISDN port.
In a network that uses the IP protocol for communication, a flexible network interface structure can
be implemented. An IP network uses the IP network address as a basis for device communication.
IP networks can be segmented into a hierarchical structure by using the subnet addressing
provided by the IP protocol. IP hosts can be assigned to a specific subnet based on management
and user needs. All IP hosts connected to a virtual or physical subnet must have the same subnet
address.
112
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
IP Network Interfaces
An IP Host device has only one network interface that it uses for data transfer. This network
interface is assigned an IP address and belongs to one subnet. A remote IP host typically uses an
ISDN line for this network interface. All data is sent through this network interface.
An IP router device can have multiple network interfaces. Each of these are assigned an IP address
and belong to a separate subnet. The IP router looks at the IP network information in a packet and
uses this to decide to which network interface the packet should be forwarded.
The CyberSWITCH provides a set of network interfaces that give you a wide range of flexibility.
The network interfaces provided are:
•
•
•
•
•
LAN IP Network Interface
WAN IP Network Interface
WAN (Direct Host) IP Network Interface
WAN (RLAN) IP Network Interface
WAN (UnNumbered) IP Network Interface
With IP routing enabled, you must specify each network interface and its associated subnet
information. This allows the System to route IP data between network interfaces. In this mode, IP
Hosts and IP routers can connect to the system. Even MAC layer bridge devices can connect to the
system and use IP protocols through a IP RLAN Network Interface.
With the LAN, WAN and WAN(RLAN) IP interfaces, you may enable the Routing Information
Protocol (RIP). If RIP is enabled (automatically enabled with new installs; not enabled in upgrades),
there will be extra information required for configuring LAN type interfaces (LAN and RLAN
interfaces) and WAN interfaces. This is because IP RIP uses these types of interfaces to propagate
The following table provides the IP Network Interfaces and the associated remote devices that use
these interfaces.
IP Network Interface Type
Associated Remote Device
WAN
IP Host (RFC1294)
PPP
WAN (Direct Host)
WAN (RLAN)
IP Host (RFC1294)
PPP
HDLC Bridge
PPP
WAN UnNumbered
PPP
The LAN IP Network Interface is used to define the subnet information for an Ethernet port. This
subnet is usually connected to the central IP network. You must configure a LAN IP Network
Interface if you have any devices that need to communicate over the local network. You may
optionally configure additional secondary LAN IP network interfaces on the same LAN port.
Workgroup Remote Access Switch
113
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
The WAN IP Network Interface is used to define remote IP devices (hosts or routers) that require
access to the central network. This network interface represents a different subnet than that
connected to a LAN network interface. The WAN IP Network Interface is used for both IP Host and
PPP remote devices.
The WAN (Direct Host) IP Network Interface allows you to extend the LAN subnet to remote devices.
The WAN (Direct Host) IP Network Interface is used for IP Host and PPP remote devices. When
configuring a WAN (Direct Host) interface, you must specify the Direct Host interface name and
its associated LAN interface. You may also specify filters and DHCP proxy client information for
this interface type. Note that the RIP feature is not supported for this interface.
The RLAN (Remote LAN) IP Network Interface allows remote MAC layer bridge devices to connect
to an IP subnet. The CyberSWITCH treats all devices connected to the RLAN Network Interface as
if they were connected to the same Ethernet segment. The system provides an explicit IP router
presence on this RLAN that is implemented over ISDN. IP Address Resolution requests are
intelligently propagated to remote bridged networks connected on the RLAN network interface.
The WAN RLAN Network Interface is used for HDLC Bridge and PPP remote devices.
The WAN (UnNumbered) Interface allows you to configure an IP WAN interface without assigning
an IP address to it. With this feature, unnecessary logical IP sub-network numbers for the WAN
connections do not have to be created; therefore, IP sub-network numbers can be saved. Note that
if a WAN (UnNumbered) Interface is configured, you must first add any devices that will be used
as next hop devices (for static routes), before you can configure the static routes themselves. This is
because you will need to enter the device’s name for the next hop device, and you will not be
allowed to do this if you have not already configured the device.
The UnNumbered Network Interface allows you to configure an IP WAN Interface without
assigning an IP address to it (for PPP devices only). Unnecessary logical IP (sub-) network numbers
can be saved. The Quick Start’s section regardingCyberSWITCH Connectivity via PPP illustrates the
associated steps needed to set up an UnNumbered Interface for PPP devices.
Basically, for each PPP device that shares the UnNumbered interface, you must:
•
•
•
Configure an IP LAN Network Interface (if not already configured).
Add a WAN UnNumbered Interface (if not already configured).
Skip ahead to the main menu Security selection (3), and add the device that will be used as the
next hop device. You must do this because to add the static route for an UnNumbered interface,
you need to enter another system’s (a device’s) name for the next hop device. To do this, you
must already have a device configured.
•
•
When entering the device list information for the system that will act as the next hop, enter
0.0.0.0 as the device’s IP address because this is an UnNumbered network interface.
Return to the options configuration and add a static route to the other system(s) sharing the Un-
Numbered Interface, using the other system’s name as the next hop device.
Note: The RIP feature is not supported for UnNumbered WAN Interfaces.
The following diagrams provide examples of each interface type. The variety of network interfaces
available allows you to install a wider range of devices at the remote sites.
114
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
IP Network Interfaces
File
Server
Subnet 128.1.1.0
Host
128.1.1.8
128.1.1.3
(128.1.1.2 uses WAN Direct Host Interface)
Host
128.1.1.1
128.1.1.2
Interfaces:
LAN Interface 128.1.1.1
WAN Direct Host Interface
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
192.2.2.1
WAN Interface 192.2.2.1
both WAN Interfaces use
one PRI line
Subnet 192.2.2.0
Needed for
WAN Interface
ISDN
192.2.2.3
Router
198.1.2.3
Subnet 198.1.2.0
(Uses WAN Interface)
Example 1: LAN, WAN and WAN Direct Host Interfaces
In example 1, we show three different types of network interfaces and the IP subnets that are used.
It should be noted that even though the CyberSWITCH only has one physical connection to the
WAN, it has more than one logical connection. Also, each one of these logical interfaces can be in
different subnetworks.
•
The LAN interface is the simplest. It specifies the IP address (128.1.1.1) which connects the sys-
tem to the Ethernet LAN. In our example, only one LAN interface is configured.
•
The Direct Host interface doesn’t have an IP address. Devices that use the Direct Host interface
must have an IP address that is on the same subnet as one of the configured LAN interfaces.
Since only one LAN interface is configured, that IP address must correspond to the one config-
The WAN interface in this example is used to connect two IP subnets (128.1.1.0 and 198.1.2.0).
A separate subnet (192.2.2.0) is required to connect the subnets. If the remote router supports
unnumbered interfaces (such as Example 2), then the connecting subnet would not be required.
•
Workgroup Remote Access Switch
115
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
File
Server
Subnet 128.1.1.0
Host
128.1.1.8
128.1.1.3
CSX1200
128.1.1.1
Interfaces:
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2
B5 B7
B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
B
1
B
1
6
B
2
B
2
8
B
3
0
L
LAN Interface 128.1.1.1
131.3.3.1
RLAN Interface
131.3.3.1
Host
WAN UnNumbered Interface
both WAN Interfaces use
one PRI line
ISDN
Bridge
131.3.3.2
Host
Subnet 131.3.3.0
(Uses RLAN Interface)
CSX1200
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
193.3.3.1
Subnet 193.3.3.0
193.3.3.3
(Uses UnNumbered WAN Interface)
Example 2: LAN, WAN UnNumbered, WAN Remote LAN Interfaces
In example 2, the WAN UnNumbered interface is used to eliminate an unnecessary IP Subnet. The
RLAN interface is unique in that it extends the IP network over the WAN to remote devices which
access the network using a bridge device. Thus it makes a simple bridge device appear to be an IP
router. This is accomplished by having the system extend its Ethernet to handle the ARPs for the
remote bridge.
116
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
IP Network Interfaces
IP RIP AND THE IP NETWORK INTERFACES
Routing Information Protocol (RIP) is a protocol used to exchange routing information among IP
devices. Using IP RIP can automate the maintenance of routing tables on IP devices and relieve you
of having to keep the routing tables up to date manually. IP RIP determines the shortest path
between two points on a network in terms of the number of “hops” between those points.
LAN type interfaces (LAN and RLAN Interfaces) and WAN interfaces are used by devices to
advertise the IP RIP information. The type of interface used for IP RIP depends on the network
configuration. Different interface information must be configured depending on the type of
interface used to propagate the IP RIP information.
Devices used to directly connect two LANs use a LAN interface for IP RIP information
propagation. The example network shown below illustrates this type of network.
Network 1 (1.0.0.0)
LAN Interface 1 1.0.0.1
"SITE1"
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
Network 2 (2.0.0.0)
LAN Interface 2 2.0.0.1
LAN Interface 3 2.0.0.2
"SITE2"
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B
1
7
B
1
9
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
1
8
B
2
0
B
2
6
B
2
8
B
3
0
L
1
Network 3 (3.0.0.0)
LAN Interface 4 3.0.0.2
In the above example, both systems (SITE1 and SITE2) need no static routes. SITE1 will learn about
Network 3 that can be reached via SITE2 by listening to the IP RIP advertisements from SITE2.
SITE2 will also learn about Network 1 in the same way. After learning this route information, the
routing tables on SITE1 and SITE2 are updated. Basically, RLAN IP RIP interfaces function in the
same manner.
For both LAN type interfaces to function properly with IP RIP, additional LAN interface
information is configured. The additional information includes: IP RIP Send Control, IP RIP
Respond Control, IP RIP Receive Control, IP RIP v2 Authentication Type, and IP RIP v2
Authentication key. The definitions of these configuration elements are included in the section
Devices used to connect a logical network to another network use a WAN interface for IP RIP
advertisements. Example networks follow which illustrate the different types of networks that
would use an IP RIP WAN interface.
Workgroup Remote Access Switch
117
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
See illustration, Example 1. Because SITE1 is the only CyberSWITCH that is connected to the logical
network, it is reasonable for SITE1 to advertise the IP RIP information on Network 3 as subnetwork
routes, meaning that SITE1 will always advertise the remote IP devices’ IP RIP information.
Network 1 (1.0.0.0)
i/f 1 1.0.0.1
R 1
i/f 2 2.0.0.1
Network 2 (2.0.0.0)
i/f 1 2.0.0.2
"SITE1"
CSX1200
LAN
B-CHANNELS
B9 B11
E1 ONLY
B25 B27
B29 B31
-
iB7
B17 B19
i
RX 10BASE
POWER
B1 B3
B2 B4
B5
B
1
3
B
1
5
B
2
1
B
2
3
SERVICE
TX
-
T
1
C2
-
-
-
E1
D
T1
Y
-
N
B10 B12
B14 B16
D
B
6
B
8
B
1
8
B
2
0
B
2
2
B
2
4
B
2
6
B
2
8
B
3
0
L
1
i/f 2 3.0.0.2
3.0.0.11
3.0.0.12
ISDN
Network 3
(3.0.0.0)
3.0.0.13
WAN RIP Interfaces: Example 1
Suppose there is a second CyberSWITCH that belongs to the logical Network 3, as shown in
Example 2. It is better for SITE1 and SITE2 to advertise the IP RIP information for each of the
remote devices on the logical network on each IP Host device as it connects to the system.
118
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
IP Network Interfaces
Network 1 (1.0.0.0)
i/f 1 1.0.0.1
R 1
i/f 2 2.0.0.1
Network 2 (2.0.0.0)
i/f 1 2.0.0.3
i/f 1 2.0.0.2
LAN
B-CHANNELS
E1 ONLY
LAN
B-CHANNELS
E1 ONLY
POWER
B1 B3
B2 B
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B2B24
B
2
5
B
2
7
B
2
9
B
3
1
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
5
B
2
7
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
E1
D
T1
D
B
0
B
1
2
B
1
4
B
1
B
2
B
2
8
B
3
0
L
1
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
CSX1200
i/f 2 3.0.0.3
i/f 2 3.0.0.2
3.0.0.11
CSX1200
3.0.0.12
ISDN
Network 3
(3.0.0.0)
3.0.0.13
WAN RIP Interfaces: Example 2
For the WAN interface to function properly with IP RIP, additional WAN interface information is
configured. The additional information required involves selecting one of the following: disabling
host routes propagation (needed for Example 1), or enabling host routes propagation (needed for
Example 2). The definition of this configuration element is included in the section Network Interface
Workgroup Remote Access Switch
119
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Currently, IP RIP is not supported across an UnNumbered WAN interface. For example, in the
following network setup, SITE1 could not advertise IP RIP information across the UnNumbered
WAN IP Interface to Router 2 (R2). Therefore, SITE1 would know about Networks 1 and 2, but
would not learn anything about Network 3. In this situation, a static route would have to be
configured on the CyberSWITCH. For information on the configuration of static routes, refer to
Network 1 (1.0.0.0)
i/f 1 1.0.0.1
R 1
i/f 2 2.0.0.1
Network 2 (2.0.0.0)
i/f 1 2.0.0.2
CSX1200
"SITE1"
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
BB4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B2
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
B
1
B
1
6
B
2
6
B
2
8
B
3
L
1
i/f 2
Static Route needed
for SITE1 to R2
ISDN
R 2
3.0.0.2
Network 3 (3.0.0.0)
IP RIP OVER DEDICATED CONNECTIONS
IP RIP is supported over LAN, Remote LAN, and numbered WAN interfaces. When devices are
connected over WAN links in which cost is not a major concern, such as dedicated links and semi-
permanent connections, RIP can be used to provide dynamic IP routing capability, as illustrated in
the following example:
Because each IP WAN network interface on the CyberSWITCH is configured for a logical IP
network, various types of physical interfaces (such as V.35 and ISDN BRI) may belong to the same
IP network interface. To avoid sending broadcast packets to all remote devices on an IP network,
you explicitly specify with which device (only one) the system should exchange RIP packets.
120
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
IP Network Interfaces
CSX5500
Z
1.1.1.3
CSX1200
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B
B21 B23
B2B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
1
B
2
6
B
2
8
B
3
0
L
1
ISDN
1.1.1.2
Dedicated
Connection
1.1.1.1
CSX1200
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
In the previous graphic, the WAN network interface 1.1.1.1 on SITE1 is used to connect to a
dedicated line and an ISDN line. You need to specify to which remote device, either SITE2 or SITE3,
SITE1 should exchange RIP packets. If it is necessary to run the RIP between SITE1 and SITE3 as
well as between SITE1 and SITE2, then another WAN network interface (for example, 2.1.1.1 on
SITE1 and 2.1.1.3 on SITE3) must be configured, as illustrated:
CSX5500
Z
"SITE3"
2.1.1.3
CSX1200
"SITE1"
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
ISDN
1.1.1.2
Dedicated
Connection
1.1.1.1
2.1.1.1
"SITE2"
LAN
B-CHANNELS
E1 ONLY
POWER
B1 B3
B2 B4
B5 B7
B6
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B8 B20
B21 B23
B22 B24
B
2
5
B
2
7
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
B
2
6
B
3
0
L
1
CSX1200
Workgroup Remote Access Switch
121
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IP HOST OPERATING MODE AND THE IP NETWORK INTERFACES
Only one network interface can be configured when the IP operating mode is host. The network
interface configuration is not much different from the others available in router mode except that
the following configuration items will not be asked:
•
•
•
Network Interface Type
Network Interface Name
IP RIP Send Control
USING MULTIPLE IP ADDRESSES
You may use multiple IP addressing for system backup and/ or network flattening
implementations. A discussion of both follows.
Redundant Configurations for Backup
To implement a backup system, you will need two CyberSWITCHs with redundant configurations
and a VRA manager.
LAN interfaces on the CyberSWITCH will have primary LAN and IP addresses and may optionally
have one or more secondary MAC and IP addresses. You can dynamically add secondary MAC and
IP addresses under the control of the VRA workstation.
Typically, you would use primary MAC and IP addresses when transmitting datagrams directly to
a particular CyberSWITCH node, and secondary MAC and IP addresses when transmitting
datagrams through the CyberSWITCH to other nodes. You would then use the VRA manager to
monitor identically configured CyberSWITCH nodes on the same LAN. Should the VRA manager
notice some condition which prevents one of the CyberSWITCH nodes from properly performing
its function (for example, “link down”), it will order the other CyberSWITCH node to take over the
faulty node’s duties. The other CyberSWITCH node does so by taking on the identity (the MAC
and IP addresses) of the faulty node.
Network Flattening
With IP networks, the total number of available IP addresses is a finite number, and that number is
rapidly diminishing. Hosts are typically assigned static addresses; they generally require extensive
local configuration in order to operate properly within their defined networks. To allow the IP
networks to become more easily and efficiently manageable, we suggest a network flattening
approach. Network flattening is a concept which can:
•
•
remove the address hierarchy from the network, and
remove the requirements that all end nodes need to know the topology of the network (or the
address of the default router) to which they attach.
With network flattening, you may draw IP addresses for new nodes from remaining address space
from attached subnets. This more efficiently uses the network’s address space, since multiple
subnets may coexist on the same physical network. The following features help implement the
concept of network flattening:
•
Proxy ARP
Hosts on flattened networks believe that any host they wish to reach is on a network directly
attached to them. When a local device on a flattened network is attempting to communicate
122
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
IP Network Interfaces
with a remote device on a different subnet, the local device will ARP for the remote host’s MAC
address.
Since routers do not forward ARP requests across subnets, ARPs sent for hosts which are not
on the same physical network segment will go unanswered. The proxy ARP feature will
potentially generate an ARP reply for remote hosts. If the CyberSWITCH determines that it
provides the best route to the remote device, it will respond with an ARP reply containing the
MAC address of the CyberSWITCH. Further communication between the two hosts will then
be routed through the CyberSWITCH.
•
Secondary IP Addressing
If only one IP network interface (i.e., one subnet) per LAN port is configured, any traffic from
hosts on different subnets attached to the LAN port would be dropped.
With the secondary IP addressing feature, multiple IP network interfaces may be configured
for each LAN port. All existing subnets which are to be reached will have an associated IP
network interface on the CyberSWITCH. By allowing each LAN port to be configured with
multiple IP network interfaces, the CyberSWITCH can route packets from hosts on any of the
subnets attached to the LAN port. (See following example.)
Example: IP Host Communications in Flattened Networks
To communicate with destination hosts which are not on the same physical wire, you must have a
router attached to the edge of the flattened network which can forward packets to those destination
networks. In the following illustration, we are using a CyberSWITCH as our “edge” router:
1.1.1.1
2.2.2.1
Host B
Host A
2.2.2.2
1.1.1.2
3.3.3.3
LAN
B-CHANNELS
E1 ONLY
B25 B27
B29 B31
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
CSX1200
ISDN
Host D
1.1.1.3
Host C
Workgroup Remote Access Switch
123
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
When a local host ARPs for a remote host, the CyberSWITCH (with Proxy ARP enabled)
determines if it provides the best route to the destination. If it does, it will reply to the ARP request
with its own MAC address.
•
•
Suppose Host A wishes to contact Host D. Since Host A thinks every other host is local, it will
broadcast an ARP request. The CyberSWITCH, which is on the same physical wire as Host A,
will receive the ARP request on one of its LAN network interfaces. The CyberSWITCH makes
the determination that it provides the best route to Host D, and generates an ARP response con-
taining its own MAC address. Host A then communicates with Host D by sending packets to
the CyberSWITCH edge router. The CyberSWITCH forwards packets to the remote destination
using standard IP routing.
Suppose Host B wishes to contact Host C. Host B broadcasts an ARP request. The CyberSWITCH
knows that Host C is reachable over a WAN (Direct Host) interface; Host C is considered a log-
ical extension of network 1.x.x.x. The CyberSWITCH generates an ARP response, containing its
own MAC address. Host B then communicates with Host C by sending packets to the Cyber-
SWITCH. The CyberSWITCH forwards the packets over the WAN to Host C.
STATIC ROUTES
CONFIGURING STATIC ROUTES
You only need to configure Static Routing entries if you need to access a WAN network that is not
directly connected to the system, or if you need to access a LAN network through a router that does
not support IP RIP. Static Routes specify the IP address of the next hop router or gateway that
provides access to this network.
USING CFGEDIT
1. Select Static Routes from the IP menu.
2. When asked if this is a default route, answer “N” for no (for a definition of default routes, refer
3. Enter the destination address of the designation (sub-) network or host.
4. Enter the subnet mask.
5. Enter the next hop address of the next hop gateway that provides access to the target (sub-)
network or host.
6. Enter the metric value (usually the number of routers between the CyberSWITCH and the
destination.
7. Enter the IP RIP propagation control (determines how a static route is propagated via IP RIP).
124
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
Static Routes
USING MANAGE MODE COMMANDS
iproute
Displays the current IP static routing configuration data. The meaning of each displayed field
for a route entry is:
DESTINATION
IP address for the destination network or host.
SUBNET-MASK
Subnet mask value for the destination network or host. A value of 255.255.255.255 indicates
that this entry is for a specific IP host.
NEXT HOP
IP address or device name for the next hop router that provides access to the destination
network or the host.
METRIC
Hop count to the destination network or the host.
iproute add
Allows an IP static route to be added to the current configuration. The required configuration
elements are explained below:
IS THIS THE DEFAULT ROUTE?
Select whether or not this route is the default route or a route to a specific network that has been
previously configured. The default route is a form of a static route that is useful when there are
a large number of networks that can be accessed through a gateway. Care must be taken when
specifying a default route. All IP datagrams that specify a destination IP address that do not
have an explicit routing table entry will be sent to the default route. If this destination IP
address is unreachable, it could result in a large amount of unnecessary network traffic.
IP-ADDRESS
The Destination IP address using dotted decimal notation. 000.000.000.000 is used to specify the
default route coupled with Subnet-Mask value 000.000.000.000.
SUBNET-MASK
The number of significant bits for the subnet mask using dotted decimal notation. The mask
bits start at the most significant bit of the IP address field and proceed to the least significant
bit. If this is a host specific route entry, the mask value must be 255.255.255.255. Use the default
if you are unsure of this value.
NEXT HOP
IP address using dotted decimal notation for the next hop router that provides access to the
network or the host specified by IP address. Next hop should be on the network directly
connected to a LAN interface or one of the CyberSWITCH IP sites. If next hop is one of the
system’s IP sites, the IP address for that site should be used.
METRIC VALUE
Hop count to the destination network or the host.
Workgroup Remote Access Switch
125
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IP RIP PROPAGATION CONTROL
The IP RIP propagation control determines how a static route is propagated via IP RIP. The
following table provides an explanation of how a IP RIP propagation control flag is assigned to
a static route.
Flag
Meaning
Propagate Always This flag indicates that the route information is always
propagated via IP RIP.
This flag is available when the next hop is over a LAN
or a WAN interface.
Propagate only
when the Next
Hop is Connected
This flag indicates that the route information is
propagated via IP RIP only when the next hop router is
connected to the system.
This flag is available when the next hop is over a LAN
or a WAN interface.
Do Not Propagate
This flag indicates that the static route information is not
propagated over the interface.
This flag is available only when the next hop is over a
WAN interface.
iproute change
Allows an existing IP static route to be changed.
iproute delete
Allows an IP static route to be deleted from the current configuration.
STATIC ROUTE CONFIGURATION ELEMENTS
DESTINATION IP ADDRESS
IP address using dotted decimal notation that specifies the destination (sub-) network or host.
SUBNET MASK
The Subnet mask for the destination (sub-) network. A subnet mask of 255.255.255.255 implies that
this static route entry is for a host rather than a (sub-) network. The Subnet mask is specified by
entering the number of contiguous bits that are set for the mask. The mask bits start at the most
significant bit of the IP address field and proceed to the least significant bit.
NEXT HOP ADDRESS
IP address using dotted decimal notation (or if an unnumbered WAN interface is used, this
configuration element is the device name) for the next hop gateway that provides access to the
target (sub-) network or host. The IP address (or the device name) of the Next Hop must be on the
(sub) network connected to a defined interface.
METRIC VALUE
The administrative distance to the destination of the entry. The administrative distance is typically
measured by the number of hop counts (number of routers) between the CyberSWITCH and the
destination, but it is up to you to assign proper value to each route entry. If multiple routes exist to
the same destination, the route with the least metric value will be chosen as its primary route. Care
must be taken when assigning the metric value of 0, because it is interpreted that the destination is
126
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
Static Routes
reachable directly and therefore no intermediate router will be used. The default metric value is 2.
The range of metric values for static routes is from 0 to 15.
You may manipulate the metric value to promote a certain default route, or to impede a default
route from being used. For example, if there is a route that in reality has several hops, but they are
all over LAN connections, you may want to assign a low metric to this route so that a route is taken
that is local, thus, no toll charges. Or, perhaps there is a route with a low number of hops, but the
connection is over a WAN. You may want to assign this route a high number of hops to limit toll
charges, in case there is a local route that could be used.
IP RIP PROPAGATION CONTROL
This controls how a static route is propagated via IP RIP. The following table provides an
explanation of how a IP RIP propagation control flag can be assigned to a static route.
Flag
Meaning
Propagate Always
This flag indicates that the route information is
always propagated via IP RIP.
This flag is available when the next hop is over a
LAN or a WAN interface.
Propagate only when the
Next Hop is Connected
This flag indicates that the route information is
propagated via IP RIP only when the next hop router
is connected to the system.
This flag is available when the next hop is over a
LAN or a WAN interface.
Do Not Propagate
This flag indicates that the static route information is
not propagated over the interface.
This flag is available only when the next hop is over
a WAN interface.
Workgroup Remote Access Switch
127
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
STATIC ROUTE BACKGROUND INFORMATION
You only need to configure Static Routing entries if you need to access a WAN network that is not
directly connected to the system, or if you need to access a LAN network through a router that does
not support IP RIP. Static Routes specify the IP address of the next hop router or gateway that
provides access to this network.
The following diagram gives an example of a static route definition.
Host
156.1.0.0
Router
192.1.1.2
128.1.1.3
ISDN
WAN Direct Host
Interface
WAN Interface
192.1.1.1
Static Route
IP Address 156.1.0.0
Next Hop 192.1.1.2
Line
Line
Line
Line
LAN
RX
1
2
3
4
POWER
CH-1
CH-2
CH-1
CH-2
CH-1
CH-2
CH-1
CH-2
Service
TX
10BASE
-
T
S
Y
N
D
-
A
N
S
Y
N
C
D
-
C
H
A
N
S
Y
D
-
C
H
N
S
Y
N
D
-
C
H
CSX1200
128.1.1.1
LAN Interface
128.1.1.2
Static Route
IP Address 131.1.0.0
Next Hop 128.1.1.2
Router
131.1.0.0
In the above diagram, the Static Route entry indicates that access to IP Network 156.1.0.0 is
available through the external router at 192.1.1.2.
A static route is not needed for the CyberSWITCH to access WAN Direct Host 128.1.1.3. Because
these two devices are directly connected, (note that the IP addresses are on the same subnet), that
route will automatically be established through the system’s IP RIP capabilities.
A static route is not needed for system access to IP network 131.1.0.0 through 128.1.1.2 because that
route will also be automatically established through the system’s IP RIP capabilities.
128
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
Default Routes
DEFAULT ROUTES
CONFIGURING DEFAULT ROUTES
The default route is a form of static route that is useful when there are a large number of networks
that can be accessed through a gateway. However, care must be taken when specifying a default
route. All IP datagrams with a destination IP address that do have an explicit routing table entry
will be sent to the default route. If this destination IP address is unreachable, it could result in a
large amount of unnecessary network traffic.
USING CFGEDIT
1. Select Static Routes from the IP menu.
2. When asked if this is a default route, answer “Y” for yes (for a definition of non-default routes,
3. Enter the next hop address of the next hop gateway that provides access to the target (sub-)
network or host.
4. Enter the metric value (usually the number of routers between the CyberSWITCH and the
destination.
5. Enter the IP RIP propagation control (determines how a static route is propagated via IP RIP).
USING MANAGE MODE COMMANDS
a subset of static routes. The same Manage Mode commands are used to configure both type of
routes.
DEFAULT ROUTE CONFIGURATION ELEMENTS
NEXT HOP ADDRESS
IP address using dotted decimal notation (or if an unnumbered WAN interface is used, this
configuration element is the device name) for the next hop gateway that provides access to the
target (sub-) network or host. The IP address (or the device name) of the Next Hop must be on the
(sub-) network connected to a defined interface.
METRIC VALUE
The administrative distance to the destination of the entry. The administrative distance is typically
measured by the number of hop counts (number of routers) between the CyberSWITCH and the
destination, but it is up to you to assign proper value to each route entry. If multiple routes exist to
the same destination, the route with the least metric value will be chosen as its primary route. The
default metric value is 1. The range of metric values for default routes is from 1 to 15.
You may manipulate the metric value to promote a certain default route, or to impede a default
route from being used. For example, if there is a route that in reality has several hops, but they are
all over LAN connections, you may want to assign a low metric to this route so that a route is taken
that is local, thus, no toll charges. Or, perhaps there is a route with a low number of hops, but the
Workgroup Remote Access Switch
129
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
connection is over a WAN. You may want to assign this route a high number of hops to limit toll
charges, in case there is a local route that could be used.
IP RIP PROPAGATION CONTROL
This controls how a default route is propagated via IP RIP. The following table provides an
explanation of how a IP RIP propagation control flag can be assigned to a default route.
Flag
Meaning
Propagate Always
This flag indicates that the route information is
always propagated via IP RIP.
This flag is available when the next hop is over a
LAN or a WAN interface.
Propagate only when the
Next Hop is Connected
This flag indicates that the route information is
propagated via IP RIP only when the next hop router
is connected to the system.
This flag is available when the next hop is over a
LAN or a WAN interface.
Do Not Propagate
This flag indicates that the static route information is
not propagated over the interface.
This flag is available only when the next hop is over
a WAN interface.
ROUTING INFORMATION PROTOCOL (RIP) OPTION
Routing Information Protocol (RIP) is a protocol used to exchange routing information among IP
devices. Using IP RIP can automate the maintenance of routing tables on IP devices and relieve you
of keeping the routing tables up to date manually. IP RIP determines the shortest path between two
points on a network in terms of the number of “hops” between those points.
ENABLING/DISABLING IP RIP
USING CFGEDIT
1. If you are installing new system software, the IP RIP processing is enabled by default if IP
routing has been enabled. Therefore, if you have already enabled IP routing, you do not need
to enable IP RIP. If you are upgrading software, the IP RIP processing is not enabled by default;
you will need to enable IP RIP.
2. To enable IP RIP:
a. Return to the IP menu and enable IP routing if you have not already done so.
b. Select RIP (Enable/Disable) from the IP menu, and follow the on-screen instructions for
enabling IP RIP.
130
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING BASIC IP ROUTING
Routing Information Protocol (RIP) Option
USING MANAGE MODE COMMANDS
iprip
This command tells you if IP RIP is currently enabled or disabled.
iprip off
If IP RIP is enabled, this command allows you to disable IP RIP.
iprip on
If IP RIP is disabled, this command allows you to enable IP RIP.
IP RIP CONFIGURATION ELEMENTS
IP RIP STATUS
The status IP RIP may be enabled or disabled.
IP RIP BACKGROUND INFORMATION
IP RIP is a protocol used to exchange routing information among IP devices. Using IP RIP can
automate the maintenance of routing tables on IP devices and you of manually keeping the routing
tables up-to-date. IP RIP determines the shortest path between two points on a network in terms of
the number of hops between those points.
If routing is enabled, and IP RIP is enabled, there will be default IP RIP information configured
under for LAN type interfaces and WAN interfaces. This configuration information is defined in
Notes: WAN connection information is propagated on LAN connections. Currently, IP RIP is
supported over:
•
•
•
LAN
WAN (Remote LAN)
numbered WAN
RIP is supported over WAN (RLAN) and numbered WAN links regardless of type of telco
access (dedicated, semi-permanent dial-up, or normal dial-up). Typically, however, it is
enabled over usage-sensitive WAN links, such as dedicated or semi-permanent dial-up.
Workgroup Remote Access Switch
131
Download from Www.Somanuals.com. All Manuals Search And Download.
SECURITY
The CyberSWITCH provides a great variety of security options. These options include device level
security, user level security, a combination of the two, or if preferred, no security. There are
different ways to authenticate, as well as different locations (both local and remote) to store security
information. This segment addresses these areas.
We include the following chapters in the Security Configuration segment of the User’s Guide:
The “Big Picture” of how our standard security options work, and how they interoperate.
Instructions for enabling the level of security you wish to use for security. You may choose to
enable no security, device level security, user level security, or both device and user level
security.
Instructions for enabling system options, such as PPP Link security, for configuring system
information, such as a system password, and for configuring secure yet flexible administration
sessions.
Instructions for configuring an on-node device database (formerly known as the local user list)
and enabling an off-node device database. Off-node device databases supported are: VRA
Manager and RADIUS.
Instructions for enabling an off-node database with user level security. User level databases
supported are: RADIUS, TACACS, and ACE.
Instructions for configuring an off-node server, such as VRA Manager, RADIUS, TACACS, and
ACE.
Instructions for configuring general network login information, network login banners, and
information specific to RADIUS and TACACS servers.
Download from Www.Somanuals.com. All Manuals Search And Download.
SECURITY OVERVIEW
OVERVIEW
Security is an important issue to consider when you are setting up a network. The CyberSWITCH
provides several security options, and this chapter describes the “Big Picture” of how these options
work and interoperate. This information will better equip you to proceed with the following phases
of security configuration:
These phases of security configuration are described in detail in the following chapters.
SECURITY LEVEL
The first phase of security configuration is selecting the type of security for your network. The
CyberSWITCH offers the following options for Network Security:no security, device level security,
user level security, or device and user level security.
If you opt to use no security, for example with a bridged network, no further security configuration
is required. No database is needed for this option.
Device level security is an authentication process between internetworking devices. Authentication
happens automatically without any human intervention. The devices authenticate each other using
a specific authentication protocol, based on preconfigured information. Both bridges and routers
support device level security.
If you select device level security for your network, you may specify to use the on-node database,
VRA Manager, or RADIUS for the authentication database.
User level security is an authentication process between a specific user and a device. In contrast to
the device level security, this authentication process is performed interactively. Interactive user
security may use security token cards. Token cards are credit card-sized devices. The system
supports a security token card called SecurID, provided by Security Dynamics.
The SecurID card works on a “passcode” concept, which consists of three factors:
•
•
•
the user’s name
the user’s password
a dynamically-generated value (from the SecurID card)
If you select user level security for your network, you may specify to use RADIUS (with limited
capabilities), TACACS, or ACE server.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Multilevel security provides both user level security and device level security for local (on-node)
database, Radius, and SFVRA. This provides added protection; first, a device will be authenticated,
and then a particular user (on the device) will be authenticated.
The feature also allows the configuration of an on-node device database at the same time as an off-
node device database. Calls first check the on-node database (if enabled) and then the off-node
database for the correct device. Authentication is based on device information received from the
first matching database.
SYSTEM OPTIONS AND INFORMATION
The second phase of security configuration involves the proper setting of administrative security
options. We have thus far defined the selected type of security we plan to use. We now need to
enable security options, provide system information, and configure administrative sessions.
System Options: You need to enable/ disable PPP Link Security, Bridge MAC Address Security, IP
Host ID Security, or Calling Line ID Security, based upon your network requirements.
System Information: You need to assign a system name, password, and secret to the CyberSWITCH
for identification purposes.
Administrative Session Information: You can achieve secure administration sessions with flexible
control through the configuration of certain options, such as:
•
•
Selecting an authentication database for administration sessions.
You may select an on-node database, a RADIUS server, a TACAS Server, or an ACE Server.
Specifying an inactivity session time-out.
Since there are only a limited number of sessions available, this avoids the problem of
administrator lockout because a user forgets to logout from the system.
Restricting Telnet access.
This is done by allowing you to set the number of possible administrative Telnet sessions.
Telnet access to the CyberSWITCH can be disabled, or the number of Telnet sessions can be
limited to less than 3.
•
•
Accessing an emergency Telnet Server session.
To access an emergency Telnet Server session, you first need to configure an emergency Telnet
Server port. If the system administrator needs a Telnet session and all available Telnet sessions
are in use, they can then Telnet into this emergency port and disconnect inactive Telnet sessions
and begin a session of their own.
DEVICE LEVEL DATABASES
If device level security or multi-level security has been chosen, then the next phase of security
configuration involves setting up a device level authentication database, and then specifying the
location of that database.
The CyberSWITCH provides dial in/ dial out access for remote devices via ISDN connections. The
information required to authenticate the remote device is maintained in a database that the system
queries during connection establishment. The system allows this “device database” to be located in
several optional environments.
134
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SECURITY OVERVIEW
User Level Databases
These environments include an on-node database and a variety of off-node, central authentication
databases. The on-node database contains a list of valid devices that can access the network
resources connected to the CyberSWITCH. This list of valid devices is configured and stored
locally. A central database allows a network with more than one CyberSWITCH to access one
database for device authentication. Supported central authentication databases for device level
security include: VRA Manager, and RADIUS.
USER LEVEL DATABASES
If user level security or multi-level security has been chosen, then the next phase of security
configuration involves enabling an off-node user level authentication database, and then
specifying the Telnet port used to access that database. User level security is only available through
an off-node authentication server. Servers supported are: RADIUS, TACACS, and ACE.
OFF-NODE SERVER INFORMATION
If an off-node authentication server has been chosen for device or user level security, then the next
phase of security configuration requires that these servers are appropriately configured in the
system.
The SecureFast Virtual Remote Access Manager (VRA Manager) is an off-node, central database
supported by the CyberSWITCH. VRA Manager is installed on a Windows NT system that is local
to the network. It operates with an SQL Server that can store data for thousands of users. A TCP
connection allows the CyberSWITCH to communicate with the VRA Manager.
The Remote Authentication Dial-In User Service (RADIUS) is a central database supported by the
CyberSWITCH. RADIUS operates using two components: an authentication server and client
protocols. The RADIUS Server software is installed on a UNIX-based system that is local to the
network. The client protocols allow the CyberSWITCH to communicate with the RADIUS server,
ultimately authenticating devices.
The Terminal Access Controller Access Control System (TACACS) is a database supported by the
CyberSWITCH. TACACS operates using two components: client code and server code. TACACS
server software is installed on a UNIX-based system connected to the CyberSWITCH network. The
client protocols allow the system to communicate with the TACACS server, ultimately
authenticating devices.
Access Control Encryption (ACE) is a database supported by the system. ACE operates using two
components: client code and server code. The ACE Server software is installed on a UNIX-based
system connected to the network. The client protocols allow the CyberSWITCH to communicate
with the ACE Server, ultimately authenticating users.
NETWORK LOGIN INFORMATION
The last phase of security configuration involves configuring network login information. If you are
using User Level Security or Multilevel Security, you may customize banners and login
configuration to suit the needs of your particular installation. You may also specify the number of
login attempts and password change attempts. Specific login elements, such as prompt order, for
RADIUS and TACACS are defined here.
Workgroup Remote Access Switch 135
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SECURITY LEVEL
OVERVIEW
The CyberSWITCH offers the following levels of network security: no security, device level
security, user level security, or device and user level security. The network security level
determines the type of security you want activated on your network. As the name implies, no
security is used if you configure your network security level as “no security.” Device level security
and user level security provide a flexible amount of security, but each secure a different entity:
•
Device level security is an authentication process between internetworking devices. The authen-
tication happens automatically without any human intervention.
•
User level security is an authentication process between a specific user and a device. In contrast
to the device level security, this authentication process is performed interactively.
The combination of both device and user level security supports user authentication on top of
device level authentication. Often referred to as multilevel security, this option increases the
security on your network. First, authentication takes place at the device level. If the system meets
these requirements, then user level security begins by telneting to the appropriate authentication
server.
Note: The default value on your initial configuration is device level security, with only CHAP
security enabled.
The following picture illustrates two different levels of security. The picture on the left represents
User Level Security. The users, not the devices, are authorized before they are allowed access. This
would be advantageous, for example, for a user traveling to different areas, using different devices,
but still needing access. No matter what device the user is on, the user can be authenticated.The
picture on the right represents device level security. The devices are authenticated before access is
allowed, no matter who the specific user may be. The device level authentication process is
transparent to the user.
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SECURITY LEVEL
Overview
LAN
B-CHANNELS
E1 ONLY
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B2
B
2
5
B
2
7
B
2
9
B
3
1
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
B
2
6
B
2
8
B
3
0
L
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
ISDN
ISDN
ISDN Router
Plan what level(s) of security you will use, and configure them now. You will later assign and
configure authentication databases to the network security level you configure and to
administration sessions. The table below identifies the types of authentication databases that are
applicable (specified by yes) for each type of network security and for administration sessions.
Database
Device Level
Security
User Level
Security
Administration
Sessions
On-Node
RADIUS
TACACS
ACE
yes
yes
no
no
yes
yes
yes
no
yes
yes
yes
yes
no
no
VRA
yes
Manager
Workgroup Remote Access Switch
137
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
NO SECURITY
CONFIGURING NO SECURITY
USING CFGEDIT
1. To begin the configuration of an on-node database or any of the Security Database options, start
at the main menu and progress through the screens as shown below:
Main Menu:
1) Physical Resources
2) Options
3) Security
4) Save Changes
Select function from above or <RET> to exit: 3
Security Menu:
1) Security Level
2) System Options and Information
3) Device Level Databases
4) User Level Databases (Enable/Disable)
5) Off-node Server Information
6) Network Login Information
Select function from above or <RET> for previous menu: 1
2. Select Security Level from the Security Menu. The following menu is then displayed:
Security Level Menu:
1) No Security
2) Device Level Security
3) User Level Security
4) Device and User Level Security
Current Security Level is "Device Level Security".
Select function from above or <RET> for previous menu: 1
3. Press (1) to change the security level to No Security. Follow the onscreen instructions. Note that
if you have a previously configured on-node device database, all entries will be lost.
USING MANAGE MODE
seclevel
Displays the current security level configuration data.
138
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SECURITY LEVEL
Device Level Security
DEVICE LEVEL SECURITY
CONFIGURING DEVICE LEVEL SECURITY
USING CFGEDIT
1. Select Device Level Security from the Security Level Menu. If you need guidance to find this
device level database.
USING MANAGE MODE
seclevel
Displays the current security level configuration data.
DEVICE LEVEL SECURITY BACKGROUND INFORMATION
Device level security is an authentication process between internetworking devices, in which
authentication takes place automatically. Both bridges and routers support this form of
security.Device level security is available to the network locally through the On-node Device
Database or remotely through the VRA Manager or RADIUS Server.
Device level security is the default configuration. Through device level security, you have several
options for validating remote devices and providing security for the network. The security options
available are dependent on the remote device type and the line protocol in use.
The following tables summarize information needed for different device types:
Interface Type
WAN
Associated Remote
Device Type
Security
Required?
IP Host
PPP
optional
optional
WAN (Direct Host)
WAN (RLAN)
IP Host
PPP
HDLC Bridge
PPP
REQUIRED
REQUIRED
WAN
PPP
(UnNumbered)
Device Type
PPP
Security Options
CLID, CHAP, PAP
CLID, MAC Address Security
CLID, IP Host ID
HDLC Bridge
IP Host
Note: For further information regarding network interfaces and their corresponding
configuration elements, refer to the network interface information refer to the network
Workgroup Remote Access Switch
139
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
OVERVIEW OF DEVICE AUTHENTICATION PROCESS
When a remote device connects, the CyberSWITCH negotiates the required authentication. It then
collects the information which is used to identify and authenticate the remote device. The system
compares this collected information against information maintained in a device database. If the
information collected from the remote device matches the information found in the database, the
connection is valid and the device is allowed access to network resources. If the collected
information does not match the information in the database, the connection is disconnected.
The device database can be maintained either locally on the CyberSWITCH itself, or on a server,
central to the network. When an on-node device database is used, device information is configured
either directly through the CFGEDIT configuration utility or through using Manage Mode
commands.
It is also possible to configure and maintain device information on an off-node, central device
database. This could be useful for networks with a large number of devices or several systems. Only
one device database would need to be configured and maintained. The Remote Authentication Dial
In User Service (RADIUS) and the SecureFast Virtual Remote Access (VRA) Manager are the off-
node, central databases currently supported by the system. The RADIUS Server option is available
for PPP/ IP devices (with CHAP or PAP security), HDLC bridge devices, and RFC 1294 devices.
USER LEVEL SECURITY
CONFIGURING USER LEVEL SECURITY
USING CFGEDIT
1. Select User Level Security from the Security Level Menu. If you need guidance to find this menu,
level database.
USING MANAGE MODE
seclevel
Displays the current security level configuration data.
USER LEVEL SECURITY BACKGROUND INFORMATION
User level security is an authentication process between a specific user and a device. The
authentication process is interactive; users connect to a terminal server and need to interact with it
in order to communicate with other devices beyond the server. The CyberSWITCH supports user
level security through the RADIUS, TACACS, or ACE server.
User level security supports the following devices:
•
•
PPP devices
HDLC bridges
140
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SECURITY LEVEL
User Level Security
The following sections provide information regarding authentication via SecurId cards, system
requirements for user level security, and the authentication process with user level security.
AUTHENTICATION USING A SECURITY TOKEN CARD
The CyberSWITCH supports interactive, user level security through the TACACS or ACE server
programmed for use with security token cards. Token cards are credit card-sized devices. These
cards are widely used throughout the computer industry for authentication. This concept of
authentication is now available to ISDN connections via the CyberSWITCH. The CyberSWITCH
version of user level security supports a security token card called SecurID, provided by Security
Dynamics.
The SecurID card works on a “passcode” concept, which consists of two factors:
•
•
a known value (the device’s password)
a dynamically-generated value (from the SecurID card)
Note: For more information specific to the SecurID card, refer to the documentation provided by
Security Dynamics Technologies Inc.
The user is prompted for the passcode value at login. The following description illustrates how the
user level authentication process works:
The CyberSWITCH provides user level security by having the remote user establish a Telnet
connection to the system. While the remote user is being authenticated, a data filter is placed on the
connection. This filter only allows the Telnet session traffic to flow over the connection between the
user and the CyberSWITCH. During the Telnet session, the system collects user information (user
Id, password and maybe dynamic password) and requests authentication from the configured
server. Once the user is authenticated, the data filter is removed from that connection. All remote
user data is now forwarded on the connection.
If the user fails to be authenticated, the connection is released. The user must establish a new
connection and perform validation again.
If the ISDN connection is released by either the ISDN network or by the remote device, the system
treats this as a new authentication session and starts the validation sequence over.
Note that when a user establishes the Telnet connection to the CyberSWITCH, the user needs to
Telnet into a special TCP port configured for the type of authentication the user wishes to use. For
example, to get validated through the TACACS authentication server, the user needs to Telnet into
port 7000 (the default value for the TACACS port). Different port numbers are used for other types
of authentication servers such as RADIUS or ACE.
The following picture shows the relationship between the security server, an end user, and the
computer that prompts for the input. The security clients and the security server communicate with
each other using some special protocol, such as TACACS.
Workgroup Remote Access Switch
141
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Security Server
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B
B5 B7
BB8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B2
B21 B23
BB24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
B
B
1
6
B
2
6
B
2
B
3
L
1
ISDN
SYSTEM REQUIREMENTS
When providing user level security for the CyberSWITCH, you must establish Remote User-to-
LAN Connectivity (like terminal servers). You may not establish LAN-to-LAN Connectivity as
routers usually do.
There are two different ways of establishing Remote User-to-LAN Connectivity:
•
•
through IP Routing
through Bridging
IP Routing connectivity refers to the connectivity between the CyberSWITCH and a remote device
that can transfer IP datagrams over ISDN without MAC headers (such as an IP/ PPP host device).
Bridging connectivity refers to the connectivity between the CyberSWITCH and a remote user
(computer) that is connected to the system through the ISDN bridge device. The remote computer
and the ISDN bridge may be implemented as one device like the Bridge/ PPP device or the
WaveRunner in the Combinet emulation mode.
You must configure your CyberSWITCH keeping these stipulations in mind. Once your system is
properly configured, and your authentication server is properly configured, you may access user
level security by performing the following:
•
•
making the appropriate Telnet connection
responding correctly to the LOGIN prompts
142
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SECURITY LEVEL
User Level Security
AUTHENTICATION PROCESS WITH USER LEVEL SECURITY
Making a Telnet Connection
In order to access user level security, you must first establish a Telnet connection to the
CyberSWITCH. Depending upon your application, the prompts or procedures may vary; however,
the information you need to provide is as follows:
•
•
•
host name: provide the IP address of the CyberSWITCH
port #: provide the port number of the authentication server that is connected to the system
emulation: VT100
Note that the system must be connected to the authentication server on the local LAN. Use the
default value of the port number for the authentication server (RADIUS 7001, TACACS 7000, ACE
7003), unless you have changed this value in CFGEDIT. The emulation default is VT100. No change
is required.
Once the Telnet connection is established, you will be prompted with a login screen.
Responding to LOGIN Prompts
The login display may vary, depending upon your database location, and the prompt order you
have configured. Responses to prompts may vary, depending upon whether or not you have a
security token card, and the type of security token card you have. The ACE and TACACS servers
support the SecurID card; the RADIUS server does not.
If using the RADIUS server for user level authentication, enter your user Id and password onto
your remote machine.
If using the ACE or TACACS server for user level authentication, procedure depends upon type of
security token card.
With the SecurID PINPAD card, you enter your password onto the SecurID card, which in turn
generates a dynamic password or passcode.
With the SecurID non-PINPAD card, you enter your password onto your remote machine. You
then check your SecurID card for its current dynamic password or passcode.
The difference in card function is that the PINPAD card generates a dynamic password or passcode
based upon your password entry; the non-PINPAD card generates a new dynamic password based
upon an elapsed period of time.
Refer to the section below that summarizes the login procedure required for the type of server you
are using.
RADIUS:
does not use security token card
1. Enter login Id.
2. Enter password.
Workgroup Remote Access Switch
143
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
TACACS:
with PINPAD SecureID Card
1. Enter login Id (remote machine).
2. Enter password onto SecurID card, which generates a dynamic password.
3. Enter dynamic password onto remote machine’s password prompt.
4. Press <RET> key when prompted for dynamic password.
with non-PINPAD SecureID Card
1. Enter login Id (remote machine).
2. Enter password (remote machine).
3. When prompted for a dynamic password, enter the dynamic password that is currently
displayed on your SecurID card onto your remote machine.
ACE:
with PINPAD SecureID Card
1. Enter login Id (remote machine).
2. You will be prompted for a passcode. To generate a passcode, enter your PIN onto the
SecurID card. The SecurID card will then generate a passcode.
3. Enter the SecureID passcode at the remote machine prompt.
with non-PINPAD SecureID Card
1. Enter login Id (remote machine).
2. At the passcode prompt, enter your 4-digit PIN followed by the 6-digit dynamic password
on your SecurID card. (This makes up your passcode).
Note: Password (RADIUS) is an encrypted password value, 1 to 12 ASCII characters in length.
Password or PIN (TACACS or ACE) is a personal identification number, 1 to 4 numeric
characters in length. Dynamic password or passcode is the 6-digit numeric value generated
by the SecurID card.
DEVICE AND USER LEVEL SECURITY
CONFIGURING DEVICE AND USER LEVEL SECURITY
USING CFGEDIT
1. Select Device and User Level Security from the Security Level Menu. If you need guidance to find
order to select and configure the device level database and the user level database.
USING MANAGE MODE
seclevel
Displays the current security level configuration data.
144
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SECURITY LEVEL
Device and User Level Security
DEVICE AND USER LEVEL BACKGROUND INFORMATION
Multi-level security (device and user level) provides you with increased security options for your
network. This feature supports device level security for all remote devices. User-level
authentication can be performed on top of device level authentication for IP, IPX, AppleTalk and
bridge users. Only users configured for user level authentication will be required to do so. Refer to
the following illustration of a sample IP network configured for multilevel security.
PC
CSX1200
Service
Server
sys name: Ollie
Device Table
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
PC
name: Zoe
Internet
Scally
PC
CSX1200
CSX1200
1.1.1.2
1.1.1.1
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B4
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
ISDN
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
sys name: Sparky
Ace Server
sys name: Zoe
Device Table
name: Zoe
Device Table
name: Sparky
name: Ollie
Simon
The network security level has been configured for both device level and user level security.
Certain remote devices, such as Ollie, are able to dial-in and are only authenticated at the device
level. However, remote devices, such as Sparky, are configured in the device level database to be
authenticated at the user level as well as at the device level.
For example, Scally is using the PC on the LAN attached to Sparky, a CSX1200. Scally needs to
download some files off of the Service Server, which is on the LAN connecting to Zoe, a CSX1200.
Upon initiation of Scally’s call, device level authentication begins. Zoe checks its on-node device
database to see if Sparky is a valid device, and whether its IP address and password are also valid.
If valid, Zoe allows the connection, however a data filter is placed on the connection. This filter only
allows Telnet session traffic to flow over the connection between Zoe and Sparky. User level
authentication begins when Scally telnets to the IP address 1.1.1.1, port 7003, which is the port
assigned to the ACE server. Zoe sends the user level login prompt to Scally’s PC. Once Scally
completes the login and password information, Zoe relays this data to the ACE Server. If Scally is
a valid user in the ACE database and provides the correct login and password, Zoe removes the
restrictive filter so he may access the Service Server, or any other system on that LAN. Now that
Scally has been properly authenticated, any users on his LAN may access the systems attached to
Zoe. For example, while Scally is downloading files, Simon could boot up his PC and access the
Internet without going through the authentication process.
Workgroup Remote Access Switch
145
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SYSTEM OPTIONS AND INFORMATION
OVERVIEW
System options include security options for remote devices. The security required for the
authentication of each device will depend on the information you have entered for that device.
are required only if there are remote devices on the network that require this information for
system validation.
control. Administration security enhancements include selecting a database server for
administration sessions and specifying an inactivity time-out. In addition, you can restrict Telnet
access by setting the number of possible administrative Telnet sessions, and you can configure
another Telnet port to accept an emergency Telnet Server session.
SYSTEM OPTIONS
CONFIGURING SYSTEM OPTIONS
USING CFGEDIT
1. Select Security from the main menu.
2. Select option (2), System Options and Information from the Security Menu. The following screen
be displayed:
System Options and Information Menu:
1) System Options
2) System Information
3) Administrative Session
Select function from above or <RET> for previous menu: 1
3. Select (1) System Options. The following screen will be displayed:
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SYSTEM OPTIONS AND INFORMATION
System Options
System Options Menu:
PPP Link:
1) PAP Password Security
2) CHAP Challenge Security
ENABLED
ENABLED
HDLC Bridge Link:
3) Bridge MAC Address Security
ENABLED
ENABLED
ENABLED
IP Host (RFC 1294) Link:
4) IP Host Id Security
ISDN:
5) Calling Line Id Security
Id of the Option to change or <RET> for previous menu:
Notes: It is not necessary to disable a security option, even if you are not using the option. The
security required for the authentication of each device will depend on the information
you have entered for that device. If, for some reason, you wish to disable an option,
select the Id of the option and press <RET>.
The CSX1200, CSX1000, and CSX150 no longer connect to devices which use the RFC
1294 protocol to define their datalink headers. For these particular products only,
disregard (i.e., do not select) the IP Host (RFC 1294) Link option on the System Options
Menu.
SYSTEM OPTIONS CONFIGURATION ELEMENTS
CALLING LINE ID SECURITY
Validates the Calling Line information received when an ISDN connection is made. The system will
compare the incoming Calling Line Id with the value configured (if any) in the Device List. If the
numbers are identical the connection will be established. Otherwise, the system will reject the
incoming call.
When the Calling Line Id security is enabled, entering a Calling Line Id for each remote device is
optional. When two remote devices share the same line (a single point-multipoint ISDN line), they
can also configure the same Calling Line Ids if they both also have some other type of
authentication configured (for example, PAP, CHAP, or Bridge MAC Address Authentication).
The following table illustrates the dependencies between other authentication methods and the
Calling Line Id authentication:
Workgroup Remote Access Switch
147
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
PAP
Authentication
CHAP
Authentication
Bridge MAC
Address
Calling Line Id
Authentication
Authentication
Yes
No
Yes
No
No
No
No
Yes
No
Optional
Duplicates allowed for
these Devices.
No
No
No
Optional
Duplicates allowed for
these Devices.
Optional
Duplicates allowed for
these Devices.
Required
Duplicates not allowed.
Note: If a system is brought on line with a device that has a required Calling Line Id that is a
duplicate of another device’s Calling Line Id, and no other type of authentication is used,
a warning message is logged at initialization. Every attempt to connect the device
thereafter will result in an error message being logged and the call being rejected.
PAP PASSWORD SECURITY
PAP Security provides a method for the Device to identify itself to the system using a 2-way
handshake. If PAP Password Security is enabled, and a PAP Password has been configured for the
Device, the following holds true:
•
After the initial connection is made, the Device Name and Password are repeatedly sent by the
remote device to the system. The system will look up the received Device Name in the Device
List.
•
•
•
•
If the Device Name is not found, the call is disconnected.
If the Device Name is found the system will validate the password.
If the password does not match, the call will be disconnected.
If PAP Password Security is enabled, and a PAP Password has not been configured for the De-
vice, Password validation is not performed.
CHAP CHALLENGE SECURITY
An authentication phase between the remote device and the system begins with sending a CHAP
challenge request to the remote device. The CHAP request contains a string of bytes known as the
challenge value, which is changed on each challenge. Using the hash algorithm associated with
CHAP, the remote device transforms the challenge value plus its secret into a response value. The
remote device sends this output of the hash function, along with its symbolic name, to the system
in a CHAP response.
Within the Device Table entry for each remote device which will be authenticated via CHAP, the
system maintains the remote device’s secret. The name in the remote device’s CHAP response is
used to locate the Device Table entry, and consequently the secret used by the remote device. Using
the same hash function, the system computes the expected response value for the challenge with
that secret. If this matches the response value sent by the remote device, a successful authentication
has occurred. The system can optionally be configured to repeat the CHAP challenge process
periodically throughout the life of the connection. An invalid response to a CHAP challenge at any
time is deemed a security violation, which causes a switched link to be released.
148
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SYSTEM OPTIONS AND INFORMATION
System Options
The above process applies to the system’s authentication of the remote device. It is also possible that
the remote device may wish to authenticate the system itself, a desire that is also negotiated during
the LCP initialization of the link. Enabling CHAP via configuration also permits the system to agree
to be authenticated via CHAP during LCP negotiation. In the same manner that each remote device
has a name and secret, the system itself is configured with a system-wide name and secret that are
used to respond to CHAP challenges.
Note: When both CHAP and PAP are enabled, the system will request the CHAP protocol first.
If the remote device agrees to CHAP, then the secret that is configured for the device must
match the one that the remote device uses. If the remote device agrees to PAP then the
passwords must match. If only one of either PAP or CHAP is enabled, the system will insist
on that protocol only. If the remote device does not support the enabled protocol, the
device will not be allowed
BRIDGE MAC ADDRESS SECURITY
If bridging is enabled, you have the option of enabling Bridge Ethernet Address Security. Bridge
MAC Address Security may also be enabled if IP routing through a Virtual WAN interface is
enabled. This security option allows you to configure specific Bridge Ethernet Addresses and an
optional password on a per device basis. When Bridge Ethernet Address security is enabled, the
System will look up the received Ethernet address in the Device List. If the address is not found,
the call is disconnected. If the address is found and the corresponding device entry is configured
with a password, the System will validate the password. If the password is not valid, the call will
be disconnected.
IP HOST ID SECURITY
To enable IP Host Id Security, you must first enable IP routing. IP Host Id Security provides added
security through device validation. At connection establishment time, the Device sends an
unencrypted IP Host identifier over the WAN to the System. The System looks up the Device based
on the received IP Host identifier. If the identifier is found in the Device List, the call is accepted.
Otherwise the call is disconnected.
SYSTEM OPTIONS BACKGROUND INFORMATION
When a remote device connects, the CyberSWITCH negotiates the required authentication. In
order for the remote device to be properly authenticated, the CyberSWITCH must have the
appropriate authentication enabled. If the CyberSWITCH does not have the authentication
required by the remote device enabled, the remote device will not be authenticated and the call will
be disconnected.
The possible security options that can be enabled include:
•
•
•
•
•
Calling Line Id
IP Host Id
Bridge Ethernet Address
PAP
CHAP
Workgroup Remote Access Switch
149
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
The following table summarizes the identifying and authenticating information used by each
remote device type to connect to the system:
Device Type
Identifier
Authenticator
HDLC Bridge
(MAC Layer
Bridge)
Bridge Ethernet
Address
Bridge Ethernet Address
Optional: Password
Optional: Calling Line Id
or
Calling Line Id
IP Host
IP Host Id
IP Host Id
(with RFC 1294
encapsulation)
Optional: Calling Line Id
PPP
Device Name
CHAP Secret
or
PAP Password
Optional: Calling Line Id
SYSTEM INFORMATION
CONFIGURING SYSTEM INFORMATION
USING CFGEDIT
1. Select option (2), System Information from the System Options and Information menu. If you
configuration section. The following screen will be displayed:
System Information Menu:
1) System Name
2) System Password
3) System Secret
is "ralph"
is "ralph"
is "ralph"
Select function from above or <RET> for previous menu: 1
2. Select the option you wish to configure and press <RET>. Follow the onscreen instructions to
configure the option you select. These values are required only if there are remote devices on
the network that require this information for system validation.
SYSTEM INFORMATION CONFIGURATION ELEMENTS
SYSTEM NAME
The System Name is a user-defined name for the CyberSWITCH. This name is preconfigured, but
may be changed. It is from 1 to 17 ASCII characters in length. The System Name is only used if there
are remote devices on the network that require this information for system validation. This name
is passed in the name field during PAP negotiation.
150
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SYSTEM OPTIONS AND INFORMATION
Administrative Session
SYSTEM PASSWORD
The System Password is a user-defined password that is only required if there are remote devices
on the network that require this information for system validation. This is passed in the password
field during PAP negotiation. This password can be from 1 to 17 ASCII characters in length.
SYSTEM SECRET
The System Secret is a user-defined shared secret that only needs to be configured if there are
remote devices on the network that require this information for system validation. The same
System Secret must also be configured on the remote device. The Shared System Secret is used
during CHAP negotiation. The System Secret can be from 1 to 17 ASCII characters in length.
SYSTEM INFORMATION BACKGROUND INFORMATION
The System Information is only required if remote devices on the network require this information
for system validation. The System Name is passed during both PAP and CHAP negotiation. The
System Password is passed during PAP negotiation. The System Secret is the CHAP Secret used
during CHAP negotiation.
ADMINISTRATIVE SESSION
CONFIGURING ADMINISTRATIVE SESSIONS
USING CFGEDIT
1. Select Security from the main menu.
2. Select Administrative Session from the Security Menu. The following menu is then displayed:
Administrative Session Menu:
1) Authentication Database Location
2) Session Inactivity Timeout
3) Number of Admin Telnet Sessions
4) Telnet Server TCP Port Number
is On-node
is DISABLED
is 3
is 23
5) Emergency Telnet Server Port Number is 9000
Select function from above or <RET> for previous menu: 1
3. Select option (1) to configure the authentication database location for the administration
sessions. The following menu will be displayed:
Administrative Session Database Location Menu:
Database Location
1) On-node
2) VRA
3) RADIUS
4) TACACS
5) ACE
Current Database Location is "On-node".
Select function from above or <RET> for previous menu:
Workgroup Remote Access Switch
151
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
4. You may specify an authentication database location for administrative sessions that is
different from the user authentication database location.
Note: If you select RADIUS, TACACS, or ACE, you must be sure that the selected server is
active before you initiate an administrative session.
5. From the Administrative Session menu select (2) Session Inactivity Timeout. The following
prompt is displayed:
Enter the Session Inactivity Timeout value in minutes.
Use "0" to disable the Session Inactivity Timeout [default = disabled]?
6. Follow the onscreen instructions to set the session inactivity timeout session.
7. From the Administrative Session menu, select (3) Number of Admin Telnet Sessions. The
following prompt is displayed:
Enter the number of Telnet allowed for administrative sessions.
Use "0" to disable the Telnet Server [default = 3]? 1
8. Follow the onscreen instructions to configure the number of administrative Telnet sessions you
wish to allow. Up to three sessions are possible.
Note: To have any Telnet sessions, you must first enable IP.
9. To change the value of the port number, select (4) Telnet Server TCP Port Number from the from
the Administrative Session menu.
10. Follow the onscreen instructions for entering the port number.
11. Select option (5) Emergency Telnet Server Port Number from the Administrative Session menu.
12. Follow the onscreen prompts to configure the port number.
USING MANAGE MODE
admlogin
Displays the current administration session configuration.
admlogin change
Displays the Administration Session Configuration Menu screen, allowing you to change the
ADMINISTRATIVE SESSION CONFIGURATION ELEMENTS
DATABASE LOCATION
The authentication database location for administration sessions. This database location may be
different from the user authentication database. The default database location is the on-node device
database.
152
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SYSTEM OPTIONS AND INFORMATION
Administrative Session
TIMEOUT VALUE
Allows you to terminate login sessions after the configured “time-out value” length in time. If “0”
is entered, the value will be disabled. The time-out will be enabled by entering a number greater
than 0. The range is from 0 to 1,440 minutes.
NUMBER OF SESSIONS
This value disables, or limits the number of Telnet administrative sessions allowed. The default
value and the maximum value is 3. If 0 is entered, the Telnet server will be disabled.
TELNET SERVER TCP PORT NUMBER
The port number of the Telnet Server TCP Port. The default value is 23.
EMERGENCY TELNET SERVER TCP PORT NUMBER
The port number for emergency Telnet sessions. The default for this emergency port is 9000.
ADMINISTRATIVE SESSION BACKGROUND INFORMATION
ALTERNATIVE DATABASE LOCATION BACKGROUND INFORMATION
In addition to using the local password file to validate a remote device who wishes to login to the
CyberSWITCH, you may also choose to use an off-node database server such as TACACS or ACE.
Using the off-node server allows you to share the password file on the database server for multiple
systems. It may also provide more secure access to the CyberSWITCH: some of the platforms are
PCs, and files on those platforms could be changed, while the database server can be physically
more secure.
As an alternative to the local password file, the user can now use security token cards along with
the TACACS or the ACE server, which provide the use of dynamic, one-time password capability.
SESSION INACTIVITY BACKGROUND INFORMATION
This option may be set to terminate login sessions after a configured inactivity timeout period.
Since there are only a limited number of sessions available, this avoids the problem of
administrator lockout because a user forgets to logout from the system.
NUMBER OF ADMINISTRATIVE TELNET SESSIONS BACKGROUND INFORMATION
Whenever IP routing is enabled, three Telnet sessions are available for system administration.
Telnet access is a very useful method to manage the CyberSWITCH remotely, but there may be a
case where it is desirable to disable the Telnet access for security reasons. With this configuration
option, Telnet access to the system can be disabled, or the number of Telnet sessions can be limited
to less than 3.
TELNET SERVER TCP PORT NUMBER BACKGROUND INFORMATION
TCP stands for Transmission Control Protocol, which uses IP to deliver its packets. The default
value for this port is 23. However, if you choose to use a different port number, you may adjust this
value through CFGEDIT. The Client must be aware of the port number you have configured.
Workgroup Remote Access Switch
153
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
EMERGENCY TELNET SERVER PORT NUMBER BACKGROUND INFORMATION
There are some Telnet client programs that do not clear Telnet connections when terminating
Telnet sessions. Since they do not clear the Telnet connections, those connections stay alive and
soon all Telnet sessions are used up. Once this happens, no more Telnet sessions can be established
until the inactivity timer of one of the sessions expires.
However, if the idle timer of the administrative session is disabled, you may need to reboot the
CyberSWITCH. To avoid this, a special Telnet server that uses a particular TCP port is provided. If
you Telnet into this special server (the Emergency Telnet Server) you will be placed into a session
which prompts you for an action on each of the existing Telnet sessions.
The emergency Telnet session allows you to terminate Telnet sessions only when all Telnet sessions
are used up. An emergency Telnet server is available to clean up dead Telnet sessions. This Telnet
server needs a unique port number in order to function.
The following example screen illustrates a successful emergency Telnet session:
Emergency Telnet session active
Enter password(s) for ’ADMIN’ user.
Enter password: ******
Login-Id Sess-Id Date/Time
-------- ------- ------------ ---------- -------- ------------------------
ADMIN 257 May 20 12:34 800 MANAGE Telnet (199.120.211.70)
Idle (sec) Command Type (From)
Do you wish to terminate this session (Y or N) [default = Y]? <RET>
Login-Id Sess-Id Date/Time
-------- ------- ------------ ---------- -------- ---------------
ADMIN 511 May 20 12:30 1025 SHELL 199.120.211.71
Idle (sec) Command Type (From)
Do you wish to terminate this session (Y or N) [default = Y]? <RET>
Login-Id Sess-Id Date/Time
-------- ------- ------------ ---------- -------- ---------------
ADMIN 734 May 20 12:35 740 LOGIN 199.120.211.69
Idle (sec) Command Type (From)
Do you wish to terminate this session (Y or N) [default = Y]? <RET>
The following screen illustrates a situation where Telnet sessions are still available. The Emergency
Telnet session then simply informs you that you can not terminate Telnet sessions under these
circumstances (no emergency exists).
Emergency Telnet session active
Enter password(s) for ’ADMIN’ user.
Enter password: ******
There are Telnet connections available for administrative sessions.
Please use an administrative session to terminate abandoned sessions.
154
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING DEVICE LEVEL DATABASES
OVERVIEW
Device level security is an authentication process between internetworking devices, in which
authentication takes place automatically. Both bridges and routers support this form of
security.Device level security is available to the network locally through the On-node Device
Database or remotely through the VRA Manager or RADIUS Server.
This chapter provides information for enabling and configuring the on-node device database, and
enabling an off-node database location. If an off-node database location is specified, refer to the
ON-NODE DEVICE DATABASE
CONFIGURING AN ON-NODE DEVICE DATABASE
Before configuring an on-node device database, you must first configure network interfaces. For
further information regarding network interfaces and their corresponding configuration elements,
refer to:
•
•
•
AppleTalk Port Information for AppleTalk
USING CFGEDIT
1. To begin the configuration of an on-node database or any of the Security Database options, start
at the main menu and progress through the screens as shown below:
Main Menu:
1) Physical Resources
2) Options
3) Security
4) Save Changes
Select function from above or <RET> to exit: 3
Security Menu:
1) Security Level
2) System Options and Information
3) Device Level Databases
4) User Level Databases (Enable/Disable)
5) Off-node Server Information
6) Network Login Information
Select function from above or <RET> for previous menu: 3
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Device Level Databases Menu:
1) On-node Device Database (Enable/Disable)
2) On-node Device Entries
3) Off-node Device Location
Select function from above or <RET> for previous menu: 1
2. Select option (1) On-node Device Database from the Device level Databases menu. The following
screen will be displayed. Follow the on-screen instructions to enable the on-node database
device:
On-node Device Database (Enable/Disable) Menu:
1) On-node Device Database is currently: ENABLED
Select function from above or <RET> for previous menu: 1
ON-NODE DEVICE ENTRIES
CONFIGURING ON-NODE DEVICE ENTRIES
1. Select On-node Device Entries from the Device Level Databases menu.
2. The Current Device Table screen will be displayed. Follow the onscreen instructions to add a
device:
Current Device Table (Sorted by Device Name in Ascending ASCII Order)
Id
Device Name
---------------------------
There are currently no Devices configured.
1) Add a Device or press <RET> for previous menu: 1
3. Enter the device name. The example screen below shows device DAN being added:
Device Name? DAN
156
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING DEVICE LEVEL DATABASES
On-node Device Entries
4. The Device Table menu will then be displayed similar to the example screen shown below:
Device Table Menu: (Device = "DAN")
1) ISDN
2) Frame Relay
3) X.25
4) Authentication
5) IP
6) IPX
7) AppleTalk
8) Bridge
9) Compression
Select function from above or <RET> for previous menu: 1
We suggest that you first enter the information pertaining to the device’s access type(s). Access
types include: ISDN (which also includes configuration elements for devices connecting over
dedicated links), Frame Relay, and X.25 (see above menu). Most devices use an ISDN access, in
which case you would complete the information under ISDN. Note that it is possible for a
device to primarily use Frame Relay or X.25, with ISDN as a backup access. In this case, you
would enter ISDN information in addition to Frame Relay or X.25 information.
Refer to the section(s) below that pertain to the device’s access type. Then continue with the rest
of the device configuration.
5. For ISDN (and dedicated) devices, begin by selecting ISDN from the Device Table Menu. The
following menu will be displayed with the shown preconfigured default values:
Device ISDN Menu: (device = "DAN")
1) ISDN Line Protocol.
2) Base Data Rate.
3) Initial Data Rate.
4) Maximum Data Rate.
"PPP (Point to Point Protocol)"
"64000 bps"
"64000 bps"
"128000 bps"
5) Dial Out Phone Number(s). ""
6) Subaddress.
7) Profile Name.
8) H0 Call Support
""
"Default_Profile"
DISABLED
Select function from above or <RET> for previous menu: 1
a. If you will not be using the default of PPP as your line protocol, select (1), ISDN Line
Protocol and select the type you will be using.
b. Check to see if the default base data rate, initial data rate, and maximum data rate are
acceptable. If not, change the default values through the above menu (selections 2, 3, and
4). From the same menu, you will also need to configure the first dial-out number (if you
want dial-out capabilities to this device).
c. The Profile Name pertains to the Bandwidth Reservation feature. The Device Profile entry
identifies which line or lines are reserved for a particular profile.
d. H0 Call Support can be enabled for devices who need more bandwidth to accomplish large
file transfers or video conferencing.
Workgroup Remote Access Switch
157
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
6. For Frame Relay devices:
Note: You must first configure the Frame Relay Access. Instructions for configuring the
chapter.
Begin by selecting Frame Relay from the Device Table Menu. A screen similar to the following
is displayed:
Device Frame Relay Menu: (Device = "DAN")
Access Name
DANACCESS
DLCI
16
Protocol
PPP
1) PVC Information
You cannot change this information from within this menu.
Press any key to continue
This screen will reflect your previously configured access information for a permanent virtual
circuit associated with the device. This information is not configurable in this location.
Notes: If you receive the following message, ensure that the PVC Name matches the device
name.
No pvc configured for Device "DAN"
In order to associate a device to a specific PVC, you must also provide authentication
7. For X.25 devices:
Note: You must first configure the X.25 Access. Instructions for configuring the access is
Begin by selecting X.25 from the Device Table Menu. If the X.25 access is configured for both
PVCs and SVCs, select the type of virtual circuit for the device:
Select the type of the Virtual Circuit
1) Permanent Virtual Circuit (PVC)
2) Switched Virtual Circuit (SVC)
[default 2]:
158
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING DEVICE LEVEL DATABASES
On-node Device Entries
If you select PVC, the list of available PVCs are displayed. The LCN of the selected PVC and
the X.25 Access Name are stored in the Device Table to bind the device to a particular virtual
circuit configuration:
Select the type of the Virtual Circuit
1) Permanent Virtual Circuit (PVC)
2) Switched Virtual Circuit (SVC)
[default 2]: 1
Current Permanent Virtual Circuits defined for X.25 Access #1, ’VMAX25’:
id Type LCN
Protocol
-- ---- ---- --------
1
2
PVC
PVC
1
2
RFC877
RFC877
Id of Virtual Circuit to associate with device "vma",
or <RET> to cancel?
1
If you select SVC, you must enter the X.121 address of the remote DTE. You need the remote
DTE address to make the X.25 call to the proper remote device.
Select the type of the Virtual Circuit
1) Permanent Virtual Circuit (PVC)
2) Switched Virtual Circuit (SVC)
[default 2]: 2
Enter the X.121 Address of the Remote DTE
or press <RET> to cancel? 9987654321
8. Enter the authentication information needed. To begin entering the information, select
Authentication from the Device Table Menu. The following menu will then be displayed:
Device Authentication Menu: (device = "DAN")
PPP:
1) PAP Password
2) CHAP Secret
""
""
3) Outbound Authentication
4) User Level Authentication
ENABLED
DISABLED
IP Host (RFC 1294):
5) IP Host Id
""
HDLC Bridge:
6) Bridge Ethernet Address
7) Bridge Password
""
""
ISDN:
8) Calling Line Id(s)
""
Select function from above or <RET> for previous menu:
Provide the necessary device authentication information for your selected Line Protocol. (Refer
specify a CHAP secret. Or, for an HDLC device, enter a Bridge Ethernet Address.
Workgroup Remote Access Switch
159
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
For PPP, the ability to enable/ disable outbound authentication (selection 3) is available.
However, it is generally not necessary to enable outbound authentications on a point-to-point
line. If the device is associated with a frame relay virtual circuit, and the PVC name is different
than the device name, then outbound authentication is required.
In addition, if you want to add user-level security to IP, AppleTalk and bridge devices, you
may also enable User Level Authentication. This requires the user that initiates a connection
between the remote device and the CyberSWITCH to be authenticated at the user level as well.
Note: Do not enable User Level Authentication for terminal server devices which connect
through the digital modem.
Note: The CSX1200, CSX1000, and CSX150 no longer connect to devices which use the RFC
1294 protocol to define their datalink headers. For these particular products only,
disregard (i.e., do not select) the IP Host (RFC 1294) menu option on the Device
Authentication Menu.
9. To enter any needed IP information for your device, select IP from the Device Table Menu. The
following screen will be displayed:
Device IP Menu: (device = "DAN")
1) IP Address
NONE
2) IP Routing
ENABLED
ENABLED
NONE
3) Make calls for IP data
4) IP Input Filter
5) IP Output Filter
NONE
Select function from above or <RET> for previous menu:
If your device requires an IP address, enter it now. Options are:
•
•
•
none
0.0.0.0
IP address #
for Direct Host or WAN links that plan to use dynamic address allocation
for unnumbered WAN links
for traditional numbered WAN links
Enable or disable IP routing for this device.
If you want dial-out capabilities to this device, enable Make calls for IP data.
If you want to apply a predefined forwarding filter to this device, specify the filter name here.
10. To enter any needed IPX information for your device, select IPX from the Device Table Menu.
The following screen will be displayed:
Device IPX Menu: (device = "DAN")
1) IPX Routing
DISABLED
2) Make calls for IPX data DISABLED
3) IPXWAN Protocol
4) IPX Routing Protocol
5) Spoofing Options
DISABLED
NONE
Select function from above or <RET> for previous menu:
160
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING DEVICE LEVEL DATABASES
On-node Device Entries
a. Enable or disable IPX routing.
b. If you enable IPX routing and want dial-out capabilities to this device, enable the Make Calls
feature.
c. If you enable IPX routing, you may enable or disable IPXWAN protocol.
d. If you enable IPX routing, select IPX Routing Protocol. Select a routing protocol of none, RIP/
SAP, or Triggered RIP/SAP. When you select Triggered RIP/SAP, you will need to identify
the WAN peer type as either active or passive.
e. You may also select Spoofing Options. Make changes to default spoofing setup, if desired.
11. To enter any needed AppleTalk information for your device, select AppleTalk from the Device
Table Menu. The following screen will be displayed:
Device AppleTalk Menu: (device = “DAN”)
1) AppleTalk Routing
2) AppleTalk Address
DISABLED
None
3) Make calls for AppleTalk data
4) AppleTalk Routing Protocol
DISABLED
None
Select function from above or <RET> for previous menu: 1
a. Press 1 at the above menu, then follow the on-screen instructions to enable AppleTalk
routing for the device.
b. Press 2 at the above menu to enter the device’s AppleTalk address. If the device is over an
unnumbered link, enter 0.0. If the device is over a MAC dial-in port, you may either enter
an address, or leave the value at “none”.
c. Press 3 at the above menu, then follow the on-screen instructions to configure whether or
not dial out to this device is allowed for this device.
d. Press 4 at the above menu to specify an AppleTalk routing protocol the system should use
with this device. The options are None or RTMP. Currently RTMP is only supported for
devices who will be dialing into the CyberSWITCH via a MAC dial-in port.
Note: If you are configuring a device for AppleTalk Remote LAN, leave the above AppleTalk
information at the default values (DISABLED, None, DISABLED, None).
12. To enter any needed bridge information for this device, select Bridge from the Device Table
Menu. The following screen will be displayed:
Device Bridging: (device = "DAN")
1) IP (Sub)Network number
2) Bridging
3) Make Calls for Bridge data
NONE
ENABLED
NONE
4) IPX Remote LAN Network Number NONE
5) IPX Spoofing Options
6) AppleTalk Network Number
NONE
Select function from above or <RET> for previous menu:
You may enable or disable bridging for this device. If this device is to use a Remote LAN
interface or Remote LAN port, enable bridging. If you want dial out capabilities to this device,
enable Make calls for Bridge data.
Workgroup Remote Access Switch
161
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
For IP Remote LAN networks, you must explicitly configure the IP (Sub)Network number.
For IPX Remote LAN networks, you may configure the IPX external network number, or you
may leave the value at NONE. The IPX Spoofing Options for IPX Remote LAN devices are not
For AppleTalk Remote LAN networks, you may configure the AppleTalk network number/
range (used on the Remote LAN for this device), or you may leave the value at NONE.
13. To enable per-device compression information, select Compression from the Device Table
Menu. The following menu will then be displayed:
Device Compression Menu: (device = "DAN")
1) Compression
2) Starting PPP STAC-LZS Sequence Number
ENABLED
1
Select function from above or <RET> for previous menu:
a. If compression is not already enabled for this device, press 1 and follow the onscreen
instructions to change the configuration to enabled.
b. If the remote device does not use 1 as the starting PPP STAC-LZS sequence number, press
2 to enter a new value for the starting sequence number.
USING MANAGE MODE COMMANDS
device
Displays the current Device Table. Included in this display is each device’s ID and name. After
the list has been displayed, you may enter a specific device Id to display detailed information
for that device.
device add
Allows you to add a device entry to the Device Table. You will be prompted for the device
name and device type. The rest of the information you will be prompted for will depend upon
the device type you are configuring, and the security options that are enabled. Note that the
device name is case sensitive. You are prompted for the device information similarly to the way
device change
Allows you to change information for a specific device entry. The current device table will be
displayed. Enter the device Id or device name of the entry you wish to change. Note that the
device name is case sensitive. Step through the configuration information displayed for the
device, pressing <return> if you wish to keep the originally configured information, and
entering new information where you want it changed. For a definition of the configuration
device delete
Allows you to delete a device entry for a specific device. The current device table will be
displayed. Enter the device Id or device name of the device whose device entry you wish to
delete. Note that the device name is case sensitive.
162
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING DEVICE LEVEL DATABASES
On-node Device Entries
ON-NODE DEVICE DATABASE CONFIGURATION ELEMENTS
GENERAL CONFIGURATION ELEMENTS
DEVICE NAME
A 1 to 17-character, user-defined case-sensitive name that uniquely identifies the device to the
system administrator. The name may contain any displayable ASCII character except the quote “”
character. This name is displayed on the connection monitor window when the device connects to
the system.
ISDN CONFIGURATION ELEMENTS
Note: These elements are configured for ISDN devices and devices over dedicated connections
only.
ISDN LINE PROTOCOL
The available line protocols for ISDN access devices. Possible line protocols include:
•
•
PPP
Point-to-point protocol. Allows device to use TCP/ IP. The default configuration value.
HDLC Bridge
HDLC encapsulated bridge frames are used to connect the system to remote bridges. It is the
simplest line protocol, using a standard HDLC frame.
•
IP Host (RFC 1294)
RFC 1294 provides a simple security exchange at connection time, along with an encapsulation
method for IP datagrams. RFC 1294 devices are not interoperable with the CSX1200, CSX1000,
and CSX150 products.
BASE DATA RATE
Only used for Dial-Out. This value represents the throughput on a B-channel or pre-ISDN link
connecting the CyberSWITCH to a device. The data rate can be specified as either 56,000 or 64,000
bps. The default configuration for the base data rate is 64,000 bps. If 64,000-bps connections to the
device are not possible, this value should be set at 56,000 bps.
INITIAL DATA RATE
Only used for Dial-Out. The initial data rate determines the bandwidth that will be attempted when
opening the first wide area connection. This provides you with a mechanism to request that a group
of parallel connections be made to a remote device rather than a single connection. This will allow
data to begin to flow at greater rates without waiting for the Throughput Monitor to detect an
overload condition. Calls will be made until an additional call would exceed the configured value.
The value is configured as a number from 2,400 to 1,024,000. For example, if you have configured
the Base Data Rate at 64 Kbps, and the Initial Data Rate at 256,000, the system would attempt to
initially use four calls (connections) running in parallel (256,000 / 64,000 = 4). The default
configuration for the Initial Data Rate is 64,000 bps.
MAXIMUM DATA RATE
The Maximum Data Rate is used to limit the total number of channels that can be committed to a
single device (logical connection). This sets an upper boundary for line and capacity utilization.
This upper boundary allows you to keep one remote device from crowding out other devices and
using an unfair share of available resources. This parameter is enforced on inbound and outbound
Workgroup Remote Access Switch
163
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
calls. The system will not accept or make a call when the added bandwidth will exceed the
configured maximum. The value is configured as a number from 2,400 bps to 3,072,000 bps. You
may configure any value in this range. For example, if you have configured the base data rate at
64,000 bps, and the maximum data rate at 512,000 bps, the system would use a maximum of eight
calls (connections) running in parallel to open up bandwidth (512,000 / 64,000 = 8). The value need
not be a multiple of the Base Data Rate. The default configuration for the maximum data rate is
128,000 bps.
Note: A condition may occur in which the number of connections has reached the point where
the maximum data rate will be exceeded with the next additional connection, and yet the
remote device may initiate another call to the system. This inbound call causes the
maximum data rate to be exceeded and the system will drop a connection. If the remote
device is auto-dialing, this flip-flop condition will continue until you manually correct the
problem. To correct this problem, configure the Throughput Monitor information to be
identical on the CyberSWITCH and the remote device, or disable Throughput Monitoring
on one of the devices. The Internet Engineering Task Force (IETF) is working on a standard
solution to this problem.
If you are using multiple connections running in parallel (i.e., to the same device), the
maximum number of connections that can be aggregated is 32. For maximum performance,
however, we recommend aggregating no more than eight connections at a time.
DIAL-OUT PHONE NUMBER(S)
This configuration element is required when the Dial-Out feature is used. The dial-out capability
allows the CyberSWITCH to initiate connections to PPP or HDLC devices located at remote sites.
A phone number must be defined for each remote device that will be dialed. This number includes
any prefix digits, area codes, or extensions as required to dial the destination device. It is possible
to specify eight phone numbers for the remote device.
The system dynamically controls the bandwidth in use between the system and other devices. This
is accomplished by establishing and disconnecting up to 8 calls to a single remote site over the
digital network. The system monitors the connections for utilization and will add and remove
connections based on the device configurable parameters described above (Base Data Rate, Initial
Data Rate, and Maximum Data Rate).
SUBADDRESS
The Subaddress is used by a CyberSWITCH when it attempts to make a connection to a remote
device. A Subaddress allows the device to share a telephone number with other devices and yet still
recognize calls destined for it.
PROFILE NAME
The device profile identifies which line or lines are reserved for a particular profile, which in turn
are reserved for a particular device(s). The feature that uses this configuration element, Bandwidth
164
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING DEVICE LEVEL DATABASES
On-node Device Entries
FRAME RELAY ACCESS CONFIGURATION ELEMENTS
Note: These elements are configured for Frame Relay devices only.
PVC CONFIGURED
Information of the already configured frame relay virtual circuit which will be used for connections
to the remote device. Currently, only permanent virtual circuits (PVCs) are provided by frame
relay. If this information appears in a device entry, frame relay will be used first for the connection
(regardless of any backup ISDN information configured).
X.25 ACCESS CONFIGURATION ELEMENTS
Note: These elements are configured for X.25 devices only.
VIRTUAL CIRCUITS
Specify an already-configured virtual circuit (either PVC or SVC) to be used for connections to this
remote device. (Any two communicating X.25 devices must have a virtual circuit association
between them before they can exchange data.)
X.121 ADDRESS
If you choose an SVC for your virtual circuit, you must provide the X.121 address of the remote
device you are currently adding to the Device Table. (The X.121 addresses for both local and remote
devices are provided by your X.25 provider.)
AUTHENTICATION CONFIGURATION ELEMENTS
PAP PASSWORD
This password is used by PPP line protocol for PAP authentication. This is an unencrypted
password value (a string of 1 to 12 ASCII characters) used as a security check when PAP Password
Security is enabled. (PAP is an authentication protocol defined in RFC 1334 as part of the PPP
protocol suite.) At connection establishment time, the calling party sends an unencrypted device
identifier and password combination over the WAN to the system. The system looks up the Device
Name based on the received device identifier and validates the password for that device. If the
password received matches the password configured for the identified device, the call is accepted.
Otherwise, the call is disconnected.
This value is stored in the same location as the bridge password, so a change to one password
affects the other.
CHAP SECRET
This field is used by PPP line protocol for CHAP authentication. This is a string of 1 to 17 ASCII
characters that is used as a security check when CHAP Challenge Security is enabled. (CHAP is an
authentication protocol defined in RFC 1334 as part of the PPP protocol suite.) CHAP is
characterized by a highly secure challenge and response mechanism which is performed at
connection setup, and which can optionally be repeated throughout the existence of the connection.
Information, system secret. As opposed to a password, a CHAP Secret is not sent across the link, and
therefore is not susceptible to interception. Instead, a calculation is done on the packets transmitted
between the two devices, and the results are compared to the shared CHAP Secret for validation.
If the calculation’s results do not match the expected results, the connection is terminated.
Workgroup Remote Access Switch
165
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
OUTBOUND AUTHENTICATION
This parameter allows you to enable or disable PPP outbound authentication procedures. When
PPP outbound authentication is enabled, PPP (CHAP or PAP) authentication is required at both
ends of the connection. When PPP outbound authentication is disabled, the CyberSWITCH does
not authenticate the remote device when dialing out. If enabled, the CyberSWITCH will
authenticate the remote device. Outbound authentication is required if a PPP device is associated
with a frame relay virtual circuit and the virtual circuit name and device name do not match.
USER LEVEL AUTHENTICATION
This parameter allows you to enable or disable user level authentication for this device. When user
level authentication is enabled, the device is required to fulfill the necessary requirements of an off-
node user level authentication server, such as RADIUS, ACE, or TACACS, after being
authenticated at the device level.
IP HOST IDENTIFIER
The IP Host Id is used to authenticate a device over the IP Host (RFC 1294) line protocol. A unique
identifier, 1 to 24 non-blank characters in length, it identifies the device. This identifier is exchanged
and validated when the device connects to the system. This identifier must be identical to the
identifier configured on the device’s IP Host system. This field is only required when the IP routing
operating mode is enabled. The identifier entered here must be identical to the configured identifier
for the device’s remote IP Host device.
BRIDGE ETHERNET ADDRESS
This address is used for authentication purposes on connections made over the HDLC Bridge line
protocol. It is required if Bridge Ethernet Address Security is enabled.
This is the MAC address of the remote bridge device. This value is passed to the system (in band)
when a connection is established. The system will look up the incoming Bridge Ethernet Address
in the On-node Device Table. If the address is not included in the On-node Device Table, the system
will reject the incoming call. If the address is included in the On-node Device Table, and the
corresponding device entry is not configured with a bridge password, the connection will be
established. If the address is included in the On-node Device Table, and the corresponding device
entry is configured with a bridge password, the system will validate the password before
establishing the connection.
BRIDGE PASSWORD
This password is used by the HDLC Bridge line protocol. It is an unencrypted password value (a
string of 1 to 12 characters) used as a secondary security check when Bridge Ethernet Address
Security is enabled. Its use is optional; however, if it is specified, it must be correct for the
connection to be allowed. This value is passed to the system (in band) when an incoming call is
received. The system compares the incoming password with the value found in the On-node
Device Table. If the incoming password matches the associated On-node Device Table Bridge
password, the connection is established. Otherwise, the system will reject the incoming call.
This value is stored in the same location as the PAP password, so a change to one password affects
the other.
CALLING LINE IDENTIFIER (CLID)
Applicable to ISDN connections only, and only when the CLID option is enabled. You can specify
eight CLIDs for each device entry. Each CLID for a given device must be unique. This is the
telephone number of the calling party that is connecting to the system. In some areas this
information is passed to the system on the ISDN incoming connection message. The system will
166
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING DEVICE LEVEL DATABASES
On-node Device Entries
compare the incoming CLID with the value configured in the On-node Device Table. If the
numbers are identical the connection will be established. Otherwise, the system will reject the
incoming call.
When two remote devices share the same line (a single point-multipoint ISDN line), they can also
configure the same CLIDs if they both also have some other type of authentication configured (for
example, PAP, CHAP, or Bridge MAC Address Authentication).
Note: If a system is brought on line with a device that has a required CLID that is a duplicate of
another device’s CLID, and no other type of authentication is used, a warning message is
logged at initialization.So every attempt to connect the device thereafter will result in an
error message being logged and the call being rejected.
IP INFORMATION CONFIGURATION ELEMENTS
IP ADDRESS
The device’s IP address, if any, on the WAN link connecting it to the CyberSWITCH. Options are:
none (for Direct Host or WAN links that plan to use dynamic address allocation), 0.0.0.0 (for
unnumbered WAN links), or an explicitly defined IP address.
The system must have a valid IP Network Interface defined for this IP address. When IP dial-out is
used, this address is required by the IP routing system in order to map the IP address to the phone
number to be dialed.
ENABLE/ DISABLE IP ROUTING
You may enable or disable IP routing on a per-device basis.
ENABLE/ DISABLE MAKE CALLS FOR IP DATA
This element must be enabled to allow IP dial-out to function. At least one Dial-Out phone number
or X.121 address is required to dial out.
IPX INFORMATION CONFIGURATION ELEMENTS
IPX ROUTING
You may enable or disable IPX on a per-device basis.
MAKE CALLS FOR IPX DATA
Indicates whether the system should establish a WAN connection in order to forward IPX
datagrams to this remote device. If enabled, at least one Dial-Out phone number or X.25 VC name
is required.
IPXWAN PROTOCOL
Indicates that the remote device is an IPX router and that the IPXWAN protocol must immediately
succeed IPXCP negotiations. Provides interoperability with Novell products.
IPX ROUTING PROTOCOL
Indicates the protocol the remote device will be using to communicate with the CSX system:
•
•
•
none
RIP/ SAP
triggered RIP/ SAP
Workgroup Remote Access Switch
167
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
WAN PEER TYPE
Specifies an active WAN peer (receives and sends information at all times) or a passive WAN peer
(receives/ sends information only when a connection is up). In order for an active peer type to work
properly, the Make Calls field must also be enabled.
SPOOFING OPTIONS
Spoofing allows you to prohibit excessive ISDN connections by internally generating a desired
response packet when a request packet is received that should be routed over the WAN and there
is no connection up to the remote device. Refer to IPX Spoofing for a description of available options.
APPLETALK INFORMATION CONFIGURATION ELEMENTS
APPLETALK ADDRESS
The AppleTalk address of this device (remote device).
If the device communicates using a numbered point-to-point link, then the address must belong to
an AppleTalk network to which one of our WAN ports connects.
If the device communicates using an unnumbered point-to-point link, the WAN UnNumbered
port must be configured and the address must be 0.0.
If the device is over a MAC dial-in port, no AppleTalk address needs to be entered. The device is
assigned a random AppleTalk address within the specifications of the MAC dial-in port
configuration each time it connects. However, if you choose to provide an AppleTalk address for
the device, this address will be assigned to the MAC dial-in port device each time it connects.
ENABLE/ DISABLE APPLETALK ROUTING
This parameter indicates whether the remote device routes AppleTalk datagrams or not. When
enabled, it indicates that the remote device will route AppleTalk datagrams. When disabled, it
indicates that the remote device will bridge AppleTalk datagrams. Note that it requires AppleTalk
RLAN feature to handle bridged AppleTalk datagrams, and therefore until AppleTalk RLAN is
implemented, AppleTalk routing can not be used with remote devices that do not route AppleTalk.
ENABLE/ DISABLE MAKE CALLS FOR APPLETALK DATA
Indicates whether AppleTalk dial out to this device is allowed or not.
APPLETALK ROUTING PROTOCOL
Specifies what routing protocol the system should use with this remote device. Since RTMP
periodically sends out routing updates, RTMP should be chosen only when the remote device is
connected over the WAN links whose cost is not a major concern, such as dedicated links. The
default value is None.
168
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING DEVICE LEVEL DATABASES
On-node Device Entries
BRIDGE INFORMATION CONFIGURATION ELEMENTS
IP (SUB) NETWORK NUMBER
If the CyberSWITCH uses an IP RLAN interface to connect to a remote bridge, you must provide
this information.
This address associates the bridge with the IP network to which it connects. Enter this address
using dotted decimal notation. This parameter applies to the network-portion of the IP address
only. Note that if you change the IP address under the IP information menu selection, this parameter
will reflect that change.
ENABLE/ DISABLE BRIDGING
You may enable or disable bridging on a per device basis. You must enable bridging for remote
LAN devices, which indicates that the remote device is a bridge and not a router.
MAKE CALLS FOR BRIDGE DATA
You must enable this element to allow bridge dial out to function. You must also complete the
following configuration:
•
•
Enable bridging at the system level and at the per-device level.
Either add the device to the CyberSWITCH’s Known Connect List, or configure a bridge con-
Note: This feature is not yet supported for IPX Remote LANs.
IPX REMOTE LAN NETWORK NUMBER
If the CyberSWITCH uses an IPX RLAN interface to connect to a remote bridge, you may choose to
change this information.
This parameter associates the bridge with the IPX network to which it connects. Enter the IPX
external network number of the remote LAN, or accept the default value of none.
If this parameter remains none, the CyberSWITCH will assume the network number is that of the
first configured IPX Remote LAN interface. This is convenient in applications in which remote
LANs consist only of clients (thus no explicit external network address), all of which are on the
same external virtual LAN.
If you choose to change this parameter, you must specify the IPX external network number used
on the remote LAN in question. This value must be the same as the value configured for the
corresponding IPX Remote LAN interface.
IPX SPOOFING OPTIONS
Note: This feature is not yet supported for IPX Remote LANs. Do not attempt to configure.
APPLETALK NETWORK NUMBER
If the CyberSWITCH uses an AppleTalk WAN (Remote LAN) port to connect to a remote bridge,
you may choose to change this information.
This parameter associates the bridge with the AppleTalk network to which it connects. Enter the
AppleTalk network number/ range (which corresponds to a configured AppleTalk Remote LAN
port), or accept the default value of none. If this parameter remains none, the CyberSWITCH will
assume an association with the first configured AppleTalk Remote LAN port.
Workgroup Remote Access Switch
169
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
COMPRESSION CONFIGURATION ELEMENTS
DEVICE COMPRESSION STATUS
Allows you to enable or disable compression for the individual device. If this option is enabled,
then the CyberSWITCH will negotiate compression with this device. Otherwise, the system will not
negotiate compression with this device, leaving the compression resources available for other
devices. When adding a new device, this option derives its value from the default device
compression option.
Note: Currently applies only to devices which connect using the PPP protocol.
STARTING PPP STAC- LZS SEQUENCE NUMBER
When using the PPP compression with the STAC-LZS protocol, certain devices may not adhere to
the protocol specification’s requirement that sequence numbers begin with 1, resulting in a
resynchronization sequence on the first frame which is exchanged. When the peer fully supports
the CCP protocol’s Reset mechanism, this will only result in the minor inconvenience of a lost frame
at the beginning of a session. However, if such a device’s resynchronization mechanism is to
completely renegotiate CCP (as has been witnessed in testing with some vendors’ devices), this
sequence will repeat infinitely.
This option provides a way to override the starting sequence number used when connecting to
such devices. When adding a new device, this option derives its value from the system-wide
Starting PPP STAC-LZS Sequence Number, presented previously in the system-wide compression
configuration section. In the majority of cases, it will not be necessary to modify this value.
As its name implies, this option is only used when the device connects using the PPP protocol.
ON-NODE DEVICE DATABASE BACKGROUND INFORMATION
The On-node Device Table is a set of valid devices that can access the network resources connected
to the system. The On-node Device Table contains a symbolic name for the device and a unique
identifier that is used to enforce device security. The On-node Device Table is referenced when at
least one device level system security option is enabled.
ON-NODE DEVICE DATABASE SECURITY REQUIREMENTS
The following sections provide the On-node Device Table configuration requirements for possible
security option configurations for each category of remote device. Categories are defined by the
operating mode (bridging or routing), and the line protocol in use.
Bridging with HDLC Bridge Devices
To allow a Bridge device to connect to the CyberSWITCH, you must have MAC Layer Bridging
enabled. For each HDLC bridge device using this type of connection, you may need to enter the
Device Name, Calling Line Id, Remote Bridge Ethernet Address, and Password.
170
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING DEVICE LEVEL DATABASES
On-node Device Entries
The following table identifies the configuration requirements for possible security options for
remote bridge devices.
Security Mode Configuration
On-node Device Table Configuration Data
Calling Line Id BridgeEthernet
Address
Calling Line Id BridgeEthernet Bridge Password
Address
Enabled
Disabled
Enabled
Disabled
Enabled
Enabled
Required
Not
Requested
Not Requested
Not Requested
Required
Optional per
device entry
Conditionally
Required*
Conditionally
Required*
Optional per
device entry
(if entry specifies
an Ethernet
Address)
*Conditionally Required means you must specify at least one of either the Calling Line Id or the
Ethernet Address. You may specify both.
IP Routing with HDLC Bridge Devices
To allow devices to connect to the CyberSWITCH using IP routing through a Bridge device, you
must configure a RLAN Interface. IP routing must also be enabled. For each HDLC Bridge using
this type of connection, you may need to enter the Device Name, Calling Line Id, Remote Bridge
Ethernet Address, Bridge Password, and IP (Sub) Network Number.
The following table identifies the configuration requirements for possible security options for IP
Routing with Bridge Devices.
Security Mode
Configuration
On-node Device Table Configuration Data
Calling
Line Id
Bridge Calling Line Id
Ethernet
Address
Bridge
Ethernet
Address
Bridge Password
IP (Sub) Network
Number
Enabled Disabled
Required
Not
Requested
Not Requested Required if only IP
Routing is Enabled
Disabled Enabled
Not
Requested
Required
Optional per
device entry
Required if only IP
Routing is Enabled
Enabled
Enabled Conditionally Conditionally Optional per
Required if only IP
Routing is Enabled
Required*
Required*
device entry
(if entry
specifies an
Ethernet
Address)
*Conditionally Required means you must specify at least one of either the Calling Line Id or the
Ethernet Address. You may specify both.
Workgroup Remote Access Switch
171
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IP Routing with IP Host Devices (RFC1294)
To allow an IP Host device to connect to the CyberSWITCH, you must have IP Routing and IP Host
Security enabled. For each IP Host device using this type of connection, you may need to enter the
device’s IP address, IP Host Id, and Calling Line Id.
The following table identifies the configuration requirements for possible security options for IP
Host devices.
Security Mode Configuration
On-node Device Table Configuration Data
Calling Line Id
Disabled
IP Host Id
Enabled
Enabled
Calling Line Id
IP Host Id
Required
Required
IP Address
Not Requested
Required
Required
Enabled
Optional per
device entry
IP Routing with PPP IP Devices (Using IPCP)
To allow a PPP IP device to connect to the CyberSWITCH, you must have IP routing enabled. For
each PPP IP Device using this type of connection, you may need to enter the device’s IP address, a
PAP Password or a CHAP Secret, and Calling Line Id.
The following table identifies the configuration requirements for possible security options for PPP
IP Devices.
Security Mode Configuration
On-node Device Table Configuration Data
Calling Line Id
PAP or CHAP
Security
Calling Line Id
PAP Password
or
IP Address
CHAP Secret
Disabled
Enabled
Enabled
Enabled
Not Requested
Required
Optional
*Required
*Required
Optional per
device entry
Enabled
Disabled
Required
Optional
Optional
*Required: An IP address is required if the remote device does not support IP address negotiation.
When the remote device does support IP address negotiation, an IP address is not required.
Note: If CHAP Security is enabled, and Outbound Authentication has not been disabled, a CHAP
Secret must be entered for both the remote device and for the CyberSWITCH. Refer to
System Information for information regarding the System Secret. If Outbound
Authentication has been disabled, a CHAP Secret is not required for the remote device.
172
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING DEVICE LEVEL DATABASES
On-node Device Entries
Bridging with PPP Bridge Devices (Using BCP)
To allow a PPP Bridge device to connect to the CyberSWITCH, you must have Bridging enabled.
For each PPP Bridge device using this type of connection, you may need to enter a PAP Password
or a CHAP Secret, and a Calling Line Id.
The following table identifies the configuration requirements for possible security options for PPP
Bridge Devices.
Security Mode Configuration
On-node Device Table Configuration
Data
Calling Line Id
PAP or CHAP
Security
Calling Line Id
PAP Password or
CHAP Secret
Disabled
Enabled
Enabled
Enabled
Not Requested
Required
Required
Optional per
device entry
Enabled
Disabled
Required
Optional
Note: If CHAP Security is enabled, and Outbound Authentication has not been disabled, a CHAP
Secret must be entered for both the remote device and for the CyberSWITCH. Refer to the
System Information for information regarding the System Secret. If Outbound
Authentication has been disabled, a CHAP Secret is not required for the remote device.
IP Routing with PPP Bridge Devices (Using BCP)
To allow devices to connect to the CyberSWITCH using IP routing through a PPP Bridge device,
you must configure a RLAN IP Network Interface. IP routing must also be enabled. For each PPP
Bridge using this type of connection, you may need to enter the Device Name, a Calling Line Id, a
PAP Password or a CHAP Secret, and an IP (Sub) Network Number.
Workgroup Remote Access Switch
173
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
The following table identifies the configuration requirements for possible security options for IP
Routing with PPP Bridge Devices.
Security Mode Configuration
On-node Device Table Configuration Data
Calling Line Id
PAP or CHAP
Security
Calling Line Id
PAP Password
or
CHAP Secret
IP (Sub)
Network
Number
Disabled
Enabled
Enabled
Disabled
Not Requested
Required
Required
Optional
Required if
only IP
Routing is
Enabled
Enabled
Enabled
Optional per
device entry
Required if
only IP
Routing is
Enabled
Required
Required if
only IP
Routing is
Enabled
Note: If CHAP Security is enabled, and Outbound Authentication has not been disabled, a CHAP
Secret must be entered for both the remote device and for the CyberSWITCH. Refer to
System Information regarding the System Secret. If Outbound Authentication has been
disabled, a CHAP Secret is not required for the remote device.
OFF-NODE DEVICE DATABASE LOCATION
CONFIGURING OFF-NODE DEVICE DATABASE LOCATION
USING CFGEDIT
1. Select Off-node Device Database Location from the Device Level Databases menu. If you need
configuration section. The following screen will be displayed:
Off-node Device Database Location Menu:
1) None (Use On-node)
2) VRA Manager
3) RADIUS
Current Off-node Device Database Location is "None (Use On-node)".
Select function from above or <RET> for previous menu:
2. Select the location of the off-node device database, or select None in order to use the on-node
device database.
174
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING DEVICE LEVEL DATABASES
Off-node Device Database Location
OFF-NODE DEVICE DATABASE LOCATION CONFIGURATION ELEMENTS
DATABASE LOCATION
The database location for device level security. The choices for the off-node database location are
None (Use on-node), VRA Manager, or RADIUS. Choosing an off-node database location enables
the particular database.
Note: Enabling VRA Manager as the off-node device database location automatically enables
VRA Manager as a Call Control Manager. However, disabling VRA Manager as the
authentication agent will not disable VRA Manager as a Call Control Manager. Refer to the
guide for more information.
OFF-NODE DEVICE DATABASE LOCATION BACKGROUND INFORMATION
An off-node, central database allows a network with more than one CyberSWITCH to access one
database for device authentication. The CyberSWITCH will access the off-node database to locate
authentication information on a remote device that is attempting to establish a connection.
If the On-node Device Database has been enabled, and either VRA Manager or RADIUS has been
selected as the off-node database location, both databases will be searched for the device
attempting the incoming or outgoing call. The on-node database will be searched and then, if the
correct device is not found, the off-node database will be searched. Authentication is based on
device information received from the first matching database. Matching a device is defined in
different ways, depending on the call is made. For example, if an outbound call is made on an IP
WAN interface by using the ip ping command, the IP address is the method that is used to search
the database. If a matching IP address is found, a connection is attempted. If the system is unable
to authenticate the peer, the connection attempt is done. The system will not attempt to continue
searching the remaining database entries or additional off-node database for the correct peer.
Workgroup Remote Access Switch
175
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING USER LEVEL DATABASES
OVERVIEW
User level security is an authentication process between a specific user and a device. The
authentication process is interactive; users connect to a terminal server and need to interact with it
in order to communicate with other devices beyond the server. The CyberSWITCH supports user
level security through the RADIUS, TACACS, or ACE server.
This chapter provides information for enabling an off-node user level database. Refer to the chapter
Configuring Off-node Server Information for specific configuration instructions.
USER LEVEL AUTHENTICATION DATABASE LOCATION
CONFIGURING AUTHENTICATION DATABASE LOCATION
USING CFGEDIT
1. Select Security from the main menu.
2. Select option (4), User Level Databases (Enable/Disable) from the Security Menu. The following
screen be displayed:
User Level Databases Menu:
Authentication Database Location:
Status
Telnet Port
--------------------------------------------------------------------
1) RADIUS Authentication Server
2) TACACS Authentication Server
3) ACE Authentication Server
ENABLED
ENABLED
ENABLED
7001
7000
7003
Select function from above or <RET> for previous menu:
3. Select the option you wish to configure and press <RET>. This prompt acts like a toggle switch.
If you select a server that is currently enabled, the system will prompt you to disable it. If you
select a server that is currently disabled, follow the onscreen instructions to enable the server,
including entering the Telnet port number for the server. If you answer yes, you will need to
provide the Telnet port number.
USING MANAGE MODE
seclevel
Displays the current security level configuration data.
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING USER LEVEL DATABASES
User Level Authentication Database Location
USER LEVEL AUTHENTICATION DATABASE LOCATION CONFIGURATION ELEMENTS
DATABASE LOCATION
The database location for user level security. Choices are: RADIUS Server, TACACS Server, or ACE
Server.
DATABASE TELNET PORT NUMBER
You must also specify the Telnet port number to be used for authentication with the selected server.
This port number is a unique number that identifies the server. For remote authentication, users
will need to Telnet into this specially configured port. Any Telnet sessions coming through this port
must be authenticated via the specified Authentication Server before other actions are allowed.
Note: For user level security, the CyberSWITCH’s default Telnet port number is 7000, not the
normal default (23). The Telnet port number used for remote administration sessions is the
23. If you wish, you can reconfigure the port numbers so that these values are switched (i.e.,
the Telnet administration session uses a higher number, user level security uses the normal
default of 23), but you cannot use 23 for both.
USER LEVEL AUTHENTICATION DATABASE LOCATION BACKGROUND INFORMATION
An off-node, central database allows a network with more than one CyberSWITCH to access one
database for user authentication. The CyberSWITCH will access the off-node database to locate
authentication information on a user that is attempting to establish a connection. If the user’s
information matches what is configured in the database, then the connection is allowed.
Workgroup Remote Access Switch
177
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OFF-NODE SERVER INFORMATION
OVERVIEW
You can configure both local device entries and remote authentication databases for device
authentication. When a device needs to be authenticated, the CyberSWITCH will first look the
device up locally, and, if there is no device entry, will then check the remote database for device
authentication.
This chapter provides information on configuring the CyberSWITCH to be able to communicate
with an off-node server to receive authentication information. The off-node authentication servers
supported are:
Also, please refer to your specific off-node server documentation for information on each server’s
individual requirements.
MULTIPLE ADMINISTRATION LOGIN NAMES
When configuring the off-node server itself, you may configure up to 101 different names for system
administration login. You may assign administration capabilities to specific personnel with different
passwords, passcodes, and/ or SecureID cards. By using this feature, you can track who logged in
to what system via the security server log.
When configuring your off-node server, identify each device and/ or user with one of the following
access levels:
•
•
•
An example of a properly configured ACE server may resemble the following:
User
Client
name: John Doe
name: mynode1
address: Remote Office1
client activation: mynode1
default login name: admin10
assigned token: 04690074
address: 1.1.1.1
type: communications server
user activation: John Doe
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OFF-NODE SERVER INFORMATION
VRA Manager Authentication Server
VRA MANAGER AUTHENTICATION SERVER
CONFIGURING VRA MANAGER AUTHENTICATION SERVER
Notes: In order for the CyberSWITCH to reference VRA Manager for device authentication, the
following configuration steps must first be completed:
•
•
•
IP Routing must be enabled. If you try to enable the VRA Manager before IP routing
has been enabled, an error message will be displayed.
The appropriate LAN network interface(s) must be configured to represent the local IP
network.
The appropriate WAN network information must be configured for each type of
remote device configured that will connect to the system.
If you have configured Call Restrictions, you have configured system wide Call
Restrictions. System wide Call Restrictions will override Call Restrictions configured on
the VRA Manager on a per device basis.
USING CFGEDIT
1. Select Security from the main menu.
2. Select option (5), Off-node Server Information from the Security Menu. The following screen is
displayed:
Off-node Server Information Menu:
1) VRA Manager
2) RADIUS
3) TACACS
4) ACE
Select function from above or <RET> for previous menu: 1
3. Select VRA Manager Authentication Server from the Off-node Server Information Menu. The
following screen is displayed:
VRA Manager Menu:
TCP Port Number
is 2000
VRA Manager Server Options:
1) VRA Manager TCP Port
Select function from above or <RET> for previous menu: 1
4. Enter the TCP port number used by the VRA Manager.
USING MANAGE MODE COMMANDS
vra
Displays the current VRA Manager configuration data.
vra change
Allows you to change the VRA Manager TCP port number.
Workgroup Remote Access Switch
179
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
VRA MANAGER AUTHENTICATION SERVER CONFIGURATION ELEMENTS
TCP PORT NUMBER
The TCP port number used by the VRA Manager. Note that you can assign a device-defined port
number, but that the VRA Manager TCP port number must be entered identically on both the
CyberSWITCH and the VRA Manager.
VRA MANAGER AUTHENTICATION SERVER BACKGROUND INFORMATION
When a remote site calls a CyberSWITCH, it sends its identification (such as the system name) and
a password (or challenge). The system then sends the data in a message to the VRA Manager
(Virtual Remote Access Manager) on a TCP connection. VRA Manager will find the device in its
database, searching for the system name (if provided) or the Ethernet address for Combinet
Proprietary Protocol (CPP) devices. After finding the device, the password or challenge is verified,
and configuration information about the device is sent to the system.
Before allowing data to be sent to the newly-connected device, the system will again query the VRA
Manager, this time to verify if the call is acceptable. The VRA Manager checks against various
configuration settings to see if the call is to be allowed.
RADIUS AUTHENTICATION SERVER
CONFIGURING A RADIUS AUTHENTICATION SERVER
Note: In order for the CyberSWITCH to reference a RADIUS Server for device authentication, the
following configuration steps must first be completed:
•
•
•
•
IP Routing must be enabled. If you try to enable the RADIUS Server before IP routing
has been enabled, an error message will be displayed.
The appropriate LAN network interface(s) must be configured to represent the local IP
network.
The appropriate WAN network information must be configured for each type of
remote device configured that will connect to the system.
The system must have a valid route to the RADIUS Server. This route can be via a
directly connected network interface or via a static route. If the RADIUS Server has a
direct physical connection to the network, the appropriate network interface must then
be configured for that connection. If the RADIUS Server has no direct physical
connection to the network, then a static route needs to be configured to establish a
route, with one exception: if the router connecting the system to the RADIUS Server
supports RIP, no static route is needed. If there are multiple CyberSWITCHes at one
site, it is more convenient to maintain all of the static route information for these
systems on a central RADIUS Server. The static routes then do not need to be
duplicated on all of the Cabletron systems. This is done by enabling the “IP Routes via
RADIUS” feature available under CFGEDIT’s IP Information Menu, and including a
Framed Route attribute for each system’s RADIUS device entry.
180
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OFF-NODE SERVER INFORMATION
RADIUS Authentication Server
USING CFGEDIT
1. Select option (2), RADIUS from the Off-node Server Information menu. If you need guidance
configuration section. The following screen will be displayed:
RADIUS Authentication Server Menu:
Primary Server
IP Address
Shared Secret
UDP Port Number
is 128.111.011.001
is "SHAREDSECRET1234"
is 5800
Secondary Server
is Not Configured
Access Request Retry
Number of Access Retries
Time between Retries
is 5
is 2 seconds
RADIUS Server Options:
1) Primary (Master) Server
2) Secondary (Slave) Server
3) Miscellaneous Information
Select function from above or <RET> for previous menu:
2. Select (1) Primary Server to enter the following information:
a. IP address of the Authentication Server
b. shared secret between the CyberSWITCH and Authentication Server
c. UDP port number used by the Authentication Server
3. Optional: configure a secondary RADIUS Server with selection (2). In the event that the
primary server does not respond to system requests, the secondary server will be queried for
device authentication information. The address and port number of the Secondary RADIUS
Server must not be the same as the Primary RADIUS Server.
4. Select Miscellaneous Information to finish the configuration. Specify the number of access request
retries that the system will send to the Authentication Server, as well as the time between
retries.
USING MANAGE MODE COMMANDS
radius
Displays the current RADIUS server configuration data.
radius change
Allows you to change the current RADIUS server configuration data. After entering the
radius changecommand, you will be prompted for the configuration elements you want to
change.
Workgroup Remote Access Switch
181
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
RADIUS AUTHENTICATION SERVER CONFIGURATION ELEMENTS
IP ADDRESS
The IP address in dotted decimal notation for the RADIUS Server. This information is required for
the Primary RADIUS Server, and also required if a Secondary RADIUS Server is configured. If a
Secondary RADIUS Server is configured, it must have a different IP address than the Primary
RADIUS Server.
SHARED SECRET
The shared secret can be 1 to 16 characters in length. Any ASCII character may be used. The same
shared secret is configured on the CyberSWITCH and the RADIUS Server. It is used for security
purposes. As opposed to a password, a shared secret is not sent across lines, and therefore is not
susceptible to interception. Instead, a calculation is done on the packets transmitted between the
two devices, and the results are compared to the shared secret for validation. The shared secret
between the CyberSWITCH and the selected server secures the access to both devices. Both devices
must know the shared secret before any exchange of information can take place. If the calculation’s
results do not match the shared secret, the connection is terminated.
The RADIUS maintains a list of all the system’s services, which includes an entry for each System’s
IP address and associated shared secret.
UDP PORT NUMBER
The UDP port number used by the RADIUS Server. This information is required for the Primary
RADIUS Server, and also required if a Secondary RADIUS Server is configured. The default value
of 1645 is almost always used.
NUMBER OF ACCESS REQUEST RETRIES
The number of Access Request Retries that the system will send to the RADIUS Server. The initial
default value is 3. The acceptable range is from 0 to 32,767.
TIME BETWEEN ACCESS REQUEST RETRIES
The time between Access Request Retries sent from the system. The initial default value is 1. The
acceptable range is from 1 to 10,000.
RADIUS AUTHENTICATION SERVER BACKGROUND INFORMATION
If you require a central database for device authentication (capable of servicing several
CyberSWITCHes), you can use an industry standard authentication server. The Remote
Authentication Dial-In User Service (RADIUS) serves this purpose for both device level and device
level security on the CyberSWITCH. The RADIUS Server can also be used to authenticate an
administrative session.
The Remote Authentication Dial-In User Service (RADIUS) is a central database supported by the
CyberSWITCH. RADIUS operates using two components: an authentication server and client
protocols. The RADIUS Server software is installed on a UNIX-based system that is local to the
network. The client protocols allow the CyberSWITCH to communicate with the RADIUS server,
ultimately authenticating devices.
The following is a typical scenario if the RADIUS Server is activated: when a remote device needs
to be authenticated, the system will send an access request to the primary RADIUS Server. After
the configured time interval the system will send an access request retry if the primary server does
not respond. After the configured number of retries, the system will request authentication
182
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OFF-NODE SERVER INFORMATION
TACACS Authentication Server
information from the secondary server if one is configured. The connection will be released if
neither server responds to the access requests.
information required for each type of remote device. The information you need to configure
depends upon what you have configured for the CyberSWITCH operating mode (bridging and/ or
routing), and the security options you select.
To configure the RADIUS Server itself, refer to the RADIUS Authentication Server User’s Guide. If
you have Internet access, you may obtain this guide by following the steps outlined below:
•
•
•
•
Use your Web browser to get to the following address: http:// service.nei.com
From the resulting screen, click on Public.
Click on the Radius directory.
Click on the Docs directory. The guide will be under this directory.
TACACS AUTHENTICATION SERVER
CONFIGURING A TACACS AUTHENTICATION SERVER
Note: In order for the CyberSWITCH to reference the TACACS server, basic IP information must
be configured. If the IP Host mode is not in use, you must also configure the following:
•
a LAN Network interface must be configured appropriately for the IP network
connected to each LAN port on the system
•
at least one WAN Network Interface must be configured for TACACS to be operable
USING CFGEDIT
1. Select option (3), TACACS from the Off-node Server Information menu. If you need guidance
configuration section. The following screen will be displayed:
TACACS Authentication Server Menu:
Primary Server
IP Address
UDP Port Number
is 001.002.003.004
is 49
Secondary Server
IP Address
UDP Port Number
is 001.002.003.008
is 49
Access Request Retry
Number of Access Retries
Time between Retries
TACACS Packet Format
is 3
is 1 second
is (ID CODE,PIN)
TACACS Server Configuration Options:
1) Primary Server
2) Secondary Server
3) Access Request Retry
Select function from above or <RET> for previous menu:
2. Select (1) Primary Server to enter the following information:
a. IP address of the Authentication Server
b. UDP port number used by the Authentication Server
Workgroup Remote Access Switch
183
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
3. Optional: configure a secondary TACACS Server with selection (2). In the event that the
primary server does not respond to system requests, the secondary server will be queried for
device authentication information. The address and port number of the Secondary Server must
not be the same as the Primary Server.
4. Select (3) Access Request Retry to finish configuration. Specify the number of access request
retries that the system will send to the Authentication Server, as well as the time between
retries. You may also specify order of the TACACS authentication prompts for access request.
USING MANAGE MODE COMMANDS
tacacs
Displays the current TACACS off-node server configuration data.
tacacs change
Allows you to change the current TACACS off-node server configuration data. After entering
the tacacs change command, you will be prompted for the configuration elements you
want to change.
TACACS AUTHENTICATION SERVER CONFIGURATION ELEMENTS
IP ADDRESS
The IP address in dotted decimal notation for the TACACS Server.
UDP PORT NUMBER
The UDP port number used by the TACACS Server. The default value of 49 is almost always used.
NUMBER OF ACCESS REQUEST RETRIES
The number of Access Request Retries that the system will send to the TACACS Server. The initial
default value is 3. The acceptable range is from 0 to 32,767.
TIME BETWEEN ACCESS REQUEST RETRIES
The time between Access Request Retries sent from the system. The initial default value is 1 second.
The acceptable range is from 1 to 10,000.
TACACS PACKET FORMAT
The TACACS format for device authentication. The default format is ID code, PIN.
TACACS AUTHENTICATION SERVER BACKGROUND INFORMATION
The Terminal Access Controller Access Control System (TACACS) is a database supported by the
CyberSWITCH. TACACS operates using two components: client code and server code. TACACS
server software is installed on a UNIX-based system connected to the CyberSWITCH network. The
client protocols allow the system to communicate with the TACACS server, ultimately
authenticating devices.
The following is a typical scenario if the TACACS Server is activated: with user level security, a
remote user will Telnet into a specified system port for user authentication. The system, in turn, will
send an access request to the primary TACACS Server. After the configured time interval the
184
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OFF-NODE SERVER INFORMATION
ACE Authentication Server
system will send an access request retry if the primary server does not respond. After the
configured number of retries, the system will request authentication information from the
secondary server if one is configured. The connection will be released if neither server responds to
the access requests.
Note: For user level security, the CyberSWITCH’s default Telnet port number is 7000, not the
normal default (23).
ACE AUTHENTICATION SERVER
CONFIGURING AN ACE AUTHENTICATION SERVER
Note: In order for the CyberSWITCH to reference ACE server, the following configuration steps
must first be completed:
•
•
basic IP routing information must be configured for ACE
a LAN Network interface must be configured appropriately for the IP network
connected to each LAN port on the system
•
at least one WAN Network Interface must be configured for ACE to be operable
USING CFGEDIT
1. Select option (4), ACE from the Off-node Server Information menu. If you need guidance to
configuration section. The following screen will be displayed:
ACE Authentication Server Menu:
Primary (Master) Server
is Not Configured
Secondary (Slave) Server
is Not Configured
Access Request
Number of Access Retries
Time between Retries
Encryption Method
is 3
is 1 second
SDI
Source IP address
is Not Configured
ACE Server Options:
1) Primary (Master) Server
2) Secondary (Slave) Server
3) Miscellaneous Information
4) Load ACE configuration file.
Select function from above or <RET> for previous menu: 1
2. Select Primary Server and enter the following information:
a. IP address of the Authentication Server
b. UDP port number used by the Authentication Server
3. If your configuration includes an ACE Slave server, then select Secondary Server. Enter its IP
address. The UDP port number for the Master and Slave servers will be the same, regardless of
which server configuration screen from which it is entered.
Workgroup Remote Access Switch
185
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
4. Select Miscellaneous Information to finish the configuration.
a. Specify the number of access request retries that the system will send to the Authentication
Server.
b. Specify the time between retries.
c. Choose between the DES or SDI Encryption Method. The algorithm you select must be
compatible with the ACE Server setup.
d. You will also be prompted for a source IP address. This source IP address should be a valid
address for the CyberSWITCH. The IP address must match the IP address listed for the
system in the ACE Server host machine’s /etc/hostsfile.
USING MANAGE MODE COMMANDS
ace
Displays the current ACE Server configuration data.
ace change
Allows you to change the current ACE Server configuration data. After entering the ace
changecommand, you will be prompted for the configuration elements you want to change.
There is also an option to load the ACE configuration file. Use this option only if you have
selected the alternate method of configuring the ACE Server on the system using the
sdconf.recfile.
ace reinit
Allows you to reinitialize the system ACE client. This is required only if the server’s IP address
or encryption method has been changed. A reinitialization removes the user-named services
file as described in the ACE Server documentation.
ALTERNATE METHOD OF CONFIGURATION
There is an alternate method of configuring the ACE Server database using a file on the ACE Server
itself. If you decide to use this alternate method, you would TFTP the file sdconf.rec to the system,
placing it in the \config directory. You would then activate the “load” through CFGEDIT (screen
would also activate the “load.” After downloading the file, you will still need to specify the source
IP address.
For more information on the sdconf.rec file and this alternate method of configuration, refer to
the ACE Server documentation.
ACE AUTHENTICATION SERVER CONFIGURATION ELEMENTS
IP ADDRESS
The IP address in dotted decimal notation for the ACE Server. The IP address must match the
address used for the server in its host machine’s \etc\hostsfile.
UDP PORT NUMBER
The UDP port number used by the ACE Server. The default value is 1024. This port number must
match the port listed for the SecurID service in the host machine’s \etc\servicesfile.
186
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OFF-NODE SERVER INFORMATION
ACE Authentication Server
NUMBER OF ACCESS REQUEST RETRIES
The number of Access Request Retries that the system will send to the ACE Server. The initial
default value is 3. The acceptable range is from 0 to 32,767.
TIME BETWEEN ACCESS REQUEST RETRIES
The time between Access Request Retries sent from the system. The initial default value is 1 second.
The acceptable range is from 1 to 10,000.
ENCRYPTION METHOD
This option should always indicate SDI, and is not currently configurable. If the ACE Server is not
also configured to use SDI encryption, then any authentication attempts via the system will fail.
SOURCE IP ADDRESS
The source IP address for the ACE client should be a valid address (in dotted decimal notation) for
the system. This address must match the IP address listed for the system in the ACE Server host
machine’s /etc/hostsfile.
ACE AUTHENTICATION SERVER BACKGROUND INFORMATION
Access Control Encryption (ACE) is a database supported by the system. ACE operates using two
components: client code and server code. The ACE Server software is installed on a UNIX-based
system connected to the network. The client protocols allow the CyberSWITCH to communicate
with the ACE Server, ultimately authenticating users.
Workgroup Remote Access Switch
187
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING NETWORK LOGIN INFORMATION
OVERVIEW
The CyberSWITCH offers a number of configurable options to control the login process for this
system and for off-node authentication servers. These options include:
NETWORK LOGIN GENERAL CONFIGURATION
CONFIGURING GENERAL NETWORK LOGIN INFORMATION
USING CFGEDIT
1. Select Security from the main menu.
2. Select option (6), Network Login Information from the Security Menu. The following screen is
displayed:
Network Login Information Menu:
1) Network Login General Configuration
2) Network Login Banners
3) Login configuration Specific to RADIUS Server
4) Login Configuration Specific to TACACS Server
Select function from above or <RET> for previous menu: 1
3. To customize general login prompts, choose selection (1) from the Network Login Information.
The following menu is displayed:
Device Network Login General Configuration Menu:
1) Login Prompt
2) Dynamic Password Prompt
3) Passcode Prompt
4) Device Password Prompt
5) Old Password Prompt
6) New Password Prompt
7) Login Attempts
is "Login ID: "
is "Dynamic Password: "
is "Enter PASSCODE: "
is "Password: "
is "OLD Password: "
is "NEW Password: "
is 3
8) Password Change Attempts
9) Authentication Timeout
10) BOOTP Before Authentication
is 3
is 30 seconds
is Disabled
Select function from above or <RET> for previous menu:
By selecting items (1) through (6), you may change the wording of the specified prompts. Items
(7) and (8) allow you to change the number of attempts for login or password change. Item (9)
allows you to specify the amount of time before an authentication timeout. Enabling Item (10)
allows BOOTP/ DHCP to transmit an IP address to the user, so that the user may establish a
Telnet session for authentication.
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING NETWORK LOGIN INFORMATION
Network Login General Configuration
Concerning item (9), Authentication Timeout, note the following recommendation: If using the
Security Dynamics Ace Server, modify the timeout value to be greater than the change
frequency value of the SecurID cards. Refer to the Security Dynamics documentation for more
information on this change frequency value. In addition, if you are using a VRA Manager for
call control management, this timeout value must represent the amount of time for the
authenticating agent to respond to the login attempt, and for VRA Manger to respond as well.
These times should be based on network configuration.
USING MANAGE MODE
netlogin
Displays the current network login configuration data. After entering the netlogin
command, you will be prompted for the type of login configuration information you want. The
prompt will resemble the CFGEDIT screen in which this information was originally
configured. You may display: user level security general configuration, login banners, login
configuration specific to RADIUS, and login configuration specific to TACACS.
netlogin change
Allows you to change the current network login configuration data. After entering the
netlogin change command, you will be prompted for the type of login configuration
information you want to change. The prompt will resemble the CFGEDIT screen in which this
information was originally configured. You may change: user level security general
configuration, login banners, login configuration specific to RADIUS, and login configuration
specific to TACACS.
NETWORK LOGIN GENERAL CONFIGURATION BACKGROUND INFORMATION
Allows you to change the network login prompts. These include the prompts for:
•
•
•
•
•
login ID
dynamic password
user password
old password, new password
passcode
You may also specify the number of login attempts, password change attempts and the amount of
time in seconds before an authentication timeout.
When using DHCP to provide temporary IP addresses to remote clients, it is important to enable
BOOTP before Authentication if user authentication is used.
Workgroup Remote Access Switch
189
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
NETWORK LOGIN BANNERS
CONFIGURING NETWORK LOGIN BANNERS
USING CFGEDIT
1. Select option (2), Network Login Banners from the Network Login Information menu. If you need
Configuration configuration section. The following screen will be displayed:
Device Network Login Banner Menu:
The file "\CONFIG\Welcome.NEI" contains the Login Banner.
The file "\CONFIG\Motd.NEI" contains the Message of the Day.
1) Login Banner
is "Login Please".
is "Change Password".
is "**** Access Validated ****".
is "**** Access Denied ****".
2) Change Password Banner
3) Login Successful Banner
4) Login Unsuccessful Banner
5) Call Control Failure Banner is "*VRA Manager Denied Access*"
Select function from above or <RET> for previous menu:
Note the following: the Welcome.NEIfile and the Motd.NEIfile are user-created files. The
Welcome.NEIfile contains text to be displayed prior to system login. It precedes the actual
login banner. If no Welcome.NEIfile exists, the login banner alone is displayed. The
Motd.NEI file (Message-of-the-Day file) is displayed after successful login. Like the
Welcome.NEI file, the Motd.NEIfile is optional.
USING MANAGE MODE
netlogin
Displays the current network login configuration data. After entering the netlogin
command, you will be prompted for the type of login configuration information you want. The
prompt will resemble the CFGEDIT screen in which this information was originally
configured. You may display: user level security general configuration, login banners, login
configuration specific to RADIUS, and login configuration specific to TACACS.
netlogin change
Allows you to change the current network login configuration data. After entering the
netlogin change command, you will be prompted for the type of login configuration
information you want to change. The prompt will resemble the CFGEDIT screen in which this
information was originally configured. You may change: user level security general
configuration, login banners, login configuration specific to RADIUS, and login configuration
specific to TACACS.
NETWORK LOGIN BANNERS BACKGROUND INFORMATION
Allows you to customize the various system banners: login, change password, login successful and
login unsuccessful. You may also define a “Welcome” banner and a “Message-of-the-Day” banner.
You do so by creating a welcome.neifile and a motd.neifile on the system’s \config
directory. (Refer to the Software Overview chapter for file information). The creation of these files
is optional.
190
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING NETWORK LOGIN INFORMATION
Login Configuration Specific to RADIUS Server
LOGIN CONFIGURATION SPECIFIC TO RADIUS SERVER
CONFIGURING RADIUS SERVER LOGIN INFORMATION
USING CFGEDIT
1. Select option (3), Login Configuration Specific to RADIUS Server from the Network Login
Information menu. If you need guidance to find this menu, refer to the instructions provided
displayed:
RADIUS Specific Device Login Menu:
1) Change Password Control Character is DISABLED.
2) Prompt Order for Device Login.
Select function from above or <RET> for previous menu: 1
2. Selection (1) from the RADIUS Specific Device Login Menu allows you to change the password
control character:
Enter control character used to switch from LOGIN to CHANGE PASSWORD mode.
Select the control character that you wish to us by typing
caret (‘^’) followed by another character (example: ^A),
or ‘0’ to disable [Default = DISABLED]? <RET>
3. Selection (2) from the RADIUS Specific Device Login Menu allows you to customize the
prompt order for device login. This prompt is particularly important, because the order of
prompts must be the same as the order expected by the RADIUS server. Selection (2) displays
the following:
RADIUS Device Login Prompt Order Menu:
Current Prompt Order is:
-----------------------------------------------------------------
First Prompt
Second Prompt
is LOGIN ID PROMPT (fixed)
is USER PASSWORD PROMPT
1) Prompt Order
Select function from above or <RET> for previous menu: 1
Prompts available for Second Prompt
1) USER PASSWORD
2) DYNAMIC PASSWORD
Select function from above or <RET> for previous menu:
Workgroup Remote Access Switch
191
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
USING MANAGE MODE
netlogin
Displays the current network login configuration data. After entering the netlogin
command, you will be prompted for the type of login configuration information you want. The
prompt will resemble the CFGEDIT screen in which this information was originally
configured. You may display: user level security general configuration, login banners, login
configuration specific to RADIUS, and login configuration specific to TACACS.
netlogin change
Allows you to change the current network login configuration data. After entering the
netlogin change command, you will be prompted for the type of login configuration
information you want to change. The prompt will resemble the CFGEDIT screen in which this
information was originally configured. You may change: user level security general
configuration, login banners, login configuration specific to RADIUS, and login configuration
specific to TACACS.
LOGIN CONFIGURATION SPECIFIC TO RADIUS SERVER BACKGROUND INFORMATION
Login configuration parameters specific to RADIUS include the specification of prompt order and
a password control character.
The prompt order specified on the system must match the prompt order specified on the RADIUS
server. The default order is:
•
•
•
First prompt: LOGIN ID PROMPT (fixed)
Second prompt: DYNAMIC PASSWORD PROMPT
Third prompt: USER PASSWORD PROMPT
If you need to change this order, you may specify this order of prompts in the login process.
The password control character is a key sequence you specify to switch between the login mode
and the change password mode. In order to enable this feature for the general user, you need to
configure this password control character.
LOGIN CONFIGURATION SPECIFIC TO TACACS SERVER
CONFIGURING TACACS SERVER LOGIN INFORMATION
USING CFGEDIT
1. Select option (4), Login Configuration Specific to TACACS Server from the Network Login
Information menu. If you need guidance to find this menu, refer to the instructions provided
displayed:
TACACS Specific Device Login Menu:
1) Password Control Character is ^R.
2) Prompt Order for Device Login.
3) Messages for TACACS Return Codes.
4) Return to the Previous Menu.
Select function from above or <RET> for previous menu: 1
192
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING NETWORK LOGIN INFORMATION
Login Configuration Specific to TACACS Server
2. Selection (1) from the TACACS Specific Device Login Menu allows you to change the password
control character:
Enter control character used to switch from LOGIN to CHANGE PASSWORD mode.
Select the control character that you wish to us by typing
caret (‘^’) followed by another character (example: ^A),
or ‘0’ to disable [Default = ^R]? <RET>
3. Selection (2) from the TACACS Specific Device Login Menu allows you to customize the
prompt order for device login. This prompt is particularly important, because the order of
prompts must be the same as the order expected by the TACACS server. Selection (2) displays
the following:
TACACS Device Login Prompt Order Menu:
Current Prompt Order is:
-----------------------------------------------------------------
First Prompt
Second Prompt
Third Prompt
is LOGIN ID PROMPT (fixed)
is DYNAMIC PASSWORD PROMPT
is USER PASSWORD PROMPT
1) Prompt Order
Select function from above or <RET> for previous menu:
4. Selection (3) from the TACACS Specific Device Login Menu allows you to adjust the return
code messages upon login attempt:
TACACS Return Code Messages Menu:
RESPONSE
-----------------------------------------------------------------
1) ACCEPTED(1) NONE(0) ""
REASON
MESSAGE
2) ACCEPTED(1) EXPIRING(1) "**** Password about to expire ****"
3) ACCEPTED(1) PASSWORD(2) "**** Password expiration imminent ****"
4) REJECTED(2) NONE(0)
"**** Login invalid ****"
5) REJECTED(2) EXPIRING(1) "**** Please change PIN ****"
6) REJECTED(2) PASSWORD(2) "**** Device/Password invalid ****"
7) REJECTED(2) DENIED(3)
""
Select function from above or <RET> for previous menu:
Note: There is no customization of Specific Device Login for the ACE Server.
USING MANAGE MODE
netlogin
Displays the current network login configuration data. After entering the netlogin
command, you will be prompted for the type of login configuration information you want. The
prompt will resemble the CFGEDIT screen in which this information was originally
configured. You may display: user level security general configuration, login banners, login
configuration specific to RADIUS, and login configuration specific to TACACS.
Workgroup Remote Access Switch
193
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
netlogin change
Allows you to change the current network login configuration data. After entering the
netlogin change command, you will be prompted for the type of login configuration
information you want to change. The prompt will resemble the CFGEDIT screen in which this
information was originally configured. You may change: user level security general
configuration, login banners, login configuration specific to RADIUS, and login configuration
specific to TACACS.
LOGIN CONFIGURATION SPECIFIC TO TACACS SERVER BACKGROUND INFORMATION
LOGIN ELEMENTS SPECIFIC TO TACACS
There are login configuration parameters specific to TACACS. These include the specification of
prompt order, a password control character, and specification of messages for TACACS return
codes.
The prompt order specified on the system must match the prompt order specified on the TACACS
server. The default order is:
First prompt: LOGIN ID PROMPT (fixed)
Second prompt: DYNAMIC PASSWORD PROMPT
Third prompt: USER PASSWORD PROMPT
If you need to change this order, you may specify this order of prompts in the login process.
The password control character is a key sequence you specify to switch between the login mode
and the change password mode. In order to enable this feature for the general user, you need to
configure this password control character.
TACACS may provide return code messages upon user login. You may customize these messages
through CFGEDIT. The default messages are as follows:
If the login process was successful, but the user password is about to expire, one of the following
messages is displayed:
•
•
Password about to expire
Password expiration imminent
If the login process is unsuccessful, one of the following messages is displayed:
•
•
•
Login invalid
Please change PIN
User/ Password invalid
194
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
ADVANCED CONFIGURATION
We define advanced configuration as the configuration you may use to fine tune your system, or
to configure options that are not necessarily needed by the majority of users. For example, if you
would like to configure an alternate access (an alternate to ISDN access); this would be considered
advanced configuration.
We include the following chapters in the Advanced Configuration segment of the User’s Guide:
An access defines the connection details the CyberSWITCH uses to reach the network. The
default access is ISDN access, a switched-network access. This chapter provides instructions for
configuring the non-default types of accesses.
Instructions for configuring the following advanced bridging options: bridge dial out,
Spanning Tree Protocol, mode of operation, and bridging filters.
Instructions for configuring the following advanced IP routing options: static ARP table
entries, enable/ disable isolated mode, static routes lookup, IP address pool, and DHCP.
Instructions for configuring the IPX feature.
Instructions for configuring the AppleTalk Routing feature.
Instructions for configuring SNMP capabilities.
Instructions for configuring the options that control how the system will make and accept calls.
Instructions for configuring advanced system options that are not covered in the previous
chapters. Information is included for the following advanced options: digital modem, PPP,
default line protocol, log options, system compression options, TFTP, and file attributes.
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ALTERNATE ACCESSES
OVERVIEW
An access defines the connection details the CyberSWITCH uses to reach the network. The default
access is ISDN access, a switched-network access. Configurable accesses are required for dedicated
network connections, for packet-switched network connections including X.25 and frame relay
connections. Refer to the information below for the alternate access you wish to add.
DEDICATED ACCESSES
CONFIGURING A DEDICATED ACCESS
USING CFGEDIT
1. Select Access from the Physical Resources menu, then follow the onscreen instructions to add a
dedicated access.
2. Select the line Id of the line you will use for this access.
3. For BRI and PRI lines: select the bearer channels the access will use.
4. Select the line protocol. In almost all cases, select PPP. Select HDLC only if you are connecting
to a device that uses HDLC over a dedicated access.
5. Enter the device name tied to this access (optional for accesses using PPP protocol, mandatory
for accesses using HDLC protocol).
Note: Device authentication must be enabled for dedicated accesses to properly identify the
remote device and provide switched backup and overflow to that device. Remote devices
using a dedicated connection must use PPP for device authentication. Authentication
USING MANAGE MODE COMMANDS
dedacc
Displays previously configured dedicated accesses.
DEDICATED ACCESS CONFIGURATION ELEMENTS
LINES
The line that will be used for the dedicated access. A dedicated access can be defined on either a
BRI or a PRI line.
BEARER CHANNELS
For BRI and PRI lines only. Also referred to as B channels. B channels can carry voice or data in
either direction.
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ALTERNATE ACCESSES
Dedicated Accesses
LINE PROTOCOL
Designates the type of line protocol that will be used on the dedicated connection. PPP line protocol
is the correct selection for most configurations. HDLC protocol may work for devices that only
support HDLC protocol.
DEVICE NAME (OPTIONAL)
Optional parameter. The device name of the device assigned to this dedicated connection. The
device name may be up to 17 characters in length, and is case sensitive. If you configure this
parameter, and, in addition, turn off outbound authentication for this device, no authentication will
be needed for this particular device. If you do not configure this parameter, device authorization is
required for the device.
DEDICATED ACCESS BACKGROUND INFORMATION
To access dedicated network connections, there must be a physical connection between the
network and the CyberSWITCH. The dedicated access defines how the CyberSWITCH will use this
physical connection.
The dedicated connection is used in addition to any switched connections that can be made to
provide overflow data capacity to the remote device. The dedicated connection is brought up at
initialization time. The Throughput Monitor starts monitoring the dedicated connection for an
overload condition. When link utilization causes an overload condition, additional switched
connections will be made to the remote device based on the data rate configured for that device.
When the link utilization causes an underload condition, the switched connections will be released
with the dedicated connection remaining active.
Switched connections can also be used to provide backup connectivity to the remote device in case
the dedicated connection fails. If the dedicated connection goes down, and there is network traffic,
switched connections will be made to the remote device based on the data rate configured for that
device thus providing backup for the dedicated connection. When the dedicated connection comes
back up, it will be aggregated together with any switched connections that may be active.
When the link utilization causes an underload condition, the switched connections will be released
with the dedicated connection remaining active.
Device level authentication must be enabled for dedicated accesses to properly identify the remote
device and provide switched backup and overflow to that device.
To define a Dedicated Access, you must select a previously defined line. Then, input the details
required to use the line.
Note: To achieve maximum bandwidth, you could theoretically dedicate two T1s to one remote
device (3072 Kbps). Any configuration above this maximum bandwidth is not supported.
Keep in mind that you can aggregate a maximum of 32 connections. These connections can
be any combination of dedicated and/ or switched connections to the same device. For
maximum performance, however, we recommend aggregating no more than eight
connections at a time.
Workgroup Remote Access Switch 197
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
X.25 ACCESSES
CONFIGURING AN X.25 ACCESS
Note the following:
•
X.25 accesses are available only if you have purchased the additional software module for
packet switched accesses.
•
•
•
•
•
You may only configure one X.25 access per CyberSWITCH, and one line per access.
Bearer channels used by X.25 accesses can not be shared by other access types.
Compression is not available over X.25 connections.
For X.25 over a D-Channel, you must configure the datalink (for the line you are using) to sup-
USING CFGEDIT
To add an X.25 access, several categories of information must be configured, including basic
configuration information including line information, Link Access Procedure Balanced (LAPB)
parameters (not required for X.25 over a D-Channel), X.25 parameters, and finally, virtual circuit
parameters. A separate section for configuring each of the above categories follows.
Notes: If you are unsure of a value, select the default value if one is provided. If you want to
change an existing X.25 access configuration, select the “change” option from the main X.25
Access menu. A submenu will display the various categories described below. You can
then select to edit individual categories without paging through all of the parameters. It is
important to note that the line used for an existing X.25 access cannot be changed.
Individual characteristics of the line can change, for example, the data rate, bearers, or
Public Packet Switched Network (PPSN) phone number. If another line is to be used, the
existing access must be deleted, and added back in.
BASIC CONFIGURATION INFORMATION
1. Select Access from the Physical Resources menu, then follow the onscreen instructions to add
an X.25 access.
2. You will be asked whether or not a D-channel is to be used for this access. A list of available
lines will be displayed dependent on your answer. For X.25 over a D-Channel, you must select
this access will be using. A BRI line that is in use by another type of access will not be available
for use by an X.25 access.
3. Enter an X.25 access name of 1 to 16 non-blank, alpha-numeric characters. The X.25 access name
is a user-defined name and is provided as an aid in helping you track events occurring on an
X.25 access.
4. Enter the X.121 address of the local DTE (the CyberSWITCH).
LAPB configuration information is not needed.
6. Select the data rate for the line.
198
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ALTERNATE ACCESSES
X.25 Accesses
7. Enter a list of bearers (a channel map). For PRI lines, the range of channels is from 1 to 24. For
BRI lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/ or list
a range by using a dash (-).
LAPB CONFIGURATION INFORMATION
Note: You will not be prompted for this information if you are using X.25 over a D-Channel. The
system will “know” what type of X.25 access you are using by the line you selected for the
access. If you select a line that has its data link configured to support X.25 communications,
then you are selecting a line that will do X.25 over a D-Channel.
1. Enter the LAPB sequence number range to use, regular, or extended. Extended sequence
numbering allows for frames to be assigned sequence numbers from 0-127 (modulo 128), as
opposed to 0-7 (modulo 8).
2. Enter the duration of Timer T1, which is the maximum time to wait for responses to pending
commands.
3. Enter the duration of Timer T3, which is used to signal that an excessively long idle time is
occurring on the link. LAPB requires that Timer T3 be greater than Timer T1.
4. Enter the maximum number of frame re-transmissions that can be performed (this is
commonly known as “N2”).
5. Enter the maximum number of frames that the transmitting station may have outstanding at
any given time (this is commonly known as “K”). The range for this parameter will be 1-7 if the
Modulo 8 sequence numbers are being used for LAPB, or 1-127 if Modulo 128 sequence
numbers are being used.
X.25 CONFIGURATION INFORMATION
1. Configure the X.25 Logical Channel Assignments. This requires entering the maximum
number of PVCs and SVCs to be supported. For X.25 over B-channel, a total of 48 virtual
circuits are supported; over D-channel 8 virtual circuits are supported. Therefore, the total
number of PVCs and SVCs combined cannot exceed the maximum number of VCs.
a. Enter the maximum number of PVCs to support.
b. Enter the maximum number of SVCs to support.
2. Configure the X.25 Timers.
a. Enter the duration of Timer T20.
This timer designates the time limit in which a restart confirmation must be returned by the
DCE (the PPSN) after a restart request has been issued by the DTE (the CyberSWITCH).
b. Enter the duration of Timer T21.
This timer designates the time limit in which a call connected response must be returned
by the DCE (the PPSN) after a call request has been issued by the DTE (the CyberSWITCH).
c. Enter the duration of Timer T22.
This timer designates the time limit in which a reset confirmation must be returned by the
DCE (the PPSN) after a reset request has been issued by the DTE (the CyberSWITCH).
d. Enter the duration of Timer T23.
This timer designates the time limit in which a clear confirmation must be returned by the
DCE (the PPSN) after a clear request has been issued by the DTE (the CyberSWITCH).
Workgroup Remote Access Switch 199
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
3. Configure the X.25 Reliability, Windows, and Acknowledgment Facilities.
a. Select the type of sequence numbers to be used for X.25: regular or extended. Extended
sequence numbering allows for packets to be assigned sequence numbers from 0-127
(modulo 128), as opposed to 0-7 (modulo 8).
b. Enter the Maximum Window Size. This is the largest possible window size to be supported
on any virtual circuit. SVCs that support window size negotiation will never allow the
agreed upon window size to exceed this value. If regular (modulo 8) sequence numbers are
being used, the range of possible window sizes is 1-7. If extended (modulo 128) sequence
numbers are being used, the range of possible window sizes is 1-127.
c. Select the Maximum Packet Size. This value is used to determine the maximum packet size
that the system will support for X.25 connections. When packet size negotiation is
performed on SVCs, this value will be used as the upper bound.
4. Configure the X.25 Quality-of-Service Facilities for SVCs.
The first three items are configured for SVCs that can perform negotiation.
a. Select the Maximum Throughput Class. This value is used to determine the maximum
throughput class that the system will support for X.25 connections. When throughput class
negotiation is performed on SVCs, this value will be used as the upper bound.
b. Choose whether Flow Control Negotiation is to be supported for SVCs (negotiation is not
performed on PVCs).
c. Choose whether Throughput Class Negotiation is to be supported for SVCs (negotiation is
not performed on PVCs).
The next 6 items configured are the nonstandard default parameters for SVCs that do not
support negotiation. These parameters are used on SVCs that do not use the standard X.25
values, but also do not support any facility negotiation.
d. Enter the Nonstandard Default Transmit Window Size. The range of allowable values for
this parameter is based upon configured sequence number modulus (1-7 for Modulo 8, and
1-127 for Modulo 128).
e. Enter the Nonstandard Default Receive Window Size.
f. Select the Nonstandard Default Transmit Packet Size.
g. Select the Nonstandard Default Receive Packet Size.
h. Select the Nonstandard Default Transmit Throughput Class.
i. Select the Nonstandard Default Receive Throughput Class.
5. Configure the X.25 Charging-Related Facilities.
a. Choose whether the system should accept incoming X.25 calls that request reverse
charging.
b. Choose whether outgoing X.25 calls should request reverse charging.
6. Configure the X.25 Restriction Facilities. These facilities are used to place restrictions upon
incoming and outgoing X.25 calls.
a. Choose whether incoming calls should be barred.
b. Choose whether outgoing X.25 calls should be barred.
7. Configure the X.25 Miscellaneous Facilities.
a. Choose whether fast select acceptance should be done on incoming calls.
b. Choose whether fast select should be done on outgoing calls.
After all of the X.25 facilities have been specified, you may configure virtual circuits.
200
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ALTERNATE ACCESSES
X.25 Accesses
PERMANENT VIRTUAL CIRCUIT INFORMATION
Note: SVCs and PVCs are specified in the X.25 Logical Channel Assignments section of the
configuration. However, PVCs require additional configuration, which is done in this
section.
1. Follow the onscreen instructions to begin the configuration of a virtual circuit.
Note: Default values are configured for each PVC when an access is newly created. You are given
the opportunity to modify the PVC configuration (steps 2 through 7). If you are unsure of
what to change, use the default configuration. Note that the packet sizes are limited to 128
bytes for D-channel configurations.
2. Enter the Logical Channel Number (LCN) that is to be used for this PVC. LCN values are
obtained from the PPSN carrier.
3. Enter the nonstandard default transmit window size.
4. Enter the nonstandard default receive window size.
5. Select the nonstandard default transmit packet size.
6. Select the nonstandard default receive packet size.
7. Select the nonstandard default transmit throughput class.
8. Select the nonstandard default receive throughput class.
9. After all of the above information has been entered for your PVC, repeat the above steps to add
the rest of your PVCs (up to the maximum number of PVCs)
X.25 CONFIGURATION ELEMENTS
X.25 LINE CONFIGURATION ELEMENTS
LINE ID NUMBER
From the displayed list of available lines, this is the Id Number of the previously defined line that
is to be used for this X.25 connection. A line that is in use by another type of access will not be
available for use by an X.25 access.
X.25 ACCESS NAME
The user defined name that will be used to identify this X.25 access. This name can consist of 1 to
16 non-blank, alpha-numeric characters. The X.25 access name is provided as an aid in helping to
track events occurring on an X.25 access.
LOCAL DTE ADDRESS
The X.121 address to be used as the local DTE address. The X.121 address is the public data network
address assigned by your X.25 provider. The local DTE (Data Terminal Equipment) in our
application refers to the CyberSWITCH.
Workgroup Remote Access Switch 201
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
DATA RATE
The data rate that applies to the line being used for this X.25 access. The configured data rate can
be 56 or 64 Kbps.
BEARER CHANNELS
A list of bearers (a channel map) that will be used on the line associated with this X.25 access. For
PRI lines, the range of channels is from 1 to 24. For BRI lines, the range of channels is from 1 to 2.
Separate bearer channels by commas, and/ or list a range by using a dash (-).
LAPB CONFIGURATION ELEMENTS
Link Access Protocol-Balanced (LAPB), is a data link layer protocol that is used in X.25 connections.
LAPB is based on the HDLC protocol.
Note: If you are unsure of any of these values, use the default values where provided.
LAPB SEQUENCE NUMBER RANGE
The LAPB sequence number range to use, regular, or extended. Extended sequence numbering
allows for frames to be assigned sequence numbers from 0-127 (modulo 128), as opposed to 0-7
(modulo 8). Using modulo 128, the DTEs can send up to 127 frames without receiving an
acknowledgment. Using modulo 8, the DTEs can send up to 7 frames without receiving an
acknowledgment. The default value is modulo 8.
TIMER T1
This timer defines the maximum time to wait for responses to pending commands. The range for
the T1 timer is 1 to 10 seconds. The default value is 1 second.
TIMER T3
This timer signals that an excessively long idle time is occurring on the link. LAPB requires that
Timer T3 be greater than Timer T1. The range for the T3 timer is 2 to 20 seconds. The default value
is 10 seconds.
MAXIMUM NUMBER OF FRAME RETRANSMISSIONS
This is the maximum number of frame retransmissions that can be performed (commonly known
as “N2”). If this maximum is exceeded, the link is considered out of order. The range for the
maximum number of frame retransmissions is 1 to 5 retransmissions. The default value is 3
retransmissions.
MAXIMUM NUMBER OF OUTSTANDING FRAMES
Enter the maximum number of frames that the transmitting station may have outstanding at any
given time (commonly known as “K”). The range for this parameter will be 1-7 if the modulo 8
sequence numbers are being used for LAPB, or 1-127 if modulo 128 sequence numbers are being
used. The range for the maximum number of outstanding frames is 1 to 7 frames. The default value
is seven frames.
202
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ALTERNATE ACCESSES
X.25 Accesses
X.25 ACCESS CONFIGURATION ELEMENTS
The X.25 Access configuration elements are divided into seven different categories:
•
•
•
•
•
•
•
X.25 Logical Channel Assignments
X.25 Timer Configuration
X.25 Reliability, Windows, and Acknowledgment Facilities
X.25 Quality-of-Service Facilities
X-25 Charging -Related Facilities
X-25 Restriction Facilities
X.25 Miscellaneous Facilities
Each category has multiple configuration elements that must be entered.
Note: If you are unsure of any of the configuration values, use the default values where provided.
X.25 LOGICAL CHANNEL ASSIGNMENTS
The maximum number of permanent virtual circuits (PVCs) and switched virtual circuits (SVCs)
to be supported. For X.25 over B-channel, a total of 48 virtual circuits are supported; over D-channel
8 virtual circuits are supported. Therefore, the total number of PVCs and SVCs combined cannot
exceed the maximum number of VCs. X.25 logical channel numbers are assigned to each PVC, and
each two-way SVC. (Currently, one-way incoming and one-way outgoing SVCs are not supported.)
MAXIMUM NUMBER OF PVCS
The maximum number of PVCs supported for this X.25 access.
MAXIMUM NUMBER OF SVCS
The maximum number of SVCs supported for this X.25 access.
X.25 TIMERS
Your PPSN provider should be able to provide you with the optimum values for the X.25 timers. If
you are unable to obtain these values, select the default values. The default values are acceptable
for the majority of network configurations.
TIMER T20
This timer designates the time limit in which a restart confirmation must be returned by
the DCE (the PPSN) after a restart request has been issued by the DTE (the CyberSWITCH).
The range for the this timer is 1 to 200 seconds. The default for this timer is 180 seconds.
TIMER T21
This timer designates the time limit in which a call connected response must be returned
by the DCE (the PPSN) after a call request has been issued by the DTE (the CyberSWITCH).
The range for the this timer is 1 to 200 seconds. The default for this timer is 200 seconds.
TIMER T22
This timer designates the time limit in which a reset confirmation must be returned by the
DCE (the PPSN) after a reset request has been issued by the DTE (the CyberSWITCH). The
range for the this timer is 1 to 200 seconds. The default for this timer is 180 seconds.
TIMER T23
This timer designates the time limit in which a clear confirmation must be returned by the
DCE (the PPSN) after a clear request has been issued by the DTE (the CyberSWITCH). The
range for the this timer is 1 to 200 seconds. The default for this timer is 180 seconds.
Workgroup Remote Access Switch 203
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
X.25 RELIABILITY, WINDOWS, AND ACKNOWLEDGMENT
X.25 SEQUENCE NUMBER RANGE
The type of sequence numbers to be used for X.25; regular or extended. Extended sequence
numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128),
as opposed to 0-7 (modulo 8). The default value is modulo 8.
MAXIMUM WINDOW SIZE
This is the largest possible window size to be supported on any virtual circuit. The window
size is the number of frames that a DTE can send without receiving an acknowledgment.
SVCs that support window size negotiation will never allow the agreed upon window size
to exceed this value. Using modulo 128, the DTEs can send up to 127 frames without
receiving an acknowledgment. Using modulo 8, the DTEs can send up to 7 frames without
receiving an acknowledgment. The default value for both modulo 8 and modulo 128 is 2.
MAXIMUM PACKET SIZE
This value is used to determine the maximum packet size that the system will support for
X.25 connections. When packet size negotiation is performed on SVCs, this value will be
used as the upper bound. The default maximum packet size is 128 bytes.
X.25 QUALITY-OF-SERVICE FACILITIES
The X.25 Quality-of-Service Facilities apply only to SVCs. The first three configuration elements are
for SVCs that support negotiation.
MAXIMUM THROUGHPUT CLASS
This value is used to determine the maximum throughput class that the system will
support for X.25 connections. Throughput describes the maximum amount of data that can
be sent through the network, when the network is operating at saturation. Factors
influencing throughput are line speeds, window sizes, and the number of active sessions
in the network. When throughput class negotiation is performed on SVCs, this value will
be used as the upper bound. The default value is 19,200 BPS.
FLOW CONTROL NEGOTIATION
This configuration element specifies whether Flow Control Negotiation is to be supported
for SVCs (negotiation is not performed on PVCs). If Flow control negotiation is supported
for SVCs, the window and packet sizes can be negotiated between DTEs on a per-call basis.
As a default, this facility is not supported.
THROUGHPUT CLASS NEGOTIATION
This configuration element specifies whether Throughput Class Negotiation is to be
supported for SVCs (negotiation is not performed on PVCs). This facility allows the
throughput rates to be negotiated between DTEs on a per-call basis. As a default, this
facility is not supported.
Note: The next 6 items configured for the X.25 Quality of Service Facilities are the non-
standard default parameters for SVCs that do not support negotiation. These pa-
rameters are used on SVCs that do not use the standard X.25 values, but also do
not support any facility negotiation.
204
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ALTERNATE ACCESSES
X.25 Accesses
NONSTANDARD DEFAULT TRANSMIT WINDOW SIZE
The number of frames that a DTE can send without receiving an acknowledgment. Using
modulo 128, the DTEs can send up to 127 frames without receiving an acknowledgment.
Using modulo 8, the DTEs can send up to 7 frames without receiving an acknowledgment.
The default value for both modulo 8 and modulo 128 is 2.
NONSTANDARD DEFAULT RECEIVE WINDOW SIZE
The number of frames that a DTE can receive without receiving an acknowledgment. Using
modulo 128, the DTEs can receive up to 127 frames without receiving an acknowledgment.
Using modulo 8, the DTEs can send up to 7 frames without receiving an acknowledgment.
The default value for both modulo 8 and modulo 128 is 2.
NONSTANDARD DEFAULT TRANSMIT PACKET SIZE
The size of a packet that a DTE can transmit. The choice of a packet size must be weighed
against the requirements for larger buffers at all the machines that process the packet.
Larger packet sizes reduce the opportunity for other devices to share the channel. On the
other hand, a larger packet reduces the ratio of overhead fields to user data. The default
transmit packet size is 128 bytes.
NONSTANDARD DEFAULT RECEIVE PACKET SIZE
The size of a packet that a DTE can receive. The choice of a packet size must be weighed
against the requirements for larger buffers at all the machines that process the packet.
Larger packet sizes reduce the opportunity for other devices to share the channel. On the
other hand, a larger packet reduces the ratio of overhead fields to user data. The default
transmit packet size is 128 bytes.
NONSTANDARD DEFAULT TRANSMIT THROUGHPUT CLASS
Transmit throughput describes the maximum amount of data that can be sent through the
network, when the network is operating at saturation. Factors influencing throughput are
line speeds, window sizes, and the number of active sessions in the network. The default
value is 19,200 BPS.
NONSTANDARD DEFAULT RECEIVE THROUGHPUT CLASS
Receive throughput describes the maximum amount of data that can be received through
the network, when the network is operating at saturation. Factors influencing throughput
are line speeds, window sizes, and the number of active sessions in the network. The
default value is 19,200 BPS.
X.25 CHARGING-RELATED FACILITIES
These facilities are used to place charging-related restrictions upon incoming and outgoing X.25
calls.
INCOMING CALLS REVERSE CHARGING
This parameters allows you to choose whether the DTE (the CyberSWITCH) should accept
incoming X.25 calls that request reverse charging. The default configuration is to not allow
incoming X.25 calls to request reverse charging.
OUTGOING CALLS REVERSE CHARGING
This parameters allows you to choose whether the DTE (the CyberSWITCH) should be able
to request reverse charging for outgoing calls. The default configuration is to not allow
outgoing X.25 calls to request reverse charging.
Workgroup Remote Access Switch 205
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
X.25 RESTRICTION FACILITIES
These facilities are used to place restrictions upon incoming and outgoing X.25 calls.
BARRING INCOMING CALLS
Allows to you bar X.25 calls coming in to the system. The default configuration is to not bar
incoming X.25 calls.
BARRING OUTGOING CALLS
Allows you to bar X.25 calls going out of the system. The default configuration is to not bar
outgoing X.25 calls.
X.25 MISCELLANEOUS FACILITIES
These facilities are used for fast select acceptance for incoming and outgoing X.25 calls. Fast select
is a calling method that allows the device to send a limited amount of information along with a “call
request packet” rather than after the packet.
FAST SELECT ACCEPTANCE - INCOMING CALLS
Allows you to chose whether fast select acceptance should be done on incoming calls. The
default configuration is to not perform fast select acceptance on incoming calls.
FAST SELECT ACCEPTANCE - OUTGOING CALLS
Allows you to chose whether fast select acceptance should be done on outgoing calls. The
default configuration is to not perform fast select acceptance on outgoing calls.
After all of the above X.25 facilities have been specified, the configuration of the X.25 access itself
have been completed. You may now configure the virtual circuits associated with the X.25 access.
PVC CONFIGURATION ELEMENTS
Once the above X.25 configuration elements have been configured, the associated virtual circuits
should be configured. Note that virtual circuits may be configured with any combination of SVCs
and PVCs, adding up to a maximum 8 virtual circuits.
A PVC is similar to a dedicated line. At subscription time, the subscriber gives the network the
address to be associated with that virtual circuit. A logical channel is permanently assigned. From
that point on, no call set up is needed. Data to be sent to that destination are simply sent in data
packets using the assigned logical channel.
LOGICAL CHANNEL NUMBER (LCN)
X.25 uses LCNs to distinguish the connections between DTEs at either end of a communication.
These LCNs make it possible to send a packet into a packet-switched network at one end (with no
control over the packet’s journey) and then to pick the packet out at the receiving end. LCN values
for PVCs are obtained from the PPSN carrier.
NONSTANDARD DEFAULT TRANSMIT WINDOW SIZE
The number of frames that a DTE can send without receiving an acknowledgment. Using modulo
128, the DTEs can send up to 127 frames without receiving an acknowledgment. Using modulo 8,
the DTEs can send up to 7 frames without receiving an acknowledgment. The default value for both
modulo 8 and modulo 128 is 2.
206
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ALTERNATE ACCESSES
X.25 Accesses
NONSTANDARD DEFAULT RECEIVE WINDOW SIZE
The number of frames that a DTE can receive without receiving an acknowledgment. Using
modulo 128, the DTEs can send up to 127 frames without receiving an acknowledgment. Using
modulo 8, the DTEs can send up to 7 frames without receiving an acknowledgment. The default
value for both modulo 8 and modulo 128 is 2.
NONSTANDARD DEFAULT TRANSMIT PACKET SIZE
The size of a packet that a DTE can transmit. The choice of a packet size must be weighed against
the requirements for larger buffers at all the machines that process the packet. Larger packet sizes
reduce the opportunity for other devices to share the channel. On the other hand, a larger packet
reduces the ratio of overhead fields to user data. The default transmit packet size is 128 bytes.
NONSTANDARD DEFAULT RECEIVE PACKET SIZE
The size of a packet that a DTE can receive. The choice of a packet size must be weighed against the
requirements for larger buffers at all the machines that process the packet. Larger packet sizes
reduce the opportunity for other devices to share the channel. On the other hand, a larger packet
reduces the ratio of overhead fields to user data. The default transmit packet size is 128 bytes.
NONSTANDARD DEFAULT TRANSMIT THROUGHPUT CLASS
Transmit throughput describes the maximum amount of data that can be sent through the network,
when the network is operating at saturation. Factors influencing throughput are line speeds,
window sizes, and the number of active sessions in the network. The default value is 19,200 BPS.
NONSTANDARD DEFAULT RECEIVE THROUGHPUT CLASS
Receive throughput describes the maximum amount of data that can be received through the
network, when the network is operating at saturation. Factors influencing throughput are line
speeds, window sizes, and the number of active sessions in the network. The default value is 19,200
BPS.
X.25 ACCESS BACKGROUND INFORMATION
X.25 was developed to provide an interface that would allow computers or terminals that use
different data communications protocols to exchange data across wide area packet-switching
networks. Since its inception by CCITT in 1974, it has been expanded to include many options,
services, and facilities.
Packet-switching is a transmission method in which data is broken down into packets. The packets
are sent across a shared medium from source to destination. The transmission may use any
available circuit. The next packet in the transmission may take a different route. Multiple packets
from the same transmission can be sent at the same time. Because of the switching, the packets may
not all take the same route, and they may not arrive in the order that they were sent. When they
arrive at their destination, the packets are reassembled in the proper order, and a check is done to
see if all expected packets arrived.
X.25 provides common procedures between a device (DTE) and a packet network (DCE) for
establishing a connection to the network, exchanging data with another DTE, and releasing the
connection. X.25 contains no algorithms for routing the packets across the wide area network.
Consequently, an X.25 Network does not mean that the internal operations of the network use X.25.
It simply means that the interface to a packet data network is governed by the X.25 protocol.
Virtual circuits are used to establish a virtual path from one DTE to another. This virtual path
appears to have the same characteristics that you might get from a physical telephone circuit. With
Workgroup Remote Access Switch 207
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
a virtual path, although it appears that a real circuit exits, in reality, the network routes the device’s
information packets to the designated designation. Any given path may be shared by several
devices.
When the virtual circuit is established, a logical channel number is assigned to it at the originating
end. A logical channel number is also assigned to the virtual circuit at the destination end, such that
at each end there is a one to one correspondence between logical channel number and the virtual
circuit. However, the logical channel numbers at each end of a virtual circuit are different.
Two types of virtual circuits can be used: a permanent virtual circuit (PVC) or a switched virtual
circuit (SVC). A PVC is similar to a dedicated line. At subscription time, the subscriber gives the
network the address to be associated with that virtual circuit. A logical channel is permanently
assigned. From that point on, no call set up is needed. Data to be sent to that destination is simply
sent in data packets using the assigned logical channel.
A SVC is similar to a dial-up connection. A call origination packet called a Call Request packet,
containing the address of the called party, must be given to the network to cause the establishment
of the virtual circuit.
As is specified by X.25, multiple logical connections can be multiplexed over a single physical
channel. In the case where an ISDN basic rate line is providing the physical channel to a PPSN,
multiple X.25 virtual circuits can be present on a single B-channel. The following diagram
illustrates that point.
Public Packet
Switched Network
D
D
D
T
E
D
C
E
D
C
E
D
T
E
B1
B2
B1
B2
LAN
B-CHANNELS
E1 ONLY
B25 B27
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
BB8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B2
B21 B23
B22 B
B
2
9
B
3
1
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
E1
D
T1
D
B
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
L
1
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
CSX1200
CSX1200
DCE
D
B1 B2
= X.25 Virtual Circuits
DTE
LAN
B-CHANNELS
E1 ONLY
POWER
B1 B3
B2 B4
B5 B7
B6 B
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B1B20
B21 B23
BB24
B
2
5
B
2
7
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
CSX1200
Note: In the illustration, the DTEs are all CyberSWITCH systems. Throughout the X.25 Access
section, the term “DTE” can be interchanged with “CyberSWITCH”.
Public Packet Switched Networks are typically more cost effective for users who transmit data in
the mid-traffic range. Low volume users can incur lower costs using public telephone dial-up than
a comparable session in a packet network. At the other end of the spectrum, high volume users are
better served with leased lines.
208
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ALTERNATE ACCESSES
Frame Relay Accesses
CURRENT X.25 RESTRICTIONS
•
X.25 virtual circuits must be two-way logical channels; one-way incoming and one-way out-
going channels are not currently supported.
•
•
Each system can have only one X.25 access. The X.25 access can use only one line.
A maximum of eight virtual circuits can be configured per access. This can be any combination
of PVCs or SVCs. Each virtual circuit counts as one of the system’s available 48 connections.
X.25 accesses cannot be changed via Dynamic Management.
Security must be enabled on the system in order to support X.25 connections.
Bearer channels which are used by X.25 accesses may not be shared by other access types.
Support for X.25 Multi-Link Protocol is not provided.
•
•
•
•
•
There can be no aggregation between X.25 virtual circuits and any other type of connections
(for example, ISDN, Dedicated, or Frame Relay).
•
•
The maximum X.25 packet size supported is 1024 bytes.
RFC877 is the only line protocol supported for X.25 VCs. Therefore, only IP data can be sent
over an X.25 VC.
FRAME RELAY ACCESSES
CONFIGURING A FRAME RELAY ACCESS
Notes: You may configure up to 32 frame relay accesses per CyberSWITCH, and a total of 192
PVCs. The number of PVCs you can assign per access is arbitrary, as long as the total
number of PVCs (from all accesses) is not greater than 192. With the NE Link-B2 model, you
are further limited to 48 total PVCs as opposed to 192.
Frame relay and X.25 accesses are available only if you have purchased the additional
software module for packet switched accesses.
USING CFGEDIT
To add a frame relay access, information must be entered for the access itself, and also for the
associated PVC. A separate section with instructions for completing the configuration of each
follows.
Note: If a default value is provided, use that default value if you are unsure of the value.
CONFIGURING GENERAL ACCESS INFORMATION
1. Select Access from the Physical Resources menu, then follow the onscreen instructions to add a
a frame relay access.
2. Select the line Id the access will be using.
3. Enter a frame relay access name of 1 to 16 non-blank, alpha-numeric characters. The frame relay
access name is a user-defined name and is provided as an aid in helping you track events
occurring on a Frame Relay Access.
4. Select the data rate from the supplied list of data rates.
Workgroup Remote Access Switch 209
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
5. Enter a list of bearers (a channel map). For T1 lines, the range of channels is from 1 to 24. For
BRI lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/ or list
a range by using a dash (-).
6. Enter the maximum frame size supported by the network (including the endpoints).
7. Select whether or not HDLC Data is inverted.
8. Enable/ disable Link Failure Detection.
9. Indicate whether or not this frame relay access will support the Local Management Interface
(LMI).
10. Select the LMI format from the supplied list of formats. The recommended LMI format is
CCITT, if this format is unavailable, use ANSI.
11. Indicate whether or not this frame relay access will support CLLM messages.
Note: CLLM is available only in Japan, and is recommended for systems in Japan. CLLM
must be requested from your carrier service.
12. Enter the Link Integrity Verification Timer duration in seconds.
13. Enter the following counts: Full Status Enquiry Polling Count, the Error Threshold Count, and
the Monitored Events Count.
Once the above frame relay parameters have been configured, an index number will be assigned to
this Access. You will then be prompted to configure one or more virtual circuits if no PVCs
(permanent virtual circuits) are currently configured.
CONFIGURING A PVC
1. Enter the DLCI for this permanent virtual circuit.
2. Select a PVC line protocol
3. Enter the PVC name.
Note: The PVC name should match the name of the associated remote device.
4. Enter the Committed Information Rate in Kbits/ second.
Note: Even if you do not wish to pay extra for a CIR from your carrier, we recommend
configuring CIR where the following is true:
physical speed/ number of PVCs = CIR
This configuration will allow quick alleviation of congestion.
5. Enter the Excess Information Rate in Kbits/ second.
6. Indicate whether or not Congestion Control should be enabled.
210
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ALTERNATE ACCESSES
Frame Relay Accesses
7. Enter the Rate Measurement Interval in msecs.
Note: You must restart the CyberSWITCH in order to associate the PVC with a device.
After all of the above PVC information is entered, an index number will be assigned to the
associated DLCI. This is the index number that should be used when issuing various frame relay
access console commands.
You may continue to define PVCs on the currently selected line up to the limit available for this
system. The limit is currently a total of 192 PVCs. If you configure more than one Frame Relay
access, the total number of PVCs for all accesses can not be greater than 192.
FRAME RELAY GENERAL CONFIGURATION ELEMENTS
Note: If you are unsure of any of any of these values, use the default values where provided.
LINE ID NUMBER
From the displayed list of available lines, the Id Number of the previously defined line that is to be
used for this frame relay connection.
FRAME RELAY ACCESS NAME
The user-defined name that will be used to identify this frame relay access. This name can be a
string with 1 to 16 characters, using non-blank alpha-numeric characters.
DATA RATE
The data rate that applies to the line being used for this frame relay access.
BEARER CHANNELS
A list of bearers (a channel map) that will be used on the line associated with this frame relay access.
This parameter is required for PRI and BRI lines. For PRI lines, the range of bearer channels is from
1 to 24. For BRI lines, the range of bearer channels is 1 to 2. To enter the list of bearer channels,
separate the bearer channels by commas, and/ or list a range by using a dash (-).
Note: The bandwidth available for this access is equal to the data rate multiplied by the number
of bearer channels used by this access. For example, if the configured data rate is 64 Kbps,
and 2 bearer channels have been configured, the bandwidth available for this example
frame relay access would be 128 Kbps.
MAXIMUM FRAME SIZE
The maximum frame size supported by the network (including the endpoints).
HDLC DATA POLARITY
Indicates whether or not HDLC Data is sent over the line inverted.
LINK FAILURE DETECTION
You may enable or disable link failure detection. If enabled, when Frame Relay detects a link
failure, a backup procedure will be followed for the corresponding remote device. Link Failure
Detection is only supported across PPP permanent virtual circuits. Some Frame Relay networks
have a per packet charge, therefore, the administrator should be cautious when enabling this
feature.
Workgroup Remote Access Switch 211
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
LMI
Indicates whether or not this frame relay access will support the Local Management Interface
(LMI). If this frame relay access supports LMI, LMI information can be displayed by entering the
LMI FORMAT
The LMI format used by this frame relay access. Available formats include ANSI, and CCITT. The
recommended LMI format is CCITT. If this format is unavailable, use ANSI.
CLLM MESSAGES
Indicates whether or not this frame relay access will support Consolidated Link Layer Management
(CLLM) messages. CLLM is recommended for systems in Japan. CLLM must be requested from
your carrier service. The CLLM message is based on the standard Layer 2 XID frame used for the
exchange of functional information. If this frame relay access supports CLLM messages, any of
these messages that are sent across the network will be included in the system log messages. To
access the system log message, enter the drcommand at the system console prompt.
LINK INTEGRITY VERIFICATION TIMER VALUE
The number of seconds between sending STATUS_ENQUIRY messages. This parameter is a
component of the LMI.
FULL STATUS ENQUIRY POLLING COUNT
The number of intervals to elapse before sending a full report STATUS_ENQUIRY message. The
length of each interval is equal to the value of the configured Link Integrity Verification Timer. This
parameter is a component of the LMI.
ERROR THRESHOLD COUNT
The number of errors in the last “n” events required to declare an alarm. When an alarm is declared,
a system message will be logged stating that the alarm is now on. To access system log messages,
enter the drcommand at the system console prompt. The number of events (“n”) is equal to the
value of the configured Full Status Enquiry Polling Count. This parameter is a component of the
LMI.
MONITORED EVENTS COUNT
The number of consecutive correct events required to reset an alarm. This parameter is a
component of the LMI.
FRAME RELAY PVC CONFIGURATION ELEMENTS
Once the above frame relay parameters have been configured, the associated PVCs should be
configured. A frame relay access may have multiple PVCs, within this limit: the aggregate
bandwidth of all associated PVCs cannot exceed the bandwidth of the frame relay access.
DLCI VALUE
Each data frame to be transmitted by an endpoint is identified by a Data Link Connection Identifier
(DLCI). The DLCI is supplied by the service provider at subscription time. It is a unique identifier
for that PVC. The DLCI identifies a pre-established path, or permanent virtual circuit, within the
access line to the frame relay network. The frame relay switch at the edge of the frame relay
network, the one to which the access line is directly connected, routes the packet to the intended
destination based on the DLCI therein. Hence, each packet is routed independently through the
network based on the addressing information provided by this identifier.
212
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ALTERNATE ACCESSES
Frame Relay Accesses
PVC LINE PROTOCOL
The PVC line protocol determines which type of data encapsulation will be used on the PVC. The
options are PPP Point to Point Protocol or FR_IETF. PPP allows PPP authentication for the
associated device. FR_IETF is a multiprotocol encapsulation for Frame Relay, currently specified
by RFC 1490. FR_IETF protocols include IP, MAC Layer Bridge, IPX, and AppleTalk. The default
PVC line protocol is PPP.
PVC NAME
The PVC name associates the PVC with a device table entry, whether it is defined in an on-node or
off-node database. The PVC name must match the device name for both on-node and off-node
databases. However, if a virtual circuit has been configured with PPP as the line protocol, and the
associated on-node device entry has enabled outbound authentication, then the names are not
required to match.
COMMITTED INFORMATION RATE (IN KBITS/ SECOND)
A frame relay circuit has two transmission rates associated with it:the Committed Information Rate
(CIR) and an Excess Information Rate (EIR). The committed information rate is the bandwidth
requested for a PVC at service subscription time. This parameter should be available from the
service provider at subscription time. Even if you do not wish to pay extra for a CIR from your
carrier, we recommend configuring CIR where the following is true:
physical speed/ number of PVCs = CIR
This configuration allows quick alleviation of congestion. For a more in-depth explanation of the
EXCESS INFORMATION RATE (IN KBITS/ SECOND)
The Excess Information Rate is the bandwidth available above and beyond the committed rate. The
frame relay software has the capability to transmit data above the committed information rate up
to the excess information rate. This parameter should be available from the service provider at
ENABLE/ DISABLE CONGESTION CONTROL
Congestion Control can be enabled or disabled. This parameter should only be disabled for captive
networks or those users very familiar with the Frame Relay Service. For a more in-depth
RATE MEASUREMENT INTERVAL IN MSECS)
The Rate Measurement Interval in combination with the current transmit or receive rate is used to
determine the number of bytes that can be handled in a single rate monitoring period on a given
PVC. This parameter should only be changed for those users very familiar with the Frame Relay
Workgroup Remote Access Switch 213
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
FRAME RELAY ACCESS BACKGROUND INFORMATION
Frame Relay is a frame mode service in which data is switched on a per frame basis, as opposed to
a circuit mode service that delivers packets on a call-by-call basis. This feature will allow the system
to efficiently handle high-speed, bursty data over wide area networks. It offers lower costs and
higher performance than a X.25 packet switched network for those applications that transmit data
at a high speed in bursts.
In private line network implementations, network bandwidth is dedicated to a particular
destination, whether via private lines or circuit switched connections. In any event, these resources
are only available to traffic bound for that location and are reserved for that traffic whether that
traffic is present or not. Conversely, in a frame relay network, bandwidths within the network and
in the access lines are only allocated between any two end devices if there is traffic moving between
those devices. At other times, this bandwidth is made available to other network devices.
Therefore, the performance in a frame relay network is then only limited by the bandwidth
available at the access point to the frame relay network and not necessarily by any preallocated
end-to-end bandwidth as would be the case of a private line network. In a manner of speaking, this
provides bandwidth on demand since network bandwidth is allocated to this data path (virtual
circuit) only when traffic is present.
Bandwidth is provided by the network’s Permanent Virtual Circuit (PVC) service: each data frame
to be transmitted by an endpoint contains and is identified by a Data Link Connection Identifier
(DLCI). The DLCI identifies a pre-established path, or permanent virtual circuit, within the access
line to the frame relay network. The frame relay switch at the edge of the frame relay network, the
one to which the access line is directly connected, routes the packet to the intended destination
based upon the DLCI therein. Hence, each packet is routed independently through the network
based on the addressing information provided by this identifier.
The two line protocols used for data encapsulation on a permanent virtual circuit are Point to Point
Protocol or FR_IETF. PPP specifies the operation of the PPP protocol over Frame Relay links.
Although the CyberSWITCH supports this method of encapsulation, Inband Protocol
Demultiplexing is not performed when a PVC is initiated because the system statically configures
the line protocol used for a PVC. FR_IETF is a multiprotocol encapsulation for Frame Relay,
currently specified by RFC 1490. FR_IETF protocols include IP, MAC Layer Bridge, IPX, and
AppleTalk.
Although Frame Relay is transparent to each of the protocols specified by FR_IETF, there are a few
special considerations to note. ARP, RARP, and IARP are protocols provided by FR_IETF for IP
over Frame Relay. These protocols are used to determine the IP and DLCI information used on the
virtual circuits. However, since this information is configured in the CyberSWITCH, these
protocols are not supported. The CyberSWITCH’s implementation of FR_IETF supports the Bridge
Point to Point model. The Virtual port model or Extended Spanning Tree is not supported.
The PVC name associates the permanent virtual circuit with a device table entry, whether it is
defined in an on-node or off-node database. If an on-node device database is used, the PVC name
must match the device name if outbound authentication has been disabled for a device associated
with a PPP virtual circuit, or if FR_IETF has been configured as the line protocol. However, if
outbound authentication has been enabled for a PPP device, the PVC name isn’t required to match.
If an off-node device database is used, the PVC name must match the device name for both line
protocols. FR_IETF requires that all PVC names match a configured device database entry, since no
identification mechanism is provided by this line protocol. When upgrading from a previous
release of the UAA software, the CyberSWITCH will process the previous PVC name, which was
214
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ALTERNATE ACCESSES
Frame Relay Accesses
configured in the device table. It will find the PVC and the line protocol that corresponds to the
PVC name and change its PVC name to match the corresponding device name.
Notes: VRA Manager is currently the only off-node device database supported by the
CyberSWITCH for Frame Relay.
The management of Frame Relay permanent virtual circuits requires the use of some form
of security. Therefore, systems with frame relay remote devices cannot select No Security
for the security level.
Frame Relay uses ISDN to provide backup redundancy for failed Frame Relay links. In the event
that a Frame Relay link fails, an ISDN call is brought up and all traffic that was to be forwarded on
the Frame Relay link is forwarded over the ISDN call. Once the Frame Relay link comes back up
the ISDN call will be taken down and transmission of data will resume over the Frame Relay link.
When using FR_IETF data encapsulation, LMI is used to determine the status of failed Frame Relay
virtual circuits. When using PPP data encapsulation, Link Failure Detection can be enabled for the
Frame Relay access. Link Failure Detection is only supported across PPP permanent virtual circuits.
Some Frame Relay networks have a per packet charge, therefore, the administrator should be
cautious when enabling this feature.
The three main operational components of a frame relay access are the Local Management Interface
(LMI), Data Rate Control, and Congestion Control. The following three sections provide an
overview of the role that each of these components plays in the function of frame relay access.
THE LOCAL MANAGEMENT INTERFACE OVERVIEW
Besides the steady state data transfer portion of the frame relay module, the standards have
provided for a frame relay management function, known as the Local Management Interface (LMI).
The purpose of this interface is to provide a controlled means of verifying both link integrity and
the network status of all PVCs configured on the frame relay access defined by a given physical
link.
The elements of this management interface are the STATUS and STATUS_ENQUIRY messages.
The STATUS_ENQUIRY messages are sent out by the user equipment at regular intervals. The
interval at which these status messages are sent, the polling interval, is a configurable value. The
network will respond to these STATUS_ENQUIRY messages with its own STATUS message
containing a link integrity verification information element. The user equipment will request via
the STATUS_ENQUIRY either a Link Integrity Verification STATUS message from the network or
a full report STATUS message. The link integrity verification STATUS message simply functions as
a signal to verify that the link is still operable. This full report signals the user equipment when a
PVC is no longer usable, and also when a previously non-active PVC has become available.
DATA RATE CONTROL OVERVIEW
To handle congestion within the network and at the endpoints, the frame relay protocol provides
certain congestion control features.
A frame relay PVC has two transmission rates associated with it: the Committed Information Rate
(CIR) and an Excess Information Rate (EIR). The committed information rate is the bandwidth
requested for a PVC at service subscription time. It is essentially the guaranteed transmission rate
Workgroup Remote Access Switch 215
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
-- the rate at which data frames may be sent into the network without incurring congestion. This is
generally accepted as the end-to-end available bandwidth at which frame relay service devices may
enjoy sustained frame transmission. By definition this must be less than the throughput that the
actual physical access link can support. However, for short periods of time, service devices may
exceed this rate by defined values. This excess is known as the excess information rate and is
defined as the bandwidth available above and beyond the committed rate. The reason this is
possible is because statistically, not each PVC within the access will make use of its complete
bandwidth allocation. Busy PVCs may essentially borrow bandwidth from underutilized PVCs.
The Frame Relay software has the capability to transmit data above the committed information rate
up to the excess information rate. Note that the sum of the committed and the excess information
rates must not exceed the rate defined by the physical link. These rates are user-configurable
options.
CONGESTION CONTROL OVERVIEW
Congestion occurs when traffic arriving at a resource, whether network or user equipment, exceeds
that node’s capacity. Congestion notification in the device plane is used to inform the equipment
(at the ingress point to the network) of the congestion, and allows the user equipment to initiate
congestion avoidance procedures. The intent is to reduce the negative effects on both network and
user equipment: the user equipment should take corrective action to reduce the congestion, or to
notify the source that throughput has been exceeded. Congestion control is very important in
providing reliable frame relay services. Congestion can be detected in two ways, implicitly and
explicitly. Implicit indications are provided by lost frames whereas explicit congestion indications
are provided for within the frame relay protocol.
CURRENT RESTRICTIONS
Currently, only PVC (Permanent Virtual Circuit) frame relay connections are implemented.
Through configuration, PVC connections establish a permanent association between two DTEs.
The only types of facilities to be supported for frame relay access are channeled interfaces such as
T1 and BRI. However, currently only 1 port per channeled interface is supported until SVC
standards are available.
Frame relay supports only a single Permanent Virtual Circuit connecting any two given systems.
To illustrate this point, the following diagram shows a frame relay network configuration that
would be allowed:
DLCI 1 -> NE2
CSX1200
Frame Relay
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B2B
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
B
1
2
B
1
4
1
B
2
6
B
2
B
L
1
DLCI 2 ->NE 3
"SITE1"
CSX1200
CSX1200
LAN
B-CHANNELS
E1 ONLY
B25 B27
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
ALLOWED
"SITE2"
"SITE3"
216
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ALTERNATE ACCESSES
Frame Relay Accesses
However, under the above stated conditions, the network configuration shown below would not
be allowed:
DLCI 1 -> NE2
CSX1200
Frame Relay
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
DLCI 2 ->NE 2
"Site1"
CSX1200
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
NOT ALLOWED
"Site2"
Switched connections can only be used as a backup to frame relay. As such, a switched connection
would be made to a given node connected by a frame relay access only after that frame relay access
had failed. Switched and packet mode services will not be allowed to connect any given two nodes
simultaneously. The following diagram is provided as an example. The INS 64 connection between
sites SITE1 and SITE2 would only be made if the frame relay connection was somehow lost.
Frame Relay
CSX1200
CSX1200
LAN
B-CHANNELS
E1 ONLY
B25 B27
LAN
B-CHANNELS
E1 ONLY
B29 B31
POWER
B1 B3
B2 B4
B5 B7
B6
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22
B
2
9
B
3
1
POWER
B1 B3
B2 B4
B5 B7
BB
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B
B
2
5
B
2
7
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
E1
D
T1
D
B
1
0
B
1
2
B
1
B
2
6
B
2
8
B
3
B
1
0
B
1
B
1
B
B
2
6
B
2
8
B
3
"SITE1"
"SITE2"
INS 64
USE AS A BACKUP ONLY
Workgroup Remote Access Switch 217
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED BRIDGING
OVERVIEW
When bridging is enabled, optional advanced features are available. Optional bridging features
include:
•
•
This chapter includes a section for each advanced bridging feature.
BRIDGE DIAL OUT
With bridging enabled, bridge dial out is supported. Bridge dial out allows the CyberSWITCH to
initiate connections to bridge devices at remote sites. The system accepts bridge data received on
the Ethernet LAN or ISDN network, and initiates a data connection to a bridge device specified in
the device data.
Standard bridge processing attempts to forward non-local MAC frames to configured devices if a
connection is up. Now, with the bridge dial out feature, the system will initiate the call, if necessary,
through the use of bridge filters or a Known Connect list. Refer to the Bridge Filters section and the
The “bridge” determines if a connection already exists, or whether a connection should be initiated.
The MAC frame is simply forwarded if a connection already exists. If a connection does not, the
CyberSWITCH will map the Bridge Address or Dial Out Device Name to a phone number, and
initiate a connection. The normal connection processing, protocol negotiation, and data forwarding
mechanisms are followed once the connection is requested.
The CyberSWITCH handles bridge dial out as follows:
•
If a filter exists, the system checks the filter first. The system will take action on the packet based
on the filter.
•
If no filter exists, or if no action is taken on the packet based on the filter, the system checks the
status of the Known Connect list next. If the packet’s destination address corresponds to a de-
vice on the Known Connect list, and the packet meets other dial out requirements, the packet
is forwarded.
Each of these procedures requires a properly configured Device List. This Device List may be con-
figured locally, or it may be configured on an off-node authentication server.
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED BRIDGING
Bridge Dial Out
CONFIGURING THE DEVICE LIST FOR BRIDGE DIAL OUT
completely configure an on-node device entry. The following section provides instructions
for entering on-node device information specific to the bridge dial out feature.
USING CFGEDIT
1. Select Security from the main menu.
2. Select Device Level Databases from the security menu.
3. Enable the On-node Device Database if it is currently disabled.
4. Select On-node Device Entries from the authentication database menu.
5. Select Add. Provide the device name, as prompted, and continue with device configuration, as
described in Configuring Device Level Databases:
Device Table Menu: (Device = "DAN")
1) ISDN
2) Frame Relay
3) X.25
4) Authentication
5) IP
6) IPX
7) AppleTalk
8) Bridge
9) Compression
Select function from above or <RET> for previous menu: 1
6. Under ISDN, select Dial Out Phone Number:
Device ISDN Menu: (Device = "DAN")
1) ISDN Line Protocol.
2) Base Data Rate.
"PPP (Point to Point Protocol)"
"64000 bps"
3) Initial Data Rate.
4) Maximum Data Rate.
"64000 bps"
"128000 bps"
5) Dial Out Phone Number(s). ""
6) Subaddress.
""
7) Profile Name.
8) H0 Call Support
"Default_Profile"
DISABLED
Id of option to change or press <RET> for previous menu: 5
7. Provide device’s dial out phone number, as prompted.
8. Return to the Device Table Menu, and select Bridge:
Workgroup Remote Access Switch
219
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Device Bridging: (Device = "DAN")
1) IP (sub)network number
2) Bridging
3) Make Calls for bridge data
4) IPX Network Number
5) IPX Spoofing Options
None
ENABLED
None
None
Id of option to change or press <RET> for previous menu? 3
9. Enable Bridging.
10. Enable Make Calls for bridge data. You must have already configured the device’s phone number
(Step 6) before the system allows you to enable this feature.
Return to the Current Device Table. The system notifies you of proper configuration for your new
device, or informs you of what you are missing.
SPANNING TREE PROTOCOL
CONFIGURING SPANNING TREE PROTOCOL
USING CFGEDIT
1. Select Spanning Tree from the Bridging menu.
2. Enter the bridge age time.
SPANNING TREE PROTOCOL CONFIGURATION ELEMENTS
BRIDGE AGE TIME
If you are using bridge dial out, you may wish to increase this value to prevent the connection from
aging out before the call is made.
BRIDGE MODE OF OPERATION
CONFIGURING THE BRIDGE MODE OF OPERATION
USING CFGEDIT
1. Select Mode of Operation from the Bridging menu.
2. Select the bridge mode of operation. The unrestricted bridge mode is the default.
BRIDGE MODE OF OPERATION CONFIGURATION ELEMENTS
BRIDGE MODE
The forwarding method that the bridge will use to distribute LAN packets to the remote sites and
to the LAN ports of the CyberSWITCH. The default value is unrestricted bridging.
220
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED BRIDGING
Bridge Mode of Operation
BRIDGE MODE OF OPERATION BACKGROUND INFORMATION
Selecting the bridge mode of operation allows you to determine the forwarding method that the
bridge will use to distribute LAN packets to the remote sites and to the LAN ports of the system.
The two possible modes of operation are the Unrestricted Bridge Mode and the Restricted Bridge
Mode.
Note: If the mode of operation is changed, any previously defined filters will be deleted. Any
previously defined protocol definitions will remain unchanged.
The following two sections provide further details for each bridge mode of operation.
UNRESTRICTED BRIDGE MODE
In general, Unrestricted Mode forwards all packets, unless specified otherwise through a bridge
filter. If the Unrestricted Bridge Mode is selected, the following packet forward possibilities exist:
•
•
If the packet matches a discard filter, it is discarded.
If the packet matches a connect filter, it is connected and forwarded to the members of the dis-
tribution list.
•
If the packet matches no filter, the packet is forwarded. The specific forwarding action depends
upon whether or not the destination is known. (See following descriptions.)
No Filter Match - Destination Known
If the destination is known and the corresponding device is on the Known Connect List, the
connection is made and the packet is then forwarded to the specific destination.
If the device is not on the Known Connect list, the packet is sent to all current connections.
No Filter Match - Destination Unknown
The packet is sent to all current connections.
RESTRICTED BRIDGE MODE
If the Restricted Bridge Mode is selected, packets will be discarded unless overridden by a user-
defined bridge filter. The bridge filters, therefore, allow you to transfer only the packets that you
specify.
If the Restricted Bridge Mode is selected, the following packet forwarding possibilities exist:
•
•
•
If the packet matches a discard filter (packet filter only), it is discarded.
If the packet matches a forward filter, it is forwarded to the distribution list.
If the packet matches a connect filter, it is connected to the members of the distribution list.
However, with Restricted Mode, the packet needs to match a forwarding filter in order to be
forwarded.
•
If the packet matches no filter, the specific action for the packet depends upon whether or not
the destination is known. (See following descriptions.)
No Filter Match - Destination Known
If the destination is known and the corresponding device is on the Known Connect list, the con-
nection is made. If the device is not on the Known Connect list, the packet is discarded.
No Filter Match - Destination Unknown
The packet is discarded.
Workgroup Remote Access Switch
221
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
BRIDGE FILTERS
CONFIGURING BRIDGE FILTERS
Note: Bridge dial out calls can be initiated through the use of a Known Connect list or through
the use of bridge filters. For a description of bridge dial out through bridge filters, refer to
USING CFGEDIT
1. Select Bridge Filters from the Bridging menu.
2. Configure any needed protocol definitions. These definitions will be used if you configure any
protocol filters. To configure a protocol definition:
a. Select to add a protocol definition.
b. Enter a user-defined name for the protocol definition.
c. Enter the Ethernet type in hex.
d. Enter the LSAP in hex.
3. Configure source MAC filters.
a. Select to add a MAC filter.
b. Enter the source MAC address.
c. Select a distribution list.
3. Configure destination MAC filters.
a. Select to add a destination MAC filter.
b. Enter the destination MAC address.
c. Select a distribution list.
5. Configure protocol filters.
a. Select to add a protocol filter.
b. Select a protocol definition Id.
c. Select a distribution list.
6. Configure packet data filters.
a. Select to add a packet data filter.
b. Enter the off set value.
c. Enter the mask in hex.
d. Enter the data value in hex.
e. Select a distribution list.
USING MANAGE MODE COMMANDS
Manage Mode can be used to complete all of the bridge filter configuration. This section provides
you with the commands available for each bridge filter type.
222
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED BRIDGING
Bridge Filters
Protocol Definition Commands
protdef
Displays the current protocol definition configuration data.
protdef add
Allows a protocol definition to be added to the current configuration. Refer to the Using
protdef change
Allows the current protocol definition configuration to be changed.
protdef delete
Allows a protocol definition to be deleted from the current configuration.
Source MAC Filter Commands
srcfilt
Displays the current source address filter configuration data.
srcfilt add
Allows a source address filter to be added to the current configuration. Refer to the Using
srcfilt change
Allows the current source address filter configuration to be changed.
srcfilt delete
Allows a source address filter to be deleted from the current configuration.
Destination MAC Filter Commands
destfilt
Displays the current destination address filter configuration data.
destfilt add
Allows a destination address filter to be added to the current configuration. Refer to the Using
destfilt change
Allows the current destination address filter configuration data to be changed.
destfilt delete
Allows a destination address filter to be deleted from the current configuration.
Protocol Filter Commands
protfilt
Displays the current protocol filter configuration data.
Workgroup Remote Access Switch
223
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
protfilt add
Allows a protocol filter to be added to the current configuration. Refer to the CFGEDIT section
protfilt change
Allows the current protocol filter configuration to be changed.
protfilt delete
Allows a protocol filter to be deleted from the current configuration.
Packet Data Filter Commands
pktfilt
Displays the current packet filter configuration data.
pktfilt add
Allows a packet filter to be added to the current configuration. Refer to the CFGEDIT section
pktfilt change
Allows the current packet filter configuration to be changed.
pktfilt delete
Allows a packet filter to be deleted from the current configuration.
BRIDGE FILTER CONFIGURATION ELEMENTS
PROTOCOL DEFINITION CONFIGURATION ELEMENTS
PROTOCOL NAME
A user-defined name for the protocol to be filtered. It can be from 1 to 17 alphanumeric characters
in length.
ETHERNET TYPE IN HEX
A four digit hexadecimal number (from 0600 to FFFF) that checks the protocol Id of a MAC frame.
LSAP IN HEX
A four digit hexadecimal number (from 0000 to FFFF) that checks the protocol Id of a MAC frame.
BRIDGE FILTER CONFIGURATION ELEMENTS
FILTER ACTION
For each filter category, there are three filtering actions that the system can perform on a packet:
discard, forward, or connect the packet.
MAC-ADDRESS
An assigned Media Access Control address as defined by IEEE 802.3 specifications. MAC-
addresses are specified as 12 character hexadecimal numbers.
MULTICAST ADDRESS
A Media Access Control address with the group bit set to 1.
224
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED BRIDGING
Bridge Filters
DISTRIBUTION LIST
A distribution list is defined as the WAN and/ or LAN ports to which the filter action will be
applied. The distribution list is selected from a displayed list of possible choices (LAN, WAN,
Device Table, or all destinations).
MASK
Hexadecimal number up to 80 characters in length that specifies which bits in the data packets are
significant. There must be an even number of hexadecimal digits in the number. A scale will be
displayed to help you enter the Mask accurately.
DATA VALUE
Hexadecimal number up to 80 characters in length that specifies the value used to determine if the
packet matches the filter. The value field must be a subset of the mask field. That is, the value field
logically “anded” with the mask field must be equal to the value field. The value and mask fields
must have equal lengths. There must be an even number of hexadecimal digits in the number.
PACKET OFFSET
A decimal number between 1 and 100 that indicates the starting offset in a data packet where a
packet filter will begin its data comparison.
PROTOCOL-ID
The symbolic name for the Ethernet protocol to be filtered. The protocol-Id is selected from a
BRIDGE FILTERS BACKGROUND INFORMATION
User-defined bridge filters allow you to filter unwanted traffic out of the network. The following
table lists the four different types of bridge filters and the maximum number of filters that can be
configured for each type:
Filter Type
Maximum
Number of Each
sourceMACaddress
filter
50
50
destination MAC
address filter
protocol filter
packet data filter
hardware filter
40
60
63
(in manual mode)
Note: If the mode of operation is changed, any previously defined filters will be deleted. Any
previously defined protocol definitions will remain unchanged.
Workgroup Remote Access Switch
225
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
MAC address filters reference either the source or destination MAC address fields in a packet.
Protocol filters use the protocol Id field in a packet. Packet data filters reference data outside the
address and protocol fields in a packet. Each filter has a distribution list that identifies the potential
destinations for a filtered packet.
For each filter category, there are three filtering actions that the system can perform on a packet:
discard, forward, or connect.
PROTOCOL DEFINITIONS
If you configure any protocol filters, you must first configure any needed protocol definitions. After
you define a protocol filter, it will automatically be assigned a protocol Id. The protocol Id is a
required field when configuring a protocol filter.
You can define up to 10 protocol definitions. These definitions represent the protocol Id tokens for
the protocol filter commands to use. Users specify the protocol name, and also the protocol Id value
for the Ethernet type field and/ or the 802.3 LSAP field.
Inspecting the 13th and 14th bytes of the MAC frame determines the packet format. These bytes are
the length field in an 802.3 format frame, and are the Ethernet type field in an Ethernet format
frame. If the value of the byte is less than hexadecimal 600, the packet is 802.3 format and the LSAP
field is used for the protocol Id. If the value is greater than or equal to hexadecimal 600, the packet
is Ethernet format and the Ethernet type field is used for the protocol Id.
Two of the more common protocols used today are:
•
The IP Protocol Id, which identifies DOD Internet Protocol packets with Ethernet type equal to
hexadecimal 800, or 802.3 LSAP equal to hexadecimal 6060.
•
The IPX Protocol Id, which identifies Novell (old) NetWare IPX packets with Ethernet type
equal to hexadecimal 8137, or 802.3 LSAP equal to hexadecimal E0E0.
226
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED BRIDGING
Bridge Filters
BRIDGE FILTER DEFINITIONS
This section provides the syntax for the bridge filters available for the unrestricted bridge mode and
the restricted bridge mode.
Unrestricted Mode Bridge Filters
Unrestricted Mode
Forwarding Action
Type of Filter available
SOURCE
DISCARD
CONNECT
DISCARD
CONNECT
DISCARD
CONNECT
DISCARD
CONNECT
SOURCE
DESTINATION
DESTINATION
PROTOCOL
PROTOCOL
PACKET
PACKET
1. SOURCE unicast-address DISCARD < distribution list >
This filter allows you to restrict the access privileges of a given device. When the specified
unicast address appears in the source address field of a MAC frame, the frame will NOT be
forwarded as specified in the distribution list. If no distribution list is specified, the frame will
not be forwarded at all. In this manner, you can specify remote sites and LANs to which the
device cannot talk.
2. SOURCE unicast-address CONNECT < distribution list >
This filter allows you to stipulate access privileges of a given device. When the specified unicast
address appears in the source address field of a MAC frame, the frame will be connected and
forwarded as specified in the distribution list. In this manner, you can specify remote sites and
LANs for connection.
3. DESTINATION MAC-address DISCARD < distribution list >
This filter allows you to discard MAC frames addressed to the specified MAC address. When
the specified MAC address appears in the destination address field of the MAC frame, the
frame will NOT be forwarded as specified in the distribution list. If no distribution list is
specified, the frame will not be forwarded.
Workgroup Remote Access Switch
227
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
4. DESTINATION MAC-address CONNECT< distribution list >
This filter allows you to connect MAC frames addressed to the specified MAC address. When
the specified MAC address appears in the destination address field of the MAC frame, the
frame will be forwarded as specified in the distribution list.
5. PROTOCOL protocol-Id DISCARD < distribution list >
This filter allows you to discard packets based on the Ethernet type field or the corresponding
802.3 LSAP field. You specify the protocol Id that is to be discarded. The filtering mechanism
will determine if the packet is Ethernet format or 802.3 format. The Ethernet type or LSAP field
will be checked based on packet format. See the section titled "Protocol Definitions" for more
information.
6. PROTOCOL protocol-Id CONNECT< distribution list >
This filter allows you to connect packets based on the Ethernet type field or the corresponding
802.3 LSAP field. You specify the protocol Id that is to be connected. The filtering mechanism
will determine if the packet is Ethernet format or 802.3 format. The Ethernet type or LSAP field
will be checked based on packet format. See the section titled “Protocol Definitions” for more
information.
7. PACKET OFFSET dd MASK xxxxxxxxxxxx VALUE xxxxxxxxxxxx DISCARD <distribution-
list>
This filter allows you to discard packets based on packet data outside the source and
destination MAC addresses or protocol Id. For example, you may wish to filter packets based
on IP address information. You would then specify the offset (dd) into the MAC frame where
the filter comparison is to begin. The mask data indicates which bits within the frame data are
significant and will be compared to the value. The frame data is logically “anded” with the
mask, and then compared to the specified value. The value field must be a subset of the mask
field. That is, the value field logically “anded” with the mask field must equal the value field.
The value and mask fields must have equal lengths.
8. PACKET OFFSET dd MASK xxxxxxxxxxxx VALUE xxxxxxxxxxxx CONNECT <distribution-
list>
This filter allows you to connect packets based on packet data outside the source and
destination MAC addresses or protocol Id. For example, you may wish to filter packets based
on IP address information. You would then specify the offset (dd) into the MAC frame where
the filter comparison is to begin. The mask data indicates which bits within the frame data are
significant and will be compared to the value. The frame data is logically “anded” with the
mask, and then compared to the specified value. The value field must be a subset of the mask
field. That is, the value field logically “anded” with the mask field must equal the value field.
The value and mask fields must have equal lengths.
228
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED BRIDGING
Bridge Filters
The following charts summarize the filter actions available for Unrestricted Bridging:
Filter Action
Distribution
List
Result
DISCARD
LAN
WAN
ALL
A packet matching this filter will not be forwarded
on any LAN port. The packet will be sent to remote
sites connected over the WAN according to the
normal learning bridge methods.
DISCARD
DISCARD
A packet matching this filter will not be forwarded
to any remote sites connected on the WAN. The
packet will be sent to the LAN ports according to
the normal learning bridge methods.
A packet matching this filter will not be forwarded
on any LAN port and will not be forwarded to
remote sites connected over the WAN.
DISCARD
Device List* A packet matching this filter will not be forwarded
to any sites on the specified Device List.
CONNECT
Device List* A packet matching this filter will be connected and
forwarded to the sites on the specified Device List.
* Device List may be the on-node device database, or it may be located on an off-node authentication
server.
Workgroup Remote Access Switch
229
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Restricted Mode Bridge Filters
Restricted Mode
Forwarding Action
Type of Filter available
SOURCE
FORWARD
CONNECT
FORWARD
CONNECT
FORWARD
CONNECT
FORWARD
DISCARD
SOURCE
DESTINATION
DESTINATION
PROTOCOL
PROTOCOL
PACKET
PACKET
PACKET
CONNECT
1. SOURCE unicast-address FORWARD <distribution list>
This filter allows you to stipulate access privileges of a given device. When the specified unicast
address appears in the source address field of a MAC frame, the frame will be forwarded as
specified in the distribution list. In this manner, you can specify remote sites and LANs for
connection
2. SOURCE unicast-address CONNECT < distribution list >
This filter allows you to stipulate access privileges of a given device. When the specified unicast
address appears in the source address field of a MAC frame, the frame will be connected and
forwarded as specified in the distribution list. In this manner, you can specify remote sites and
LANs for connection.
3. DESTINATION MAC-address FORWARD <distribution list>
This filter allows you to forward MAC frames addressed to the specified MAC address. When
the specified MAC address appears in the destination address field of the MAC frame, the
frame will be forwarded as specified in the distribution list.
4. DESTINATION MAC-address CONNECT< distribution list >
This filter allows you to connect MAC frames addressed to the specified MAC address. When
the specified MAC address appears in the destination address field of the MAC frame, the
frame will be connected and forwarded as specified in the distribution list.
230
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED BRIDGING
Bridge Filters
5. PROTOCOL protocol-Id FORWARD < distribution list >
This filter allows you to restrict packets based on the Ethernet protocol Id field or the
corresponding 802.3 LSAP field. You can specify the protocol Id that is to be forwarded. The
filtering mechanism will determine if the packet is Ethernet format or 802.3 format. The
Ethernet type or LSAP field will be checked based on packet format.
6. PROTOCOL protocol-Id CONNECT < distribution list >
This filter allows you to restrict packets based on the Ethernet protocol Id field or the
corresponding 802.3 LSAP field. You can specify the protocol Id that is to be connected and
then forwarded. The filtering mechanism will determine if the packet is Ethernet format or
802.3 format. The Ethernet type or LSAP field will be checked based on packet format. See the
7. PACKET OFFSET dd MASK xxxxxxxxxxxx VALUE xxxxxxxxxxxx FORWARD
<distribution-list>
This filter allows you to restrict packets based on packet data outside the source and
destination MAC addresses or protocol Id. For example, you may wish to filter packets based
on IP address information. You would then specify the offset (dd) into the MAC frame where
the filter comparison is to begin. The mask data indicates which bits within the frame data are
significant and will be compared to the value. The frame data is logically “anded” with the
mask, and then compared to the specified value. The value field must be a subset of the mask
field. That is, the value field logically “anded” with the mask field must equal the value field.
The value and mask fields must have equal lengths.
8. PACKET OFFSET dd MASK xxxxxxxxxxxx VALUE xxxxxxxxxxxx CONNECT
<distribution-list>
This filter allows you to restrict packets based on packet data outside the source and
destination MAC addresses or protocol Id. For example, you may wish to filter packets based
on IP address information. You would then specify the offset (dd) into the MAC frame where
the filter comparison is to begin. The mask data indicates which bits within the frame data are
significant and will be compared to the value. The frame data is logically “anded” with the
mask, and then compared to the specified value. The value field must be a subset of the mask
field. That is, the value field logically “anded” with the mask field must equal the value field.
The value and mask fields must have equal lengths.
9. PACKET OFFSET dd MASK xxxxxxxxxxxx VALUE xxxxxxxxxxxx DISCARD <distribution-
list>
This filter allows you to specify the DISCARD filter action on a packet data filter. This gives you
the flexibility of allowing a global class of data to be forwarded, and restrict specific subsets of
that data. For example you may forward all IPX data packets but restrict workstation watchdog
packets.
Workgroup Remote Access Switch
231
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
The following chart summarizes the forward filter actions available for Restricted Bridging:
Filter
Action
Distribution
List
Result
FORWARD
LAN
WAN
ALL
A packet matching this filter will only be forward-
ed on the LAN ports. The packet will not be sent to
any remote sites connected over the WAN.
FORWARD
FORWARD
A packet matching this filter will only be forward-
ed to remote sites connected on the WAN. The
packet will not be sent to the LAN ports.
A packet matching this filter will be forwarded on
the LAN ports and forwarded to remote sites con-
nected over the WAN.
FORWARD
CONNECT
Device List* A packet matching this filter will only be forward-
ed to the specified Device List.
Device List* A packet matching this filter will be connected to
the specified Device List.
It is possible to use a discard filter action to selectively discard packets that have been forwarded
through the previous restricted bridging forwarding filters. The following chart summarizes the
discard filter actions available for Restricted Bridging:
Filter
Action
Distribution
List
Result
DISCARD
LAN
WAN
ALL
A packet matching this filter will be discarded on
the LAN ports. The packet will be sent to all
remote sites connected over the WAN.
DISCARD
A packet matching this filter will be discarded to
remote sites connected on the WAN. The packet
will be sent to the LAN ports.
DISCARD
DISCARD
A packet matching this filter will be discarded on
the LAN ports and WAN ports.
Device List* A packet matching this filter will not be sent to the
specified Device List.
* Device List may be the on-node device database, or it may be located on an off-node authentication
server.
232
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED BRIDGING
Bridge Filters
DIAL OUT USING BRIDGE FILTERS
Each type of bridge filter for each operating mode supports a different set of “forwarding actions.”
Your particular set up and device configuration will determine which type of filter and forwarding
arrangement will be the most useful. For our purposes, we will illustrate what we feel to be the
most commonly used filter arrangement: the Destination MAC Address Filter used in Unrestricted
Mode.
EXAMPLE: BRIDGE DIAL OUT USING A DESTINATION MAC ADDRESS FILTER
Consider the following situation: you know the destination of a packet, and you want to control its
forwarding action. With the use of filters, you can:
•
•
•
•
specify a Device List for connection
specify a Device List for which you would discard the packet
specify a LAN or WAN for which you would discard the packet
specify a complete discard of the packet for the entire system
The following example illustrates how to configure a filter when you know the Destination MAC
Address. To configure filters in other situations, follow similar principles as you work your way
through the CFGEDIT screens. For details on the differences between filters and their forwarding
Preliminaries
Be sure your system’s resources are properly configured. This includes resources, lines and
In order to have the CyberSWITCH successfully dial out, you must have the device information
properly set up and the dial out number stipulated. Instructions for configuring on-node device
Level Databases chapter.
In order to use the remote bridge feature and properly set up filters, you must:
•
•
enable MAC layer bridging
select your mode of operation (restricted or unrestricted)
Access these configuration elements through CFGEDIT’s Options Menu, Configure Bridging. For
our example, we will use the Unrestricted Mode for our Mode of Operation.
Configuring a Destination MAC Address Filter
To configure a bridge filter, you must advance through CFGEDIT’s menus to the Bridge Menu. To
do this:
1. From CFGEDIT’s Main Menu, select Options.
2. From the Options Menu, select Bridging.
3. From the Bridging Menu, select Bridge Filters. The menus similar to the following will then be
displayed. Follow the item selection process shown in the screens (the selections are in bold).
Workgroup Remote Access Switch
233
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Bridge Filter Menu:
1) Protocol Definition
2) Source MAC Address Filter
3) Destination MAC Address Filter
4) Protocol Filter
5) Packet Data Filter
Select function from above or <RET> for previous menu: 3
Current Destination Address Filter:
id
DEST ADDRESS
ACTION
DISTRIBUTION LIST
--------------------------------------------------------
There are currently no Destination Address Filters configured.
1) to Add a Destination Address Filter or press <RET> for previous menu: 1
Destination MAC Address? 112233445566
1) DISCARD
2) CONNECT
Forward Action from the above list?
If you choose CONNECT as a forwarding action, the system will connect and forward the packet
to the specified device list only. This eliminates the need for the packet to be broadcast to all
connections. After specifying the “connect,” you are prompted for the device name:
DEVICE LIST For CONNECT Filter
Device Name
----------------------
1) to Add a Device or press <RET> for previous menu: 1
Enter Device Name or <RET> to cancel? John
DEVICE LIST For CONNECT Filter
id Device Name
-- ------------------
(1) John
(1) Add, (2) Change, (3) Delete a Device or press <RET> for previous menu?
<RET>
234
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED BRIDGING
Known Connect List
Current Destination Address Filter Configuration:
id
--------------------------------------------------------
112233445566 CONNECT John
DEST ADDRESS
ACTION
DISTRIBUTION LIST
1
(1) Add, (2) Change, (3) Delete a Destination Address Filter or <RET> to return to
the previous menu?
Your filter is now configured for this example. Remember, each type of filter for each operating
mode supports a different set of “forwarding actions.” These are described in detail earlier in the
KNOWN CONNECT LIST
The Known Connect List is a configurable list of all devices for which you want the system to
connect and forward bridged packets.
CONFIGURING THE KNOWN CONNECT LIST
Notes: Before beginning, be sure your system’s resources are properly configured. This includes
resources, lines, and datalinks, if applicable. Refer to the Configuring Resources and Lines
chapter.
In order to successfully dial out to a device on the CyberSWITCH’s Known Connect List,
you must have the device information properly set up and the dial-out number(s)
Databases chapter.
The dial out call must be made within a configured amount of time from its last connection.
This time is configurable through the Bridge Configuration menu’s Spanning Tree
Parameters. The parameter for configuring the time is called the bridge age time. The
default value.
USING CFGEDIT
1. From the Bridging Menu press (5) to configure the Known Connect List. The following screen
will then be displayed:
DEVICE LIST For CONNECT Filter
Device Name
----------------------
1) to Add a Device or press <RET> for previous menu? 1
Enter 1) to add a Device Name or <RET> to previous menu:
2. Press (1) to add a device to the Known Connect List.
3. Repeat step 2 for all devices you want included on this list.
Workgroup Remote Access Switch
235
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
KNOWN CONNECT LIST CONFIGURATION ELEMENTS
DEVICE NAME
the Configuring Device Level Databases chapter. This is a device to which you want the system to
connect and forward bridged unicast packets.
KNOWN CONNECT LIST BACKGROUND INFORMATION
In Unrestricted Mode, standard bridge processing attempts to forward frames with unknown or
broadcast MAC addresses through all available interfaces. This can cause a problem with the
limited bandwidth and high cost of dial-up WAN links. The CyberSWITCH’s Known Connect List
feature, and its support of bridge filters, gives you flexible options in controlling the risk of bridge
flooding over WAN links.
When operating as a bridge or in IP Host Mode, in the course of processing the MAC frames, the
CyberSWITCH builds its bridge table and associates each MAC address it sees with an interface.
When a remote bridge establishes a connection and begins sending traffic to the CyberSWITCH,
the CyberSWITCH adds these remote addresses to its bridge table and associates the remote bridge
with them. Later, if the connection is dropped, and if the CyberSWITCH receives a packet destined
for one of the remote addresses, it will re-establish the connection with the remote bridge only if the
remote bridge is specified on the Known Connect List, or if a forwarding filter is configured.
Furthermore, if the Known Connect List option is used, the CyberSWITCH can only re-establish the
connection while the remote bridge is still “known”; that is, if the system receives the new,
outbound packet before the Spanning Tree Bridge Age Time timer ages-out the destination MAC
address from the bridge table. If a connect filter is used, the CyberSWITCH can re-establish the
connection regardless of how long it’s been since the last connection. The default Bridge Age Time
236
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
OVERVIEW
By default, IP routing is disabled when you first install your system software. After IP routing is
enabled, there are optional advanced features available. Optional advanced IP routing features
include:
ARP (Address Resolution Protocol) is used to translate IP addresses to Ethernet addresses. As
a rule, this translation is handled dynamically. In rare situations, a user may need to manually
enter this translation. This menu item allows you enter a static ARP table entry manually.
The Isolated mode option helps to restrict the resources to which remote IP devices can get
access.
The Static Routes Lookup via Radius option allows you to either enable or disable maintaining
static routes for devices on the RADIUS Server. This option is only applicable when a RADIUS
Server is in use.
The IP Address Pool allows you to configure a list of IP addresses that can be dynamically
assigned to remote IP devices as they connect to the system.
IP Filters allow you to control the admission and transmission of individual IP datagrams
based on the datagram’s contents.
Dynamic Host Configuration Protocol (DHCP) allows you to access the DHCP server to
allocate IP addresses to all types of remote IP devices.
This chapter includes a section for each advanced IP routing feature.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
STATIC ARP TABLE ENTRIES
CONFIGURING STATIC ARP TABLE ENTRIES
USING CFGEDIT
Once IP has been enabled, the full IP Configuration menu will be displayed as shown below:
IP Routing Menu:
1) IP Routing (Enable/Disable)
2) IP Operating Mode
3) IP Interfaces
4) IP Static Routes
5) RIP (Enable/Disable)
6) IP Static ARP Table Entries
7) Isolated mode (Enable/Disable)
8) Static Route Lookup via RADIUS (Enable/Disable)
9) IP Address Pool
10) DHCP Configuration
11) IP Filters
12) Security Associations
Select function from above or <RET> for previous menu:
The advanced IP routing options, including ARP table entries, are configured through this menu.
To enter a static ARP table entry manually:
1. Select Static ARP Table Entries from the IP menu.
2. Select to add a Static ARP table entry.
3. Enter the device’s IP address.
4. Enter the device’s MAC address.
STATIC ARP TABLE ENTRIES CONFIGURATION ELEMENTS
IP ADDRESS
The IP address for the device for which you are making an entry. Only LAN interfaces are valid.
MAC ADDRESS
The MAC address (Ethernet address) for the device for which you are making an entry.
STATIC ARP TABLE ENTRIES BACKGROUND INFORMATION
When sending out IP packets, ARP (Address Resolution Protocol) is used to translate IP addresses
to Ethernet addresses. As a rule, this translation is done dynamically. In rare situations, you may
need to manually enter a static ARP table entry. Maximum configuration allowed: 16 static ARP
entries. Use the ip arpcommand to display all dynamic or statically configured ARP entries.
Note: Static ARP entries can be created only for LAN interfaces. They are not supported for WAN
RLAN interfaces.
238
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
The Isolated Mode
THE ISOLATED MODE
CONFIGURING THE ISOLATED MODE
USING CFGEDIT
1. Select Isolated Mode (Enable/Disable) from the IP menu.
2. Follow the onscreen instructions to either enable or disable the isolated mode.
ISOLATED MODE CONFIGURATION ELEMENTS
ISOLATED MODE STATUS
You may enable or disable the Isolated Mode option.
ISOLATED MODE BACKGROUND INFORMATION
When operating with isolated mode enabled, the CyberSWITCH does not relay IP datagrams
received from the WAN to other IP routers/ hosts located on the WAN. IP datagrams received from
the WAN will be discarded if they need to be forwarded over the WAN. IP datagrams received on
the LAN interface are forwarded to each required interface.
WAN-to-LAN and LAN-to-LAN routing still works if Isolated Mode is enabled.
STATIC ROUTE LOOKUP VIA RADIUS
Note: This option is only applicable when a RADIUS Server is in use.
CONFIGURING STATIC ROUTE LOOKUP VIA RADIUS
USING CFGEDIT
1. Select Static Route Lookup via RADIUS (Enable/Disable) from the IP menu.
2. Follow the onscreen instructions to either enable or disable this feature.
USING MANAGE MODE
ipradius
Displays the current enabled status of the IP route lookup via RADIUS feature.
ipradius off
Disables the lookup of IP routes lookup via RADIUS.
ipradius on
Enables the lookup of IP routes lookup via RADIUS.
Workgroup Remote Access Switch
239
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
STATIC ROUTE VIA RADIUS CONFIGURATION ELEMENTS
STATIC ROUTE VIA RADIUS STATUS
You may enable or disable this option.
STATIC ROUTE LOOKUP VIA RADIUS BACKGROUND INFORMATION
The Static Routes Lookup via RADIUS option allows you to maintain static routes for devices on
the RADIUS Server. When there are multiple CyberSWITCHes at one site, the IP static routes
information needs to be duplicated on all systems. The Static Route Lookup via RADIUS feature
allows you to maintain all of the IP static routes information for multiple systems on the RADIUS
server by enabling this feature. The systems will download necessary static routes information
from the server when needed.
Refer to this guide’s RADIUS configuration information. The RADIUS Authentication Server User’s
Guide (an electronic document) also provides information on the RADIUS Authentication Server.
IP ADDRESS POOL
CONFIGURING AN IP ADDRESS POOL
USING CFGEDIT
1. Select IP Address Pool from the IP menu.
2. Select to add an IP address.
3. If you are adding a single IP address:
a. Enter the IP address.
b. When prompted to enter the ending IP address press <return>.
4. If you are adding a range of IP addresses:
a. Enter the first IP address in the range.
b. Enter the ending IP address in the range.
Note: A range of IP addresses can cover the associated interface IP address; however, this
interface address will not be added to the IP address pool.
5. To delete a single IP address contained in a configured range:
a. Select to delete an IP address.
b. Select the Id of the range you want to delete the address from.
c. Select to delete a single IP address contained in the range.
d. Enter the IP address you would like to delete from the range.
IP ADDRESS POOL CONFIGURATION ELEMENTS
IP ADDRESS
This can be a single IP address, or a range of IP addresses that can be dynamically assigned to
remote IP devices as they connect to the system.
240
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
IP Filters
IP ADDRESS POOL BACKGROUND INFORMATION
The IP Address Pool feature allows you to configure a list of IP addresses that can be dynamically
assigned to remote IP devices as they connect to the system. This would occur if a remote IP device
calls in to the system and has no IP address, and requests to have one assigned. With this capability,
you no longer need to assign permanent IP addresses to all possible remote IP devices, but rather
only as many IP addresses as the number of possible ISDN connections. If multiple connections are
used, you would not need as many IP addresses as the number of possible ISDN connections. This
can result in a reduction of the number of IP addresses required for remote IP devices.
When a PPP connection is established to the system, the system and the remote device exchange
their IP addresses during the IPCP (IP Control Protocol) phase. If the remote device does not know
its own IP address, the system will assign a proper IP address to it. A proper IP address can be a
permanent IP address configured for the remote device in the device table, or it can be one of the
IP addresses configured in the IP Address Pool. If an IP address from the address pool is used, it
will be returned to the pool when the connection is terminated. This allows the IP address to be
reused for other remote IP devices. As many as 64 IP addresses can be configured in the IP Address
Pool.
Notes: Dynamic IP address assignment from the IP Address Pool is only supported via PPP IPCP.
An IP address should not be configured for the device (either in the on-node device
database or in a remote authentication database) if an IP address is to be assigned to the
device from the IP address pool.
IP FILTERS
The IP Filter Configuration is a three-part process. It involves:
1. configuring packet types
2. configuring the filters to act on these packet types
3. applying the filters to selected points in the IP packet processing
We suggest you become familiar with the IP Filtering mechanism before attempting a
Understandably, when IP Filters are enabled, system performance will slow down. This is due to
the fact that every IP packet will experience a delay while the system is searching for a filter match.
System performance will also be affected by the number of packets, conditions and filters
INITIATING THE IP FILTER CONFIGURATION
USING CFGEDIT
To begin the configuration process, IP must be enabled. Access IP Filter configuration through the
extended IP Routing Menu:
Workgroup Remote Access Switch
241
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IP Routing Menu:
1) IP Routing (Enable/Disable)
2) IP Operating Mode
3) IP Interfaces
4) IP Static Routes
5) RIP (Enable/Disable)
6) IP Static ARP Table Entries
7) Isolated Mode(Enable/Disable)
8) Static Route Lookup via RADIUS(Enable/Disable)
9) IP Address Pool
10) DHCP Configuration
11) IP Filter Information.
Select function from above or <RET> for previous menu: 11
Upon selecting IP Filter Information, the following sub-menu is displayed:
IP Filters:
1) Packet Types
2) Forwarding Filters
3) Connection Filter
4) Exception Filter
5) Apply Global Forwarding Filter.
Select function from above or <RET> for previous menu:
The configuration of each of the listed functions is described in the following discussion.
USING MANAGE MODE
ipfilt
This command displays the IP Filter Configuration screen from which you can set up your
packet types and filters.
Note: Since IP Network Interfaces are not currently changeable within Manage Mode, the
application of filters to Interfaces may only be performed within CFGEDIT.
CONFIGURING PACKET TYPES
USING CFGEDIT
1. Select Packet Types from the IP Filter menu.
2. Select Add.
3. Assign a unique name to the packet type. The system will then display the new packet with
wild card values, similar to the following:
Current Configuration for PACKET TYPE "Type_One"
1) IP Source Address
2) IP Destination Address
3) IP Protocol
AND 0.0.0.0 EQUAL 0.0.0.0
AND 0.0.0.0 EQUAL 0.0.0.0
EQ ANY
Select function from above or <RET> for previous menu:
242
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
IP Filters
The screen identifies the common portion of the packet type, which includes the IP addresses and
protocol information. To modify these values, refer to the following section entitled Configuring the
Common IP Portion.
The criteria for IP addresses includes the:
•
•
•
mask
target value (with which the result of the AND operation is compared), and
operator (which specifies the type of comparison to perform)
(logically ANDed with the packet’s address field),
Based upon what you select for IP protocol, you will be prompted for additional information, as
described in following sections. The IP protocol item allows packet matching based upon one of the
following:
•
•
•
a set of recognized upper-level protocols
a wild card value (with wild card valid only with an “EQUAL” operator), or
an arbitrary numeric value
The upper-level protocols include:
•
TCP
•
•
UDP
ICPM
CONFIGURING THE COMMON IP PORTION
USING CFGEDIT
1. To change the source address, select IP Source Address from the PACKET TYPE menu.
2. Provide IP address mask.
3. Provide comparison operator (equal or not equal).
4. Provide IP address target.
5. To change the destination address, select IP Destination Address from the PACKET TYPE menu.
Continue with steps two through 4, as just described.
6. From the PACKET TYPE menu, select IP Protocol.
7. Select Comparison Operator.
•
If you select EQUAL, you may choose between a specific upper-level protocol, an arbitrary
numeric value, or “any” protocol.
•
If you select NOT EQUAL, you may choose between a specific upper-level protocol or an ar-
bitrary numeric value only.
8. Select IP protocol. If you choose an upper-level protocol, refer to the three following
configuration sections: Configuring TCP, Configuring UDP, and Configuring ICMP.
Workgroup Remote Access Switch
243
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
CONFIGURING TCP
If you have selected TCP as your IP protocol, a screen similar to the following is displayed. Note
that the following TCP defaults constitute a wild card match for any TCP packet:
PACKET TYPE "Type_One":
1) IP Source Address
2) IP Destination Address
3) IP Protocol
AND 0.0.0.0 EQUAL 0.0.0.0
AND 0.0.0.0 EQUAL 0.0.0.0
EQUAL TCP
4) TCP Source Port
5) TCP Destination Port
6) TCP Control
RANGE 0 - 65535
RANGE 0 - 65535
ANY
Select function from above or <RET> for previous menu:
1. Select TCP Source Port. Note that the ports are specified in terms of an operator.
2. Select a comparison operator.
3. If you have chosen the comparison operator of “RANGE”, you will be prompted for upper-range
and lower-range values. If you have chosen a comparison operator other than “RANGE”, you will be
prompted for a specific TCP port number.
4. Select TCP Destination Port. Note that the ports are specified in terms of an operator.
5. Select a comparison operator.
6. If you have chosen the comparison operator of “RANGE”, you will be prompted for upper-range
and lower-range values. If you have chosen a comparison operator other than “RANGE”, you will be
prompted for a specific TCP port number.
7. Select TCP Control.
8. Specify a control value (any, established, or not established).
CONFIGURING UDP
If you have selected UDP as your IP protocol, a screen similar to the following is displayed. Note
that the following UDP defaults constitute a wild card match for any UDP packet:
PACKET TYPE "Type_One":
1) IP Source Address
2) IP Destination Address
3) IP Protocol
AND 0.0.0.0 EQUAL 0.0.0.0
AND 0.0.0.0 EQUAL 0.0.0.0
EQUAL UDP
4) UDP Source Port
RANGE 0 - 65535
5) UDP Destination Port
RANGE 0 - 65535
Id of the item to change, <RET> to accept changes or <CTRL-C> to cancel
1. Select UDP Source Port. Note that the ports are specified in terms of an operator.
2. Select a comparison operator.
244
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
IP Filters
3. If you have chosen the comparison operator of “RANGE”, you will be prompted for upper-range
and lower-range values. If you have chosen a comparison operator other than “RANGE”, you will be
prompted for a specific UDP port number.
4. Select UDP Destination Port. Note that the ports are specified in terms of an operator.
5. Select a comparison operator.
6. If you have chosen the comparison operator of “RANGE”, you will be prompted for upper-range
and lower-range values. If you have chosen a comparison operator other than “RANGE”, you will be
prompted for a specific UDP port number.
CONFIGURING ICMP
If you have selected ICMP as your IP protocol, a screen similar to the following is displayed. Note
that the following ICMP defaults constitute a wild card match for any ICMP packet:
PACKET TYPE "Type_One":
1) IP Source Address
AND 0.0.0.0 EQUAL 0.0.0.0
2) IP Destination Address AND 0.0.0.0 EQUAL 0.0.0.0
3) IP Protocol
4) ICMP Type
5) ICMP Code
EQUAL ICMP
EQUAL ANY
EQUAL ANY
Id of the item to change, <RET> to accept changes or <CTRL-C> to cancel
1. Select ICMP Type.
2. Select a comparison operator.
3. If you choose “EQUAL”, you may specify an ICMP type of “ANY”, or you may specify a value.
If you choose “NOT EQUAL”, you may only specify a numeric value for the ICMP type.
4. Select “ICMP Code”.
5. Select a comparison operator.
6. If you choose “EQUAL”, you may specify an ICMP code of “ANY”, or you may specify a numeric
value. If you choose “NOT EQUAL”, you may only specify a numeric value for the ICMP code.
Workgroup Remote Access Switch
245
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
CONFIGURING FORWARDING FILTERS
The configuration of Forwarding Filters is a two-part process. First you must name the filter, and
then you must create a list of conditions for the filter. To add a condition, you must name a
previously-created packet type, and then name the action to perform on the specified packet type
(i.e., forward or discard).
USING CFGEDIT
1. Select Forwarding Filters from the IP Filter menu.
2. Select Add a Forwarding Filter.
3. Provide a unique name for the filter you are creating. The Conditions for Filter menu is then
displayed, similar to the following. (Note that the newly-created Forwarding Filter has a final
condition of DISCARD as a default.)
Conditions for Filter "Filt_One"
Final Condition
DISCARD
All Other Types
(1) Add,
(5) Change Default Condition
(2) Change,
(3) Delete,
(4) Move a CONDITION,
or press <RET> for previous menu?
4. Select Add to add a condition.
5. Enter the information for the condition:
•
•
name the previously-defined packet type
specify the action to take when an IP packet matches that type (forward or discard)
A screen similar to the following will then be displayed:
Conditions for Filter "Filt_One"
id
1
FORWARD
"Type_Two"
Final Condition
DISCARD
All Other Types
(1) Add,
(2) Change,
(3) Delete,
(4) Move a CONDITION,
(5) Change Default Condition or <RET> to return to the previous menu?
6. If the filter already has a forwarding condition (other than the final condition), an additional prompt
is presented concerning the condition’s position within the filter. Enter the location within the
filter where the condition is to be added:
•
•
•
at the beginning
at the end
after the existing condition with id number “n”.
Note: If the Final Condition of the filter needs modification, do so via the “Change Default
Condition” selection on the “Conditions for Filter” menu. In this screen context, default
condition refers to final condition.
246
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
IP Filters
CONFIGURING CONNECTION FILTERS
The IP Connection Filter is used at the point when an IP packet attempts to establish an outbound
connection in order to continue the forwarding process. Its configuration parallels that of
forwarding filters.
USING CFGEDIT
1. Select Connection Filter from the IP Filter menu.
2. Enable the Connection Filter. (By default, the Connection Filter is disabled.)
3. Select Edit the Connection Filter. A screen similar to the following will be displayed:
Conditions for "Connect_Filter"
Final Condition
DISCARD
All Other Types
(1) Add,
(5) Change Default Condition
(2) Change,
(3) Delete,
(4) Move a CONDITION,
or press <RET> for previous menu?
4. Select Add to add a condition.
5. Enter the name of the packet type to be forwarded. A screen similar to the following is then
displayed:
Conditions for "Connect_Filter"
id
1
FORWARD
"Type_Two"
Final Condition
DISCARD
All Other Types
(1) Add,
(2) Change,
(3) Delete,
(4) Move a CONDITION,
(5) Change Default Condition
or press <RET> for previous menu?
6. If the filter already has a forwarding condition (other than the final condition), an additional prompt
is presented concerning the condition’s position within the filter. Enter the location within the
filter where the condition is to be added:
•
•
•
at the beginning
at the end
after the existing condition with id number “n”.
Note: If the Final Condition of the filter needs modification, do so via the Default Condition
selection on the Conditions for Filter menu. In this screen context, default condition refers to
final condition.
Workgroup Remote Access Switch
247
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
CONFIGURING EXCEPTION FILTER
The IP Exception Filter is intended for temporary, special conditions within an existing forwarding
filter. When enabled, it is logically appended to the beginning of each forwarding filter in effect.
USING CFGEDIT
1. Select Exception Filter from the IP Filter menu.
2. Enable the Exception Filter. (By default, the Exception Filter is disabled.)
3. Select Edit the Exception Filter. A screen similar to the following will be displayed:
Conditions for "Except_Filter"
Final Condition
DISCARD
All Other Types
(1) Add,
(5) Change Default Condition
(2) Change,
(3) Delete,
(4) Move a CONDITION,
or press <RET> for previous menu:
4. Select Add to add a condition.
5. Enter the name of the packet type to be forwarded. A screen similar to the following is then
displayed:
Conditions for "Except_Filter"
Final Condition
DISCARD
All Other Types
(1) Add,
(5) Change Default Condition
(2) Change,
(3) Delete, (4) Move a CONDITION,
or press <RET> for previous menu:
Conditions for "Except_Filter"
id
1
FORWARD
"Type_Two"
Final Condition
DISCARD
All Other Types
(1) Add,
(2) Change,
(3) Delete,
(4) Move a CONDITION,
(5) Change Default Condition
or press <RET> for previous menu:
6. If the filter already has a forwarding condition (other than the final condition), an additional prompt
is presented concerning the condition’s position within the filter. Enter the location within the
filter where the condition is to be added:
•
•
•
at the beginning
at the end
after the existing condition with id number “n”.
Note: If the Final Condition of the filter needs modification, do so via the Change Default Condition
selection on the Conditions for Filter menu. In this screen context, default condition refers to
final condition.
248
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
IP Filters
MODIFYING THE FINAL CONDITION FOR A FILTER
To change the final condition for a filter, select Change Default Condition (currently selection (5) on
the Conditions for Filter menu.
APPLYING FILTERS
Once you have defined your forwarding filters, you must apply them to selected points in the IP
routing process. There are three ways to apply filters:
•
•
•
through a Network Interface
globally
on a per-user basis
APPLYING FILTERS TO NETWORK INTERFACES
1. Return to the IP Configuration menu (from Options).
2. Select IP Interfaces.
3. Select Change.
4. Select the interface on which the filter is to be applied.
5. Press <RET> until you reach the prompt which asks for Input Filter Name.
6. If you want to apply an Input filter, provide the filter name at the Input Filter prompt. If you do
not want to apply an Input filter, press <RET>.
7. If you want to apply an Output filter, provide the filter name at the Output Filter prompt. If you
do not want to apply an Output filter, press <RET>.
APPLYING THE GLOBAL FORWARDING FILTER
1. From the IP Routing menu, select IP Filters.
2. Select Apply Global Forwarding Filter.
3. Provide the global filter name.
APPLYING PER-DEVICE FORWARDING FILTERS
1. Return to the Main Menu.
2. Select Security.
3. Select Device Level Databases.
4. Select On-node Device Entries.
Workgroup Remote Access Switch
249
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
5. Select the device to which you want to apply the forwarding filter.
6. Select IP Information.
7. Select either IP Input Filter or IP Output filter.
8. Provide the filter name.
IP FILTERS CONFIGURATION ELEMENTS
The following elements are described in terms of the individual comparisons which make up the
packet types. When an IP packet is subjected to a filter, the following comparisons are executed.
The final result of the comparisons is a “match” if all comparisons are true, and a “no match”
otherwise.
IP ADDRESSES
These elements allow filtering based on the IP Addresses, which are expressed in two dotted
decimal quantities, a Mask and a Target. The comparison entails the logical “AND” operation of
the packet’s IP Address and the specified Mask. The result of this operation is compared against
the Target in either an EQUAL (EQ) or NOT EQUAL (NEQ) operation for determining if a match
has occurred. The mask is used to create wild card or don’t care conditions for the address
comparison (‘1’ bits are significant and ‘0’ bits are don’t cares).
Examples:
0.0.0.0 EQ 0.0.0.0
Matches any IP address (wildcard and de-
fault).
255.255.255.0 EQ 128.131.23.0
If Class B network 128.131.0.0 is subnetted
with 8 bits, this comparison matches any
host on subnet 23.
255.255.255.0 NEQ 128.131.23.0
If Class B network 128.131.0.0 is subnetted
with 8 bits, this comparison matches any
host except those on subnet 23
255.255.255.255 EQ 128.131.23.59
255.255.255.255 NEQ 128.131.23.59
Matches exactly the host 128.131.23.59
Matches every host except 128.131.23.59
IP PROTOCOL
This element applies a check to the Protocol field of the IP header using either an EQUAL or NOT
EQUAL comparison. Symbolic mnemonics are supplied for the most popular upper level protocols
(TCP, UDP, ICMP); when using an EQUAL comparison on these values, the corresponding
protocol-specific comparisons are then enabled. A numeric value N (an unsigned quantity between
0 and 255) can be used for any other protocol without a specific mnemonic. “ANY” can also be
specified as the protocol and is the default value, along with an EQUAL comparison, to yield the
wild card value.
250
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
IP Filters
TCP AND UDP PORTS
These elements allow filtering based on the TCP Source and Destination Port fields, which are
treated as 16 bit unsigned quantities (0-65535). These can be used to trap applications that have
well-known port addresses, such as Telnet, FTP, etc. The packet’s port value is compared to the
value in the type using the specified operator:
EQ
equal to <port>
NEQ
LT
not equal to <port>
less than <port>
GT
greater than <port>
RANGE
inclusive range <port1> <= packet port value> = <port2>
Examples:
EQ 23:
TCP port for the Telnet protocol.
RANGE 0 65535:Any TCP port (wild card and default).
TCP CONTROL
This element accesses the control bits of the TCP header, which are utilized to initiate and maintain
the state of a TCP connection. “ANY” is the wild card and default value. TCP packets whose ACK
or RST control bits are set will match the ESTABLISHED value, since they belong to an established
connection. Conversely, a TCP packet which is attempting to open a new connection will carry
neither of these bits and will match the NOT-ESTABLISHED value.
ICMP TYPE AND CODE
These fields allow filtering based on the specific function of an ICMP packet, via the Type and Code
fields. Using an operator of EQUAL or NOT EQUAL, the packet’s Type/ Code is compared against
the target values. These values may be a numeric quantity between 0 and 255; or the mnemonic
“ANY” can be used with an EQUAL comparison as the wild card value.
IP FILTERS BACKGROUND INFORMATION
A filter is a list of conditions. It is the logical element which is applied to a point in the routing
process to control packet flow. Each condition within a filter is created from one of the previously-
defined packet types, along with the action to take when a packet matches that type.
IP Filters modify the normal processing flow of an IP packet as it passes through the various stages
of IP Processing. When an IP packet encounters a filter, the filter’s output - DISCARD or
FORWARD - determines if the packet has permission to continue. There are two types of IP Filters.
Forwarding Filters are selectively applied to the key locations in the IP routing process. The
Connection Filter is applied to those datagrams which trigger a WAN connection in order to satisfy
the forwarding process.
The following illustrates a packet that is passing through a filter. The packet is checked against each
of the individual conditions of the filter before an action is performed:
Workgroup Remote Access Switch
251
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
FILTER
IP Packet
Discard Type 3
Action:
Discard/Forward
Discard Type 1
Forward Type 4
Conditions
Packet Types:
Type 1: www,www,www
Type 2: xxx,xxx,xxx
Type 3: yyy,yyy
Type 4: zzz,zzz
Final
Condition
Discard All Other Types
FILTER COMPOSITION
The IP filtering mechanism is composed of three fundamental building blocks:
Packet Types
The criteria for describing an IP datagram’s contents: IP Source and Destination Addresses,
Protocol (TCP, UDP, etc.), Protocol-specific fields (TCP port, etc.). For example, Packet Types
can be set up to specify such things as: “all packets arriving from IP Subnetwork X”, “Telnet
packets destined for host Y”, or “All RIP packets”. Packet Types are independently defined and
may be referenced by multiple filters.
•
Conditions
A Packet Type combined with an Action to take when a datagram matches that type. The
Actions are DISCARD or FORWARD.
•
Filter
An ordered list of Conditions. When an IP datagram passes through a filter, a sequential pass
is made through the individual conditions. The first complete match of a Packet Type dictates
the action which is applied to the datagram. When the action is DISCARD, the datagram is
dropped. The filter also contains a configurable Final Condition which specifies the action to
take if no match is found.
TYPES OF FILTERS
Forwarding Filters
A Forwarding Filter is a filter which forwards or discards specific packets according to whether
these packets fulfill a list of defined conditions.Forwarding Filters may be applied to packets in one
of the following ways:
•
•
Globally: independent of the packet’s input or output path.
through the Input Network Interface: applies the filter only to packets arriving on a specific
attached network.
252
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
IP Filters
•
•
through the Output Network Interface: applies the filter only to packets which are transmitted
on a specific attached network (i.e. after the Routing process has determined the next-hop net-
work for the datagram).
on a per-Device basis: applies a device-specific filter in addition to any Input or Output filters.
This type of filtering is applicable only to WAN Network Interfaces.
Connection Filters
The Connection Filter, when enabled, is only applied when an IP datagram attempts to trigger a
call on a WAN Output Interface. The initial default is that all such datagrams yield a FORWARD
action, so the administrator must explicitly configure any desired connection restrictions. Note that
the control offered by the IP Connection Filter is distinct from the “IP Callable” attribute of the
Device Table. The IP Connection Filter permits connection control based on packet content, while
the IP Callable feature applies such control based on the selected next hop.
Exception Filters
At certain times, you may want to allow specific IP packets to temporarily override the Forwarding
Filters which have been applied. For example, you may want to allow temporary access to an
authorized technical person via a path which is otherwise blocked via filters. One way to do this
would be to simply make a temporary modification to the applicable filter or filters. However, the
special concept of an Exception Filter is also expressly supported for this purpose.
The Exception Filter is a built-in filter which is selectively enabled and disabled. When enabled, it
is logically appended before each Forwarding Filter which an IP packet encounters. The makeup of
the Exception Filter is identical to any other filter. Should a match occur, the specified action will
be taken, effectively overriding the original filter. If no match occurs, the Exception Filter’s Final
action dictates the next processing step. When the Final action is FORWARD, filter execution flows
into the original filter, thereby creating one logical filter. This is the default operation of the
Exception Filter. The alternative for the no-match situation is a Final action of DISCARD, in which
case the datagram is discarded.
Note: A final action of DISCARD in the Exception Filter will DISCARD all packets not matching
the initial condition.
ROLE OF FILTERS IN THE IP PROCESSING FLOW
Refer to the following figure. It illustrates the exact order in which the filter application points are
executed. Before reaching the IP routing process, incoming datagrams will first be subject to any
User-specific filter (if arriving on a WAN interface) and secondly to any Input filter for the
delivering Network Interface. Once a datagram has reached the IP routing process (either an
incoming datagram or a datagram generated within the NE system), the Global filter, if enabled, is
applied. When the routing process determines that a datagram is to be transmitted, that datagram
is subject first to any Output filter of the selected to Network Interface. If the output interface is a
WAN and it is necessary to first establish a connection, the Connection Filter, if enabled, is applied.
Finally, any User-specific filter is applied (again, only if the datagram is being transmitted on WAN
interface).
Workgroup Remote Access Switch
253
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Because the Packet Types within the conditions specify both source and destination address
information, Global application may often be sufficient to filter IP traffic across the entire system.
However, the Input, Output and User-Based application points are defined in case the
administrator needs to apply a finer level of filtering which cannot be obtained on a Global basis.
IP Routing Process
GLOBAL
Network Interface
INPUT
Network Interface
OUTPUT
CONNECTION
USER
USER
Filter Application Points
Filter Execution Order
Example: order of execution of filter application points
Application to Network Interfaces
A forwarding filter is applied to an IP Network Interface through the IP Interface configuration. A filter
may be applied to both the input and output stages of the Network Interface.
It is important to note that the Unnumbered WAN Interface which appears in the IP Interface
configuration is simply the enabling condition for operation with unnumbered WAN links. The
actual unnumbered Network Interfaces are created dynamically at run-time, with the name of the
remote WAN device providing the unique identifier for the Interface. Consequently, when a filter
is applied to the externally visible Unnumbered WAN Interface, it will apply to all dynamic
unnumbered interfaces which are created internally at run-time. If it desired to apply a filter to a
specific unnumbered interface, this can be accomplished by applying a User-Based filter.
PACKET TYPES
A Packet Type is a set of comparisons which are made against the contents of an IP packet. It is the
fundamental element of an IP filter condition. For a match to occur, ALL the constituent
comparisons must yield a TRUE result. The type is composed of a common packet portion which
specifies fields in the IP header, and a protocol-specific portion which references the upper- layer
protocol fields and is dependent upon which Protocol field of the IP Header, if any, is used as a
criterion.
254
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
IP Filters
Common Portion:
IP Source Address
AND mmm.mmm.mmm.mmm EQ/ NEQ ttt.ttt.ttt.ttt
IP Destination Address
Protocol Field
AND mmm.mmm.mmm.mmm EQ/ NEQ ttt.ttt.ttt.ttt
EQ/ NEQ TCP/ UDP/ ICMP/ ANY/ <n>
Protocol-Specific Portion TCP:
Source Port
EQ <port> / NEQ < port > / GT < port > / LT < port > /
RANGE <p1> <p2>
Destination Port
Control
EQ <port> / NEQ < port > / GT < port > / LT < port > /
RANGE <p1> <p2>
ANY / ESTABLISHED / NOT-ESTABLISHED
Protocol-Specific Portion, UDP:
Source Port
EQ <port> / NEQ < port > / GT < port >/ LT < port > /
RANGE <p1> <p2>
Destination Port
EQ <port> / NEQ < port > / GT < port > / LT < port > /
RANGE <p1> <p2>
Protocol-Specific Portion, ICMP:
Type
EQ / NEQ n / ANY
EQ / NEQ n / ANY
Code
LIMITATIONS
System performance will be affected by the number of packets, conditions and filters configured.
The more elements you have configured, the slower system performance. Refer to the following
chart for the maximum number of elements supported:
Central Office
Remote Access Switches
Work Group
Remote Access Switches
(single BRI port)
Maximum # Packet Types
Maximum # Conditions
Maximum # Filters
100
100
25
25
25
10
Note: If a packet is defined, it is counted toward the maximum number of packets allowed. Be
aware that this applies even if:
•
•
the packet is not used in a condition, and
the filter is not enabled.
Workgroup Remote Access Switch
255
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
EXAMPLE OF AN IP FILTER CONFIGURATION
This example provides a simple filtering scenario in which a corporate LAN utilizes a
CyberSWITCH to provide WAN access to both dial-in devices as well as the global Internet. A
Netserver resides on the LAN to provide configuration support for the CyberSWITCH. Also on the
LAN are an anonymous FTP server and a WWW server.
SFVRA
Manager
FTP
Server
WWW
Server
Host
Host
Internet
128.131.25.12
128.131.25.10
128.131.25.11
128.131.25.15
193.57.50.1
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
B
1
4
B
1
6
B
2
6
B
2
B
3
0
L
1
Host
Host
CSX1200
ISDN
Remote User
Remote User
Remote User
The following are the requirements/ restrictions to be addressed by IP filters:
•
•
•
No outside access allowed to the Netserver or the CyberSWITCH.
The FTP and WWW servers must be accessible from anywhere.
Corporate hosts (including dial-in devices) may initiate TCP-based sessions with the Internet,
but not vice-versa. This covers the main IP applications such as TELNET, FTP, SMTP server
and HTTP. An assumption for FTP is that the client program supports the “PASV” option, in
which the data-transfer TCP connection is initiated by the client.
•
No UDP traffic.
The interface to the Internet is via a numbered IP interface, which has the following filter applied
to its Input stage. Using a final action of DISCARD, the strategy for the filter is to restrict everything
but an explicitly permitted set of traffic.
256
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
IP Filters
FORWARD
FORWARD
FORWARD
IP Src 0.0.0.0, 0.0.0.0
IP Dst: 255.255.255.255, 128.131.25.10
IP Prot: ANY
Permits any host to access the FTP
Server.
IP Src 0.0.0.0, 0.0.0.0
IP Dst: 255.255.255.255, 128.131.25.12
IP Prot: ANY
Permits any host to access the WWW
Server
IP Src 0.0.0.0, 0.0.0.0
IP Dst: 0.0.0.0., 0.0.0.0
IP Prot: TCP
Permits TCP traffic only from sessions
which have already been initiated by
corporate hosts.
TCP Src Port: RANGE 0 65535
TCP Dst Port: RANGE 0 65535
TCP Control: ESTABLISHED
FORWARD
DISCARD
IP Src 0.0.0.0, 0.0.0.0
IP Dst: 0.0.0.0., 0.0.0.0
IP Prot: ICMP
Permits all ICMP packets to enter (in-
cluding ECHO packets for PING).
All other packet types
No-match action.
The corporate dial-in access is realized with a WAN Direct Interface, using a pool of IP addresses
from the corporate LAN for dynamic assignment to the dial-in devices. These devices must first
pass Authentication processing, so there is a level of security inherent on this interface that is not
present on the Internet interface. Once authenticated, the devices are basically allowed to generate
traffic in the same way that they can when operating from within the corporate LAN. This includes
the ability to initiate TCP connections to the external Internet. Correspondingly, the strategy for this
filter is different. Its purpose is to enforce the stated requirement of not allowing any external access
to the Netserver or the CyberSWITCH itself.
DISCARD
DISCARD
DISCARD
FORWARD
IP Src 0.0.0.0, 0.0.0.0
IP Dst: 255.255.255.255, 128.131.25.11
IP Prot: ANY
Denies access to the Netserver.
IP Src 0.0.0.0, 0.0.0.0
IP Dst: 255.255.255.255, 128.131.25.15
IP Prot: ANY
Denies access to the CyberSWITCH it-
self.
IP Src 0.0.0.0, 0.0.0.0
IP Dst: 255.255.255.255, 193.57.50.1
IP Prot: ANY
Denies access to the CyberSWITCH it-
self.
All other packet types
No-match action
Now suppose that a situation arises in which it is temporarily necessary to allow remote access to
the Netserver (for example, reconfiguration by a qualified member of staff who is offsite). Using the
IP Address from which the temporary access will take place, this can be accomplished by enabling
the Exception Filter. When traffic arrives from the Internet, the Exception filter will be executed
first, thereby allowing an override of the existing conditions of the Input filter. The Exception filter
would be set up as follows (the remote access is originated from address 201.55.89.100).
Workgroup Remote Access Switch
257
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
FORWARD
IP Src 255.255.255.255, 201.55.89.100
IP Dst: 255.255.255.255, 128.131.25.11
IP Prot: ANY
Allows specific host to access the Net-
server.
FORWARD
All other packet types
If no match, let filter execution contin-
ue with the existing input filter.
Once the offsite maintenance is completed, the Exception filter would be disabled. Configuration
control over the Exception filter is available both through CFGEDIT and Manage Mode (with
Manage Mode being the most practical method due to its dynamic nature).
DHCP RELAY AGENT
CONFIGURING A DHCP RELAY AGENT
USING CFGEDIT
1. Select DHCP Configuration from the IP Routing menu.
2. Press 1 to begin the DHCP configuration.
3. Follow the onscreen instructions to enable the DHCP/ BOOTP relay agent. Once the agent has
been enabled, the following menu will be displayed:
DHCP/BOOTP Relay Agent Menu:
1) DHCP/BOOTP Relay Agent (Enable/Disable)
2) Relay Destination IP Addresses
3) Hop Count Threshold
Select function from above or <RET> for previous menu:
4. Press 2 to configure relay destination IP addresses.
a. Press 1 to add an address.
b. Enter the relay destination IP address in dotted decimal notation. If you want to broadcast
out to find the DHCP server, enter 255.255.255.255 for the IP address.
c. If you have entered 255.255.255.255 for the IP address, you will need to select the network
interface to which DHCP/ BOOTP request messages should be relayed.
5. Press 3 to configure the hop count threshold. Enter the threshold value, or press return to
accept the default. Be careful when configuring the hop count. Make sure you have configured
the threshold value high enough; messages with a hop field greater than this value will be
discarded.
USING MANAGE MODE
dhcp
Displays the current DHCP configuration values.
dhcp change
Displays the same DHCP menu as CFGEDIT, allowing you to change the current DHCP
configuration.
258
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
DHCP Relay Agent
DHCP CONFIGURATION ELEMENTS
DHCP/ BOOTP RELAY AGENT ENABLE/ DISABLE FLAG
A global flag that indicates whether the system is relaying the DHCP/ BOOTP BOOTREQUEST
messages or not. The relay agent is disabled by default.
RELAY DESTINATION IP ADDRESSES
These are the IP addresses to which the system will relay BOOTREQUEST messages. For relay
destinations which are broadcast/ multicast IP addresses, the network interface to which the
messages should be relayed also needs to be configured.
HOP COUNT THRESHOLD
This configuration element is used to limit the number of relay agents through which DHCP/
BOOTP BOOTREQUEST messages can travel. BOOTREQUEST messages with a hops field value
greater than this value will be discarded. The valid range is between 0 and 16, and the default is 4.
DHCP BACKGROUND INFORMATION
The DHCP/ BOOTP Relay Agent feature provides a solution to the dynamic IP address assignment
problems in the ISDN WAN environment. Those IP host devices with the DHCP client software
that are connected to a central LAN through ISDN remote bridges are now able to obtain their IP
addresses from a DHCP server located on a central LAN.
The Dynamic Host Configuration Protocol (DHCP) provides configuration parameters to IP host
devices. DHCP consists of two components: a protocol for delivering host-specific configuration
parameters (name servers, time servers and many more) from a DHCP server to a host; and a
mechanism for allocation of network addresses to hosts. Since remote devices are not always on a
main network (a corporate LAN, Internet), and there are only limited IP addresses available, it is
desirable to assign the IP addresses to those devices only when they are connected to the main
network. DHCP can be used to accomplish this task; and the DHCP/ BOOTP Relay Agent helps
DHCP work over WAN environments.
For more detailed DHCP/ BOOTP information, refer to the following specifications:
•
•
•
•
RFC 1542: Clarifications and Extensions for the Bootstrap Protocol
RFC 1541: Dynamic Host Configuration Protocol
RFC 1534: Interoperation Between DHCP and BOOTP
RFC 1533: DHCP Options and BOOTP Vendor Extensions
DHCP/ BOOTP Relay Agent processing is extensively discussed in RFC 1542.
DHCP/BOOTP RELAY AGENT ENVIRONMENTS
The following sections describe the different environments in which the DHCP/ BOOTP Relay
Agent may be used.
Workgroup Remote Access Switch
259
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Bridge to Bridge Environment
CSX1200 Using bridging
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
DHCP
DHCP Server
Remote Bridge
DHCP Client
DHCP Client
As shown in the picture above, when a remote LAN is connected with bridge devices, the DHCP
server and clients communicate with each other as if they were on the same LAN. This is one
example configuration of how DHCP can be used to accomplish the dynamic IP address
assignment to the remote IP devices. (Note: This topology works without enabling any additional
DHCP/ BOOTP features.)
Router to Bridge Environment
Although the bridge to bridge environment is a simple way to deploy the dynamic IP address
assignment using DHCP, it has some disadvantages. The major disadvantage is a broadcast storm.
Since all remote LANs are connected through bridge devices, all broadcast traffic will be forwarded
from one remote LAN to all the other LANs, and from a central LAN to all other remote LANs. This
is especially undesirable in the environment where there are many remote LANs.
To solve this problem, IP routing should be turned on at the central site. Enabling routing at the
central site will prevent the broadcast traffic from traveling all over the wide area network.
Unfortunately, this also keeps DHCP messages from being exchanged, as they are transmitted in
the broadcast packets. The DHCP Relay Agent resolves this situation, allowing only DHCP
messages to be forwarded without letting all other broadcast traffic get through.
260
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
DHCP Relay Agent
DHCP
CSX1200 Using routing
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
DHCP Server
Remote Bridge
DHCP
DHCP Client
DHCP Client
EXAMPLE DHCP CONFIGURATIONS
Below we have included two of the more common DHCP scenarios. These may help you configure
your own DHCP feature.
IP Router to IP Router (with Relay Agents on both)
This configuration is useful when the “next hop” to the DHCP Server is another DHCP/ BOOTP
Relay Agent.
DHCP Client
DHCP Server
192.168.1.5
ISDN
192.168.1.168
204.157.42.168
192.168.10.168
192.168.10.1
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
CSX1200
IP Router w/ DHCP
Relay Agent ("Alex")
IP Router w/ DHCP
Relay Agent ("Ruby")
In this configuration, the DHCP Client is able to obtain its IP address from the DHCP Server (and
any other information that the server provides), using the Relay Agents contained in both IP
Workgroup Remote Access Switch
261
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Routers shown in the diagram above. Sample configurations for the objects in the above network
diagram are as follows:
Configuration for IP Router "Alex"
Configuration for IP Router "Ruby"
System Information:
System Name = Alex
System Password = stone
System Information:
System Name = Ruby
System Password = rubble
Security Level = Device Level (On-node
Device Database, PAP security)
Security Level = Device Level (On-node
Device Database, PAP security)
Bridging disabled
Bridging disabled
IP enabled (router mode)
I/ F = LAN (192.168.1.168)
I/ F = WAN (192.168.10.168)
Static Route = (dest) 204.157.42.0
(next hop) 192.168.10.1
IP enabled (router mode)
I/ F = LAN (204.157.42.168)
I/ F = WAN (192.168.10.1)
DHCP enabled
DHCP enabled
Relay Destination #1 = 192.168.1.5
(interface = “N/ A”)
Relay Destination #1 = 192.168.10.168
(interface = “N/ A”)
Hop Count Threshold = 4
Hop Count Threshold = 4
Device = “Ruby”
Device = “Alex”
ISDN Line Protocol = PPP
Dial Out Phone # = 5311
PAP Password = “rubble”
IP Address = 192.168.10.1
IP Routing = enabled
ISDN Line Protocol = PPP
Dial Out Phone # = 5411
PAP Password = “stone”
IP Address = 192.168.10.168
IP Routing = enabled
Make calls for IP data = enabled
Bridging = disabled
Make calls for IP data = enabled
Bridging = disabled
Note: The DHCP Server must have a route specified to get back to the DHCP-enabled router
Ruby, or use Alex as its default gateway.
262
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
DHCP Relay Agent
Remote Bridge to IP Router (w/Relay Agent)
This configuration is useful when requests by a DHCP Client must be “bridged” to an IP Router
that is also a DHCP/ BOOTP Relay Agent. Our equipment is shown in this example, but any remote
bridge device should work.
DHCP Client
DHCP Server
192.168.1.5
ISDN
192.168.1.168
204.157.42.190
(RLAN)
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
CSX1200
IP Router w/ DHCP
Relay Agent ("Alex")
Remote Bridge ("Ruby")
In this configuration, the DHCP Client is able to obtain its IP address from the DHCP Server (and
any other information that the server provides), using the Relay Agent contained in the DHCP-
enabled router “Alex.” “Ruby” is a remote bridge device which communicates with the IP router
using a RLAN interface. Sample configurations for the objects in the above network diagram are:
Workgroup Remote Access Switch
263
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Configuration for IP Router "Alex"
Configuration for Remote Bridge "Ruby"
System Information:
System Name = Alex
System Password = stone
System Information:
System Name = Ruby
System Password = rubble
Security Level = Device Level (On-node
Device Database, PAP security)
Security Level = Device Level (On-node
Device Database, PAP security)
Bridging disabled
Bridging enabled
Bridge Packet Data Filter: offset=1;
mask=00;value=00;action=CONNECT;
dist list=“Alex”
IP enabled (router mode)
I/ F = LAN (192.168.1.168)
I/ F = WAN RLAN
IP disabled
(204.157.42.190)
DHCP enabled
DHCP disabled
Relay Destination #1 = 192.168.1.5
(interface = “N/ A”)
Hop Count Threshold = 4
Device = “Ruby”
Device = “Alex”
ISDN Line Protocol = PPP
Dial Out Phone # = 5311
PAP Password = “rubble”
IP Address = 204.157.42.0
IP Routing = disabled
ISDN Line Protocol = PPP
Dial Out Phone # = 5411
PAP Password = “stone”
IP Address = (none)
IP Routing = disabled
Bridging = enabled
Bridging = enabled
Make calls for Bridge data = disabled
Make calls for Bridge data = enabled
Notes: The DHCP Server must have a route specified to get back to the DHCP-enabled router
Alex, or use Alex as its default gateway.
When you are using a RLAN Interface, you are limited to one subnetwork.
264
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
DHCP Proxy Client
DHCP PROXY CLIENT
CONFIGURING THE DHCP PROXY CLIENT
In order to configure the DHCP Proxy Client, you must first enable the client, and then configure
client information for a WAN or a WAN (Direct Host) type interface.
USING CFGEDIT
1. Select DHCP Configuration from the IP menu.
2. Select DHCP Proxy Client.
3. Follow the onscreen instructions to enable the DHCP Proxy Client. Then return to the IP
Routing Menu.
4. Select IP Interfaces from the IP Routing Menu.
5. Select Add to add a WAN or WAN (Direct Host) interface. Provide pertinent information in
response to the prompts until you reach the DHCP Proxy Client Configuration submenu:
DHCP Proxy Client Configuration for this interface:
(1) Maximum number of IP addresses that can be obtained is 0.
(2) Number of IP addresses to pre-fetch is 0.
(3) LAN port to reach DHCP server on is 1.
Select function from above or <RET> for previous menu:
6. Select “1”. Enter the maximum number of IP addresses that may be obtained from a DHCP
server for this interface.
7. Select “2”. Enter the number of IP addresses (obtained from DHCP servers) that should be
available at all times for remote devices on this interface.
8. Select “3”. Enter the number of the LAN Port to use to reach a DHCP Server.
9. Press <RET> to display the newly-configured interface, and select “Y” (yes) to confirm its
addition to the configuration.
USING MANAGE MODE
dhcp
Displays the current DHCP configuration values.
dhcp change
Displays the same DHCP menu as CFGEDIT, allowing you to change the current DHCP
configuration.
Workgroup Remote Access Switch
265
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
DHCP CONFIGURATION ELEMENTS
DHCP PROXY CLIENT ENABLE/ DISABLE FLAG
A global flag that indicates whether the DHCP Proxy Client feature is enabled or not. The proxy
client is disabled by default.
MAXIMUM NUMBER OF IP ADDRESSES
Refers to the maximum number of IP addresses obtained from DHCP servers for this network
interface. This number of IP addresses can be leased from DHCP servers for this interface and
placed into the IP Address Pool. The range of this configuration value is 0 to “x” where “x” is the
size of the Address Pool. The default for this value is 0.
Note: If all available entries in the IP Address Pool are assigned to one IP network interfaces’s
maximum, there will not be any more available for other interfaces. Therefore, take care to
plan accordingly.
NUMBER OF IP ADDRESSES TO PRE-FETCH
The configured number of IP addresses to have available at all times for an IP network interface.
This means that the IP addresses have been placed in the IP Address Pool, but have not yet been
leased to any remote devices. These IP addresses are sitting in the IP Address Pool waiting to be
claimed by remote devices. The range of this configuration value is 0 to “x” where “x” is the
maximum IP addresses to obtain for the IP network interface. The default for this value is 0.
LAN PORT ON WHICH TO REACH THE DHCP SERVER
This configuration value contains the number of the LAN port to use in order to reach a DHCP
server. The range of this value is 1 to “x” where “x” is the number of configured LAN ports. The
default for this value is 1.
DHCP BACKGROUND INFORMATION
The DHCP Proxy Client feature enables the CyberSWITCH to dynamically obtain IP addresses
CyberSWITCH to access the DHCP server to allocate IP addresses to all types of remote IP devices,
rather than maintaining separate IP address pools for separate devices.
Remote IP devices that use PPP to connect to the CyberSWITCH use PPP IPCP IP Address
negotiation to dynamically obtain their IP addresses. In general, those devices are not capable of
using DHCP to obtain the dynamic IP addresses. However, with the DCHP Proxy Client feature,
the CyberSWITCH “pretends” to be a DHCP client. When a connection is established and a remote
IP host device requests an IP address, the CyberSWITCH (acting as a DHCP client) obtains an IP
address from the DHCP server. It then gives it to the remote device via IPCP.
The CyberSWITCH is capable of prefetching some number of IP addresses so that connections can
be established faster. You may configure two numbers for each WAN type network interface: the
number of the IP addresses to prefetch (“x”), and the maximum number of IP addresses to obtain
(“y”). The CyberSWITCH will prefetch “x” IP addresses for the network interface until it has
obtained “y” addresses. For example, if the number to prefetch is 3, and the maximum number is
5, then 3 IP addresses will be prefetched immediately. As one IP address is assigned to a remote
device, one IP address is obtained from a DHCP server until the total of 5 IP addresses have been
obtained.
266
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING ADVANCED IP ROUTING
DHCP Proxy Client
The DHCP Proxy Client feature is not applicable for the CyberSWITCH running in IP HOST mode.
DHCP servers must support use of the broadcast bit in order to obtain IP addresses for WAN (Direct
Host) interfaces.
SAMPLE CONFIGURATION: IP ROUTER WITH DHCP PROXY CLIENT
The following illustrates a typical use of the DHCP Proxy Client. This configuration has the DHCP
server and the CyberSWITCH located on the same LAN:
DHCP Server
192.168.1.5
ETHERNET
IPCP Remote Device
("Summer")
192.168.1.168
ISDN
192.168.10.168
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
B
1
4
B
1
6
B
2
6
B
2
8
B
3
CSX1200
IP Router w/ DHCP
Proxy Client ("Chloe")
In this configuration, the remote IPCP device, “Summer”, is able to negotiate and obtain its IP
address from the system’s IP Address Pool. IP addresses have been obtained from the DHCP server
for the WAN interface 192.168.10.0. The following describes the configuration necessary for the
CyberSWITCH (IP router) in the above diagram.
Workgroup Remote Access Switch
267
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Configuration for IP Router “Chloe”
System Information:
System Name = Chloe
System Password =pets
Security Level = Device Level (On-node
Device Database, PAP security)
Bridging disabled
IP enabled (router mode)
I/ F = LAN (192.168.1.168); LAN port 1
I/ F = WAN explicit (192.168.10.168)
DHCP related:
max addrs to obtain=10
num addrs to pre-fetch=5
LAN port to reach server=1
DHCP configuration:
Relay Agent disabled.
Proxy Client enabled.
Device = “Summer”
ISDN Line Protocol = PPP
PAP Password = “dogs”
IP Address = (none)
IP Routing = enabled
IP callable = disabled
Bridging = disabled
268
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
OVERVIEW
IPX protocol accepts data from remote devices and formats the data for transmission onto the
network, and conversely, accepts data from the LAN and formats it so it can be understood by
remote devices. In short, IPX allows remote devices and their servers to communicate.
The CyberSWITCH supports the standard method of routing datagrams over a network. The
system provides bandwidth management features to make the interconnection of IPX networks
cost effective over demand type connections like ISDN. Additional security features provide data
privacy for networks using IPX that are connected by the system.
By default, IPX routing is disabled when you first install your system software. After IPX routing
is enabled, the full IPX feature is available for configuration. The IPX configuration process
includes:
•
Note: You must configure some type of network security in order to provide IPX routing over
WAN connections.
In addition, with the availability of Triggered RIP/ SAP, you most likely will not need to
configure static routes and services. However, Cabletron still supports them. Situations
may arise in which a remote router cannot implement Triggered RIP/ SAP. In that case, you
then have the option of configuring static routes and services.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
CONFIGURING IPX INFORMATION
Note: IPX is available only if you have purchased the additional software module for our IPX
feature.
To help you configure your IPX information, we have included an illustration of a sample network.
As we explain the steps, we provide sample CFGEDIT screens. The screens include information
from the sample network. You may find it helpful to refer to the graphic and to the sample screens
for clarification while completing your IPX configuration.
CSX5500
Remote Router
CSX1200
External Network
Number
11111111
33333333
55555555
Internal Network
Number
12F8
3A11
n/ a
Server
Network #11111111
CSX1200
(IPX Router)
LAN
RX 10BASE
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
Network #
55555555
CSX1200
ISDN
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
Remote2
(Remote Bridge)
Remote1
(Router)
Network # 33333333
Node # 0409A0000001
File Server
270
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX Routing Option
IPX ROUTING OPTION
ENABLING/DISABLING IPX
Note: The CyberSWITCH does not currently provide IPX data transfer over X.25 links.
USING CFGEDIT
1. Select Options from the main menu.
2. Select IPX Routing from the Options menu. The following menu will be displayed:
IPX Menu:
1) IPX Routing (Enable/Disable)
Select function from above or <RET> for previous menu: 1
The IPX Routing feature is currently DISABLED.
Do you wish to ENABLE the IPX feature (Y or N) [default = N]? Y
The IPX Routing feature is currently ENABLED.
Press any key to continue.
3. As illustrated on the sample screen above, follow the onscreen instructions to enable IPX
routing. The following extended IPX menu will be displayed:
IPX Menu:
1) IPX Routing (Enable/Disable)
2) IPX Internal Network number
3) IPX Interfaces
4) Routing Protocols (Enable/Disable)
5) IPX Static Routes
6) NetWare Static Services
7) IPX Spoofing Information
8) IPX Type 20 Protocol
9) Isolated mode (Enable/Disable)
10) Triggered RIP/SAP
Select function from above or <RET> for previous menu:
You will use this menu to complete the IPX configuration.
IPX OPTION CONFIGURATION ELEMENT
STATUS
IPX can be either enabled or disabled, with disabled being the default. If the option is set to enable,
the system will process and forward IPX data packets at the IPX network layer. If the option is set
to disable, the system will process and forward IPX data packets at the MAC or bridging layer.
Workgroup Remote Access Switch
271
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IPX OPTION BACKGROUND INFORMATION
The Internetwork Packet Exchange (IPX) protocol is a datagram, connectionless protocol in the
NetWare environment analogous to the Internet Protocol (IP) in the TCP/ IP environment. With the
help of Routing Information Protocol (RIP) and Service Advertising Protocol (SAP), the IPX router
performs the network layer tasks of addressing, routing and switching information packets, to
move packets from one location to another in a complex network.
The CyberSWITCH supports the standard method of routing Novell® IPX datagrams over an
internetwork. The system provides bandwidth management features to make the interconnection
of IPX networks cost effective over demand type connections like ISDN. Additional security
features provide data privacy for Novell networks connected by the system.
Over the last few years Novell has evolved their WAN IPX routing model. Originally the Novell
IPX router supported numbered WAN network interfaces only. That is, a unique IPX network
number was assigned to each WAN port on the router.
Novell then migrated to an unnumbered WAN network interface in their latest versions of their
IPX router. When two routers communicate, they will try to use the unnumbered network interface
type. If both routers support this type of interface they will agree on this and initiate data transfer.
If one router does not support the unnumbered type, the newer router will defer to the older router
and agree to use a numbered type interface. The new router will let the older router assign the
network number for the WAN link.
IPX INTERNAL NETWORK NUMBER
CONFIGURING THE IPX INTERNAL NETWORK NUMBER
USING CFGEDIT
1. Press 2 at the IPX menu to configure the IPX internal network number.
2. As prompted, enter the hexadecimal internal network number for the IPX router (the
CyberSWITCH). In our example, this is 12F8.
USING MANAGE MODE COMMANDS
ipxinet
Allows you to enter the hexadecimal internal network number for the IPX router.
IPX INTERNAL NETWORK NUMBER CONFIGURATION ELEMENT
IPX INTERNAL NETWORK NUMBER
This number uniquely identifies a specific IPX router in the internetwork. In the Novell
environment, an IPX internal network number must be assigned to all IPX file servers, including
IPX routers. This number is an arbitrary value, assigned when the IPX router is configured. It may
be 1 to 8 hexadecimal digits in length (up to 4 bytes).
272
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX Network Interfaces
IPX NETWORK NUMBER BACKGROUND INFORMATION
Novell NetWare networks use IPX external and internal network numbers. An IPX internal network
number is a unique identification number assigned to a network server or router at the time of
installation. Servers and routers periodically broadcast their numbers across the network to
advertise their presence. Each server/ router must have a unique internal network number to
distinguish itself from other servers/ routers. A second address, an IPX external network number,
must be assigned to identify the network to which the server/ router belongs. Unlike the internal
network number, all servers/ routers connected to the same network must be assigned the same
external network number in order to communicate.
IPX NETWORK INTERFACES
The IPX feature on the CyberSWITCH supports the following three network interfaces:
•
•
•
LAN
WAN
Remote LAN
The Remote LAN interface allows the CyberSWITCH to connect to remote bridge devices over the
WAN. In other words, when incorporating a Remote LAN interface along with traditional WAN
interfaces, the CyberSWITCH can connect to routers or bridges or a mix of both. The
CyberSWITCH (acting as an IPX router) treats all bridge devices connected to the Remote LAN as
if they were on an Ethernet LAN segment.
Both LAN and Remote LAN network interfaces must be configured. WAN network interfaces, on
the other hand, do not explicitly need to be configured. These are dynamically assigned by the
CyberSWITCH when a WAN connection is established to another router.
CONFIGURING IPX NETWORK INTERFACES
USING CFGEDIT
1. Press 3 from the IPX menu to configure the IPX interface information.
2. Press 1 to add an interface.
3. Select the interface type from the displayed list (LAN or WAN [Remote LAN]).
4. Enter the user-defined interface name.
5. Enter the hexadecimal IPX external network number for the LAN or the Remote LAN, as
applicable.
6. Enter the LAN port number of the interface, if applicable.
7. Select the packet encapsulation type from the displayed list.
8. Enter the MTU size. Note that the maximum value for the MTU size varies based on the packet
encapsulation type chosen.
Workgroup Remote Access Switch
273
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
9. If IPX RIP has been enabled for the system, enter the following:
a. RIP send control (do not respond or respond)
b. frequency (in seconds) of sending RIP updates
c. RIP receive control (do not respond or respond)
d. time (in seconds) to age RIP entries
e. RIP respond control (do not respond or respond)
10. If IPX SAP has been enabled for the system, enter the following:
a. SAP send control (do not respond or respond)
b. frequency (in seconds) of sending SAP updates
c. SAP receive control (do not respond or respond)
d. time (in seconds) to age SAP entries
e. SAP respond control (do not respond or respond)
11. After all the interface information has been entered, a summary screen will be displayed
similar to the sample screen below:
Current Configuration for INTERFACE "lanport1":
Interface Type
IPX Network Number
MTU (bytes)
Encapsulation
LAN Port
LAN
11111111
1497
Ethernet 802.2
1
RIP Configuration:
Send Control
Send
60 seconds
Receive
180 seconds
Respond
Send Frequency
Receive Control
RIP entry Ageing Time
Respond Control
SAP Configuration:
Send Control
Send
Send Frequency
Receive Control
SAP entry Ageing Time
Respond Control
60 seconds
Receive
180 seconds
Respond
Are you sure you want to add the INTERFACE "lanport1" (Y or N) [Y]? Y
12. As shown above, enter “Y” to save the interface configuration.
13. Repeat this procedure to add additional interfaces.
USING MANAGE MODE COMMANDS
ipxnetif
Displays the current IPX network interface data.
ipxnetif [add/change/delete]
Allows you to add/ change/ delete an IPX network interface.
274
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX Network Interfaces
IPX NETWORK INTERFACE CONFIGURATION ELEMENTS
GENERAL IPX NETWORK INTERFACE CONFIGURATION ELEMENTS
INTERFACE TYPE
When configuring an IPX Network interface, this parameter specifies the type of network segment
to which the network interface connects. The network Interface type of LAN indicates that the
system is physically connected to an Ethernet LAN segment. The WAN (Remote LAN) interface
allows the system to connect to remote bridge devices. The traditional WAN interface allows the
system to connect to other routers.
In a system using all three interfaces, both the LAN and Remote LAN interfaces must be
configured. However, traditional WAN network interfaces do not explicitly need to be configured.
These interfaces are dynamically assigned by the system when a WAN connection is established to
another IPX router.
IPX NETWORK NUMBERS
Unique, user-assigned numbers (internal or external) associated with the network. These
parameters are hexadecimal values from 1 to 4 bytes in length, and may range from 1 to ffff. (“0” is
invalid.) An IPX internal network number corresponds to the number assigned to a network server
or router. An IPX external network number corresponds to a physical network or cable segment (i.e,
such as a LAN), which may include multiple servers. Unlike the internal network number, all
servers/ routers connected to the same network must be assigned the same external network
number in order to communicate.
MAXIMUM TRANSMISSION UNIT (MTU)
Specifies the maximum number of bytes that can be transmitted on the network interface. Some
devices on the network may not be able to receive large data packets. This parameter allows you to
maintain compatibility with these devices by setting the MTU to agree with that supported by the
device. This parameter is a decimal value from 60 to 1500, depending on the type of datagram
encapsulation selected.
ENCAPSULATION TYPE
Specifies the IPX datagram encapsulation type used by this network interface. NetWare supports 4
types of encapsulation: Novell ETHERNET_SNAP, Novell Ethernet 802.3, Novell ETHERNET_II,
Novell Ethernet 802.2. The Ethernet 802.3 type is the default type for NetWare v2.x and v3.x. The
Ethernet 802.2 type is the default type for NetWare v4.x. Choose the appropriate encapsulation
type for this network segment.
LAN PORT NUMBER
For LAN type network interfaces, this parameter specifies the port number on the Ethernet adapter
to which the network interface is physically connected. This parameter is a decimal value from 1 to
2, depending on the system hardware. Note: this parameter is not used for Remote LAN interfaces.
RIP IPX NETWORK INTERFACE CONFIGURATION ELEMENTS
SEND CONTROL
Specifies how the CyberSWITCH will send RIP information on this network interface. If this
parameter is set to send, the system will transmit IPX RIP packets on this network interface. If this
parameter is set to do not send, the system will not transmit any IPX RIP packets on this network
interface.
Workgroup Remote Access Switch
275
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
SEND FREQUENCY
Specifies the frequency at which the system will transmit RIP packets, if the Send control parameter
is set to send for this interface. This parameter is a decimal value specified in seconds from 1 to 300.
The default value is 60 seconds.
RECEIVE CONTROL
Specifies how the system will process RIP packets received on this network interface. If this
parameter is set to receive, the system will process IPX RIP packets received on this network
interface and update its internal routing tables. If this parameter is set to do not receive, the system
will not process any IPX RIP packets received on this network interface.
RIP ENTRY AGING TIME
Specifies the time it takes for the system to age out and make inactive, a dynamic Routing table
entry learned on this network interface. This parameter is a decimal value specified in seconds from
1 to 180. The default is 180 seconds.
RESPOND CONTROL
Specifies how the system should respond to RIP queries from other devices on this network
interface. If the parameter is set to respond, the system will transmit a RIP response to the
requesting device. If this parameter is set to do not respond, the system will ignore RIP Requests
received on this network interface.
SAP IPX NETWORK INTERFACE CONFIGURATION ELEMENTS
SEND CONTROL
Specifies how the system will send SAP information on this network interface. If this parameter is
set to send, the system will transmit IPX SAP packets on this network interface. If this parameter is
set to do not send, the system will not transmit any IPX SAP packets on this network interface.
SEND FREQUENCY
Specifies the frequency at which the system will transmit SAP update packets, if the Send control
parameter is set to send for this interface. This parameter is a decimal value specified in seconds
from 1 to 300. The default value is 60 seconds.
RECEIVE CONTROL
Specifies how the system will process SAP packets received on this network interface. If this
parameter is set to receive, the system will process IPX SAP packets received on this network
interface and update its internal service tables. If this parameter is set to do not receive, the system
will not process any IPX SAP packets received on this network interface.
SAP ENTRY AGING TIME
Specifies the time it takes for the system to age out and make inactive, a dynamic Service table entry
learned on this network interface. This parameter is a decimal value specified in seconds from 1 to
180. The default is 180 seconds.
RESPOND CONTROL
Specifies how the system should respond to Service queries from other devices on this network
interface. If the parameter is set to respond, the system will transmit a SAP response to the
requesting device. If this parameter is set to do not respond, the system will ignore Service queries
received on this network interface.
276
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX Network Interfaces
IPX NETWORK INTERFACE BACKGROUND INFORMATION
Traditional routing products ask you to define the network interfaces to which the router is directly
connected:
LAN INTERFACES
LAN network interfaces are fixed broadcast media type interfaces. These interfaces are assigned a
specific network number and all devices on that LAN must agree on the IPX network number used
on the LAN segment. The LAN network interface is a regular IPX interface used to connect the
system to the LAN. The Ethernet frame types supported under the IPX protocol include:
•
•
•
Novell 802.3. This is the Novell default frame format for NetWare 2.x and 3.x servers.
Novell SNAP. The DSAP and SSAP values indicate SNAP encapsulation.
Ethernet 802.2. The Novell default frame format with NetWare 4.x software for CSMA/ CD is
Ethernet 802.2. The DSAP and SSAP values indicate that the frame contains an IPX packet.
Novell Ethernet II. Ethernet protocol id field indicates that the frame contains an IPX packet.
•
WAN INTERFACES
The CyberSWITCH connects IPX router devices over ISDN and other digital WAN links. Routers
operate at the network protocol layer and understand the logical topology of the IPX intranet.
The CyberSWITCH uses the NetWare Routing Information Protocol (RIP) to transmit its routing
information on the network. This protocol periodically broadcasts routing table updates on the
network. A dynamically learned entry is aged out of the system’s routing table if the route entry is
not verified by the periodic RIP broadcasts.
In a similar manner, the system uses the NetWare Service Advertisement Protocol (SAP) to
transmit its service table information on the network.
The system supports the standard NetWare RIP and SAP protocols as described in the Novell’s
document, “IPX Routing Specification.”
REMOTE LAN INTERFACES
CyberSWITCH uses a Remote LAN interface to connect remote bridge devices to other IPX router
network interfaces. The IPX router treats all bridge devices connected to the Remote LAN as if they
were on an Ethernet LAN segment. That is, the system emulates an Ethernet medium over the
series of ISDN point-to-point connections. The IPX router encapsulates IPX data for the Remote
LAN interface in Ethernet packets and forwards the data to the remote bridges.
If the remote LAN only has NetWare clients connected to it, these clients will assume the IPX
network number assigned to the Remote LAN interface. For these “simple” remote networks, it is
not required to configure an IPX network number for the remote bridge device. When the bridge
connects, it looks for the first configured IPX Remote LAN interface, and uses it as a default.
Currently, we do not support a remote LAN with both NetWare servers and clients connected to it.
Workgroup Remote Access Switch
277
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IPX ROUTING PROTOCOLS
CONFIGURING IPX ROUTING PROTOCOLS
USING CFGEDIT
1. Select Routing Protocols from the IPX menu. The following will be displayed:
IPX Routing Protocol Menu:
1) IPX RIP Processing is currently ENABLED
2) IPX RIP Table maximum is 282141
3) IPX SAP Processing is currently ENABLED
4) IPX SAP Table maximum number of entries is 282141
Select function from above or <RET> for previous menu:
2. To change the enable/ disable status for any of the IPX protocols, simply enter the Id number
associated with the protocol, and follow the onscreen instructions.
3. To adjust the number of entries in the RIP table, press 2. Enter a value between 20 and 3072.
4. To adjust the number of entries in the SAP table, press 4. Enter a value between 20 and 3072.
USING MANAGE MODE COMMANDS
ipxrip
Displays the current IPX RIP status as either enabled or disabled.
ipxrip [off/on]
Allows you to disable/ enable IPX RIP.
ipxsap
Displays the current IPX SAP status as wither enabled or disabled.
ipxsap [off/on]
Allows you to disable/ enable IPX SAP.
IPX ROUTING PROTOCOL CONFIGURATION ELEMENTS
IPX RIP PROCESSING OPTION
Specifies whether the system should process the NetWare Routing Information Protocol (RIP). If
this option is enabled, you can configure additional RIP options for each network interface, or
remote device table entry. If this option is disabled, the system will not process any NetWare RIP
packets.
IPX SAP PROCESSING OPTION
Specifies whether the system should process the NetWare Service Advertisement Protocol (SAP).
If this option is enabled, you can configure additional SAP options for each network interface, or
remote device table entry. If this option is disabled, the system will not process any NetWare SAP
packets.
278
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX Routing Protocols
RIP/ SAP NUMBER OF TABLE ENTRIES
Specifies the maximum number of routing entries which can be stored in the route or service table.
You may select a number between 20 and 3072. The default value is 141
IPX ROUTING PROTOCOL BACKGROUND INFORMATION
Routing Information Protocol (RIP) and Service Advertising Protocol (SAP) are used to automate
the exchange of information across a network. These discovery protocols reduce the need to
manually update routing and service tables.
IPX RIP is a protocol used to exchange routing information among IPX devices. RIP maintains a
routing table of routing information gathered across the network. RIP broadcasts this information
(either periodically or triggered by events) to update other routers. RIP determines the fastest path
between two points on a network in terms of the number of “ticks” between those points.
IPX SAP is a protocol used to exchange service information among IPX devices. Servers use SAP
packets to advertise their particular services. Routers retrieve these packets and store them in
tables. Like RIP, routers then broadcast this service information to update other routers.
ROUTING/SERVICE TABLES
The system stores IPX routing information in a table. Each time a packet is received, the routing
table is referenced to determine to which network interface to forward the packet. There are three
types of routes stored in this table:
•
•
•
static
RIP (learned)
internal
Static routes are configured locally on the system. These routes are stored, used internally and
advertised to other routers using RIP.
RIP routes are learned from incoming RIP packets. These routes are stored, used internally and
advertised to other routers using RIP.
Internal routes are stored and used by the system exclusively. These include routes for:
•
•
•
the internal network number of this router
the broadcast address for each IPX network interface configured
the individual address for each IPX network interface configured
The maximum number of routes to be stored depends on the size and topology of the IPX network.
Routers in the same network may have large differences in the maximum number of routes they
store just because of their location in the network. Because of these factors, and limited memory in
the router, the maximum number of routes for each router must be configurable.
Similarly, the system also stores IPX service information in a table. Each time service information
is requested, the service table is referenced to determine the IPX address of the server. The
following service entries are stored in this table:
•
•
static
SAP
Workgroup Remote Access Switch
279
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Static services are configured locally on the system. SAP entries are learned from incoming SAP
packets. All services are stored, used internally and advertised to other routers.
The same factors that affect the maximum number of routes stored also affect the maximum
number of services stored. Because of these factors, the maximum number of services for each
router must be configurable.
Each route or service entry requires memory. So increasing the number of entries may reduce the
amount of memory available for other system features (such as compression). Each 1KByte of
memory provides approximately 6 route entries or 4 service entries. If you configure the maximum
number of table entries allowable (3072), you will consume 471 KB for the routing table, and 639
KB for the service table.
We recommend you size both of these tables to be at least 10% larger than their steady-state size to
allow for network growth. However, you may choose a larger or smaller percentage, based on
memory availability.
SPECIAL CONSIDERATIONS - REMOTE LAN INTERFACE
If using a router-to-router WAN interface, the routers at both ends participate in RIP and SAP
protocols. The routers intelligently process RIP and SAP messages and can be configured to only
send them when required. However, if using a Remote LAN interface, one end-point of the
connection is a bridge. The bridge does not understand RIP and SAP protocols; therefore, RIP/ SAP
messages appear as background broadcast traffic. This traffic may cause dial-up links to remain
established for long periods of time. For more efficient operation, consider the following when
using a remote LAN interface:
•
Link utilization parameters. Most bridges and routers allow you to configure link utilization
thresholds that determine how long a dial-up connection will stay up. If your dial-up link stays
up for longer than required, verify that the link utilization parameters are set properly for the
connection.
•
Trace facilities. Many types of background traffic can keep the dial-up connection active. Using
a trace facility or traffic analyzer, determine what type of traffic is keeping the link up. If you
determine that RIP or SAP traffic is keeping the link up, consider the following:
a. If the remote LAN has only clients, consider setting the RIP and SAP settings on the
interface to Do Not Send, Receive and Respond. These settings will allow the system to
process the clients’ requests for servers, yet should prevent the system from keeping the
connection up unnecessarily. In addition, consider adding filters to the bridge (to prevent
any background traffic from devices on the remote LAN from keeping the line up), or
disable the devices’ ability to send such traffic in the first place.
b. If the remote LAN has any servers or routers, the situation becomes more difficult. In such
applications, we recommend a router-to-router WAN interface rather than a remote LAN
interface. However, if you still want to use a remote LAN interface, consider adjusting
throughput monitoring parameters on both peers to drop the connection when only RIP
and SAP activity is present. Or, disable RIP and SAP activity altogether and configure static
routes and services.
•
If phone costs are of no concern, simply enable Send, Receive, and Respond for both RIP and
SAP.
280
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX Static Routes
IPX STATIC ROUTES
no longer necessary but still supported. Situations may arise in which a remote router does
not support our implementation of Triggered RIP/ SAP. In this case, it would be necessary
to configure a static route to that particular router.
CONFIGURING IPX STATIC ROUTES
USING CFGEDIT
1. From the IPX menu, select IPX Static Routes.
2. Select Add a static route.
3. Enter the hexadecimal destination IPX network number.
4. Enter the device name or the hexadecimal IPX node address of the next hop device. Note that
the remote device name must be present in the on-node device database if the system is
configured for device level authentication.
5. Enter the number of hops for this route.
6. Enter the number of ticks for this route.
7. Select a RIP propagation scheme from the displayed list. Note that the third option (propagate
only when the Next Hop is connected) is displayed only when the static route Next Hop is
accessed over the WAN.
8. After all static route information has been entered, a similar screen will be displayed:
There are currently no IPX Static Routes configured.
Enter (1) to Add a STATIC ROUTE or press <RET> for previous menu? 1
Enter the hexadecimal Destination IPX Network Number
or <RET> to cancel? 33333333
Enter the device name or the hexadecimal IPX Node Address
of the Next Hop device or <RET> to cancel? remote1
Enter the number of hops for this route [default = 2]? 2
Enter the number of ticks for this route [default = 2]? 2
RIP Propagation Control:
1) Do Not Propagate.
2) Always Propagate.
3) Propagate only when the Next Hop is connected.
Enter a RIP Propagation Scheme from the above menu [default = 3]? 3
9. Follow the onscreen instructions to save the configured static route information.
Workgroup Remote Access Switch
281
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
USING MANAGE MODE COMMANDS
ipxroute
Displays the current IPX routes (both statically entered and "learned").
ipxroute [add/change/delete]
Allows you to add/ change/ delete an IPX route.
IPX STATIC ROUTES CONFIGURATION ELEMENTS
DESTINATION NETWORK
The IPX network number reachable through this static route entry. This parameter is a hexadecimal
value from 1 to 4 bytes in length.
NEXT HOP
The device name or IPX Network address of the next hop device that provides access to the
destination IPX network. If a name is specified, it can be either a on-node device database name or
a name configured in an off node authentication server data base. The name must be a valid Device
table entry if the system is configured for on-node device table data base authentication. The name
is not validated if the system is configured for off-node server authentication. You may specify the
IPX Network address of the next hop device for routes accessed via a LAN or a WAN Remote LAN
network interface. The IPX network address is specified as a 4 byte hexadecimal IPX network
number and a 6 byte hexadecimal node address. The two values are separated by a “:”, colon
character.
NUMBER OF HOPS
Indicates the number of routers that are traversed in order to reach the destination IPX network.
This number is used to calculate the best route to the destination IPX network when multiple routes
exists. This parameter is a decimal value from 1 to 15.
NUMBER OF TICKS
Indicates the time, in ticks, that a packet will take to reach the destination IPX network. A tick is
approximately 1/ 18th of a second. This number is used to calculate the best route to the destination
IPX network when multiple routes exists. This parameter is a decimal value from 1 to 15.
RIP PROPAGATION
Indicates how the system will advertise the IPX route defined by this static route entry. If you
choose “Do not Propagate”, the system will not advertise this route table entry at any time. If you
choose “Always Propagate”, the system will advertise this route table entry as part of the normal
routing table advertisement protocol processing. If you choose “Propagate only when the Next
Hop is connected”, the system will only advertise this route table entry if the destination network
is reachable over the WAN and the next hop device is actively connected to the system.
IPX STATIC ROUTES BACKGROUND INFORMATION
You may configure static routing entries to access WAN networks that are not directly connected
to the system, or to access a LAN network through a router that does not support RIP. IPX static
routes specify the IPX network number of the next hop device that provides access to the
destination IPX network. The IPX static route is used with the IPX NetWare Static Services
configuration to provide a route to servers.
282
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX NetWare Static Services
IPX NETWARE STATIC SERVICES
is no longer necessary but still supported. Situations may arise in which a remote router
does not support our implementation of Triggered RIP/ SAP. In this case, it would be
necessary to configure a static service for that particular router.
CONFIGURING IPX NETWARE STATIC SERVICES
USING CFGEDIT
1. Press 6 from the IPX menu to configure a NetWare static service entry.
2. Press 1 to begin the configuration of a NetWare static service entry.
3. Enter the user-defined service name.
4. Enter the hexadecimal service type.
5. Enter the hexadecimal IPX network number for this service.
6. Enter the hexadecimal IPX node number for this service.
7. Enter the hexadecimal IPX socket number for this service.
8. Enter the number of hops to this service.
9. Select the SAP propagation control. Note that the third option (propagate only when the Next
Hop is connected) is displayed only when the static route Next Hop is accessed over the WAN.
10. After all NetWare static service information has been entered, a screen similar to the following
sample screen will be displayed:
Service Name
Admin
Service Type
0x0004 File Server
33333333:0409a0000001:0451
Network Address
Number of Hops
SAP Propagation
2
Propagate only when the Next Hop is connected
Are you sure you want to add the STATIC Service (Y or N) [Y]? <RET>
11. Press "Y" to save the static service configuration.
USING MANAGE MODE COMMANDS
ipxsvc
Displays the current IPX service data (both statically entered and "learned").
ipxsvc [add/change/delete]
Allows you to add/ change/ delete an IPX service.
Workgroup Remote Access Switch
283
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IPX NETWARE STATIC SERVICES CONFIGURATION ELEMENTS
SERVICE NAME
Specifies the NetWare service name that is the target of this static service definition. This parameter
is a 48 character NetWare service name.
SERVICE TYPE
Indicates the type of NetWare service that is the target of this static service definition. You may
enter the hexadecimal service type value, or request a list of common service types. Some common
NetWare service types are
•
•
•
•
•
•
0x0004 File Server
0x0005 Job Server
0x0007 Print Server
0x0009 Archive Server
0x0047 Advertising Print Server
0xFFFF All Services
IPX NETWORK NUMBER
The IPX network number where the service is located. This parameter is a hexadecimal value from
1 to 4 bytes in length.
IPX NODE NUMBER
The IPX node number of the NetWare device where the service is located. This parameter is a
hexadecimal value 6 bytes in length.
IPX SOCKET NUMBER
The IPX socket number where the service is located. This parameter is a hexadecimal value 2 bytes
in length. Some common IPX Socket numbers are:
•
•
•
•
•
•
0x0451 NetWare Core Protocol (File Server)
0x0452 Service Advertising protocol
0x0453 Routing Information protocol
0x0455 NetBIOS Protocol
0x0456 Diagnostic packet
0x0457 Serialization Packet
NUMBER OF HOPS
Indicates the number of routers that are traversed in order to reach this Service. This number is
used to calculate the best route to the destination Service when multiple routes exists. This
parameter is a decimal value from 1 to 15.
SAP PROPAGATION
Indicates how the system will advertise the NetWare Service defined by this static service entry. If
you choose “Do not Propagate”, the system will not advertise this service table entry at any time.
If you choose “Always Propagate”, the system will advertise this service table entry as part of the
normal service table advertisement protocol processing. If you choose “Propagate only when the
Next Hop is connected”, the system will only advertise this route table entry if the destination
network is reachable over the WAN and the next hop device for the route entry is actively
connected to the system.
284
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX Spoofing
IPX NETWARE STATIC SERVICES BACKGROUND INFORMATION
This IPX feature allows you to configure service servers that are on networks across the WAN. The
IPX NetWare Static Services configuration tells the system which servers are available for access.
The static route configuration tells the system how to get to the network on which the servers are
located.
IPX SPOOFING
CONFIGURING IPX SPOOFING
USING CFGEDIT
1. Press 7 from the IPX menu to configure IPX spoofing options. The following screen will be
displayed. Note that each spoofing parameter has a global flag that controls which spoofing
configuration level should be used: system level or device level.
IPX Spoofing Menu:
1) IPX Watchdog Spoofing Configuration
2) SPX Watchdog Spoofing Configuration
3) Serialization Packet Handling
4) Message Packet Handling
Select function from above or <RET> for previous menu:
2. Press 1 to configure IPX watchdog spoofing. An IPX watchdog spoofing menu will be
displayed.
a. Press 1 to select the IPX watchdog spoofing configuration level. Follow the onscreen
instructions to select either device level or system level spoofing. Return to the IPX
watchdog spoofing menu.
Note: If device level spoofing is selected, the system will use each individual device’s
spoofing configuration. If system level spoofing is selected, the global spoofing
configuration will apply to all devices, regardless of their individual spoofing
configurations.
b. Press 2 to select the system IPX watchdog spoofing level. The default values for all
parameters will be displayed. Enter the Id of any parameters you need to change. Follow
the onscreen instructions for changing the default values. Return to the IPX spoofing menu.
3. Press 2 to configure SPX watchdog spoofing. An SPX watchdog spoofing menu will be
displayed.
a. Press 1 to select the SPX watchdog spoofing configuration level. Follow the onscreen
instructions to select either device level or system level spoofing. Return to the SPX
watchdog spoofing menu.
b. Press 2 to select the system SPX watchdog spoofing level. The default values for all
parameters will be displayed. Enter the Id of any parameters you need to change. Follow
the onscreen instructions for changing the default values. Return to the IPX spoofing menu.
4. Press 3 to configure the serialization packet handling. A serialization packet handling menu
will be displayed.
a. Press 1 to select the serialization packet handling configuration level. Follow the onscreen
instructions to select either device level or system level. Return to the serialization packet
handling menu.
Workgroup Remote Access Switch
285
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
b. Press 2 to select the system serialization packet handling level. The default values for all
parameters will be displayed. Enter the Id of any parameters you need to change. Follow
the onscreen instructions for changing the default values. Return to the IPX spoofing menu.
5. Press 4 to configure the message packet handling. A message packet handling menu will be
displayed.
a. Press 1 to select the message packet handling configuration level. Follow the onscreen
instructions to select either device level or system level. Return to the message packet
handling menu.
b. Press 2 to select the system message packet handling level. The default values for all
parameters will be displayed. Enter the Id of any parameters you need to change. Follow
the onscreen instructions for changing the default values. Return to the IPX spoofing menu.
USING MANAGE MODE COMMANDS
ipxspoof
Allows you to configure system level spoofing data.
IPX SPOOFING CONFIGURATION ELEMENTS
CONFIGURATION LEVEL
Allows you to choose either device level or system level configuration for the following IPX
elements:
•
•
•
•
IPX watchdog spoofing
SPX watchdog spoofing
serial packet handling
message packet handling
PACKET HANDLING METHOD
Available for Serial Packet Handling and Message Packet Handling. Allows you to select the
system level method of handling packets. You may choose from the following packet handling
methods:
•
•
•
always discard
forward only when connected
always forward
IPX SPOOFING BACKGROUND INFORMATION
NetWare was designed for the LAN environment, and assumes that there is always available
bandwidth. Because of this, NetWare protocols are not well suited to WANs. Special handling must
be given to the NetWare protocols to prevent them from causing excessive ISDN connections. The
special handling of NetWare protocols in a routing environment consists of spoofing and automatic
filters.
Spoofing is a method to prohibit excessive ISDN connections. When a request packet is received
that should be routed over the WAN, yet there is no connection up to the remote device, the
spoofing process internally generates a desired response packet. The NetWare protocols that
require spoofing are the Watchdog Protocol and the Sequence Packet Exchange (SPX) Protocol.
Automatic filters are also used to prohibit excessive ISDN connections caused by the NetWare
protocols.
286
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX Spoofing
WATCHDOG PROTOCOL
Watchdog Protocol is used by NetWare Servers to detect “dead” clients. If no traffic has been seen
by a server from an attached client for a configurable amount of time, the server sends a watchdog
packet to the client to determine if the client is still alive or merely inactive. If, after a few minutes,
a watchdog reply is not received by a server, it is assumed that the client is no longer alive and the
connection to the server is terminated.
If no connection exists to a device and the server sends a watchdog request to a remote client, a
connection would have to be established to deliver the watchdog request. With watchdog spoofing
enabled, a watchdog response is generated internally and delivered to the server as if the packet
was sent by the remote client. This satisfies the server without causing a connection to be
established. To allow a server to timeout a client that is no longer alive, the watchdog requests are
forwarded over the WAN when a connection already exists. In addition, a watchdog spoofing
duration time, T, can be specified. When the connection is down to a device and a watchdog request
is received that should be forwarded to this device, a watchdog response will be spoofed for T
amount of time. After T amount of time, the watchdog request will be filtered without generating
a response. The duration timer T starts when a device is disconnected and is reset each time a new
connection is established.
This above described implementation will be followed for watchdog request packets received over
the LAN and the WAN. If a watchdog request is received over the WAN and it is determined that
a spoofed watchdog response should be generated, it will be returned over the same WAN
connection on which it was received.
The implementation of watchdog spoofing eliminates unnecessary connections while allowing
clients to be aged out and does not require any client side spoofing or end-to-end-protocol.
The parameters for watchdog spoofing are configured for each remote device. The watchdog
spoofing option can be enabled or disabled. By default the option is enabled. When disabled the
watchdog requests are routed without any special handling. If the option is enabled, the watchdog
spoofing duration time T is specified in minutes. The default is set to 120 minutes.
SPX PROTOCOL
SPX Protocol is optionally used by NetWare applications requiring guaranteed, in-sequence
delivery of packets by a connection-oriented service. Each end of an SPX connection sends keep-
alive packets, identified as <SYS> packets, to monitor the status of the connection.
The SPX protocol ensures connection integrity by exchanging a keep-alive packet between the
connection end-points, once every 6 seconds. If an SPX keep-alive packet is received that is destined
for a remote device and no connection exists to the device, a connection would have to be
established to deliver the packet. The keep-alive packets are handled using the same approach
being used for server watchdog request packets. With SPX spoofing enabled, a keep-alive is
generated internally and delivered to the local endpoint as if the packet was sent by the remote
endpoint. This satisfies the local endpoint without causing a connection to be established. To allow
an SPX connection to timeout the keep-alives are forwarded over the WAN when a connection
already exists. In addition, an SPX spoofing duration time T can be specified. When the connection
is down to a device and a keep-alive is received that should be forwarded to this device, a keep-
alive will be spoofed for T amount of time. After T amount of time, the keep-alive will be filtered
Workgroup Remote Access Switch
287
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
without generating a keep-alive response. The duration timer T starts when a device is
disconnected and is reset each time a new connection is established.
Some of these <SYS> packets are overloaded in that they are not just keep-alive packets but are
control packets needed for the application to run successfully and hence have to be routed like
regular SPX data packets. If any NetWare application does not seem to work across WANs, it may
be because of the mishandling of these <SYS> packets and can be traced by disabling SPX keep-
alive spoofing.
This above described implementation is followed for keep-alive packets received over the LAN and
the WAN. If a keep-alive is received over the WAN and it is determined that a spoofed keep-alive
should be generated, it will be returned over the same WAN connection on which it was received.
The parameters for SPX spoofing are configured for each device. The SPX spoofing option can be
enabled or disabled. By default the option is enabled. When disabled the SPX keep alives are routed
without any special handling. If the option is enabled the SPX spoofing duration time T is specified
in minutes. The default is set to 120 minutes.
IPX TYPE 20 PACKET HANDLING
CONFIGURING IPX TYPE 20 PACKET HANDLING
USING CFGEDIT
1. Press 8 from the IPX menu to configure IPX type 20 packet handling. The following screen will
be displayed:
IPX Type 20 Packet Handling Menu:
1) IPX Type 20 Packets WAN Forwarding (Enable/Disable)
2) IPX Type 20 Forwarding Devices.
Select function from above or <RET> for previous menu:
2. Press 1 to enable IPX type 20 packet WAN forwarding. Follow the onscreen instructions to
complete the enable process. Return to the IPX type 20 handling menu.
3. Press 2 to add IPX type 20 packet WAN forwarding devices.
a. Press 1 to add a device.
b. Enter the device’s name.
c. From the displayed list, select an IPX type 20 packet forward control method.
USING MANAGE MODE COMMANDS
ipxt20
Allows you to configure IPX type 20 information.
288
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX Isolated Mode
IPX TYPE 20 PACKET HANDLING CONFIGURATION ELEMENTS
IPX TYPE 20 PACKET HANDLING STATUS
You may enable or disable IPX type 20 packet WAN forwarding. When it is enabled, you may
specify devices that can use this feature.
IPX TYPE 20 PACKET HANDLING DEVICE CONFIGURATION ELEMENTS
Once you enable the feature, you can then enter devices to use the feature. The following
configuration elements are entered for each device.
IPX TYPE 20 PACKET DEVICES
The device name of the previously configured device.
IPX TYPE 20 PACKET FORWARD CONTROL METHOD
Allows you to determine under what conditions IPX type 20 broadcast packets will be broadcasted
to the designated device.
IPX TYPE 20 PACKET HANDLING BACKGROUND INFORMATION
In order for certain protocol implementations, such as NetBIOS, to function in the NetWare
environment, routes must allow a broadcast packet to be propagated throughout an IPX internet.
The IPX type 20 packet is used specifically for this purpose.
However, it is not practical, nor sometimes desirable, to propagate broadcast packets over the
WAN. To help you control IPX type 20 packets more flexibly, this configuration allows IPX type 20
broadcast packets to be propagated to only certain remote devices under certain conditions (for
example, only when the connection is up, or always).
IPX ISOLATED MODE
CONFIGURING IPX ISOLATED MODE
USING CFGEDIT
1. Press 9 from the IPX menu to configure the IPX isolated mode.
2. Follow the onscreen instructions to enable or disable the IPX isolated mode.
USING MANAGE MODE COMMANDS
ipxiso
Allows you to enable/ disable IPX isolated mode.
IPX ISOLATED MODE CONFIGURATION ELEMENTS
Isolated Mode Status
You may enable or disable the isolated mode.
Workgroup Remote Access Switch
289
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IPX ISOLATED MODE BACKGROUND INFORMATION
When operating with isolated mode enabled, the CyberSWITCH does not relay IPX datagrams
received from the WAN to other IPX routers/ hosts located on the WAN. IPX datagrams received
from the WAN will be discarded if they need to be forwarded over the WAN. IPX datagrams
received on the LAN interface are forwarded to the proper interface.
IPX TRIGGERED RIP/SAP
IPX Triggered RIP/SAP is a type of broadcast protocol used over WAN circuits for router-to-router
exchange of route and service information. Its broadcasts are “triggered” by events such as updates
or changes to route and service tables. Triggered RIP/ SAP offers an alternative to running periodic
broadcasts over the WAN, and is especially useful when you consider the costs of periodic
broadcasts over WAN links.
Triggered RIP and triggered SAP are user-configurable items which you enable in the on-node
display the devices already configured for these features (i.e., the WAN peer list), as well as
configure global timers (applicable to the RIP or SAP update packets).
DISPLAYING WAN PEER LIST
1. Select Triggered RIP/SAP from IPX Routing Menu. A menu similar to the following will be
displayed:
IPX Triggered RIP/SAP Configuration
1) WAN Peer List
2) Global Triggered RIP/SAP Timers
Select function from above or <RET> for previous menu:
2. Select WAN Peer List. The system displays the configured devices for which the triggered RIP/
Keep in mind that you cannot make changes from this menu; you can only display information. To
290
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX Triggered RIP/SAP
CONFIGURING TRIGGERED RIP/SAP GLOBAL TIMERS
USING CFGEDIT
1. Select Triggered RIP/SAP from the IPX Routing Menu.
2. Select Global Triggered RIP/SAP Timers. A menu similar to the following will be displayed:
Global Triggered RIP/SAP Timers Options:
Current Settings
1)
2)
3)
4)
5)
6)
Database Timer
Hold Down Timer1
Retransmission Timer
Poll Timer
Over Subscription Timer
Maximum Retransmissions
180 sec.
20 sec.
5 sec.
5 min.
180 sec.
10
Select function or press <RET> for previous menu:
3. Select the option you want to adjust.
4. Enter the new value.
CONFIGURATION ELEMENTS
DATABASE TIMER
This timer starts when an update response is received. While this timer is running, the routes
learned from this router are still considered reachable, and advertised as such on other interfaces.
When this timer expires, the routes are considered unreachable and advertised as such until the
hold-down timer expires. Valid range for timer: 1 to 10,000 seconds; default: 180 seconds.
HOLD-DOWN TIMER
While this timer is running, unreachable routes are advertised on other interfaces. This timer starts
when:
•
•
•
the database timer for the route expires
a formerly reachable route changes to unreachable in an incoming response
a WAN circuit goes down
When this timer expires, and the unreachability information is communicated to all the reachable
WAN routers, this route is deleted. Valid range for timer: 1 to 10,000 seconds; default: 120 seconds.
RETRANSMISSION TIMER
This timer starts when an update request (or response) packet is sent out. If acknowledgment is not
received by the time this timer expires, the packet is retransmitted. Valid range for timer: 1 to 10,000
seconds; default: 5 seconds.
MAXIMUM RETRANSMISSIONS
This provides a limit on the number of retransmission attempts for an update request (or response)
packet. Maximum number supported: 10.
POLLING TIMER
This is the frequency (in minutes) in which the next-hop WAN router is polled with update
requests, once the maximum retransmission count threshold is exceeded. Polling takes place only
when there is a physical connection; polling does not initiate its own connection. Valid range for
timer: 1 to 10,000 seconds (165 minutes); default: 5 minutes.
Workgroup Remote Access Switch
291
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
OVER-SUBSCRIPTION TIMER
Over subscription is the situation in which there are more next-hop routers on the WAN that need
updates than there are channels available. When a WAN circuit goes down, a delay (per the over-
subscription timer) is incorporated in marking the routes unreachable. This allows the calls to time-
multiplex over the limited channels. Valid range for timer: 1 to 10,000 seconds; default: 180 seconds.
TRIGGERED RIP/SAP BACKGROUND INFORMATION
When there are a large number of remote destinations, the manual configuration of static routes
and services over WAN circuits can pose a burden on system management. Yet running RIP/ SAP
could also be problematic; since these are broadcast protocols, periodic broadcasts may not be
feasible due to cost and bandwidth considerations. Enabling the Triggered RIP/ SAP feature allows
the CyberSWITCH to send information on the WAN only when there has been an update to the
database or a change in the reachability of a next-hop router.
Specifically, triggered RIP and SAP updates are only transmitted on the WAN:
•
•
when a specific request for a routing/ service update has been received;
when the routing or service databases are modified by new information from another interface
(in which case, only the latest changes are sent);
•
•
when a destination has changed from an unreachable to a reachable state; and
when the unit is powered up.
You may customize triggered RIP/ SAP operation to your system’s specific needs through the
global timers. The global timers are user-controlled; they are described in detail in the Configuration
•
•
•
•
•
database timer
hold-down timer
retransmission timer
polling timer
over-subscription timer
IPX-SPECIFIC INFORMATION FOR DEVICES
configure on-node device entries. The following sections provide instructions for entering
on-node device information specific to IPX routing and/ or bridging using the IPX Remote
LAN interface.
CONFIGURING IPX DEVICES
WAN DEVICES
USING CFGEDIT
1. Select Security from the main menu.
2. Select Device Level Databases from the security menu.
3. Select On-node Device Entries from the authentication database menu.
292
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX-Specific Information for Devices
4. Press 1 to add a device.
information first.
6. Select IPX. A screen similar to the following will be displayed:
Device IPX Configuration Menu: (Device = "remote1")
1) IPX Routing
DISABLED
DISABLED
DISABLED
NONE
2) Make calls for IPX data
3) IPXWAN Protocol
4) Routing Protocol
5) Spoofing Options
Select function from above or <RET> for previous menu:
7. Enable IPX routing. Select IPX Routing and follow on-screen instructions.
8. Enable make calls feature. Select Make calls for IPX data and follow on-screen instructions only
if the CyberSWITCH is to dial-out to remote1.
9. Although IPXWAN Protocol appears on the menu, the feature is not yet completely functional.
10. Select Routing Protocol. A menu similar to the following will be displayed:
IPX Device Routing Protocol Menu:
1) None
2) RIP/SAP
3) Triggered RIP/SAP
Enter selection or press <RET> for previous menu [default=None}:3
1) ACTIVE
2) PASSIVE
Triggered RIP/SAP WAN Peer type [default=ACTIVE]: 1
11. Select routing protocol. When you select Triggered RIP/SAP, you will need to identify the WAN
peer type as either active or passive. An active peer receives broadcasts at all times; a passive
peer receives broadcasts only when a connection is up.
12. Select Spoofing Options. Make changes to default spoofing setup, if desired, through the
following menu:
IPX Device Spoofing Menu:
1) IPX Watchdog Spoofing
2) SPX Watchdog Spoofing
3) Serialization Packet Handling
4) Message Packet Handling
Select function from above or <RET> for previous menu: 1
a. Press 1 to configure IPX watchdog spoofing. The following menu will be displayed:
Workgroup Remote Access Switch
293
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Device Level IPX Watchdog Spoofing Menu:
1) Default Handling
2) Handling while the connection is up
is Discard
is Forward
3) Handling for the special period after disconnecting is Spoof
4) Special period of time after disconnecting is 120 Minutes
Select function from above or <RET> for previous menu:
b. The screen includes default configuration values. If needed, make changes to the default
values.
c. Press <RET> to return to the IPX Device Spoofing menu. Press 2 to configure SPX
Watchdog Spoofing. The following menu will be displayed:
Device Level SPX Watchdog Spoofing Menu:
1) Default Handling
2) Handling while the connection is up
is Discard
is Forward
3) Handling for the special period after disconnecting is Spoof
4) Special period of time after disconnecting
is 120 Minutes
Select function from above or <RET> for previous menu:
d. The screen includes default configuration values. If needed, make changes to the default
values.
e. Press <RET> to return to the IPX Device Spoofing menu. Press 3 to configure serialization
packet handling. The following menu will be displayed:
Serialization Packet Handling:
1) Always Discard
2) Forward only when the connection is up
3) Always Forward
Current Serialization Packet Handling is "Forward only when the connection is up".
Select function from above or <RET> for previous menu: 1
f. The screen includes default configuration values. If needed, make changes to the default
values.
g. Press <RET> to return to the IPX Device Spoofing menu. Press 4 to configure message
packet handling. The following menu will be displayed:
Message Packet Handling:
1) Always Discard
2) Forward only when the connection is up
3) Always Forward
Current Message Packet Handling is "Forward only when the connection is up".
Select function from above or <RET> for previous menu: <RET>
h. The screen includes default configuration values. If needed, make changes to the default
values.
294
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX-Specific Information for Devices
REMOTE LAN DEVICES
Remote LAN devices are configured in a slightly different way than WAN devices. Since the
remote device is a bridge and not an IPX router, the IPX options for Remote LAN devices are
configured under the bridge-level options, as follows:
USING CFGEDIT
1. Select Security from the main menu.
2. Select Device Level Databases from the security menu.
3. Select On-node Device Entries from the device level databases menu.
4. Press 1 to add a device.
information first.
6. Select Bridging from the Device Table Menu. A menu similar to the following will be displayed:
Device Bridging: (Device = "remote2")
1) IP (Sub)Network Number
2) Bridging
3) Make calls for bridge data
NONE
ENABLED
DISABLED
4) IPX Remote LAN Network Number NONE
5) IPX Spoofing Options
6) AppleTalk Network Number
NONE
Select function from above or <RET> for previous menu?
7. Enable Bridging and disable Make calls for bridge data.
8. Select IPX Remote LAN Network Number. Provide the external network number for the Remote
LAN interface if desired. The default value, NONE, means the remote IPX external number will
Note: The IPX Spoofing Options selection for Remote LAN devices is for a future release. Do not
try to configure at this time.
USING MANAGE MODE COMMANDS
device add
Allows you to add a device entry to the Device List. You will be prompted for device
information, including IPX information.
device change
Allows you to change information for a specific device entry. This will allow you, for example,
to add IPX information to a previously configured device entry.
Workgroup Remote Access Switch
295
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IPX CONFIGURATION ELEMENTS FOR DEVICES
IPX ROUTING
Indicates that the remote device is an IPX router and that the system should route IPX datagrams
to this device. The system will forward IPX datagrams to this device based on IPX network layer
information if this parameter is set to enabled. The system will not forward IPX datagrams to this
device based on IPX network layer information if this parameter is set to disabled.
MAKE CALLS FOR IPX DATA
Indicates whether the CyberSWITCH should establish a WAN connection in order to forward IPX
datagrams to this remote device. If the CyberSWITCH is properly configured for dial out, and if the
remote device has IPX routing enabled and this Make Calls option enabled, then the CyberSWITCH
will establish a WAN connection to this remote device in order to forward IPX datagrams.
Otherwise, a WAN connection is not established. With triggered RIP/ SAP, this field must also be
IPXWAN PROTOCOL
The IPXWAN protocol option is not yet completely functional. In the future, it will provide
interoperability with Novell products.
IPX ROUTING PROTOCOL
Indicates the method, if any, the remote device will be using to maintain routes and service tables.
NONE
Specifies no RIP and SAP protocols (neither periodic nor triggered). You must configure
static routes and static services.
Use the NONE option when the remote device, such as a single client, does not support
standard RIP/ SAP or triggered RIP/ SAP.
RIP/ SAP
Specifies NetWare Routing Information Protocol (RIP) or NetWare Service Advertisement
Protocol (SAP). IPX RIP/ SAP are broadcast protocols; if enabled, RIP/ SAP periodically
broadcast routing/ service information across WAN circuits. If enabled, you can configure
additional RIP/ SAP options for this entry. If disabled, the CyberSWITCH will not process
any NetWare RIP/ SAP packets.
TRIGGERED RIP/ SAP
Specifies a modified version of RIP/ SAP in which information is broadcast on the WAN
only when there has been an update to the RIP or SAP tables or a change in the reachability
of a next hop router.
WAN PEER TYPE
WAN peer type applies to triggered RIP/ SAP only. The peer type determines how broadcasts are
handled for a specific device if something in the RIP/ SAP table changes:
ACTIVE
An active WAN peer receives broadcasts and conveyed information at all times.
PASSIVE
A passive WAN peer receives broadcasts and/ or conveyed information only when a
connection is up between the router and the WAN peer.
Note that you must enable the Make Calls field and define the WAN peer type as active before the
CyberSWITCH will dial out to this remote device with triggered RIP/ SAP updates.
296
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING IPX
IPX-Specific Information for Devices
BRIDGING
Defines the remote device as a bridge and not an IPX router. Since bridges operate at the MAC
layer, the system must provide MAC layer emulation for remote bridge devices, while continuing
to route the network layer IPX protocol. This field must be enabled for remote LAN devices.
MAKE CALLS FOR BRIDGE DATA
This feature is not yet supported for IPX Remote LANs. Therefore, leave this element disabled.
IPX REMOTE LAN NETWORK NUMBER
Specifies the IPX external network number on the remote LAN. The default value is none.
If you choose to change this parameter, you must specify the IPX external network number used
on the remote LAN in question. This value must be the same as the value configured for the
corresponding IPX Remote LAN interface.
If this parameter remains none, the CyberSWITCH will assume the network number is that of the
first configured IPX Remote LAN interface. This is convenient in applications in which remote
LANs consist only of clients (thus no explicit external network address), all of which are on the
same external virtual LAN.
IPX SPOOFING OPTIONS
For IPX routing, IPX spoofing options are configurable by device, and correspond to the system-
level spoofing options.
For IPX Remote LAN devices, IPX spoofing options are currently not available.
IPX BACKGROUND INFORMATION FOR DEVICES
To configure your CyberSWITCH for IPX routing, you must properly complete the system
parameters that are IPX-specific. These parameters are discussed in the first portion of this chapter.
But, for a remote device to be able to participate in IPX routing or bridging using the IPX Remote
LAN interface, you also need to configure that device with the necessary IPX information. This
information is configured in the on-node device database.
IPX TRIGGERED RIP/SAP DEVICE BACKGROUND
On the on-node device database, choose Triggered RIP/ SAP as the IPX protocol for those remote
devices that will use this protocol to exchange route/ service information with the CyberSWITCH.
When using an off-node server, you need to configure a list of IPX Triggered RIP/ SAP routers.
At initialization time, Triggered RIP/ SAP starts for all on-node devices whose selected protocol is
Triggered RIP/ SAP. The information about IPX Triggered RIP/ SAP may be fetched from an off-
node server, if applicable, and then Triggered RIP/ SAP will start for the configured routers.
Workgroup Remote Access Switch
297
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SNMP
OVERVIEW
A Network Management Station (NMS) is a device that contains SNMP-specific software, giving it
the ability to query SNMPAgents using various SNMP commands. If you have purchased an NMS
(such as Cabletron’s SPECTRUM® Management Platform), you should enable and configure the
CyberSWITCH to be an SNMP Agent. This will allow you to use the NMS to monitor the
On the CyberSWITCH, SNMP is disabled when you first install your system software. (This is the
default.) To enable the CyberSWITCH as an SNMP agent, you must first enable IP routing, then
configure SNMP. SNMP configuration steps include:
•
•
•
•
•
enabling IP routing (if not already enabled)
enabling SNMP
entering Community Name information
entering SNMP trap information (optional)
changing the MIB-2 system group objects (optional)
Notes: The SNMP management station must have the latest enterprise MIB (the ih_mib.asn
file), and the CyberSWITCH must be running the latest software release to take advantage
of the available SNMP features.
If you are using Cabletron’s SPECTRUM® Element Manager™ as NMS, the enterprise MIB
is already built into its software.
If you are using a non-Cabletron product for NMS, you must perform a copy and compile
of the latest enterprise MIB (i.e., the ih_mib.asnfile) on the NMS before beginning the
CyberSWITCH SNMP configuration.
If the NMS SNMP software requires the MIB objects that it manages to be defined in a
format other than ASN.1, the NMS must have some type of “MIB Formatter” or “MIB
Compiler” software. A MIB formatter is SNMP Management Station vendor-specific
software that converts MIB data from ASN.1 format to the format understood by the given
manager. This MIB Formatter software should be executed using the ih_mib.asnfile as
input.
CONFIGURING SNMP
USING CFGEDIT
Before configuring the SNMP Agent, you must have the following information:
•
the Community Name(s) used in SNMP request messages generated by the Network
Management Station
•
•
the IP address of the Network Management Station
the Community Name to be used in Trap messages received by the Network Management
Station
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SNMP
Configuring SNMP
The steps to configure SNMP are:
1. Enable IP routing if you have not already done so.
2. Select SNMP from the Options menu.
3. Follow the onscreen instructions to enable SNMP. The following SNMP menu will then be
displayed:
SNMP Menu:
1) SNMP (Enable/Disable)
2) SNMP Community Name
3) SNMP Trap Information
4) MIB-2 System Group Objects
Select function from above or <RET> for previous menu:
4. Enter the Community Name information.
a. Enter a user-defined Community Name. This is a case-sensitive string of octets used to
identify the community to which an SNMP Manager, along with the Agent(s) that it
manages, belongs. It is used to authenticate an SNMP PDU. The string “public” is a widely
used Community Name.
b. Select the access level associated with the Community Name.
5. Enter the SNMP trap information (optional).
a. Configure IP address(es) and Community Name used in SNMP Trap PDUs.
•
Enter the IP address of the NMS(s) that should receive the traps. The NMS is a device
that contains SNMP management software. A Network Manager can be any type of
computer that is capable of executing the necessary SNMP management software.
Select the Community Name.
•
b. If you want authentication failure traps, follow the onscreen instructions for enabling
them.
c. If you want ISDN B-channel usage traps, follow the onscreen instructions for enabling
them.
d. Set the threshold value for ISDN B-channel usage traps.
6. Optional: change the values of the MIB-2 system group objects.
Workgroup Remote Access Switch
299
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
USING MANAGE MODE COMMANDS
Currently you cannot configure SNMP using the Manage Mode, but the following command is
available:
snmp
This Manage Mode command displays the current SNMP configuration data. An example
output screen is shown below:
MANAGE> SNMP
The SNMP feature is enabled.
Current SNMP COMMUNITY NAME Configuration:
id
---
1
2
3
MIB ACCESS LEVEL
-------------------------------------------
MIB_ADMIN
MIB_USER
MIB_ADMIN
COMMUNITY NAME
public
user
test
Current SNMP TRAP RECEIVER List Configuration:
id
IP ADDRESS
COMMUNITY NAME
----------------------------------------------
1
2
3
128.111.001.001
144.123.111.099
102.003.003.222
public
public
test
The generation of Authentication Failure Traps is disabled.
The generation of ISDN B-Channel Usage Traps is enabled.
The ISDN B-Channel Usage Trap threshold is 5 B-Channels.
SNMP CONFIGURATION ELEMENTS
SNMP STATUS
You may enable or disable the SNMP feature.
COMMUNITY NAME
A 1 to 20 character case-sensitive string that specifies a Community Name that will be accepted by
the SNMP Agent if it is specified in an incoming Request PDU.
MIB ACCESS LEVEL
The MIB Access Level associated with a Community Name must be selected from the supplied list.
It dictates the level of access available to the associated Community Name. The following is a chart
of the three possible access levels and their access privileges.
Access Level
MIB GUEST
MIB USER
Access Privileges
get (read) MIB-2 system group only
get (read) all MIB-2 and Enterprise MIB objects
MIB ADMIN
get (read) all MIB objects and set (write) all MIB objects
that are writable
300
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SNMP
SNMP Background Information
IP ADDRESS
The IP address assigned to the management station that should receive Trap PDUs.
COMMUNITY NAME
A list of configured Community Names will be displayed. Select the Community Name that should
be inserted in the Trap PDUs to be sent to the NMS with the corresponding IP address.
AUTHENTICATION FAILURE TRAPS STATUS
You may enable or disable the generation of SNMP Authentication Failure Traps. The
snmpEnableAuthenTraps object of the MIB-2 SNMP group will be initialized to the enabled status
that is configured here.
ISDN B-CHANNEL USAGE TRAPS STATUS
You may enable or disable the generation of ISDN B-Channel Usage Traps. You can use these
generated traps to monitor the system’s ISDN B-channel usage. There are two distinct ISDN B-
Channel Usage Traps. The isdnUsageHigh trap is generated when the configured B-channel
threshold (refer to the threshold parameter described below) is met or exceeded. The
isdnUsageNormal trap is generated when the number of B-channels in use drops back below the
configured threshold value.
In addition, the isdn usage console command will display B-channel information to aid in
and information displayed by the isdn usageconsole command can help you to determine if
additional lines and/ or systems are necessary.
ISDN B-CHANNEL USAGE TRAP THRESHOLD
This configured value is used to trigger the ISDN B-Channel Usage Traps. The threshold value is a
number between 1 and the total number of available B-channels.
SYSCONTACT
The textual identification of the contact person for this managed node, together with information
on how to contact this person. sysContact is a string of 1 to 80 characters.
SYSNAME
The assigned name for this managed node. sysName is a string of 1 to 80 characters.
SYSLOCATION
The physical location of this node (for example: telephone closet, third floor). sysLocation is a string
of 1 to 80 characters.
SNMP BACKGROUND INFORMATION
The SNMP Agent allows the system to be monitored from a local and/ or a remote Network
Management Station (NMS) via the Simple Network Management Protocol. The User Datagram
Protocol (UDP) and the Internet Protocol (IP) are used by the SNMP Agent to provide the transport
datagram service needed to exchange SNMP messages. Thus only those systems that have enabled
the IP routing operating mode can make use of SNMP.
Workgroup Remote Access Switch
301
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
ASN. 1 File
CSX1200
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B
5
B
7
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
6
B
8
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
MIB
128.111.1.1
LAN A
WAN
MIB Formatter
128.111.1.1
Network Management
Station
Network Management
Station
MIB
The SNMP Agent will process all SNMP Protocol Data Units (PDUs) which are received at a LAN
port or which are received at a WAN port. (A PDU contains both data and control (protocol)
information that allows the two processes to coordinate their interactions. The SNMP feature has
five types of PDUs: GetRequests, GetNextRequests, GetResponses, SetRequests, and Traps.) This is
shown in the above illustration, which depicts a network in which the Network Management
Station on LAN A or the remote NMS can manage the system.
All SNMP GetRequest, GetNextRequest, and SetRequest PDUs will be parsed and processed by the
SNMP Agent, and an appropriate GetResponse PDU will be generated in response to each valid
request PDU. In addition, to ensure security, each incoming PDU will be authenticated by the
SNMP Agent. The authentication scheme makes use of a table of Community Name/ MIB-access-
level pairs, which is searched to determine if the Community Name specified in an incoming
request PDU is valid. If the Community Name is valid, the corresponding MIB access level is then
checked to determine if the Community Name has the access rights needed to perform the desired
PDU action. If either the Community Name or the MIB access right level is invalid, the SNMP
Agent will discard the request PDU.
The collection of data objects that can be managed using the GetRequest, GetNextRequest, and
SetRequest PDUs is known as the Management Information Base (MIB). The MIB maintained by
the SNMP Agent consists of a universal standard set of objects, known as MIB-2, as well as a set of
objects that are specific to the system, known as the Enterprise MIB.
The definition for MIB-2 is given in RFC (Request For Comments) 1213: “Management Information
Base for Network Management of TCP/ IP-based Internets: MIB-II.”
The SNMP Agent supports the following MIB-2 groups: the System group, the Interfaces group, the
Address Translation (AT) group, the Internet Protocol (IP) group, the Internet Control Message
Protocol (ICMP) group, the User Datagram Protocol (UDP) group, the Transmission Control
Protocol (TCP) group, and the Simple Network Management Protocol (SNMP) group.
302
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING SNMP
SNMP Background Information
Currently, each object in the above MIB-2 groups can be retrieved via an SNMP GetRequest or
GetNextRequest PDU. However, only the snmpEnableAuthenTraps object in the SNMP group can
be changed via the SNMP SetRequest PDU.
Note: Any system object that is changed via an SNMP SetRequest will be returned to its initial
value when that system is restarted due to power loss or the action of an system operator.
The definition for the Enterprise portion of the MIB is given in the ih_mib.asnfile on the system
software. The Enterprise MIB consists of four main groups: the ih000ConfigData group, which
contains the configuration data for the system; the ih000Statistics group, which contains run-time
statistics which are maintained by the system; the ih000StatusReports group, which can be used to
remotely display the report status log messages that appear at the administrative console when the
drcommand is entered; and the ihSystemMonitor group, which can be used to monitor system
status information such as the status of the system’s interfaces, the usage of ISDN B-channels, and
information regarding connected devices. Refer to the ASN.1 format of the Enterprise MIB in the
ih_mib.asn file on the system software for more information on the Enterprise MIB.
In addition to the use of SNMP Request and Response PDUs to exchange data, the SNMP Agent
will also generate SNMP Trap PDUs to inform the Network Management Station of important
system events. Whenever such an event occurs, the appropriate SNMP Trap PDU will be sent to
each NMS that has been configured as a Trap Receiver using the CFGEDIT utility. The NMS that
receives the Trap can be attached to the same LAN as the sending system, or it can be attached to a
remote LAN.
The current set of Traps that the SNMP Agent will generate include generic traps and enterprise
traps. The following generic traps are available:
•
•
coldStart Trap
An Agent will generate a coldStart Trap PDU at startup time.
linkUp Trap
An SNMP Agent will generate a linkUp Trap PDU when the Agent detects that a new link has
been placed in service.
•
•
linkDown Trap
An SNMP Agent will generate a linkDown Trap PDU when the Agent detects that a link has
been removed from service.
authenticationFailure Trap
An SNMP Agent will generate an authenticationFailure Trap PDU when a PDU with an
unknown Community Name or an invalid MIB access level has been received.
The following enterprise traps are available:
•
isdnUsageHigh Trap
An SNMP Agent will generate an isdnUsageHigh Trap PDU when the Agent detects that the
number of B-Channels in use meets or exceeds the configured B-Channel threshold. The
enabling of this trap and its threshold value are configured through the CFGEDIT
configuration utility.
•
isdnUsageNormal Trap
An SNMP Agent will generate an isdnUsageNormal Trap PDU when the Agent detects that the
number of B-Channels in use has returned to a value below the configured threshold value.
Workgroup Remote Access Switch
303
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
•
•
•
authTimeout Trap
An SNMP Agent will generate an authTimeout Trap PDU anytime an off-node server times
out.
clidDisconnect Trap
An SNMP Agent will generate an clidDisconnect Trap PDU anytime there is a configuration
problem with a device’s Calling Line Id.
cdrOutOfBuffer
The number of times a buffer was unavailable to send a CDR report record. In this case, the
intended record is discarded.
304
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING APPLETALK ROUTING
OVERVIEW
The AppleTalk routing feature allows the CyberSWITCH to efficiently route AppleTalk data as
opposed to bridging all data relating to the protocol. With the addition of the AppleTalk Remote
LAN feature, the CyberSWITCH can be configured to be a router, bridge or a mix of both when
handling AppleTalk traffic.
By default, AppleTalk routing is disabled when you first install your system software. To configure
the AppleTalk routing feature:
APPLETALK ROUTING OPTION
ENABLING APPLETALK ROUTING
USING CFGEDIT
1. AppleTalk routing is disabled by default. To perform any AppleTalk routing configuration,
you must first enable the feature. Select AppleTalk Routing from the Options menu.
2. Follow the onscreen instructions to enable AppleTalk Routing. The following menu will then
be displayed:
AppleTalk Configuration Menu:
1) AppleTalk Routing (Enable/Disable)
2) AppleTalk Ports
3) AppleTalk Static Routes
4) AppleTalk Capacities
5) Isolated Mode (Enable/Disable)
Select function from above or <RET> for previous menu:
Note: AppleTalk routing can not be enabled unless hardware filtering is disabled.
USING MANAGE MODE COMMANDS
atalk
Displays the current AppleTalk Routing configuration.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
APPLETALK ROUTING OPTION CONFIGURATION ELEMENT
APPLETALK OPERATIONAL STATUS
You can enable or disable the AppleTalk Routing option. When AppleTalk Routing is enabled, the
CyberSWITCH acts as an AppleTalk Router, routing AppleTalk datagrams based on AppleTalk
address information. When AppleTalk Routing is disabled, the CyberSWITCH will simply bridge
AppleTalk protocol network traffic. By default, AppleTalk Routing is disabled.
APPLETALK ROUTING BACKGROUND INFORMATION
The CyberSWITCH supports the following AppleTalk protocols:
•
•
•
Routing Table Maintenance Protocol (RTMP)
Name Binding Protocol (NBP)
Zone Information Protocol (ZIP)
Using these protocols, the CyberSWITCH AppleTalk Routing option allows remote LAN to LAN
forwarding of AppleTalk datagrams.
When a datagram is to be forwarded to a remote site, the CyberSWITCH will initiate a circuit
switched connection and forward the appropriate datagrams to that remote site. As the link
utilization increases, the CyberSWITCH will make additional connections as required to provide a
consistent level of performance to the device. As link utilization decreases, connections will be
released.
APPLETALK PORTS
CONFIGURING APPLETALK PORTS
USING CFGEDIT
1. Select AppleTalk Ports from the AppleTalk configuration menu.
2. Press 1 to add a port.
3. Select the type of port you are adding. Choices are LAN, WAN, WAN (UnNumbered), WAN
(Mac Dial In), or WAN (Remote LAN).
4. Enter the user-defined port name.
5. For a LAN port only: enter the LAN port number.
6. Select the AppleTalk network type. Choices are extended or nonextended network.
7. Enter either the network range or the network number (depending on AppleTalk network type
configured).
•
For extended networks: enter the range of AppleTalk network numbers. For the LAN port
type, you may enter 0-0 to use the discovery mode.
•
For nonextended networks: Enter the AppleTalk network number. For the LAN port type,
you may enter 0 to use the discovery mode.
If the system is in the discovery mode, it is then a non-seed router, in which the system learns
its configuration information from the seed router. Each network must have at least one seed
router.
306
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING APPLETALK ROUTING
AppleTalk Ports
8. If you are configuring your system in the nondiscovery mode (you entered numbers other than
0 or 0-0 for the network range/ number), complete the following:
a. Enter either the suggested AppleTalk address or the suggested AppleTalk node Id
(depending on AppleTalk network type configured).
•
For extended networks: enter the suggested AppleTalk address (includes the network
number and the node’s Id).
•
For nonextended networks: enter the suggested node Id.
For the LAN port type, the address/ node Id is optional. For the WAN port type, you must
configure this information.
b. Enter the zone name(s).
•
•
For extended networks, you may configure the network with multiple zones. You
must enter a default zone name, then, if desired, you may enter additional zone names.
For nonextended networks, you may only configure one zone.
9. Return to the main AppleTalk Configuration Menu.
APPLETALK PORTS CONFIGURATION ELEMENTS
PORT TYPE
The type of physical network segment that the port connects to. The port type may either be LAN,
WAN, WAN UnNumbered, WAN (Mac Dial In) or WAN (Remote LAN).
•
The LAN port type indicates that the system is physically connected to an Ethernet LAN seg-
ment.
•
The WAN port type creates logical AppleTalk networks over WAN. It creates a logical Apple-
Talk network that comprises of multiple numbered point-to-point links with the same Apple-
Talk network range.
•
•
•
The WAN (UnNumbered) port type also creates a logical AppleTalk network over WAN. It en-
ables the system to use unnumbered point-to-point links.
The WAN (Mac Dial In) port type allows multiple remote Macintosh devices to connect via
numbered point-to-point links.
router ports. The AppleTalk router then treats all bridge devices connected to the Remote LAN
as if they were on an Ethernet LAN segment. All port parameters for the WAN (Remote LAN)
port are the same as those of the WAN port type.
PORT NAME
A 1 to 16 character user-defined name that identifies the port to the system administrator.
LAN PORT NUMBER
For LAN port types only. This parameter indicates the port number of the Ethernet resource to
which the physical LAN is connected.
APPLETALK NETWORK TYPE
The type of AppleTalk network that the port connects to. Possible network types are Extended and
NonExtended.
•
The Extended Network type indicates that the system is connected to an Extended AppleTalk
network, which allows addressing of more than 254 nodes and supports multiple zones.
The NonExtended Network indicates that the system is connected to a NonExtended AppleTalk
network, which supports addressing of up to 254 nodes and supports only one zone.
•
Workgroup Remote Access Switch
307
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
APPLETALK NETWORK RANGE/ NUMBER
The AppleTalk network range (for Extended network) or the AppleTalk network number (for
NonExtended network) of the LAN segment that the port is connected to. Specifying 0.0 (for
Extended) or 0 (for NonExtended) places the port in discovery mode (a.k.a., non-seed router), in
which the system learns its configuration information from the seed router. Note that there must
be at least one seed router on the network. Discovery mode is not supported for WAN ports, and
therefore a valid network range/ number needs to be specified.
SUGGESTED APPLETALK ADDRESS/ NODE ID
If the system is acting as a seed router on this port, then this parameter specifies the suggested
AppleTalk address (Extended) or Node Id (NonExtended), which is used as initial value for the
AppleTalk address for the port. The default is no suggested address.
Note: An AppleTalk address consists of the network number followed by a node Id. For example,
if the network number is 1234, and the node’s Id is 56, the node’s AppleTalk address would
be 1234.56.
ZONE NAME(S)
The AppleTalk zone name(s) for the network that the port is connected to. For ports that are of the
Extended network type, you must enter a default zone name, then you may enter any additional
zones names. For ports that are of the NonExtended network type, you must configure one zone
name, with no option to configure additional zone names.
APPLETALK PORTS BACKGROUND INFORMATION
THE APPLETALK NETWORK TYPE
An AppleTalk network consists of four basic pieces, the nodes, networks, network numbers, and
routers. All these pieces together form an AppleTalk internet. Initial implementation of AppleTalk
Phase 1 provided support for up to 254 nodes. Initially the need to have more than 254 nodes on an
individual internet was not a concern, and the initial implementation worked fine.
As time passed, a need developed for more than 254 nodes on a network. As an answer to that need,
AppleTalk Phase 2 was developed. Phase 2 introduced the fifth component to the AppleTalk
internet, network-number ranges. An AppleTalk network that would continue to use a single
network number would now be identified by a range of network numbers. Each of the network
numbers in the range could support up to 253 nodes.
The Extended network type takes advantage of the network-number ranges produced by Phase 2,
whereas the NonExtended network type does not use a range of network numbers.
DYNAMIC NODE ADDRESS ASSIGNMENT
Dynamic node address assignment is an addressing scheme that dynamically assigns node
addresses rather than permanently associating an address with each node. This can save
configuration time (for a LAN port, you are not required to enter an AppleTalk address/ node Id),
and also allows a node to move between networks without having to worry about addressing
conflicts.
When a node joins the network, it assigns itself a node Id. It will send out a probe, to ensure that no
other node on the network has the same Id. If you have configured a “suggested” AppleTalk
address/ node Id, that is the address/ node Id the node includes in its probe.
308
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING APPLETALK ROUTING
AppleTalk Ports
THE ZONE CONCEPT
A zone is a logical group of nodes on an internet, much like the concept of subnetting with the
world of IP. Within the framework of Phase 2 the logical assignment of zones is limited to 255 zone
names for a network. Each name can be configured to represent a logical group within that
respective internet. An example would be zone 1=Marketing, zone 2=Engineering etc. By
configuring an AppleTalk router with logical zones you establish a mode of efficient data transport
that acts much the same as IP with multiple subnets.
Although the concept of zones are the same as IP subnets, zone names do not have to be configured
to encompass nodes with one physical location. Zones can be configured to incorporate nodes that
are geographically diverse. Within this framework the dynamic address assignment allows the
user to view all zones that are configured, and have been set up to give that particular user access
to these zones. Thus, with this framework, a user can select the zone in which they want to be a part
of for that particular task. Later, at a user’s discretion, they may choose to be part of a different zone.
If a user does not choose to associate with a respective zone, in a multi-zone internet a default zone
is configured and all non-selective nodes will be associated with the default zone until a choice is
made.
With the above in mind, continuing on with the ability to set up zones with non-local nodes, the
network has an associated zone multicast address. When a device chooses a zone, it registers itself to
receive packets sent to the specific zone-multicast address associated with that zone. Zone-
multicast addresses are used to significantly reduce the overhead associated with dynamic naming.
APPLETALK REMOTE LAN
Overview
An AppleTalk WAN (Remote LAN) port connects remote bridge devices to other AppleTalk router
ports. The AppleTalk router treats all bridge devices connected to the Remote LAN as if they were
on an Ethernet LAN segment. That is, the CyberSWITCH emulates an Ethernet medium over the
series of ISDN point-to-point connections. The AppleTalk router encapsulates AppleTalk data for
the Remote LAN port in Ethernet packets and forwards the data to the remote bridges.
If the Remote LAN only has Macs connected to it, these Macs assume the AppleTalk network number/
range assigned to the Remote LAN port. For these simple remote networks, you are not required
to configure an AppleTalk network number for the remote bridge device. When the remote bridge
connects, it is associated with the first configured AppleTalk Remote LAN port.
If the Remote LAN has both AppleTalk routers and Macs connected to it, the Macs assume the AppleTalk
network number/ range of the remote AppleTalk routers. For these remote networks, the
AppleTalk Remote LAN network number/ range must correspond to that of the remote AppleTalk
router. In this case, you should configure an explicit AppleTalk network number for the remote
bridge device so that the same network number is applied to the Remote LAN each time it connects.
When the remote bridge connects, it is explicitly associated with the AppleTalk Remote LAN port
Remote LAN ports differ from LAN ports on the handling of a configured network number/ range
versus a learned network number/ range. LAN ports are by default soft seeds when a network
number/ range is configured. This means that if an RTMP packet is received with a different
network number/ range than configured, the LAN port assumes the RTMP packet contains the
Workgroup Remote Access Switch
309
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
correct network/ range and begins using the learned network number/ range. If the network
number/ range configured for the Remote LAN port differs from the network number/ range that
is being broadcasted in RTMP packets by other remote routers, the port becomes unusable.
Configuration
In order to properly set up an AppleTalk Remote LAN, you must:
•
•
•
enable AppleTalk Routing from Options
level entries from Security, Device-Level Databases, On-node Device Entries
Considerations
Note the following in regard to the AppleTalk Remote LAN feature:
•
The CyberSWITCH does not initiate connections to AppleTalk Remote LAN devices. The re-
mote bridge is responsible for connecting to the CyberSWITCH. The CyberSWITCH can for-
ward packets to the remote device once a connection is established.
•
•
AppleTalk spoofing is not currently supported for this feature.
Off-node route lookup is not currently supported for this feature.
APPLETALK STATIC ROUTES
CONFIGURING APPLETALK STATIC ROUTES
USING CFGEDIT
1. Select AppleTalk Static Routes from the AppleTalk Routing Menu.
2. Press 1 to add a static route.
3. Select the AppleTalk network type of the destination network.
4. Enter the destination network range/ number reachable through this static route.
5. Enter the AppleTalk address of the Next Hop device, or, enter “0.0” if the Next Hop device is
over an unnumbered link.
6. If you entered “0” for the AppleTalk address of the Next Hop device, enter the device name of
the Next Hop device. (Note that the device information for the Next Hop device must be
configuring device information.)
7. Enter the number of hops for this route.
8. Enter the zone name(s) of the remote network.
For an extended network, there will be a default zone name, and there will possibly be
additional zone names.
For nonextended networks, there will be a single zone name.
310
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING APPLETALK ROUTING
AppleTalk Capacities
APPLETALK ROUTING STATIC ROUTES CONFIGURATION ELEMENTS
APPLETALK NETWORK TYPE
The AppleTalk network type used by the destination network of this static route. Type can be either
Extended Network or NonExtended Network.
DESTINATION NETWORK RANGE/ NUMBER
The remote AppleTalk network range (for Extended network) or network number (for
NonExtended network) reachable through this static route entry.
NEXT HOP DEVICE
The AppleTalk address of the next hop device that provides access to the destination AppleTalk
network. If the next hop is over an unnumbered WAN link, then the device name is specified. The
name must be a valid Device table entry.
NUMBER OF HOPS
The number of AppleTalk routers that are traversed in order to reach the destination AppleTalk
network.
ZONE NAME(S)
The name of the zone(s) on the remote AppleTalk network.
APPLETALK ROUTING STATIC ROUTES BACKGROUND INFORMATION
You only need to configure static routing entries if you need to access a WAN network that is not
directly connected to the system, or if you need to access a LAN network through a router that does
not support AppleTalk RTMP. Static routes specify the AppleTalk address of the next hop router
that provides access to this network.
APPLETALK CAPACITIES
CONFIGURING APPLETALK CAPACITIES
USING CFGEDIT
1. Select AppleTalk Capacities from the AppleTalk Routing Menu.
2. Press 1 to set the maximum number of entries for the AppleTalk Route table.
3. Press 2 to set the maximum number of entries for the AppleTalk zone table.
APPLETALK CAPACITIES CONFIGURATION ELEMENTS
APPLETALK ROUTING TABLE MAXIMUM NUMBER OF ENTRIES
Allows you to set the maximum number of defined and learned routing table entries. The default
value is 512. The maximum is 2,000.
APPLETALK ZONE TABLE MAXIMUM NUMBER OF ENTRIES
Allows you to set the maximum number of defined and learned zone table entries. The default
value is 512. The maximum is 2,000.
Workgroup Remote Access Switch
311
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
APPLETALK CAPACITIES BACKGROUND INFORMATION
This option allows you to control the maximum number of table entries (routing and zone tables)
for your network.
APPLETALK ISOLATED MODE
CONFIGURING THE APPLETALK ISOLATED MODE
USING CFGEDIT
1. Select Isolated Mode (Enable/Disable) from the AppleTalk Routing Menu.
2. Follow the onscreen instructions to either enable or disable the isolated mode.
APPLETALK ISOLATED MODE CONFIGURATION ELEMENTS
ISOLATED MODE STATUS
You may enable or disable the AppleTalk Isolated Mode. When operating with the isolated mode
enabled, the system does not relay AppleTalk datagrams received from the WAN to other
AppleTalk devices located on the WAN. AppleTalk datagrams received on the LAN port are
forwarded to each required port.
The Isolated Mode is disabled by default. This is the appropriate configuration for almost all
devices.
312
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING CALL CONTROL
OVERVIEW
The CyberSWITCH offers a number of configurable options to control how the system will make
and accept calls. These options include:
This chapter includes a section for each call control option.
Note: To begin the configuration of any of the call control options using CFGEDIT, follow the
steps outlined below.
1. Select Options from the main menu.
2. Select Call Control Options from the options menu. This will display the following call control
menu:
Call Control Options Menu:
1) Throughput Monitor
2) Call Intervals
3) Monthly Call Charges
4) Call Restrictions
5) Device Profile Options
6) Bandwidth Reservation
7) Semipermanent Connection
8) VRA as Call Control Manager
Select function from above or <RET> for previous menu:
THROUGHPUT MONITOR
CONFIGURING THE THROUGHPUT MONITOR
USING CFGEDIT
1. Select Throughput Monitor from the Call Control Options menu.
2. The current throughput monitor configuration will be displayed. Enter Y to change the
configuration.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
3. Follow the onscreen instructions to keep the feature enabled.
4. Enter the sample rate in seconds.
5. Enter the overload trigger number.
6. Enter the overload window size.
7. Enter the overload percentage utilization.
8. Enter the underload trigger number.
9. Enter the underload window size.
10. Enter the idle trigger number.
11. Enter the idle window size.
12. Enter the idle percentage utilization.
13. Press "Y" to accept the configuration changes you have made.
USING MANAGE MODE COMMANDS
thruput
Displays the current throughput monitor configuration data.
thruput change
Allows the current throughput monitor configuration data to be changed. Refer to the
CFGEDIT section for specific parameters.
THROUGHPUT MONITOR CONFIGURATION ELEMENTS
SAMPLE RATE
A Sample Rate identifies the number of seconds for each sample period. The default setting for the
sample rate is 5 seconds. During this period, the system keeps track of the total number of bytes
that is transferred in both directions between two systems. The utilization percentage is determined
by comparing this total with the realistic maximum for the current aggregate amount of
bandwidth.
OVERLOAD TRIGGER NUMBER
The number of samples within the window that must exceed the specified utilization for the
OVERLOAD condition to occur.
OVERLOAD WINDOW SIZE
The number of sample periods (up to 32) that you should use as the sliding window.
OVERLOAD PERCENT UTILIZATION
The percentage of the available bandwidth that the traffic samples must exceed for an overload
condition to occur.
314
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING CALL CONTROL
Throughput Monitor
UNDERLOAD TRIGGER NUMBER
The number of samples within the window that must be below the next lowest target capacity for
the UNDERLOAD condition to occur.
UNDERLOAD WINDOW SIZE
The number of sample periods (up to 32) that you should use as the sliding window.
IDLE TRIGGER NUMBER
The number of samples within the window that must be below the specified utilization for the
IDLE condition to occur.
IDLE WINDOW SIZE
The number of sample periods (up to 32) that you should use as the sliding window.
IDLE PERCENT UTILIZATION
The percentage of available bandwidth on the last connection that traffic samples must fall below
for the connection to be considered IDLE.
Note: The system monitors for the IDLE condition when only one connection to a site exists, and
that connection is a switched connection.
THROUGHPUT MONITOR BACKGROUND INFORMATION
A powerful feature of the CyberSWITCH is its ability to add and drop calls depending on the
amount of WAN traffic. If no information is being sent, the call will be terminated. The system will
also make additional calls to a site if it is determined that extra bandwidth is needed.
The Bandwidth Management feature works by sampling the amount of data that is transmitted and
received on the connections between two units. Each sample is compared to the levels associated
with the different conditions. The results of these comparisons are kept in a sliding window. The
window size, number of samples that trigger an event, and sampling frequency are configurable.
The default Throughput Monitor configuration will work for initial installation. These parameters
can be changed to better match the bandwidth needs of your location.
Correctly tuning these parameters is important in order to eliminate unnecessary data calls. The
default value for the sample rate is a 5 second sample period. The following chart provides the
default values for the remaining throughput monitoring parameters.
Condition
Overload
Underload
Idle
Trigger Number
Window Size
Utilization
90%
6
12
24
32
12
32
---
1%
Note: For adding calls, these parameters only apply to calls initiated by the system.
Workgroup Remote Access Switch
315
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
The throughput monitor feature constantly monitors the use of the connections and looks for the
following conditions:
•
The overload condition, which indicates that demand exceeds the current aggregate capacity
of the WAN connections. The system can add more bandwidth when this occurs.
The underload condition, which indicates that demand falls below a target capacity that is low-
er than the current aggregate capacity. The system can release any previously added band-
width when this occurs.
•
•
The idle condition, which indicates that the last connection remaining is no longer needed.
The following sections explain each of these conditions in greater detail. Following the condition
explanations, a throughput monitoring example is provided for further clarification.
OVERLOAD CONDITION MONITORING
The overload condition is monitored by comparing the samples to an upper threshold. The sample
is marked as a true condition if either the transmit or the receive byte count exceeds the threshold.
When the number of true samples in the window reaches the configured limit, the overload
condition has occurred.
The overload threshold is configured as a utilization percentage of the aggregate bandwidth for a
group of connections between two Systems.
If the system determines that the bandwidth can be increased, it will add a new channel into the
connection group. At this time, the system adjusts its upper threshold for the new aggregate
capacity and resets its counters. If the new capacity still cannot satisfy the transmit demand, the
system will again detect the overload condition.
Similarly, when bandwidth is decreased, the system will remove a channel from the group of
connections. The system adjusts its threshold accordingly, resets its counters, and begins
monitoring for the overload condition against the lower aggregate capacity.
UNDERLOAD CONDITION MONITORING
The underload condition is monitored by comparing the samples with a lower threshold. The
sample is marked as a true condition if both the transmit and the receive byte count fall below the
threshold. When the number of true samples in the window reaches the configured limit, the
underload condition has occurred.
The purpose of detecting this condition is to decide if connections can be released. Therefore, an
underload threshold is defined in terms of a target bandwidth that is less than the current aggregate
bandwidth. The underload condition indicates that the target capacity can satisfy the traffic
demand.
When only one circuit remains in a group, the underload mechanism determines if a lower
bandwidth circuit would satisfy the demand. For example, if one 384Kbps circuit remained, a
target of 64Kbps could be specified and the above described mechanisms will identify when the
64Kbps circuit would satisfy the demand.
316
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING CALL CONTROL
Throughput Monitor
IDLE CONDITION MONITORING
The CyberSWITCH monitors for the idle condition when only one connection to another site
remains. The system detects when there is no longer a need to maintain connectivity with the other
site. An absolute idle condition is defined as a number of consecutive sample periods with zero
bytes transferred.
Keep-alive type frames may sometimes continue to flow when there is no actual device data
flowing. The system would not detect a completely idle condition, and might leave a connection in
use when it may no longer carry useful traffic. Instead of monitoring for zero traffic, the idle
condition can be set up to detect extremely low, but non-zero, bandwidth utilization. This can be
done by not requiring all samples in the window to be zero, or by monitoring for a low percentage
utilization level.
Background traffic is often transmitted continuously. It may be necessary to have a minimum
dedicated connection to handle the constant traffic, then use switched connections for peak loads
and backup.
THROUGHPUT MONITOR CONFIGURATION EXAMPLE
Sample rate 5
Window 3
Trigger 2
Utilization 50%
50%
5
0 of 1
Time
10
15
20
25
30
35
1 of 2
1 of 3
Sliding Window
1 of 3
1 of 3
2 of 3 Overload condition met
0 of 1
In the above example, the sample rate is 5 seconds, the number of samples to examine per sample
rate (the window) is 3, the configured percentage to compare against (utilization) is 50 percent, the
number of times the sample’s utilization percentage must be greater than the configured utilization
percentage (the trigger) is 2 out of 3 samples. To make things simpler for this example, there is only
one call up and we are only checking to add another call (overload).
After 5 seconds the sample is checked and the average utilization for the 5 seconds was 40 percent.
This is less than the configured utilization percentage of 50%, so no action is taken. For the second
sample rate period, the average throughput is 60%. This percentage is greater than the configured
utilization percentage, so the trigger must also be checked. At this point, only 2 samples have been
taken, and the configured window is for 3 samples. The overload condition needs to be met 2 times
(the trigger of 2) out of 3 samples (the window of 3) before any action is taken. This condition has
not been met.
Workgroup Remote Access Switch
317
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
The average throughput is 40% for the third sample rate period. This is less than the configured
utilization, so out of the last 3 samples (a sliding window is in use), 1 out of 3 samples have
throughput that is greater than the configured utilization. The overload condition has still not been
met. No extra calls are made.
After the fourth sample rate period (20 seconds have now passed), the first sample is dropped. The
average throughput for the new sample is below the configured utilization percentage. Therefore,
1 out of 3 samples have throughput that is greater than the configured utilization. No extra calls are
made.
After the fifth sample period, the second sample taken is dropped. The average throughput for the
new sample taken is 60%. But because the sample dropped was a sample that was greater than the
configured utilization, there still are only 1 out of 3 samples that are greater than the configured
utilization.
After the sixth sample period, the third sample taken is dropped. The average throughput for the
new sample is over the configured utilization. The trigger then has been met; two out of three
samples have met the overload condition. An extra call will be added, and the process will be reset.
CALL INTERVAL PARAMETERS
CONFIGURING THE CALL INTERVAL PARAMETERS
USING CFGEDIT
1. Select Call Intervals from the Call Control Options menu.
2. Enter the minimum time interval between call attempts.
CALL INTERVAL CONFIGURATION ELEMENTS
MINIMUM TIME INTERVAL
The configured call interval is the minimum time between call attempts. The system will not make
a call attempt in less than the configured call attempt value. However, due to the system hardware
clock resolution, the actual time interval may be greater than the configured value. The default
value is 0.70 seconds. The range of the configured value is 0 to 5 seconds, in 1/ 100 second
increments. A configured value of 0 implies that the system will make call attempts without any
delay between them.
CALL INTERVAL BACKGROUND INFORMATION
This parameter allows the configuration of the minimum interval between call attempts. This
interval applies to the entire system, including all lines, sites, and devices.
The Call Interval is configured in terms of hundredths of seconds. The default value is .7 seconds.
The range of the configured value is 0 to 5 seconds. A configured value of 0 implies that the system
will make call attempts without any delay between them.
The default value of .7 seconds is compliant with the Communications Industries Association of
Japan’s(CIAJ) regulation. This regulation states that no customer premise equipment should make
318
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING CALL CONTROL
Monthly Call Charge
more than 3 call attempts within 2 seconds. This prevents certain model switches from being
overloaded. In areas where these low capacity switches are not installed, calls can be made more
frequently.
Before the system initiates a data connection, it first checks the time at which the last connection
was initiated. If the time from the last connection attempt to the new connection attempt is less than
the configured call interval, the new connection is placed on an outgoing call queue. The queue is
then serviced at the configured call interval.
MONTHLY CALL CHARGE
CONFIGURING MONTHLY CALL CHARGE
USING CFGEDIT
1. Select Call Charges from the Call Control Options menu.
2. Follow the onscreen instructions to enable this feature.
3. Enter the maximum monthly charge you would like to set (specified in Yen for NTT
connections).
4. Select the action to take if the maximum is exceeded.
MONTHLY CALL CHARGE CONFIGURATION ELEMENTS
STATUS
Allows you to enable or disable the monthly call charge option.
MAXIMUM MONTHLY CHARGE
The maximum monthly charge value. The legal values are from 1 to 10,000,000. This value is
specified according to the country’s currency.
ACTION
Select the action to be taken if the maximum monthly call charge is exceeded. The Stop Calling
action will cause the system to stop initiating switched calls. Dedicated connections and incoming
calls will continue to operate normally. The continue calling action will cause the system to
continue making calls even after the maximum monthly charge is exceeded.
MONTHLY CALL CHARGE BACKGROUND INFORMATION
Currently, this feature is only supported on connections to NTT, NET5, and 1TR6 switches. The
“Advice of Charge” information element delivered by the switches are required to track phone call
charges.
When the Monthly Call Charges option is enabled, phone call charges are tracked by the system. If
the total call charges exceed this configured maximum during the month, the configured action will
be taken. At the beginning of a new month, the current total call charges will be reset to 0.
Workgroup Remote Access Switch
319
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
CALL RESTRICTIONS
CONFIGURING CALL RESTRICTIONS
Refer to the Background Information discussion.
USING CFGEDIT
1. Select Call Restrictions from the Call Control Options menu.
2. Follow the onscreen instructions for enabling this feature.
3. The current call restriction configuration will be displayed.
4. Enter the number Id associated with the parameter you want to change.
5. Follow the onscreen instructions for changing the parameter.
USING MANAGE MODE COMMANDS
callrest
Displays the current Call Restriction configuration data.
callrest off
Disables the Call Restriction feature.
callrest on
Enables the Call Restriction feature.
CALL RESTRICTION CONFIGURATION ELEMENTS
STATUS
Allows you to enable or disable the call restriction option.
HOURS CALLS ARE ALLOWED
The allowable hours for outbound calls (inbound calls will always be allowed). Separate each hour
by a comma. Ranges are allowed by inserting a dash (-) between the first and last hours in the range.
A zero entered by itself will allow no calls during any hour.
Two actions are available if an outbound call is attempted at any other time:
1. The call will not be allowed; a message will be displayed on the LCD, and written to the report
log.
2. The call will be allowed; however, a warning will be written to the report log.
320
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING CALL CONTROL
Call Restrictions
The following chart provides the numbers you should use to represent the am and pm hours of the
hours calls are allowed:
From:
To:
12:00
12:59
1:00
1:59
2:00
2:59
3:00
3:59
4:00
4:59
5:00
5:59
6:00
6:59
7:00
7:59
8:00
8:59
9:00
9:59
10:00
10:59
11:00
11:59
am hour
pm hour
1
2
3
4
5
6
7
8
9
10
22
11
23
12
24
13
14
15
16
17
18
19
20
21
The following chart provides example entries for hours calls are allowed:
Hours Calls Allowed
8am to 5pm
Entry
9-18
all hours
1-24
10am to 6pm, 8pm, 11pm
8am to 5pm, 7pm to 9pm
11-19, 21, 24
9-18, 20-22
MAXIMUM CALLS PER DAY
Allows you to limit the number of calls made per day by configuring a maximum number of calls.
The default value is 300 calls per day. Statistics will be logged to track the total number of calls
made per day. This statistic will be written to the statistics log every half hour, and will be available
through the dscommand. The current value of this statistic will be displayed on the monitor when
the cr statscommand is used.
Two actions are available if this maximum is exceeded:
1. The call will not be allowed; a message will be written to the report log.
2. The call will be allowed; however, a warning will be written to the report log.
MAXIMUM CALLS PER MONTH
The maximum number allowed per month. The default value is 6900 calls per month. Statistics will
be logged to track the total number of calls made per month. This statistic will be written to the
statistics log every half hour, and will be available through the dscommand. The current value of
this statistic will be displayed on the LCD, and will also be displayed on the monitor when the cr
statscommand is used.
Two actions are available if this maximum is exceeded. These actions are:
1. The call will not be allowed; a message will be written to the report log.
2. The call will be allowed; however, a warning will be written to the report log.
Workgroup Remote Access Switch
321
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
CALL MINUTES PER DAY
The limit of number of call minutes per day. The default value is 240 call minutes per day. Call
minutes will be calculated periodically while calls are active (not when a call is disconnected).
Statistics will be kept to track the total number of call minutes made per day. This statistic will be
written to the statistics log every half hour, and available through the dscommand. The current
value of this statistic will also be displayed on the monitor when the cr stats command is used.
Two actions are available if this limit is exceeded. These actions are:
1. The call will not be allowed; a message will be written to the report log.
2. The call will be allowed; however, a warning will be written to the report log.
Note: Existing calls will not be disconnected when this limit is reached. Subsequent calls may not
be allowed, but existing calls will be allowed to continue.
MAXIMUM CALL MINUTES PER MONTH
The maximum number of call minutes per month. The default value is 5520 call minutes per month.
Call minutes will be calculated periodically while calls are active (not when a call is disconnected).
Statistics will be kept to track the total number of call minutes made per month. This statistic will
be written to the statistics log every half hour, and available through the dscommand. The current
value of this statistic will be displayed on the monitor when the cr stats command is used.
Two actions are available if this limit is exceeded. These actions are:
1. The call will not be allowed; a message will be written to the report log.
2. The call will be allowed; however, a warning will be displayed written to the report log.
Note: Existing calls will not be disconnected when this limit is reached. Subsequent calls may not
be allowed, but existing calls will be allowed to continue.
MAXIMUM CALL LENGTH
The maximum amount of time (in minutes) that a call is allowed to be active. The default value is
240 minutes.
Note: The system checks for violation of configured maximum call length every five minutes. So,
for example, if you set the maximum call length to one minute, there will be a five minute
window around that one minute in which the system will check for a violation.
Two actions are available if a call exceeds this limit. These actions are:
1. The call is disconnected; a message will be written to the report log.
2. The call is continued; however, a warning will be written to the report log.
CALL RESTRICTIONS BACKGROUND INFORMATION
The Call Restriction feature provides the ability to place limits on the toll costs of operating the
CyberSWITCH. Call Restriction consists of a variety of features that can restrict the number of
switched calls made to remote sites, and also limit the amount of call minutes accumulated for
remote site access.
322
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING CALL CONTROL
Bandwidth Reservation
Notes: It is important to note that the Call Restriction feature only applies to outbound calls from
the system.
When a condition occurs that triggers a warning to be written to the log, the message will
be written only once for the duration of the condition.
For example, if the network’s total amount of connect time is estimated to be less than three hours
per day, call restrictions could be set up to place a limit on the number of call minutes per day to
240. (Three hours would be 180 minutes; however, there may be some unusual days that go over a
little, hence, 240 minutes.) If a newly installed application starts sending out packets on the LAN
that causes remote connections to be made all the time, the system will terminate the call, and
prevent any more calls from being made after 4 hours (240 minutes) of connect time to the remote
site. Thus, the phone bill would be limited to just four hours of connection time. If desired, the
system can be configured to issue a warning when the limit is exceeded instead of stopping the
calls.
BANDWIDTH RESERVATION
The bandwidth reservation feature allows a portion of possible CyberSWITCH connections to
always be available to specific devices for both inbound and outbound calls.
CONFIGURING BANDWIDTH RESERVATION
To implement this feature, you need to configure specific device profiles, reference them in the
device list, and then enable the bandwidth reservation feature. These three steps are described in
detail in this section.
USING CFGEDIT
To configure a specific device profile:
1. Select Options from the main menu.
2. Select Call Control Options from the options menu.
3. Select Device Profiles from the Call Control Options Menu. The following screen is then
displayed, showing the default device profile:
Current Device Profiles:
id Profile NAME
---------------------------------------------------------------------
Default_Profile (1,1 1,2 1,3 1,4)
LINES (SLOT,PORT)
1
(1) Add, (2) Change, (3) Delete a Profile or press <RET> for previous menu:
Note that there are four lines in the default profile: (1,1), (1,2), (1,3), and (1,4). The leading “1”
in the pair of numbers represents the slot number. The second number in the pair represents
Workgroup Remote Access Switch
323
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
the port number. This example shows that there is only one BRI adapter, and it is installed in
slot number one, and has four ports. There is a line for each port number.
4. Press 1 to add a device profile.
5. Enter a user-defined unique name to identify the profile. We will use Central_Site for our
example profile name. The following screen will then be displayed:
Profile NAME = Central_Site
is currently allowed access to:
id
Line
id
Line
----------------------------------------
No Lines Configured
(1) Add new line, (2) Delete Line or press <RET> for previous menu?
6. Press 1 to add a new line. This will assign a line to the profile you are configuring.
7. The screen will show all data lines that were previously configured. Follow the prompts to
enter the slot number and port number of the line you are reserving for this profile.
8. You may continue adding new lines for this profile, or press <RET> to exit this menu sequence.
Notes: Listing or adding a line under a profile doesn’t, by itself, reserve the line for devices
with that profile. Listing the line simply means that devices with that profile are
allowed to use the line. To reserve a line, you must guarantee that the line is listed for a
unique profile only. In other words, no lines are reserved for a profile unless that line
is assigned to that profile AND also unassigned to all other profiles.
Adding a device profile does not affect the default profile. You may want to consider
deleting the lines you are reserving for your profile from the default profile. To delete
the reserved lines from the default profile, press 2 at the Device Profile screen to change
a profile. Follow the on-screen instructions to delete a line from the default profile. This
will reserve the line for a specific device and no one else.
To reference the specific device profile in the device list:
Assigning a specific device profile to a device will give that device usage of the line you configured
in the above section. To assign a specific device profile to a device you need to enter the device
profile information when you are configuring the device’s ISDN information. You may either
configure the device profile information when you are first adding the device, or you may add the
information later. To enter the profile information:
1. Select "3" from the main menu to configure security.
2. Select "3" from the Security Menu to configure device level database information.
3. Select "2" from the Device Level Databases Menu to configure on-node device database entries.
4. If this is a new device, follow the onscreen instructions to add a device. If this is a previously
configured device, select the device Id for the device for which you will add a device profile.
324
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING CALL CONTROL
Bandwidth Reservation
5. Under ISDN information, enter the profile information. This is a profile name you configured
in the previous section. Remember from the previous section that each configured profile
reserves specific lines. By assigning this profile to the device, you are reserving specific lines
for this device.
To enable the bandwidth reservation feature:
1. Return to the Options Menu (selection 2 of the main menu).
2. Select Bandwidth Reservation.
3. Follow the onscreen instructions to enable the feature.
USING MANAGE MODE
profile
Displays the current profile table.
profile [add] [change] [delete]
Allows you to add, change or make deletions from the current profile table.
bwres [on] [off]
System-level command which enables/ disables the bandwidth reservation feature.
device [add] [change] [delete]
Allows you to assign a device to a profile.
BANDWIDTH RESERVATION CONFIGURATION ELEMENTS
DEFAULT PROFILE
The Default Profile is the available profile for all valid devices not identified with a specific device
profile. The Default Profile initially contains all of the BRI lines configured in the Physical
Resources section of CFGEDIT. When data lines are added, changed or deleted through CFGEDIT’s
Physical Resources section, they are automatically added, changed or deleted in the Default Profile.
The Default Profile entry cannot be deleted, nor have its name changed. However, it may be mod-
ified to remove lines from general usage.
DEVICE PROFILE
The Device Profile entry identifies which line or lines are reserved for a particular profile. The
profile name must be a string of 1 to 17 alphanumeric characters, including the underscore. When
selecting a name for a Device Profile, select a name that appropriately identifies the profile (such as
Central Office).
LINE
This element identifies the line or lines to be reserved for the specified Device Profile. Overlap of
lines between profiles is allowed. Note that this is a BRI-only feature since bandwidth is reserved
per-line.
Workgroup Remote Access Switch
325
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
BANDWIDTH RESERVATION BACKGROUND INFORMATION
This feature allows a portion of the possible connections to always be available to specific devices
for both inbound and outbound calls. To increase flexibility, this feature may be configured to
either allow or prevent bandwidth overlap. Bandwidth overlap will allow normal devices to use a
certain number of lines, while a special class of super devices would be allowed access to both the
normal bandwidth (designated in the default profile) as well as special super device bandwidth
(designated in the configured device profile). "No overlap" would restrict each set of devices to
their own lines.
When configuring your bandwidth reservation, consider the following:
•
•
This is a BRI-only feature since bandwidth is reserved per-line.
It is necessary to reject calls from devices who have mistakenly called in on a line reserved for
other device(s).
•
•
•
Outbound calls are also restricted to the lines reserved for a device.
When Bandwidth Reservation is disabled, any device will can connect on any line.
When Bandwidth Reservation is enabled, a default profile list of lines will be configured for use
by all devices that are not configured to use an alternate profile in the reserved list. This default
profile list may be configured to remove lines from general use.
SEMIPERMANENT CONNECTIONS
A semipermanent connection is a connection that is up at all times. With semipermanent
connections, one or more switched calls are made at system start-up, and are kept up until system
shutdown. This feature minimizes the number of calls which the system makes, and maximizes the
number of active call minutes.
Every device can have one semipermanent connection. Each semipermanent connection is com-
posed of one or more calls. The number of semipermanent devices is limited to the maximum num-
ber of calls allowed by the system.
CONFIGURING SEMIPERMANENT CONNECTIONS
Note: The initial data rate for both sides of the connection must either be configured identically or
the throughput monitor feature must be turned off for the remote side of the connection.
USING CFGEDIT
1. Select Options from the main menu.
2. Select Call Control Options from the Options menu.
3. Select Semipermanent Connections from the Call Control Options menu.
4. Press 1 to add a semipermanent connection.
5. Enter the device name to associate with the connection as shown below:
Enter the name of the device to add to the semipermanent device list
or <RET> to cancel menu: Mike Mason
326
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING CALL CONTROL
Semipermanent Connections
6. Determine if the CyberSWITCH should always retry a call. If yes, then configuration for the
device is done, the device is entered into the semipermanent device list, and appears as shown
below. If no, continue to step 7.
Semipermanent Connections Menu:
id
------------------------------- ------------- --------------- ------------------
"Mike Mason" ( ALWAYS CALL BACK )
Device Name
Max Retries
Over Interval
Session Interval
1
(1) Add, (2) Change, (3) Delete a Semipermanent Connection
or <RET> for previous menu:
7. Enter the maximum number of times to retry a call.
8. Enter the time interval during which the CyberSWITCH keeps track of disconnects.
9. Determine if the CyberSWITCH should attempt to retry a call after a rejection. If yes, continue
to step 10. If no, then configuration for the device is done, the device is entered into the
semipermanent device list, and appears as shown below.
Semipermanent Connections Menu:
id
------------------------------- ------------- --------------- ------------------
"Mike Mason" 10 10 Mins N/A
Device Name
Max Retries
Over Interval
Session Interval
1
(1) Add, (2) Change, (3) Delete a Semipermanent Connection
or <RET> for previous menu:
10. Enter the time interval before a call is retried. The device is entered into the semipermanent
device list, and appears as shown below.
Semipermanent Connections Menu:
id
------------------------------- ------------- --------------- ------------------
"Mike Mason" 10 10 Mins 60 Mins
Device Name
Max Retries
Over Interval
Session Interval
1
(1) Add, (2) Change, (3) Delete a Semipermanent Connection
or <RET> for previous menu:
USING MANAGE MODE COMMANDS
semiperm
Displays the semipermanent connection menu. The configuration screens are identical to those
displayed by CFGEDIT. Refer to the above section for instructions.
semiperm [add] [change] [delete]
Adds, changes, or deletes a semipermanent connection from the current configuration.
Workgroup Remote Access Switch
327
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
SEMIPERMANENT CONNECTIONS CONFIGURATION ELEMENTS
DEVICE NAME
Specify the device name (from the Device List) that you wish to make a semipermanent connection.
Once specified, the semipermanent feature will (at least) keep the Initial Data Rate active to the
specified device, as long as it is not prohibited by call restrictions or a physical or configuration
problem. The number of semipermanent devices is limited to the maximum number of calls the
CyberSWITCH supports.
MAX RETRIES
The maximum number of times the CyberSWITCH will retry a call in the Over Interval time period.
The default is 10.
OVER INTERVAL
The time period in minutes during which the CyberSWITCH will keep track of the number of
disconnects. For example, a disconnect will occur if the device fails authentication. The timer begins
when the first disconnect occurs, and if the timer expires without reaching the maximum number
of disconnects, the disconnect counter is rest. Otherwise, if the maximum number of disconnect is
reached, then the device is moved to the rejected state. The default is 10 minutes.
SESSION INTERVAL
The time period beginning when the device enters the rejected state. When the timer expires, the
device is returned to the trying state and the CyberSWITCH attempts to connect to the device. The
default is 60 minutes. “N/ A” appears when the CyberSWITCH will not attempt a call again after a
rejection.
Note: When the Session Interval is configured, a device can fail authentication, move to the
rejected state, move back to the trying state after the timer expires, and fail authentication
again. This cycle can repeat an infinite number of times, depending on the status of call
restrictions. The CyberSWITCH will not stop this cycle until a call restriction limit his
reached or it is overridden by the system administrator by issuing the disc device
command.
SEMIPERMANENT CONNECTIONS BACKGROUND INFORMATION
In many areas, ISDN is tariffed by call, and not by connect time. This feature is ideal for areas like
this. Semipermanent connections allow you to automatically make a connection at startup time,
and keep that connection up at all times.
Although semipermanent connections are up at all times, they are different from dedicated
connections. A dedicated connection is simply a Layer 1 pipe for data. A semipermanent
connection is one or more switched calls made at startup and kept until shutdown.
The sections below provide information concerning how semipermanent connections interact with
other system features.
INTERACTIONS WITH OTHER FEATURES
Call Device Commands
Issuing the call deviceor disc device commands will effect the semipermanent connection.
These commands will override the semipermanent connection.
328
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING CALL CONTROL
Semipermanent Connections
Call Restrictions
You may wish to disable call restrictions when using semipermanent connections. Call restrictions
are mainly intended for use in areas where “per minute” ISDN tariffs are in place. Typically, this
in not the case if semipermanent connections are in use.
If you decide not to disable Call Restrictions, we recommend that you make the following Call
Restriction parameter alterations:
•
•
Change the maximum call duration to warn only.
Add 1,440 minutes to the Call Minutes per Day for every call in a configured semipermanent
connection.
•
•
Add 43,200 minutes to Call Minutes per Month for every call in a configured semipermanent
connection.
Allow calls for all hours in the day.
Throughput Monitor
The semipermanent connection feature, along with the throughput monitor, interact to prevent the
CyberSWITCH from dropping calls which are part of the semipermanent connection.
However, specific considerations apply to the use of the Throughput Monitor. Consider these two
situations:
1. To connect two systems together with semipermanent connections:
For each system, configure a semipermanent connection to the other, and enable Throughput
Monitoring on both.
However, you may occasionally see a “glare” condition (i.e., both machines attempting to
reestablish the connection after a network or power outage). This “glare” condition will not
occur if the semipermanent connection utilizes the entire bandwidth available at either system
site. Normal throughput monitoring will drop the extra call if traffic allows.
If this glare condition is unacceptable, you may either:
•
Delete all Dial-Out phone numbers (through CFGEDIT, Device List entries) for one of the
sites. The other site (that still has Dial-Out configured) will then create the semipermanent
connection.
•
Treat one system as a device which does not support semipermanent connections. (See
item 2, which follows).
2. To connect an system to a machine that does not support semipermanent connections, disable
Throughput Monitoring at the remote device.
If neither of these options are used, the remote device may periodically drop calls which are
members of a semipermanent connection. The semipermanent connection feature will stop making
calls if the number of connections dropped reaches the maximum within configured time limit. If
this happens, you will need to use the call device command to restart the feature.
Workgroup Remote Access Switch
329
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
VRA MANAGER AS A CALL CONTROL MANAGER
This feature allows you to use the Virtual Remote Access (VRA) Manager for call control
management only. This feature allows you to continue to use other authentication servers (e.g.,
RADIUS, ACE) yet still gain the benefits of VRA call control management.
CONFIGURING VRA MANAGER FOR CALL CONTROL
USING CFGEDIT
1. Select VRA as Call Control Manager from the Call Control Options menu.
2. The current status of the VRA Call Control Server will be displayed. Select 1 to toggle between
enabled and disabled, and ensure an enabled setting.
3. Select TCP port number if you wish to change this setting. Changes here will also appear on the
VRA Authentication menu.
4. Return to the Main Menu.
5. For authentication, if you are using the On-node Device Table or Off-node Device Level Security,
you are finished with the configuration of this feature. If you are using User Level Security, you
may wish to adjust the Authentication Time-out and/ or change the Call Control Failure
banner. Continue with the following steps.
6. Select Security and then Network Login Information.
7. Select Network Login General Configuration.
8. Select Authentication Timeout. Follow on-screen instructions to adjust this value.
9. Return to the Network Login Information Menu and select Network Login Banners.
10. Select the Call Control Failure Banner. Follow on-screen instructions to adjust this banner.
Note: If you are using the VRA Manager as your authentication manager, you do not have to
configure the call control option separately. This is only necessary when you are
configuring another device for authentication, and wish to use VRA for call control only.
CONFIGURATION ELEMENTS
STATUS
Allows you to enable or disable VRA for call control management.
TCP PORT NUMBER
The TCP port number used by the VRA Manager. Note that you can assign a user-defined port
number, but that the VRA Manager TCP port number must be entered identically on both the
CyberSWITCH and the VRA Manager.
330
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING CALL CONTROL
VRA Manager as a Call Control Manager
AUTHENTICATION TIMEOUT TIMER
This timer represents the amount of time the CyberSWITCH will wait for the Authentication Agent
to handle a login attempt before timing out. If VRA is enabled as Call Control Manager, this time-
out value must then represent the amount of time for both:
•
•
the Authenticating Agent to respond to the login attempt, and
the VRA Manager to respond to the login attempt.
CALL CONTROL FAILURE BANNER
If VRA does not permit call connectivity for any reason, the CyberSWITCH will display the
message “VRA Manager Denied Access”. You may change this default message to whatever you
choose through this configuration element.
BACKGROUND INFORMATION
Cabletron’s Virtual Remote Access (VRA) Manager consists of an administration program and a
user interface, and runs with a database and a standard SQL server. It acts as both an authentication
server and call control manager for the CyberSWITCH. This product is described in detail in the
SecureFast Virtual Remote Access Manager User’s Guide which accompanies the product.
If you are interested in call control management without VRA authentication, the VRA Manager as
Call Control Manager is now an available feature. This feature provides call control management
with any authentication agent (e.g., RADIUS, ACE, TACACS).
To use VRA for call control management only, you must enable the feature. The call will be
authenticated through the chosen method, and then call control management will pass to the VRA
manager. Acceptable authentication methods are:
•
•
•
•
•
•
RADIUS at device level
VRA at device level
RADIUS at user level
ACE at user level
TACACS at user level
On-node Device Table at device level
In all cases, the device information is propagated into the CyberSWITCH from the authentication
agent. (This implies that IP static routes and IP pooling are configured on the CyberSWITCH, and
not the VRA manager.) When VRA is not the authenticating agent, the VRA Manager cannot
initiate outgoing calls. To make outgoing calls from the CyberSWITCH, you must use other means
of initiation, based on type of security (e.g., IP route lookup using RADIUS).
CALL CONTROL MANAGEMENT
VRA call control management varies depending upon the type of security in use:
•
Device Level Security
If you use the On-node Device Table as authentication agent, VRA merely logs call start and
end times. (You do not need to configure devices in the VRA database).
If you use an off-node authentication server for authentication: configure devices on the VRA
manager as well. This will provide access to the following VRA call control management
features: call restrictions, maximum bandwidth, and grouping (in addition to the call logging
feature).
Workgroup Remote Access Switch
331
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
•
User Level Security
If you use user level security for authentication: configure devices on the VRA manager as well.
This will provide access to the following VRA call control management features: call
restrictions, maximum bandwidth, and grouping (in addition to the call logging feature).
User level security and VRA call control management work together as follows: VRA allows a
device to connect under an alias name until the user can be verified by its authentication server.
Once the user is properly authenticated, the device’s name is forwarded to the VRA manager.
The VRA manager can then further determine whether or not the device should be allowed
connectivity at this time.
Possible reasons VRA may disconnect the device’s call:
•
•
•
•
•
Call restrictions reached for this device.
Maximum bandwidth reached for this device.
Device and CyberSWITCH to which it is connected are not part of the same group.
Device on a reserved channel and not a reserved device.
Device not defined in VRA manager.
Note: The alias assigned to initial calls is REMOTEx. Be sure you do not use this name for any
of your device names when configuring VRA or your authentication server.
LIMITATIONS/CONSIDERATIONS
•
VRA must not initiate outgoing connections through the CyberSWITCH using non-VRA au-
thentication.
•
•
•
VRA as Call Control Manager may not be disabled if VRA is the authentication agent.
VRA as Call Control Manager is not disabled when VRA as authentication agent is disabled.
VRA does not override information found on the authenticating server except for: call restric-
tions, maximum bandwidth, and grouping.
•
VRA does not allow device names of REMOTEx to be configured.
332
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OTHER ADVANCED OPTIONS
OVERVIEW
This chapter provides information for configuring advanced system options that are not covered in
the previous chapters. These options include:
PPP CONFIGURATION
CONFIGURING PPP
Note: A thorough understanding of PPP protocol is required before you attempt to change the
PPP configuration. By changing the PPP configuration, you are changing the PPP protocol
negotiation parameters. These parameters only need to be changed when you are
attempting to interoperate with devices that do not provide a standard PPP
implementation. Changing these parameters can result in PPP option negotiation failure
and the inability to communicate with remote devices. The default parameters are
adequate for most sites.
USING CFGEDIT
1. Select PPP Options from the options menu.
2. Change the Global PPP options.
a. Change the max terminate value.
b. Change the max configure value.
c. Change the max failure value.
d. Change the restart timer value.
3. Change the LCP configuration options.
a. Change the LCP protocol field compression (PFC).
b. Change the LCP address control field compression (ACFC).
4. Change the IPCP configuration options.
a. Change the IPCP IP address negotiation initiation.
5. Change the Link Failure Detection Options.
a. Enable or disable the link failure detection feature.
b. Set the echo frequency.
c. Configure the maximum attempts.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
PPP CONFIGURATION ELEMENTS
MAX TERMINATE
The number of Terminate-Request packets sent without receiving a Terminate-Ack before
assuming that the peer is unable to respond.
MAX CONFIGURE
The number of Configure-Request packets sent without receiving a valid Configure-Ack,
Configure-Nak or Configure-Reject before assuming that the peer is unable to respond.
MAX FAILURE
The number of Configure-Nak packets sent without sending a Configure-Ack before assuming that
configuration is not converging. Any additional Configure-Nak packets are converted to
Configure-Reject packets.
RESTART TIMER
Times transmissions of Configure-Request and Terminate-Request packets. Expiration of the
Restart timer causes a Timeout event, and retransmission of the corresponding Configure-Request
or Terminate-Request packet.
LCP PROTOCOL FIELD COMPRESSION (PFC)
Provides a way to negotiate the compression of the Data Link Layer Protocol field.
LCP ADDRESS CONTROL FIELD COMPRESSION (ACFC)
Provides a way to negotiate the compression of the data link layer address and control fields.
RECEIVE SETTINGS
The receive settings for PFC and ACFC control whether (and how) the system receives PPP Packets
with PFC or ACFC. Receive setting options include:
•
•
•
•
mandatory: requested, repeated indefinitely if NAK'd
preferable: requested, repeated up to MaxAttempts times if NAK'd
supported: not requested, a peer request will be ACK'd
not supported: not requested, NAK'd if the peer requests it
SEND SETTINGS
The send settings for PFC and ACFC control whether (and how) the system sends PPP packets with
PFC or ACFC. Send setting options include:
•
•
•
•
mandatory: requested, repeated indefinitely if NAK'd
preferable: requested, repeated up to MaxAttempts times if NAK'd
supported: not requested, a peer request will be ACK'd
not supported: not requested, NAK'd if the peer requests it
IPCP ADDRESS NEGOTIATION INITIATION
IPCP address negotiation initiation defines when IPCP will initiate “IP address” IPCP option
negotiation. The possible choices are:
•
•
always initiate: IPCP will always initiate the IP address option negotiation (on a PPP link).
If IP Address Unknown: IPCP will initiate the negotiation only when the peer’s IP address is
unknown (for example, the system is running in the no-security mode, or the device entry does
not have an IP address configured.
Note: The default value is “Always Initiate.”
334
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OTHER ADVANCED OPTIONS
PPP Configuration
LINK FAILURE DETECTION STATUS
You can enable or disable the link failure detection feature. If enabled, there will be a periodic
transmission of Echo-Request frames, a maintenance type frame provided by PPP’s Link Control
Protocol. Reception of the appropriate Echo-Reply frame indicates a properly functioning
connection; incorrect replies or lack of replies indicate a connection failure.
ECHO FREQUENCY
This specifies, in seconds, how often the Echo-Request frames are transmitted (see above element).
The default value is 10 seconds.
MAXIMUM ATTEMPTS
This specifies how many consecutive Echo-Requests are sent without receiving a reply before
declaring the PPP link to be faulty. The default value is 3 attempts.
PPP BACKGROUND INFORMATION
Point-to-Point Protocol (PPP) can provide standard interoperability for remote devices.
Interoperability will allow remote devices made by different manufacturers to operate and
exchange information on the same network.
PPP consists of three main parts:
1. A method of encapsulating datagrams so that they can be more easily transmitted over point-
to-point links.
2. A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link
connection.
3. A family of Network Control Protocols (NCPs) for establishing and configuring different
network-layer protocols.
Link Control Protocol (LCP) is used to:
•
•
•
•
•
•
automatically agree upon the encapsulation formation options
handle the varying limits on sizes of packets
authenticate the identity of the remote device on the link
determine when a link is functioning properly
detect common misconfiguration errors
terminate the link
After a link is established through LCP, the Network Control Protocols (NCPs) manage the specific
needs required by each device’s network-layer protocol.
PPP LINK FAILURE DETECTION
On a point-to-point link, there are a variety of failures which can occur on the intervening
communications path and/ or within the remotely connected system. Often times, such failures are
detectable via a signalling mechanism associated with the link. For example, a failure of an ISDN
B-channel usually leads to a corresponding failure of the associated D-channel, an event which is
suitable for concluding that the B-channel has failed. Similarly, the Local Management Interface
(LMI) facility of a Frame Relay circuit may provide feedback suitable for determining that an end-
to-end Virtual Circuit has failed.
Workgroup Remote Access Switch
335
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
However, the PPP link exists on an end-to-end basis with the remote peer, a domain which exceeds
that controlled by the signalling-type entities just cited. Thus, not every end-to-end failure will be
detected. Some examples of such failures include:
•
•
an ISDN peer’s D-channel “process” is functional, but it’s B-channel “process” has failed
the underlying physical circuit has an end-to-end fault in one or both directions which does not
affect the D-channel or control path
•
the underlying physical circuit has been mistakenly looped back
In such cases, the Link Failure Detection feature can discern the fault(s). A properly functioning
remote device is obligated to return an Echo-Reply to each Echo-Request, which verifies the full
end-to-end path of the point-to-point link. Furthermore, the Echo-Request frames carry a PPP
element known as the “Magic Number” which can be used to ascertain if an inbound Echo-Request
truly came from the peer or was looped back.
PPP Link Failure Detection can be enabled or disabled within the PPP Options configuration menu.
When enabled, two other configurable parameters then control the mechanism. Upon entrance of
a PPP link into Network Phase (the point at which device data transfer is allowed), Echo-Requests
will be sent at a configured frequency. As long as Echo-Replies are received, the link is deemed to
be functional.
A second parameter specifies the maximum number of Echo-Request attempts which will be
transmitted without a reply. If this limit is reached, a message is logged and the link is reported as
faulty. Thus, the configured frequency multiplied by the configured maximum attempts yields the
approximate time it will take to detect a failed link.
Note: Within the CyberSWITCH, there are certain accesses which also present the ability to
enable/ disable the periodic transmission of link maintenance type packets. For example,
the packet-based Frame Relay access supports the configurable enable/ disable of
“Keepalives” in order to avoid the extra per-packet costs which the periodic Echo-Request
frames might incur. The PPP Link Detection Failure feature will honor such access-based
configuration, in addition to the explicit enable/ disable configuration status of the PPP
feature itself.
PPP REFERENCE DOCUMENTS
Point-to-Point Protocol (PPP) is also described in more detail in the set of RFCs listed below:
•
•
•
•
•
•
RFC 1661 The Point-to-Point Protocol
RFC 1638 PPP Bridging Control Protocol (BCP)
RFC 1549 PPP in HDLC Framing
RFC 1547 Requirements for an Internet Standard Point-to-Point Protocol
RFC 1334 PPP Authentication Protocols
RFC 1332 The PPP Internet Protocol Control Protocol (IPCP)
336
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OTHER ADVANCED OPTIONS
Default Line Protocol
DEFAULT LINE PROTOCOL
The default values for this feature are adequate for most situations. Instructions are included for
the rare instance that you need to alter the configuration.
Note: This feature does not apply to analog connections (including digital modem).
CONFIGURING DEFAULT LINE PROTOCOL
USING CFGEDIT
1. Select Default Line Protocol from the Options menu.
2. Change the action on the frame timeout.
3. Change the frame timeout value.
USING MANAGE MODE
lineprot
Displays the current default line protocol configuration.
lineprot change
Allows you to change the default line protocol configuration. For the configuration steps, refer
to the previous CFGEDIT section.
DEFAULT LINE PROTOCOL CONFIGURATION ELEMENTS
ACTION ON FRAME TIMEOUT
The action to be taken if no frame is received before the configured frame timeout value has
expired. The default value is to disconnect the call. The complete list of choices is as follows:
•
•
•
•
Disconnect
Use HDLC Bridge Protocol
Use IP Host Protocol (RFC 1294)
Use PPP Protocol
FRAME TIMEOUT VALUE
The time limit to wait to receive a packet. The default frame timeout value is 30 seconds. The
possible range is from 5 to 60 seconds.
DEFAULT LINE PROTOCOL BACKGROUND INFORMATION
When a connection occurs, the system waits for a packet to arrive, and from that packet, it
determines the protocol type. After a default frame timeout value of 30 seconds, if no packet is
received, the default action on frame timeout is to disconnect the call.
It is possible to change the timeout value for waiting for responses. You may also change the action
on frame timeout. Instead of disconnecting after the frame timeout value has been reached, you can
select a default protocol for the system to use.
Workgroup Remote Access Switch
337
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
LOG OPTIONS
Log options allow you to direct log reports to a specific location. Reports an be directed to a local
log file, or to a UNIX-style syslogs server. Currently, only call detail recording (CDR) reports can
be directed to a specific location.
CONFIGURING LOG OPTIONS
USING CFGEDIT
1. Select Log Options from the Options menu.
2. Select Servers from the Log Options menu.
a. No configuration is needed for a local log file. The local log file name is preconfigured.
b. To configure a Syslog Server, select Add a Syslog Server from the Log Options menu, then
enter the following information:
•
•
Enter the syslog server IP address using dotted decimal notation.
Enter the UDP port number for the Syslog Server.
c. To assign a log file to Call Detail Reporting (CDR) logs, select Call Detail Recording from the
Log Options menu, then enter the following information:
•
•
•
Press <1> to select an active server to which the CDR log reports will be sent.
Enter the ID of the log file you wish to use.
If a preconfigured Syslog Server is selected, enter the decimal UNIX priority value.
USING MANAGE MODE COMMANDS
log options
Displays the Log Options menu. The configuration screens are identical to those displayed by
CFGEDIT. Refer to the above section for instructions.
LOG OPTIONS CONFIGURATION ELEMENTS
Note: The local log file path and file name is preconfigured for your system; no configuration
elements are entered for a local log file. Configuration elements are only needed for Syslog
Servers.
IP ADDRESS
The IP address of the Syslog Server using dotted decimal notation.
UDP PORT
The UDP port that the syslogd daemon is listening on. The default port number is 514. Most often,
this will be the UDP port number you will use. Consult your UNIX documentation if you are
unsure of the UDP port number.
DECIMAL UNIX PRIORITY VALUE
The default priority value is “38”, which in BSD UNIX 4.3 represents a priority of
authentication.info. Because the values for both the facilities and the severity levels may vary from
338
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OTHER ADVANCED OPTIONS
Log Options
one version of UNIX to the next, the system allows you to set the entire priority value as an integer.
This integer will be prepended to all messages sent to this Syslog server.
Note: You do not have to configure a Syslog Server name. The first Syslog Server configure will
be automatically named Syslog1, the second Syslog2, and so on. Up to ten Syslog Servers
can be configured. (For storing CDR reports, you can select up to three of these servers.)
LOG OPTIONS BACKGROUND INFORMATION
The Log Options feature expands the system’s log file capability and provides a consistent interface
to the device when working with logging or tracing the activity of a subsystem. Currently, the log
options feature only supports the call detail recording (CDR) subsystem.
The log reports that allow you to trace the activity of a subsystem can be directed to a specific
location. The reports can be directed to a local log file, or to a UNIX-style syslog server.
An offnode server also aids in management of a site with multiple systems, since all systems can
then send their log messages to a central log server. Note that in the case where multiple systems
are logging their CDR reports to a single syslog server, the system name is used to distinguish
which system logged which report. This makes it crucial that each system be assigned a system
name that is unique within its environment.
LOCAL LOG FILE OVERVIEW
The CDR local log file is a circular file stored in RAM. It contains a fixed number of records. After
the log is full, each new record overwrites the oldest record in the file. This is similar to the system
reports log file that is viewed with the dr command.
Note: The CDR local log is intended for diagnostic use and is not suitable for production use as
a CDR log.
SYSLOG SERVER OVERVIEW
When an offnode syslog server is specified as the destination for log reports, this provides more
direct control over:
•
•
•
•
the allocation of disk space
the integrity of disk space (redundant, tape backup, UPS, etc.)
the ease of data retrieval
the management of a multi-node site; all nodes can send their log messages to a central log serv-
er
Offnode log servers must be accessible via the system’s LAN port; they cannot be accessed via the
WAN. In addition, it is recommended that the log servers either be located on the same LAN
segment as the system, or that a static route be defined for the log server. If a routing protocol such
as RIP is used to establish a route to the log server, the server will be unavailable for the first 90 to
180 seconds after loading the system — until the route is established. This will cause log messages
to be lost that are generated in the first 90 to 180 seconds of operation.
When we use the term UNIX Syslog Server, we are, more precisely, referring to the “syslogd”
daemon running on a UNIX system. Syslogd reads and forwards messages to the appropriate log
Workgroup Remote Access Switch
339
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
files and devices depending upon its configuration. Refer to your UNIX system documentation for
more information on syslogd.
Each log message sent to a syslogd server has a priority tag associated with it. The priority tag is
encoded as a combination: facility.level. The facility identifies the part of the system creating the
log message and the level describes the severity of the condition which caused the log message to
be written.
When sending a log message to a Syslog Server, the message is formatted as an ASCII string with
the first item in the string being the syslog priority enclosed in angle brackets. The priority is
presented as a decimal value, not a hexadecimal value. For example, to log the string “CDR
VERIFY” with a priority of authentication.info, the priority (26 hex) would be converted to 38
decimal and the syslog server would be sent the string “<38> CDR VERIFY”. The Syslog daemon
will use the priority of 38 (26 hex) to determine where the message should be sent or stored. The
string “CDR VERIFY” will then be sent to that destination.
The priority tag is implemented as an 8 bit hexadecimal integer. The low order three bits contain
the severity level; the high order 5 bits contain the facility. Thus, for a convenient example, level
info is encoded as the value 6 and facility authentication is encoded as the value 4 (in BSD UNIX
v4.3). These two fields are combined as follows:
•
•
•
level ‘6’
=> 06 hex
=> 20 hex
=> 26 hex
facility ‘4’ shifted left 3 bits to use the high order 5 bits
bitwise OR the two values together
In result, priority of authentication.info is encoded as 26 hex.
Note: Because the values for both the facilities and the severity levels may vary from one version
of UNIX to the next, the system allows you to set the entire priority value as an integer. This
integer will be prepended to all messages sent to the Syslog Server.
One of the sources from which syslogd accepts log messages is UDP port 514. This is the access
point that the system’s CDR subsystem uses when logging to a syslog server. It sends its log
messages to UDP port 514 at the server’s IP address.
Syslog Servers use UDP which is a datagram service. When a datagram is sent to a Syslog Server,
there is no acknowledgment that the datagram was properly received. To reduce the possibility of
lost data, two Syslog Servers may be used. The two resulting log files can be compared to detect
missing data in one or the other.
CDR LOG REPORT OVERVIEW
This option allows you select the storage destination of your CDR log reports. You may send the
CDR log reports to the local log, or to a previously configured offnode Syslog Server(s). A total of
three destinations may be selected. For example, you could select the local log, and two previously
configured Syslog Servers for your CDR log reports’ destinations.
Storage on the local log is not recommended for production use; it is intended primarily for
diagnostic use. This is because the local log only retains a fixed number of log entries. Once the file
is full, each new entry overwrites the oldest entry. This will not give you a complete CDR Log.
CDR reports sent to the local file can be written to disk by issuing the log cdr write command.
The file is the written to the \ LOG directory. The file name is CDR_LOG. The file extensions are .1,
340
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OTHER ADVANCED OPTIONS
Log Options
.2, and so on up to .10. The file extension cycles through the values 1 through 10 with each write
command, similar to the current report log file and status log file, so that the ten most recent
versions of the CDR log are available on the system disk.
There are five ISDN CDR events that are logged: connect, disconnect, reject, system up, and verify.
For each type of event that is logged, related CDR information is provided.
A report always refers to a particular device, the device at the other end of the WAN connection.
There is an important distinction between CDR on an interconnect device and CDR on a terminal
server. The remote device for an interconnect device is the device on the other end of the WAN
connection, not the human user or the client PC. For example, in the diagram below, it is Bridge
that is the system’s remote device, not Client1 (the machine) or Client2, and not the user, who is
using Client1.
ISDN
Remote Device
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
Bridge
Client 1
Client 2
CSX1200
Server
A CDR report contains a variety of data items related to an associated CDR event. Some reports
consist of more than one record.
Call Detail Recording Events
This section describes CDR events for switched ISDN services. There are five ISDN CDR events:
connect, disconnect, reject, system up, and verify.
A connect event occurs when the system authenticates the remote device of an ISDN connection.
The time stamp for the connect event marks the time the ISDN connection was established.
A disconnect event occurs when the system disconnects a connected device. The disconnect
timestamp marks the time that the decision to disconnect was made.
A reject event occurs when the system disconnects an ISDN connection for which no device was
authenticated. The reject timestamp marks the time that the decision to disconnect was made.
A system up event occurs when the system is loaded. The system up event provides a visible
divider in the log file between two instances of loading the system. Since the connection ID value
is a counter that begins at zero when the system is loaded, it is necessary that the log file contain an
indication of when the system is loaded.
A verify event is generated by issuing the cdr verify console command. This command verifies
the configuration of the CDR feature. It causes a message to be sent to all configured CDR log
Workgroup Remote Access Switch
341
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
servers. The proper logging of the message can then be inspected to verify that CDR configuration
is as desired.
Event Report Contents
A CDR event triggers a report which can consist of one or more records. Each record corresponds
to a line in the log file. This alleviates any constraints of having to fit a report in an 80 character
string. The reports are sent to some sort of log device; either a local log file or an offnode syslog
server.
Each ISDN connection is assigned a connection Id to uniquely identify the connection on its system.
This connection Id is presented on CDR reports so that all the records of a CDR report have the
same connection Id and can be associated, thereby the Connect and Disconnect reports for a given
connection can be associated by their matching connection Id field.
When multiple systems are logging to a shared, central log server, the combination of NAS name,
Event and Connection Id allows all the records of a report to be processed without ambiguity. (It is
crucial, in this case, that each system Name be set to a unique value; otherwise, it will be impossible
to distinguish the NAS which originated a CDR report).
A multi-channel connection is reported as a set of discrete connections to the same device (that
happen to coincide).
The record format of all CDR reports is consistent, so that all reports have a first record with
identical fields, all reports which have a second record, have identical fields in this record, etc.
The record formats for the four types of records available for event reports are as follows:
Record 1
<NAS Name>< ConnectionId>< Event Type>< 1 OF n>< Remote Device Name>< PORT
s/l/b>
Record 2
<NAS Name><ConnectionId><Event Type>< 2 OF n>< Direction><phone number if
available>
Record 3
<NAS Name><ConnectionId><Event Type>< 3 OF n><Data Rate><Timestamp>
Record 4
<NAS Name><ConnectionId><Event Type><4 OF n><Duration>
The following fields are defined for the CDR Event Reports. The precise meaning of some fields,
timestamp for example, will vary depending upon which report the field is in. These variations are
defined further when the report contents are described.
CALLING DIRECTION
This indicates which side initiated the connection. The possible values are “IN FROM” and “OUT
TO”.
CONNECT TIME
Refer to “Duration”.
342
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OTHER ADVANCED OPTIONS
Log Options
CONNECTION ID
This field is used to correlate all records involving a particular ISDN connection. The field is an
unsigned long hexadecimal integer. It begins at zero when the system is loaded and increments by
one to 0FFFFFFFF hex, at which point it wraps back to zero. This provides for somewhat over four
billion connections before a connection Id is re-used.
DATA RATE
This field indicates the data rate for a B channel. The possible values are 56 Kb, 64 Kb and 384 Kb.
DURATION
This field reflects the time that a connection is active; it is presented in hours, minutes and seconds.
The precise meaning varies somewhat for a successful connection versus a call rejection.
EVENT TYPE
This field indicates what type of event the associated message is reporting. The possible values are
‘CONNECT’, ‘DISCONNECT’, ‘REJECT’, ‘SYSTEM UP’ and ‘CDR VERIFY’.
NAS NAME
NAS Name (Network Access Server Name) contains the System Name of the system logging the
message.
PHONE NUMBER
On incoming calls this field contains the Calling Line Id of the caller if the information is available
(some switches do not provide Calling Line Id). On outgoing calls, this field contains the phone
number of the remote device that the system is calling.
REMOTE DEVICE NAME
This field contains the name of the remote device, if available.
SLOT, LINE AND BEARER
This field identifies the slot (or resource), the line and the bearer channel used for the associated
connection.
TIME STAMP
The field contains the time and date. The meaning of this field varies depending upon the report.
Connect Event Report Contents
On a connect event, records 1 through 3 are used. The event type is CONNECT. The timestamp
reflects the time that the ISDN connect message was received from the switch. An incoming phone
number is displayed if it is provided by the telephone switch. Not all switches provide calling line
identification. A phone number is always displayed for outbound calls.
The following are example connect event reports:
example 1:
Chicago-Schaumburg 00000001 CONNECT 1 OF 3 MonroeCounty PORT 1/1/1
Chicago-Schaumburg 00000001 CONNECT 2 OF 3 IN FROM 3135551212
Chicago-Schaumburg 00000001 CONNECT 3 OF 3 64Kb 08/16/95 23:11:55
Workgroup Remote Access Switch
343
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
example 2:
Chicago-Schaumburg 00000001 CONNECT 1 OF 3 MonroeCounty PORT 1/1/1
Chicago-Schaumburg 00000001 CONNECT 2 OF 3 OUT TO 3135551212
Chicago-Schaumburg 00000001 CONNECT 3 OF 3 64Kb 08/16/95 23:11:55
Note: In most cases, a device is identified when a connect event occurs and the device name is
included in the connect report. With user level security, the connect event occurs before the
user is identified. Therefore, the connect report will contain a name of UNKNOWN. The
disconnect report will have the actual user name, as determined by SENTRY. The
connection Id from the connect and disconnect reports will match.
Disconnect Event Report Contents
On a disconnect event, records 1 through 4 are used. The event type is DISCONNECT. The
timestamp reflects the time that the decision to disconnect was made. The phone number displayed
is the phone number in the Connect report.
The duration is calculated by subtracting the connect event time from the disconnect time.
The following is an example disconnect event report:
Chicago-Schaumburg 00000001 DISCONNECT 1 OF 4 MonroeCounty PORT 1/1/1
Chicago-Schaumburg 00000001 DISCONNECT 2 OF 4 IN FROM 3135551212
Chicago-Schaumburg 00000001 DISCONNECT 3 OF 4 64Kb 08/16/95 23:11:55
Chicago-Schaumburg 00000001 DISCONNECT 4 OF 4 DURATION 01:11:55
Reject Event Report Contents
On a reject event, records 1 through 4 are used. The event type is REJECT. The timestamp reflects
the time that the decision to disconnect was made. An incoming phone number is displayed if it is
provided by the telephone switch. Not all switches provide calling line identification. A phone
number is always displayed for outbound calls.
The duration is calculated by subtracting the ISDN connection timestamp (the time that the ISDN
connect message was received from the switch) from the reject event timestamp.
The following is an example reject event report:
Chicago-Schaumburg 00000001 REJECT 1 OF 4 UNKNOWN PORT 1/1/1
Chicago-Schaumburg 00000001 REJECT 2 OF 4 IN FROM 3135551212
Chicago-Schaumburg 00000001 REJECT 3 OF 4 64Kb 08/16/95 23:11:55
Chicago-Schaumburg 00000001 REJECT 4 OF 4 DURATION 00:00:07
System Up Event Report Contents
On a System Up event, only record 1 is used. The event type is SYSTEM UP. No data is filled in for
the Remote Device Name field or the Port field.
The following is an example reject event report:
Chicago-Schaumburg SYSTEM UP 1 OF 1
344
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OTHER ADVANCED OPTIONS
Compression Options
Verify Event Report Contents
On a Verify event, only record 1 is used. The event type is CDR VERIFY. No data is filled in for the
Remote Device Name field or the Port field.
The following is an example verify event report:
Chicago-Schaumburg CDR VERIFY 1 OF 1
COMPRESSION OPTIONS
Compression allows the CyberSWITCH to compress outgoing data and decompress incoming
data. This allows user devices on the WAN to initiate a connection to the system over the switched
digital network and transmit and receive compressed data, thereby increasing the amount of data
that can be transmitted over the line and decreasing the transmission time.
CONFIGURING COMPRESSION OPTIONS
USING CFGEDIT
1. Select Compression Options from the options menu. The following menu will be displayed:
Compression Options Menu:
1) Compression Subsystem (Enable/Disable)
2) Default Per-Device Compression setting (Enable/Disable)
3) Starting PPP STAC-LZS Sequence Number
Select function from above or <RET> for previous menu:
2. Select option 1 and follow the onscreen instructions to enable compression on a system-wide
basis. If enabled, the system will negotiate compression with remote devices per their
individual device configuration. If disabled, the system will not negotiate compression with
any remote device.
3. Select option 2 and follow the onscreen instructions to either enable or disable per-device
compression. This defines the initial value for the per-device state when a new device is added
to the on-node device table. Or, if the device is authenticated via an off node server, the device
will be given its compression enable/ disable state based on this value when no value is
delivered by the off-node database.
4. Option 3 is only applicable when using PPP compression with the STAC-LZS protocol. This
allows you to change the starting PPP STAC-LZS sequence number for devices that do not have
the starting sequence of 1.
COMPRESSION OPTIONS CONFIGURATION ELEMENTS
COMPRESSION SUBSYSTEM STATUS
You may enable or disable the compression subsystem status. This option provides enable/ disable
control over the entire compression subsystem within the system. If this option is enabled, the
system will negotiate compression with remote devices per their individual device compression
Workgroup Remote Access Switch
345
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
configuration. If this option is disabled, the system will not negotiate compression with any remote
device. The default value is enabled.
Note that enable/ disable applies to all protocols which support compression.
DEFAULT PER-DEVICE COMPRESSION SETTING
You may enable or disable the per-device compression setting. This is in addition to the global
compression enable/ disable state described above. The Default Per-Device Compression setting
defines the initial value for the per-device state when you add a new device to the on-node device
table. Or, if the device is authenticated via an off node server, the device will be given its
compression enable/ disable state based on this value when no value is delivered by the off-node
database.
You may later change a specific device’s enable/ disable state.
The per-device compression enable/ disable state is only supported for connections using the PPP
protocol. The default value is enabled.
STARTING PPP STAC-LZS SEQUENCE NUMBER
Default value is 1. When using PPP Compression with the STAC-LZS protocol, a sequence
numbering scheme can be used whose initial value is required to be 1 by the protocol specification.
Some devices from other vendors do not start with 1. This results in a resynchronization sequence
on the first frame which is exchanged. When the user device fully supports the CCP protocol’s
Reset mechanism, this will only result in the minor inconvenience of a lost frame at the beginning
of a session. However, if such a device’s resynchronization mechanism is to completely renegotiate
CCP, this sequence will repeat infinitely.
This option provides an escape mechanism to allow interworking with such devices by modifying
the initial PPP STAC sequence number.
The Starting PPP STAC Sequence Number is maintained for each device. The value which appears
on this configuration screen provides the default value for the per-device value. When you add a
new device to the on-node device table, that device’s starting sequence number option will be
assigned the value which appears on this screen. You can then change this for each individual
device. Or, if the device is authenticated via an off node server that does not deliver a value for this
configuration item, the device will be given its starting sequence number from the value on this
menu
As its name implies, this option only applies to connections which utilize the PPP protocol with
STAC-LZS compression and sequence numbers checking.
COMPRESSION OPTIONS BACKGROUND INFORMATION
The system data compression capability allows the system to negotiate compression algorithms
with a remote device. This compression can be done using some proprietary bridging protocols and
also the PPP CCP protocol.
After successfully negotiating compression, data is compressed by a peer and transmitted to the
system. The system decompresses the data, processes the addressing information contained in the
device data, and transmits the data as required. The converse is also true, the system can receive
data coming from a WAN or LAN, compresses the data before transmitting it to a peer. The net
346
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OTHER ADVANCED OPTIONS
Compression Options
effect is to increase effective interconnect bandwidth by decreasing transmission time. If
negotiation for compression fails, data is transmitted uncompressed.
The compression algorithm implemented is STAC-LZS. This algorithm is used in all of STAC’s data
compression products. This software version is fully compatible with STAC’s data compression
compressor chips including the multi-tasking features. STAC-LZS data compression is performed
by replacing redundant strings in a data stream with shorter tokens. The STAC-LZS uses a
compression history, or sliding window, as opposed to a structured dictionary. This allows greater
flexibility and a greater number of possible string comparisons during compression process. The
compression history automatically discards old information as new information is processed. Both
the device and system must perform compression using the STAC-LZS data compression
algorithm. The peer and remote compression algorithms must be synchronized, this is
accomplished by negotiating compression at channel connect time. Once this has been
accomplished compressed data can be transmitted. If a transmission problem should ever occur the
problem is detected and compression re-synchronized by the execution of a pre-defined protocol.
COMPRESSION AND CCP
The Compression Control Protocol (CCP) is one of a suite of protocols which operate under the
umbrella of the IETF’s Point-to-Point Protocol (PPP) suite. CCP implementation permits
compression and decompression on PPP links.
During call establishment, an appropriately configured system will attempt to negotiate
compression using CCP and STAC-LZS. The system will support either of two STAC-LZS modes,
sequence numbers or extended mode. This negotiation will take place on all calls. Specific options
used by CCP include:
•
•
•
STAC-LZS compression algorithm
one history
sequence number check mode or extended mode
During CCP negotiations, the system will always propose the use of Sequence Number check mode
first for inbound traffic. The peer has the option to accept or reject this proposal. If the peer rejects
the proposal and counter-proposes STAC-LZS Extended mode, it will be accepted by the system.
For outbound traffic, the system will accept either Sequence Number or Extended Mode.
Once compression has been negotiated, transfers of compressed data can take place across the
Point-to-Point links. Such compressed data packets will be encapsulated as described in the CCP
specification. Received data packets not so encapsulated will be considered to be uncompressed
data and will be forwarded on in the order they were received. Transmitted packets whose
compressed size increases to the point of exceeding the link’s Maximum Receive Unit (MRU) will
be sent uncompressed.
When using Sequence Number check mode and a non-zero number of histories, the STAC-LZS
algorithm requires that incoming data packets be decompressed in the order they were
compressed. The sequence numbers are used to assure proper ordering and that no packets have
been lost. Should a packet loss be detected, the system will send a CCP Reset-Request packet as
described in the CCP specification to the peer and will discard any accumulated history and
queued receive packets. The peer will be expected to also discard its outbound history and respond
with a CCP Reset-Acknowledgment. At this point, both sides will have been resynchronized and
compressed data transfers can continue.
Workgroup Remote Access Switch
347
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
When using Extended mode, a coherency count is checked to detect lost packets. If a packet loss is
detected by the receiver, a Reset-Request is sent to the transmitter. The next compressed data
packet transmitted will have a bit set to indicate that the history has been reset.
With the use of sequence numbers, the decompressed output of all in-order compressed frames is
assumed to be valid. The correct CRC check of the underlying link, combined with the in-order
sequencing of the frames, is the basis for assuming that the data yielded by the decompression is
accurate. However, even when these conditions have been met, the internal STAC library can still
signal a decompression failure. This type of error in the peer device is not considered to be
recoverable, as it indicates a flawed compressed packet from the decompressing system’s point of
view. Therefore, should such an error occur, CCP will be closed and the connection will continue
to operate, albeit without compression. An error message will be logged indicating an internal
decompression failure.
Compression is negotiated independently on inbound and outbound channels. It is possible to
provide compression in one direction while not in the opposite direction.
Should the peer not support PPP compression, CCP will fail to converge and the link will continue
to operate without providing compression. Should the peer support CCP, but not the Stac protocol,
the CCP negotiation will succeed, but no actual compression will occur on the connection.
Note: The CyberSWITCH does not support individual link compression when PPP Multilink is
negotiated to aggregate multiple links. Multiple links to a single destination will be treated
as a single high capacity link as far as PPP compression is concerned. One history will be
kept for the group of links, and packets will be compressed before they are fragmented for
transmission across the multiple links.
The following documents provide additional information about PPP Compression:
•
•
The PPP Compression Control Protocol (CCP); RFC 1962; Dave Rand; June, 1996.
PPP Stac LZS Compression Protocol; RFC 1974; Robert Friend and William Allen Simpson; Au-
gust 1996.
TFTP
CONFIGURING TFTP
Note: You cannot configure TFTP through CFGEDIT. The configuration can only be done
through Manage Mode commands.
USING MANAGE MODE COMMANDS
tftp
This command displays the current TFTP configuration. The TFTP configuration information
includes the following items:
•
•
•
•
operational status of the TFTP feature (enabled or disabled)
operational status of the TFTP Client (enabled or disabled)
operational status of the TFTP Server (enabled or disabled)
the file access rights for the TFTP Server (ADMIN or GUEST)
348
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OTHER ADVANCED OPTIONS
TFTP
tftp change
This command allows you to change the current TFTP configuration. You can enable or disable
the TFTP feature, TFTP Client, and the TFTP Server. You can also change the file access rights
for the TFTP Server.
TFTP CONFIGURATION ELEMENTS
OPERATIONAL STATUS OF TFTP FEATURE
You can enable or disable the TFTP feature.
OPERATIONAL STATUS OF TFTP CLIENT
You can enable or disable the TFTP client feature. The TFTP client functions are achieved through
administration console commands.
OPERATIONAL STATUS OF TFTP SERVER
You can enable or disable the TFTP server feature. The TFTP Server function is invoked remotely
from a TFTP host device connected to either a LAN or WAN network interface.
FILE ACCESS RIGHTS FOR THE TFTP SERVER
The file access rights associated with the configured device Id that are applied to all file accesses by
the remote host.
TFTP BACKGROUND INFORMATION
The TFTP (Trivial File Transfer Protocol) feature provides the ability through the TFTP Server, to
upload and download configuration, report, statistics, and other system files to or from a remote
system. The TFTP feature also provides the capability from the console for the device to send and
receive the same file types through the TFTP Client function.
The TFTP feature will provide controlled read (download) and write (upload) access by remote
systems to configuration, report, statistics, and other system files on target systems through the
TFTP Server. The system will also have the ability to upload and download these file types to or
from target remote systems through a console invoked TFTP Client function.
Access to files on an system will be controlled by configuration through Manage Mode. File access
attributes are associated with the existing system device id’s (GUEST and ADMIN) to allow
configuration of file access rights.
Configuration of the TFTP feature through Manage Mode allows the administrator to restrict
upload and download access for each particular file type. The administrator can also disable the
entire feature or a portion of the feature through Manage Mode.
The system provides both a TFTP client and a TFTP Server function. The TFTP Client is invoked
via system commands from an administration session on the system console. The TFTP client uses
the file access attributes of the currently logged in device id, either GUEST or ADMIN.
The TFTP Server function is invoked remotely from a TFTP host device connected to either a LAN
or WAN network interface. The administrator sets the file access attributes for the TFTP Server
function by associating an system device ID (GUEST or ADMIN) with the TFTP Server function.
Whenever a remote host invokes the TFTP Server function in the system, the file access rights
associated with the configured device ID are applied to all file accesses by the remote host.
Workgroup Remote Access Switch
349
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Each device has pre-assigned configurable access rights to the TFTP permissible file types. The
When a device remotely access the TFTP server, it doesn’t matter what level the device is logged in
as. What matters is the device level that is configured for the Server on the system that is being
logged into. It is this file access level (or device login level) that controls all remote devices accesses.
FILE ATTRIBUTES
CONFIGURING FILE ATTRIBUTES
Note: You cannot configure file attributes through CFGEDIT. The configuration can only be done
through Manage Mode commands.
USING MANAGE MODE COMMANDS
fileattr
This command displays the current access rights for each access level depending on file types.
fileattr change
This command allows you to change the access rights for each access level, depending on file
types.
FILE ATTRIBUTES CONFIGURATION ELEMENTS
FILE ATTRIBUTE
The access right for each access level assigned to each file type. Access rights include:
•
•
•
•
read only access (R)
write only access (W)
read and write access (RW)
no access rights (N)
FILE ATTRIBUTES BACKGROUND INFORMATION
The tftp changeManage Mode command allows you to assign the file access rights for the TFTP
access rights for each access level, depending on file type.
The default file access for the GUEST device is “read” access to all files. The default file access for
the ADMIN device is “read” access to the report and statistics files, with “read and write” access to
all other files. The default for the TFTP server is ADMIN file access rights. The possible file types
and possible accesses for each device are:
350
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CONFIGURING OTHER ADVANCED OPTIONS
File Attributes
Users
GUEST
ADMIN
Report Files
RN
StatFiles
RN
CfgFiles
Other Files
N
RN
RN
RN
RWN
RWN
where:
•
•
•
•
“R” is for read only file access
“W” is for write only file access
“RW” is for read and write access
“N” is for no access rights for the corresponding file type
The file types that fall under the headings shown above are as follows:
File category
File types included in the category
RPRT_LOG.1 - 5
REPORT
STATISTICS
CONFIGURATION
STAT_LOG.1 - 5
*.NEI (with the exception of
CFGTOKEN.NEI)
OTHERS
All other file types i.e. .EXE, .COM,
.TXT, (CFGTOKEN.NEI), etc.
Workgroup Remote Access Switch
351
Download from Www.Somanuals.com. All Manuals Search And Download.
TROUBLESHOOTING
We include the following chapters in the Troubleshooting segment of the User’s Guide:
After your CyberSWITCH has been configured, and before proceeding with normal system
operations, you may want to verify that the system is functional. System Verification provides
instructions for verifying the system hardware and system configuration.
When used in conjunction with System Verification, this material helps diagnose problems
encountered in the verification process.
Provides an explanation of the LED indicators. These indicators can provide valuable
information for troubleshooting.
Provides a listing of all system messages, their meanings, and when applicable, possible actions
you should take.
For certain features you may turn a trace option on, allowing you to track system messages
particular to that feature. Information is included describing how to turn the trace options on.
We also list possible resulting trace messages and their meanings. The trace option is available
for the following features: call trace, frame relay (LAPB), PPP packets, and X.25.
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
OVERVIEW
After your CyberSWITCH has been configured, and before proceeding with normal system
operation, it is necessary to verify that the system is functional. This chapter provides instructions
for verifying the system hardware and system configuration.
You only need to perform the verification procedures for the options that apply to your
configuration. For example, if your configuration does not use SNMP, skip the SNMP verification
section.
To perform the verification procedures, WAN lines must be available and ready to use. LAN
attachment components must also be available and ready to use.
During some of the procedures, we ask you to enter an administration console command. To enter
these commands, you must have an active administration session. If you need instructions for
Note: At least one remote device is required to proceed with many of the verification procedures.
VERIFYING HARDWARE RESOURCES ARE OPERATIONAL
To verify the operation of the WAN and LAN hardware resources:
1. At the system prompt, enter the drcommand to display current system messages. At the
administration console type:
dr<return>
2. If you have enabled bridging, look for these LAN adapter initialization messages among the
system messages:
LAN Port <port #> is now in the LISTENING state
LAN Port <port #> is now in the LEARNING state
LAN Port <port #> is now in the FORWARDING state
3. If you have enabled IP routing, look for this LAN adapter initialization message among the
system messages:
[IP] IP router is initialized successfully
Note: Other messages may also be displayed with the LAN adapter initialization messages.
If these LAN adapter initialization messages are displayed, then the LAN adapter is operational.
Proceed to the next section.
Problem Diagnosis chapter.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
VERIFYING WAN LINES ARE AVAILABLE FOR USE
To verify the availability of WAN lines, the WAN resource must already be operational. Also, the
WAN lines must already be configured and connected to the CyberSWITCH.
To verify the availability of WAN lines:
1. Check the Line SYNC LED for each line. If the operational software determines that Layer One
is up, then this indicator light is on.
If you are not where you can see the system’s LED display, use the statuscommand via
Telnet to verify the availability of WAN lines. Instructions for using this command are
2. You may also determine if WAN lines are operational by viewing the system messages: at the
administration console type:
dr<return>
The drcommand displays the current system messages.
3. For each basic rate or primary rate line configured and attached to the CyberSWITCH, the
following line initialization message should be displayed among the system messages:
Data Link up: <slot #> <port #> <ces>
Depending on the resource switch type, the system will delay up to 2 minutes before
attempting to bring up the data links.
Note: Other messages may also be displayed with the line initialization messages.
If this message is displayed for each configured line, then the WAN lines are available for use.
VERIFYING LAN CONNECTION IS OPERATIONAL
To verify the operation of the LAN connection, the Ethernet LAN adapter resource must already
be operational.
To verify the operation of the LAN connection:
1. Connect the CyberSWITCH to as properly terminated Ethernet LAN. If an external MAU is
used, AUI cabling must be used. 10Base-T can also be used (with no MAU). If both types of
connections are used, the 10Base-T will be the overriding connection.
2. If 10Base-T is used, check the 10Base-T LED on the CyberSWITCH. If this connection is
working properly, the 10Base-T LED light will shine steadily.
3. If a MAU with AUI cabling is used, check the MAU’s LED.
354
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying Bridge is Initialized
4. Transmit a test packet onto the Ethernet LAN. At the administration console type:
lan test <return>
This command will display a message similar to the following:
LAN port 1 Transmit was successful
If the system displays this message, then the test packet was transmitted correctly.
the Problem Diagnosis chapter.
VERIFYING BRIDGE IS INITIALIZED
To verify that bridging has initialized properly:
1. Determine if the bridge is in the forwarding state by viewing the system messages. At the
administration console type:
dr<return>
2. The drcommand displays the current system messages. Look for the following LAN adapter
messages among the system messages:
LAN Port <port #> is now in the LISTENING state
LAN Port <port #> is now in the LEARNING state
LAN Port <port #> is now in the FORWARDING state
Note: Other messages may also be displayed with these LAN messages.
If you see these bridge initialization messages, then bridging is operational. If these bridge
chapter.
VERIFYING IP ROUTER IS INITIALIZED
To verify that IP routing has initialized properly:
1. View the system messages. At the administration console type:
dr<return>
2. Look for the following IP message among the system messages:
[IP] IP router is initialized successfully
3. For each IP interface that has been configured, the following interface initialization message
should be displayed among the system messages.
[IP] Network initialized successfully on ddd.ddd.ddd.ddd
Note: Other messages may also be displayed with the IP router initialization messages.
If you see these IP router initialization messages, then the IP router is operational. If these IP
Diagnosis chapter.
Workgroup Remote Access Switch
355
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
VERIFYING A DEDICATED CONNECTION
To verify a dedicated connection to the CyberSWITCH, the WAN lines that are connected to the
system must be available for use, and the routing option must be properly initialized.
To verify that you have a dedicated connection:
1. View the system messages by entering the following console command:
dr<return>
2. Look for the following system message among the displayed messages:
Layer 1 sync not seen - Slot=<slot #> Port=<port #> Ces=<communication
endpoint suffix>
If the above message appears, a physical problem has been detected on the indicated line.
Check for a proper connection to the CyberSWITCH and to the NT1 or CIU. If the NT1 or CIU
appears to be functioning properly, call your carrier service and report the problem.
If the above message does not appear in the displayed messages, proceed to the next step.
3. Look for the following system message among the displayed messages:
Dedicated connection to device <device name> up: Slot=<slot#>,
Port=<port #>
If the above message is displayed, the dedicated connection is functioning.
If the following message appears, the dedicated connection is not functioning.
Dedicated connection down: Slot=<slot#>, Port=<port #>
that use dedicated connections are PPP devices, follow the described set-up procedure, then
VERIFYING A FRAME RELAY CONNECTION
To verify a frame relay connection to the CyberSWITCH, the WAN lines that are connected to the
System must be available for use, and the routing option must be properly initialized. To verify a
connection, the a remote device must have a connection established.
Enter the frame relay stats command at the administration console. If the statistics display
appears, the frame relay subsystem should be operational. If the following message is displayed,
frame relay is not configured:
No Frame Relay Accesses configured
Enter the cs command at the administration console. The device name for the associated PVC
should appear in the list of connected sites.
If you receive the above message, or if the device name for the associated PVC does not appear in
the list of connected sites, then refer to Frame Relay Connections of the Problem Diagnosis chapter.
356
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying an X.25 Connection
VERIFYING AN X.25 CONNECTION
To verify an X.25 to the CyberSWITCH, the WAN lines that are connected to the System must be
available for use, and the routing option must be properly initialized. Follow the steps below to
verify that you have an X.25 connection.
Enter the x25 stats command at the administration console. If the statistics display appears, the
X.25 subsystem should be operational. If the following message is displayed, X.25 is not configured:
No X.25 Accesses configured
VERIFYING REMOTE DEVICE CONNECTIVITY
To verify remote device connectivity to the CyberSWITCH, the WAN lines that are connected to
the system must be available for use, and the bridging and/ or routing options must be properly
initialized. The remote devices must be operational and available to initiate ISDN WAN
connections.
The method of connection initiation is dependent upon the remote device type. Refer to the remote
device documentation to determine how to initiate an ISDN WAN connection.
To verify remote device connectivity:
1. In a controlled manner, initiate an ISDN connection from each remote device.
2. When each remote device connects to the system, it will appear as either a “REMOTE site” or
as the configured Device Name (if security is enabled) on the Monitor Connections screen. To
display the Monitor Connections screen, enter the following console command:
mc <return>
Note: The terminal type must be the same for Telnet and the terminal emulation. Use the
If each remote device is able to connect to the CyberSWITCH, then WAN connectivity is
successful.
If a remote device is NOT able to connect to the system, then refer to Remote Device Connectivity
in the Problem Diagnosis chapter.
VERIFYING MULTI-LEVEL SECURITY
To verify device and user level security to the CyberSWITCH, the WAN lines that are connected to
the system must be available for use, and IP, AppleTalk, or bridging options must be properly
initialized. The remote devices must be operational and available to initiate ISDN WAN
connections. The remote device must be configured on a device database, with User Level
Authentication initially disabled. A client PC on the LAN of the remote device must a user ID and
password for a user level database on an off-node server. Both databases must be enabled and
available.
Workgroup Remote Access Switch
357
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Below is an example of a configuration used to verify multi-level security over an IP WAN
UnNumbered interface. It uses IP addresses specific to the example. Substitute the IP address of
your network when you perform the multi-level security verification steps. It also uses the “ping”
command. The “ping” command sends a packet to a specified host, waits for a response, and
reports success or failure. Substitute the equivalent command on your network.
Remote
Device
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
ISDN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
CH
CH-1
CH-2
-CH
SYNC
SYNC
SYNC
SYNC
AGI
192.100.1.1
Telnet Port
to ACE 7003
100.0.0.1
100.0.0.3
100.0.0.2
Client PC
192.100.1.2
Service
Server
Ace Server
The steps to verify multi-level security are:
1. Determine if the client PC can ping the Service Server. On the Client PC, type:
ping 100.0.0.2 <return>
If the ping is successful, then continue with the next step.
2. Reconfigure the definition of the remote device in the device database to enable User Level
Authentication. Attempt to ping the Service Server again. On the client PC, type:
ping 100.0.0.2 <return>
If the ping is successful, disconnect the call. Ensure that User Level Authentication is enabled
for the remote device, then try the ping again. The ping should fail.
If the client PC CANNOT ping to the Service Server, then continue with the next step.
3. Telnet from the client PC into the central site. For example, telnet to 100.0.0.1, port 7003. Follow
the normal user level authentication process.
4. Once again, determine if the client PC can ping the Service Server. On the Client PC, type:
ping 100.0.0.2 <return>
If the ping is successful, then multi-level security is operational.
Diagnosis chapter.
358
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying IP Host Mode is Operational
VERIFYING IP HOST MODE IS OPERATIONAL
The follow sections provide methods of verifying that the IP Host Mode has properly initialized
and that the feature is operational.
VERIFYING IP HOST IS INITIALIZED
If you have configured the IP feature in the Host mode, follow the steps below to verify that it has
initialized properly.
1. Determine if IP Host has been initialized by viewing the system messages. To view the
messages, enter the following command:
dr<return>
2. Look for the following IP message among the system messages:
[IP] IP Host is initialized successfully
3. For the IP Interface that has been configured, the following interface initialization message
should be displayed among the system messages:
[IP] Network initialized successfully on ddd.ddd.ddd.ddd
Note: Other messages may also be displayed with the IP router initialization messages.
If you see these IP host initialization messages, then the IP host is operational.
Problem Diagnosis chapter.
VERIFYING IP HOST MODE IS OPERATIONAL
The following two sections provide a method to verify that the IP Host mode feature is operational.
To verify that IP Host mode feature is properly operational, a remote IP Host must be operational
and available to initiate WAN connections via a remote bridge device. Also, a local IP host must be
connected to the local LAN port on the CyberSWITCH.
Each section below uses example entries to verify IP Host mode operation. IP addresses are specific
to the examples. Substitute the IP addresses of your network when you perform the IP Host mode
feature verification steps. Each section also uses the ip pingcommand. The ip pingcommand
sends a packet to a specified host, waits for a response, and reports success or failure. Substitute the
equivalent command on your IP host.
VERIFYING IP HOST MODE OPERATION OVER A LAN CONNECTION
The steps to verify the operation of IP Host mode feature over a LAN connection are:
1. Determine if the CyberSWITCH can access the local IP host. Type:
ip ping 100.0.0.2
Workgroup Remote Access Switch
359
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
2. If a message similar to the following is displayed, the IP host mode feature over the specified
LAN port is operational. Repeat this step for each LAN port on your Ethernet resource.
100.0.0.2 is alive
3. If this message is not displayed, then the IP Host mode feature over the LAN connection is not
Diagnosis chapter.
4. Once IP Host Mode feature is operational on each LAN port on your Ethernet resource, then IP
Host Mode feature over the LAN Connection is operational.
VERIFYING IP HOST MODE OPERATION OVER A WAN CONNECTION
The steps to verify the operation of IP Host mode feature over a WAN connection are:
1. Determine if a remote IP Host (Host B) can access the system. On the remote IP host type:
ping 100.0.0.1
2. If a message similar to the following is displayed, the IP host mode feature over the specified
WAN connection is operational.
100.0.0.1 is alive
3. If this message is not displayed, then IP Host mode feature over the WAN connection is not
chapter.
VERIFYING IP ROUTING OVER INTERFACES
The following sections provide a method of verifying that IP routing is operational over the
available interfaces.
VERIFYING IP ROUTING OVER A LAN INTERFACE
To verify that IP routing is operating properly over the LAN connection, an IP host must be
connected to the local LAN port on the CyberSWITCH. The host must be properly configured and
operational on the IP network to which it is connected.
Below is an example of a configuration used to verify IP routing over a LAN connection. It uses IP
addresses specific to the example. Substitute the IP addresses of your network when you perform
the IP routing verification steps.
360
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying IP Routing Over Interfaces
CSX1200
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
-CH
CH-1
CH-2
-CH
CH-1
H-2
-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
AGI
100.0.0.1
100.0.0.0
100.0.0.2
Host A
To verify IP Routing over a LAN connection:
1. Determine if the CyberSWITCH can access the local IP host. On the administration console
type:
ip ping 100.0.0.2 <return>
Issuing this command will result in a response similar to the following:
100.000.000.002 is alive
If the system displays this message, then IP routing over that LAN port is operational. Repeat
this step for each LAN port on your Ethernet resource.
If this message IS NOT displayed, then IP routing over the LAN connection is not operational.
2. Once IP routing is operational on each LAN port on your Ethernet resource, then IP routing
over the LAN Connection is operational.
VERIFYING IP ROUTING OVER A WAN INTERFACE
To verify that IP routing is properly operational over a WAN interface, a remote IP Host must be
operational and available to initiate connections. Also, a local IP host must be connected to the local
LAN port of the CyberSWITCH.
Below is an example of a configuration used to verify IP routing over a WAN interface. It uses IP
addresses specific to the example. Substitute the IP addresses of your network when you perform
the verification steps. It also uses the “ping” command. The “ping” command sends a packet to a
specified host, waits for a response, and reports success or failure. Substitute the equivalent
command on your IP host.
Workgroup Remote Access Switch
361
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
192.100.1.1
WORKGROUP REMOTE ACCESS SWITCH
ISDN
CSX1200
LINE
1
LINE
2
LINE
3
LINE
4
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
AGI
100.0.0.1
100.0.0.0
Host B
192.100.1.3
Host A
100.0.0.2
The steps to verify the operation of IP routing over a WAN interface are:
1. Determine if a remote IP host can access the WAN interface of the CyberSWITCH over the
WAN connection. On the remote IP host, type:
ping 192.100.1.1 <return>
If the remote IP host successfully pings to the CyberSWITCH, then continue with the next step.
2. Determine if a remote IP host can access the LAN interface of the CyberSWITCH over the WAN
connection. On the remote IP host type:
ping 100.0.0.1 <return>
If the remote IP host successfully pings to the CyberSWITCH, then continue with the next step.
3. Determine if a remote IP host can access the local IP host through the system over the WAN
connection. On the remote IP host type:
ping 100.0.0.2 <return>
If the remote IP host successfully pings to the local IP host, then IP routing over WAN type
interface is operational. Repeat the above steps for each WAN type interface through which
you wish to get access.
If the remote IP host CANNOT ping to the local IP host, refer to IP Routing Over a WAN Interface
362
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying IP Routing Over Interfaces
VERIFYING IP ROUTING OVER A WAN (DIRECT HOST) INTERFACE
To verify that IP routing is properly operational over a WAN (Direct Host) interface, a remote IP
Host must be operational and available to initiate connections. Also, a local IP host must be
connected to the local LAN port on the CyberSWITCH.
Below is an example of a configuration used to verify IP routing over a WAN (Direct Host)
interface. It uses IP addresses specific to the example. Substitute the IP addresses of your network
when you perform the IP routing verification steps. It also uses the “ping” command. The “ping”
command sends a packet to a specified host, waits for a response, and reports success or failure.
Substitute the equivalent command on your IP host.
CSX1200
WORKGROUP REMOTE ACCESS SWITCH
ISDN
LINE
1
LINE
2
LINE
3
LINE
4
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
-CH
CH-1
CH-2
-CH
CH-1
H-2
D-CH
SYNC
SYNC
SYNC
SYNC
AGI
100.0.0.1
100.0.0.0
Host B
100.0.0.3
Host A
100.0.0.2
The steps to verify the operation of IP routing over a WAN (Direct Host) interface are:
1. Determine if a remote IP host can access the CyberSWITCH over the WAN connection. On the
remote IP host type:
ping 100.0.0.1 <return>
If the remote IP host successfully pings to the CyberSWITCH, then continue with the next step.
2. Determine if a remote IP host can access the local IP host through the CyberSWITCH over the
WAN connection. On the remote IP host type:
ping 100.0.0.2 <return>
If the remote IP host successfully pings to the local IP host, then IP routing over WAN (Direct
Host) interface is operational. Repeat the above steps for each WAN (Direct Host) interface
through which you wish to get access.
If the remote IP host CANNOT ping to the local IP host, refer to IP Routing Over a WAN (Direct
Workgroup Remote Access Switch
363
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
VERIFYING IP ROUTING OVER A WAN REMOTE LAN INTERFACE
To verify that IP routing is properly operational over a WAN Remote LAN interface, a remote IP
Host must be operational and connected to the remote LAN. The remote bridge device must be
operational and available to initiate connections. Also, a local IP host must be connected to the local
LAN port on the CyberSWITCH.
Below is an example of a configuration used to verify IP routing over a WAN Remote LAN
interface. It uses IP addresses specific to the example. Substitute the IP addresses of your network
when you perform the IP routing verification steps. It also uses the “ping” command. The “ping”
command sends a packet to a specified host, waits for a response, and reports success or failure.
Substitute the equivalent command on your IP host.
CSX1200
192.100.1.1
WORKGROUP REMOTE ACCESS SWITCH
ISDN
LINE
1
LINE
2
LINE
3
LINE
4
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
AGI
100.0.0.1
Bridge
100.0.0.0
Host B
192.100.1.3
Host A
100.0.0.2
The steps to verify the operation of IP routing over a WAN Remote LAN interface are:
1. Determine if a remote IP host can access the WAN Remote LAN interface of the CyberSWITCH
over the WAN connection. On the remote IP host type:
ping 192.100.1.1 <return>
If the remote IP host successfully pings to the CyberSWITCH, then continue with the next step.
2. Determine if a remote IP host can access the LAN interface of the CyberSWITCH over the WAN
connection. On the remote IP host type:
ping 100.0.0.1 <return>
If the remote IP host successfully pings to the CyberSWITCH, then continue with the next step.
3. Determine if a remote IP host can access the local IP host through the CyberSWITCH over the
WAN connection. On the remote IP host type:
ping 100.0.0.2 <return>
364
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying IP Routing Over Interfaces
If the remote IP host successfully pings to the local IP host, then IP routing over the WAN
Remote LAN interface is operational. Repeat the above steps for each WAN Remote LAN
interface through which you wish to get access.
VERIFYING IP ROUTING OVER A WAN UNNUMBERED INTERFACE
To verify that IP routing is properly operational over a WAN UnNumbered interface, the
CyberSWITCH must be operational and available to initiate connections.
Below is an example of a configuration used to verify IP routing over a WAN UnNumbered
interface. It uses IP addresses specific to the example. Substitute the IP addresses of your network
when you perform the IP routing verification steps. It also uses the “ping” command. The “ping”
command sends a packet to a specified host, waits for a response, and reports success or failure.
ISDN
CSX1200
CSX1200
WORKGROUP REMOTE ACCESS SWITCH
WORKGROUP REMOTE ACCESS SWITCH
"SITE2"
"SITE1"
LINE
1
LINE
2
LINE
3
LINE
4
LINE
1
LINE
2
LINE
3
LINE
4
LAN
RX 10BASE-T
LAN
POWER
SERVICE
TX
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
-CH
CH-1
H-2
-CH
CH-1
H-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
-CH
CH-1
CH-2
-CH
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
AGI
AGI
100.0.0.1
192.1.0.2
The steps to verify the operation of IP routing over a WAN UnNumbered interface are:
1. Determine if SITE1 can access SITE2 over the WAN connection. On system A type:
ip ping 192.1.0.2 <return>
If the ping is successful, then continue with the next step.
2. Determine if system B can access system A over the WAN connection. On system B type:
ip ping 100.0.0.1 <return>
If the ping is successful, continue with the next step.
Workgroup Remote Access Switch
365
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
VERIFYING IP FILTERS
To verify that IP Filters are functioning, perform the following test:
1. Configure and apply at least one IP filter that contains at least one condition whose action is to
DISCARD the matching packet.
2. Perform a trace on discarded packets. On the administration console issue the command:
ip filter trace discard <return>
3. Attempt to transfer data that would be affected by the configured filters. Be sure to include
packets which should be discarded by the configured filters.
4. Check the report log for discarded packets. Issue the administrative console command:
dr <return>
If IP Filters are discarding packets, the report log will display [IPFILT] messages similar to the
following:
9A00:
9A00:
9A00
[IPFILT] UDP/1 at Intf. lan/Out
{IP} Src: 128.131.0.1 Dst: 128.131.0.7
{UDP} Src:5001 Dst:69
Pr:17
5. When test completed, turn off the trace. Issue the administrative console command:
ip filter trace off <return>
VERIFYING IP RIP
The following sections provide a method of verifying that IP RIP is initialized, and that it is
processing properly on LAN and WAN interfaces.
VERIFYING IP RIP IS INITIALIZED
Follow the steps below to verify that IP RIP processing is initialized.
1. Determine if IP RIP processing has been initialized by viewing the system messages. On the
administration console type:
dr <return>
2. The drcommand displays the current system messages. Look for the following IP RIP message
among the system message:
[IP RIP] RIP Protocol Initialization successful
If you see this IP RIP initialization message, the IP RIP has initialized successfully.
If this IP RIP initialization message is NOT displayed, refer to IP RIP Initialization in the Problem
Diagnosis chapter.
366
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying IP RIP
VERIFYING IP RIP OUTPUT PROCESSING ON A LAN INTERFACE
To verify that IP RIP Output Processing (routes advertisement) is properly operational on a LAN
interface, the IP RIP processing must be successfully initialized. Also, a local IP host (router) must
be connected to the local LAN port on the system and capable of learning routes information via
RIP.
Below is an example of a configuration used to verify IP RIP output processing on a LAN interface.
It uses IP addresses specific to the example. Substitute the IP addresses of your network when you
perform the verification steps. It also uses the netstat administration console command. The
netstatcommand displays the IP routing table of the system. Substitute the equivalent command
on your IP host.
ISDN
CSX1200
CSX1200
WORKGROUP REMOTE ACCESS SWITCH
WORKGROUP REMOTE ACCESS SWITCH
"SITE2"
"SITE1"
LINE
1
LINE
2
LINE
3
LINE
4
LINE
1
LINE
2
LINE
3
LINE
4
LAN
LAN
RX 10BASE-T
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
POWER
SERVICE
TX
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
AGI
AGI
100.0.0.1
LAN 192.1.1.0
Host A
100.0.0.2
To verify the operation of IP RIP output processing on a LAN interface:
1. Make sure that a static route to the network 192.1.1.0 is configured on SITE1. On SITE1’s
administration console type:
ip route <return>
If the route to 192.1.1.0 is displayed continue with the next step.
If the route is NOT displayed, use the Manage Mode command iproute add to add the
static route.
2. Determine if a local IP Host A has learned the route to 192.1.1.0 from System A. On IP Host A
type:
netstat -r <return>
If the route to 192.1.10 is displayed, the IP RIP output processing is operational.
Diagnosis chapter.
Workgroup Remote Access Switch
367
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
VERIFYING IP RIP INPUT PROCESSING ON A LAN INTERFACE
To verify that IP RIP Input Processing (routes learning) is properly operational on a LAN interface,
IP RIP processing must be successfully initialized. Also, a local IP router must be connected to the
local LAN port on the system and capable of propagating routes information via RIP.
Below is an example of a configuration used to verify IP RIP input processing on a LAN interface.
It uses IP addresses specified to the example. Substitute the IP addresses of your network when you
perform the verification steps. It also uses the netstatcommand. The netstatcommand
displays the IP routing table of the system. Substitute the equivalent command on your IP router.
LAN 131.1.0.0
131.1.1.16
128.1.1.16
Router 1
128.1.1.1
CSX1200
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
-CH
CH-1
CH-2
-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
AGI
To verify the operation of IP RIP input processing on a LAN interface:
1. Determine if the CyberSWITCH has learned the route to 131.1.0.0 from Router 1. On the
administration console type:
ip route <return>
If the following route entry is displayed among other route entries, the IP RIP input processing
is operational. The ‘P’ (Protocol) field should have ‘R’, which indicates that the entry was
learned via RIP.
Destination
131.1.0.0
Subnet-Mask
255.255.0.0
Next Hop
128.1.1.16
Mtr T/P TTL IF AGE
1 R/R 999 n nnn
2. If the route is NOT displayed, refer to IP RIP Input Processing on a LAN Interface in the Problem
Diagnosis chapter.
VERIFYING IP RIP OUTPUT PROCESSING ON A WAN INTERFACE
To verify that IP RIP Output Processing (routes advertisement) is properly operational on a WAN
interface, the IP RIP processing must be successfully initialized.
Below is an example of a configuration used to verify IP RIP output processing on a WAN interface.
It uses IP addresses specific to the example. Substitute the IP addresses of your network when you
368
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying IP RIP
perform the verification steps. It also uses the show ip routecommand. The show ip route
command is used by a specific router to display the IP routing table. Substitute the equivalent
command for your IP router.
CSX1200
Router
Dedicated Connection
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
H-2
CH
CH-1
H-2
-CH
CH-1
H-2
-CH
CH-1
H-2
-CH
SYNC
SYNC
SYNC
SYNC
AGI
100.1.1.1
192.1.2.1
192.1.1.1
100.1.1.2
The steps to verify the operation of IP RIP output processing on a WAN interface are:
1. Make sure that a dedicated connection between system and Router is up and operational. On
the system’s administration console:
Type: cs<return>
If the connection to Router is displayed, the continue with the next step.
2. Determine if Router has learned the route to 192.1.1.0 from the system. On the Router:
Type: show ip route<return>
If the route to 192.1.1.0 is displayed, the IP RIP output processing is operational.
Diagnosis chapter.
VERIFY IP RIP INPUT PROCESSING OPERATIONAL ON A WAN INTERFACE
To verify that IP RIP Input Processing (routes learning) is properly operational on a WAN interface,
the IP RIP processing must be successfully initialized.
The same example that is used in the previous section is used to verify IP RIP input processing on
a WAN interface.
To verify the operation of IP RIP Input processing on a WAN interface:
1. Make sure that a dedicated connection between system and Router is up and operational. On
the CyberSWITCH administration console:
Type: cs<return>
If the connection to Router is displayed, the continue with the next step.
2. Determine if system has learned the route to 192.1.2.0 from the Router. On the CyberSWITCH
administration console:
Type: ip route<return>
If the route to 192.1.2.0 is displayed, the IP RIP input processing is operational.
Diagnosis chapter.
Workgroup Remote Access Switch
369
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
VERIFYING IPX ROUTER IS INITIALIZED
To verify that the IPX Routing option has initialized properly.
1. Determine if IPX routing has been initialized on the CyberSWITCH by viewing the system
messages. To display the messages enter the following console command:
dr<return>
2. Look for the following IPX message among the system messages:
[IPX] IPX router is initialized successfully
Also, for each IPX interface that has been configured, the following interface initialization
message should be displayed among the system messages.
[IPX] Network initialized successfully on xxxxxxxx:xxxxxxxxxxxx
Note: Other messages may also be displayed with the IPX router initialization messages.
If you see these IPX router initialization messages, the IPX router is initialized.
If these IPX router initialization messages are NOT displayed, refer to IPX Routing Initialization
in the Problem Diagnosis chapter.
VERIFYING IPX ROUTING IS OPERATIONAL
To verify that IPX routing feature is properly operational, a local NetWare client, a local NetWare
server and a remote NetWare server must be operational.
The following graphic illustrates an example network we will use to describe how to verify that IPX
routing is operational. It uses IPX network addresses specific to the example. Substitute the IPX
network numbers of your network when you perform the verification steps. The example also uses
NetWare commands available for the Windows 95 workstation. Substitute the equivalent
commands on your NetWare client.
ISDN
"SITE1"
CSX1200
"SITE2"
CSX1200
WORKGROUP REMOTE ACCESS SWITCH
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
LINE
1
LINE
2
LINE
3
LINE
4
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
LAN
SYNC
SYNC
SYNC
SYNC
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
CH
SYNC
SYNC
SYNC
SYNC
AGI
AGI
Network AA
Network BB
NetWare
Client A
NetWare
Server
"local"
NetWare
Server
"remote"
Internal
Network CC
Internal
Network DD
370
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying IPX Routing is Operational
VERIFYING IPX ROUTING OVER A LAN CONNECTION
To verify the operation of IPX Routing over a LAN connection:
1. Determine if SITE1 can access the local NetWare Server “local.” On SITE1’s administration
console type:
ipx diag cc:1 <return>
Note: Node address 1 is used by the NetWare servers as part of their internal address.
2. If the system displays a response to the ipx diagcommand similar to:
received 3 components from cc:1
then IPX routing over that LAN port is operational.
If this message IS NOT displayed, then IPX routing over the LAN connection is not operational.
VERIFYING AN IPX REMOTE LAN CONNECTION
To verify that IPX routing is properly operating over a WAN Remote LAN interface, a remote IPX
router (in our example this is SITE1) must be operational and connected to the Remote LAN. The
remote bridge device (in our example, this is SITE2) must be operational and available to initiate
connections.
1. From the router (SITE1), verify that the IPX Remote LAN interface has initialized. On the
router’s administration console type:
dr
You should see messages stating that the IPX network has initialized successfully on xxxx.
Verify that “xxxx” is the network number of the Remote LAN.
2. Determine the router’s (SITE1) MAC address. From the router, issue the command:
ver
3. From the remote bridge (SITE2), attempt to access the IPX router by issuing the following
administration console command:
ipx diag xxxx:yyyyyyyyyyyy
where:
xxxx
is the IPX Network Number
yyyyyyyyyyyy is the router’s MAC address
4. Verify the call has come up. From the router side (SITE1), issue the following administration
console command to display the monitor connections screen:
mc
If the call is displayed on the monitor connections screen, the IPX Remote LAN interface is
the Problem Diagnosis chapter.
Workgroup Remote Access Switch
371
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
VERIFYING IPX ROUTING OVER A WAN CONNECTION
To verify the operation of IPX Routing over a WAN connection:
1. Determine if NetWare Client A can see the remote NetWare Server “remote.” To do this,
activate NetWare Client A’s desktop network neighborhood feature. Then check to see if
“remote” is included in Client A’s network neighborhood.
2. If “remote” is included in Client A’s network neighborhood, them IPX over the WAN
connection is operational. If it does not appear in the network neighborhood, then IPX over the
Problem Diagnosis chapter.
VERIFYING TRIGGERED RIP/SAP
Verify whether or not triggered RIP/ SAP has started and is operational:
1. Determine if triggered RIP/ SAP has started by viewing the system messages. To display the
messages, enter the following console command:
dr <RET>
2. Look for following message among the system messages:
Starting Triggered RIP/SAP for <WAN Peer>
3. If this message is displayed, continue check to see if Triggered RIP/ SAP is operational. If
4. Determine if triggered RIP is operational. On the administration console, type:
ipx trigrip stats
5. Examine statistics for activity. Refer to Triggered RIP Statistics for possible statistics and their
descriptions.
6. Create a change in the route (for example, shut down a server). Again examine statistics (ipx
trigrip stats)to verify the change is propagated to other side.
8. Repeat process (beginning at step 4) for SAP, but substitute the following console command:
ipx trigsap stats
VERIFYING THE APPLETALK ROUTING FEATURE
VERIFYING APPLETALK ROUTING IS INITIALIZED
1. Determine if AppleTalk routing has been initialized on the CyberSWITCH by viewing the
system messages. To view the system messages, enter the following console command:
dr
2. Look for the following message among the system messages:
372
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying the AppleTalk Routing Feature
AppleTalk routing initialized successfully
3. For the AppleTalk port that has been configured, the following port initialization message
should be displayed among the system messages:
AppleTalk successfully initialized on <port-type> with address
<net.node>
Note: <port-type> is either LAN port 1, LAN port 2 or WAN.
<net.node> is the AppleTalk address assigned to this port.
4. If you see these AppleTalk routing initialization messages, then the AppleTalk routing has
initialized properly.
Diagnosis chapter.
VERIFYING APPLETALK ROUTING IS OPERATIONAL
To verify that AppleTalk routing is properly operational, a remote Macintosh must be operational
and available to initiate WAN connections via a remote AppleTalk router device. Also, a local
Macintosh device must be connected to the local LAN port on the CyberSWITCH.
Below is an example of a configuration used to verify AppleTalk Routing operation. It uses
AppleTalk addresses, zones and resource names specific to the example. Substitute those of your
network when you perform the AppleTalk Routing feature verification steps.
ISDN
CSX1200
"Site2"
CSX1200
"Site1"
WORKGROUP REMOTE ACCESS SWITCH
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
LINE
1
LINE
2
LINE
3
LINE
4
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
H-2
-CH
CH-1
-2
CH
CH-1
CH-2
D-CH
LAN
SYNC
SYNC
SYNC
SYNC
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
-CH
CH-1
CH-2
-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
AGI
AGI
Net Range: 10-11
Zone: Left Zone
Net Range: 20-21
Zone: Right Zone
Local Mac
Remote Mac
Workgroup Remote Access Switch
373
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
VERIFYING APPLETALK ROUTING OPERATIONAL OVER THE LAN CONNECTION
The steps to verify the operation of AppleTalk Routing feature over a LAN connection are:
1. Determine if the local Macintosh can see all zones. Bring up the Chooser on the Local Mac:
2. If a list of all zones (Left Zone and Right Zone) appear in the Chooser as shown above, then the
AppleTalk Routing over a LAN connection is operational. Continue with the next step.
3. If all zones are NOT displayed, then AppleTalk Routing over the LAN connection is not
Diagnosis chapter.
VERIFYING APPLETALK ROUTING OPERATION OVER A WAN CONNECTION
The steps to verify the operation of AppleTalk Routing feature over a WAN connection are:
1. Determine if the Local Mac can access the Remote Mac. On the Local Mac, in the Chooser, pick
AppleShare on Right Zone:
374
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying SNMP is Operational
2. If Remote Mac appears in Select a file server: box, then AppleTalk Routing over the WAN
connection is operational.
3. If Remote Mac IS NOT displayed, then AppleTalk Routing feature over the WAN connection
Diagnosis chapter.
VERIFYING SNMP IS OPERATIONAL
1. To verify that the SNMP feature is operational, enter the snmp statscommand at the
administration console. If the statistics display appears, the SNMP subsystem should be fully
operational. If the following message is displayed, SNMP is not operational:
SNMP is not enabled
possible actions you may take to make the SNMP feature operational.
2. To verify that the MIB objects can be retrieved via the SNMP get command, begin by making
sure that the latest version of the enterprise MIB (the ih_mib.asn file) has been compiled at the
desired SNMP network management station(s). Once the new version of the MIB is compiled,
you can issue the SNMP get command.
3. To verify the CyberSWITCH SNMP Agent is returning the correct values, it is possible to
compare the values of the MIB objects retrieved via the SNMP get command to the output
available via various system administration console and dynamic management commands.
For example, the isdn usageconsole command displays B-channel information. This
information corresponds to the MIB isdnUsageMonitor group objects, a subset of the
ihSystemMonitor group. The drconsole command will return output that contains
information that corresponds to the MIB ihStatusReport table. Other console commands that
will output information that includes values that correspond to MIB objects are ds, udpstats,
ip stats, and snmp stats.
Workgroup Remote Access Switch
375
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
VERIFYING THE DIAL OUT FEATURE
To perform the Dial Out verification for a remote device, you need to know the configured device
name associated with the device’s device table entry. Note that the device name is case sensitive. If
you already know the device name, skip to step 4. Otherwise, begin the verification process with
step 1.
1. Enter the Manage Mode by typing the following command at the system prompt:
>manage
2. Enter the following command at the Manage Mode prompt to display the current on-node
device table:
MANAGE> device
Make note of the device name for verification of the Dial Out feature.
3. Exit the Manage Mode by entering the following command:
MANAGE> exit
4. The following administrative command is used to verify that the Dial Out feature is operational
to a specific remote device:
call device <device name>
For example, to verify that the Dial Out feature is operational for remote device with fred as the
configured device name, you would enter call device fred at the system prompt.
5. A message will be displayed indicating whether or not the call was made successfully. Refer to
VERIFYING CALL DETAIL RECORDING
The cdr verify console command is used to verify that the Call Detail Recording (CDR) feature
is operational. This command will send a sample message to all servers that have been configured
for CDR. Check the log file of each server to verify that the message was logged. The message will
be similar to the example below; additional data items may be added in future releases.
<System Name> CDR VERIFY 1 of 1
In order for the cdr verifyconsole command to be useful, an Ethernet LAN must be operational
and an IP route to all off-node servers must be defined and operational. The command can be
performed before all the WAN equipment is in place and configured.
Additional verification can be performed by forcing the logged events to occur and checking that
they are indeed logged. This would require that all WAN equipment and configuration is in
operational order.
The Connect and Disconnect events require a successful connection; a Reject event can be forced by
supplying a bad PAP password, for example.
the Problem Diagnosis chapter.
376
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying Compression is Operational
VERIFYING COMPRESSION IS OPERATIONAL
1. Make sure compression is enabled on a system-wide basis.
2. Cause a call to be established with a device for which per-device compression is enabled.
3. To verify that compression is in effect with the device, issue the cmp stats <devicename>
console command while the connection is in place. If compression is in effect, this command
will display the current compression counters and ratios. If compression is not in effect, the
command will return an indication that the device is a non-compressed connection. If
VERIFYING RESERVED BANDWIDTH IS OPERATIONAL
1. Configure several different combinations of lines and devices.
2. Attempt outbound and inbound calls.
3. Verify the proper success and reject of each.
If there is a problem, check the configuration of the profiles and how they are assigned to each
VERIFYING PPP LINK FAILURE DETECTION IS OPERATIONAL
To verify that Frame Relay’s Link Failure Detection is enabled, a trace can be performed to view the
Echo-Request and Reply packets:
1. With the feature enabled, cause a connection to be established.
2. Erase the system log (issue the ercommand).
3. Issue the trace ppp onconsole command.
4. Wait for at least the configured Echo Frequency.
5. Display the system log (issue the drcommand). If the feature is operational, some frames like
those of the following example will be seen:
(I) 16:28:49.71 #C021: Conn=001 OUT-PPP:LCP
(I) 16:28:49.71 #0000: 3E 03 78 AC
(I) 16:28:49.76 #C021: Conn=001 IN -PPP:LCP
(I) 16:28:49.76 #0000: 70 18 D0 87
(I) 16:28:59.82 #C021: Conn=001 OUT-PPP:LCP
(I) 16:28:59.82 #0000: 3E 03 78 AC
(I) 16:28:59.82 #C021: Conn=001 IN -PPP:LCP
(I) 16:28:59.82 #0000: 70 18 D0 87
ECHO REQ Id=0x50 Len=10
ECHO RPLY Id=0x50 Len=10
ECHO REQ Id=0x51 Len=10
ECHO RPLY Id=0x51 Len=10
Short of having a faulty PPP link, verifying that the feature detects a failure can be accomplished
as follows:
Workgroup Remote Access Switch
377
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
1. Set up two systems in a back-to-back, dedicated, BRI scenario where at least one of the systems
is a PC-Platform. Configure a dedicated access between the 2 systems.
2. The usage of a PC-platform exploits the fact that the layer 1 of a PC-based BRI board stays
active even when you exit the software. This gives us a way to simulate an end-to-end B-
channel failure. That is, the only remaining way for the other system to detect the error is via
the Link Failure Detection mechanism (there are no D-channel failures or Layer 1 failures).
3. On the non-PC system (or either of the two if both are PC-platforms), make sure that Link
Failure Detection is enabled. Go to the mcscreen to make sure that the dedicated connection is
up.
4. On the PC-platform system, enter the quitcommand.
5. On the non-PC system wait for approximately the amount time of the echo frequency
multiplied by the maximum attempts. At this time, the feature should detect the failure, and
the mcscreen should remove the dedicated connection.
6. Check the log for the message which indicates that a link failure has been detected.
VERIFYING DHCP RELAY AGENT
The following sections provide instructions to verify that the DHCP/ BOOTP Relay Agent is
working properly.
VERIFYING DHCP RELAY AGENT INITIALIZATION
Regardless of whether or not the Relay Agent has been enabled via configuration, some
initialization processing is always performed. If this initialization is successful, there should not be
any warnings/ errors written to the report log by the DHCP Relay Agent.
1. Examine the report log. Type:
dr <return>
2. The drcommand displays the system report log. Look for any messages that begin with:
[DHCP-R]
3. The following messages indicate that errors occurred during DHCP/ BOOTP Relay Agent
initialization processing:
[DHCP-R] Failed to allocated memory for transmit buffer pool
[DHCP-R] Relay Agent initialization failed
If you do not see either of these messages in the report log, the DHCP/ BOOTP Relay Agent has
successfully performed its initialization processing.
378
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying DHCP Relay Agent
VERIFYING THE RELAY AGENT IS ENABLED
If the Relay Agent has been enabled via configuration, it will attempt to open a UDP port for use.
A message describing the outcome of this operation will appear in the report log.
1. Examine the report log. Type:
dr<return>
2. Look for any messages that begin with [DHCP-R].
3. If the Relay Agent has been enabled via configuration, the following message should appear:
[DHCP-R] Relay Agent enabled; UDP port (67) opened
If the above message was found in the report log, the Relay Agent has been successfully
enabled.
If an error occurred while trying to enable the Relay Agent, the following message will be
present in the report log:
[DHCP-R] Failed to open UDP port (67), erc=<error return code>
Diagnosis chapter.
VERIFYING THE RELAY AGENT IS OPERATIONAL
Once the Relay Agent has been successfully initialized and enabled, DHCP Clients should be able
to obtain their IP addresses (and other configuration parameters) from a DHCP Server.
For example purposes, assume the following diagram represents the network the Relay Agent is
being used in. This configuration is useful when a remote IP router is known to have access to a
DHCP Server, but that router is not a DHCP/ BOOTP Relay Agent.
DHCP Client
DHCP Server
192.168.1.5
ISDN
192.168.1.168
204.157.42.168
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
AGI
IP Router ("Alex")
CSX1200
IP Router w/ DHCP
Relay Agent ("Ruby")
In this configuration, the DHCP Client is able to obtain its IP address from the DHCP Server, using
the Relay Agent contained in the IP Router on the client’s LAN (“Ruby”).
Workgroup Remote Access Switch
379
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Shortly after a DHCP Client is powered on, it will attempt to get its IP address from a DHCP Server.
If it is successful, its IP-related features (e.g., ping, telnet, etc.) will become operational. If the client
could not obtain its IP address, it will retry periodically to do so.
From the DHCP Client, attempt to ping the Relay Agent (“Ruby”) that is on the same LAN:
C:\> ping 204.157.42.168 <return>
Pinging 204.157.42.168 with 32 bytes of data:
Reply from 204.157.42.168: bytes=32 time=2ms TTL=64
Reply from 204.157.42.168: bytes=32 time=2ms TTL=64
Reply from 204.157.42.168: bytes=32 time=1ms TTL=64
Reply from 204.157.42.168: bytes=32 time=2ms TTL=64
A response of this form indicates that the IP-related features of this client are enabled. Therefore, it
has successfully obtained an IP address from the DHCP Server. If the ping attempt resulted in
something like the following, the client was not able to obtain its IP address from the DHCP Server:
C:\> ping 204.157.42.168
Pinging 204.157.42.168 with 32 bytes of data:
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
Destination host unreachable.
VERIFYING DHCP: PROXY CLIENT
The following sections provide instructions to verify that the DHCP Proxy Client is working
properly.
VERIFYING DHCP PROXY CLIENT INITIALIZATION
Regardless of whether or not the Proxy Client has been enabled via configuration, some
initialization processing is always performed. If this initialization is successful, there should not be
any warnings/ errors written to the report log by the DHCP Proxy Client.
1. Examine the report log. Type:
dr <return>
2. The drcommand displays the system report log. Look for any messages that begin with:
[DHCP-P]
3. The following message indicate that errors occurred during DHCP Proxy Client initialization
processing:
[DHCP-P] Proxy Client initialization failed
380
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying DHCP: Proxy Client
If you do not see this message in the report log, the DHCP Proxy Client has successfully
performed its initialization processing.
Problem Diagnosis chapter.
VERIFYING THE PROXY CLIENT IS ENABLED
If the Proxy Client has been enabled via configuration, a relevant message will appear in the report
log.
1. Examine the report log. Type:
dr<return>
2. Look for any messages that begin with [DHCP-P].
3. If the Proxy Client has been enabled via configuration, the following message should appear:
[DHCP-P] Proxy Client enabled
If the above message was found in the report log, the Proxy Client has been successfully
enabled.
If an error occurred while trying to enable the Proxy Client, the following message will be
present in the report log:
[DHCP-P] Failed to register with the IP Address Pool Manager,
erc=<error code>
Diagnosis chapter.
VERIFYING THE PROXY CLIENT IS OPERATIONAL
Once the DHCP Proxy Client manager has been successfully initialized and enabled, it should
begin obtaining IP addresses from DHCP servers. The manager examines any WAN and WAN
(Direct Host) network interfaces. It then attempts to satisfy the “number of IP addresses to pre-
fetch” for each of these network interfaces.
UDP PORTS
In order to reach DHCP servers, the DHCP Proxy Client will open the BOOTPC UDP port, and
possibly the BOOTPS UDP port. One or both of the following messages should then appear in the
report log:
[DHCP-P] UDP port (67) opened
[DHCP-P] UDP port (68) opened
If neither of these error messages is found in the report log, refer to DHCP Proxy Client Operation in
the Problem Diagnosis chapter.
Workgroup Remote Access Switch
381
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IP ADDRESS POOL
As IP addresses are obtained from DHCP servers, they are placed into the system’s IP Address
Pool. To verify the presence of these DHCP-obtained IP addresses, perform the following:
1. Examine the address pool. Type:
ip addrpool<return>
2. Look for addresses with an origin of DHCP. This verifies that IP addresses were obtained from
a DHCP server, and the Proxy Client is working correctly.
VERIFYING A SEMIPERMANENT CONNECTION
Follow the same procedure outlined in the dial out verification section. If you can successfully use
the call device command to call the device assigned to the semipermanent connection, then the
connection is working. If not, follow the instructions actions in the dial out verification section.
VERIFYING PROXY ARP IS OPERATIONAL
Use the following graphic to help you in verifying that Proxy ARP is operational. When following
the steps below, substitute your addresses for the addresses used in the example.
ISDN
CSX1200
"Site1"
CSX1200
"Site2"
WORKGROUP REMOTE ACCESS SWITCH
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
LINE
1
LINE
2
LINE
3
LINE
4
POWER
SERVICE
TX
RX 10BASE-T
LAN
CH-1
CH-2
-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
-CH
CH-1
CH-2
-CH
CH-1
CH-2
-CH
CH-1
CH-2
-CH
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
AGI
AGI
128.168.1.x
128.168.2.x
Host A: 128.168.1.2
Host B: 128.168.2.2
1. Create two Ethernet LANs connected across the WAN with a CyberSWITCH and a second
Cabletron platform (for example, another CyberSWITCH product) properly configured. The
two Ethernet segments should be subnets of the same IP network. All IP host devices on the
Ethernet segments (except the CyberSWITCH and the other Cabletron platform) should be
configured with the natural subnet mask so that both Ethernet segments look like one IP
network to all the IP host devices on the segments.
2. Try to have an IP host device on one Ethernet segment communicate with an IP host device on
the other Ethernet segment. For example, ping from Host A to Host B.
382
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM VERIFICATION
Verifying Proxy ARP is Operational
3. If the communication between two IP devices across the WAN is successfully established, then
the proxy ARP feature is properly working.
4. If the communication can not be established, display the ARP cache on the IP host devices to
see what MAC addresses are mapped to the target IP address. On many operating systems, the
arp -acommand displays the ARP cache. If the target IP addresses are mapped into the
nearest CyberSWITCH’s MAC addresses respectively, for example, on Host A, Host B’s IP
address is mapped to the CyberSWITCH A’s MAC address, then the proxy ARP feature is
working properly, but basic IP routing may not be operational. Establish the basic IP
connectivity first, then try to use the proxy ARP feature. If the target IP addresses are not shown
the Problem Diagnosis chapter.
Workgroup Remote Access Switch
383
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
OVERVIEW
correct problems encountered in the verification process.
During some of the diagnosis procedures, we ask you to enter an administration console command.
To enter these commands, you must have an active administration session. If you need instructions
GENERAL PROCEDURES
For the following sections, note the following:
When you are given directions to “check configuration,” you may do so using CFGEDIT or Manage
In this chapter, if you are able to check or change information dynamically (i.e., while in Manage
Mode), we will specify this. Remember, to enter Manage Mode, issue the managecommand at the
system prompt. Otherwise, assume that you will need to use the system’s configuration editor. To
use CFGEDIT, enter the cfgeditcommand at the system prompt. Although this utility allows you
to make changes to the configuration while the CyberSWITCH Software is still running, these
changes do not take effect until the system is rebooted.
After making an configuration changes (and rebooting if necessary), return to the system software.
The system prompt “System Name >” indicates that the system is up and running. Continue with
the verification process using the drcommand.
LAN ADAPTER
Problem:
The system does not display the LAN Adapter Initialization messages. Instead, the system displays
one of the following messages:
Invalid LAN Adapter identifier
LAN Adapter Command Timeout
LAN Adapter FIFO not empty, status = #
LAN Adapter LAN Controller error
LAN Adapter Response Timeout
Error opening file \system\io.bin
MAC layer Bridge did not Initialize
[IP] Initialization failure
Action:
1. Note the displayed error message. Restart the CyberSWITCH, and recheck for one of the above
error messages.
2. If the error message is still displayed, contact your distributor for hardware replacement.
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
Bridge Initialization
BRIDGE INITIALIZATION
Problem:
The system does not display the following bridge initialization messages:
LAN Port <port #> is now in the LISTENING state
LAN Port <port #> is now in the LEARNING state
LAN Port <port #> is now in the FORWARDING state
Action:
2. Check the configuration to verify the bridge is enabled.
IP ROUTING INITIALIZATION
Problem:
The system does not display the expected IP routing initialization messages.
Action:
1. If you did not see the following IP message:
[IP] IP router is initialized successfully
Check the configuration to verify that IP routing is enabled.
2. The failure to see the following IP message for each IP interface:
[IP] Network initialized successfully on ddd.ddd.ddd.ddd
indicates that you may have either not configured a needed interface or have incorrectly
configured an interface. Check the system’s IP network interface configuration using the
ipnetifcommand (a Manage Mode command). If there is a problem with the configuration,
use the CFGEDITto make corrections.
WAN LINE AVAILABILITY
Problem:
The system does not display the WAN line availability messages. Instead, the system displays the
following message after the statusconsole command is issued:
Line (slot #, port #) down
Action:
1. Verify that the line is correctly attached to the proper system resource and port.
2. If the line was correctly attached in action 1, try restarting the system.
3. If actions 1 and 2 fail to correct the problem, call your phone company (carrier) to check the
status of the line.
Workgroup Remote Access Switch
385
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Problem:
The system does not display the WAN line availability messages. Instead, the system displays the
following message after the statusconsole command is issued:
Out Svc 1 (slot #, port #)
This means that Layer 1 cannot be established, most likely due to WAN cabling problems.
Action:
1. If the system has been operational for longer than 2 minutes, verify that the line is correctly
attached to the proper system resource and port. If not, wait for 2 minutes and check again for
the WAN line availability messages.
2. If using a NT1 or CSU, examine the local and network lights of the NT1 or CSU. If the local light
is on, try another cable between the CyberSWITCH and the NT1 or CSU. If the local light is not
on, but the network error light is on, contact your line provider.
3. If the line was correctly attached in action 1, turn the system off, then on. If this fails to correct
the problem, continue with the next step.
Ordering ISDN Service chapter. Compare the parameters with those required by the PRI line
provider. It is possible that there is a mismatch.
5. If the above actions fail to correct the problem, then call your phone company (carrier) to check
the status of the line. If it is determined that there is no problem with the line, contact Customer
Support.
Problem:
The system does not display the WAN line availability messages. Instead, the system displays the
following message after the statusconsole command is issued:
Out Svc (2, 3, 4, or 5) (slot #, port #)
These mean that Layer 2 cannot be established, most likely due to an invalid configuration.
Action:
1. If the system has been operational for longer than 2 minutes, verify that the line is correctly
attached to the proper system resource and port. If not, wait for 2 minutes and check again for
the WAN line availability messages.
2. If the line was correctly attached in action 1, turn the system off, then on. If this fails to correct
the problem, continue with the next step.
3. For the “Out Svc2 (slot #, port #)” message with a Basic Rate line, check configuration. “Auto
TEI” should be selected. Reconfigure if necessary.
4. For the “Out Svc2 (slot #, port #)” message with a Primary Rate line, call your line provider and
have the data link restarted.
5. For the “Out Svc3 (slot #, port #)” on an Auto TEI line, check configuration. Try reconfiguring
the line using non-auto TEI.
386
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
Dedicated Connections
6. If the above actions fail to correct the problem, then call your phone company (carrier) to check
the status of the line. If it is determined that there is no problem with the line, contact Customer
Support.
Problem:
A WAN line is unavailable, and the following two messages are displayed together (to display
messages, issue the drconsole command):
WAN card in slot <slot #> signals it is operational
Abnormal response rcvd: state=-1 msg=73 reason=6 cc state=-1
Action:
1. Check the configuration. Verify that all lines are configured with corresponding data links. If
this is not the case, add data links to all configured lines.
DEDICATED CONNECTIONS
Problem:
A dedicated connection is not functioning.
Action:
If the dedicated connection is not up, this usually indicates that the device could not be validated
for some reason. Check the configuration for the device that will be using the dedicated connection,
and make any necessary corrections.
FRAME RELAY CONNECTIONS
Problem:
The system displays the following message in the report log.
Unexpected error during transmission of LMI frame
Action:
Start up the run-time configuration utility CFGEDIT by entering the following console command:
cfgedit
For the Frame Relay access, change the Frame Relay LMI type.
Save the configuration change, and restart the system.
Problem:
The system displays one of the following message in the report log.
[FR_IETF] Authentication Failure of remote device “NAME”
[FR_IETF] Off-node Authentication Failure of remote device “NAME”
Action:
The device indicated device database does not have a device entry corresponding to the permanent
virtual circuit. Start up the run-time configuration utility CFGEDIT by entering the following
console command:
cfgedit
For the Frame Relay PVC, change the PVC name to match the remote device name.
Workgroup Remote Access Switch
387
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
X.25 CONNECTIONS
Problem:
An X.25 access is configured, but the x.25 statscommand response is:
No X.25 Access configured
Action:
Verify that the proper line and port have been selected.
1. Enter the ercommand to erase the report log.
2. Enter the trace lapb oncommand.
3. Wait 20 seconds, then enter the drcommand to display the report log. The status log should
display a sequence of the following messages:
(I) 17:33:35.38 #1067: Out - LAPB RR, Rx Sequence = 1
(I) 17:33:35.38 #0000: 01 31 00 2A
(I) 17:33:35.38 #1067: IN - LAPB RR, Rx Sequence = 1
(I) 17:33:35.38 #0000: 01 31 A2 00
4. If these messages are not displayed, verify with the service provider that the line and bearer are
provisioned for X.25 packet access, and the LAPB addressing format, modulo 8 or 128, is
consistent with the line provisioning.
5. If the log contains a sequence similar to the following:
(I) 17:33:32.32 #1067: IN - LAPB SABM
(I) 17:33:42.32 #1067: IN - LAPB SABM
(I) 17:33:52.32 #1067: IN - LAPB SABM
verify with the service provider verify that the line and bearer are provisioned for X.25 packet
access, and the LAPB addressing format, modulo 8 or 16, is consistent with the line
provisioning.
6. If the log contains a sequence similar to the following:
(I) 17:33:32.32 #1067: IN - LAPB SABM
(I) 17:33:32.32 #0000: 03 3F A6 04
(I) 17:33:32.32 #1C05: x25 access 1 in state ACCESS UP for
event LAPB UP
(E) 17:33:32.32 #1C04: Invalid event for access 1
(I) 17:33:32.32 #1C05: x25 access 1 in state ACCESS UP for
event X25 DOWN
(I) 17:33:32.32 #1067: Out - LAPB UA
(I) 17:33:32.32 #0000: 03 73 00 10
verify that the LAPB timer values are consistent with the service provider specifications.
388
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
Remote Device Connectivity
REMOTE DEVICE CONNECTIVITY
Problem:
A remote device is not able to connect to the CyberSWITCH.
Set-up:
The system software should be up and running. (At the administration console: if you are in the
Connection Monitor window, exit to the “[System Name] >” prompt.)
1. Enable the call trace messages with the trace onconsole command.
2. Erase the current system messages using the erconsole command.
3. In a controlled manner, initiate an ISDN connection from the remote device.
Action:
1. After a connection has been initiated, view the system messages (display system messages by
issuing the drconsole command). Look for the following call request messages among the
system messages:
In - INCOMING CALL Call Id=<call Id> Slot =<slot #> Port=<port #> Chans=<bearer
channel map> Ces=<comm endpoint suffix> Rate=<data rate>
Out - CONNECT Call Id=<call Id> Slot=<slot #> Port=<port #> Chans=<bearer
channel map> Ces=<communication endpoint suffix> ConnId=<connect Id>
In - CONNECT Call Id=<call Id> Slot=<slot#> Port=<port #> Chans=<bearer channel
map> Ces=<communication endpoint suffix> ConnId=<connect Id>
If the system reports these messages, then continue with the next step.
If the system does not report these messages, the remote device is not correctly connecting to
the system. Check and verify the configuration of the remote device.
2. If the system displays the following message among the system messages (display system
messages by issuing the drconsole command),
Security Rejection-Invalid Calling Line Id - <#>
the network is indicating a calling line identifier that is not configured for any valid device in
the system Device list. The number “#” indicates the actual number presented by the network.
3. For Remote Bridge Devices:
If the system displays the following messages among the system messages,
Security Rejection - Caller did not negotiate security
Security Rejection - No Bridge Address given by caller
Security Rejection - Unknown Calling Bridge
Security Rejection - No Password given by caller
Security Rejection - Invalid Password given
Security Rejection - HDLC not supported by the caller
chapter for the message meanings and the appropriate actions to be taken.
4. For IP Host Devices:
If the system displays the following messages among the system messages:
IP Call Dropped: ID_RSP was not received from remote
IP Call Dropped: XID was not received from remote
Workgroup Remote Access Switch
389
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IP Security Rejection - Digit string wrong length
IP Security Rejection - Invalid Security ID <Id string>
chapter for the message meanings and the appropriate actions to be taken. The first two
messages indicate that the system did not receive the required protocol data. The second two
messages indicate that the security configuration is incorrect.
5. For PPP Devices:
If the system displays any error or warning messages that begin with the following prefixes:
[PAP].....
[CHAP].....
[AUTH].....
There probably is an error in the remote device configuration. Review your remote device
the appropriate actions to be taken.
MULTI-LEVEL SECURITY
Problem:
A remote device is not able to receive a ping response from a local device when the remote device
is authenticated on both the device level and the user level.
Action:
1. Ensure that the remote device can ping across the network with User Level Authentication
DISABLED.
2. Disconnect the call if it is still up.
3. Check to see if the User Level Security database and server are properly configured. Ensure
that the user ID and password are accurate.
4. If the problem is still not resolved, contact Customer Support.
LAN ATTACHMENT
Problem:
The LAN TEST command displays the following message:
LAN port 1 Transmit was not successful
Action:
1. Check to see if the Ethernet LAN is properly connected to the CyberSWITCH.
2. Check to see if the Ethernet LAN is properly terminated.
(Test: Can any other machine transmit data successfully onto this LAN?)
3. If the problem is still not resolved, contact Customer Support.
390
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
IP Host Mode
IP HOST MODE
The following sections provide diagnostic procedures for the IP Host Mode.
IP HOST INITIALIZATION
Problem:
The system does not display the correct IP Host Initialization messages. Or, instead, it displays the
following message:
[IP] IP Router is initialized successfully
Action:
1. Check the configuration. Make sure that the IP feature is enabled.
2. Make sure that the operating mode is set to Host rather than Router.
IP HOST MODE OPERATION OVER THE LAN CONNECTION
Problem:
The system does not display the correct message after the ping command. Instead, it displays the
following message:
No response from <ip-address>
Action:
1. Verify that the routing entry for the destination network exists by entering the following
console command:
iproute <ip-address>
2. If the command returns “No route is available for <ip-address>,“the routing
entry does not exist. To correct, add the static routing entry using the iproute add Manage
Mode command.
3. Check that the CyberSWITCH and the specified Host both have the same Subnet mask and Sub
network number for that ip-address using the ipnetifManage Mode command. Correct the
Host configuration, or the system configuration (using the iproute changeManage Mode
command) as required.
4. Verify that the ARP entry for the specified IP address exists. As required, ping from the IP Host
so that the ARP entry is updated. Use the ip arp command to look at the ARP cache entries.
Host does not exist, verify that the Host is operational and that the CyberSWITCH and the Host
are both physically connected to the same LAN segment.
5. If the ARP cache entry exists for the Host, check that the IP Host has the same encapsulation
type as the CyberSWITCH. The CyberSWITCH can receive and recognize either Ethernet or
SNAP type encapsulations. Correct the IP Host or CyberSWITCH configuration (using
CFGEDIT) for encapsulation type.
6. Try to ping the Host from another device on the LAN. If this is also unsuccessful, this may
indicate a problem with the Host.
Workgroup Remote Access Switch
391
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
7. Verify that the hardware address (MAC address) for the IP Host in the CyberSWITCH’s ARP
cache is correct. If it is not correct, verify the configuration in the IP Host.
IP HOST MODE OPERATION OVER THE WAN CONNECTION
Problem:
The remote IP Host connected to a WAN RLAN interface on the CyberSWITCH does not receive a
ping response from the WAN RLAN interface.
Action:
1. Verify that the WAN connection is up. Use the mccommand to check for the connection. If the
connection is up, then continue with the next step.
IP ROUTING OVER INTERFACE CONNECTIONS
This section provides diagnostic information for IP routing over various interface connections.
IP ROUTING OVER THE LAN INTERFACE CONNECTION
Problem:
The system does not display the correct message after the ping command. Instead, the system
displays the following message:
No response from <ip-address>
Action:
1. Verify that the routing entry for the destination network exists by entering the following
administrative console command:
iproute <ip-address>
If the command returns “No route is available for <ip-address>“, the routing entry
does not exist. To correct, add the routing entry using the iproute add Manage Mode
command.
2. Check that the system and the specified Host both have the same Subnet mask and Sub
network number for that IP address using the ipnetifcommand (Manage Mode). Correct the
Host configuration, or the system configuration (using the iproute changeManage Mode
command) as required.
3. Verify that the ARP entry for the specified IP address exists. As required, ping from the IP Host
so that the ARP entry is updated. Use the ip arp console command to look at the ARP cache
entries. If the ARP cache entry for the Host does not exist, verify that the Host is operational
and that the CyberSWITCH and the Host are both physically connected to the same LAN
segment.
4. If the ARP cache entry exists for the Host, check that the IP Host has the same encapsulation
type as the CyberSWITCH. The system can receive and recognize either Ethernet or SNAP type
392
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
IP Routing Over Interface Connections
encapsulations. Correct the IP Host or system configuration (through CFGEDIT) for
encapsulation type.
5. Try to ping the Host from another device on the LAN. If this is also unsuccessful, this may
indicate a problem with the Host.
6. Verify that the hardware address (MAC address) for the IP Host in the system’s ARP cache is
correct. If it is not correct, verify the configuration in the IP Host.
IP ROUTING OVER A WAN INTERFACE CONNECTION
Problem:
The remote IP Host connected to a WAN interface does not receive a ping response from the
CyberSWITCH WAN interface.
Action:
1. Verify that the WAN connection is up. Use the mcconsole command to display the Connection
Monitor display. Check for the connection. If the connection is up, continue with the next step.
2. Verify that the WAN interface is properly initialized. Use the ipnetifcommand (Manage
Mode) to check for the proper WAN interface. If it exists, continue with the next step.
If the proper WAN interface does not exist, make corrections to the system configuration using
CFGEDIT.
3. Check that the IP address configured in the Device list for the IP Host device matches the
address configured on the IP Host device. Make corrections to the CyberSWITCH’s
configuration (using the iproute change Manage Mode command), or to the IP Host’s
configuration, as required.
Problem:
The remote IP Host connected to a WAN interface on the CyberSWITCH does not receive a ping
response from the LAN interface.
Action:
1. Verify that the remote IP Host can access the WAN interface of the CyberSWITCH. If the
remote IP Host accesses the WAN interface successfully, then continue with the next step.
If the remote IP Host is not able to access the WAN interface, then refer to the preceding
problem and associated actions.
2. Verify that the LAN interface is properly configured by using the ipnetifcommand (a
Manage Mode command). If the proper LAN interface exists, then continue with the next step.
If the proper LAN interface does not exist, use CFGEDIT to make corrections.
3. Verify that the remote IP Host is initiating a call to the CyberSWITCH. Since the LAN interface
has an IP address assigned with a different network number than the one for the remote IP
Workgroup Remote Access Switch
393
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Host, the remote IP Host may need a proper route entry for the local network where the
CyberSWITCH is located. Make corrections to the remote IP Host configuration.
Problem:
The remote IP Host connected to a WAN interface on the CyberSWITCH does not receive a ping
response from the local IP Host.
Action:
1. Verify that the remote IP Host can access the LAN interface of the CyberSWITCH. If the remote
IP Host accesses the LAN interface, then continue with the next step.
If the remote Host is unable to access the LAN interface, refer to the preceding problem and
associated actions.
2. Verify that the local IP Host has the route entry for the remote network with the CyberSWITCH
as the next hop.
If the local IP Host does not have the proper route entry, make corrections to the local IP Host
configuration.
IP ROUTING OVER A WAN (DIRECT HOST) INTERFACE CONNECTION
Problem:
The remote IP Host connected to a WAN (Direct Host) interface on the CyberSWITCH does not
receive a ping response from the CyberSWITCH.
Action:
1. Verify that the WAN connection is up. Use the mcconsole command to check for the
connection. If the connection is up, then continue with the next step.
2. Verify that the WAN (Direct Host) interface is properly initialized. Use the ipnetifcommand
(a Manage Mode command) to check for the proper WAN (Direct Host) interface. If it exists,
continue with the next step.
If the interface does not exist, use CFGEDIT to make corrections.
3. Verify that the subnet mask information and the IP address for the Remote Host matches the
IP Host configuration.
Problem:
The remote IP Host connected to a WAN (Direct Host) interface on the CyberSWITCH does not
receive a ping response from the local IP Host.
394
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
IP Routing Over Interface Connections
Action:
1. Verify that the remote IP Host can access the LAN interface of the CyberSWITCH. If it can,
continue with the next step.
If the remote Host is unable to access the LAN interface, refer to the preceding problem and
action.
2. The remote IP Host connected to a WAN (Direct Host) interface should be recognized as if it
System Verification chapter.
IP ROUTING OVER A WAN RLAN INTERFACE CONNECTION
Problem:
The remote IP Host connected to a WAN RLAN interface on the CyberSWITCH does not receive a
ping response from the CyberSWITCH WAN RLAN interface.
Action:
1. Verify that the WAN connection is up. Use the mcconsole command to display the Monitor
Connections screen. Check for the connection. If the connection is up, then continue with the
next step.
2. Verify that the WAN RLAN interface is properly initialized. Use the ipnetifcommand (a
Manage Mode command) to check for the proper WAN RLAN interface. If the proper WAN
RLAN interface exists, then continue with the next step.
If the proper interface does not exist, use CFGEDIT to make the necessary corrections.
3. Check that the IP address configured in the Device list for the IP Host device matches the
address configured on the IP Host device. Make corrections to the CyberSWITCH’s
configuration (using the iproute change Manage Mode command), or to the IP Host’s
configuration, as required.
Problem:
The remote IP Host connected to a WAN RLAN interface on the CyberSWITCH does not receive a
ping response from the CyberSWITCH LAN interface.
Action:
1. Verify that the remote IP Host can access the WAN RLAN interface of the CyberSWITCH. If
this can be done successfully, continue with the next step.
If the remote IP Host is not able to access the WAN RLAN interface, then refer to the preceding
problem and action.
2. Verify that the LAN interface is properly initialized. Use the ipnetifcommand (a Manage
Mode command) to check for the proper LAN interfaceIf the proper interface exists, then
continue with the next step.
If the proper interface does not exist, use CFGEDIT to make the necessary corrections.
Workgroup Remote Access Switch
395
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
3. Verify that the remote bridge device is initiating a call to the CyberSWITCH. Since the
CyberSWITCH LAN interface has an IP address assigned with a different network number
than the one for the remote IP Host, the remote IP Host may need a proper route entry for the
local network where the CyberSWITCH is located. Make corrections to the remote IP Host
configuration.
Problem:
The remote IP Host connected to a WAN RLAN interface on the CyberSWITCH does not receive a
ping response from the local IP Host.
Action:
1. Verify that the remote IP Host can access the LAN interface of the CyberSWITCH. If it accesses
the LAN interface, then continue with the next step.
If the remote Host is unable to access the LAN interface, refer to the preceding problem and
action.
2. Verify that the local IP Host has the route entry for the remote network with the CyberSWITCH
Verification chapter.
If the local IP Host does not have the proper route entry, make corrections to the local IP Host
configuration.
IP ROUTING OVER A WAN UNNUMBERED INTERFACE CONNECTION
Problem:
The remote router connected to a WAN UnNumbered interface on the CyberSWITCH does not
receive a ping response from the CyberSWITCH LAN interface.
Action:
1. Have the remote router ping itself using its LAN IP address.
2. Have the CyberSWITCH ping itself using its LAN IP address.
3. Have the router ping the CyberSWITCH. If the ping is unsuccessful:
•
•
and no call is up, check the static route on the router
and a call is up, check the static route on the CyberSWITCH.
IP FILTERS
Problem:
IP Filters are not correctly discarding packets.
Action:
Check to see if the filters are properly configured:
1. From Manage Mode, issue the ipfilt command. Check the configured packet types, as well as
the configured filters:
396
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
IP RIP
a. For packet types, it is important to verify that the contents of the packet in question are
indeed correctly specified (IP Addresses, Protocol, TCP Ports, etc.).
b. For configured filters, keep in mind that component conditions are executed in the order in
which they appear in the configuration. It is possible that a packet is not being discarded
as expected if a previous condition matches that packet with an action of forward.
2. Check to see if the filters are properly applied:
a. For global filters, use Manage Mode’s ipfilt command. Check the Apply Global Forwarding
Filter option.
b. For filters applied on a per-device basis, use Manage Mode’s device command. Check to see
if filters properly applied.
c. For network interface filters, check the IP interface information in CFGEDIT (Options, IP
Configuration, IP Interface).
3. Make configuration changes as necessary.
If you are still experiencing problems:
1. Check the status of the Exception Filter (using Manage Mode, ipfilt command). The Exception
Filter overrides all other filters. If the Exception Filter is enabled, this could be the problem.
2. With per-device and network interface filters, it is necessary that the packet in question truly
flows through the desired application point. Try this test:
a. Disable the per-device and network interface filters.
b. Apply each filter in question globally.
c. When desired IP packets are received, it is guaranteed that they will pass through the filter
in question. You can then analyze the effects in isolation. Your findings will be helpful if
you need to call Customer Support.
If the IP filters are properly configured, and the system is still not correctly discarding packets,
contact Customer Support.
IP RIP
This section provides guidance for diagnosing IP RIP operational problems.
IP RIP INITIALIZATION
Problem:
The CyberSWITCH does not display the correct IP RIP Initialization messages. Instead, it displays
one or more of the following message:
[IP RIP] Initialization failed, unable to allocate buffers
[IP RIP] Unable to open RIP/UDP port 512
Action:
There is an unexpected condition present within the CyberSWITCH software. Contact Customer
Support.
Workgroup Remote Access Switch
397
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IP RIP OUTPUT PROCESSING ON A LAN INTERFACE
Problem:
The local IP Host does not display the correct route entry, for example, the IP Host does not seem
to be learning route information from the CyberSWITCH via RIP.
Action:
1. Using the ipnetifManage Mode command, verify that the IP RIP Send Control is set to a RIP
version that the IP Host can understand.
If the command shows Do Not Send, the IP RIP output processing is disabled on the interface.
Correct the RIP Send Control configuration using CFGEDIT.
If the command shows an improper version of RIP, correct the RIP Send Control to the proper
RIP version that the IP Host can understand.
2. Enter the ip rip stats administrative console command. Look for the
IfStatSentResponsescounter for the interface, which shows the number of RIP update
messages sent on the interface.
If the counter is 0, enter the ip rip send administrative console command to force the RIP
update message to be sent immediately.
3. Repeat step 2.
If the counter is still 0, there is an unexpected condition present within the CyberSWITCH
software. Contact Customer Support.
4. If the RIP Send Control is set to “RIP Version 1” or “RIP Version 1 Compatibility,” use Manage
Mode to verify that the transmit broadcast address on the interface is set to a proper address
that the IP Host can receive (through issuing the ipnetifManage Mode command).
If the transmit broadcast address is not set properly, use CFGEDIT to correct it.
5. Check the IP Host and ensure that it is set up to learn route information via RIP.
IP RIP INPUT PROCESSING ON A LAN INTERFACE
Problem:
The CyberSWITCH does not display the correct route entry, for example, the system does not seem
to be learning route information via RIP.
Action:
1. Verify that the IP RIP Receive Control is set to the proper RIP version that the Router is using.
2. Enter the ip rip stats administrative console command. Look for the counter
IfStatRcvResponses for the interface, which show the number of RIP update messages
received on the interface.
If the total number of these counters is 0, check the Router to verify that it is configured to send
IP RIP update messages.
398
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
IP RIP
3. Also look for the IfStatRcvBadPacketsand IfStatRcvBadRoutes counters.
If these counters are not 0, there may be something wrong with the Router.
If these counters are 0, there is an unexpected condition present within the CyberSWITCH
software. Contact Customer Support.
IP RIP OUTPUT PROCESSING ON A WAN INTERFACE
Problem:
The Router does not display the correct route entry, i.e., the Router does not seem to be learning
route information from the CyberSWITCH system via RIP.
Action:
1. Verify that the IP RIP Send Control is set to the proper RIP version that the Router can
2. Enter the ip rip interfaceadministrative console command. Look for the Broadcast
Address value. This is the IP address of the router that the RIP messages are sent to.
If the address is not the correct address for the Router, correct the transmit broadcast address
address.
3. Enter the ip rip statsadministrative console command. Look for the IfStatSentResponses
counter for the interface, which shows the number of RIP update messages sent on the
interface.
If the counter is 0, enter the ip rip send administrative console command to force the RIP
update message to be sent immediately.
4. Repeat step 3).
If the counter is still 0, there is an unexpected condition present within the CyberSWITCH
software. Contact Customer Support.
5. Check the Router and ensure that it is set up to learn route information via RIP.
IP RIP INPUT PROCESSING ON A WAN INTERFACE
Problem:
The CyberSWITCH system does not display the correct route entry, i.e., the system does not seem
to be learning route information via RIP.
Action:
1. Verify that the IP RIP Receive Control is set to the proper RIP version that the Router is using.
Workgroup Remote Access Switch
399
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
2. Enter the ip rip statsadministration console command. Look for the IfStatRcvResponses
counter for the interface. This statistics is the number of RIP update messages received on the
interface.
If the total number of these counters is 0, check the Router to verify that it is configured to send
IP RIP update messages.
3. Also look for the IfStatRcvBadPackets and IfStatRcvBadRoutes counters.
If these counters are not 0, there may be something wrong with the Router.
If these counters are 0, there is an unexpected condition present within the CyberSWITCH
system software. Contact customer support.
IPX ROUTING
This section provides methods for diagnosing problems in the following areas of IPX routing:
IPX ROUTING INITIALIZATION
Problem:
The CyberSWITCH does not display the correct IPX Initialization messages. Instead, it displays the
following message (display messages by entering the drconsole command):
[IPX] Initialization failure
Action:
An internal error has occurred. Contact Customer Support.
IPX ROUTING OVER THE LAN CONNECTION
Problem:
The CyberSWITCH does not display the correct message after issuing the ipx diagor ipx ping
command. Instead, it displays the following message:
No response from <ipx-address>
Action:
1. Verify that the routing entry for the destination network exists by entering the following
console command:
ipx route
If the CyberSWITCH displays the route to the destination, it knows how to reach the local
server’s internal network. Determine if this is a static route or a dynamic route learned via RIP.
The output of an ipx routecommand contains a protocol (P) field for each route entry, which
400
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
IPX Routing
indicate if it is static (L- locally configured) or dynamically learned via RIP (R). If it is learned
via RIP, then basic communication between the CyberSWITCH and the local NetWare server
is operational, and it is uncertain why the NetWare server does not respond to the ping request.
Contact Customer Support.
2. Verify that RIP protocol is enabled by entering the following Mange Mode command:
ipxrip
Enable RIP if it is not already enabled.
3. Using the ipxnetifManage Mode command, verify that IPX RIP send and receive control is
enabled for the LAN interface.
Using CFGEDIT (under IPX network interfaces) enable RIP send and receive control if it is not
already enabled.
4. If the route does not exist, or the route is a static entry, then verify that the CyberSWITCH and
the local NetWare server are using the same packet encapsulation. To check the type of
encapsulation, use the ipxnetifManage Mode command. If they are not using the same
encapsulation, then correct it either on the CyberSWITCH or the NetWare server.
5. Verify that the CyberSWITCH and the NetWare server are using the same external IPX
network number for their mutual LAN (AA for this example). To check the network number
that the CyberSWITCH is using, use the ipxnetifManage Mode command. If they are not
using the same external network number, then correct the problem.
IPX ROUTING OVER THE REMOTE LAN CONNECTION
Problem:
The system does not display the IPX messages indicating successful initiation on Remote LAN
network.
Action:
details.
Problem:
The CyberSWITCH does not recognize a ipx diag packet from the Remote Bridge.
Action:
Problem:
Data is not forwarded from the remote bridge to the router over the Remote LAN interface.
Action:
Check the configuration:
details.
Workgroup Remote Access Switch
401
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
6. Verify device configuration on remote bridge. Bridge devices should be configured to make
calls over the interface defined to go to the router.
Problem:
The router does not forward typical data (RIP, SAP, Type 20 packets) to the remote bridge.
Action:
1. Make sure a call is up. Remember, the router cannot forward data if there is no previous
connection (i.e., router currently does not support dial-out).
Problem:
Data is not received by a remote client (or server) on a Remote LAN network, but the call does come
up between the router and the remote bridge.
Action:
1. Double check and resolve any configuration/ connection problems for the client (or server) to
the bridge on the Remote LAN. (Basically, eliminate the possibility of any LAN configuration
problems which are unrelated to the Remote LAN interface).
2. If you determine the problem is related to the Remote LAN, verify the IPX Network Number
LAN Devices for details.
IPX ROUTING OVER THE WAN CONNECTION
Problem:
The remote NetWare server does not appear in the NetWare client’s network neighborhood.
Action:
1. Verify that the routing entry for the remote NetWare’s internal network exists by entering the
following command.
ipx route
If the route entry does not exist, add a static route to it using the ipxroute addcommand
(Manage Mode) because no route information (RIP packets) are exchanged over the WAN
connections.
2. Verify that the proper service entries of the remote NetWare server exist by entering the
following console command:
ipx service
If the proper service entries do not exist, add static services using the ipxservicecommand
(Manage Mode) because no service information (SAP packets) are exchanged over the WAN
connections.
3. Verify that the CyberSWITCH has SAP processing enabled for the LAN interface by using the
ixpnetifcommand (Manage Mode). If the SAP processing is not enabled, change the
configuration for the network interface.
402
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
IPX Routing and Service Tables
IPX ROUTING AND SERVICE TABLES
Problem:
The routing table on the CyberSWITCH is full.
Action:
The number of entries in the routing table is a configurable entity. This parameter may be between
the values of 20 and 3072, and should be based on system need and system memory constraints.
We recommend this value be at least 10% more than what you predict to be needed (more than 10%
with larger network topologies). To predict need, use the following formula:
1 + (2 x # configured IPX network interfaces) + (# configured static routes) + (# RIP routes)
1. Determine number of needed entries in routing table:
•
Issue the IPX route stats command to determine number of configured static routes and RIP
routes;
•
•
from Manage Mode, issue ipxnetif command to determine number of network interfaces;
plug this data into previously-described formula.
2. Run CFGEDIT. From Options, select IPX Routing.
3. Select IPX RIP Table maximum number...
4. Increase the size of the table based upon your calculations.
Problem:
The service table on the CyberSWITCH is full.
Action:
The number of entries in the service table is a configurable entity. This parameter may be between
the values of 20 and 3072, and should be based on system need and system memory constraints.
We recommend this value be at least 10% more than what you predict to be needed (more than 10%
with larger network topologies). To predict need, use the following formula:
(# configured static services) + (# SAP services)
1. Determine number of needed entries in service table:
•
Issue the IPX service stats command to determine number of configured static services and
SAP services;
•
plug this data into previously-described formula.
2. Run CFGEDIT. From Options, select IPX Routing.
3. Select IPX SAP Table maximum number...
4. Increase the size of the table based upon your calculations.
Workgroup Remote Access Switch
403
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
TRIGGERED RIP/SAP START UP
Problem:
The CyberSWITCH does not display a triggered RIP/ SAP starting message for a WAN peer.
Action:
Verify that the WAN peer is properly configured. Issue the device command in Manage Mode to
display the current Device List. Or, you may view the WAN peer list through CFGEDIT, Options,
IPX Configuration, Triggered RIP/SAP. Be sure that the device (WAN peer) has IPX routing enabled
and triggered RIP/ SAP (active) selected as routing protocol.
TRIGGERED RIP/SAP OPERATION
Problem:
Routes or Services are not propagated between peers.
Changes are not propagated between peers.
Action:
1. Verify triggered RIP/ SAP has successfully started for peers. Issue the drconsole command
and look for the “starting” message in the log.
2. Generate a triggered RIP/ SAP update request to the devices in question. Issue the following
console command for each device:
ipx trigreq <device>
3. Verify that the statistics are incremented properly. Issue the following console commands:
ipx trigrip stats
ipx trigsap stats
4. If routes/ services are not propagated on either side, contact Customer Support.
APPLETALK ROUTING
This section provides methods for diagnosing problems in the following areas of AppleTalk
routing:
Use the following example configuration to diagnose AppleTalk routing operational problems. The
example below uses AppleTalk addresses, zones, and resource names specific to the example.
Substitute those of your network when you perform the diagnosis steps.
404
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
AppleTalk Routing
ISDN
CSX1200
"Site2"
CSX1200
"Site1"
WORKGROUP REMOTE ACCESS SWITCH
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
LINE
1
LINE
2
LINE
3
LINE
4
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
CH
CH-1
CH-2
CH
CH-1
CH-2
CH
CH-1
CH-2
CH
LAN
SYNC
SYNC
SYNC
SYNC
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
AGI
AGI
Net Range: 10-11
Zone: Left Zone
Net Range: 20-21
Zone: Right Zone
Local Mac
Remote Mac
APPLETALK ROUTING INITIALIZATION
Problem:
The CyberSWITCH does not display the correct AppleTalk Routing Initialization messages.
Action:
1. Check the system configuration. Make sure that the AppleTalk feature is enabled for the
system.
APPLETALK ROUTING OPERATIONAL OVER THE LAN CONNECTION
Problem:
No zones appear in the Mac’s Chooser.
Action:
1. Verify that the AppleTalk LAN port that Local Mac is attached to is in up state by entering the
following console command:
atalk port
If the command shows the port is not in up state, wait for a couple of minutes and repeat this
step.
2. Check to see if the LAN connection of the port is operational. If the LAN connection is not
operational, then correct the problem.
3. If you are using Classic Networking, verify that EtherTalk is used on the Local Mac by opening
the Network control panel as shown below:
Workgroup Remote Access Switch
405
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
If EtherTalk is selected, and no zones are displayed, then contact your Distributor or Customer
Support.
4. If you are using Open Transport, verify that Local Mac has chosen a proper AppleTalk address
AppleTalk control panel as shown below:
If the Network Range is correct and the AppleTalk address is not within that range, then try to
close the AppleTalk control panel once, and then reopen it. If the AppleTalk address is still
invalid, then try to assign a valid address manually by marking User defined box. If you start
seeing zones, then you can take out the User defined tag.
If the Network Range is not correct, contact your Distributor or Customer Support.
5. If the AppleTalk address of Local Mac is valid, then check which AppleTalk router that Local
Mac is obtaining the information from by selecting info box in the AppleTalk control panel as
shown below (this can be done if Open Transport is being used):
406
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
AppleTalk Routing
If the AppleTalk address for the router is not same as the one displayed when issuing atalk
portconsole command, then the Local Mac is getting the information from another router.
Please refer to the document for the router.
If the AppleTalk address for Router is the same as the one displayed after issuing the atalk
portconsole command, contact your Distributor or Customer Support.
Problem:
Only local zones appear and remote zones are not shown in the Mac’s Chooser:
Action:
1. Verify that a static route to the remote network is properly configured on the CyberSWITCH.
The static route is configured using CFGEDIT.
2. If the static route is not configured correctly, make the appropriate corrections.
3. If the static route is properly configured, then contact your Distributor or Customer Support.
APPLETALK ROUTING OPERATIONAL OVER THE WAN CONNECTION
Problem:
The local Mac is unable to see the remote resource (Remote Mac), which is located across the WAN.
Action:
1. Verify that AppleTalk Routing is operational on both the local and the remote LAN.
2. Verify that the remote resources (remote Mac) can be seen when the WAN connection is up.
3. If the remote resources can be seen when the connection is up but not when the connection is
down, there are some problems with making outbound calls. Make sure that the information
on the remote CyberSWITCH (labeled Site 2 in the example network) contains a proper
AppleTalk address, and that Make calls for AppleTalk data for the device is enabled.
Workgroup Remote Access Switch
407
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
4. If the remote resources can not be seen even when the connection is up, then make sure the
AppleTalk address of the remote device is valid. If the remote device is on an unnumbered
network, then AppleTalk an address of 0.0 must be configured for the remote device in the
device table. If it is on a numbered network, the AppleTalk address does not need to be
configured for the device in the device table. However, if it is configured, it must match the
AppleTalk address configured on the remote device.
SNMP
Problem:
The SNMP Agent is not functioning.
Action:
1. Check the configuration of the CyberSWITCH. In order for the SNMP Agent to become
enabled, both the IP option and the SNMP Agent must be enabled in the CyberSWITCH
configuration. (You may check the configuration by using the optionsand snmpcommands
in Manage Mode; however, you can only make changes to these items by using CFGEDIT).
2. Enter the drcommand at the administrative console. If the following message appears, the IP
subsystem has initialized successfully:
[IP] IP router is initialized successfully
3. However, if one of the following messages appears, there is an unexpected condition present
within the CyberSWITCH software. Contact Customer Support.
[SNMP] SNMP initialization failure - unable to allocate necessary
memory
[SNMP] SNMP initialization failure - unable to open UDP port
Problem:
The CyberSWITCH does not respond to SNMP requests.
Action:
1. Enter the command snmp statsat the administrative console. If an “SNMP is not
enabled” message appears, you must first enable the SNMP Agent (using CFGEDIT).
2. If the SNMP statistics are displayed, check the value of the “snmpInBadVersions” statistic. If it
is non-zero, the Network Management station is generating request PDUs with an
incompatible SNMP version number. Such requests are discarded by the SNMP agent.
3. Check the value of the “snmpInBadCommunityUses” statistic. If it is non-zero, the community
name specified in the request PDUs does not have the proper access rights to perform the
desired request, and the request is discarded. To correct this problem, reconfigure the MIB
access level for the desired community name to the desired access level.
4. Check the value of the “snmpInASNParseErrs” statistic. If it is non-zero, the network
management station is generating request PDUs that are not properly encoded in ASN.1
format. Such requests are discarded by the SNMP agent.
408
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
SNMP
Problem:
The CyberSWITCH does not generate SNMP Trap PDUs.
Action:
1. Enter the snmp stats command at the administrative console. If an “SNMP is not enabled”
message appears, you must first enable the SNMP Agent (using CFGEDIT).
2. If the SNMP statistics are displayed, check the value of the “snmpOutTraps” statistic. If this
counter is zero, the SNMP agent has not generated any Traps. Check your configuration setup
and ensure that at least one SNMP Trap Receiver is configured. If the value of the
“snmpOutTraps” statistic is non-zero, the SNMP agent is generating Trap PDUs. If a given
Network Management Station is not receiving Traps as expected, check your configuration
setup and ensure that the IP address and the Community Name of the Network Management
Station that is not receiving Traps is configured properly.
3. Enter drat the administrative console to display the current system messages. If one of the
following messages appears, the SNMP agent does not have enough memory to generate all of
the Trap PDUs that need to be generated. If the “snmpOutTraps” counter is not increasing
while these reports are being logged, there is an unexpected condition present within the
CyberSWITCH System software. Contact Customer Support.
[SNMP] Unable to obtain an SNMP Trap queue header
[SNMP] Unable to obtain an SNMP Trap queue entry buffer
Problem:
The following message is continuously reported in the system log (enter the drconsole command
to display the system log):
[SNMP] Authentication failure, unknown community name
Action:
The Community Name specified in the request PDUs is not recognized by the SNMP Agent. To
correct this problem, use CFGEDIT to add the desired community name or change the
configuration of your Network Management Station so that it uses a Community Name that is
known to the CyberSWITCH.
Problem:
The following message is continuously reported in the system log (display the system log by
issuing the drconsole command):
[SNMP] Authentication failure, improper access rights
Action:
The Community Name specified in the request PDUs does not have the proper access rights to
perform the desired request. Use CFGEDIT to change the MIB access level of the indicated
Community Name to the desired access level or change the configuration of your Network
Management Station so that it uses a Community Name that has the desired MIB access level.
Workgroup Remote Access Switch
409
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
DIAL OUT
Problem:
A Dial Out call was not completed successfully.
Action:
1. If you issued the call device <device name>console command to initiate the call, check
to see that you entered the device name correctly. Device names are case sensitive.
2. If you issued the call peer <telephone number data rate> console command to
initiate the call, check to see that you entered the correct telephone number and data rate. The
telephone number must contain all required prefixes such as the area code, or a “9” if Centrex
is used.
3. If you have entered the call device or the call peer command correctly, follow the set up and
actions listed below.
Set Up:
1. Enable the call trace messages by issuing the trace on console command.
2. Erase the current system messages (issue the erconsole command).
3. Initiate a call to a remote device by issuing the call device <device name> console
command.
4. Display the system messages (issue the drconsole command).
5. Look for the following call request messages among the system messages.
Out - CALL RQST ACK Call Id=<call Id> Rate=<data rate> Slot=<slot#>
Port=<port#> Chans=<bearer channel map> TN=<telephone number di-
aled> Ces=<communication endpoint suffix> ConnId=<connect Id
In - CALL RQST ACK CallId=<call Id> Slot=<slot#> Port=<port#>
CES=<ces> ConnId=<connection Id>
In - PROCEEDING Call Id=<call Id> Slot=<slot #> Port=<port #>
Chans=<bearer channel map> Ces=<communication endpoint suffix>
ConnId=< connect Id>
In - CONNECT Call Id=<call Id> Slot=<slot#> Port=<port #>
Chans=<bearer channel map> Ces=<communication endpoint suffix>
ConnId=<connect Id>
Action:
1. If the system does not report a call request message for the remote device, then the system did
not attempt to make a call. Check to see if there is enough call resources (lines, channels,
supported connections) to make the missing call. For example, if your system supports only
one BRI line, and you have no hunt groups, then only two active connections are possible. The
system would not attempt to make a third call.
If this is not the case, contact Customer Support.
2. If the system reports a call request message but it does not connect, then the system attempted
to make a call. Check to see if the remote device has already completed the installation and
verification processes, and is currently running with no active errors.
410
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
Call Detail Recording
If there are no problems with actions 1 and 2, proceed to action 3.
3. Check for the following system messages:
For BRI resource:
In - proceeding <#,#>
In - disconnect <#,#> - <disconnect cause>
For PRI resource:
In - accept <#,#>
In - disconnect <#,#> - <disconnect cause>
If the system reports these messages, then the network disconnected the call attempt. For the
reported disconnect cause, write down the “disconnect cause” and call your phone company
(carrier) to report the problem.
CALL DETAIL RECORDING
Problem:
The cdr verify command fails for an off-node server.
Action:
1. Ping the syslog server to check the IP route from the CyberSWITCH to the server. (Note that an
IP route to the server must be established.) If RIP is needed to establish the route, the route may
not be available until the CyberSWITCH has been running for a minute or two.)
2. Using the drcommand, check the CyberSWITCH Report log for error messages.
3. Check that the syslogd daemon is running on the syslog server. This can be done with your
UNIX system’s process status (ps) command. This command should result in a display of the
syslogd process. If none is displayed, syslogd is not running.
4. Syslogd can be run in debug mode with the “-d” option. See your UNIX system documentation
for more information on your syslogd daemon process.
5. If syslogd is running but does not receive any log messages, make sure CDR is configured for
the UDP port that syslogd is using. The typical port is 514, but some versions of syslogd may
use a different port.
6. Check that the priority value that you assigned in the CFGEDIT Call Detail Recording menu
(default of 38) matches the priority setting on your syslog server (default of auth.info).
Workgroup Remote Access Switch
411
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
COMPRESSION
Problem:
Compression is not established for a device for which it is expected.
Action:
1. Issue the cmp statsconsole command then issue the drconsole command to check the
message report log. A message will inform you if the compression failed due to memory
constraints.
2. Verify that the CyberSWITCH has compression enabled. This is done through selecting
“Compression Options” from CFGEDIT’s Systems Options menu.
3. Verify that the device to which the connection is being established has compression enabled. If
the device is another CyberSWITCH, refer to the previous step for instructions.
4. Use the trace console command to examine the CCP frames exchanged with the device. This is
typically accomplished by issuing the trace ppp oncommand, erasing the log contents,
establishing the call, and then examining the log again (by issuing the drconsole command) to
view the frame trace.
The following traces illustrate some common PPP startup scenarios when compression is
enabled. Only the CCP frames are excerpted for clarity.
•
Successful Negotiation
As a reference, the following trace illustrates a successful negotiation of CCP using the Stac
compression protocol. The key feature of this sequence is that each side receives a
CONFIG-ACK to its respective CONFIG-REQ.
(I) 15:35:09.98 #80FD: Conn=001 OUT-PPP:CCP
(I) 15:35:09.98 #9999: -Alg: 0x11 (STAC-LZS) Len: 5
(I) 15:35:09.98 #9999: Hist Count: 01 Chk Mode: 0x03 (SEQ#)
(I) 15:35:09.98 #80FD: Conn=001 IN -PPP:CCP CFG REQ Id=0x7B Len=9
(I) 15:35:09.98 #9999: -Alg: 0x11 (STAC-LZS) Len: 5
(I) 15:35:09.98 #9999: Hist Count: 01 Chk Mode: 0x03 (SEQ#)
(I) 15:35:09.99 #80FD: Conn=001 OUT-PPP:CCP CFG ACK Id=0x7B Len=9
(I) 15:35:09.99 #9999: -Alg: 0x11 (STAC-LZS) Len: 5
(I) 15:35:09.99 #9999: Hist Count: 01 Chk Mode: 0x03 (SEQ#)
(I) 15:35:09.99 #80FD: Conn=001 IN -PPP:CCP CFG ACK Id=0xB4 Len=9
(I) 15:35:09.99 #9999: -Alg: 0x11 (STAC-LZS) Len: 5
(I) 15:35:09.99 #9999: Hist Count: 01 Chk Mode: 0x03 (SEQ#)
CFG REQ Id=0xB4 Len=9
•
Peer Protocol-Rejects CCP
If the peer does not actually support PPP compression, it will most likely Protocol-Reject
the CyberSWITCH’s attempt to negotiate CCP. In this case, the CyberSWITCH will
abandon its attempt to use compression and the connection will operate uncompressed.
The incoming frame from the peer contains a PROT-REJ, whose 1st two hex octets in the
trace indicate the CCP protocol (0x80FD).
(I) 16:01:51.65 #80FD: Conn=001 OUT-PPP:CCP
(I) 16:01:51.65 #9999: -Alg: 0x11 (STAC-LZS) Len: 5
(I) 16:01:51.65 #9999: Hist Count: 01 Chk Mode: 0x03 (SEQ#)
(I) 16:01:51.65 #C021: Conn=001 IN -PPP:LCP PROT REJ Id=0x00 Len=15
80 FD 01 87 00 09 11 05 00 01 03
CFG REQ Id=0x87 Len=9
(I) 16:01:51.71 #0000:
412
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
DHCP: Relay Agent
•
The CyberSWITCH does not have Compression ENABLED
In this case, the CyberSWITCH will respond to all attempts by the peer to open CCP with
a TERM-ACK frame. The connection will operate uncompressed. (Note: a device that
supports compression but has it disabled will typically do the exact same thing).
(I) 15:36:40.54 #80FD: Conn=001 IN -PPP:CCP
(I) 15:36:40.54 #9999: -Alg: 0x11 (STAC-LZS) Len: 5
(I) 15:36:40.54 #9999: Hist Count: 01 Chk Mode: 0x03 (SEQ#)
(I) 15:36:40.54 #80FD: Conn=001 OUT-PPP:CCP TERM ACK Id=0xEC Len=4
CFG REQ Id=0xEC Len=9
DHCP: RELAY AGENT
RELAY AGENT INITIALIZATION
Problem:
The following messages appear in the report log, after system initialization:
[DHCP-R] Failed to allocated memory for transmit buffer pool
[DHCP-R] Relay Agent initialization failed
Action:
These messages indicate that an error occurred during initialization of the DHCP/ BOOTP Relay
Agent. Therefore, the relay agent will not operate correctly. Contact your Distributor or Customer
Support.
ENABLING THE RELAY AGENT
Problem:
The following message appears in the report log (after system initialization, or after the DHCP/
BOOTP Relay Agent has been enabled from MANAGE mode):
[DHCP-R] Failed to open UDP port (67), erc = <error return code>
Action:
This message indicated that an internal error occurred while trying to open a UDP port for use by
the DHCP/ BOOTP Relay Agent. Therefore, the relay agent will not operate correctly. Contact your
Distributor or Customer Support.
Problem:
The following message is NOT found in the report log after system initialization:
[DHCP-R] Relay Agent enabled; UDP port (67) opened
Action:
This situation indicates that there was no attempt made to enable the DHCP/ BOOTP Relay Agent.
1. Check the DHCP configuration. This can be done by using CFGEDIT, or by using the dhcp
command from Manage Mode.
2. Make sure that the Relay Agent is enabled.
Workgroup Remote Access Switch
413
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
3. If desired, enter MANAGE mode, and use the dhcp changecommand to enable the Relay
Agent. (Note: CFGEDIT can also be used to change the Relay Agent configuration; but the
changes will not take effect until the system is restarted.)
4. When Manage Mode is exited, an attempt will be made to enable the Relay Agent.
5. Re-examine the report log for the “Relay Agent Enabled” message.
6. Remember to “commit” the Manage Mode configuration changes to make them permanent.
RELAY AGENT OPERATION
Problem:
The DHCP client is not able to obtain its IP address from a DHCP server.
Action:
1. Check the DHCP configuration. This can be done by using CFGEDIT, or by using the dhcp
Manage Mode command.
2. Make sure that the Relay Agent is enabled on the desired machine. Check the report log. A
message is written to it by the DHCP Relay Agent when it has been successfully enabled.
3. Make sure that the DHCP Relay Agent is properly configured. There must be a relay
destination configured for the desired DHCP Server, or for the next DHCP Relay Agent to go
through.
4. If the machine being configured is an intermediate DHCP Relay Agent, make sure that the Hop
Threshold is large enough to allow the number of Relay Agent “hops” between the DHCP
Client and the DHCP Server.
5. From the DHCP Server, you should be able to “ping” the DHCP Relay Agent closest to the
DHCP Client. If you cannot, you need to add static routes that allow you to do so.
6. From the DHCP Relay Agent closest to the DHCP Client, you should be able to “ping” the
DHCP Server. If you cannot, you need to add static routes that allow you to do so.
7. The DHCP Server must be configured to distribute addresses to clients on the DHCP Client’s
subnetwork.
DHCP: PROXY CLIENT
PROXY CLIENT INITIALIZATION
Problem:
The following message appears in the report log, after system initialization:
[DHCP-P] Proxy Client initialization failed
Action:
This message indicates that an error occurred during initialization of the DHCP Proxy Client.
Therefore, it will not operate correctly. Contact your Distributor or Customer Support.
414
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
DHCP: Proxy Client
ENABLING THE PROXY CLIENT
Problem:
The following message appears in the report log (after system initialization, or after the DHCP/
BOOTP Proxy Client has been enabled from MANAGE mode):
[DHCP-P] Failed to register with the IP Address Pool Manager, erc=<error
code>
Action:
This message indicated that an internal error occurred while the DHCP Proxy Client was trying to
register as a provider of addresses for the IP Address Pool. Therefore, the proxy client will not
operate correctly. Contact your Distributor or Customer Support.
Problem:
The following message is NOT found in the report log after system initialization:
[DHCP-P] Proxy Client enabled
Action:
This situation indicates that there was no attempt made to enable the DHCP/ BOOTP Proxy Client.
1. Check the DHCP configuration. This can be done by using CFGEDIT, or by using the dhcp
command from Manage Mode.
2. Make sure that the Proxy Client is enabled.
3. If desired, enter MANAGE mode, and use the dhcp changecommand to enable the Proxy
Client. (Note: CFGEDIT can also be used to change the Proxy Client configuration; but the
changes will not take effect until the system is restarted.)
4. When Manage Mode is exited, an attempt will be made to enable the Proxy Client.
5. Re-examine the report log for the “Proxy Client Enabled” message.
6. Remember to “commit” the Manage Mode configuration changes to make them permanent.
PROXY CLIENT OPERATION
The DHCP client is not able to obtain its IP address from a DHCP server. Check the report log for
messages. Most likely you will find one of the two following situations:
Problem:
Neither of the following messages are found in the report log:
[DHCP-P] UDP port (67) opened
[DHCP-P] UDP port (68) opened
Action:
1. Check the DHCP-related configuration for WAN and WAN (Direct Host) IP network interfaces
which should have IP addresses obtained from DHCP servers for them. Use CFGEDIT, or use
the ipnetifcommand from Manage Mode. Correct if necessary.
Workgroup Remote Access Switch
415
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
2. Make sure that the maximum addresses to obtain for the interface is non-zero.
3. Make sure that the number of addresses to pre-fetch for the interface is non-zero.
4. The DHCP Server must be configured to distribute addresses to clients on the DHCP Client’s
subnetwork.
Problem:
The DHCP Proxy Client is enabled, and it has opened its UDP port, but there aren’t any “DHCP-
obtained” addresses in the IP Address Pool.
Action:
1. Check the DHCP-related configuration for WAN and WAN (Direct Host) IP network interfaces
which should have IP addresses obtained from DHCP servers for them. Use CFGEDIT, or use
the ipnetifcommand from Manage Mode. Correct if necessary.
2. Make sure that the LAN port to reach the DHCP server on for the interface is correct.
3. If the DHCP server is on a directly-connected LAN, you should be able to pingit successfully
from the CyberSWITCH. If you cannot, check the LAN port IP configuration; make sure the
DHCP server is operational.
4. If the DHCP server is not on the directly-connected LAN, a DHCP Relay Agent must be. A
relay agent is required in order to successfully forward DHCP packets to a DHCP server on a
different sub-network.
5. Assuming that a DHCP Relay Agent is present on the directly-connected LAN, you can attempt
to pingthe DHCP server. This may require the addition of IP static routes on both the
CyberSWITCH and the DHCP server. These static routes are required for smooth operation of
the DHCP protocol.
6. If the DHCP server is not on a directly-connected LAN, another test may be performed. If at all
feasible, place a DHCP client workstation on the same LAN with the server. See if this DHCP
client can obtain an IP address from the DHCP server.
PROXY ARP OPERATION
Problem:
Two IP hosts devices on different subnets in an IP network are unable to communicate across the
WAN.
Action:
1. On both CyberSWITCH platforms, issue the ipnetifmanage mode command to make sure
that the proxy ARP feature is enabled for the LAN interface. If it is not enabled on one or both
of the CyberSWITCH platforms, enable it through the CFGEDIT configuration utility. Note
that you have to restart the system for the changes to be effective.
2. On both platforms, issue the ipnetifmanage mode command to make sure the LAN
interfaces are configured with the proper subnet mask. Configure these platforms with the
proper subnet masks, not the natural masks.
416
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
PROBLEM DIAGNOSIS
Proxy ARP Operation
3. On both platforms, issue the iproutemanage mode command to make sure that each system
knows about the IP subnet at the other Ethernet segment.
4. If the two IP host devices still can not communicate with each other, contact your Distributor
or Customer Support.
Workgroup Remote Access Switch
417
Download from Www.Somanuals.com. All Manuals Search And Download.
LED INDICATORS
OVERVIEW
The front panel of the CyberSWITCH has several LED indicators. The POWER indicator will
remain lit while the unit is on. There is a series of three LAN indicators: they will light to indicate
transmissions, receptions, or good link integrity on the 10Base-T port. The bank of WAN indicators
provide you with the status of each WAN line.
Detailed descriptions of the indicators follow.
LOCAL AREA NETWORK LED INDICATORS
The CyberSWITCH has the following LAN indicators: TX, and RX, and 10BaseT. These indicators
convey the state of the communication link between the system and the LAN.
•
10BaseT indicates connection to a 10Base-T LAN. If there is good link integrity on the 10Base-T
port, this light shines steadily. If a connection other than 10Base-T is used (such as an AUI con-
nection) or there is no link integrity, this light will not shine.
•
•
The TX indicatory flashes while the system transmits data across the LAN. Note that at least
128 bytes of data must be transmitted to trigger the TX indicator.
The RX indicator flashes while the system is receiving data from another device on the LAN.
WAN LED INDICATORS
The WAN LED indicators provide you with the status of each WAN line. Refer to the section below
that corresponds to the line type your CyberSWITCH uses (either BRI or PRI).
BRI LED INDICATORS
The WAN indicators provide the status of each BRI line. For each BRI line, there is a bank of four
LED indicators. The four LED indicators are labeled as follows: Sync, D-Chan, CH-1, and CH-2.
•
•
The Sync indicator identifies whether or not the most basic level of the ISDN connection (Layer
1) is established. It verifies that the system is connected to the ISDN network at this BRI port.
This light must be on for D-CHAN, CH-1 or CH-2 to be operational.
The D-Chan indicator signifies data link and D channel activity. If the data link successfully
initializes, the D-Chan indicator flickers momentarily, then stays lit. When there is a a call, the
D-Chan indicator flickers momentarily, stays lit, and then one of the CH indicators light up. If
there is a second call, the D-Chan indicator will again flicker momentarily and then the other
CH indicator will light up.
Download from Www.Somanuals.com. All Manuals Search And Download.
LED INDICATORS
WAN LED Indicators
D-CHAN LED status
One Data Link
Multiple Data Links*
off
no activity
no activity
flashing
(mostly off)
trying to bring up
data link
not all data links are up
flashing
activity
activity
(mostly on)
data link is up
data link is up
on solid
no activity
no activity
data link is up
data link is up
* On DMS-100 and NI-1 switches, more than one data link is possible.
•
The CH-1 and CH-2 indicators signify activity along their respective B channel:
CH-1 or CH-2 LED
Status
Description
off
no call over channel
flashing
Data being passed over channel. Speed of
flashes depends upon number of frames being
sent.
on solid
call up, but no data being transferred
PRI LED INDICATORS
In the bank of PRI LED indicators, there is one indicator for each B channel (labeled B1 through B23
for T1 lines, and B1 through B31 for E1 lines), a D channel indicator (labeled T1 D for T1 lines, and
E1 D for E1 lines), and a Sync indicator.
As illustrated below, the D channel indicators are dual labeled. Because the 1200 can use either T1
or E1 lines, it is labeled for both. In result, the B16 indicator (B-Channel indicator, number 16) for
T1 line doubles as the E1 D channel indicator, and the B24 indicator for E1 lines doubles as the T1
D channel indicator.
LAN
B-CHANNELS
E1 ONLY
B1 B3
B2 B4
B5 B7
B6 B8
B9 B11
B13 B15
B17 B19
B18 B20
B21 B23
B22 B24
B25 B27
B29 B31
SERVICE
TX
RX 10BASE - T
E1
D
T1
D
B10 B12
B30 L1
B14 B16
B26 B28
A B channel indicator flashing indicates activity on that B channel. Likewise, a D channel indicator
flashing indicates data link and D channel activity.
Workgroup Remote Access Switch
419
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
The Sync indicator identifies whether or not the most basic level of the ISDN connection (Layer 1)
is established. It verifies that the system is connected to the ISDN network at this PRI port.
LANVIEW LEDS (CSX1200-E11-MOD)
The LANVIEW LEDs are located on the hub portion of the CSX1200-E11-MOD’s back panel. These
LEDs are convenient troubleshooting tools that can help you diagnose power failures, collisions,
cable faults, and link problems. There are three categories of LANVIEW LEDs: Receive LEDs,
Collision LEDs, and Link LEDs.
S
L
O
T
4
S
L
O
T
3
SLOT
1
SLOT
2
AIS
RAI
LOF
LOS
AUI
10Base-T
CONSOLE
yellow LED = receive
green LED = link
(located on each jack)
11
10
9
8
7
6
5
4
3
2
1
red LED = collision
Each Ethernet port has a Receive LED. This LED provides activity information for a specific Ethernet
port. It blinks yellow when traffic is present. Heavy traffic causes a fairly constant yellow light.
420
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
LED INDICATORS
WAN LED Indicators
Receive LEDs
state
color
off
port enabled, no activity
port enabled, activity
yellow (blinking)
Each Ethernet port also has a Link LED. This LED provides connectivity information for a specific
Ethernet port. It glows green when the link is up.
Link LEDs
state
color
off
power off or failure
link, active
green
There is one Collision LED for the hub module. It is located between the 7th and 8th hub ports. This
LED provides collision information for the entire hub. It blinks red when a collision occurs.
Collision LED
state
color
off
normal
collision
red (blinking)
NT1 STATUS LEDS (CSX1200-U4-MOD ONLY)
The NT1 Status LEDs are located between the S/ T and U-interface jacks for each port on the
CSX1200-U4-MOD’s back panel. These LEDs are convenient troubleshooting tools to help diagnose
NT1 and related link problems on a port-by-port basis.
NT1 Status LEDs
state
color
green
U and S/ T active (ON)
OFF
(not lit)
U active, S/ T inactive
green
(slow blink; 1 per second)
System Initialization
green
(fast blink, 8 per second)
Workgroup Remote Access Switch
421
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
SERVICE INDICATOR
The Service indicator comes on normally during system power-up, and then goes off. If the Service
indicator remains lit or blinks after power-up, it is signaling that something needs attention in the
system.
Refer to the section below that pertains to the Service indicator’s activity. Also, you may access your
administrative console for further information (issue the drconsole command to view system
messages).
SERVICE INDICATOR REMAINS LIT
If the Service indicator remains lit during the power-on sequence, this means the system software
is unable to boot. The system may be having some type of operational problem. While the Service
indicator remains lit, the other LEDs will blink a certain number of times, pause, then blink that
number of times again (See following table). This pattern will be repeated five times. The actions to
take if this occurs are:
1. Make note of the number of consecutive blinks.
2. Restart the system.
3. If the Service LED is still lit, and the other LEDs are still flashing, contact your distributor and
provide them with the count of consecutive blinks.
422
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
LED INDICATORS
Service Indicator
The table below provides an error description corresponding to the number of consecutive LED
blinks:
Number of Blinks
Error Description
Failure during erasure of main block during SSB* recovery
1
2
Failure during programming of main block during SSB
recovery
Timed out during recovery of SSB
3
4
5
6
7
8
Individual record error during recovery of SSB
Communications error during recovery of SSB
Incompatibility between FSB* and new SSB versions
Currently not used
Bad address information contained in SSB received during
recovery
SSB, received during Recovery, contained a bad checksum
for entire image
9
* FSB: First Stage Boot; SSB: Second Stage Boot.
SERVICE INDICATOR BLINKS
If the Service indicator blinks at any time during system operation, access your administrative
console (using the status command) for further information. One or more of the following messages
should be displayed:
•
•
•
•
•
•
OUT SVC 1
OUT SVC 2
OUT SVC 3
OUT SVC 4
OUT SVC 5
LAN XMIT ERROR
These messages indicate a problem with the LAN or BRI connections, or an incorrectly
programmed SPID.
The Service indicator will also blink if semipermanent devices are configured, and a connection to
one of these devices is faulty. Use the sp command to check the status of the semipermanent
connection. Once you correct the problem, the Service indicator will automatically turn off.
If you have made corrections and the Service indicator continues to blink, contact Cabletron
Systems Technical Support.
Workgroup Remote Access Switch
423
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
ALARM LEDS (PRI ONLY)
If your CyberSWITCH is not functioning properly, check the L1 LED on the front panel. This LED,
which indicates Layer 1 capability, should be lit. If it is not lit, there is a problem with Layer 1; now
check to see which Alarm LEDs are lit.
PRI chassis. These LEDs provide specific PRI layer 1 information. Each of these indicators represent
the status of a PRI alarm.
A PRI alarm indicator will light up when the corresponding event has been steadily active (not
transient) for a given amount of time. After this period of time, the event is “qualified” and the
alarm is generated.
If one or more of these lights are lit and your system was previously functioning properly but is not
now, contact your line provider and tell them which alarms you are seeing. They should be able to
give you an indication of where the fault lies.
If one or more of these lights are lit and this is the initial installation of your system (it was not
previously functioning properly), check your system’s cabling. If you can find nothing wrong with
the cabling, contact your line provider and tell them which alarms you are seeing.
The four alarm indicators are as follows:
•
AIS (alarm indication signal)
Also known as a blue alarm.
Lights up when layer 1 detects a qualified unframed all ones signal.
AIS may be generated by intermediate device (the equipment between the 1200 and the switch)
when the intermediate device sees an improper receive signal (or lack of signal) from the
switch. The local device (the CyberSWITCH) will transmit RAI back to the switch when it
receives AIS.
4. RAI sent to Switch
1. Original Signal sent
to Switch
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
2. Bad Signal sent
from Switch
3. AIS sent from CSU
Switch
Intermediate
Device
(CSU)
•
RAI (remote alarm indication)
Also known as a yellow alarm.
Lights up when layer 1 detects a qualified RAI signal.
The RAI signal indicates that an intermediate device or switch has detected an improper
receive signal (or lack of signal) from the local device (the CyberSWITCH).
424
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
LED INDICATORS
Alarm LEDs (PRI Only)
1. Bad Signal sent to CSU
2. RAI sent from CSU
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
BB24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
B
2
8
B
L
1
Intermediate
Device
(CSU)
•
LOF (loss of frame)
Also known as a red alarm.
Lights up when layer 1 has detected a qualified loss of frame condition (excluding AIS).
A loss of frame condition occurs when signals are still being received by the switch, but the
1200 can not detect the frames in the receive path.
If you have just installed your CyberSWITCH and you are seeing LOF, there may be a
mismatch between the configured framing mode (for example, SF or ESF) and the framing
mode of the incoming data.
•
LOS (loss of signal)
Also known as a red alarm.
Lights up when layer 1 has detected a loss of signal.
LOS occurs when the CyberSWITCH sees no incoming signal at all.
1. Signal sent to CSU
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B2
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
B
1
0
B
1
B
1
4
B
1
B
2
6
B
2
8
B
3
0
L
1
2. No signal sent back from CSU
LOS detected
Intermediate
Device
(CSU)
Workgroup Remote Access Switch
425
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
OVERVIEW
System Messages provide useful system information. They are listed in the system’s report log, a
memory resident table. To manipulate the report log, use the following commands at the
administrative console:
dr or ds
er or es
wr or ws
display reports or display statistics
erase current messages/ statistics from memory
write reports/ statistics to disk
When the CyberSWITCH writes system messages to disk, it stores them in the following locations:
Directory:
File Name:
\log
rprt_log.nn
(where “nn” is an integer from 1 to 10 (or from 1 to 5 for the B-2) that is
incremented each time a new file is written.)
The system reports messages using the following format:
Message Type
Time
Report Number
Message
I
Informational
hour:minutes:second
internal ID for area
reporting the
message
actual text of
the message
W Warning
E
Error
•
•
•
•
the Message Type quickly identifies the type of message the system reports
the Time identifies when the message was reported
the Report Number is used by your Distributor or Customer Support
the Message text describes the actual message being reported
This chapter describes the types of system messages available (for example, informational and
error). It also lists each message individually, with suggested actions to take in the event of an error.
Note: Some of the system messages will not appear on all platforms.
There is another chapter that is of major importance when dealing with system messages. The
Problem Diagnosis chapter describes the process of diagnosing common problems, (particularly in
the system verification process,) as well as providing possible recoveries.
INFORMATIONAL MESSAGES
The system records informational messages. These are normal events that provide you with current
system status. Informational messages include the following categories of messages:
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
Informational Messages
BOOT MESSAGES
The system boot is accomplished in two stages: a first stage boot and a second stage boot (FSB and
SSB). If the FSB or SSB detects an error, the system’s service LED will light. The first bank of LEDs
will blink in a pattern, as described in the LED Indicators chapter. Note the number of blinks in the
pattern, and report it along with your problem.
In addition to LED lights, messages are automatically displayed on the locally-attached
administrative console. (For messages to be displayed, this console must be connected to the
system’s RS232 port and running a terminal emulation package.)
The displayed messages may be informational, in which no action is necessary, or they may
identify errors. If an error message is displayed, take the appropriate corrective action as identified,
or contact your distributor.
INITIALIZATION MESSAGES
The system reports a variety of messages during a successful system initialization. These messages
may include: status of bridge, status of LAN ports and adapters, data link, SNMP, and TFTP
information. The following are examples of typical initialization messages:
Bridge is operating in UNRESTRICTED mode
Data link up: Slot=<slot #> Port=<port #> Ces=<comm. endpoint suffix>
[SNMP] SNMP initialized successfully
NORMAL OPERATION MESSAGES
The system normal operation messages may include information such as:
Call Restrictions have been disabled by user command
WAN Port is now in the <new state> state
STATUS MESSAGES
The status command displays system information in a two-line format. The first line displays
initialization and current status information (which includes any errors that have been detected).
The second line displays current connection information.
There are three groups of status messages: initialization, normal operation, and error messages.
Note: For point-multipoint lines, the status messages will not necessarily correspond to the
current state of the data link and/ or line. Messages concerning the data link and line will
only be displayed if there is a problem (for example, the line is considered unusable). For
point-multipoint lines, the data link is brought down when a call is terminated (normal
operation). This normal operating information will not be displayed in a status message.
For point-to-point lines, status messages will more accurately reflect the status of the data
link and/ or line. This is because the data link remains up even though a call has been
terminated.
Workgroup Remote Access Switch
427
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
SPANNING TREE MESSAGES
The Spanning Tree protocol is only supported by the Ethernet-2 interface card.
Spanning Tree protocol messages are prefaced with [STP]. During normal operation, when
Spanning Tree protocol is enabled, the system may report informational messages such as:
[STP] A new Root Bridge has been detected
[STP] LAN Port <port #> is now a Designated Port
WARNING MESSAGES
System warning messages signal events that you should investigate. These messages may be
normal during certain network conditions, or they may indicate a problem. The system should
continue to operate after posting a warning message. If the system fails to operate normally, then
ERROR MESSAGES
When the system detects errors, it reports error messages. If the faulty component cannot be
identified, and an error condition persists, then report the error by using the problem report form
SYSTEM MESSAGE SUMMARY
The following pages list all the informational, warning and error messages alphabetically. The text
describes the messages, and includes suggestions for problem resolution (if applicable). Note that
the trace messages have been isolated for your convenience, and are summarized in the next
chapter.
<timestamp> #000: Couldn’t open the file C:\ SYSTEM\ PLATFORM.NEI
The open operation failed, no further detail is available.
<timestamp> #0000: Error reading C:\ SYSTEM\ PLATFORM.NEI
The read operation failed, perform a software upgrade to reinstall the file.
<timestamp> #0000: Error reading platform type: there is no “plat name” field
There is no <platform name> value following the “=” character in the “current setting” string.
<timestamp> #0000: Error reading platform type: there was no “=” in the string
The “current setting” string has the format “<platform type>=<string>”. This error message
indicates that no “=” character exists in the string.
<timestamp> #0000: Error reading platform type: type value is too large
The <platform type> value in the “current setting” string is too large to represent an actual platform
type.
<timestamp> #0000: Error reading platform type: type was not converted to an int
The <platform type> value in the “current setting” string could not be converted to an actual
platform type.
428
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
1 port LAN Adapter, operating in remote mode only
This is an initialization message. It identifies the Ethernet adapter type (Ethernet-1), and operating
mode. Remote bridging is supported.
2 port LAN Adapter, operating in local and remote mode
This is an initialization message. It identifies the Ethernet adapter type (Ethernet-2), and operating
mode. Both local and remote bridging are supported.
aarp found duplicate AppleTalk address <AppleTalk Address> @ <MAC address>
The address resolution protocol found duplicate AppleTalk addresses for this AppleTalk network.
Check the configuration for the AppleTalk ports’ network range/ number.
Abnormal response rcvd: <state msg reason cc state>
An unexpected message was received from a WAN interface card. The <parameters> included are
for problem reporting purposes only. If the system fails to operate normally, or the warning
continues to occur, contact your Distributor or Customer Support.
A call has exceeded the configured maximum duration
A call has been up longer than the amount of time configured. The next log message will inform
the user whether or not the call has been taken down.
ACE authentication is not available. You must first ENABLE ACE user level authentication.
An attempt was made to configure the Terminal Server Security for ACE and ACE was not
configured on the CyberSWITCH.
Adapter does not respond: adapter #’x’
The WAN card initialization subsystem encountered an error on the indicated adapter. Restart the
system. If the problem persists, the indicated adapter card may be faulty and you should contact
your Distributor or Customer Support.
Adapter #’x’ failed to initialize
The operational software on the indicated adapter card failed to signal that initialization was
completed. Restart the system. If the problem persists, the indicated adapter card may be faulty and
you should contact your Distributor or Customer Support.
Adapter #’x’ failed to respond from bootstrap
The WAN card initialization subsystem encountered an error on the indicated adapter while
downloading the bootstrap program. Restart the system. If the problem persists, the indicated
adapter card may be faulty and you should contact your Distributor or Customer Support.
Adapter failed to respond while programming: adapter 'x'
The WAN card initialization subsystem encountered an error on the indicated adapter while
programming the hardware. Restart the system. If the problem persists, the indicated adapter card
may be faulty and you should contact your Distributor or Customer Support.
Administrative Session using ACE does not support password change.
Passwords may only be changed via the ACE Server administrator initiation. During an
administrative login, the user attempted to change password. ACE only supports password change
initiated by ACE Server administrator.
AppleTalk routing initialized successfully.
This message is posted when the system AppleTalk routing feature has initialized successfully.
Workgroup Remote Access Switch
429
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
AppleTalk routing RTMP initialization error, AppleTalk disabled
AppleTalk is disabled because there is an initialization problem with the Routing Table
Maintenance Protocol (RTMP). Contact your distributor or Customer Support.
AppleTalk routing ZIP initialization error, AppleTalk disabled
AppleTalk is disabled because there is an initialization problem with the Zone Information
Protocol (ZIP). Contact your distributor or Customer Support.
AppleTalk successfully initialized on LAN port <port number> with address <AppleTalk address>.
This message is posted when the specified AppleTalk LAN port has initialized successfully.
AppleTalk successfully initialized on WAN port with address <AppleTalk address>.
This message is posted when the specified AppleTalk WAN port has initialized successfully.
Attempting to Autobaud, Press <CR> Many Times, Quickly
The user has requested that the RS 232 port undergo an autobaud procedure, or the RS232 port has
not been properly Autobauded.
Attempting to load “<FileName>” for Upgrade
A Reliable Remote Upgrade has taken place. The specified file is now being loaded into memory
for verification and subsequent installation into the Flash File System.
Attempt to reinitialize DM card in slot <slot #>
The system is attempting to initialize the Digital Modem card again after a failed attempt. Check
the subsequent log messages for the status of the card.
Attempt to initialize unconfigured DM card in slot <slot #>
The system is attempting to initialize a Digital Modem card, with no success. This is likely a
configuration problem. Check CFGEDIT setup to ensure that it correctly matches existing
hardware.
[AUTH] ACE Client has not been initialized.
The ACE client has not been initialized. No service file exists. Server should be expecting
CyberSWITCH client to request node verification. Contact the ACE administrator and request the
client to be reinitialized.
[AUTH] ACE Could not create service file.
The CyberSWITCH ACE client was in an initialized state. After receiving service information from
the ACE server a local file create error occurred while attempting to save the information.
[AUTH] ACE Could not synchronize client-server.
During an authentication attempt the client was unable to synchronize with the server and the user
was rejected. The server may not be responding to the client.
[AUTH] ACE Could not write service file.
The CyberSWITCH ACE client was in an initialized state. After receiving service information from
the ACE server a local file write error occurred while attempting to save the information.
[AUTH] ACE Decryption of server response failed.
Sever response to an ACE client request was received, but could not be decrypted. Verify
encryption method configured for server is accurate.
430
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
[AUTH] ACE Encryption configured for DES: not supported.
The ACE server is configured for DES encryption. Only SDI encryption is currently supported by
the ACE client.
[AUTH] ACE Error receiving server log message acknowledgment.
A client syntax error occurred during an authentication attempt via ACE. The server did not
respond to the logging of the message. Make sure the ACE server configuration is accurate.
[AUTH] ACE LOGIN rejected user: <user name>
The remote Authentication server rejected the named user. This indicates that one of the following
has occurred:
1. The <user name> is not in the remote Authentication server’s database.
2. The <user name> is entered incorrectly in the remote Authentication server’s database.
[AUTH] ACE Node verification received; Client initialized.
The CyberSWITCH ACE client was in an initialized state. Node verification was received from the
server and the initialization cycle is complete.
[AUTH] ACE No server configured for designated database location.
ACE is configured as a database location for security authentication. Either no ACE server has been
configured or an error occurred when parsing the ACE server configuration.
[AUTH] RADIUS CHAP rejected for device: <device name>
The remote Authentication server rejected the CHAP mode authentication request for the indicated
device. This usually indicates that one of the following has occurred:
1. The <device name> is not in the remote Authentication server’s database.
2. The device’s CHAP response was not calculated properly.
3. The device’s SECRET does not match the secret in the RADIUS server’s database.
4. The RADIUS server’s database entry for this device contains errors.
[AUTH] RADIUS HDLC BRIDGE rejected bridge address: <mac address>
The remote Authentication server rejected the bridge address. This indicates that one of the
following has occurred:
1. The <mac address> is not in the remote Authentication server’s database.
2. The <mac address> is entered incorrectly in the remote Authentication server’s database.
[AUTH] RADIUS INTERFACE LOOKUP rejected name <interface name>
The remote Authentication server route lookup feature rejected the interface name. This indicates
that one of the following has occurred:
1. The < interface name> is not in the remote Authentication server’s database.
2. The < interface name > is entered incorrectly in the remote Authentication server’s database.
Workgroup Remote Access Switch
431
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
[AUTH] RADIUS IP HOST rejected IP Host id: <IP host Id>
The remote Authentication server rejected the IP Host id. This indicates that one of the following
has occurred:
1. The <IP Host Id> is not in the remote Authentication server’s database.
2. The <IP Host Id> is entered incorrectly in the remote Authentication server’s database.
[AUTH] RADIUS IP RESOLVE rejected IP Address: <IP address>
The remote Authentication Server rejected the IP Address Resolution authentication request for the
indicated IP Address. This usually indicates that one of the following has occurred:
1. The <IP Address> is not in the remote Authentication server’s database.
2. The Authentication server’s database entry for this IP Address contains errors.
[AUTH] RADIUS LOGIN rejected device: <device name>
The remote Authentication server rejected the named device. This indicates that one of the
following has occurred:
1. The <device name> is not in the remote Authentication server’s database.
2. The <device name> is entered incorrectly in the remote Authentication server’s database.
[AUTH] RADIUS PAP rejected device: <device name>
The remote Authentication server rejected the PAP mode authentication request for the indicated
device. This usually indicates that one of the following has occurred.
1. The <device name> is not in the remote Authentication server’s database.
2. The device’s PASSWORD did not match the password in the RADIUS server’s database.
3. The RADIUS server’s database entry for this device contains errors.
[AUTH] RADIUS ROUTE LOOKUP rejected IP address: <IP address>
The remote Authentication server route lookup feature rejected the IP address. This indicates that
one of the following has occurred:
1. The <IP address> is not in the remote Authentication server’s database.
2. The <IP address> is entered incorrectly in the remote Authentication server’s database.
[AUTH] Security data buffer allocated successfully
The Authentication agent was able to allocate and initialize all memory required to perform
authentication requests.
[AUTH] Security data buffer allocation failed
The Authentication agent was not able to allocate and initialize all memory required to perform
authentication requests. No authentication request will be attempted. Contact your Distributor or
Customer Support.
432
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
[AUTH] TACACS LOGIN rejected user: <user name>
The remote Authentication server rejected the named user. This indicates that one of the following
has occurred:
1. The <user name> is not in the remote Authentication server’s database.
2. The <user name> is entered incorrectly in the remote Authentication server’s database.
[AUTH] TACACS No server configured for designated database location.
TACACS is configured as a database location for security authentication. Either no TACACS server
has been configured or an error occurred when parsing the TACACS server configuration.
[AUTH] Warning code: 0001 Timeout
The configured authentication server(s) did not respond to requests for user authentication. Either
the authentication server is not up and running, or it cannot access the IP address.
[AUTH] Warning code: 0002 Missing required attribute from server
The response message from the authentication server did not provide all required attributes for
user authentication. The attributes required vary, depending on type of service, and type of
security. Refer to the RADIUS Authentication Server User’s Guide for details. Then check user
entry for all required attributes.
[AUTH] Warning code: 0003 No UDP buffer available
Internal resources were not available to send/ receive an authentication message. Contact your
Distributor or Customer Support.
[AUTH] Warning code: 0004 No authentication node available
Internal resources were not available to initiate an authentication session. Contact your Distributor
or Customer Support.
[AUTH] Warning code: 0005 No host configured for server IP address
The System does not have a network route to the configured authentication server(s). Verify that a
static route has been set up. Then, check your configuration for the correct addresses on interfaces
and authentication server.
[AUTH] Warning code: 0006 UDP system failed
Internal resources were not available to initiate an authentication session. Contact your Distributor
or Customer Support.
[AUTH] Warning code: 0007 Authentication mode mismatch
An internal request for authentication server access request occurred, but the System is configured
in the on-node device table mode. Contact your Distributor or Customer Support.
[AUTH] Warning code: 0008 Authentication agent not initialized
The System could not obtain enough internal resources for the user authentication operation.
Contact your Distributor or Customer Support.
[AUTH] Warning code: 0009 Server failed message digest test
A message received from the authentication server did not have the correct authenticator field
value.
Workgroup Remote Access Switch
433
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
[AUTH] Warning code: 0010 Received unexpected authentication response code from server
A message was received from an authentication server that contained an invalid response message
identifier.
[AUTH] Warning code: 0011 An unexpected server responded to the access request
An access response message was received from an authentication server that is not configured in
the System.
[AUTH] Warning code: 0012 UDP call back processed with no data present
A message was received from an authentication server that contained zero data bytes.
Bad auth result in smgrauth_aa_notify for device <device name>
There was no device configured (on-node or in SFVRA) for the login id entered at the user-level
security prompt in the terminal server interactive window. Check configuration.
Bad context on SccDatInd <context value>
Indicates a problem has occurred in forwarding frames from the hardware to the frame relay
software. The intended context for this frame is specified by the indicated context value. Contact
your Distributor or Customer Support.
Bad context on X25SccDatInd <context value>
A data packet has been received with an incorrect context. This indicates that the system allocation
of SCC controllers is not in a consistent state. Restart the system.
Bad FR Frame Size = <frame size>
Indicates that a frame was received with an invalid length size. Contact your Distributor or
Customer Support.
Baud Rate is <value> bps
The Autobaud procedure has terminated and the RS232 port has been set to the specified baud rate.
[BIF] Could not allocate memory for buffer queue
[BIF] Initialization failed
These messages appear together in the report log. They indicate that an error occurred during
initialization of the Bridge Local Interface (which is required for IP Host mode). If these messages
are present in the log, the system will not operate correctly. Please contact your Distributor or
Customer Support.
Booting System Software
The Second Stage Boot is attempting to load and execute the System software.
Bootstrap came alive on DM card in slot <slot #>
Informational message stating that the initialization of the Digital Modem card was successful.
Bootstrap came alive on WAN card in slot <slot #>
Informational message during a successful system initialization. Download process update for
WAN card in slot <slot #>. This should be reported after the “Bootstrap loaded...waiting for
response” message for a given adapter.
Bootstrap loaded on WAN card in slot <slot #>, waiting for response...
Informational message during a successful system initialization. The first of three messages
providing the download process status for WAN card in slot <slot #>.
434
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Bridge is operating in RESTRICTED mode
Bridge is operating in UNRESTRICTED mode
One of the above messages will be displayed to indicate the configured Bridge mode of operation.
Calculating CRC’s.....
An X-Modem transfer has been completed and the received data is being checked for integrity.
Call control detected near end problem - Slot=<slot #> Port=<port #>
The system detected a problem when initiating a call over the indicated line. The call will be retried
over a different line if possible.
Calling Line ID Failure, Duplicate ID - <calling line Id>
A call has come in for a device that is using Calling Line Id (CLID) as the only authentication
method, and the given CLID is not unique across all devices.
Calling Line ID Security Failure <calling line Id>
The system has rejected a device due to a mismatch between the Calling Line Id presented by the
caller and the Calling Line Id in the on-node device database or obtained via an off-node
authentication server such as RADIUS.
Calling Line ID Security Failure <calling line Id>, Device: <device name>
The system has rejected a device due to a mismatch between the Calling Line Id presented by the
caller and the Calling Line Id in the on-node device database or obtained via an off-node
authentication server such as RADIUS. The device’s name is also contained within the database.
Calling Line ID Security Failure - off-node authentication server not supported
The system authentication type is configured to obtain device information off-node, for example
from a RADIUS server; however, such transactions are not yet supported when Calling Line Id
Security is enabled.
Call_ID in use in HOST_CALL_REQUEST
The system software sent a message to the RBS state machine that the state machine was unable to
recognize or the information was incorrect. If this message is displayed in the log messages, contact
your Distributor or Customer Support.
Call Rejected, Maximum Bandwidth already in place to Device Id <device Id>
An incoming call was rejected because the Maximum Data Rate parameter was exceeded for the
indicated device. The Maximum Data Rate parameter can be configured for PPP devices under the
configuration utility CFGEDIT or through the Manage Mode.
Call Rejected, No Called TN IE
The switch did not deliver an Information Element for the call. This problem normally occurs if you
are connected to a point-to-point line and have the System configured for a multipoint line. If you
are connected to a multipoint line and get this message, call your phone company and report the
problem.
Call Restrictions have been disabled by user command
The user has disabled Call Restrictions via the callrest off Dynamic Management command.
Call Restrictions have been enabled by user command
The user has enabled Call Restrictions via the callrest on Dynamic Management command.
Workgroup Remote Access Switch
435
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Call Restriction statistics reset for new day
Call Restriction device information.
Call Restriction statistics reset for new month
Call Restriction device information.
Call Restrictions will allow calls to be made this hour
Call Restriction device information.
Call Restrictions will allow calls, but this hour is restricted
Calls are restricted during this hour but the action configured is to “Warn”. Calls are still being
allowed.
Call Restrictions will allow calls to be made
A Call Restriction limit has been exceeded but calls will still be allowed.
Call Restrictions will no longer allow calls to be made
A Call Restriction limit has been exceeded and calls will no longer be allowed. Existing calls will
NOT be forced down.
Call Restrictions will not allow calls to be made this hour
Call Restriction device information.
Call Summary for <day/month/year> - Calls/Day=x Calls/Mth=x Mins/Day=x Mins/Mth=x
Call Restriction device information. Displays daily/ monthly call totals at the end of a day or a
month.
Cannot make Bridge Dial Out call. No device found.
Check configuration to insure that device is properly configured.
Can only do SPEECH and 3.1K AUDIO calls in HOST_CALL_REQUEST
An improper outgoing call was attempted on an RBS line. Ensure that the device that is being called
is a digital modem device and ensure that the “dm” flag has been added to peer calls.
Can’t call Dial Out User. Security is not Device Level.
Check configuration. Bridge Dial Out requires device-level security and a properly configured
Device List.
Can’t start offnode server lookup of Dial Out User.
CyberSWITCH unable to send out a request to the off-node server. One of two possibilities: there
may be problems communication on the LAN, or the server may not be configured properly. Verify
LAN connectivity with server, and then check to see if server configured properly.
Calls Active
xx Active Sites
Current number of sites connected.
Calls Active
xxx to <sitename>
Bandwidth to each site.
436
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Capability description processing error - <caperror>.
System is in minimal configuration mode.
A problem has occurred during system installation. The <caperror> will further identify the
problem:
•
•
•
•
•
•
•
•
•
•
File not found
Could not open file
File already exists
Header corruption
File write problem
Hash key mismatch
Invalid serial number
Invalid capability type
Invalid capability format
Invalid capability value
The system will come up in a minimal capability mode, allowing only one physical connection, one
X.25 virtual connection, and one Frame Relay virtual connection. Contact your Distributor or
Customer Support.
Note: Duplicating serial numbers on all systems is a license violation.
Capability upgrade processing error - <caperror>.
Upgrade file was ignored.
A problem has occurred during system upgrade. The <caperror> will further identify the problem:
•
•
•
•
•
•
•
•
•
•
File not found
Could not open file
File already exists
Header corruption
File write problem
Hash key mismatch
Invalid serial number
Invalid capability type
Invalid capability format
Invalid capability value
The system will revert to its original level and the upgrade process will not be allowed. Contact
your Distributor or Customer Support.
Note: Duplicating serial numbers on all systems is a license violation.
Workgroup Remote Access Switch
437
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Cause <cause code> received for DLCI <dlci index>
A CLLM message was received indicating that the PVC associated with the indicated DLCI is
subject to the event denoted by the indicated cause code. These events are listed below with their
corresponding cause code:
Cause Code
Event
2
3
7
Mild congestion
Severe congestion
Fixed fault notification: facility/ equipment
failure
10
Discard all frames: maintenance action in
progress
CB disconnect:(1) Password Incorrect
CB disconnect:(2) Call-back number not found
CB disconnect:(3) Ethernet address inconsistent
CB disconnect:(4) Disconnecting for Call-back
CB disconnect:(5) Invalid Packet Received
CB disconnect:(6) Unable to resolve protocols
CB disconnect:(7) Inband Timeout
CB disconnect:(8) Line Integrity Violation
CB disconnect:(?) Unspecified
For all of the above Combinet generated messages, the Combinet has disconnected for the indicated
reason. Check your Combinet configuration, and adjust if necessary. If problem persists, contact
your Combinet distributor.
[CCP] Internal Decompression Failure
The system was unable to decompress a packet though the frame was delivered properly from a
protocol perspective. This is an unexpected condition with a properly functioning device
implementation and is thus considered a unrecoverable error. The system will close the CCP
protocol, meaning that the connection continues to operate, but in an uncompressed mode.
[CCP] Option Negotiation Failure, Non-Convergence detected
During PPP negotiation, the system attempted to negotiate CCP, but it was not possible to arrive
at a mutually acceptable set of protocol parameters with the connected device. The connection
continues to operate, but without compression.
The cause of this problem may result from:
•
•
the system has too little memory to support compression, or
the two devices involved don’t agree on which bridging/ routing protocol to use (due to a mis-
configuration)
Check configuration for correct protocol. If this is not the problem, check memory availability.
CDR was unable to obtain a buffer to report a CDR event
A buffer was unavailable to send a call detail recording event log message, and the message was
discarded. This message is logged once when the condition first occurs. It will not be logged again
until the condition has been cleared and CDR has successfully obtained a buffer. If the condition
occurs again later, another message will be logged.
438
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
CHANNEL in use in HOST_CALL_REQUEST
The system software sent a message to the RBS state machine that the state machine was unable to
recognize or the information was incorrect. If this message is displayed in the log messages, contact
your Distributor or Customer Support.
[CHAP] Authentication Failure of remote device <device name> - <error message>
On-node or off-node (for example, through the RADIUS Server) CHAP authentication has failed.
The <device name> will contain the device name configured in the Device Table. The <error
message> will contain information that should aid in trouble shooting.
If the authentication failure is an on-node failure, the <error message> will contain one of the
following strings:
Challenge Response failed hash calculation
No Secret configured in Device Table
Name not configured in Device Table
Invalid information in authentication attempt
If the authentication failure is an on-node failure, the <error message> will contain one of the
following strings:
Challenge Response failed in hash calculation
No Secret configured in Device Table
Name not configured in Device Table
If the authentication failure is an off-node failure, the remote Authentication Agent will
generate the error message.
[CHAP] Authentication Failure - remote device not responding
The System has not received a challenge response from the peer. The cycle is attempted the
configured number of times, after which a failure is declared. Check your remote device.
[CHAP] Authentication Failure - unable to initiate server transaction <return code>
The System authentication type is configured to obtain device information off-node, for example
from a RADIUS server, but an internal error has prevented the transaction from occurring. Check
the Radius Server report log for more information. If unsuccessful, contact your Distributor or
Customer Support.
[CHAP] Remote device indicates Authentication Failure of system <data>
The System received a fail reply in remote CHAP mode. This means that the System has not been
authenticated by the peer, and most likely the link will be released. <data> contains a portion of the
received frame, which should aid in trouble shooting the situation.
Circuit-mode/Packet-mode aggregation will not be allowed,
dropping oldest connection to site <site name>
This message may appear if switched calls are used to back up Frame Relay. If this message is seen
infrequently, it merely indicates the changeover from Frame Relay to switched calls and back again.
If this message is seen frequently, contact your Distributor. At the same time that these messages
are displayed in the log, an open Monitor Connection window may show brief periods (<1 second)
where the indicated Bandwidth suddenly increases and then decreases. This is due to the
changeover between Frame Relay and switched calls and is not a problem.
Workgroup Remote Access Switch
439
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
CNTR-TMR:Timed out waiting for TMR <number> interrupt!
The i386s specified timer did not respond during a POST testing its interrupt capabilities. The boot
process should continue; however, make note of the error message in the event of a future problem.
Configured adapter #’x’ type does not exist
The interface adapter indicated does not match the resource configuration in the system. Correct
the configuration on the system.
Connection disconnected for license violation
A connection was disconnected because there were more connections in place than allowed with
your version of the system software. A larger software version should be ordered.
Could not find port for static route with next hop address <AppleTalk Address>
Contact your distributor or Customer Support.
Could not get Call Restriction information
Contact your Distributor or Customer Support.
Could not get current monthly charges information
Could not get the current monthly call charge information on the system. The call charge feature
will be disabled and the problem should be reported. Contact your Distributor or Customer
Support.
Could not obtain fcr packet buffer
AppleTalk related. Contact your distributor or Customer Support.
Couldn’t find speech service - <slot #, port #>
An incoming call was received which specified Speech Bearer Service capability. Speech service is
not currently supported with the System. Most likely, the incoming call was a wrong number. The
system will attempt to treat the call as 56 Kbps data.
Current monthly charges reset for new month
Reported on the first day of the month to indicate that the current monthly call charges value is
being reset to zero.
Data link down: Slot=<slot #> Port=<port #> Ces<communication endpoint suffix>
The data link on the specified line is down. If all the data links for a line are down, the line is
disabled for switched connection use.
Data link test successful: DSL <port #>, CES 1
This message applies for 1TR6 BRI only. If Layer 1 is established, a test will be done to determine if
the data link can be established. This message indicates successful test results.
Data link up: Slot=<slot #> Port=<port #> Ces=<communication endpoint suffix>
The data link on the specified line is active and can be used for establishing switched connections.
DCE Data Rate is invalid on FrStartPVC
The user has configured a data rate which is inconsistent with the application. This can only happen
with serial lines such as V.35 where the data rate must be specified in bits-per-second and the
configured rate is not valid.
440
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Dedicated connection down: <slot #, port #>
The dedicated connection is down. Switched backup connections will be used, if available. This
message will occur if the other system is down, or if the network interface line is not connected, or
if the authentication of the remote device failed.
Dedicated connection to device <device name> up: <slot #>,<port #>
The indicated dedicated connection is operational.
[DHCP-P] Failed to close UDP port after terminating last DHCP client
An internal error occurred in the DHCP Proxy Client. When all DHCP client invocations are
terminated, the UDP ports used by the DHCP Proxy Client should be closed. Contact your
Distributor or Customer Support.
[DHCP-P] Failed to close UDP port (x), erc = <y>
This message appears when the DHCP Proxy Client is being disabled from Manage Mode and it
encounters an error while trying to close one or both of the UDP ports that it has open. Contact your
Distributor or Customer Support.
[DHCP-P] Failed to de-register with the IP Address Pool Manager, erc = <x>
This message indicates that a failure was encountered by the DHCP Proxy Client while it was being
disabled. It was unsuccessful in its attempt to de-register as a provider of “DHCP” addresses for
the IP Address Pool. Contact your Distributor or Customer Support.
[DHCP-P] Failed to open UDP port for first DHCP client
An internal error occurred in the DHCP Proxy Client. When the first DHCP client invocation starts,
the UDP ports used by the DHCP Proxy Client should open. Contact your Distributor or Customer
Support.
[DHCP-P] Failed to open UDP port (x), erc = <y>
This message appears when the DHCP Proxy Client is being enabled and it encounters an error
while trying to open one or both of the UDP ports that it requires for operation. Contact your
Distributor or Customer Support.
[DHCP-P] Failed to register with the IP Address Pool Manager, erc = <x>
This message indicates that a failure was encountered by the DHCP Proxy Client while it was being
enabled. It was unsuccessful in its attempt to register as a provider of “DHCP” addresses for the IP
Address Pool. Contact your Distributor or Customer Support.
[DHCP-P] Ignoring offers from DHCP server x.x.x.x; the server MUST be on a primary LAN interface, or
IP addresses will not be obtained
In order for the DHCP proxy client to successfully obtain IP addresses for multiple interfaces, the
DHCP server must reside on a primary LAN interface. If it does not, this message is written to the
Report Log, and no IP addresses will be obtained from the server and placed into the IP Address
Pool. To correct, use CFGEDIT to change the DHCP server’s interface from a secondary interface
into a primary interface for that LAN port.
[DHCP-P] Invalid DHCP Server LAN port encountered in configuration; NIF entry not activated
This message appears when the DHCP Proxy Client encounters an invalid configuration setting for
an IP network interface’s LAN port on which the DHCP server is to be reached. This will result in
no IP addresses being obtained for the network interface in question. Contact your Distributor or
Customer Support.
Workgroup Remote Access Switch
441
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
[DHCP-P] Proxy Client disabled
This message indicates that the DHCP Proxy Client has been successfully disabled. This message
will appear after the DHCP Proxy Client has been disabled from Manage Mode.
[DHCP-P] Proxy Client enabled
This message will appear whenever the DHCP Proxy Client has been successfully enabled. This
could be during system initialization (if configuration values have enabled it), or after the DHCP
Proxy Client has been enabled from Manage Mode.
[DHCP-P] Proxy Client initialization failed
This message indicates that the DHCP Proxy Client did not initialize successfully. The DHCP Proxy
Client will not be operational. Contact your Distributor or Customer Support.
[DHCP-P] UDP port (67) closed
The DHCP Proxy Client is being disabled from Manage Mode and it must close the BOOTPS UDP
port (port 67). If the DHCP Relay Agent is enabled, the BOOTPS port must remain open. If this is
the case, the DHCP Proxy Client will not close the UDP port.
[DHCP-P] UDP port (67) opened
The DHCP Proxy Client is being enabled and it must open the BOOTPS UDP port (port 67). This
may occur during system initialization, or after the DHCP Proxy Client has been enabled from
Manage Mode. If the DHCP Relay Agent is also enabled, it may not be necessary for the Proxy
Client to open this UDP port.
[DHCP-P] UDP port (68) closed
The DHCP Proxy Client is being disabled from Manage Mode and it must close the BOOTPC UDP
port (port 68).
[DHCP-P] UDP port (68) opened
The DHCP Proxy Client is being enabled and it must open the BOOTPC UDP port (port 68). This
may occur during system initialization, or after the DHCP Proxy Client has been enabled from
Manage Mode.
[DHCP-R] Failed to allocate memory for transmit buffer pool
The system was unable to allocate memory for the DHCP Relay Agent’s transmit buffer pool
during initialization. The Relay Agent will not become operational. Contact your Distributor or
Customer Support.
[DHCP-R] Failed to close UDP port (67), erc = <x>
An error occurred while the device was trying to disable the DHCP Relay Agent from Manage
Mode. Contact your Distributor or Customer Support.
[DHCP-R] Failed to open UDP port (67), erc = <x>
An error occurred while attempting to enable the DHCP Relay Agent. The Relay Agent must open
the BOOTPS UDP port in order to operate successfully. If this port could not be opened, the Relay
Agent will not be enabled. Contact your Distributor or Customer Support.
[DHCP-R] Relay Agent disabled
The DHCP Relay Agent has been successfully disabled. This message will appear if the user
disabled the Relay Agent from Manage Mode.
442
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
[DHCP-R] Relay Agent enabled
The DHCP Relay Agent has been successfully enabled. This could be during system initialization
(if configuration values have enabled it), or after the DHCP Relay Agent has been enabled from
Manage Mode.
[DHCP-R] Relay Agent initialization failed
This message indicates that the DHCP Relay Agent did not initialize successfully. The Relay Agent
will not be operational. Contact your Distributor or Customer Support.
[DHCP-R] UDP port (67) closed
The DHCP Relay Agent is being disabled from Manage Mode and it must close the BOOTPS UDP
port (port 67). If the DHCP Proxy Client is also enabled, the BOOTPS port must remain open. In
this case, the DHCP Relay Agent will not close the UDP port.
[DHCP-R] UDP port (67) opened
The DHCP Relay Agent is being enabled and it must open the BOOTPS UDP port (port 67). This
may occur during system initialization, or after the DHCP Relay Agent has been enabled from
Manage Mode. If the DHCP Proxy Client is also enabled, it may not be necessary for the Relay
Agent to open this UDP port.
Dial Out Device does not have Bridge Callable Enabled
Check configuration. Enable the Make Calls for Bridge Data field under Device Table Menu, Bridging.
Discrepancy in dynamically-obtained device data
The System authentication type is configured to obtain device information off-node. In an
outbound call scenario with security enabled, two transactions may occur for the same device. If
these do not yield the same information, the call is dropped. Contact your Distributor or Customer
Support.
DL <slot #, port #, ces> Down
The specified data link for a line is down and considered unusable. Refer to the log error messages
for further information (dr command).
DM card in slot <slot #> has no firmware
While attempting to initialize the Digital Modem card, the system registered an invalid firmware
state. Contact your distributor or Customer Support. You most likely need to replace or upgrade
the firmware on the Digital Modem.
DM card failed FLASH download bad xx SREC
The Digital Modem card has failed the firmware update due to a corrupt file. Contact your
Distributor or Customer Support.
DM card in slot <slot #> has bad FLASH
The FLASH memory on the Digital Modem card has been identified as bad during an attempt to
update or access it. Contact your Distributor or Customer Support.
DM card in slot <slot #> in unknown state
The Digital Modem card is in an unrecognizable state. Reseat the card in its ISA slot, and/ or check
the MVIP cabling. If the problem persists, contact your Distributor or Customer Support.
Workgroup Remote Access Switch
443
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
DM card in slot <slot #> is not functional
The system was unable to initialize the Digital Modem in the specified slot correctly. Check all
switch and/ or jumper settings on the board to ensure they match the values in CFGEDIT. If the
board is configured properly, and this message still appears, contact your Distributor or Customer
Support.
DM card in slot <slot #> will receive new firmware
Informational message stating that the system has detected that the current firmware of the
specified modem is a lower revision level than what is supported in the currently installed
software. For 56K modem technology, the system will attempt to update the card. For modem
technology other than 56K, the upgrade command must be used to upgrade the firmware revision.
Watch for subsequent log messages to ensure the update is successful.
DM card in slot <slot #> failed FLASH download
The system has failed to successfully update the firmware revision of the Digital Modem card.
Contact your Distributor or Customer Support.
DM card in slot <slot #> FLASH download complete
Informational message stating that the system has successfully updated the firmware present on
the Digital Modem card.
DM card in slot <slot #> signals it is operational
Informational message stating that the Digital Modem is now ready for use.
DM card type configured in slot <slot #> does not exist
Using the resource database, the system has tried to initialize a Digital Modem card that doesn’t
exist. Check all switch and/ or jumper settings on the board to ensure they match the values in
CFGEDIT. If the board is configured properly, and the message still appears, contact your
Distributor or Customer Support.
DM card in slot <slot #> will not come out of reset
There are problems initializing the board. Contact your Distributor or Customer Support.
DM upgrade timeout. Board=<board #>, Modem=<modem #>
DM upgrade error during download. Modem says = xxx
DM upgrade no response at start. Board=<board #>, Modem=<modem #>
DM upgrade flash erase failed. Board=<board #>, Modem=<modem #>
DM upgrade no response at end. Board=<board #>, Modem=<modem #>
There were problems while attempting to update the firmware of the specified modem due to
either a corrupt firmware file or hardware problems. Reseat the card in its ISA slot, and/ or check
the MVIP cabling. If problems persist, contact your Distributor or Customer Support.
DM upgrade started. Board=<board #>, Modem=<modem #>
The system has begun to update the firmware of the specified modem on the Digital Modem card.
Watch for subsequent log messages to ensure the update is successful.
DM session in unknown upgrade state. Board=<board #>, Modem=<modem #>
There were problems while attempting to update the firmware of the specified modem due to
either a corrupt firmware file or hardware problems. Contact your Distributor or Customer
Support.
444
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
DM upgrade success. Board=<board #>, Modem=<modem #>
The system has successfully updated the firmware of the specified modem on the Digital Modem
card.
DM: TimeSlot driver circuit id already in use on CREATE
DM: No TimeSlot driver circuits available for CREATE
DM: TimeSlot driver circuit id not in use on REMOVE
DM: TimeSlot driver circuit id not found on REMOVE
There were problems related to the Digital Modem’s use of the TDM bus. Contact your Distributor
or Customer Support.
Downloading Bootstrap to DM card in slot <slot #>
Informational message stating that the system is attempting to initialize a Digital Modem card.
Watch for subsequent log messages to ensure the initialization is successful.
Downloading DM card in slot <slot #> with operational software
Informational message displayed during a successful initialization. Watch for subsequent log
messages to ensure the initialization is successful.
Downloading WAN card in slot <slot #> with operational software
Informational message during a successful system initialization. The status of the download
process for WAN card in slot <slot #> is identified. This should be reported after the “Bootstrap
came alive...” message for a given adapter.
DSL test failed to establish Layer 1, port=<port #>
During power up, all WAN lines undergo a test to see if Layer 1 can be established. This message
indicates a test failure. Check the wiring. If correct, contact your phone company.
Duplicate Calling Line ID <Calling line Id> detected for devices <device name> and <device name>
This message is logged at system initialization if any devices are found to share duplicate Calling
line Ids, and have no other authentication method. This problem should be corrected by adding
additional authentication method(s) to the necessary device(s).
Each mandatory connection uses xx bytes
There is not enough memory available to accommodate the system’s total capacity load. This
informational message identifies how much memory is needed to add an additional mandatory
connection.
Each optional connection uses xx bytes
There is not enough memory available to accommodate the system’s total capacity load. This
informational message identifies how much memory is needed to add an additional optional
connection.
ECP negotiation failed to converge
Verify compatible encryption parameters on each side of the link.
EDRV transmit error <error code>
An error was returned upon the software’s request to transmit a data frame. Contact your
Distributor or Customer Support.
Workgroup Remote Access Switch
445
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
EDS-DES Board Absent
EDS-FEAL Board Absent
The encryption board is either physically not in the backplane, or the dip switches on the board are
set incorrectly. Check for the board; verify the switch settings.
Error closing file ’s’
The WAN card initialization subsystem encountered an error while downloading a WAN card. The
system could not close the download disk file indicated. Restart the system. If the error continues,
Contact your Distributor or Customer Support.
Error closing file <file name>, slot <slot #>
Error closing password data file
If seen repeatedly, the above messages indicate a problem with your hard drive. Please contact
your Distributor or Customer Support.
Error downloading bootstrap program to adapter #’x’
The WAN card initialization subsystem encountered an error on the indicated adapter while
downloading the bootstrap program. Restart the system and review the configuration for the
adapter. If the problem persists, the indicated adapter card may be faulty; contact your Distributor
or Customer Support.
Error downloading operational software to adapter ’x’
The WAN card initialization subsystem encountered an error on the indicated adapter while
downloading operational software. Restart the system and review the configuration for the
adapter. If the problem persists, the indicated adapter card may be faulty and you should contact
your Distributor or Customer Support.
Error during channel initialization Access <access index>
An error has occurred during the initialization of the indicated Frame Relay Access, or port. Likely
cause of this entry is that the system has run out of memory. Contact your Distributor or Customer
Support.
Error during port initialization Access <access index>
An error has occurred during the initialization of the indicated Frame Relay Access, or port. Likely
cause of this entry is that the system has run out of memory. Contact your Distributor or Customer
Support.
Error during PVC initialization Access <access index>
An error has occurred during the initialization of the indicated. Likely cause of this entry is that the
system has run out of memory. Contact your Distributor or Customer Support.
Error initializing WAN card: <WAN card Id>
The system could not initialize the specified WAN card during system initialization. Check the
WAN card installation and configuration. If the error continues, report the problem.
Error in last LMI message detected Error <error code>
An error was detected in the last LMI message forwarded by the network. The error is identified
by the indicated error code.
Error loading WAN board, data verify error: adapter ’x’
The WAN card initialization subsystem encountered an error during download verification. The
specified adapter card may be faulty. Contact your Distributor or Customer Support.
446
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Error mapping WAN adapter #’x’ into Host memory map
The configured memory location of the indicated WAN card conflicts with another WAN card or
device. Review the configuration for the indicated adapter.
Error opening file <file name>
Error opening file <file name>, section = <section name>
Error opening file <file name>, slot <slot #>
If seen repeatedly, contact your Distributor or Customer Support.
Error parsing old WAN (Direct Host) interface: bad format
The information contained in the WAN (Direct Host) interface is invalid. To correct, use CFGEDIT
to reconfigure the interface.
Error initializing WAN card: <WAN card Id>
The system could not initialize the specified WAN card during system initialization. Check the
WAN card installation and configuration. If the error continues, report the problem.
Error parsing old WAN (Direct Host) interface: LAN interface <LAN netif name> for specified port <port#>
already in use
This error may display after upgrading software which contains secondary IP addressing and an
“old” style WAN (Direct Host) interface. To correct, use CFGEDIT to delete any WAN (Direct Host)
interfaces on the problematic LAN port, and reconfigure them.
Error parsing old WAN (Direct Host) interface: no LAN interface for specified port <port#>
This error may display after upgrading software which contains secondary IP addressing and an
“old” style WAN (Direct Host) interface. To correct, use CFGEDIT to delete the problematic WAN
(Direct Host) interface. Afterwards, configure a LAN interface and then read the WAN (Direct
Host) interface.
Error parsing WAN (Direct Host) interface: no LAN interface for specified name <name>
The LAN network interface associated with this WAN (Direct Host) interface is not present. Use
CFGEDIT to delete the problematic WAN (Direct Host). Check configuration for the suspect LAN
interface; it most likely will not be there. Add LAN interface, then reconfigure the WAN (Direct
Host) interface.
Error opening file \ system\ ethernt2.bin
The LAN adapter executable file could not be opened. Check for proper software installation.
Error programming adapter #’x’ hardware
The WAN card initialization subsystem encountered an error while attempting to program the
hardware on the indicated adapter. Restart the system and review the configuration for the
adapter. If the problem persists, the indicated adapter card may be faulty; contact your Distributor
or Customer Support.
Error reading file <file name>, section = <section name>
If seen repeatedly, the above message indicates a problem with your file system. Contact your
Distributor or Customer Support.
Error reading file \ system\ ethernet2.bin,section = <file type>
The specified section of the LAN adapter executable file could not be read. Check for proper
software installation.
Workgroup Remote Access Switch
447
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Error reading platform type: couldn’t open file C:\ SYSTEM\ PLATFORM.NEI
Error reading platform type: error reading C:\ SYSTEM\ PLATFORM.NEI
Error reading platform type: there is no “plat name” field
Error reading platform type: there was no “=” in the string
Error reading platform type: type value is too large
Error reading platform type: type was not converted to an int
There is a problem with the platform.nei file. Reinstall the system Installation/ Upgrade diskettes
or CD-ROM.
Error reading sdconf.rec file
An error occurred during parsing of the ACE configuration file. The file was found, but did not
have the expected format. Either repeat the download of the file from the ACE server, or reenter
the ACE database location configuration and save changes using CFGEDIT.
Error requesting slot activation
Contact your Distributor or Customer Support.
Error sending message to Call Control
The system detected a failure while sending a message to the WAN adapter. Restart the system and
review the resource configuration. If the error persists, contact your Distributor or Customer
Support.
Event <event code> occurred on FR Access <access index>, DLCI <dlci index>
A debug message logged to indicate Frame Relay events occurring for the indicated DLCI on the
indicated Access. The event is given in both textual, event, and numeric, code, forms.
Facility not subscribed - Slot=<slot #> Port=<port #>
This probably indicates a SPID configuration error on the indicated line. The configuration should
be corrected on the system or the switch.
Failed to allocate enough memory for XILINX load file
The WAN card initialization subsystem failed to allocate a buffer for use in downloading files.
Restart the system. If the problem continues, contact your Distributor or Customer Support.
FAILED TO BOOT SYSTEM SOFTWARE
While attempting to load the System software, an error was detected. The system will automatically
reset and attempt a reboot in an effort to correct the problem. If the system continues to fail, make
note of the displayed messages, and contact your Distributor or Customer Support. A software
update is likely needed.
FAILED TO FORMAT RFA
The Flash File System could not be formatted. The system will automatically reset and attempt a
reboot in an effort to correct the problem. If the system continues to fail, make note of the displayed
messages, and contact your Distributor or Customer Support. A software update is likely needed.
FAILED TO INSTALL XMODEM FILESET INTO FLASH MEMORY
While writing a file into the Flash File System, an error was detected. The system will automatically
reset and attempt a reboot in an effort to correct the problem. If the system continues to fail, make
note of the displayed messages, and contact your Distributor or Customer Support. A software
update is likely needed.
448
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Failed to obtain Terminal info in smgr_proc_terminal_auth_sess 0
A session control block was not found for this authentication session. Contact your Distributor or
Customer Support.
Failed to start a Terminal Auth session. Device + User level Security not enabled
A terminal mode connection was received and Device + User level security was not enabled. Verify
correct security settings and default async protocol settings.
FAILED XMODEM INITIALIZATION
The UART controlling the Console Information Port (CIP) could not be initialized. The system will
automatically reset and attempt a reboot in an effort to correct the problem. If the system continues
to fail, make note of the displayed messages, and contact your Distributor or Customer Support. A
software update is likely needed.
FAILED XMODEM SESSION
The X-Modem session did not successfully terminate. Likely causes include exhausting timeout
limits and noisy lines. The system will automatically reset and attempt a reboot in an effort to
correct the problem. If the system continues to fail, make note of the displayed messages, and
contact your Distributor or Customer Support. A software update is likely needed.
Failure during read of file <file name> for WAN card in slot <slot #>
If seen repeatedly, the above message indicates a problem with your hard drive. Contact your
Distributor or Customer Support.
Failure during read of file ’s’
The WAN card initialization subsystem encountered an error reading the file indicated. Check for
proper software installation.
Failure during Static RAM test on adapter #’x’
The WAN card bootstrap program encountered an error during the Static RAM test. This indicates
that the adapter card may be faulty. Contact your Distributor or Customer Support.
Failure on closure of file <file name>
Failure on file closure <file name>
Failure on write of file <file name>
Failure opening file <file name>
If seen repeatedly, the above messages indicate a problem with your hard drive. Contact your
Distributor or Customer Support.
Failure to allocate enough memory for XILINX load file
The WAN card initialization subsystem failed to allocate a buffer for use in downloading files.
Restart the system. Report the problem if it continues.
File=l2, Fn=<func name>, err=Layer 2 Error<err msg>, port=<port#>, CES=<link Id>
A Layer 2 error was encountered on the indicated BRI link or port. Your ISDN line (data link) may
be going down. If this error condition persists, contact your Distributor or Customer Support.
Below are possible error messages and their corresponding definitions:
DISC rcvd
The Network has sent a Layer 2 DISC (Disconnect), terminating the data link. An attempt
will be made to re-establish the data link after a switchtype-dependent delay.
Workgroup Remote Access Switch
449
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
DM rcvd
The Network will not allow establishment of the data link at this time. An attempt will be
made to re-establish the data link after a switchtype dependent delay.
MDL_ERR_RESP rcvd
The Network has not responded to TEI requests - no data link was established. An attempt
will be made to re-establish the data link after a switchtype dependent delay.
rcvd MDL_REM_REQ for TEI <TEI value>
The network has removed the specified TEI, terminating the data link. An attempt will be
made to re-establish the data link after a switchtype dependent delay.
File=ME, Fn=_mdl_err, err=Layer 2 Error<err code>rcvd, port=<port#>, CES<link Id>
A Layer 2 error was encountered on the indicated BRI link or port. Your ISDN line (data link) may
be going down. If this error condition persists, then report the problem. Below are possible error
codes and their corresponding definitions (based on Table 11-1 from CCITT Q.921 specification):
A
The Network sent a RNR (Receiver not Read) or REJ (Reject).
B, D
The Network sent a DM(F=1) or a UA and will not allow establishment of the data link at
this time. An attempt will be made to re-establish the data link after a switchtype
dependent delay.
C
The Network sent an unsolicited UA and will not allow establishment of the data link at
this time. An attempt will be made to re-establish the data link after a switchtype
dependent delay.
E
The Network sent a DM(F=0). The data link will be restarted immediately.
F
Network restarted data link.
H
Timeout on sending DISConnect to the Network. Unable to bring up data link. An attempt
will be made to re-establish the data link after a switchtype dependent delay.
I
Timeout sending I(Info) frame to the Network. The data link will be restarted immediately.
J
The Network sent a Layer 2 frame with an incorrect receive sequence number (Nr).
K
The Network sent a FRMR (Frame Reject) response. The data link will be restarted
immediately.
450
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
L
The Network sent a Layer 2 frame with a control field error. This is typically an
unimplemented frame.
M
The Network sent a Layer 2 frame with an illegal Info field.
N
The Network sent a Layer 2 frame with an incorrect length.
O
The Network sent a Layer 2 frame that was too long.
U
The Network sent a Layer 2 frame with a control field error. Typically an unknown frame.
File Access Err
System unable to access file. Check for one of the following log error messages:
Error opening file <file name>
Error reading file <file name>, section = <section name>
Error opening file <file name>, slot <slot #>
Read 0 bytes from file <file name> for WAN card in slot <slot #>
Failure during read of file <file name> for WAN card in slot <slot #>
Error closing file <file name>, slot <slot #>
Error closing password data file
Error opening password data file
Failure on closure of file <file name>
Failure opening file <file name>
Failure on file closure <file name>
Failure on write of file <file name>
If you see any of these log messages repeatedly, there may be a problem with the file system.
Contact your Distributor or Customer Support.
Formatting Flash Memory.....
The user has either requested the Flash to be formatted or a corrupted Flash File System was
detected while attempting to save an upgrade/ installation file set (transferred via X-Modem).
[FR_IETF] Authentication Failure of remote device NAME
[FR_IETF] Off-Node Authentication Failure of remote device NAME
The device database does not contain an entry for the device specified by NAME. Reconfigure
either the PVC name or the device name so that they match.
[FR_IETF] detected PPP protocol from "NAME", shutting down PVC
FR_IETF has detected a configuration mismatch between the system and the remote device NAME.
The administrator must change the PVC configuration on one of the devices.
Frame Relay event queue full
Indicates a lack of system resources to handle the level of traffic being experienced. Contact your
Distributor or Customer Support.
Workgroup Remote Access Switch
451
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Frame Relay PVC connection down: Slot=<slot number>, Port=<port number>
The Frame Relay PVC connection is down for the indicated slot and port number.
Frame Relay PVC connection up: Slot=<slot number>, Port=<port number>, DLCI=<DLCI index>
The Frame Relay PVC connection is up for the indicated slot, port, and DLCI index.
FrBufFree: error <error code> during free
The indicated error occurred during an attempt to free a buffer to its memory pool. Contact your
Distributor or Customer Support.
FrUtl: No registered device for DLCI <dlci index>
A frame was received on the PVC associated with the indicated DLCI, and no Frame Relay Service
Device had (as yet) registered to use this PVC.
IePvcStatus: Received Status Report for unknown PVC # <dlci index>
The indicated unknown DLCI was indicated in a STATUS message received from the network. This
DLCI number is entered in the “unknown DLCI” list and can be displayed via the FR LMI system
console command.
Incoming call from <Device Name>, Slot=<slot #>, Port=<port #>, Chan=<channel #> Rejected by BW
Reservation
A bandwidth reservation message. Indicates that a call has come in from the indicated device, on a
line that is not in this device’s profile. The call will be disconnected. If you see this message often,
check the remote device’s configuration to prevent wasted calls.
Initial TDM Clock Master: <slot#, line#>
The external line indicated has been selected as the master clock source.
Initializing...
Displays the current state of the system (initialization).
Installing File Set into Flash Memory
The file set, received via X-Modem, has successfully passed its verification tests and is now being
written into the Flash File System.
Insufficient space for buffer pool creation
There is not enough system memory to proceed with the creation of the requested size buffer pool.
Contact your Distributor or Customer Support.
Interrupt fault on WAN Adapter in Slot <slot #>
The interrupt jumper for the WAN Adapter in the specified slot is missing or misplaced.
Invalid caller number: <caller’s sites name> - <caller’s number>
The incoming call security feature is enabled and a call was received from an unknown remote site,
therefore the call was disconnected. If the call was from a valid remote site, the device list must be
updated to include the remote site's phone number.
Invalid Call_ID in HOST_CALL_CONNECTED
Invalid Call_ID in HOST_CALL_DISCONNECT
The above Robbed Bit Signaling messages indicate that the system software sent a message to the
RBS state machine that the state machine was unable to recognize or the information was incorrect.
If this message is displayed in the log messages, contact your Distributor or Customer Support.
452
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Invalid CLLM received on Access <access index>
An invalid CLLM message was received on the indicated Frame Relay Access. The message had
either missing elements or invalid contents.
Invalid LAN Adapter identifier
The system has detected invalid LAN adapter hardware. Check for proper LAN adapter
configuration and hardware installation.
Invalid Password <password> given
The remote Combinet sent a password that did not match any device table entries. This most likely
is due to a configuration error. Check the configuration, and change the password.
Invalid SERIAL.001 file present, file is ignored.
Contact your Distributor or Customer Support.
Invalid SERIAL.BIN file present, system booting in minimal mode.
Contact your Distributor or Customer Support.
Invalid serial number in SERIAL.001, file is ignored.
Contact your Distributor or Customer Support.
Invalid serial number in SERIAL.BIN file, system booting in minimal mode.
Contact your Distributor or Customer Support.
IP Error from ESP datagram - discarded
An error occurred within the IP forwarding logic which make it impossible to send this datagram.
[IP] Invalid Device Info. Device is not IP callable <device name>
An IP packet could not be forwarded to a remote network because the next-hop device for that
network is not configured as IP Callable. The CyberSWITCH returns a network unreachable message
to the sender.
[IP] x.x.x.x not added to the pool: Invalid IP address
A failure was encountered by the IP subsystem during initialization processing. IP made an
unsuccessful attempt to add a “static” address to the IP Address Pool. The IP address being added
did not match any of the configured IP network interfaces.
[IP] x.x.x.x not added to the pool: Invalid Device Id
A failure was encountered by the IP subsystem during initialization processing. IP made an
unsuccessful attempt to add a “static” address to the IP Address Pool. The ID supplied by the IP
subsystem was invalid. Contact your Distributor or Customer Support.
[IP] x.x.x.x not added to the pool: IP Address Pool Full
A failure was encountered by the IP subsystem during initialization processing. IP made an
unsuccessful attempt to add a “static” address to the IP Address Pool. The IP Address Pool was
already full.
[IP] x.x.x.x not added to the pool: Unknown error (y)
A failure was encountered by the IP subsystem during initialization processing. IP made an
unsuccessful attempt to add a “static” address to the IP Address Pool. An unknown error code was
returned by the IP Address Pool Manager. Contact your Distributor or Customer Support.
Workgroup Remote Access Switch
453
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
[IPAP] ResMem returned invalid device maximum value (x)
A memory allocation failure was encountered by the IP Address Pool Manager during initialization
processing. Contact your Distributor or Customer Support.
[IP] Cannot get system memory for xxxx
There is not enough system memory available for IP software to operate (“xxxx” is a variable name
internally used). Contact your Distributor or Customer Support.
[IP] Cannot process incoming remote IP device <IP address>, no rsc avail
The IP software was unable to accept the incoming IP device to a WAN (Direct Host) interface
because it could not obtain necessary resource. The WAN connection may remain for a while, but
the remote IP device will not be able to communicate with any IP devices over WAN. Contact your
Distributor or Customer Support.
[IP] Cannot start Proxy Arp for <IP address #>, no cmd buf avail
The IP software attempted to start the proxy arp for the IP device indicated by the <IP address #>,
but was unsuccessful because it could not obtain necessary memory. Contact your Distributor or
Customer Support.
[IP] Cannot stop Proxy Arp for <IP address #>, no cmd buf avail
The IP software attempted to stop the proxy arp for the IP device indicated by the <IP address #>,
but was unsuccessful because it could not obtain necessary memory. Contact your Distributor or
Customer Support.
[IP] Datagram with destination address of <destination address> cannot be forwarded
[IP] Reason: Invalid Device Info. Device <device name> is not IP callable
These two message appear together if a user calls in to the specified destination user and that user
is not configured to be IP callable.
[IP] Default Route not added, invalid next hop (<IP address #>)
Because of an incorrect setup, the default route entry was not added in the routing table. Check the
next hop in your configuration. Be sure that the next hop indicated by the <IP address #> is directly
connected to the configured network interface.
[IP] Failed to de-register with IP Address Pool Manager (erc=x)
A failure was encountered by the IP subsystem during initialization processing. IP made an
unsuccessful attempt to de-register as a provider of “static” addresses for the IP address pool.
Contact your Distributor or Customer Support.
[IP] Failed to register with IP Address Pool Manager (erc=x)
A failure was encountered by the IP subsystem during initialization processing. IP made an
unsuccessful attempt to register as a provider of “static” addresses for the IP address pool. Contact
your Distributor or Customer Support.
[IP] Initialization failure
The IP Router was not initialized correctly because of other errors. Possible errors include “[IP]
Cannot get system memory for xxxx”. Refer to the log for additional messages to pinpoint the
problem.
[IP] Invalid configuration for Network Interface dd
454
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
[IP] Invalid RLAN IP Address <IP address>, RLAN IP Stream Closed
The connection from a HDLC Bridge or a PPP device came up and the IP (sub-) network number
configured for it is invalid; it does not belong to any of the WAN (RLAN) interfaces. Correct the IP
address for the remote device.
[IP] Invalid Peer IP Address <IP address>, WAN IP Stream Closed
A PPP or RFC 1294 (IP Host) connection came up, and the IP address of the peer device (pre-
configured or negotiated) belongs to a WAN (RLAN) Interface. If the IP address is preconfigured,
try changing the peer’s IP address (at the peer device and possibly on the device entry for the peer)
that belongs to one of the WAN, WAN (Direct Host), or WAN (UnNumbered) interfaces. If the IP
address is negotiated, try changing the IP address pool, or make sure that you really do want to use
a WAN (RLAN) Interface.
[IP] IP host is initialized successfully
This message is posted when the system IP Host feature has initialized successfully.
[IP] IP router is initialized successfully
This message is posted when the system IP Router feature has initialized successfully.
[IP] Network initialized successfully on ddd.ddd.ddd.ddd
This message is posted when the numbered interface is successfully initialized on the indicated IP
address.
[IP] Network Interface on LAN port <port #> already exists
There is another network interface that is configured for the LAN port indicated, and it was already
initialized successfully. This means that there are multiple network interfaces configured for the
same LAN port. You should correct the system configuration.
[IP] Network Interface on LAN port <port #> not initialized
The network interface for the LAN port indicated was not initialized because there is no Ethernet
resource configured, or the Ethernet resource that is configured does not have the corresponding
port. You should correct the system configuration.
[IP] Route (<IP address #1>) not added, invalid next hop (<IP address #2>)
The static route entry indicated by the <IP address #1> was not added in the routing table because
the next hop indicated by the <IP address #2> is not located on any network directly connected to
the configured network interface.
IPSec - Duplicate SA, Final Dest Addr: nn.nn.nn.nn SPI nn.nn.nn.nn
A Security Association with the same SPI and Final Destination Address already exists. If there is
no SPI parameter listed, the Security Association table has been filled.
IPSec Security Associations initialized successfully
[IP] WAN (Direct Host) Interface for LAN port <port #> already exists
There is another WAN (Direct Host) type interface that is configured for the LAN port indicated,
and it was already initialized successfully. This means that there are multiple WAN (Direct Host)
type interfaces configured for the same LAN port. Use CFGEDIT to specify primary or secondary
interface.
Workgroup Remote Access Switch
455
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
[IP] WAN (Direct Host) Interface <WAN interface name>, invalid associated LAN interface <LAN
interface name>
The WAN (Direct Host) type interface could not come up; the associated LAN network interface,
specified by configuration, was not found. Use CFGEDIT to delete old WAN (Direct Host)
interface. Check for associated LAN interface, and add if necessary. Then add back the WAN
(Direct Host) interface.
[IP] WAN (Direct Host) Interface for network <network #> on LAN port <port #> initialized successfully
This message is posted when WAN (Direct Host) interface for the indicated network is initialized
successfully.
[IPCP] Invalid pre-configured IP address <IP address> for <device name>, ignored
There is a configured IP address for the remote device in the Device Table, but the IP address does
not belong to any configured WAN interfaces. Check the configuration. You will most likely need
to add another WAN interface.
[IPCP] IP Address Pool - Out of IP addresses
IPCP needed to allocate an IP address from the IP address pool, but there were no IP addresses
available in the IP address pool. You may need to add more IP addresses to the pool.
[IPCP] Option Negotiation Failure, Non-Convergence detected
IPCP is terminated because an agreement could not be reached on the details of protocol. Refer to
the specific documentation for the device in question to determine if it is configured correctly.
Then, contact your Distributor or Customer Support.
[IPCP] Remote device does not negotiate IP address
Please configure IP address for the device <device name>
The IP address for the remote device is either improperly configured, or not configured at all.
Check configuration and adjust.
[IPFILT] Filter “abcd” does not exist, ignored by application point “xyz”
This particular error message detects that an attempt has been made to apply a non-existent filter.
In theory, this can only happen if someone manually modifies a configuration file (other than
through CFGEDIT or Manage Mode).
[IP Host] Call Dropped: ID Response was not received from remote
The system did not receive a valid identification exchange from the remote IP Host. The system has
rejected the incoming call. Refer to the Quick Start for proper setup of your particular device.
[IP Host] Call Dropped: XID was not received from remote
The system did not receive a valid identification exchange from the remote IP Host. The system has
rejected the incoming call. Refer to the Quick Start.
[IP Host] Security Rejection - Digit string wrong length
The system did not receive a valid identification exchange from the remote IP Host. The
Identification digit string from the remote device was not of an appropriate length. This string must
be a 24 character string of ASCII digits (0-9), which is blank padded. The system has rejected the
incoming call.
456
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
[IP Host] Security Rejection - Invalid Security ID <Id string>
The system has received an IP Host Id, <Id string>, from a remote device that is not configured in
the Device List. The system has rejected the incoming call. Verify that the IP Host ID in the Device
List information is identical to the IP Host Id configured in the remote device.
[IP Host] Security Rejection - Security ID cannot be validated with Authentication Server
The System authentication type is configured to obtain device information off-node, for example
from a RADIUS server; however, such transactions are not yet supported when IP Host ID Security
is enabled.
[IP RIP] All network interfaces used
All RIP interface data structures are in use. No RIP information will be sent to any additional
interfaces. Contact your Distributor or Customer Support.
[IP RIP] Buffers allocated
The RIP successfully allocated the UDP buffers needed to transmit RIP packets.
[IP RIP] Initialization failed, unable to allocate buffers
The RIP initialization was not completed. The machine contains insufficient memory to allocate the
UDP buffers needed to transmit RIP packets. Contact your Distributor or Customer Support.
[IP RIP] RIP Protocol Initialization successful
The RIP protocol was successfully initialized.
[IP RIP] Route Maintenance Registration Failed
The IP RIP protocol was unable to register with the IP routing table notification system. Any
dynamic changes of the routing table configuration will not be reflected in the RIP packets sent to
other routes. contact your Distributor or Customer Support.
[IP RIP] Send queue full
The RIP transmission queue has become full. This is not a normal occurrence. The machine should
be restarted. If this message is displayed again after the machine has been restarted, contact your
Distributor or Customer Support.
[IP RIP] Shutdown complete
The RIP protocol was successfully shutdown via Dynamic Management. No RIP routing
information will be transmitted or received. Any routes learned via RIP will soon expire.
[IP RIP] Unable to add host route <IP address>
A failed attempt was made to add the host route to the IP RIP routing table. The routing table can
have approximately 300 routing entries, and at this time, the routing table is full. The host route will
not be broadcast via RIP packets and therefore other routers will not be able to learn the route to
this device. You can use the packet capture commands to try to determine if a device is advertising
an unusual number of routes. If you are unable to track down the problem, contact your Distributor
or Customer Support.
[IP RIP] Unable to add route, routing table full
The IP RIP routing table is currently full, no new routes can be added. The routing table can have
approximately 300 routing entries, and at this time, the routing table is full. This could result in
possible unreachable destinations. You can use the packet capture commands to try to determine
if a device is advertising an unusual number of routes. If you are unable to track down the problem,
contact your Distributor or Customer Support.
Workgroup Remote Access Switch
457
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
[IP RIP] Unable to open RIP/UDP port 520
The UDP port for RIP was unable to be opened. There are 63 possible UDP ports, and none are
available for use at this time. No RIP information can be transmitted or received. Contact your
Distributor or Customer Support.
[IP RIP] Unable to register WAN Connection notification
The IP RIP protocol was unable to register with the IP WAN interface connection notification
system. No WAN connection information will be reflected in the RIP packets. Contact your
Distributor or Customer Support.
[IP RIP] Unable to register with Network Interface Maintenance
The IP RIP protocol was unable to register with the IP network interface notification system. Any
dynamic changes of the network interface configuration will not be reflected in the RIP interface
control. Contact your Distributor or Customer Support.
[IPX] Invalid IPXWC passed
In the unlikely event this message is posted, contact your Distributor or Customer Support.
[IPX] Network initialized successfully on xxxxxxxx:xxxxxxxxxxxx
This message is posted when the numbered interface is successfully initialized on the indicated IPX
address.
[IPX] Network Interface on LAN port <port #> not initialized
The network interface for the LAN port indicated was not initialized because there is no Ethernet
resource configured, or the Ethernet resource that is configured does not have the corresponding
port. You should correct the system configuration.
[IPX] Route <IPX network address #1> not added: invalid next hop(<IPX address #2>
The static route entry indicated by the <IPX network address #1> was not added in the IPX routing
table because the next hop indicated by the <IPX address #2> is not located on any network directly
connected to the configured network interface.
[IPX] Route (<IPX network address>) not added: invalid next hop (<name>)
The static route entry indicated by the <IPX network address> was not added in the IPX routing
table because the next hop remote device indicated by the <name> does not exist.
[IPX] IPX router initialized successfully
This message is posted when the IPX Router feature has initialized successfully.
IPX spoofing unable to get disconnect time structure. Default options replacing disconnect time options for
device <device name>.
The resources required to properly perform the configured IPX spoofing options for the specified
device after a connection to this device has been disconnected could not be obtained. The default
IPX spoofing options are being used in place of the disconnect time IPX spoofing options.
[IPX RIP] Buffers allocated
The IPX RIP successfully allocated the buffers needed to transmit IPX RIP packets.
[IPX RIP] RIP Protocol Initialization successful
The IPX RIP protocol was successfully initialized.
458
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
[IPX RIP] Shutdown complete.
The IPX RIP protocol was successfully shutdown via Dynamic Management. No IPX RIP routing
information will be transmitted or received. Any routes learned via IPX RIP will soon expire.
[IPX RIP] Space available in routing table
A route entry has become available in the full route table.
[IPX RIP] Unable to add route, routing table full
The route table has become full. The maximum number of route entries should be increased. Note:
This message will not recur in the log until space becomes available in the route table.
[IPX SAP] Buffers allocated
The IPX SAP successfully allocated the buffers needed to transmit IPX SAP packets.
[IPX SAP] SAP Protocol Initialization successful
The IPX SAP protocol was successfully initialized.
[IPX SAP] Shutdown complete
The IPX SAP protocol was successfully shutdown via Dynamic Management. No IPX SAP service
information will be transmitted or received. Any services learned via IPX SAP will soon expire.
[IPX SAP] Space available in service table
A service entry has become available in the full service table.
[IPX SAP] Unable to add service, service table full
The service table has become full. The maximum number of service entries should be increased.
Note: This message will not recur in the log until space becomes available in the service table.
[IPXCP] Add Network Address to Pool with value above <network address>
This message informs the administrator that negotiation was not possible since non-convergence
was detected the network address sent by the peer was not acceptable by us and we do not have
any network address to assign to the peer. The possible remedy is to configure more IPX addresses
with a value more than <Network Address> in the Address Pool.
[IPXCP] IPX Address Match.
[IPXCP] Device <device> address same as another device address
The remote device indicated by <device> requested to use an already existing IPX network number
and node number.
[IPXCP] Our Node Address is <node address>
This message informs the administrator that the peer has assigned us a node number because the
system did not have a node address and the peer needs a node address. This node address will be
used by the peer to identify this system.
[IPXWAN] Master Slave Conflict. Change Internal Network Number above <present value>
This message indicates that over the IPXWAN link, the master and slave roles could not be
determined. The internal network number of the system must be changed to ensure proper
IPXWAN negotiation to occur.
[IPXWAN] IPX Internal Network Number must be configured.
You must configure a valid internal network number in order for IPX routing to work properly.
Workgroup Remote Access Switch
459
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
L3_CallRefSelect Call Reference wrapped
Status message indicating that Layer 3’s call reference value has wrapped. If this message is posted
frequently, report the problem.
LAN Adapter Abort
The Ethernet adapter or subsystem is being interrupted as part of the error recovery process. If the
system fails to operate normally, or the warning continues to occur, then report the event using the
problem reporting form included in Getting Assistance.
LAN Adapter Command Timeout
The system expected a command from the LAN adapter or subsystem that it did not receive. Check
for proper LAN adapter configuration and hardware installation. If it persists, report the event
using the problem reporting form included in Getting Assistance.
LAN Adapter configuration conflict
There is a configuration conflict between the Ethernet resource that was installed and the Ethernet
resource that was configured. Correct the configuration to match the installation.
LAN Adapter Fatal Error Reported
LAN Adapter hardware failure detected. If the problem persists, replace your LAN adapter.
LAN Adapter FIFO Data Underrun
The system expected data from the adapter that it did not receive, and the system will continue to
operate. Check for proper LAN adapter configuration and hardware installation.
LAN Adapter FIFO not empty, status=<status value>
The LAN adapter did not enter the proper state after it was restarted. Check for proper LAN
adapter configuration and hardware installation.
LAN Adapter HW upgrade may be required
Older versions of the Ethernet adapter may need to be updated to run Release 2.3 or greater. If the
above message appears in your system log messages, you will need to remove your Ethernet
adapter to determine if it is a version that needs to be updated. Refer to the “Notes and Warnings”
section of the Release Notes for further instructions.
LAN Adapter HW upgrade required
Older versions of the Ethernet adapter may need to be updated to run Release 2.3 or greater. If the
above message appears in your system log messages, you will need to upgrade your Ethernet
adapter.
LAN Adapter LAN Controller error
The system detected an error with the LAN controller. The LAN adapter card may be faulty.
Contact your Distributor or Customer Support.
LAN Adapter not configured
The system tried to access the bridging function when it was not configured. Most likely, the
Ethernet resource was accidentally deleted. Correct the system configuration to reflect the proper
Ethernet resource.
LAN Adapter out of receive buffers for LAN port <port #>
The LAN adapter is temporarily out of receive buffers for the indicated port. This condition should
clear itself. If the condition persists, contact your Distributor or Customer Support.
460
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
LAN Adapter out of receive buffers for the WAN port
The LAN adapter is temporarily out of the buffers it uses to receive packets from the WAN port.
This condition should clear itself. If the condition persists, contact your Distributor or Customer
Support.
LAN Adapter port <port #> transmit error <error code>, check connection
The LAN adapter detected an error transmitting a frame on the indicated port. Check that the LAN
is properly connected to the adapter and that the LAN is properly terminated.
LAN Adapter Reset
This is an initialization message. The Ethernet adapter has been reset as part of the adapter
initialization sequence.
LAN Adapter Response Timeout
The system expected a command response from the adapter that it did not receive. Check for
proper hardware installation.
LAN Adapter ROM version ########.########.########
The ROM version in the Ethernet adapter is indicated.
LAN Adapter software version conflict
When software is downloaded onto the Ethernet adapter, its software version is compared to the
version of software running on the host’s main processor. If the versions do not match, this message
is posted. The upgrade did not work properly; contact your Distributor or Customer Support.
LAN Adapter System resource error
LAN Adapter hardware failure detected. If the problem persists, replace your LAN adapter.
LAN Init Error
LAN connection failure. Initialization failure detected by the LAN packet forwarding component
in the system.
LAN Port <port #> detected a transceiver problem
The system detected a LAN connection problem on the indicated port. Check for proper LAN
connection installation.
LAN Port <port #> detected jabber condition <n> times(s)
A “jabber” condition or an Ethernet frame larger than the maximum legal length has been received.
This message is usually displayed if there is a malfunctioning transceiver or a malfunctioning
Ethernet device on the LAN. This message is not displayed for every error condition. It appears
after 24 hours since the last message was displayed. This message provides the LAN port # in
question, and the number of times <n> the jabber condition has been detected.
LAN Port <port #> detected open LAN media
The system detected a problem with the physical LAN on the indicated port. The LAN is not
properly terminated or the LAN is not fully connected to the system. Check for proper LAN
installation.
Workgroup Remote Access Switch
461
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
LAN Port <port #> detected shorted LAN media
The system detected a problem with the physical LAN on the indicated port. The LAN is not
properly terminated or the LAN is not fully connected to the system. Check for proper LAN
installation.
LAN Port <port #> is now in the Forwarding state
The bridge LAN port indicated has entered the forwarding state and is now ready for data transfer.
LAN Port <port #> is now in the Learning state
The bridge LAN port indicated has entered the specified state.
LAN Port is now in the Listening state
The bridge LAN port is entering the specified state.
LAN Port <port #> is now in the <new state> state
The bridge LAN port indicated is entering the specified new state.
LAN Xmit Error
LAN connection failure. LAN packet transmit error detected by the system.
Layer 1 sync not seen - Slot=<slot #> Port=<port#> Ces=<communication endpoint suffix
A physical problem has been detected on the indicated line. Check for proper connection to the
CyberSWITCH and to the NT1 or CIU. If the NT1 or CIU appears functioning properly, call your
phone company and report the problem.
[LCP] Option Negotiation Failure, Non-Convergence detected
Link Control Protocol is terminated because the CyberSWITCH and the device cannot agree on a
common way of communicating. The device may not be configured properly. Refer to the specific
documentation for device set up. Then, contact your Distributor or Customer Support.
Line <slot #, port #> Down
ISDN line failure. The data link for the line connected to slot <slot #> port <port #> is down.
LMI alarm on Access <access index>
Indicates that either no STATUS messages have been received from the network or that N393 errors
have occurred in the last N391 events thus exceeding the device configured alarm threshold for the
LMI link. Any associated PVCs are disabled. (The variable N393 is the configured Monitored
Events Count, and the variable N391 is the configured Full Status Enquiry Polling Count.)
LMI alarm reset Access <access index>
Indicates that N392 events have occurred which allows the LMI alarm condition to be cleared and
any associated PVCs to be re-enabled. (The variable N392 is the configured Error Threshold Count.)
Loop detected on Local Area Network
The LAN adapter has detected a loop condition on the local area network. The system will discard
these frames until the loop condition is removed.
MAC Layer Bridge did not Initialize
A system problem prevented the MAC layer bridge from properly initializing, and the bridge will
not forward data over the WAN. Restart the system. If the error continues, contact your Distributor
or Customer Support.
462
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Manage Mode updates have been successfully committed
The above message indicates that the Dynamic Management commit command was successfully
completed.
Manual intervention required: please replace LAN card
Older versions of the Ethernet adapter may need to be updated or replaced to run Release 2.3 or
greater. If the above message appears in your system log messages, you will need to replace your
Ethernet adapter.
Manual restart initiated on DM board in slot <slot #>
There was an attempt to restart the specified Digital Modem with the modem restart command.
Check subsequent log messages to verify the command was successful.
Maximum call charges exceeded for month
The configured maximum for monthly call charges has been exceeded.
Maximum call minutes per day limit (x) has been reached
The described limit has been exceeded. The next log message will indicate whether calls will still
be allowed or not.
Maximum call minutes per month limit (x) has been reached
The described limit has been exceeded. The next log message will indicate whether calls will still
be allowed or not.
Maximum calls per day limit (x) has been reached
The described limit has been exceeded. The next log message will indicate whether calls will still
be allowed or not.
Maximum calls per month limit (x) has been reached
The described limit has been exceeded. The next log message will indicate whether calls will still
be allowed or not.
MCP detected channel failure: <channel number>
A link has failed for some abnormal reason and the indicated channel has been disconnected. This
message is generally preceded by another message which indicates the underlying protocol. Refer
to that message. If this does not pinpoint the problem, check the application on the remote device
to see if it is working correctly.
Memory Access Timeout
This indicates a TDM bus connector failure that is specific to the TDM bus connecting a primary
rate and a basic rate adapter. Ensure that the TDM bus has been correctly connected to the two
adapters. If problem continues, contact your Distributor or Customer Support.
MEMORY LIMITED - <x> COMPRESSION connections available
Where “x” is equal to the number of connections that can be supported. There is not enough
memory available to support the number of compression connections being allocated. You may
want to purchase more memory for your system. Contact your Distributor or Customer Support.
Mild congestion CLLM received for DLCI <dlci index>
A CLLM message was received indicating mild congestion may be expected on the PVC associated
with the indicated DLCI.
Workgroup Remote Access Switch
463
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Mismatch of configured and installed DM card in slot <slot #>
The switch and/ or jumper settings on the specified Digital Modem card are not properly set to
match how the card is configured in software. Check the hardware and software configuration and
restart.
Missing BEARER_CAPABILITY in HOST_CALL_REQUEST
Missing CALLED_NUMBER_IE in HOST_CALL_REQUEST
Missing CHANNEL in HOST_CALL_REQUEST
Missing CHANNEL_ID_IE in HOST_CALL_REQUEST
Missing TN in HOST_CALL_REQUEST
The above Robbed Bit Signaling messages indicate that the system software sent a message to the
RBS state machine that the state machine was unable to recognize or the information was incorrect.
If this message is displayed in the log messages, contact your Distributor or Customer Support.
MODEM <modem #> of DM card in slot <slot #> is unusable
An attempt was made to perform an operation on a specific modem that had been deleted from the
usable list via the modem delete command. Use the modem add command to make the modem
usable again, or use a different modem to perform the desired operation.
MODEM CONNECT failed - connect <connect id #>, board <board #>, modem <modem #>
An attempted modem call has failed to connect. Try reconnecting the call again. If this message
consistently appears for the same modem number, contact your distributor or Customer Support.
Modem revision on modem <modem #> of slot <slot #> failed
Individual modems on a Digital Modem card are failing. Check the hardware and software
configurations, as well as the seating of the card and the MVIP cabling. If all seems in order, contact
your Distributor or Customer Support.
Negotiation Failure with Semipermanent device “x”
There was some problem negotiating a connection with device "x." There was no way to send data.
This could be an authentication failure or a PPP failure.
Network loop between site1 and site 2
The system detected a WAN loop between the specified sites, so the System will not forward the
duplicate frame. Check the System and network configuration for this loop and adjust.
Network requested init but no SPID configured- Slot=<slot #> Port=<port #> Ces=<communication
endpoint suffix>
A SPID is required but is not configured on the indicated line. The configuration of the
CyberSWITCH or of the switch should be corrected.
Network sent bad Endpoint identifier - Slot=<slot #> Port=<port #> Ces=<communication endpoint
suffix>
During terminal initialization, a bad endpoint identifier was received on the indicated line. This
message is informational only; your line should continue to operate normally.
Network sent CAUSE - invalid SPID - Slot=<slot #> Port=<port #> Ces=<communication endpoint
suffix>
An invalid SPID is configured on the indicated line. The configuration of the CyberSWITCH or of
the switch should be corrected.
464
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Network sent Cause - SPID not supported - <slot #, port #>
The indicated line does not support SPIDs; however, a SPID is configured for use on the line. Is the
SPID configured incorrectly? Do you have the right switch type? Check the configuration. If the
message persists, contact your BRI provider to determine corrective action.
Network sent STATUS with state = 0, tear down call
A STATUS message has been received from the network indicating that a specified call is not active.
The system is removing the call.
No Active Calls
0 Active Sites
Currently, no sites are connected to the system.
No Active List entry available in INM
The system tried to contact a remote site and no table entries were available. You may need a larger
version of the CyberSWITCH.
No CCB found, Port=<port #>, CallRef=<call reference #>
Contact your Distributor or Customer Support. Provide your distributor with a copy of the
message log, and the output of the wan stats command. With the wan stats command, the
main item of interest is the “rcv fail” number on the connections line.
No compression sessions are available due to memory constraints.
Check available memory; upgrade to a 12Mb system (minimum). If you are still encountering
problems, disable unused protocols, and/ or contact your Distributor or Customer Support to
reduce your number of available connections.
NO FR LMI transmit buffer available
Indicates that, temporarily, no transmit buffer was available for formatting and sending a STATUS
ENQUIRY message to the network.
NO FR LMI transmit buffer descriptor available
Indicates that, temporarily, no transmit buffer descriptor was available for control and
administration of a STATUS ENQUIRY message to be sent to the network.
No internal b channel resources available, disconnecting call
The call is up, but there are no resources available to send the data. Contact your Distributor or
Customer Support.
No resources available to accept incoming call
The System received an incoming call, but it had already established the maximum number of calls.
This indicates the demand for network resources exceeds the configuration of this system. If this
type of occurrence continues, you should consider upgrading to a larger system.
No response to TEI requests - Slot=<slot #> Port=<port #> Ces=<communication endpoint suffix>
TEI configuration mismatch between the system and the switch for the indicated line. The
configuration of the system or of the switch should be corrected.
No Sites Connected
Currently, no sites are connected to the system.
Workgroup Remote Access Switch
465
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Not enough memory for Security module
Not enough system memory available to operate security module. Contact your Distributor or
Customer Support.
No UA seen in response to SABMEs - Slot=<slot #> Port=<port #> Ces=<communication endpoint suffix>
Layer 2 cannot be established between the system and the switch. This could be a TEI configuration
mismatch between the system and the switch for the indicated line. Check the configuration of the
system. If this is not the problem, call your carrier. The configuration of the switch may need
correction, or the line may need to be manually restarted.
No VCB buffer available
Ran out of sending buffers for messages to Combinet. If this is a recurring problem, contact your
Distributor or Customer Support.
Number of optional connections reduced from xx to yy due to memory limitations
This informational message identifies that there is not enough memory available to accommodate
the system’s total capacity load for optional connections.
Number of required connections reduced from xx to yy due to memory limitations
This informational message identifies that there is not enough memory available to accommodate
the system’s total capacity load for required connections.
Offnode server lookup of Dial Out User failed.
Off-node authentication was not successful. Most likely, the device attempting to authenticate was
not configured. Check configuration.
OSW <OSWFileName>, found in the Flash File System. The OSW has not been updated from this file due
to insufficient Flash File System space. Please delete unnecessary files from the system.
Delete unneeded files to free up Flash File System space, and reboot the system. DO NOT DELETE
NEX.BIN, IOP.BIN, OR UPGRADE.BIN. The system will again attempt to install the compressed
file set after the system is rebooted again.
Outgoing calls barred - Slot=<slot #> Port=<port #>
The system cannot place outgoing calls on the indicated line. The switch must be configured to
handle circuit switched data calls. Contact your phone company and report the problem.
Out of CCBs, Port=<port #>, CallRef=<call reference #>
Contact your Distributor or Customer Support.
Out of LAN Adapter transmit command descriptors
The LAN adapter is temporarily out of buffers used to transmit frames on to the Ethernet. This
condition should clear. If it persists, contact your Distributor or Customer Support.
Out of overflow RAM buffers
Contact your Distributor or Customer Support.
466
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Out Svc # <slot #, port #>
ISDN line failure. The line connected to the indicated slot and port is out of service for the reason
indicated by #.
1 = No layer 1 sync for 5 seconds
This problem normally occurs due to WAN cabling problems.
Check your cables to make sure they are connected correctly. If this problem still occurs
after you have checked all the cables, call the phone company and report the problem.
2 = No response to TEI requests
This problem normally occurs due to invalid configuration.
Check your configuration using the following table:
basic rate
line from phone co:
point-to-point
line from phone co:
multi-point
line configured on non-
auto TEI
make sure that the
configured TEI value
is 0
change TEI to be
AUTO
line configured on auto
TEI
change TEI to be non-
auto
if problem happens
for over 5 minutes,
report problem to
phone company
3 = No UA response to SABME requests; no Layer 2
This problem normally occurs due to invalid configuration.
Check your configuration using the previous table.
4 = Failure to negotiate SPID (U.S. only). This is due to an improperly configured SPID. Check
your configuration.
5 = Failure to negotiate SPID (U.S. only). SPID has not been configured on the system; check
configuration.
Over Max Charge
Monthly call charges exceeded. Monthly call charge tracking is enabled and the configured
maximum has been exceeded.
[PAP] Identification timeout on remote device
The remote device did not send the PAP Authenticate-Request packet within a required amount of
time. Try again. If this persists, contact your remote site.
[PAP] Invalid password for <name> given by remote device
The system received the PAP Authentication-Request packet with the incorrect password for the
device name <name>.
[PAP] Remote device did not respond to the request
The system sent PAP Authenticate-Request packets the maximum number of times, but the remote
device did not send either Authenticate-Ack or Authenticate-Nak packets. The remote device may
not be working properly. Check the configuration of the remote device and reboot. If the problem
recurs, contact your Distributor or Customer Support.
Workgroup Remote Access Switch
467
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
[PAP] Remote device rejected System Information <error message>
The system received the PAP Authenticate-Nak packet with the error message <error message>
against the previous PAP Authenticate-Request sent by the system. The <error message> is from
the remote device, and is device-specific. Contact the remote site for assistance.
[PAP] Unknown name <name> given by remote device
The system received the PAP Authenticate-Request packet with the unknown device name
<name>.
Post <number>, HDLC #<number> External Loopback Test FAILED
The indicated HDLC controller, 80532 Device, failed an internal register test. The boot process
should continue; however, make note of the error message in the event of a future problem.
Post <number>, HDLC #<number> Internal Loopback Test FAILED
The indicated HDLC controller, 80532 Device, failed an internal loopback test. The boot process
should continue; however, make note of the error message in the event of a future problem.
Post <number>, HDLC #<number> Interrupt Test FAILED
The indicated HDLC controller, 80532 Device, failed an internal interrupt test. The boot process
should continue; however, make note of the error message in the event of a future problem.
Post <number>, HDLC #<number> Register Test FAILED
The indicated HDLC controller, 80532 Device, failed an internal register test. The boot process
should continue; however, make note of the error message in the event of a future problem.
Post <number>, HDLC #<number> Test FAILED
The indicated HDLC controller, 80532 Device, failed one of the constituent POSTs. The boot process
should continue; however, make note of the error message in the event of a future problem.
Post <number>, ISDN Test FAILED
The specified D-channel controller, one of 4 2086 devices, did not pass its POST. The boot process
should continue; however, make note of the error message in the event of a future problem.
Post <number> memory read error at <address>, expected <value>, read <value>
The specified memory POST failed at the specified address, with both the expected and actual
memory values displayed. The boot process should continue; however, make note of the error
message in the event of a future problem.
Post <number> NVRAM Failure
The non-volatile RAM failed during its POST. The boot process should continue; however, make
note of the error message in the event of a future problem.
Post <number>, timed out waiting for i960 to respond during POSTs
The i960 failed to respond during the allotted amount of time during the specified POST. This is an
i960 failure. The boot process should continue; however, make note of the error message in the
event of a future problem.
[PPP] Link Failure Detected: No response to periodic Echo-Requests.
This message is logged by the feature when it detects a failed link.
468
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
PVC for DLCI <dlci index> not ACTIVE
A frame was received on the PVC associated with the indicated DLCI which was not active. This is
a temporary condition, and results from an asynchronous operation between the network and
customer-premise equipment regarding the state of the individual PVCs. If this problem persists,
contact your Distributor or Customer Support.
PVC not allocated for <dlci index>
The frame relay software received a frame from the network on PVC using the indicated DLCI
which has not yet been configured. It is likely that there is a configuration mismatch between nodes
in the network such that a node is transmitting data to the node logging this error via a valid but
as yet unallocated PVC.
PVC rcv wait q already full
Indicates a lack of system resources to handle the level of traffic being experienced. Contact your
Distributor or Customer Support.
RADIUS authentication is not available. You must first ENABLE RADIUS user level authentication.
An attempt was made to configure the Terminal Server Security for RADIUS and RADIUS was not
configured on the CyberSWITCH.
RBS: Channel <channel #> - Backing off of channel, GLARE detected.
An incoming and outgoing call occurred on the indicated channel at roughly the same time. The
system discontinued the outgoing call in order to allow the incoming call to be established.
RBS: Encountered unknown source ID.
RBS_out_SM<channel #>: NO Dial Digits supplied.
RBS: Received unknown primitive from CC.
RBS: Received unknown primitive from L1.
RBS: Received unknown primitive from ME.
RBS: Received unknown primitive from RBS.
The above Robbed Bit Signaling messages indicate that the system software sent a message to the
RBS state machine that the state machine was unable to recognize or the information was incorrect.
If this message is displayed in the log messages, contact your Distributor or Customer Support.
RBS: LIF_AddTimer failure.
An event occurred that the RBS task interpreted as a call signaling event, but layer 1 is not properly
initialized. Ensure that an ISDN line is not plugged into a RBS card.
RBS: LIF_GetBuffer failure.
RBS: Unable to send host CALL_CLEARED.
RBS: Unable to send host CALL_CONNECTED.
RBS: Unable to send host CALL_REQUEST_ACK.
RBS: Unable to send host HOST_CALL_INDICATION.
RBS: Unable to send host REMOTE_DISCONNECT
RBS: Unable to send package to host.
The above Robbed Bit Signaling messages indicate that the WAN card is not communicating
properly with the host, probably due to a card failure. Contact your Distributor or Customer
Support.
RBS_out_SM<channel #>: Timeout waiting for WINK.
The system went off-hook and the switch never “winked” back, going off-hook for a specified
amount of time and then returning to on-hook. The switch must wink back in order to tell the
Workgroup Remote Access Switch
469
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
system to start dialing. Contact the telephone company and ensure that the line is configured for
wink-start.
RBS: Unexpected event chan = <channel #>, state = <state ID>
An illegal signaling event occurred in the RBS task on the specified channel. Ensure that the line is
configured correctly and that it is using the expected RBS protocol. Excess noise on the line may
also cause this event.
Read 0 bytes from file <file name> for WAN card in slot <slot #>
If seen repeatedly, the above message indicates a problem with your hard drive. Contact your
Distributor or Customer Support.
Ready for XModem Download - <ESC> to abort
The user has requested an attempt to UPDATE the system software, or it was not possible to Boot
the system the last time it was attempted.
Reattempting to Install File Set into Flash Memory
The SSB is re-attempting to install the FileSet. The Flash File System may have been corrupted when
attempting to install the FileSet the first time. In the meantime, the Flash File System has been
formatted.
Rebooting...
The system is going to wait until the WatchDog timer expires, which causes the entire system to
reboot.
Received charge amount - <charge amount>
The system has received an advice of charge from the network for the call just disconnected. The
charge for this call is indicated in the charge amount parameter.
Received CLLM while PVC for DLCI <dlci index> in unexpected state <state>
A CLLM message was received indicating that a network condition should be expected for the PVC
associated with the indicated DLCI. However, this PVC is in the indicated state and as such is
already acting on a previous network condition notification.
Remote peer ID discrepancy
The On-node Device Table and the remote end of the connection disagree on the identity of the
remote end. Check configuration, and then reboot the remote device. If problem persists, contact
your Distributor or Customer Support.
Replace Lithium Battery: Contact your Representative
If this message is displayed in the log messages, contact your Distributor or Customer Support
before you power off your system.
Requested channel not available - <slot #, port #>
The system has attempted a call using a channel on the indicated line that was not available. The
call will be retried over a different line if possible.
Reserved signal
This message is informational only and is used to indicate additional details on the <signal value>
received in the “call progress” information message.
470
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Resmem_gettotal: Enabled size <size>, greater than Checksize <size> for <sub name>
Internal error that should be reported to Customer Support.
ResMem_Malloc failure for subsystem <sub name>
(size=<size>, type=<type>, class=<class>, ra=<hex return address>)
ResMem_Malloc Size <size> too large for subsystem <sub name> (type=<type>, class=<class>
ra=<hex return address>)
ResMem_Malloc Device not registered (ra=<hex return address>)
ResMem_Obtainable Device not registered (ra=<hex return address>)
Any of the above three messages indicate that an internal error has occurred that should be
reported to Customer Support. The system will restart when this error occurs.
Retrying download of DM card in slot <slot#> in <x> seconds
The system has failed on previous attempts to initialize the Digital Modem card. The system will
retry a specific number of times before logging a failure message. Check the hardware and software
configuration, reseat the card in its ISA slot, and/ or check the MVIP cabling. If the problem persists,
contact your Distributor or Customer Support.
Rx Channel Inactivity Detected
No keep-alive frames have been received over an active connection to a remote system. This
indicates that the connection or the remote node has failed (or been powered-off) without an
indication of the failure from the network. If the event continues, contact your Distributor or
Customer Support.
Security Rejection - Bridge Address Security cannot use Authentication Server
Both options (Bridge Address Security and off-node User Authentication) are not supported
simultaneously.
Security Rejection - Caller did not negotiate security
Bridge Security is configured. A caller attempted to send device data before (or without)
negotiating the Bridge Address security.
Security Rejection - HDLC not supported by the caller
A properly formed Bridge Security negotiation packet was received but the remote bridge
indicated that it did not support the HDLC protocol.
Security Rejection - Invalid Calling Line Id - <CLID>
The calling line identifier has not been configured for any valid device in the system Device list. The
number <CLID> indicates the actual number presented by the network.
Security Rejection - Invalid Password (<password>) given
A properly formed Bridge Security negotiation packet was received. The bridge is registered in the
System Device table and a password was provided, but the password provided did not match the
password in the System Device table.
Security Rejection - No Bridge Address given by caller
A normal Bridge Security negotiation packet was received, but did not contain a bridge address.
Check configuration. If problem persists, contact your Distributor or Customer Support.
Workgroup Remote Access Switch
471
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Security Rejection - No Password given by caller
A properly formed Bridge Security negotiation packet was received, and the bridge is registered in
the system Device Table, but a password is required and none was provided by the calling bridge.
Check configuration. If problem persists, contact your Distributor or Customer Support.
Security Rejection - No Protocol List supplied
A Combinet has attempted to connect to the system without the required Protocol List information.
Check configuration, and then reboot the Combinet. If problem persists, contact your Distributor
or Customer Support.
Security Rejection - Timeout on Startup Complete
After a normal Bridge Security negotiation packet is received, and the System sends a response
message, there is a five second time limit in which a “Startup Complete” message must be received.
The above security rejection message is seen if the Startup Complete message is not received before
the timer expires. Check to see if the response message was received by the calling bridge.
Security Rejection - Unknown Calling Bridge - <bridge address>
A properly formed Bridge Security negotiation packet was received but the bridge address is not
registered in the system Device Table.
SemiPermanent. Local authentication failure of Semipermanent device "x"
The system failed to authenticate the indicated device. The semipermanent connection will be
disabled. Compare the authentication device information configured on the system with the actual
configuration of the remote device. Make corrections as needed. Then, issue the call device
<device name> command to reinstate the semipermanent connection.
Semipermanent. Device "x" disconnected by admin
The administrator has issued a disc device <device name> command. Therefore, the system
will not attempt to call the indicated device again. Issuing the call device <device name>
command will make device “x” semipermanent again.
Semipermanent. Device "x" has a smaller Initial Data Rate than Base Data Rate. No connection made.
The semipermanent feature will make enough calls to meet but not exceed the device’s Initial Data
Rate. In this case, the Base Data Rate (normally 56 or 64 Kbps) is larger than the device’s Initial Data
Rate. The semipermanent feature cannot make any calls, or it will exceed the Initial Data Rate.
Reconfigure your data rates.
Semipermanent. Device "x" has had "y" bandwidth drops within "z" seconds. This device is considered to
have failed remote authentication.
Because the local system cannot always be aware of remote authentication failures, and because
there is no way to recognize remote authentication failures in the system once the remote end is
authenticated, the semipermanent feature will try to determine them by detecting excessive remote
bandwidth drops. The remote device must drop a call 10 times within a 10 minute period to trigger
this event.
Will try again in "w" minutes.
This will be displayed directly beneath the above message if a Session Interval is
configured for the device.
472
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Semipermanent. Device "x" reconnected by admin.
The administrator has issued the call device <device name> command after issuing the
disc device <device name> command. This restarts the semipermanent feature for the
indicated device.
Severe congestion CLLM received for DLCI <dlci index>
A CLLM message was received indicating severe congestion may be expected on the PVC
associated with the indicated DLCI.
Signal for unknown CallCmd task: <task Id>
Contact your Distributor or Customer Support.
<slot #, port #> Cfg Error
Line vs. adapter configuration error. A line is configured for port <port #> that does not exist on
the adapter in slot <slot #>.
[SNMP] Authentication failure, improper access rights
There are two possible causes for this message:
•
The SNMP Agent received a SetRequest PDU that contained a Community Name with an MIB
access level of MIB GUEST or MIB USER. The MIB access level must be MIB ADMIN to per-
form a SetRequest. The request was discarded.
•
The SNMP Agent received a PDU that contained a Community Name with an MIB access level
of MIB GUEST and an object Id that cannot be accessed with an MIB GUEST access level. The
request was discarded.
[SNMP] Authentication failure, unknown community name
The SNMP Agent received a request PDU whose community name is not configured in the
Community Names Table. The request was discarded.
[SNMP] SNMP initialization failure - unable to allocate necessary memory
The SNMP feature was unable to initialize because it could not obtain the necessary memory. The
SNMP feature is disabled and no SNMP request will be processed. Contact your Distributor or
Customer Support.
[SNMP] SNMP initialization failure - unable to open UDP port
The SNMP feature was unable to initialize because it could not obtain the necessary UDP port. The
SNMP feature is disabled and no SNMP request will be processed. Check the configuration, and
then contact your Distributor or Customer Support.
[SNMP] SNMP initialized successfully
The SNMP Agent has been successfully initialized and is fully operational.
[SNMP] Unable to obtain an SNMP Trap queue entry buffer
The SNMP Agent attempted to generate a TRAP PDU but was unsuccessful because it could not
obtain necessary memory. The TRAP was not sent. Contact your Distributor or Customer Support.
[SNMP] Unable to obtain an SNMP Trap queue header
The SNMP Agent attempted to generate a TRAP PDU but was unsuccessful because it could not
obtain necessary memory. The TRAP was not sent. Contact your Distributor or Customer Support.
Workgroup Remote Access Switch
473
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
SPID FSM got unidentifiable INFO msg - Slot=<slot #> Port=<port #> Ces=<communication endpoint
suffix>
An unexpected information message was received from the network on the indicated line. If you
are having trouble establishing calls on this line, the problem should be reported to your phone
company.
SSB: Can’t read RTC prior to i960 POSTs
The Real Time Clock became inaccessible before invoking the i960 POSTs. The RTC is used to guard
against infinite loops while waiting for the i960 to run its POST tests. The boot process should
continue; however, make note of the error message in the event of a future problem.
SSB: Couldn’t read RTC during i960 POSTs
The Real Time Clock became inaccessible during the running of the i960 POSTs. The RTC is used
to guard against infinite loops while waiting for the i960 to run its POST tests. The boot process
should continue; however, make note of the error message in the event of a future problem.
SSB: i960 I/O memory copy differs from flash image at <address>
After loading the i960 POST tests into the I/ O memory, a value unexpectedly changed at the
address given.
SSB: i960 Memory read error at <address>, expected <value>, read <value>
While testing the shared memory area (I/ O memory and the peripheral buffer memory), an error
was detected. The boot process should continue; however, make note of the error message in the
event of a future problem.
SSB: i960 POST number not equal to i386’s
The i386 requested the i960 to run a specific POST. Upon receiving the response, from the i960, it
was determined that a different POST was actually run.
The boot process should continue; however, make note of the error message in the event of a future
problem.
SSB: Post 23 i960host_int_reg FAILURE
The i960 failed its internal register test. The boot process should continue; however, make note of
the error message in the event of a future problem.
SSB: Post 24 i960io_int_reg FAILURE
The i960 failed its I/ O register test. The boot process should continue; however, make note of the
error message in the event of a future problem.
SSB: Post 25 i960io_mod_mem_1 FAILURE
The i960 failed its I/ O memory test using the first test pattern. The boot process should continue;
however, make note of the error message in the event of a future problem.
SSB: Post 26 i960io_mod_mem_2 FAILURE
The i960 failed its I/ O memory test using the second test pattern. The boot process should continue;
however, make note of the error message in the event of a future problem.
SSB: Post 27 i960timer_82c54FAILURE
The i960 failed its timer unit test. The boot process should continue; however, make note of the
error message in the event of a future problem.
474
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
SSB: Post 28 i960lan_82596sx FAILURE
The i960 failed its LAN Coprocessor test. The boot process should continue; however, make note of
the error message in the event of a future problem.
SSB: Post 29 i960lan_82503 FAILURE
The i960 failed its LAN transceiver test. The boot process should continue; however, make note of
the error message in the event of a future problem.
SSB: Post 30 i960per_mod_mem_1 FAILURE
The i960 failed its peripheral buffer memory test using the first test pattern. The boot process
should continue; however, make note of the error message in the event of a future problem.
SSB: Post 31 i960per_mod_mem_2 FAILURE
The i960 failed its peripheral buffer memory test using the second test pattern. The boot process
should continue; however, make note of the error message in the event of a future problem.
SSB: Post 32 i960hdlc_1 FAILURE
The i960 failed its 80532 test using the first HDLC controller. The boot process should continue;
however, make note of the error message in the event of a future problem.
SSB: Post 33 i960hdlc_2 FAILURE
The i960 failed its 80532 test using the second HDLC controller. The boot process should continue;
however, make note of the error message in the event of a future problem.
SSB: Post 34 i960hdlc_3 FAILURE
The i960 failed its 80532 test using the third HDLC controller. The boot process should continue;
however, make note of the error message in the event of a future problem.
SSB: Post 35 i960hdlc_4 FAILURE
The i960 failed its 80532 test using the fourth HDLC controller. The boot process should continue;
however, make note of the error message in the event of a future problem.
SSB: Post 36 i960isdn_1 FAILURE
SSB: Post 37 i960isdn_2 FAILURE
SSB: Post 38 i960isdn_3 FAILURE
SSB: Post 39 i960isdn_4 FAILURE
The i960 failed its 2086 test using the first (second, third or fourth) D-channel controller The boot
process should continue; however, make note of the error message in the event of a future problem.
SSB: Timed out waiting for i960 to initialize for POSTSs
The i960 did not respond to an initialization request in a timely manner. This is a i960 failure. The
boot process should continue; however, make note of the error message in the event of a future
problem.
Starting Triggered RIP/SAP for <device>
This message indicates that triggered RIP/ SAP has started for a device (either locally configured
or one present in the WAN peer list). Triggered RIP/ SAP has been configured as a routing protocol
for this particular device.
Stream Ready rejected - MTU too small
The remote device will only accept the stream connection if the MTU is set to be > 1514. Check to
make sure that the remote device and the CyberSWITCH MTU value is set to > 1514.
Workgroup Remote Access Switch
475
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
[STP] A BLAN Topology Change has been detected
The system has detected a topology change in the Spanning Tree environment.
[STP] A new Root Bridge has been detected
The system has detected a new root bridge for the Spanning Tree environment.
[STP] LAN Port <port #> is now a Designated Port
The indicated LAN port has become the designated port for the attached LAN.
[STP] LAN Port <port #> is now the Root Port
The indicated LAN port has become the root port for the system.
[STP] This Bridge is now the Root Bridge
The system has become the root bridge for the Spanning Tree environment.
Successfully Loaded Release <X.Y> Issue <Z>
The specified release of System software was successfully loaded into memory.
Switch could not recognize phone number nnnnnnn
The switch did not accept the phone number dialed as a complete number. Check the correctness
of the phone number (including any leading digits such as 8 or 9).
System Clock Fault on Wan Adapter in Slot <slot #>
Indicates a TDM bus connection failure. Check to make sure that the TDM bus has been correctly
connected.
TACACS authentication is not available. You must first ENABLE TACACS user level authentication.
An attempt was made to configure the Terminal Server Security for TACACS and TACACS was
not configured on the CyberSWITCH.
TCP Connection to VRA Manager Lost
The TCP connection to the SFVRA Connection Manager has gone down.
TDM Clock Master changed TO (slot #, port#) FROM (slot #, port #)
The Clock Manager has dynamically adjusted the master clock source in response to an external
line state change.
Temporarily unable to read flash file system due to flash reclaim in progress - try again later
The system is automatically performing a flash reclaim to reclaim space previously occupied by
deleted files. Wait several seconds (up to a minute maximum) and try your file system command
again.
Terminal Server Security connections disabled. Dropping call.
The Terminal Server Security is set to none and a terminal connection was requested. Check
configuration. Most likely, the Default Async Protocol is set to terminal with no Terminal Server
Security configured.
Terminal Server Security is currently using this database. You must change the Terminal Server Security
setting first.
An attempt was made to disable a User Level Security Database when the terminal server was
configured to use this database for terminal mode authentication.
476
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
[TFTP] Data buffer allocated successfully
All parts of the TFTP feature (both Server and Client) were successfully initialized.
Note: The following “[TFTP] Local error...” messages generated during client operations will be
displayed on the console only and will not be logged to disk.
[TFTP] Local error #2: Feature not initialized
The TFTP feature was not initialized properly. No file transfer will be attempted. Check the
configuration, and then contact your Distributor or Customer Support.
[TFTP] Local error #3: Server not initialized
The TFTP Server was not initialized. The TFTP Server will not attempt any file transfers. Check the
configuration, and then contact your Distributor or Customer Support.
[TFTP] Local error #4: UDP rejected packet <filename>
The UDP subsystem could not send the data because there was a problem with the file. If this
message appears consistently, contact your Distributor or Customer Support.
[TFTP] Local error #5: UDP open failed
The UDP subsystem could not open a new port. No file transfer will be attempted. Check the
configuration, and then contact your Distributor or Customer Support.
[TFTP] Local error #6: All UDP buffers in use <filename>
All of the TFTP/ UDP buffers are in use. There may be a problem with the specified file; try
replacing it. If this message appears consistently, contact your Distributor or Customer Support.
[TFTP] Local error #7: Received packet with size zero
The TFTP protocol received a packet with no data.
[TFTP] Local error #8: No route defined <filename>
The TFTP protocol was instructed to start a TFTP session with an IP ADDRESS (HOST) for which
there is no defined route. There may be a problem with the specified file; try replacing it. If this
message appears consistently, contact your Distributor or Customer Support.
[TFTP] Local error #9: File transfer timed out <filename>
The TFTP file transfer timed out. There may be a problem with the specified file; try replacing it. If
this message appears consistently, contact your Distributor or Customer Support.
[TFTP] Local error #10: IP addressing inconsistency detected
The TFTP protocol received a packet from a host for which no file transfer was being processed.
This should not affect any files being transferred.
[TFTP] Local error #11: Received packets out of sequence <filename>
The TFTP protocol received a data packet that either was too old or one was skipped. There may
be a problem with the specified file; try replacing it. If this message appears consistently, contact
your Distributor or Customer Support.
[TFTP] Local error #12: Bad packet length received <filename>
The TFTP protocol received a packet that was too big. There may be a problem with the specified
file; try replacing it. If this message appears consistently, contact your Distributor or Customer
Support.
Workgroup Remote Access Switch
477
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
[TFTP] Local error #13: Received unexpected opcode <filename>
The TFTP protocol received a packet that was not expected. There may be a problem with the
specified file; try replacing it. If this message appears consistently, contact your Distributor or
Customer Support.
[TFTP] Local error #14: Bad file name
The local file (as defined from a remote host) was not recognized as a valid file name. No file
transfer will be attempted.
[TFTP] Local error #15: Bad mode string
The TFTP mode string was not NETASCII nor OCTET. No file transfer will be attempted.
[TFTP] Local error #17: Unable to locate file/directory <filename>
The file system was unable to locate the file requested. No file transfer will be attempted.
[TFTP] Local error #18: Unable to open file <filename>
Either the file does not exist or the device (Client or Server) does not currently have access to this
file. No file transfer will be attempted.
[TFTP] Local error #19: Disk full <filename>
The local disk became full during the TFTP file transfer. There may be a problem with the specified
file; try replacing it. If this message appears consistently, contact your Distributor or Customer
Support.
[TFTP] Local error #20: Error while writing file <filename>
An error occurred while writing to a file. The file may be corrupted and must be replaced.
[TFTP] Local warning #21 All sessions in use
All of the allowed TFTP sessions are currently in use. No file transfer will be attempted. (TFTP
client console message only; not logged on System.)
[TFTP] Local warning #22 Feature Disabled
The TFTP feature was disabled from within Dynamic Management’s Manage Mode. (TFTP client
console message only; not logged on System.)
[TFTP] Local warning #23 Server Disabled
The TFTP Server was disabled from within Dynamic Management’s Manage Mode. (TFTP client
console message only; not logged on System.)
[TFTP] Local warning #24 Client Disabled
The TFTP Client was disabled from within Dynamic Management’s Manage Mode. (TFTP client
console message only; not logged on System.)
[TFTP] Local warning #26 TFTP Session Killed
The TFTP session was terminated by the network administrator via issuing the TFTP kill
<session Id> console command.
Note: For the following [TFTP] Remote error messages the Remote Host TFTP Servers/ Client
will map error messages within the types shown below. The text portion of each message
may vary with each Host transmitting the message.
478
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
[TFTP] Remote error #0: (Text from Remote Host)
Undefined error. The accompanying text (if any) should describe the error. The file being
transferred may be corrupted.
[TFTP] Remote error #1: (Text from Remote Host)
The REMOTE HOST could not find the file specified on its system. No file transfer will be
attempted.
[TFTP] Remote error #2: (Text from Remote Host)
The REMOTE HOST is reporting an access violation of the specified file. No file transfer will be
attempted.
[TFTP] Remote error #3: (Text from Remote Host)
The REMOTE HOST is reporting that its disk is full. The file being transferred may be corrupted.
[TFTP] Remote error #4: (Text from Remote Host)
The REMOTE HOST is reporting that it received a TFTP packet that it was not expecting. The file
being transferred may be corrupted.
[TFTP] Remote error #5: (Text from Remote Host)
The REMOTE HOST is reporting that it was not expecting a packet from our system. The file being
transferred may be corrupted.
[TFTP] Remote error #6: (Text from Remote Host)
The REMOTE HOST is unable to overwrite the specified file. No file transfer will be attempted.
[TFTP] Remote error #7: (Text from Remote Host)
This message indicates that the specified device does not exist. This error should not occur since
TFTP does not use Device Ids.
[TFTP} Server UDP port (69) closed successfully
Informational message stating that the TFTP server UDP port was successfully closed.
[TFTP} Server UDP port (69) opened successfully
Informational message stating that the TFTP server UDP port was successfully opened.
[TFTP] Unable to allocate data buffers
The entire TFTP feature (both Server and Client) was not initialized. Contact your Distributor or
Customer Support.
[TFTP] Unable to open Server UDP port (69)
The TFTP Server was not initialized; however, the TFTP Client may still work. If this message
occurs repeatedly, or if the TFTP Client does not work, contact your Distributor or Customer
Support.
The call deflection selection is prior to CCITT 1988
Verify that the facilities provided by the service provider are CCITT 1988.
The call has been disconnected
A call has been up longer than the amount of time configured and has been taken down.
Workgroup Remote Access Switch
479
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
The call is allowed to continue
A call has been up longer than the amount of time configured, but it has not been taken down.
The compression subsystem is not enabled
Check CFGEDIT; verify that compression is enabled.
The conformance selection is prior to CCITT 1988
Verify that the facilities provided by the service provider are CCITT 1988.
The RADIAC Feature is no longer supported. The RADIAC feature has been replaced by the TACACS
Feature. The TACACS Feature configuration must be completed before usage.
With the addition of User Level Security, the need for the RADIAC GATEWAY is gone. The
CyberSWITCH has incorporated the functionality of the RADIAC GATEWAY within the
CyberSWITCH itself. When the configuration file parser encounters a system configured for using
the RADIAC feature, it switches the configuration to now use User Level Security utilizing a
TACACS off-node authentication server. Since the older CyberSWITCH knew nothing about the
location of the TACACS server, the TACACS server configuration must be completed before the
CyberSWITCH will allow network access through a WAN connection.
Timeout detected on connection establishment
The system initiated a connection with a remote site, but a time-out occurred while waiting for a
connection response from the network. Verify that the remote site is active and that the network is
operational.
Timeout detected on receiving caller’s number
The incoming call security feature is enabled and the caller’s number was not received, so the call
was disconnected. Contact your phone company and verify that your switch supports passing
along the calling number information element. (This is sometimes referred to as ICLID for
InComing Line Identification).
Timeout on SPID Exchange - Slot=<slot#> Port=<port #> Ces=<communication endpoint suffix>
SPID exchange was not completed in time (i.e., switch never responded to the SPID). Check switch
configuration to make sure the correct SPID value has been entered.
Timeout on Startup Complete
A startup complete message was not return from the Combinet after we sent the response a number
of times. Check the configuration, and then reboot the Combinet. If problem persists, contact your
Distributor or Customer Support.
Timeout waiting for DL Config Response
Timeout waiting for DSL Config Response
Timeout waiting for Terminate DSL Response
The above messages indicate that an attempt has been made to dynamically update the Data Link
configuration, but the system did not receive a response from a Basic Rate adapter for an earlier
request. Restart the system and review the configuration for the adapter. If the problem persists,
the system may be faulty. Contact your Distributor or Customer Support.
Tried to free unallocated buffer <sub name>, size=<size>
Internal error that should be reported to Customer Support.
480
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Transmit rate increased to <transmit rate>: Access <access index>, DLCI <dlci index>
The effective transmit rate has been increased to the indicated rate for the indicated DLCI under the
indicated access.
Transmit rate reduced to CIR <transmit rate>: Access <access index>, DLCI <dlci index>
The effective transmit rate has been limited to the Committed Information Rate which is the rate
for the indicated DLCI under the indicated access.
Type mismatch of configured & installed adapter #’x’
Configuration mismatch between the indicated adapter and the resource that was configured. The
system resource configuration should be corrected.
Unable to add dynamically-obtained device data into Device Table
The System authentication type is configured to obtain device information off-node. If such
information cannot be stored internally due to a temporary resource shortage, the call is dropped.
Unable to allocate IPX spoofing memory. IPX spoofing is being performed in a degraded mode.
The memory required by the IPX spoofing feature could not be allocated. The IPX spoofing code
will continue to run but it will run in a degraded mode. The default IPX spoofing options will
always be used when a connection is down to a device.
Unable to allocate port structure for port <port name> with address <AppleTalk Address>
Contact your Distributor or Customer Support.
Unable to allocate unnumbered wan port for device <device name>
Contact your Distributor or Customer Support.
Unable to complete Bridge Dial Out call: Insufficient information configured for Dial Out Device
Verify that Bridging and Make Calls for Bridge Data are enabled at the device level.
Unable to communicate with encryption board
Try again. If the problem persists, you may have a faulty encryption board. Replace the board.
Unable to Decrypt Datagram
An incoming datagram could not be decrypted. Verify encryption parameters on both nodes.
Unable to dynamically determine incoming call usage: Call Released.
This message refers to an incoming analog call which is going through the digital modem. The
digital modem has transferred the call to the AUD to determine type of call. The AUD did not
recognize any PPP LCP frames to transfer to the PPP stack, nor did it recognize the four carriage
returns it requires (within 5 seconds of connection) for remote analog console access.
If you are attempting remote analog console access, be sure to press the carriage return four times
within 5 seconds of making the connection.
Unable to get Digital Modem resource to place call
A Digital Modem dial-out call was attempted, and the system was unable to open a resource to
place the call. Using the modem status command, check to ensure that there are usable modems
available. If there are, and the problem persists, contact your Distributor or Customer Support.
Workgroup Remote Access Switch
481
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Unable to Identify a remote device
A device that was not identified by any active security measures (for example, PAP or CHAP) was
rejected.
Unable to Identify a remote device - <calling line id
A device that was not identified by any active security measures (for example, PAP or CHAP) was
rejected and is identified by its Calling Line Id.
Unable to Identify a remote device - no CLID
A device that was not identified by any active security measures (for example, PAP or CHAP) was
rejected and the caller did not present a Calling Line Id.
Unable to identify the frame type <CCB: xxxx>
The frame type (raw HDLC, RFC 1294, or PPP) can not be identified and therefore the connection
has been terminated. “CCB: xxxx” is included for your Distributor or Customer Support. The most
likely causes for the problem are: malfunction of the remote device, or a faulty line. Begin by
checking the configuration of the remote device, and then rebooting the device. If this does not
solve the problem, contact your Distributor. He/ she will help you determine whether or not the
line is faulty.
Unable to locate device entry in on-node database for terminal session
A device matching the login id entered at the user level security prompt was not found in the on-
node database, and SFVRA Connection Manager was not configured.
Unable to open \ config\ devdb.nei file
Disregard this message if you have not yet added at least one device to the system’s on-node device
table and saved the change. The configuration file, \ config\ devdb.nei, is created the first time the
device table is saved. If the message continues, contact your Distributor or Customer Support.
Unable to open Modem Upgrade file
There may be a problem with the modem revision file. Contact your Distributor or Customer
Support.
Unable to restore original ISRs for Interrupt <interrupt #>
Check hardware jumpers and switches on the DM card and reinstall. Verify that the DM card is
properly configured in CFGEDIT. If the problem persists, contact your Distributor or Customer
Support.
Unable to send device information request to SFVRA after a terminal authentication.
Unable to send to SFVRA Connection Manager. Verify proper configuration of SFVRA-CONN and
Call Control options.
Unable to send DL Config Request
Unable to send DSL Config Request
Unable to send Terminate DSL Request
The above three messages indicate that an attempt has been made to dynamically update the Data
Link configuration, but the system is unable to send an update message down to a Basic Rate
adapter. Restart the system and review the configuration for the adapter. If the problem persists,
the system may be faulty. Contact your Distributor or Customer Support.
482
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
Unexpected error during transmission of LMI frame
A system error occurred during the actual transmit request for an LMI frame. Contact your
Distributor or Customer Support.
Unknown Calling Bridge <MAC address>
MAC address security is enabled and the remote Combinet does not match any of the defined
devices.
Unknown DLCI <dlci index> in CLLM message
The network has sent a CLLM message which has referenced the indicated DLCI that has not been
configured. Check the system configuration for the indicated DLCI.
Unknown Security Association
An incoming datagram specifies a Security Parameter Index (SPI) which has not been defined on
this node. Verify the encryption parameters on both nodes. Adjust if necessary so that both nodes
reflect the same SPI.
Unmatched Login Task
This represents an internal system error. Contact your Distributor or Customer Support.
Unsupported Combinet protocol received: <protocol Id>
An unsupported Combinet protocol attempted to connect to the system. Contact your Distributor.
You may need to upgrade software to support this.
Unsupported Combinet protocol version received: ‘<version Id>‘. [Device: <device name>]
An unsupported Combinet version attempted to connect to the system. Contact your Distributor.
You may need to upgrade software to support this.
Updating CyberSWITCH from “<FileName>”
The specified file, received during a Reliable Remote Upgrade, was successfully loaded into
memory and will now be verified before installation into the Flash File System.
User Level Authentication flag is enabled for Terminal User xxx. Setting flag to disabled.
The device definition for xxx should have User Level Authentication disabled.
These two messages are displayed together. In device entries for terminal server connections, user-
level authentication should not be enabled. In the event the CyberSWITCH finds an enabled
condition, it will disable the pertinent flag for the duration of the call only. To avoid this situation
permanently, disable the user level authentication flag in device entries for all terminal server
connections.
Waiting for WAN card in slot <slot #> to complete initialization
Download process update for WAN card in slot <slot #>.
WAN card in slot <slot #> signals it is operational
Download process update that indicates that WAN card in slot <slot #> is now operational.
WAN Port is now in the Forwarding state
WAN port connections used by the bridge are now entering the specified state.
WAN Port is now in the <new state> state
The WAN connection port used by the bridge is entering the specified new state.
Workgroup Remote Access Switch
483
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
WAN: RBS Not Available on this card.
A RBS debugging command was attempted on a PRI card that is not configured for RBS. Check the
card configuration and ensure you have the proper type of card.
Watchdog timeout detected on DM board in slot <slot #>
The Digital Modem card in the specified slot is not functioning properly. Check the board’s
configuration in CFGEDIT, reseat the board in its ISA slot, and check any MVIP bus cabling. If
everything seems in order and the problem persists, contact your Distributor or Customer Support.
Watchdog timeout detected on WAN board ’x’
The system has detected that the indicated adapter has failed. This is a fatal condition and will
cause the card to be reset. Verify the settings on the adapter. If theses are all correct and the problem
persists, the indicated adapter card may be faulty. Contact your Distributor or Customer Support.
The following messages are reported when a remote X.25 device's facilities do not match with those
configured locally:
X25 facilities error, facilities not allowed in PVC
A facility is configured, for example call deflection, which is not allowed in a PVC. Check your PVC
configuration.
X25 facilities error, fast select with restriction on response was required
The fast select with restriction on response is required. Verify that fast select is enabled by both
DTE’s and the service provider.
X25 facilities error, bad facility length
The facilities length is missing. Contact your Distributor or Customer Support.
X25 facilities error, invalid facilities length
The length of the facilities packet is invalid. Contact your Distributor or Customer Support.
X25 facilities error, invalid DTE address
The supplied address in a X.25 call packet was invalid. Verify that the local DTE address
configuration matches the address supplied by the service provider.
X25 facilities error, facility not allowed
A facility was requested which is not enabled. Verify that the specific facility is enabled by both
DTE’s and the service provider.
X25 facilities error, facility length too short
The length of the facilities packet is too short. Contact your Distributor or Customer Support.
X25 facilities error, invalid facilities parameter
A value was chosen for facility which is out of the acceptable range of values for that facility. The
range of acceptable values for that facility should be verified at both DTE’s and by the service
provider.
X25 facilities error, reverse charging not allowed
The reverse charging facility was selected by the DTE. Verify that reverse charging is enabled by
both DTE’s and the service provider.
484
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MESSAGES
System Message Summary
X25 facilities error, reverse charging not accepted
The reverse charging facility was selected by the DTE. Verify that reverse charging is enabled by
both DTE’s and the service provider.
X25 facilities error, fast select not available
The fast select facility was selected by the DTE. Verify that fast select is enabled by both DTE’s and
the service provider.
X25 facilities error, fast select not accepted
The fast select facility was selected by the DTE. Verify that fast select is enabled by both DTE’s and
the service provider.
X25 facilities error, throughput negotiation not allowed
The DTE throughput class does not match the throughput class available at either the DCE or the
remote DTE, and throughput negotiation is not enabled. You should enable throughput
negotiation at both DTE’s. If this is not possible, or does not work, select the same throughput class
at both DTE’s.
X25 facilities error, closed device group not allowed
The closed device group facility was selected by the DTE. Verify that the closed device group
facility is enabled by both DTE’s and the service provider.
X25 facilities warning, reverse charging info not available
The service provider does provide reverse charging information. No action required.
X25 facilities error, facility not available
A facility was requested which is not enabled. Verify that the specific facility is enabled by both
DTE’s and the service provider.
X25 facilities error, packet length negotiation not allowed
The DTE packet length does not match the packet length available at either the DCE or the remote
DTE, and packet length negotiation is not enabled. You should enable packet length negotiation at
both DTE’s. If this is not possible, or does not work, select the same packet length at both DTE’s.
X25 facilities error, window size negotiation not available
The DTE window size does not match the window size available at either the DCE or the remote
DTE, and window size negotiation is not enabled. You should enable window size negotiation at
both DTE’s. If this is not possible, or does not work, select the same window size at both DTE’s.
X25 facilities error, RPOA not available
Recognized Private Operating Agency selection is not available. The System does not support this
feature.
X25 facilities warning, transit delay not available
The service provider does provide transit delay information. No action required.
X25 facilities warning, charge inform not available
The service provider does provide charging information. No action required.
X25 facilities warning, call redirect notification not available
The service provider does provide call redirect information. No action required.
Workgroup Remote Access Switch
485
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
X25 facilities warning, NUI not available
Network device identification not available. No action required.
X25 permanent virtual circuit down: Access=<access index>, PVC=<PVC index>, LCN=<LCN>
The indicated X.25 virtual circuit is down. Switched backup connections will be used, if available.
This message will occur if the other system is down, or if the network interface line is not connected,
or if the authentication of the remote device failed.
X25 permanent virtual circuit to device <device name> up: Access=<access index>, PVC=<PVC index>,
LCN=<LCN>
The indicated X.25 virtual circuit is operational.
XMODEM DATA FAILED CRC CHECKS
A file contained in the X-Modem file set has failed the CRC check. The system will automatically
reset and attempt a reboot in an effort to correct the problem. If the system continues to fail, make
note of the displayed messages, and call your distributor. A software update is likely needed.
Zone allocation failed, increase zone table capacity.
The number of AppleTalk zones has surpassed the configured zone table capacity. The
CyberSWITCH configuration utility allows you to set the maximum number of defined and
learned zone table entries. The default value is 512. The maximum is 2,000. You may need to reset
the zone table capacity to a higher number.
Zone allocation failed, maximum capacity already configured
The maximum number of AppleTalk zones have been surpassed. Contact your Distributor or
Customer Support.
486
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
TRACE MESSAGES
OVERVIEW
Trace messages include the following categories of messages:
Before trace messages can be logged to the system report log, you must first enable the type of trace
you would like to use. Once enabled, the system includes the trace messages in the memory-
resident report log. To access this log, use the following commands:
dr or ds
er or es
wr or ws
display reports or display statistics
erase current messages/ statistics from memory
write reports/ statistics to disk
When the system writes system messages to disk, it stores them in the following locations:
Directory:
File Name:
\log
rprt_log.nn
(where “nn” is an integer that is incremented each time a new file is
written.)
The system reports messages using the following format:
Message Type
Time
Report Number
Message
I
Informational
hour:minutes:second
internal ID for area
reporting the
message
actual text of
the message
W Warning
E
Error
Where:
•
•
•
•
The Message Type quickly identifies the type of message the system reports.
The Time identifies when the message was reported.
The Report Number is used by your Distributor or Cabletron Customer Support.
The Message text describes the actual message being reported.
Below, there is a separate section included for each category of trace messages. For each category,
a definition of the trace message type, the command to enable/ disable the logging of the trace
messages, and an alphabetized list of the associated messages is included.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
CALL TRACE MESSAGES
A feature of the CyberSWITCH console is the ability to save and display a record of the high level
ISDN calls between the system and the local telephone switch. If calls are unable to be completed,
this is normally the first area to look.
Call Trace puts messages into the Report log that can be read by using the dr command. Call Trace
is enabled by using the trace on command, and disabled by trace off.
The following is a description of the possible fields included in a Call Trace Message:
1. The <Call Id> field in the message can be used to keep track of messages for the same phone
call. This is useful when a system is making more than one call at a time.
2. The In-Disconnect and In-Information messages have a location field. This identifies where the
message originated.
The following chart provides a list of locations that may appear in Call Trace messages:
Location Causes
Value Meaning
0
1
remote device
private local network
public local network
transit network
2
3
4
private remote network
public remote network
international network
local CyberSWITCH system
5
7
FF
3. The In-Disconnect messages have a cause field. This is the value (in hex) that was in the
message. It explains why either a call was disconnected or why a call attempt was not able to
be completed. There are also parameters (such as <signal value>, <progress value>), that are
not described here. These values represent messages reported from the switch. We have
attempted to interpret their significance in the error message text itself.
When the call trace option is enabled, the system may report messages such as:
(I)
(I)
(I)
(I)
(I)
13:55:46.98 #1067: Out - CALL RQST CallId=0x8000 Rate=64 Slot=1 Port=1
Chans=0x2 TN=181 Ces=0 ConnId=0
13:55:46.98 #1063: In - CALL RQST ACK CallId=0x8000 Slot=1 Port=1
Ces=1ConnId=0
13:55:47.43 #1063: In - PROCEEDING CallId=0x8000 Slot=1 Port=1 Chans=0x1
Ces=1 ConnId=0
13:55:47.60 #1063: In - CONNECT Call_id=0x8000 Slot=1 Port=1 Chans=0x0
Ces=1 ConnId=0
13:55:54.16 #4D11: LAN Port 1 is now in the FORWARDING state
488
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
TRACE MESSAGES
Call Trace Messages
CALL TRACE MESSAGE SUMMARY
Access information discarded cause
Call trace message. This message is used to indicate additional details on the <cause value>
received in the “call progress” information message.
Alerting off
Informational call trace message. The alerting signal information element is off. This indicates
additional details on the <signal value> received in the “call progress” information message.
Alerting on - pattern <pattern number>
Informational call trace message. This indicates additional details on the <signal value> received in
the “call progress” information message.
Answer tone on
Informational call trace message. This message is used to indicate additional details on the <signal
value> received in the “call progress” information message.
Call has returned to the ISDN
Informational call trace message.
Call is not end-to-end ISDN
One or more of the WAN phone networks used to connect the call is not an ISDN network. The call
must be at 56 Kbps.
Call waiting tone on
Informational call trace message. It indicates additional details on the <signal value> received in
the “call progress” information message.
Custom tone on
Informational call trace message.
Delay in response at called interface
Informational call trace message.
Destination call address is non-ISDN
Informational call trace message.
Dial tone on
Informational call trace message.
Disconnect for <tone value> tone on
This message indicates that the system disconnected the outbound call. The <tone value> values
are: error tone, busy verify, confirm, busy, network congestion, or intercept. These tone values
indicate a temporary network failure. Check the outbound phone number and try again. If the
problem persists, contact your phone company.
Expensive routing tone on
Informational call trace message.
Workgroup Remote Access Switch
489
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
In - ABNORMAL RPT Call Id=<call Id> Slot=<slot #> Port=<port #> ConnId=<connect Id>
Ces=<communication endpoint suffix>
The system has detected an internal error condition. The <parameters> are included for your
Distributor or Cabletron Customer Support. An error message describing the problem should be
reported following this trace message.
In - ABNORMAL RSP Slot=<slot #> Port=<port #> Ces=<communication endpoint suffix> Err=<error>
Sev=<severity> State=<state>
The system has detected an invalid internal message type. Contact your Distributor or Cabletron
Customer Support. The <parameters> are included for your Distributor or Customer Support.
In - ALERTING Call Id=<call Id> Slot=<slot #> Port=<port #> Ces=<communication endpoint suffix>
ConnId=<connect Id> Chans=<bearer channel map>
Informational call trace message. The system has received an alerting message from the network.
The Call Id and Ces values are included for your Distributor or Cabletron Customer Support. The
remaining parameters are used to report line details.
Inband treatment has been applied
Call trace message (informational only). There are audible tones on the B-channel. (Refer to
your Distributor or Cabletron Customer Support.
In -BRD CFG ACK Slot=<slot #>
This is an initialization acknowledgment message for the indicated adapter. It is in response to a
configure message.
In - CALL RQST ACK Call Id=<call Id> Slot=<slot #> Port=<port #> Ces=<communication endpoint
suffix> ConnId=<connect Id>
A call request acknowledgment for the indicated call request.
In - CHAN STATUS Call Id=<call Id> Slot=<slot #> Port=<port #> Channel=<channel>
Action=<action> ChanState=<channel state> SvcsState=<service state>
The system has received a channel status message from the network. This message is received
when the status of a bearer channel on a line has changed. The <parameters> specify the channel
and the new state.
In - CLEAR Call Id=<call Id> Slot=<slot #> Port=<port #> Loc=<location> Cause=<cause value>
Ces=<communication endpoint suffix> ConnId=<connect Id>
The system has received a call clear message from the network. This is usually received after a call
disconnect is either initiated by the system or the network. The <parameters> are included for your
Distributor or Cabletron Customer Support.Refer to the Cause Codes Table for more information.
In - configure ack <slot #>
This is an initialization acknowledgment message for the indicated line adapter. It is in response to
a configure message.
In - CONNECT Call Id=<call Id> Slot=<slot#> Port=<port #> Chans=<bearer channel map>
Ces=<communication endpoint suffix> ConnId=<connect Id>
The system has received a connect message from the network. This indicates that a new call is now
established and ready for use. The Call Id and Ces values are included for your Distributor or
Cabletron Customer Support. The remaining parameters are used to report line details.
490
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
TRACE MESSAGES
Call Trace Messages
In - DISCONNECT Call Id=<call Id> Slot=<slot #> Port=<port #> Loc=<location> Cause=<cause value>
Ces=<communication endpoint suffix> ConnId=<connect Id>
The system has received a disconnect message from the network. The Call Id and Ces values are for
your Distributor or Cabletron Customer Support. The remaining parameters are used to report line
details. Refer to the Cause Codes Table for more information.
In - DL CFG ACK Slot=<slot #> Port=< port #> Ces=<communication endpoint suffix
This is a data link initialization acknowledgment for the indicated data link.
In - DSL CFG ACK Slot=<slot #> Port=< port #>
This is a line initialization acknowledgment for the indicated line.
In - FACILITY ACK Call Id=<call Id> Slot=<slot #> Port=<port #> ConnId=<connect Id>
Ces=<communication endpoint suffix>
The system has received a facility acknowledgment message from the network. The Call Id and Ces
values are included for your Distributor or Cabletron Customer Support. The remaining
parameters are used to report line details.
In - FACILITY Call Id=<call Id> Slot=<slot #> Port=<port #> ConnId=<connect Id>
Ces=<communication endpoint suffix>
The system has received a facility message from the network. The Call Id and Ces values are
included for your Distributor or Cabletron Customer Support. The remaining parameters are used
to report line details.
In - FACILITY REJ Call Id=<call Id> Slot=<slot #> Port=<port #> Loc=<location> Cause=<cause>
ConnId=<connect Id> Ces=<communication endpoint suffix>
The system has received a facility rejection message from the network. The Call Id and Ces values
are included for your Distributor or Cabletron Customer Support. The remaining parameters are
used to report line details. Refer to the Cause Codes Table for more information.
In - INCOMING CALL Call Id=<call Id> Slot =<slot #> Port=<port #> Chans=<bearer channel map>
Ces=<communication endpoint suffix> Rate=<data rate>
The system has received an incoming call from the network. The system will respond with a
connect or a disconnect message. The Call Id and Ces values are included for your Distributor or
Cabletron Customer Support. The remaining parameters are used to report line details.
In - INFORMATION Call Id=<call Id> Slot=<slot #> Port=<port #> Chans=<bearer channel map>
CauseLoc=<cause location> Cause=<cause value> Signal=<signal value> ProgLoc=<progress location>
Prog=<progress value> Ces=<communication endpoint suffix> ConnId=<connect Id>
The system has received a call progress message from the network. This is usually received in
response to sending a call request. The <parameters> are included for your Distributor or
Cabletron Customer Support.Refer to the Cause Codes Table for more information.
In - init data link <slot #, port #, ces>
The WAN card in slot <slot#> attempted to initialize the data link for port <port#> with
Communication Endpoint Suffix <ces>.
In - PROCEEDING Call Id=<call Id> Slot=<slot #> Port=<port #> Chans=<bearer channel map>
Ces=<communication endpoint suffix> ConnId=< connect Id>
The system has received a call proceeding message from the network. This is usually received in
response to sending a call request. The Call Id and Ces values are included for your Distributor or
Cabletron Customer Support. The remaining parameters are used to report line details.
Workgroup Remote Access Switch
491
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
In - PROGRESS Call Id=<call Id> Slot=<slot #> Port=<port #> Chans=<bearer channel map>
CauseLoc=<cause location> Cause=<cause value> Signal=<signal value> ProgLoc=<progress location>
Prog=<progress value> Ces=<communication endpoint suffix> ConnId=<connect Id>
The system has received a call progress message from the network. This is usually received in
response to sending a call request. The <parameters> are included for your Distributor or
Cabletron Customer Support.Refer to the Cause Codes Table for more information.
In - REJECTION Call Id=<call Id> Slot=<slot #> Port=<port #> Loc=<location> Cause=<cause value>
Ces=<communication endpoint suffix> ConnId=<connect Id>
The system has received a call rejection message from the network. This is in response to sending
a call request. The Call Id and Ces values are included for your Distributor or Cabletron Customer
Support. The remaining parameters are used to report line details. Refer to the Cause Codes Table for
more information.
Interworking unspecified cause
Informational call trace message. This message is used to indicate additional details on the <cause
value> received in the call progress information message. Refer to the Cause Codes Table for more
information.
Off-hook warning tone on
Informational call trace message.
Origination call address is non-ISDN
Informational call trace message.
Out - ALERTING Call Id=<call Id> Slot=<slot #> Port=<port #> Chans=<bearer channel map>
The system is sending a connection to the network. This is sent in response to receiving a call
indication. The <parameters> are included for your Distributor or Cabletron Customer Support.
Out - BRD CFG Slot=<slot #>
The system is initializing the indicated adapter.
Out - CALL RQST ACK Call Id=<call Id> Rate=<data rate> Slot=<slot #> Port=<port #> Chans=<bearer
channel map> TN=<telephone number dialed> Ces=<communication endpoint suffix> ConnId=<connect
Id>
The system is sending a call request to the network. The Call Id and Ces values are included for
your Distributor or Cabletron Customer Support. The remaining parameters are used to report line
details.
Out - configure <port #>
The system is initializing the indicated line adapter.
Out - CONNECT Call Id=<call Id> Slot=<slot #> Port=<port #> Chans=<bearer channel map>
Ces=<communication endpoint suffix> ConnId=<connect Id>
The system is sending a connection to the network. This is sent in response to receiving a call
indication. The <parameters> are included for your Distributor or Cabletron Customer Support.
Out - DISCONNECT Call Id=<call Id> Slot=<slot #> Port=<port #> Cause=<cause value>
Ces=<communication endpoint suffix> ConnId=<connect Id>
The system is sending a disconnect to the network to terminate a call. The Call Id and Ces values
are included for your Distributor or Cabletron Customer Support. The remaining parameters are
used to report line details. Refer to the Cause Codes Table for more information.
492
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
TRACE MESSAGES
Call Trace Messages
Out - DL CFG Slot=<slot #> Port=<port #> Ces=<communication endpoint suffix>
The system is initializing the indicated data link.
Out - DSL CFG Slot=<slot #> Port=<port #>
The system is initializing the indicated line.
Out - init data link <slot #, port #, ces>
The system is sending a message to the network to initialize a data link on an ISDN line. The
<parameters> are used to report line details.
Out - PROCEEDING Call Id=<call Id> Slot=<slot #> Port=<port #> Chans=<bearer channel map>
Ces=<communication endpoint suffix> ConnId=<connect Id>
The system is sending a connection to the network. This is sent in response to receiving a call
indication. The <parameters> are included for your Distributor or Cabletron Customer Support.
Recall dial tone on
Informational call trace message.
Received charge amount - <charge amount>
The system has received an advice of charge from the network for the call just disconnected. The
charge for this call is indicated in the charge amount parameter.
Received unknown abnormal report value Slot=<slot #> Port=<port #> Ces=<communication endpoint
suffix>
Informational call trace message.
Received unknown progress value
Informational call trace message.
Received unknown signal value
Informational call trace message.
Ringback tone on
Informational call trace message.
Status report progress value received
Informational call trace message.
Stutter tone on
Informational call trace message.
Tones off
Informational call trace message.
Unspecified cause
Informational call trace message. This message is used to indicate additional details on the <cause
value> received in the “call progress” information message.Refer to the Cause Codes Table for more
information.
Unspecified tone
Informational call trace message. It is used to indicate additional details on the <signal value>
received in the “call progress” information message. The <tone value> is displayed as one of the
following: dial, ring back, answer, call waiting, off hook warning, custom, recall dial, stutter dial,
or expensive routing.
Workgroup Remote Access Switch
493
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IP FILTERS TRACE MESSAGES
You can trace packets that are discarded as a result of IP Filters. Enable this feature by using the ip
filter trace discard command, and disable it with ip filter trace off. Note that
when you enable this feature, the report log has the potential of filling quickly. Use the feature
wisely, and be sure to turn it off once you’ve completed your troubleshooting. Access the discarded
packet information via the report log by using the drcommand.
Each discarded packet will cause a log report of the following format:
(F) _:_:_:_:#9a00 [IPFILT] <filtername>/ condition # at <application point name>/ in/ out
{IP} Src: xxx.xxx.xxx.xxx Dst: xxx.xxx.xxx.xxx Pr: n
{UDP} Src: n Dst: n
The first line indicates:
•
the number of the condition within that filter which matched the packet and consequently
caused a discard action,
•
the point at which the filter was applied, or a designation of global. For an IP network interface,
this will be the configured name of the interface. For a device-based filter, this will be the con-
figured device’s name.
•
In or Out, corresponding to INPUT or OUTPUT application.
The next lines contain a brief decode of the packet which was discarded. In particular, the packet
fields which comprise the packet type comparisons are displayed. The key IP fields are always
displayed on one line. If the IP protocol is one of the explicitly recognized values (ICMP, UDP,
TCP), the next line will contain a decode of the key fields of that protocol.
Sample IP Filter Trace Discard logs:
(I) 10:11:50.43 #9A00:
(I) 10:11:50.43 #9A00:
(I) 10:11:50.43 #9A00:
[IPFILT] UDP/ 1 at Intf. lan/ Out
{IP} Src: 128.131.0.1 Dst: 128.131.0.7 Pr:17
{UDP} Src: 5001 Dst: 69
•
Filter UDP, condition 1, applied at interface lan’s OUTPUT
(I) 10:11:50.71 #9A00:
(I) 10:11:50.71 #9A00:
(I) 10:11:50.71 #9A00:
[IPFILT] ICMP/ 1 at Global
{IP} Src: 0.0.0.0 Dst: 128.131.0.7 Pr:1
{ICMP} Code: 8 Type: 0
•
Filter ICMP, condition 1, applied globally
494
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
TRACE MESSAGES
PPP Packet Trace Messages
PPP PACKET TRACE MESSAGES
PPP Packet Trace allows you to display the PPP protocol negotiation that takes place when a link
is established. This information is useful when diagnosing mismatches in configuration between
two systems. PPP Packet Trace puts PPP packet information into the Report log, which can be
accessed by using the drcommand. Enable this feature by using the trace ppp on command,
and disable it with trace ppp off.Two other commands are also available, trace ppp np
and trace ppp cp. trace ppp np only enables the tracing of Network Protocol packets
received and sent by the system. When the trace ppp np command is used, no Control Protocol
packets will be reported to the system message log. trace ppp cp only enables the tracing of
Control Protocol packets received and sent by the system. When the trace ppp cp command is
used, no Network Protocol packets will be reported to the system message log.
The following is the format of a PPP trace line as it is displayed by dr:
[connection Id] [packet direction] [protocol type] [packet type]
where:
[connection Id]
Identifies the connection. The Id is a numerical value, allowing you to distinguish
connections. The numerical value represents the order in which the connections are
generated.
[packet direction]
Indicates the packet direction. IN means received packet, OUT means transmitted packet.
[protocol type]
Indicates the type of protocol used for negotiation. When a connection is made between
two devices, there are three different phases. The last two phases deal with the protocol
type and the options negotiated.
The following table summarizes the protocol types:
Protocol
Options Negotiated
Link Control
Protocol
Authentication Protocol (PAP,CHAP)
Multilink Protocol (MRRU, Endpoint
Discriminator)
PAP
Password validation
CHAP
Shared Secret validation
Compression Compression options
(CCP)
Encryption
(ECP)
IPCP
Encryption options
IP address
Bridge options
IPX options
BCP
Appletalk options
IPXCP
ATCP
[packet type]
A code field that indicates the type of command that the packet contains. PPP Control
Protocol negotiation uses the following commands:
Workgroup Remote Access Switch
495
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
•
•
Configure Request
The Configure Request is used to indicate the options that are supported by this
sending device. The Request contains an option list and the desired values if they are
different from the default value.
Configure ACK
The Configure ACK is transmitted in response to a Configure Request. It indicates that
the sending device supports the options specified in the option list of the Configure
Request and that all values are acceptable. The receiving device assumes that
negotiation is complete for the Control protocol being configured.
•
•
Configure NAK
The Configure NAK is transmitted in response to a Configure Request. It indicates that
the sending device understands, but does not accept the values of the options specified
in the option list of the Configure NAK. The option list of the NAK only contains the
unacceptable options. The receiving device should choose different options and send
another Configure Request with the new option list and values.
Configure Reject
The Configure Reject is transmitted in response to a Configure Request. It indicates
that the sending device does not understand the options specified in the option list of
the Configure Reject. The option list of the Reject only contains the unknown options.
The receiving device must assume the sender cannot process the rejected options in
any manner, and take appropriate action. The Configure Reject inherently provides
backward compatibility with older PPP implementations.
•
•
•
•
•
Terminate Request
The Terminate Request is transmitted when a device wishes to close down the
connection.
Terminate ACK
The Terminate ACK is sent in response to a Terminate Request and indicates that the
sending device has closed the connection.
Code Reject
The Code Reject is transmitted by a device if it does not recognize the PPP command
type received from the other device.
Protocol Reject
The Protocol Reject is transmitted by a device if it does not recognize the PPP protocol
type received from the other device.
Echo Request
The Echo request is used to provide a Data Link layer loop back detection mechanism.
The Echo Request packet contains the magic number of the sending device. Until the
magic number option has been negotiated the value must be set to zero.
496
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
TRACE MESSAGES
X.25 Trace Messages
•
•
Echo Reply
The Echo Reply is transmitted in response to an Echo Request. The Echo Reply packet
contains the magic number of the sending device. Until the magic number option has
been negotiated the value must be set to zero.
Discard Request
The Discard request packet is transmitted by a device to exercise the data link layer
processing. This packet is silently discarded by the receiving device.
WAN FR_IETF TRACE MESSAGES
You can trace Frame Relay (FR_IETF) incoming and outgoing packets. This FR_IETF trace
information is placed into the Report log, which can be accessed by using the dr command. Enable
this feature by using the wan fr-ietf trace on command, and disable it with wan fr-ietf
trace off. You can specify the direction of the packets (in or out), a particular device or PVC
(<device> or <fr_accessname_dlci>) and the protocol (AT, BR, IP, or IPX) to be traced.
The following is the format of a FR_IETF trace line as it is displayed by dr:
[packet direction] : [device name or fr_accessname_dlci] [protocol] size:[NN]
where:
[packet direction]
Indicates the packet direction. IN means received packet, OUT means transmitted packet.
[device name or fr_accesname_dlci]
Indicates the device or Frame Relay PVC associated with the traced data.
[protocol]
Identifies the protocol type of the traced data. Protocol types are AT (AppleTalk), BR (MAC
Layer Bridge), IP, and IPX.
[NN]
Identifies the size of the data in bytes.
X.25 TRACE MESSAGES
It is now possible to trace X.25 incoming and outgoing packets. This X.25 trace information is placed
into the Report log, which can be accessed by using the dr command. Enable this feature by using
the trace x25 on command, and disable it with trace x25 off.
X.25 TRACE MESSAGE SUMMARY
In - X25 Call Connect LCN <logical channel number>, <number of bytes> bytes
The DTE has accepted an incoming SVC call.
In - X25 Clear Ind LCN <logical channel number>, <number of bytes> bytes
An SVC call has been cleared by the DCE.
Workgroup Remote Access Switch
497
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
In - X25 CONNECTION CONFIRMATION ConnId=<connection Id> Access=<access index>
RemDteAddr=<x121 address or protocol/route id>
The system has received a connect message from the network. This indicates that a new call is now
established.
In - X25 CONNECTION INDICATION ConnId=<connection Id> Access=<access index >
RemDteAddr=<x121 address or protocol/route id>
The system has received an incoming call from the network. The system will respond with a
connect or a disconnect message.
In - X25 DATA LCN <logical channel number>, <number of bytes> bytes
Data transfer.
In - X25 DCE Clear Conf LCN <logical channel number>, <number of bytes> bytes
The DCE is confirming that an SVC call has been cleared by the DTE.
In - X25 DCE Interrupt LCN <logical channel number>, <number of bytes> bytes
An interrupt packet has been received from the DCE. Flow control procedures do not apply to
interrupt packets.
In - X25 DCE Intr Conf LCN <logical channel number>, <number of bytes> bytes
The DCE is confirming that an interrupt packet has been received.
In - X25 DCE REJ LCN <logical channel number>, <number of bytes> bytes
The DCE has detected a packet sequence error.
In - X25 DCE Restart Conf LCN <logical channel number>, <number of bytes> bytes
The DCE is confirming that all virtual circuits have been reset.
In - X25 DCE RNR LCN <logical channel number>, <number of bytes> bytes
The DCE is not ready to receive packets from the DTE.
In - X25 DCE RR LCN <logical channel number>, <number of bytes> bytes
The DCE is acknowledging data packets from the DTE.
In - X25 Diagnostic LCN <logical channel number>, <number of bytes> bytes
The DCE is providing a diagnostic packet with a cause and an error code.
In - X25 DISCONNECT CONFIRMA]TION Connid=<connection Id> Access=<access index>
The system has received a disconnect confirmation message from the network. This is usually
received after a call disconnect is either initiated by the system or the network.
In - X25 DISCONNECT INDICATION ConnId=< connection Id > Access=< access index > Cause=<cause
for disconnect> Diag=<diagnostic for disconnect>
The system has received a disconnect message from the network.
In - X25 Incoming LCN <logical channel number>, <number of bytes> bytes
An SVC call has been received from the DCE.
In - X25 Reset Ind LCN <logical channel number>, <number of bytes> bytes
The DCE is resetting a virtual circuit.
In - X25 Restart Ind LCN <logical channel number>, <number of bytes> bytes
The DCE is resetting all virtual circuits.
498
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
TRACE MESSAGES
X.25 Trace Messages
Out - X25 Call Accept LCN <logical channel number>, <number of bytes> bytes
The DTE is accepting an SVC call.
Out - X25 Call Request LCN <logical channel number>, <number of bytes> bytes
The DTE is attempting to place an SVC call.
Out - X25 Clear Ind LCN <logical channel number>, <number of bytes> bytes
The DCE is clearing the X.25 Virtual circuit on the indicated LCN.
Out - X25 Clear Request LCN <logical channel number>, <number of bytes> bytes
The DTE is clearing the SVC call on the indicated LCN.
Out - X25 CONNECTION REQUEST VcType=<virtual circuit type> ConnId=<connection Id>
Access=<access index> RemDteAddr=<x121 address or protocol/route id>
The system is sending a call request to the network.
Out - X25 CONNECTION RESPONSE ConnId=<connection Id> Access=<access index>
The system is sending a connection to the network. This is sent in response to receiving a call
indication.
Out - X25 DATA LCN <logical channel number>, <number of bytes> bytes
Data transfer.
Out - X25 DISCONNECT REQUEST ConnId=<connection Id> Access=<access index> Cause=<cause for
disconnect>
The system is sending a disconnect to the network to terminate a call.
Out - X25 DISCONNECT RESPONSE ConnId=<connection Id> Access=<access index>
The system has received a disconnect response from the network.
Out - X25 DTE Clear Conf LCN <logical channel number>, <number of bytes> bytes
The DTE is confirming that the virtual circuit on the indicated LCN has been cleared.
Out - X25 DTE Interrupt LCN <logical channel number>, <number of bytes> bytes
An interrupt packet has been sent to the DCE. Flow control procedures do not apply to interrupt
packets.
Out - X25 DTE Intr Conf LCN <logical channel number>, <number of bytes> bytes
The DTE is confirming the reception of an interrupt packet from the DCE.
Out - X25 DTE REJ LCN <logical channel number>, <number of bytes> bytes
The DTE has detected a packet sequence error.
Out - X25 DTE Reset Conf LCN <logical channel number>, <number of bytes> bytes
The DTE is confirming that the virtual circuit has been reset.
Out - X25 DTE Restart Conf LCN <logical channel number>, <number of bytes> bytes
The DTE is confirming that all virtual circuits have been reset.
Out - X25 DTE RNR LCN <logical channel number>, <number of bytes> bytes
The DTE is not ready to receive more data packets.
Workgroup Remote Access Switch
499
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Out - X25 DTE RR LCN <logical channel number>, <number of bytes> bytes
The DTE is acknowledging 1 or more data packets received from the DCE.
Out - X25 Reset Ind LCN <logical channel number>, <number of bytes> bytes
The DCE is resetting a virtual circuit.
Out - X25 Reset Request LCN <logical channel number>, <number of bytes> bytes
The DTE is resetting a virtual circuit.
Out - X25 Restart Ind LCN <logical channel number>, <number of bytes> bytes
The DCE is resetting all virtual circuits.
Out - X25 Restart Req LCN <logical channel number>, <number of bytes> bytes
The DTE is resetting all virtual circuits.
X25 access <access index> in state <X25 manager state text> for event <X25 manager event text>
Tracks the X.25 access as it is coming up or going down, defining the state it is in and the event that
is occurring.
X.25 (LAPB) TRACE MESSAGES
You can trace X.25 Link Access Procedure Balanced (LAPB) incoming and outgoing packets. This
LAPB trace information is placed into the Report log, which can be accessed by using the dr
command. Enable this feature by using the trace lapb on command, and disable it with trace
lapb off.
X.25 (LAPB) TRACE MESSAGE SUMMARY
In - LAPB DISC
The DCE link layer is going off-line.
In - LAPB DM
The DCE is going off-line.
In - LAPB FRMR
The DCE has received an invalid frame.
In - LAPB I Frame, Tx Sequence = <sequence Id>, Rx Sequence = <sequence Id>
The DTE has received a data frame from the DCE.
In - LAPB REJ, Rx Sequence = <sequence Id>
The DCE has detected a sequence error in the link layer.
In - LAPB RNR, Rx Sequence = <sequence Id>
The DCE is not ready to receive more frames.
In - LAPB RR, Rx Sequence = <sequence Id>
The DCE is acknowledging one or more frames from the DTE.
In - LAPB SABM
The DCE is resetting the link layer.
500
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
TRACE MESSAGES
X.25 (LAPB) Trace Messages
In - LAPB SABME
The DCE is resetting the link layer.
In - LAPB UA
The DCE is acknowledging a SABM or SABME from the DTE.
Out - LAPB DISC
The DTE link layer is going off-line.
Out - LAPB DM
The DTE is going off-line.
Out - LAPB FRMR
The DTE has received an invalid frame.
Out - LAPB I Frame, Tx Sequence = <sequence Id>, Rx Sequence = <sequence Id>
The DTE has sent a data frame from the DCE.
Out - LAPB REJ, Rx Sequence = <sequence Id>
The DTE has detected a sequence error in the link layer.
Out - LAPB RNR, Rx Sequence = <sequence Id>
The DTE is not ready to receive more frames.
Out - LAPB RR, Rx Sequence = <sequence Id>
The DTE is acknowledging one or more frames from the DCE.
Out - LAPB SABM
The DTE is resetting the link layer.
Out - LAPB SABME
The DTE is resetting the link layer.
Out - LAPB UA
The DTE is acknowledging a SABM or SABME from the DCE.
Workgroup Remote Access Switch
501
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM MAINTENANCE
This grouping of information provides information to help you maintain your CyberSWITCH once
it is operating. Note that the included system statistics information may also prove valuable in
troubleshooting.
We include the following chapters in the System Maintenance segment of the User’s Guide:
Once the CyberSWITCH is initially configured, you may use methods to remotely manage the
CyberSWITCH. This chapter provides information for using each of these methods.
A listing of all system console commands and associated command definitions.
A listing of all system statistics and associated statistic definitions.
Instructions for performing routing CyberSWITCH maintenance.
Download from Www.Somanuals.com. All Manuals Search And Download.
REMOTE MANAGEMENT
OVERVIEW
Once your system is initially configured (and thus assigned an IP address), you may use a variety
of methods to remotely access and manage your system. This chapter describes many of these
methods.
The CyberSWITCH has various tools to manage the system remotely. You may combine several of
these tools to provide a complete, customized remote network management system. In this chapter
we will describe the tools, and explain several options to manage your system.
These tools are:
CyberSWITCH, using the default configuration and a preconfigured USER2.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
SNMP
SITE.HQ
Network Management
Station
WORKGROUP REMOTE ACCESS SWITCH
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
RX 10BASE-T
LINE
1
LINE
2
LINE
3
LINE
4
LAN
POWER
SERVICE
TX
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
AGI
AGI
ISDN
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
SYNC
CH-2
D-CH
SYNC
SYNC
SYNC
AGI
SITE.2
SNMP: The NMS gathers information (including problem reports) from any CyberSWITCH
SNMP (Simple Network Management Protocol) is a standard way of monitoring communication
devices in IP networks. With SNMP, you purchase and then set up a Network Management Station
(such as SPECTRUM® or SPECTRUM® Element Manager™) for your environment. This Network
Management Station (NMS) is then used to monitor your network. From the NMS you can look at
information from all the CyberSWITCHes and other remote devices. You can detect problems
without manually check each machine to see if it is working correctly.
INSTALLATION AND CONFIGURATION
SNMP has two basic components: the SNMP Agent, which is executed on the CyberSWITCH, and
the Network Management Station (NMS), which you purchase separately for the environment. This
504
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
REMOTE MANAGEMENT
SNMP
section will describe how to install and configure the SNMP Agent. Refer to the specific NMS
documentation for its installation instructions.
SNMP must be configured through CFGEDIT. Before configuring the SNMP Agent, you must have
the following information:
•
•
•
the Community Name(s) used in SNMP request messages generated by the NMS;
the IP address of the NMS; and
the Community Name to be used in Trap messages received by the NMS.
To properly configure the SNMP Agent on the CyberSWITCH, perform the following steps:
•
•
•
•
•
enable and configure IP
enable SNMP
configure community name information
configure SNMP trap information (if desired)
change MIB-2 system group objects (if desired)
For the NMS, follow its specific installation instructions. Note that the NMS you are using must also
have the latest enterprise MIB (the ih_mib.asnfile) compiled on its system.
If you are using Cabletron’s SPECTRUM® Element Manager™ as NMS, this enterprise MIB is
already built into the NMS software.
If you are using a non-Cabletron product for NMS, you must perform the following:
•
•
•
copy the MIB file ih_mib.asnonto the NMS
compile the new MIB
set up NMS to monitor the CyberSWITCH
SNMP feature.
USAGE INSTRUCTIONS
Normally you will have a GUI NMS (graphical user interface) that will display a picture of the
network. You will then select the desired CyberSWITCH and display the desired MIB information.
As an example, the information displayed in the dr command would be located in the MIB
structure under:
[private]
[enterprises]
[networkExpress]
[ih000]
[ih000StatusReports]
[ihStatusReportTable]
Workgroup Remote Access Switch
505
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
TELNET
IN_A> LAN TEST
LAN Test Passed
Telnet Client
IN_A> LAN TEST
LAN Test Passed
SITE HQ
WORKGROUP REMOTE ACCESS SWITCH
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LINE
1
LINE
2
LINE
3
LINE
4
LAN
LAN
POWER
SERVICE
TX
RX 10BASE-T
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
CH
CH-1
CH-2
CH
CH-1
CH-2
-CH
CH-1
CH-2
-CH
CH-1
CH-2
D-CH
CH-1
CH-2
CH
CH-1
CH-2
CH
CH-1
CH-2
-CH
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
AGI
AGI
ISDN
Remote 1
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
RX 10BASE-T
POWER
SERVICE
TX
CH-1
H-2
-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
AGI
SITE.2
Telnet is the standard way of providing remote login service. With Telnet, any user on the LAN or
WAN executing a standard Telnet client program can remotely login to the CyberSWITCH and get
an CyberSWITCH console session. When you have an active console session, CyberSWITCH
commands can be entered as if you have a locally-attached keyboard and monitor. Once you use
Telnet to login to the CyberSWITCH, it is possible to make configuration changes to the
CyberSWITCH using CFGEDIT or the Manage Mode commands.
In the first Telnet illustration (see previous page), the Telnet client is not an CyberSWITCH. It is also
possible to use the CyberSWITCH as the Telnet client. This allows you to remotely manage an
CyberSWITCH with an CyberSWITCH. The benefit from this is you can now use an CyberSWITCH
at your site to perform system maintenance, for example configuration changes, on a remote
CyberSWITCH.
The two pictures below illustrate the advantage of the CyberSWITCH Telnet client feature. The first
example network shown illustrates previous CyberSWITCH releases. In this example, the
506
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
REMOTE MANAGEMENT
Telnet
administrator forgot to configure a static route on the remote site, System 2. Because System 2 is not
on the same subnetwork as the Telnet client on System 1’s LAN, a static route is needed to allow
System 2 to communicate with devices on Network 1. Because the CyberSWITCH had no Telnet
client capabilities in previous releases, the only way to fix the problem was to physically go to the
remote site and add a static route.
The second example network shown illustrates the current CyberSWITCH release. System 1 has
Telnet client capabilities, and therefore can simply Telnet to System 2 and add the needed static
route.
EARLIER RELEASES:
X
Can not communicate
Remote Site
WORKGROUP REMOTE ACCESS SWITCH
ISDN
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
LINE
1
LINE
2
LINE
3
LINE
4
POWER
SERVICE
TX
RX 10BASE-T
LAN
CH-1
CH-2
CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
POWER
SERVICE
TX
RX 10BASE-T
SYNC
SYNC
SYNC
SYNC
CH-1
CH-2
DCH
CH-1
CH-2
CH
CH-1
CH-2
-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
AGI
AGI
Telnet Client
CSX1200
CSX1200
"SITE2"
"SITE1"
No route entry
configured to
Network 1
(Sub) Network 3
(Sub) Network 1
(Sub) Network 2
CSX1200
CURRENT RELEASE:
Can fix configuration problem
in SITE2 remotely
through SITE1
Telnet Client
Remote Site
WORGROUP REMOTE ACCESS SWITCH
WORKGROUP REMOTE ACCESS SWITCH
ISDN
LINE
1
LINE
2
LINE
3
LINE
4
LINE
1
LINE
2
LINE
3
LINE
4
LAN
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
SYNC
AGI
AGI
CSX1200
CSX1200
Telnet Client
"SITE1"
"SITE2"
No route entry
configured to
Network 1
(Sub) Network 3
(Sub) Network 1
(Sub) Network 2
INSTALLATION AND CONFIGURATION
Telnet is available by default when IP routing is enabled. No installation or configuration steps are
required.
Workgroup Remote Access Switch
507
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
USAGE INSTRUCTIONS
To access the CyberSWITCH using Telnet, you must have a Telnet client software package. A
Telnet client software package is built into the CyberSWITCH. With the CyberSWITCH acting as
the Telnet client, simply enter the telnet <ip address> command to Telnet into the target
If you are using a PC or a workstation as a Telnet client, it must have a Telnet client software
package. From the Telnet client package, issue the command that will allow you to connect to the
IP address of the CyberSWITCH. You will then be presented with the “Enter Login id:”
prompt. Now enter commands as if directly connected to the CyberSWITCH.
When finished with the session, enter the exit command at the system prompt to end the session
with the CyberSWITCH.
Terminate the Telnet session by typing logout. This will ensure that the Telnet session has been
terminated, regardless of the specific Telnet client used.
Notes: If you need to quit then restart the CyberSWITCH for some reason (for example, to have
CFGEDIT changes take effect) issue the restart command. Then reestablish your Telnet
session.
If you lose your Telnet connection within 10 seconds of entering the restart command,
the command will not be executed.
508
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
REMOTE MANAGEMENT
TFTP
TFTP
TFTP Client PC
SITE HQ
WORKGROUP REMOTE ACCESS SWITCH
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
LINE
1
LINE
2
LINE
3
LINE
4
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
-CH
CH-1
CH-2
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
D-CH
CH-1
CH-2
-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
D-CH
AGI
SYNC
SYNC
SYNC
SYNC
AGI
ISDN
Remote 1
WORKGROUP REMOTE ACCESS SWITCH
LINE
1
LINE
2
LINE
3
LINE
4
LAN
POWER
SERVICE
TX
RX 10BASE-T
CH-1
CH-2
D-CH
CH-1
CH-2
CH
CH-1
CH-2
-CH
CH-1
CH-2
D-CH
SYNC
SYNC
SYNC
SYNC
AGI
Remote 1
SITE.2
TFTP (Trivial File Transfer Protocol) is the standard way of providing file transfers between
devices. With TFTP any WAN or LAN user executing a standard TFTP client program can transfer
files to and from the CyberSWITCH. You can control access to the different file types. Statistics
concerning the file accesses are available. This feature can be used to retrieve report and statistics
files, and to perform remote node configuration.
INSTALLATION AND CONFIGURATION
TFTP is available to the user by default. No installation or configuration steps are required.
You can limit the access to files by using the fileattr and tftp commands of the Dynamic
Management feature. The fileattr command allows you to change the access rights for each file
type depending on access level. The tftp command provides the ability to change the TFTP Server
file access rights by assigning a user’s file accesses rights to the TFTP server. The tftp command
also provides the ability to disable the TFTP client component, TFTP Server component or the
whole TFTP feature.
Workgroup Remote Access Switch
509
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
The default file access for the GUEST user is “read” access to all files. The default file access for the
ADMIN user is “read” access to the report and statistics files, and “read and write” access to all
other files. The default for the TFTP server is ADMIN file access rights. The possible file types and
possible accesses for each user are:
Users
GUEST
ADMIN
Report Files
RN
Statistics Files
Config files
RN
Other Files
N
RN
RN
RN
RWN
RWN
where:
“R” for read only file access
“W” for write file access
“N” for no access rights for the corresponding file type
Actual files included in the file type categories are as follows:
File category
Report
File types included in the category
RPRT_LOG.1 - 10
Statistics
Configuration
Other
STAT_LOG.1 - 10
*.NEI (with the exception of CFGTOKEN.NEI)
All other file types: .EXE, .COM, .TXT, (CFGTOKEN.NEI), etc.
Note: If you use TFTP to copy over configuration files to the CyberSWITCH, the new
configuration will not take place until the CyberSWITCH is restarted. This may be
accomplished with Telnet session and issuing the restart command. The Telnet session
must then be reestablished.
USAGE INSTRUCTIONS
The CyberSWITCH has both the client and server TFTP components built into it. When using the
CyberSWITCH as the local client, enter the following command(s) to transfer files:
tftp put
or
tftp get
The tftp put command transfers files to the remote host; the tftp get command retrieves
files from the remote host. For either command you will then be prompted for the IP address of the
remote host, the complete path of local file name, the complete path of the remote file name, and
the file mode (binary or ASCII). You will be notified of the status of the transfer.
There is a tftp stats command that gives the user statistics on the TFTP feature. Statistics for
the server (or remote) side imply that someone from a remote device (either on the LAN or WAN)
initiated the request to transferred files to (or from) the CyberSWITCH. Statistics for the client (or
local) side imply that the user on the CyberSWITCH initiated the request to transfer files to a remote
device. The following statistics are available for both the server and client sides:
•
•
•
•
•
•
Number of successful file puts
Number of successful file gets
Number of failed file puts
Number of failed file gets
Total bytes put
Total bytes get
510
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
REMOTE MANAGEMENT
Remote Installation with USER2
REMOTE INSTALLATION WITH USER2
The CyberSWITCH is delivered with a default configuration. This default configuration includes a
configured device, USER2. Advanced users may use the default configuration to perform the
configuration of a remote CyberSWITCH. The network must be setup as illustrated below to take
advantage of remote configuration through USER2.
TCP / IP
Client
Using
default configuration
User 2
LAN
B-CHANNELS
E1 ONLY
B25 B27
LAN
B-CHANNELS
E1 ONLY
B25 B27
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
POWER
B1 B3
B2 B4
B5 B7
B6 B8
B
9
B
1
1
B
1
3
B
1
5
B17 B19
B18 B20
B21 B23
B22 B24
B
2
9
B
3
1
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
SERVICE
TX
R
X
1
0
B
A
S
E
-
T
E1
D
T1
D
E1
D
T1
D
B
1
0
B
1
2
B
1
4
B
1
6
B
2
6
B
2
8
B
3
0
L
1
B
1
0
B
1
2
B
1
4
B
1
6
B
3
0
L
1
B
2
6
B
2
8
ISDN
To begin, you must have an ISDN device with a WAN and LAN connection (we recommend an
CyberSWITCH), a simple two node LAN, and a computer with a TCP/ IP stack with a Telnet client
which you can reconfigure.
After you have your setup complete, you must:
1. Minimally configure the remote CyberSWITCH:
a. switch type (US only)
b. point-to-point or point-multi-point line
c. SPIDS for DMS-100 and NI-1 lines
2. Configure your local ISDN device using the following information:
Name:USER2
Secret:USER2
Security:CHAP only
WAN IP:2.2.2.3
LAN IP:an unused IP address on your local LAN
Static Route:to 1.1.1.1 (mask 8), next hop 2.2.2.2
single user:
Name:LINK
Secret:LINK
Device Type:PPP
IP Address:2.2.2.2
Workgroup Remote Access Switch
511
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
If you are using an CyberSWITCH as your local ISDN device, you can either configure an
outbound phone number for the CyberSWITCH site or use the call peer command to
call the CyberSWITCH without configuring the phone number for the device explicitly.
Modify the switch type and the line type (point-to-point or point-multipoint) to match your
local ISDN line.
2. Configure your TCP/ IP stack on your PC or similar LAN based TCP/ IP device with the
following information:
IP Address:an unused IP address on your local LAN
Default Gateway:the IP address of the local ISDN device
If you have not configured the phone number of the remote CyberSWITCH in the local
ISDN device, you must call it manually. On a local CyberSWITCH, use the call peer
<phone number> command.
3. Telnet to 2.2.2.2 on your local TCP/ IP device or PC. This is the unconfigured remote
CyberSWITCH.
You can now configure the remote CyberSWITCH.
512
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
OVERVIEW
Two classes of system administration commands are available on the CyberSWITCH: guest
commands and administrator commands. Guest commands provide current operational
information only, and are available to all security levels. Administrator commands allows access to
the complete system command set.
The log-in to the system controls command access. Each access level (guest or administrator) is
protected by a unique log-in password. This capability allows managers to assign different
responsibility levels to their system administrators.
General operation commands immediately follow this discussion. These commands are divided by
Note: When there are a group of related commands, a help screen is available. For example, to
display the help screen for all of the br commands, enter br? at the system prompt.A
screen will then be displayed that includes the available br commands, the syntax for each
command, and a definition for each command.
ACCESSING ADMINISTRATION SERVICES
The following commands are available for system login:
admin
Logs you into the system and provides access to all system commands. The system will ask you
to enter or set the password for administrator level access. Be careful, passwords are uppercase
and lowercase sensitive.
admin<00><01><02>...<99>
If you have configured multiple administration login names on your off-node server, you must
use one of the configured names to log into the CyberSWITCH. The acceptable names are
admin00 through admin99. Proper login provides you with access to all system commands. The
system will ask you to enter or set the password for administrator level access. Be careful,
passwords are uppercase and lowercase sensitive. (Note: This command is not available for
local access.)
guest
Logs you into the system and allows the user access to the commands for viewing operational
information only. All other commands for changing information on the system are not
available. The System will ask you to enter or set the password for guest level access. Be careful,
passwords are uppercase and lowercase sensitive.
exit
Terminates the administration session by logging-out the current administrator. You can start
another session by using one of the two log-in commands outlined above.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
logout
Terminates the administration session by logging-out the current administrator. You can start
another session by using one of the two log-in commands outlined above.
pswd
Changes the password for the current access level (administrator or guest). Your password
must be a 3 to 8 nonblank character string. Be careful, passwords are uppercase and lowercase
sensitive.
SETTING THE IP ADDRESS
The following administrative command allows you to make changes to the system’s default IP
address without using the CFGEDIT utility. The system handles this command as if you were in
CFGEDIT mode, and saves changes automatically. You must then restartyour system in order
to have these saved changes take effect. To change the system’s default IP address, issue the
following command:
ipconfig
Allows you to change default IP address information by prompting you for the following:
•
•
•
IP address
number of significant bits in subnet mask
IP address of default gateway (or “0” if none)
After responding to the prompts, the system will ask you if you wish to restart the system in
order to put into effect these changes.
BOOT DEVICE COMMANDS
System software consists of three distinct parts: the boot device, the flash file system, and
operational software. The system boot is accomplished in two stages: the first stage boot (FSB) and
the second stage boot (SSB).
When the boot device is executing, there may be occasion to issue commands to affect the boot
process. However, this situation is highly unusual, and should only be performed under the
recommendation of Customer Support personnel. In addition, these commands may be issued only
using the local console (RS232) port.
Once the FSB has initialized the hardware, it displays a brief inventory of the CyberSWITCH,
including version number, serial number, and MAC Ethernet address. It then prompts you with the
following:
Waiting for Commands:
Following this prompt, there is a 10-second window (between the first and second stage boot) for
you to enter a boot device command. Normally, you need not enter a command, and the boot
process continues to the second stage. However, the following commands are available during this
10-second interval:
514
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
Accessing Dynamic Management
autobaud
This command notifies the boot device to check the baud rate. It prepares the boot device to
recognize an imminent change. At this time, you should be prepared to set or change the baud
rate in your communications package.
update
This command notifies the boot device that you are attempting a new upgrade. It is preparing
the SSB for download of software via the XMODEM.
recover
This command notifies the boot device that you are attempting a download of the Second Stage
Boot software.
<CR>
Press Enter (Carriage Return) to skip the 10-second delay between the first and second stage
boot.
ACCESSING DYNAMIC MANAGEMENT
The Dynamic Management feature provides a “real-time” management mechanism that allows
changes to system parameters without interrupting the current execution state of the system
software. This feature consists of a series of console commands that allow you to display current
system parameters, change many parameters dynamically, and write changes to disk files so that
they remain permanent.
All dynamic management commands must be issued through a special mode of operation called
Manage Mode. To enter Manage Mode, type the following command at the system prompt:
>manage
Once Manage Mode is entered, the prompt changes from “>” to “MANAGE>“.While operating
in Manage Mode, Manage Mode commands are the only commands available. All other system
commands are ignored until you enter the exit command to return to normal system command
mode.
VIEWING OPERATIONAL INFORMATION
The following commands are used to view system operational information:
?
Displays a help screen outlining all of the commands that are available.
br stats
statistics and their definitions.
cls
Clears the administration screen.
Workgroup Remote Access Switch
515
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
cs
Displays the list of connected devices along with the data rate for each device. The output for
this command contains the connection time for each device along with a detailed breakdown
(per connection type) of channel usage and available data rates. If there is at least one device
connected, the display will look as follows. Note that a “more” mechanism will be used when
the number of connected devices exceeds a full screen. If there are no devices connected, the cs
command does not produce any output.
[System Name]> CS
Number of Channels
Swi Ded FrR X25 Tot Swi Ded FrR X25 Tot (hr:min:sec)
---------------- ------------------ --------------------- -----------
Data Rate (Kbps)
Connect Time
Device Name
Tokyo
Ann Arbor
New York
1 0 0 0 1
1 1 0 0 2
4 0 0 0 4 256
64
64 64 0 0 128
0 0 0 256
0 0 0
64
00:31:39
12:22:18
04:02:22
dr
ds
list [file name]
Displays the indicated file.
For example, to display the Release Notes, enter the following command:
list rel_note.txt
The “more” mechanism is used to view the indicated file. To view the next section of the file,
simply press any key (except <escape>). The system will automatically return to the normal
system prompt after the entire file has been displayed. If you are viewing the Release Notes,
press the <escape> key to exit the release notes and continue with the installation.
If the file name is incorrect, the following message will be displayed:
Cannot find file "file name"
mc
Displays the Connection Monitor screen. This screen provides information on the remote sites
to which the system is currently connected. The system updates the display as connections are
added or removed.
To display the Connection Monitor screen, Telnet and the terminal emulator must both be set
as the same terminal type. Use the term set command to do this.
Note:The mc command is also available if you are remotely connected to the CyberSWITCH
by Telnet.
neif
This command will display the system interface table. This table provides information for each
of the system’s physical interfaces, including interface name, interface type, slot and port
516
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
Viewing Operational Information
number, and the operational status of each interface (up or down). This information can help
to determine system problems by identifying those physical interfaces that are not operating as
expected. Refer to the following example:
[System Name]> NEIF
id Name
-- ----
Type
----
Ethernet
Slot
----
Port
----
Status
------
up
down
up
up
down
1
2
3
4
5
Ethernet Port 1
Ethernet Port 2
BRI.LINE.1
BRI.LINE.1
V.35.LINE
3
3
1
1
2
1
2
1
2
1
Ethernet
BRI D-Channel
BRI D-Channel
V.35
The definitions of the interface types and the associated status possibilities are as follows:
Ethernet
Each Ethernet port is considered an Ethernet interface. An Ethernet interface is “up” if the
Ethernet port is capable of forwarding packets to/ from the LAN. An Ethernet interface is
“down” if the Ethernet port cannot be used to forward packets to/ from the LAN.
Basic Rate (D-Channel)
Each Basic Rate line which contains at least one data link is considered a Basic Rate
(D-Channel) interface. A Basic Rate (D-Channel) interface is “up” if at least one data link
associated with the interface is “up.” A Basic Rate interface is “down” if none of the data
links associated with the interface is “up.”
Basic Rate (Permanent)
Each Basic Rate line which is used by a dedicated access is considered a Basic Rate
(Permanent) interface. A Basic Rate (Permanent) interface is “up” if the serial layer 1 is
“up” for the line. The dedicated access does not have to be “up” for the interface to be
considered “up”. A Basic Rate (Permanent) interface is considered to be down if the serial
layer 1 is “down” for the line.
Primary Rate (D-Channel)
Each Primary Rate line which contains at least one data link is considered a Primary Rate
(D-Channel) interface. A Primary Rate (D-Channel) interface is “up” if at least one data link
associated with the interface is “up.” A Primary Rate interface is “down” if none of the data
links associated with the interface is “up.”
Primary Rate (Robbed Bit)
Each Primary Rate line that uses Robbed Bit Signaling is considered a Primary Rate
(Robbed Bit) interface. A Primary Rate (Robbed Bit) interface is “up” if the serial layer 1 is
“up” for the line. A Primary Rate (Robbed Bit) interface is considered to be down if the
serial layer 1 is “down” for the line.
Primary Rate (Permanent)
Each Primary Rate line which is used by a dedicated access is considered a Primary Rate
(Permanent) interface. A Primary Rate (Permanent) interface is “up” if the serial layer 1 is
“up” for the line. The dedicated access does not have to be “up” for the interface to be
considered “up”. A Primary Rate (Permanent) interface is considered to be down if the
serial layer 1 is “down” for the line.
Workgroup Remote Access Switch
517
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
sp
This command pertains to semipermanent connections. This command will list each
semipermanent device, as well as the connection status, initial data rate and current data rate
for each semipermanent device. The connection status will be one of the following:
CONNECTED
The system is connected to the device at the initial data rate or greater.
OVERRIDDEN
The disc device command was issued on this device. The system will not attempt to call
again until a call device command is issued, or the system is rebooted.
NOT CALLABLE
This device cannot be called. Check phone number, device type or existence of the device name
in the database.
REJECTED
The remote device answered the system call, but rejected negotiations. The system stops calling
attempts until a call device command is issued, or the system is rebooted.
TRYING
The system is attempting to call the device. Some connections may be up, but not at the initial
data rate.
status
Displays initialization, current status, and connection information, as well as any errors that
have been detected.
led status
Allows you to view a snapshot of LED information from a remote terminal. It displays a very
basic ASCII rendering of the front of the system you are accessing. Each one of the WAN LEDs
and the Service LED are labeled, and the state of each is indicated by an “O” for on, and a “.”
for off.
Note that if the B-channels on a line are flickering, you will only see the current state of the
flicker. The image could actually represent a busy system that has every channel active, but the
LEDs for all the channels just happen to be off the instant the “snapshot” was taken.
time
Displays the current system time. This can be useful when viewing system messages or
statistics.
ver
Displays the version number of the software that is currently running on the system (II, III,
etc.). In addition, it displays all other custom information for this copy of the system software,
such as the platform, the installed resources, and the hardware resource revision information.
Note that T1_E1_PRI-1 indicates the PRI-23/ 30 adapter.
518
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
Viewing Operational Information
The ver command also displays a connections table. It displays the connection lines for features
that are loaded only. Consider the following example of a connections table:
Capacities
Potential
Actual
Physical Connections
X.25 Connections
Frame Relay Connections
8
32
48
8
32
33
33
Combined Maximum Connections 88
Description:
•
•
•
The first column is the connection type.
The second column is the potential number of connections.
The third column is the actual number of connections possible. The actual number may differ
from the potential number due to memory constraints.
•
The combined maximum line shows the maximum number of connections possible for all
types combined. If the potential and actual column do not match on this line, then there are
not enough connections for all the connection types to use their respective maximum num-
ber of connections at the same time.
For our example, the most connections possible without memory limitations is 88. This is the
sum of all the connection types. Since there is not enough memory for 88, the actual number of
connections available is less than that amount (33). This means that any of the following
combinations of connections would be allowed:
Physical Connections
X.25
25
32
0
Frame Relay
8
0
0
2
0
1
33
29
2
If there was enough memory for all connections, the connection table would reflect both
potential and actual connections as the same number.
wan stats
available statistics and their definitions.
From the “Connection Monitor” screen you can press:
<Arrow Keys>
To select a site that is currently connected.
<Enter>
<Esc>
To exit the Connection Monitor screen.
Workgroup Remote Access Switch
519
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
VIEWING THROUGHPUT INFORMATION
The Throughput Monitor screen displays the system throughput monitoring feature in action. To
enter this screen:
1. Issue the mc command to display the connection monitor screen.
2. Use the <arrow keys> to move the cursor down to the specific site for which you would like to
view throughput information.
3. Press <enter> to display the throughput monitor screen for that site.
Throughput monitoring information can be very useful for fine-tuning your bandwidth
configuration parameters. Note that this feature is not available through a Telnet session. Refer to
The actual bandwidth utilization, along with the current underload setting, is displayed for each
throughput sample. After 32 samples are displayed, the newest sample is displayed at position 32
and all other samples are shifted left one position.
Throughput Monitor
#1
#2
Wide Area Network Bandwidth Utilization to site
= UNDERLOAD BANDWIDTH
sitename
@ current bandwidth Kbps
= ACTUAL BANDWIDTH UTILIZATION
100
% of current
bandwidth
30
0
8
16
Samples
24
32
Throughput Parameters
03
Sample Rate (seconds):
Overload:
Underload: Trigger 05
Idle:
Trigger 01
Window 02
Window 10
Window 05
Utilization (%) 10
Utilization (%) 10
Trigger 05
< Press F to Freeze data capture, Esc to return to Connection Monitor >
520
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
Saving Operational Information
Note: If data compression is being used, an extra line will be displayed on the Connection
Monitor screen that will provide the compression and decompression ratios, and the
estimated throughput. The estimated throughput is calculated as follows:
est. thruput (in Kbits/ second) = [(uncmp bits + undmp bits)/ sample period)]/ 1000
Where uncmp bits = the number of uncompressed bits
undmp bits = the number of undecompressed bits
sample period = configured length of the sample period
THROUGHPUT MONITOR CONTENTS
#1.
#2.
#3.
Indicates the site name for the connected site that was selected on the Connection Monitor
screen.
Indicates the current bandwidth in place to the connected site. This number will be
updated as calls are added or released.
Example of three samples where actual bandwidth utilization was around 95% and
underload was not being monitored (probably because only one connection was in place).
In this example, overload is occurring on all three samples.
#4.
#5.
#6.
Example of three samples where actual bandwidth utilization was around 70% and
underload was being monitored at around 25% utilization of current bandwidth. In this
example, overload is occurring on all three samples.
Example of three samples where actual bandwidth utilization was around 10% and
underload was being monitored at around 25% utilization of current bandwidth. In this
example, underload is occurring on all three samples.
Example of three samples where actual bandwidth utilization was around 25% and
underload was being monitored at around 10% utilization of current bandwidth. In this
example, neither overload nor underload is occurring.
From the Throughput Monitor screen, press:
f
r
To freeze the current throughput monitor display.
To resume the display of throughput monitor samples.
<esc> To exit the Throughput Monitor and return to the Connection Monitor screen.
SAVING OPERATIONAL INFORMATION
The following commands are used to save system operational information to disk:
wr
Writes the current system messages to disk file.
Workgroup Remote Access Switch
521
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
ws
Writes the current system statistics to disk file.
CLEARING OPERATIONAL INFORMATION
The following commands are used to clear current system operational information:
er
Erases the current system messages held in memory.
es
Erases the current system statistics held in memory.
CONFIGURATION-RELATED COMMANDS
The following commands provide configuration file information, and restore backup configuration
files:
cfg
Provides information on the status of system configuration changes. With Manage Mode and/
or CFGEDIT, you can make changes to the system configuration. (This, in turn, changes the .nei
files.) If you do not commit these changes (Manage Mode) or restart your system (CFGEDIT),
these changes do not become current. This command identifies whether or not changes have
been made which are not yet current. The command will display the following information:
Unsaved Manage Mode Changes Exist.........YES (or NO)
Cfgedit Changes Have Been Saved...........YES (or NO)
System Data Differs from Config Files.....YES (or NO)
To Synchronize System Data With Config Files........
RESTART THE SYSTEM
(or COMMIT FROM MANAGE MODE)
restore
Replaces the current configuration files with the configuration backup files (.bak files) located
in the \ CONFIG directory, thus restoring the previous system configuration. Because this
command will destroy your current configuration, a warning is displayed when issued:
WARNING:This command overwrites your current configuration files. Are you sure
you want to restore your old configuration? (Y or N)
If you indeed want to restore the old configuration, type “Y”. If not, type “N” (default).
Note that you must have saved configuration changes at least one time before the restore
command will work.
522
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
Restarting the CyberSWITCH
RESTARTING THE CYBERSWITCH
restart
Generally used from a remote site (when using Telnet or TFTP), although it is functional from
a local console as well. The restart command reboots the system and automatically starts
up the system software. Issue this command after making configuration changes with
CFGEDIT, in order for these changes to take effect.
If you prefer, you can make configuration changes and store them remotely. Later, you can
transfer the changes (the .nei files) to the system using TFTP. In order for these changes to take
effect, you would need to issue the restart command from the Telnet session of your remote
terminal.
Note: If you lose your Telnet connection within 10 seconds of entering the restart command,
the command will not be executed.
SETTING THE DATE AND TIME
The following commands are used to set the date and the time on the system:
date <month, day, year>
Changes the date on the system as specified. The <month> can be specified as a numeral from
1 to 12, spelled out in full (January), or abbreviated to 3 letters (JAN). The <day> can be any
legal date within the month specified. (For example, 1 through 31 would be legal dates for
January.) The year may be specified in its entirety (1995) or by its last two digits (95). Commas,
dashes, and white space are all acceptable separators.
time hours:minutes <:seconds> <AM/PM>
Changes the time on the system as specified. The hours can be from 0 - 23 in military time, or
from 1 - 12 in civilian time, with an optional AM/ PM indicator. The “seconds” parameter is
also optional. If “P” is included (indicating “PM”), 12 is added to the hour. White space is
unimportant.
Note that if the time command is issued without any parameters, the system will report the
current time. Parameters following the time command are interpreted as an attempt to make a
change.
FILE UTILITY COMMANDS
The file utility commands include the flash commands and the simple file utilities.
The flash commands give you the ability to update, format and reclaim unused space in the
embedded system’s resident flash array. It provides the means to install and upgrade new
software.
flash update
Used only when you need to update the system software. It prepares for a software update by
rebooting the system. When you receive the message “Waiting for Download,” transfer the
new software files to the system via your communications package.
Workgroup Remote Access Switch
523
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
flash recover
Specific to the remote upgrade of the Second Stage Boot or when recommended by the Release
Notes. The SSB update should be performed only upon recommendation of Customer Support
personnel. In the event that it is necessary to upgrade the SSB, this command starts the remote
upgrade, and bases its update on the \system\recover1file. For the specific steps to
flash reclaim
Searches the flash file system for files marked as deleted. The space occupied by the deleted
files is then reclaimed and made available for other files.
Because DOS is not supported on the CyberSWITCH, the following simple file utilities provide
basic information:
dir
Takes no parameters, and displays all files currently in the flash file system, along with free
space in each partition.
list <filename> [/c] [BIN]
Displays an ASCII file - pausing after every 24 lines. If the “/ c” option is used, pausing is
disabled. If the BINary option is selected, the files will be displayed in UUENCODED format.
del <filename>
Deletes the specified file (assuming you have the appropriate access level to do so). The
attributes for this command track TFTP rights. Be sure to specify the file’s full pathname.
TERMINATING ADMINISTRATION SESSIONS
The following commands are used to display and to terminate active administration sessions.
session
This command will display the current active administration sessions. The example screen
below illustrates the format in which this information is displayed:
Login-Id Sess-Id Date/Time Idle(sec) Command Type (from)
-------- ------- --------- ---------- ------- -------------------
ADMIN
ADMIN
0
257
Aug 15 13:50
Aug 15 13:55
51
0
MANAGE
Console
SESSION Telnet (199.120.211.120)
The fields in this display are defined as follows:
Login-Id
The access level associated with the session. Possible access levels include:
admin: administrator access
guest: guest access
nobody: someone has initiated a Telnet session with the CyberSWITCH but did not login.
Note: If you have configured multiple admin login names on your off-node server, the login-
id field will not distinguish between the various names. Use the sess-id field to help
identify the different admin users.
524
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
AppleTalk Routing Commands
Sess-Id
The session Id number associated with the session.
Date/Time
The date and time the session was initiated
Idle (sec)
The number of seconds the connection has been idle.
Command
How the administration session was initiated. Initiation methods include:
manage - the user is in the Manage Mode
session - the user is using a Telnet session
Type (from)
The type of session. Possible session types include:
console - a session through the local console
telnet - a Telnet session
Note: If you have configured multiple admin login names on your off-node server, the login-
id field will not distinguish between the various names. Use the sess-id field to help
identify the different admin users.
session kill <session id>
Terminates the session specified by the session Id. Useful for terminating sessions that have
been idle for an extended period of time.
APPLETALK ROUTING COMMANDS
The following commands are used to display AppleTalk information and statistics.
atalk arp
This command will display the AARP (AppleTalk Address Resolution Protocol) cache. AARP
is used to map between a device’s AppleTalk address and their physical address. A sample
output screen is shown below:
Entry 1: Address 21.1 @ 08:00:07:8f:90:04, valid
where:
Address 21.1 is Entry 1’s AppleTalk address.
08:00:07:8f:90:04 is Entry 1’s physical address (MAC address).
valid is the state of Entry 1’s address. The state value can be either valid or pending. If the
state is valid, an address will have been logged (as shown). If the state is pending, the
address would not yet be logged, and would appear as 00:00:00:00:00:00.
atalk ping <dnet>.<dnode> [timeout/dnnn]
This command will allow you to “ping” a specified device. If the ping is successful, you have
connectivity to the device. If it is unsuccessful, you do not have connectivity to the device.
The parameters for this command are:
Workgroup Remote Access Switch
525
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
dnet
Required parameter. The destination network number.
dnode
Required parameter. The destination node Id.
timeout
Optional parameter. The number of seconds to wait for a reply message. The valid range is
from 1 to 60 seconds. The default value is 10 seconds.
nnnn
Optional parameter. The data size to be included in the ping packet. The valid range for the
data size is 5 to 586 octets. The default value is 100 octets.
An example atalk ping command could read as follows:
atalk ping 1.3 30 /d200
which would send a ping to node number 3 or network number 1, with a timeout value of 30
seconds, and the data size would be 200 octets.
atalk port
This command will display AppleTalk port information. A sample output screen is shown
below:
Port 1
type: LAN
state: UP
address: 20.20
flags: extended
network range 20-21
phase-2
soft-seed
default zone: zone1
lan port: 1
physical address: 00409A001AB3
Port 2
type: WAN
address: 30.30
flags: extended
state: UP
network range 30-31
phase-2
soft-seed
default zone: zone1
Port 3
type: WAN UNNUMBERED state: UP
address: 20.20 (borrowed)
remote device: MAC4
The fields in this display are defined as follows:
type
The port type. Possible types are LAN, WAN, WAN UnNumbered.
Note that the WAN UnNumbered port information is not taken from the previously configured
state
The state of the port as it is in the process of coming up. Possible states include:
listen - The port is listening to see if any other routers are out on the network.
probing - The port is probing the network to see if its suggested AppleTalk address is
unique, or if it is already in use.
get_info - The port is verifying network information and obtaining the default zone.
526
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
AppleTalk Routing Commands
get_zones - The port s obtaining a complete zone list for the network.
get_routes - The port is requesting routes from another router on the network (if another
router is present).
up - The port is ready for use.
down - The port is not ready for use.
unnum_wait_addr - This state will exist with the following scenario:
When an UnNumbered WAN port sends a locally generated packet that requires a reply,
a return address is needed. But, because the port is UnNumbered, it has no address
assigned to it that it can use as a return address. To remedy this, the UnNumbered WAN
port will “borrow” an AppleTalk address from a local numbered port, knowing that when
the reply comes, it will first come to the UnNumbered WAN port. If the UnNumbered
WAN port attempts to “borrow” an address, but there are no numbered ports up, the
unnum_wait_addr state exists; the WAN UnNumbered port is waiting for an address.
address
The port’s AppleTalk address.
network range
For a LAN port, this specifies the AppleTalk network range of the LAN segment to which the
port is connected. For a WAN port, this specifies the AppleTalk network range of the logical
segment to which the port is connected. For NonExtended networks, the range will appear as
one number (for example, 121-121). For UnNumbered ports, the range will appear as either 0-
0 (nonextended networks) or 0.0-0.0 (Extended networks). Note that if the network is
nonextended (phase 1), this field will be network (and will display a singular value) as opposed
to network range (which displays a range).
flags
This will reflect any flags that have been activated for the indicated port. Possible flags are:
extended - This flag is triggered if a network range has been configured for the port.
phase-1 - This flag is triggered if the NonExtended network type is configured for the port.
phase-2 - This flag is triggered if the phase-1 flag has not been triggered.
probe-invalid - This flag is triggered if the port sends out a probe to see if its suggested
AppleTalk address is unique on the network, and a response comes back indicating that
the address is already in use, and cannot be used by this port.
soft-seed - This flag is triggered if the port is not configured in the discovery mode (it is
configured with a suggested network range). Its classification as a soft-seed router indicates
that it does have a suggested network range, but that range can be overridden if necessary.
default zone
The port’s configured default zone.
LAN port
For LAN ports only. Indicates the Ethernet resource’s port number associated with this
AppleTalk LAN port.
physical address
For LAN ports only. The device’s MAC address.
remote device
For WAN UnNumbered ports only. The remote device configured to use this port.
Workgroup Remote Access Switch
527
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
atalk port stats [clear]
Statistics, for a list of available atalk port statistics and their definitions.
atalk route
This command will display AppleTalk static route information. A sample output screen is
shown below:
network range
-------------
225 - 226
distance
--------
0
state
------
good
next hop
--------
0.0
zones valid
-----------
TRUE
The fields in this display are defined as follows:
network range
The remote AppleTalk network range reachable through this static route. Note that if there is
only a single network number instead of a range, that number will appear twice under the
network range field.
distance
The number of AppleTalk routers that are traversed in order to reach the destination
AppleTalk network.
state
The state of the route. Possible values are:
good - This indicates that this is a valid route.
bad - This indicates that the indicated router has not been heard from in a while; it has timed
out. Therefore, it is no longer a valid route.
next hop
The AppleTalk address of the next hop device that provides access to the destination
AppleTalk network. If the distance = 0, and the next hop = 0.0, this indicates that there is no
router between the port and the destination. If the distance ≠ 0, and the next hop = 0.0, this
indicates that the static route is over an UnNumbered port.
zones valid
For every route there is a set of associated zones. When a device has learned the complete list
of zones for that route, the zones valid field will display TRUE.
atalk stats
AppleTalk statistics are comprised of six subgroups of statistics. The atalk statscommand
Statistics, for a list of available AppleTalk statistics and their definitions.
Enter one of the following commands to display a subgroup of the AppleTalk statistics:
atalk stats ddp
Displays the AppleTalk Data Delivery Protocol (DDP) statistics.
atalk stats echo
Displays the AppleTalk Echo Protocol (AEP) statistics.
528
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
AppleTalk Routing Commands
atalk stats rtmp
Displays the AppleTalk Routing Table Maintenance Protocol (RTMP) statistics.
atalk stats zip
Displays the AppleTalk Zone Information Protocol (ZIP) statistics.
atalk stats nbp
Displays the AppleTalk Name Binding Protocol (NBP) statistics.
atalk stats atp
Displays the AppleTalk Transaction Protocol (ATP) statistics.
atalk zone
This command will display AppleTalk zone information. A sample output screen is shown
below:
zone
------------------
zone1
zone2
network range
-------------
225 - 226
236 - 237
The fields in this display are defined as follows:
zone
The AppleTalk zone name for the network that the AppleTalk port is connected to.
network range
Specifies the network range associated with the indicated zone.
Workgroup Remote Access Switch
529
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
BRIDGE COMMANDS
The following commands are used to display bridging information and statistics.
pkt mac
Enables the MAC address monitor display. The MAC Address Monitor screen displays
information contained in the LAN frames that are sent over the ISDN connections. The packets
represented by the displayed MAC address pairs will not be captured unless the br pkt capture
feature is on (enabled).
When the MAC Address monitor is enabled, the CyberSWITCH inspects each LAN frame sent
or received over the ISDN connections. It displays the Destination MAC Address, Source MAC
Address, and Ethernet type field for each LAN frame.
MAC Address Monitor
DEST
SOURCE
TYPE
COUNT
DEST
SOURCE
TYPE COUNT
90409A000000
00409A001324
90409A000000
00409A003217
00409A001023-L
00409A001023-L
00409A002345-L
00409A002345-L
3C09
3C02
8137
8137
00010
00141
00015
00045
00409A001023
90409A000000
00409A002345
00409A001324-R
00409A001000-L
00409A003217-R
3C09 00140
3C09 00010
8137 00045
Number of Packets Received 00406
In the above example, the DEST field is the destination MAC address field of the LAN frame.
The SOURCE field is the source MAC address of the LAN frame. Next to the source MAC
address field is the location of that source address. An “L” next to the source address indicates
that this address is “Local” to the CyberSWITCH. That is, it is attached to the Ethernet segment
locally connected to the CyberSWITCH. An “R” next to the source address indicates that this
address is “Remote” to the CyberSWITCH. That is, it is attached to an Ethernet segment that is
connected to a remote ISDN device.
The TYPE field is Ethernet type field of the LAN frame. This hexadecimal field represents the
protocol identifier for an Ethernet formatted frame. For an 802.3 formatted frame, it is the
length of the data unit.
The COUNT field is the number of frames transferred for that destination address, source
address, and Ethernet type combination. The total number of frames is displayed at the bottom
of the screen.
To exit the MAC Address Monitor screen and disable the feature, press <Esc> on the
Administration console keyboard.
br stats
bridge statistics and their definitions.
br stats clear
Clears the current system packet statistics.
530
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
Call Control Commands
CALL CONTROL COMMANDS
The following commands are used to initiate and disconnect calls to devices.
call device <device name>
Initiates a call to the specified device. The entire device name does not need to be entered; only
enough letters of the name to distinguish it from any other configured device name. For
example, you could enter call device sm if there are no other devices whose names begin
with sm. The call device command can be used to test the Dial Out capability to a specific
device. This command is available only when the Authentication mode is “On-node Device
Table.” To obtain the device name, enter the Manage Mode and issue the device command.
Note that the device name is case sensitive.
To use this command for troubleshooting, you must use the System Call Trace feature to
capture any connect and disconnect messages that are generated by issuing the call device
command. To do this:
1. Erase the current report log by entering er at the system prompt.
2. Enable the Call Trace feature by entering trace on at the system prompt.
3. Issue the call device <device name> command.
4. Display the system log messages by entering the dr command at the system prompt.
5. Check the log report for connect messages relating to the remote device you are testing.
In response to the call device <device name> command, one of the following responses
will be displayed:
Calling device <device name>
Indicates that a call request process has been initiated.
<device name> could not be found in the Device Table
Indicates that the device name could not be found in the table of configured device names.
<device name> is already connected
Indicates that a connection to a device can not be initiated if there is already a connection
to that device. The call device command cannot be used to increase bandwidth for an
existing connection.
Call attempt failed
Indicates that the request could not be executed.
More than one match for <device name> found in the Device Table
Displayed if you enter just part of a device name and that part could specify more than one
device name. You will be prompted to enter the device name again, in a more specific
manner. For example, if call device Sch is entered, and there is a device configured
with the name Schultz, and a device configured with the name Schmidt, this message
would be displayed. You would then need to enter at least call device Schu to
successfully initiate a call to the device Schultz.
Workgroup Remote Access Switch
531
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
<device name> is not callable
Each PPP device in the device database can have one or two phone numbers at which they
can be called. This message is displayed if the device has no phone number specified.
Re-enter the name, or <RET> to cancel
The device name must be re-entered.
Unable to prompt for device name at this time
Indicates that the call command would prompt you for a device name, but the necessary
resources are not available. The recommended actions are as follows:
1. If possible, enter the device name on the command line.
2. If the device name cannot be entered from the command line (for example, the device
name contains command line delimiters of a space, a comma, a colon, or a tab), the user
can wait for a few minutes and see if any resources become available.
3. If actions 1 and 2 are ineffective, this may indicate an internal problem in the System,
please inform your service representative of the occurrence.
call peer <phone number> [data rate] [device] [bearer]
Initiates a call to a peer at the given number. Entering the data rate, device, and bearer is
optional. We describe each of the optional fields below.
data rate
The default data rate value for HDLC calls is 56Kbps. The default data rate for digital modem
calls is Auto.
device
The valid values are:
• HDLC: used for normal HDLC-ISDN calls
• DM: used for Digital Modem calls.
bearer
This field applies only to Digital Modem calls. The valid values are:
• SPEECH (the default if no bearer type is specified)
•
3.1KHZ
The call peer command allows you to make a connection with another device. For example,
to call a site with the configured phone number of 13135552222 and a data rate of 64Kbps, you
would enter call peer 13135552222 64.
To use this command for troubleshooting, you must enable the Call Trace feature to capture
any connect and disconnect messages that are generated by issuing the call peer command.
To do this:
1. Erase the current report log by entering er at the system prompt.
2. Enable the Call Trace feature by entering trace on at the system prompt.
3. Issue the call peer <phone number> [data rate] command.
532
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
Call Control Commands
4. Display the system log messages by entering the dr command at the system prompt.
5. Check the log report for connect messages relating to the remote device you are testing.
In response to the call peer command, you will see the following message echoed back for
informational purposes:
Calling <phone number> at <data rate>, device PPP
The phone number will show what is sent to the switch. Any imbedded dashes will have
been removed. The data rate that is used is displayed. If an invalid data rate is entered, the
default of 56 Kbps will use used. Because dial out is only provided for PPP devices, the
device type is always PPP.
One of the following messages will then be displayed:
Call initiated
This response indicates that a call peer request was performed. This does not always
imply that a request reached the telephone switch.
Call attempt failed
This response indicates that the request could not be executed.
Note: The call peer <phone number> command will not work under the following
conditions:
If PAP or CHAP is enabled and Outbound Authentication is disable, or, if the only
security enabled is CLID. In either case, the CyberSWITCH will not be able to
authenticate the remote peer. A message will appear in the log to indicate this. Use the
call device <device name> command instead.
disc device <device name>
Disconnects all calls to the specified device. To obtain the device name, enter the Manage Mode
and issue the device command. Note that the device name is case sensitive.
In response to the disc device command, one of the following responses will be displayed:
Disconnecting <device name>
Indicates that the disconnect process has been initiated for the indicated device.
No active connection to <device name>
Indicates that the device that you are attempting to disconnect has no active connection.
The mcor the cscommand can be used to view the active connections.
<device name> could not be found in the Device Table
Indicates that the device name could not be found in the table of configured device names.
More than one match for <device name> found in the Device Table
Displayed if you enter just part of a device name and that part could specify more than one
device name. You will be prompted to enter the device name again, in a more specific
manner. For example, if call device Sch is entered, and there is a device configured
Workgroup Remote Access Switch
533
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
with the name Schultz, and a device configured with the name Schmidt, this message
would be displayed. You would then need to enter at least call device Schu to
successfully initiate a call to the device Schultz.
Re-enter the name, or <RET> to cancel
The device name must be re-entered.
Unable to prompt for device name at this time
Indicates that the call command would prompt you for a device name, but the necessary
resources are not available. The recommended actions are as follows:
1. If possible, enter the device name on the command line.
2. If the device name cannot be entered from the command line (for example, the device
name contains command line delimiters of a space, a comma, a colon, or a tab), the
device can wait for a few minutes and see if any resources become available.
3. If actions 1 and 2 are ineffective, this may indicate an internal problem in the System,
please inform your service representative of the occurrence.
CALL DETAIL RECORDING COMMANDS
The following commands are used to monitor and verify the call detail recording (CDR) feature.
cdr stats
Display the CDR statistics. Refer to Call Detail Recording Statistics, for the available statistics and
corresponding definitions.
cdr stats clear
Clears the CDR statistics; setting them all to zero.
cdr verify
Generates a sample message to all servers that have been configured for CDR. A message
similar to the following will be displayed:
<system name> CDR VERIFY 1 of 1
CALL RESTRICTION COMMANDS
When the Call Restriction feature is enabled on the CyberSWITCH, the following command is
available through the administration console:
cr stats
Displays the current Call Restriction statistics. Refer to Call Restriction Statistics, for a list of
available statistics and their definitions.
Other Call Restriction commands are available through Dynamic Management. Refer to
Configuring Call Control for these commands.
534
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
Compression Information Commands
COMPRESSION INFORMATION COMMANDS
Compression statistics are only available for connections that are using a compression protocol.
The following commands are used to display current compression information:
cmp stats
Displays the compression statistics for all active connections. Refer to Compression Statistics, for
a list of available compression statistics and their definitions.
cmp stats <device name>
a list of available statistics and their definitions. Note that the device name is case sensitive.
cmp clear <device name>
Clears the compression statistics for the indicated device. If the device name is omitted, no
compression statistics will be cleared. Note that the device name is case sensitive.
cmp clearall
Clears the compression statistics for all devices.
DHCP COMMANDS
These commands allow you to display or erase DHCP statistics.
DHCP stats
Displays the DHCP statistics. For a listing of available statistics and their definitions, refer to
DHCP stats clear
Clears the DHCP statistics.
ip addrpool
Displays the current IP address pool. Refer to the ip addrpool command description under
FRAME RELAY COMMANDS
The following commands are used to display information concerning both the status and traffic
statistics of a particular frame relay connection.
fr a <access n>
Sets an internal variable. The frame relay <access n> will be the assumed current access for
all subsequent frame relay system console commands entered. <Access n> will remain the
current access, until it is changed through issuing another fr a <access n>command. The
<access n> is the access index that is assigned to each frame relay access during the frame relay
access configuration.
Workgroup Remote Access Switch
535
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Note that this command may be used in conjunction with all other frcommands. For example,
fr a 1 lmi would be a valid command, changing the frame relay access to 1 before
displaying information relating to the LMI link.
fr d <DLCI m>
Sets an internal variable. <DLCI m> will be the default DLCI under the currently-selected
access, and therefore the assumed context for all subsequent frame relay system console
commands entered. <DLCI m> will remain the default DLCI until the default is changed
through reissuing the fr d <DLCI m>command. The DLCI value is provided by the service
provider at line subscription time.
For the following frame relay commands, information is displayed for the currently selected access.
However, you may also change the access (which, in turn, changes the default) by using these
commands along with the access index command. Refer to the fr a <access n>command.
fr display
Displays the configuration information as entered during the last CFGEDIT session for the
currently-selected frame relay access. Note that this also includes any configured PVCs
associated with this access.
fr stats
Relay Statistics, for a list of available statistics and their definitions.
fr clear
Clears the statistics counters associated with the fr stat command for the currently selected
access and DLCI.
fr clearall
Clears all statistics associated with the fr stat command.
fr lmi
Displays information relating to the LMI link on the currently-selected frame relay access, if
that access has the layer Management Interface enabled. The following list describes the fields
displayed when the FR LMI command is entered.
LMI State
The condition of the LMI link. Possible settings for this item are WAIT FULL STATUS (S1),
WAIT T391 TIMEOUT (S2),and WAIT LIV STATUS (S3). The possible settings are
defined as follows:
WAIT FULL STATUS
The LMI state entered when the local frame relay software has transmitted a STATUS
ENQUIRYmessage requesting a FULL REPORT STATUSmessage.
WAIT T391 TIMEOUT
The LMI state entered when the local frame relay software has received a STATUS message
from the network in response to a previous STATUSENQUIRYand has restarted the T391
timer. (The T391 parameter is the configured Link Integrity Verification Timer.)
WAIT LIV STATUS
The LMI state entered when the local frame relay software has transmitted a STATUS
ENQUIRYmessage requesting a LINK INTEGRITY VERIFICATION STATUSmessage.
536
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
IP Routing Commands
LMI Error State
Current LMI alarm condition. When this item is TRUE, the LMI alarm is on, and all associated
PVCs are unavailable. When this item is FALSE, the alarm condition is clear.
LMI DLCI
DLCI value associated with the LMI link. This is the DLCI value contained in all LMI messages
and varies according to the LMI format in effect. Note that this is not user configurable.
# LMI Frames Received
Number of frames received on the LMI link.
# Good LMI Frames Received
The number of valid LMI frames received during the last N391 period. This count is reset after
each N391 events. (The N391 parameter is the configured Full Status Enquiry Polling Count.)
# Errored LMI Frames Received
Number of invalid or errored LMI frames received during the last N391 period. This count is
reset when N392 is reached. (The N391 parameter is the configured Full Status Enquiry Polling
Count, and the N392 parameter is the configured Error Threshold Count.)
Unknown DLCI list
List of all unknown DLCIs which have been referenced by either STATUS messages or CLLM
messages. This information is helpful in finding and solving problems on the Frame Relay
Access. In particular, the DLCI list is maintained within the code to identify all DLCIs for which
the network has knowledge, but which are not currently configured. This list is updated when
unknown DLCIs are noted through the LMI FULL REPORT STATUSmessages, or through
CLLM messages.
fr dbg level <level>
Displays or sets the current debug level for frame relay. If the level parameter is not specified,
then the current debug level is displayed. The debug level corresponds to an internal variable
that controls how much information is written to the system log as frame relay events occur.
Possible settings for this parameter are 0 through 2, with 0 being the least informative and 2
being the most informative.
fr cong
Displays the congestion control information for the last 32 Rate Measurement Intervals for the
currently selected access and DLCI. It is provided mainly for debug support of frame relay
PVCs in order to monitor PVC usage.
IP ROUTING COMMANDS
In order to use the following commands, you must properly configure and initialize IP routing
operating mode. In addition, you must enable RIP to use the ip rip commands.
The following commands are used to display IP routing information:
ip addrpool
Displays the current IP address pool. There are three fields displayed: address, origin, and in use:
•
address: lists the IP address in the pool
Workgroup Remote Access Switch
537
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
•
origin: specifies how the IP address has come to be placed into the IP address pool. If the
origin is DHCP, the IP address was obtained from a DHCP server. If the origin is STATIC,
the IP address was manually configured via CFGEDIT.
•
in use: specifies whether or not the IP address has been leased to a remote IP host device.
ip arp
Displays the current ARP cache table. The IP address, its corresponding MAC address, the type
of ARP table (dynamic or static), and the corresponding interface name are displayed.
ip filter trace <discard> <off>
Controls the tracing of packets which are discarded as a result of IP filters. Issuing the
command without an optional parameter acts as a query to the current state of the trace.
The purpose of this command is to aid in the initial debug of IP filters, providing a list of all
discarded packets due to filtering. As such, it should be enabled judiciously, as it has the
potential to fill the report log.
discard
Enables the tracing of packets which are discarded. When enabled, each discarded packet will
cause a log report of the following format:
(F) _:_:_:_:#9a00 [IPFILT] <filtername>/ condition # at <application point name>/ in/ out
{IP} Src: xxx.xxx.xxx.xxx Dst: xxx.xxx.xxx.xxx Pr: n
{UDP} Src: n Dst: n
The first line indicates:
•
the number of the condition within that filter which matched the packet and consequently
caused a discard action,
•
the point at which the filter was applied, or a designation of global. For an IP network in-
terface, this will be the configured name of the interface. For a device-based filter, this will
be the configured device’s name.
•
In or Out, corresponding to INPUT or OUTPUT application.
The next lines contain a brief decode of the packet which was discarded. In particular, the
packet fields which comprise the packet type comparisons are displayed. The key IP fields are
always displayed on one line. If the IP protocol is one of the explicitly recognized values (ICMP,
UDP, TCP) the next line will contain a decode of the key fields of that protocol.
off
Disables the trace.
ip ping <host IP address> [timeout /dnnnn]
Sends an ICMP Echo message to a specified host. The parameters for this command are:
host IP address
IP address using dotted decimal notation for the target host.
timeout
Optional parameter that indicates the number of seconds to wait for an ICMP Echo Reply
Message. The valid range for the time out value is 1 to 60. The default value is 10.
538
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
IP Routing Commands
/dnnnn
Optional parameter that indicates the data size in bytes for the ICMP Echo message. The valid
range for the data size value is 0 to 2020. The default value is 0.
Possible Results and their meanings:
ddd.ddd.ddd.ddd is alive
The valid ICMP Echo Reply was received from host ddd.ddd.ddd.ddd.
No response from ddd.ddd.ddd.ddd
No response was received from the host within the timeout value number of seconds.
ip rip interface
Displays information pertaining to the interface data that is maintained by the IP RIP protocol.
The example screen below illustrates the interface information that will be displayed when this
command is entered.
[System Name]> ip rip interface
Status:
I/F Type:
Active
LAN
IP Address:
Subnet Mask:
Broadcast Address:
Transmission:
Reception:
192.168.1.1
255.255.255.0
192.168.1.255
Version 1
Version 1 or Version 2
Version 1
Query Response:
Version 2 Authentication: Password
Status:
I/F Type:
IP Address:
Subnet Mask:
Inactive
WAN - UNNUMBERED
0.0.0.0 (left.CSX)
N/A
Broadcast Address:
Host Route Propagation:
255.255.255.255
N/A
Status:
Inactive
I/F Type:
IP Address:
WAN - NUMBERED
192.168.3.5
Subnet Mask:
Broadcast Address:
Host Route Propagation:
255.255.255.0
255.255.255.255
When host connected
ip rip routes
Displays information pertaining to the routing table(s) that are maintained by the IP RIP
protocol. The following example screen illustrates the output from this command. Following
the table is an explanation of the fields displayed for each route.
Workgroup Remote Access Switch
539
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
[System Name]> IP RIP ROUTES
Active Routes
Destination
Subnet-Mask
Next Hop
Mtr P 1/2 TAge
----------------------------------------------------------------------
3.2.0.0
3.3.0.0
192.168.5.0
4.4.4.1
255.255.0.0
255.255.0.0
255.255.255.0
0.0.0.0
0.0.0.0
0.0.0.0
4
4
0
0
A 1/1 A30
A 1/1 A30
A 1/1 SN/A
A 1/1 HN/A
255.255.255.255 0.0.0.0
Inactive Routes
Destination
Subnet-Mask
Next Hop
Mtr P 1/2 TAge
----------------------------------------------------------------------
4.0.0.0 255.0.0.0 0.0.0.0 0 H 0/1 SN/A
Destination
The route destination. This destination may be a network number, a subnet address, or a host
address.
Subnet-Mask
The mask used for the destination.
Next Hop
The IP address or interface name (for unnumbered interfaces) of the router that is the gateway
for the route.
Mtr
The cost of using this route (usually the number of hops to the destination).
P
The propagation flag, where
A = Always propagate
N= Do not propagate
H= Propagate when Next Hop Device Connected
1/2
RIP Version 1/ Version 2 visibility flags determine whether or not this route is visible when
send the route using RIP 1 or RIP 2, where
0= Invisible
1 = Visible
T
The type of route, where
A= Active Route, learned via RIP on a LAN interface
P= Permanent Route, learned via RIP on a WAN interface
S= Static Route, learned via IP Routing Table
H= Host Route, created when an IP Host Device is connected
Age
The time since the last update was received.
540
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
IP Routing Commands
ip rip send
Used to send the IP RIP update messages to a particular interface on demand. The example
screen below demonstrates how you use this command.
[System Name]> ip rip send 2.2.2.2
Sending IP RIP Update Message to Network 2.0.0.0
ip rip stats
Statistics, for a list of available statistics and their definitions.
ip route
Displays the current routing table. The meaning of each displayed field for a route entry is as
follows:
Destination
IP address for the destination network or host.
Subnet-Mask
Subnet mask value for the destination network or host. A value of 255.255.255.255 indicates
that this entry is for a specific IP host.
Next Hop
IP address or device name for the next hop router that provides access to the destination
network or the host.
Metric
Hop count to the destination network or the host.
T/P (Type/Protocol)
Type
The destination type is “R” for a remote network or host, and “L” for a locally connected
network or host.
Protocol
The mechanism used to determine the route. “L” is for local, “I” is icmp, and “R” is for RIP.
TTL
Time to Live for this route entry in seconds. This entry will expire after the specified number
of seconds. A value of 999 implies that the entry will not expire.
IF
The interface Id.
Age
The age of the route in seconds.
ip route <IP address>
Displays the routing information for the indicated device. The meaning of each displayed field
for a route entry is included in the above ip routecommand explanation.
Workgroup Remote Access Switch
541
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
ip stats
Displays the current IP related statistics. Refer to IP Statistics, for a list of available statistics and
their definitions.
IPX ROUTING COMMANDS
IPX routing must be enabled before these commands can be used.
The following commands are used to display IPX routing information:
ipx ipxwan clear
Clears IPXWAN statistics.
ipx ipxwan stats (device)
Displays system-level IPXWAN statistics when device name not specified:
IPXWAN Statistics
Timer Request
Information Request
Thruput Request
Delay Request
NACK Sent
=
=
=
=
=
=
Timer Response
Information Response =
Thruput Response
Delay Response
NACK Received
=
=
=
=
Bad Packets
Displays Negotiation Parameters when device name specified and connected:
WAN Statistics for device “xxxx”
Negotiation Parameters:
IPX Network Address =
Telebit Compression =
WAN Link Delay =
IPX Node Number =
Protocol
=
ipx diag <host ipx address> [timeout]
Tests device connectivity to specified IPX host by sending out a diag packet. If connection is up,
host sends a message in response to this packet to confirm receipt. The parameters for this
command are:
host ipx address
IPX address for the host, in <network number>:<node number> format. The network number
is a hexadecimal number up to eight digits in length. The node number is the host’s MAC
address. For example, if the assigned network number of “AAAA,” and the host has a MAC
address of 40AA68965439. For this example, you would enter “AAAA:40AA68965439” for the
host IPX address.
timeout
Optional parameter that indicates the number of seconds to wait for a reply. The valid range
for the time out value is 1 to 60 seconds. The default value is 10.
542
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
IPX Routing Commands
Note: The ipx diag and the ipx ping commands both test device connectivity (although both
send back different types of responses). However, due to the variety of vendors and
equipment available to networks, one command may work with a particular vendor or
file server, while the other may not. If you are not experiencing success with ipx diag,
try ipx ping, and vice versa.
ipx ping <host ipx address>
Tests connectivity to the specified IPX device by sending out a data packet (echo message). If
connection is up, device responds with an echo reply.
host ipx address
IPX address for the host, in <network number>:<node number> format. The network number
is a hexadecimal number up to eight digits in length. The node number is the host’s MAC
address. For example, if the assigned network number of “AAAA,” and the host has a MAC
address of 40AA68965439. For this example, you would enter “AAAA:40AA68965439” for the
host IPX address.
Note: The ipx ping and the ipx diag commands both test device connectivity (although both
send back different types of responses). However, due to the variety of vendors and
equipment available to networks, one command may work with a particular vendor or
file server, while the other may not. If you are not experiencing success with ipx ping,
try ipx diag, and vice versa.
ipx rip stats
Displays the IPX RIP statistics. Refer to IPX RIP Statistics, for a list of available statistics and
their definitions.
ipx route
Displays the current routing table for the system, including static and learned routes.
ipx route stats
Displays routing table statistics, including maximum number of routes configured, and
ipx service
Displays the current routes to IPX services for the system, including static and learned routes.
ipx service stats
Displays the current service table statistics, including the maximum number of services this
ipx sap stats
Displays the IPX SAP statistics. Refer to IPX SAP Statistics, for a list of available statistics and
their definitions.
ipx spoof stats
Displays the IPX spoofing statistics. The IPX spoofing statistics displayed are self-explanatory.
ipx stats
Displays the IPX statistics. Refer to IPX General Statistics, for a list of available statistics and
their definitions.
Workgroup Remote Access Switch
543
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
ipx trigreq [device]
Generates a triggered RIP/ SAP update request to the specified device. You may use this
command to initiate an update request to synchronize with the routing database of a particular
WAN device.
ipx trigrip stats
ipx trigsap stats
ISDN USAGE COMMANDS
The following commands are used to display and clear ISDN B-channel monitoring information.
isdn usage
Displays the following ISDN B-channel monitoring information:
•
•
•
•
The number of ISDN B-channels available.
The number of ISDN B-channels in use.
The high-water mark for the number of ISDN B-channels in use.
The value which the number of ISDN B-channels in use must meet or exceed in order to
cause an isdnUsageHigh SNMP trap to be generated by the system.
The enabled status for the generation of the ISDN usage traps (isdnUsageHigh and isd-
nUsageNormal).
•
•
The elapsed time since the monitoring of the high-water mark began.
This information can help you determine if additional lines and/ or systems are necessary. For
example, the high water mark could be compared to the number of ISDN B channels available,
taking into consideration the elapsed time.
An example output from this command is as follows:
[System Name]> isdn usage
number of ISDN B channels available: 6
number of ISDN B channels in use:
high water mark:
isdnBChanUsage trap threshold:
generation of ISDN usage traps:
elapsed time:
3
5
5
enabled
3 days, 4 hrs, 12 min, 38 sec
isdn usage clear
Clears the B-channel high-water mark and elapsed time values. The purpose of this command
is to allow the user to reset the high-water mark to coincide with changes to the system and/
or the network or so that the user can monitor the high-water mark over desired time periods.
544
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
LAN Commands
LAN COMMANDS
The following commands are used to display current system LAN diagnostic information:
lan stats
Displays the current LAN packet forwarding statistics, including the number of frames
available statistics and their definitions.
lan stat clear
Clears the current LAN packet forwarding statistics.
lan test
Transmits a test message onto the LAN and test for proper LAN connections. If the transmit is
successful, the following message will be displayed:
LAN port <port #> Transmit was successful
failure.
LOG COMMANDS
The following commands control the report logging feature for the system’s subsystems.
log cdr display
Displays the local call detail recording report log.
log cdr erase
Erases the local call detail recording log report.
log cdr write
Writes the local CDR log to disk. The file is written to the \ LOG directory. The file name is
“CDR_LOG”. The file extension is .1, .2, and so on up to .10. The file extension cycles through
the extension values with each write command, similar to the current report log file and status
log file, so that the ten most recent versions of the CDR log are available on the system disk.
PACKET CAPTURE COMMANDS
In many applications, it is often desirable to monitor incoming LAN data. The pkt commands
will allow you to capture, display, save, and load bridged or routed data packets.
You must configure the terminal setting the same for Telnet and the terminal emulation package.
To do this, use the term setcommand.
Note: Packet capture commands are available for both local and remote (Telnet) connections.
The following diagnostic packet commands are available:
pkt [on/off]
Enables or disables the Packet Capture feature.
Workgroup Remote Access Switch
545
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
pkt capture [all/idle/reqd/pend/actv/none]
Specifies which packets will be captured by the Packet Capture feature. A definition of each
possible parameter follows.
all
All packets will be captured.
none
No packets will be captured.
reqd
Only packets causing a connection to be requested will be captured.
pend
Only packets received while a requested connection is pending will be captured.
idle
Only packets not causing a connection to be requested will be captured. This could be
caused by the destination site not being in the Initiate Connection List, or by the route not
being in the IP Routing Table.
The pkt capturecommand allows multiple connection modes to be specified on a single
command line. For example, the command:
pkt capture reqd pend
captures only packets that cause a connection to be requested and packets that were received
before the connection became active.
pkt load <filename>
Loads previously saved Packet Capture file into memory.
pkt save <filename>
Saves captured packets to a disk file. Full path names are allowed, for example:
A:MYPKT.DAT.
pkt display
Displays captured packets that have been collected via pkt onor via pkt load. Note that this
command is not supported for a Telnet session.
546
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
Packet Capture Commands
The following is an example pkt displayscreen:
Num
Time(mSEC) Len
Dest Addr
Source Addr
Type Conn
0001 0000000000 0064 00004440259C
0002 0000000000 0064 00004440259C
0003 0000000000 0064 00AA00302D25
0004 0000000000 0064 00AA00302D25
0005 0000001980 0064 00004440259C
0006 0000001980 0064 00004440259C
0007 0000001980 0064 00AA00302D25
0008 0000001980 0064 00AA00302D25
0009 0000003190 0028 001.001.001.001
0010 0000003190 0028 001.001.001.001
0011 0000003960 0064 00004440259C
0012 0000003960 0064 00004440259C
0013 0000003960 0064 00AA00302D25
0014 0000003960 0064 00AA00302D25
0015 0000004670 0064 FFFFFFFFFFFF
0016 0000004670 0064 FFFFFFFFFFFF
02608C4C0EAD
02608C4C0EAD
02608C4C0EAD
02608C4C0EAD
02608C4C0EAD
02608C4C0EAD
02608C4C0EAD
02608C4C0EAD
001.001.001.001
001.001.001.001
02608C4C0EAD
02608C4C0EAD
02608C4C0EAD
02608C4C0EAD
02608C4C0EAD
02608C4C0EAD
8137 PEND
8137 PEND
8137 PEND
8137 PEND
8137 PEND
8137 PEND
8137 PEND
8137 PEND
IP
IP
ACTV
ACTV
8137 PEND
8137 PEND
8137 PEND
8137 PEND
8137 PEND
8137 PEND
Hit <ESC> to Exit or <F1> for Help
It is possible to display packet details for a specific packet. To do so, use the keyboard’s arrow
keys to move the cursor to the desired packet number (on the “pkt display” screen); then press
<return> to display detailed information for that packet. The following screens are example
packet detail screens for various packet types.
NOVELL NetWare Packet Detail Screen
(Bridged Packet)
Packet Number
0015
Destination Address
FFFFFFFFFFFF
Received at Time
0000004670 mSEC
Packet Length
0064
Source Address
02608C4C0EAD
Novell IPX
EtherNet Type is 8137,
Check Sum
FFFF
Packet Length
0x0028
Network
Packet Type
00,???
Transport Ctl
00
Node
Socket
Destination
Source
0000AAA1
0000AAA1
FFFFFFFFFFFF
02608C4C0EAD
0453 RIP
0453 RIP
Routing Information Protocol Socket Header
00 02 00 00 FF FD 00 01 00 02
..........
Hit Escape to EXIT Packet Details
Workgroup Remote Access Switch
547
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Banyan Vines Packet Detail Screen
(Bridged Packet)
Packet Number
0021
Received at Time
0000022190 mSEC
Packet Length
0060
Destination Address
FFFFFFFFFFFF
Source Address
02608C9BED38
EtherNet Type is 0BAD,
VINES IP
Check Sum
Packet Length
0x001A
Protocol Type
04, ARP
D75D
Transport Control
Hop Count
0
0
Dest Network Dest SubNet
Source Network Source SubNet
00000000 0x0000
FFFFFFFF
FFFF
Packet Type
Query
Network Number
126697007
Subnetwork Number
0x9183
Hit Escape to EXIT Packet Details
IP Datagram Detail Screen
(Routed Datagram)
Packet Number
0009
Destination Address
001.001.001.001
Received at Time
Packet Length
0028
0000003190 mSEC
Source Address
001.001.001.001
45 00 1C 00 01 00 00 00 40 01 76 DD 01 01 01 01
01 01 01 01 08 00 C3 ED 34 12 00 00
E.......@.v.....
........4...
Hit Escape to EXIT Packet Details
While the “pkt display” is displayed on your monitor, you can display the following help
screen by entering “?”:
ESC
‘u’
‘d’
‘h’
‘e’
- Exit Menu
- Previous Menu
- Next Menu
- Top of Packet List
- End of Packet List
Enter - Display Packet Details
‘t’
‘m’
- Time Menu
- Marks Packet as Start Time
Cursor- to select an entry
Hit any key to exit Help
The time menu that is displayed when “t” is entered will enable you to toggle the time
increment to be in either Sec (seconds), mSec (milliseconds), or tSec (deciseconds).
When the packet marking option is used, all packet times will be displayed relative to that
marked packet. To mark a packet, use the arrow keys to move the cursor to the selected packet
number, then press "m" The time for that packet will be set to 0. All packets received before that
packet will have negative time values. All packets received after that marked packet will have
progressively higher positive time values.
548
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
RADIUS Commands
RADIUS COMMANDS
The following console commands may be used to diagnose problems with:
•
•
•
connections to the off-node RADIUS authentication server
CyberSWITCH configuration
authentication server device database entries
radius chap
Attempts an authentication session using CHAP. The following is an example display of the
screen.
[System Name]>radius chap
Enter the device name (<RET> to abort)? doe
Enter secret (<RET> to abort)? secret123
Send Radius Authentication Request... Please wait
Authentication Successful...
Device-Name:
doe
Framed-Address:150.001.001.001
Phone-Number: 1-800-555-1212
Phone-Subaddress:3456
Caller-Id:
2340823-098
Framed-Data-Rate:64KB
Framed-Protocol:PPP/IP
radius ifname
Attempts an authentication session using I/ F NAME LOOKUP. The following is an example
display of the screen.
[System Name]>radius ifname
INTERFACE NAME to determine route for (<RET> to abort)? left.CSX
Send Radius Authentication Request... Please wait
Authentication Successful...
Device-Name:
Framed-Address:
Phone-Number:
Framed-Data-Rate:
Framed-Protocol:
left.CSX
128.111.1.3
18005551212
64KB
PPP/IP
Framed-Route: 3.0.0.0 255.0.0.0 128.111.1.3 2 RAP(RIP-Always Propagate)
radius iphost
Attempts an authentication session using the IP Host resolution. The following is an example
display of the screen.
[System Name]>radius iphost
IP HOST id of the Host logging in (<RET> to abort)? 811145678234567812345678
Send Radius Authentication Request... Please wait
[AUTH] Warning code: 0002 Missing required attribute from server.
Framed-Data-Rate:
64KB
Missing attribute: Device-Name
Workgroup Remote Access Switch
549
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
radius ipres
Attempts an authentication session using the IP resolution. The following is an example
display of the screen.
[System Name]>radius ipres
IP Address of the Host logging in (<RET> to abort)? 19.63.4.5
Send Radius Authentication Request... Please wait
[AUTH] Warning code: 0001 Timeout.
radius macres
Attempts an authentication session using the MAC resolution. The following is an example
display of the screen.
[System Name]>radius macres
MAC Address of the Host logging in (<RET> to abort)? 0ab34252d546
Enter password? password123
Send Radius Authentication Request... Please wait
[AUTH] Warning code: 0002 Missing required attribute from server.
Caller-Id:
Framed-Data-Rate:
2340823-098
64KB
Missing attribute:
Device-Name
radius pap
Attempts an authentication session using PAP. The following is an example display of the
screen.
[System Name]>radius pap
Enter the device name (<RET> to abort)? doe
Enter password (<RET> to abort)? password123
Send Radius Authentication Request... Please wait
Authentication Rejected...
radius route
Attempts an authentication session using ROUTE LOOKUP. The following is an example
display of the screen.
[System Name]>radius route
IP Address to determine route for (<RET> to abort)? 3.3.3.3
Send Radius Authentication Request... Please wait
Authentication Successful...
Device-Name:
Framed-Address:
Phone-Number:
Framed-Data-Rate:
Framed-Protocol:
left.CSX
128.111.1.3
18005551212
64KB
PPP/IP
Framed-Route:3.0.0.0 255.0.0.0 128.111.1.3 2 RAP(RIP-Always Propagate)
550
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
SNMP Commands
SNMP COMMANDS
When the SNMP Agent is enabled on the CyberSWITCH, the following command is available:
snmp stats
statistics and their definitions.
TCP COMMANDS
TCP (Transmit Control Protocol) provides a connection-oriented reliable communication for
delivery of packets to a remote or on-node device. When the IP feature is enabled, the following
TCP commands are available:
tcp conns
Display the current TCP connection status with the following format:
lport
The local port number for this TCP connection.
fhost
The remote IP address for this TCP connection.
fport
The remote port number for this TCP connection.
window (l/r)
The current receive windows for the local and remote ends of this TCP connection.
tstate
The current state of this TCP connection.
outq (s/u)
The number of bytes that has been sent but not acknowledged yet and the number of bytes in
the output queue that has not been sent on this TCP connection.
tcp stats
Displays the current system TCP related statistics. Refer to TCP Statistics, for a list of available
statistics and their definitions.
TELNET COMMANDS
These commands are Telnet client console commands. These commands provide tools for you
when you are using the system as a Telnet client. As a Telnet client, the CyberSWITCH can then be
used to Telnet into another CyberSWITCH to perform system maintenance, for example, updating
configuration information. These commands are not needed for a Telnet session as a rule, but may
be beneficial for some users. For more information regarding the system’s Telnet client feature,
Workgroup Remote Access Switch
551
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
telnet ?
Displays the help screen for the telnetcommand. The help screen provides the syntax for the
command described below.
telnet <ip-address> [port number]
Begins a Telnet session for the Telnet host at the indicated IP address. The port number is an
optional parameter that can be used to specify the destination port number. Include this
parameter if you wish to connect to a port other than the default port number, 23.
telnet
The telnet command used with no arguments, as opposed to the above command, puts you in
the Telnet command mode. Once you are in the Telnet command mode, the following
commands are then available.
close
Used to close the current Telnet connection to a target host.
exit
Closes the current Telnet session. If a connection exists to a target host, it is gracefully
closed.
open
Used to establish a Telnet session with a target host. You can enter the IP address of the
target host, and optionally, the remote port number, to connect to. If no remote port number
is specified, the default Telnet port is used (23). The valid range for port number is 1 to
65535. The IP address specified is verified for proper format.
If a Telnet session is successfully initiated as a result of the opencommand, a screen similar
to the following will be displayed:
telnet>open 204.157.42.150
Trying 204.157.42.150...
Connected to 204.157.42.150.
Escape character is ‘^]’.
If an IP address (and port) are not specified on the “open” command line, you will be
prompted for the target host’s IP address.
send [send parameter]
Used to send special Telnet control functions to the currently connected target host. A
connection must be fully established before you can send anything. If no parameters are
specified on the sendcommand line, the following help message is displayed:
[System Name]>send
Available send commands:
ayt
- Send "Are You There?" request to server
- Send "Break" request to server.
- Send current "escape" character to server.
- Send "Synch" signal to server.
break
escape
synch
?
- Display this help information.
552
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
Telnet Commands
The possible send parameters are defined as follows:
send ayt
The send aytcommand sends the Telnet command function for “Are You There?” to the
target host. This can be used to determine whether or not the target host is still responding.
The target host is not required to respond to “are you there?" requests, but if it does, you
should see something like the following:
[System Name]>send ayt
[Yes]
send break
The “send break” command sends the Telnet command function for “BREAK” to the target
host. This can be used to interrupt the current command in progress on the target host. For
example: If the target host is currently streaming out a large directory listing, you can issue
the send breakcommand to terminate the directory command. Once again, this
functionality is dependent upon the target host’s processing of the “BREAK” control
function.
send escape
The send escapecommand sends the current escape character for the Telnet session. If
the connection between the local terminal and the remote server is made up of more than
1 individual Telnet connection, this command may be used to “escape” into command
mode of one of the intermediate Telnet connections.
send synch
The send synchcommand sends the Telnet “SYNCH” signal (the “DM” control function
as TCP urgent data) to the target host. This command may be useful when trying correct a
situation where the target host appears to be in an atypical state of processing.
set
The setcommand can be used to set certain operating parameters for the current Telnet
session. The format of the setcommand is set <name><value>; where <name> is the
parameter to be set, and <value> is what the parameter should be set equal to.
If no parameters are specified on the “set” command line (or if “set?” is entered), the
following help message is displayed:
[System Name]>set
Available set commands:
escape - Character used to escape back to TELNET command mode.
?
- Display this help information.
The set escapecommand can be used to change the “escape” character for the current
Telnet session. This command may be useful when a device is connected to a target host,
using several different Telnet connections. By changing the escape character to a value
other than the default (<CTRL>), the user can return to Telnet “command” mode for a
particular session.
Typically, Telnet “escape” characters have the form ‘<CTRL><char>‘ (i.e., the CTRL key +
some other key must be pressed). The <value> parameter for the “set escape” command
may have any of the following values:
Workgroup Remote Access Switch
553
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
•
•
<CTRL><char>, where <char> is in the range of ASCII 'A' to ASCII '_'
<CTRL><char>, where <char> is in the range of ASCII 'a' to ASCII 'z' (note that lower
case letters are converted to upper case before they are used)
•
<char>, where <char> is in the range of ASCII '!' to ASCII '~'
To specify the <CTRL> key in the set escapecommand, use the ’>’ character. The
following is an example of setting the escape character equal to ‘<CTRL> P’:
[System Name]>set escape ^P
Escape character is ‘^P’.
status
The statuscommand can be used to interrogate information about the current Telnet
session.
toggle
The togglecommand can be used to set various operating parameters for the current
Telnet session. Currently, the only parameter available is debug.
If no parameters are specified on the togglecommand line (or if toggle ?is entered),
the following help message is displayed:
[System Name]>toggle
Available toggle commands:
debug - Turn TELNET debug mode on or off.
?
- Display this help information.
The toggle debug command allows you to turn the Telnet debug mode on or off. If the
debug mode is turned on, messages beginning with “[TELNET-C]” may appear in the
system log file. Most users will not find these messages helpful. If you have difficulty with
the system Telnet client feature, we suggest you call your Distributor or Customer Support.
TERMINAL COMMANDS
The CyberSWITCH supports two terminal types: vt100 and ANSI. When a Telnet connection is
established, the system attempts to negotiate the terminal type. When the negotiation fails, the
system sets the terminal type to vt100.
To successfully issue the pkt display, semi perm, and mccommands, you must have the
terminal type set identically for both the Telnet emulator and the terminal emulation. To do this,
use the term setcommand.
The following commands are used to display the terminal type currently in use or to set the
terminal type.
term
Displays the terminal type name.
term set <terminal type>
Allows you to set the terminal type. You may set the terminal type to either vt100 or ANSI.
554
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
TFTP Commands
TFTP COMMANDS
The TFTP feature and its commands are only available when IP routing is enabled. The TFTP
feature and file access are enabled by default when the system software is installed. Using the
Manage Mode, configuration changes may be made that will limit file access. The following TFTP
commands are available:
tftp get
Allows you to perform the “TFTP GET” operation locally from the console through the TFTP
Client function. The following is an example display of a TFTP GET screen.
> TFTP GET
>IP Address of the Host containing the file
(<RET> to abort)? 19.233.45.33
>Enter the name of the local file to write (including the full path)?
(<RET> to abort)? \config\config.nei
>Enter the name of the remote file (including the full path)
(<RET> for same as local)? <RET>
Enter the mode (BIN [binary] or ASC [ascii])
<RET> for ascii? bin
Receiving File... Please wait
File Transfer Complete...
tftp kill <session Id>
Allows you to kill a TFTP session. The session Id must be included in this command. To obtain
the session Id, issue the tftp sessioncommand which displays the TFTP session
information.
tftp put
Allows you to perform the TFTP PUT operation locally from the console through the TFTP
Client function. The following is an example display of a TFTP PUT screen.
> TFTP PUT
>IP Address of the Host to receive the file
(<RET> to abort)? 19.233.45.33
>Enter the name of the local file to send (including the full path)
(<RET> to abort)? \config\config.nei
>Enter the name for the remote file (including the full path)
(<RET> for same as local)? <RET>
Enter the mode (BIN [binary] or ASC [ascii])
<RET> for ascii? bin
Sending File... Please wait
File Transfer Complete...
tftp session
Displays the TFTP session information of active TFTP sessions. To get detailed information on
a specific session, enter the session’s Id number when prompted. You can not display the
Workgroup Remote Access Switch
555
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
session information for a TFTP session that has terminated. The screen below illustrates the use
of this command.
> TFTP SESSION
Id Sess-Id Local file
Type/Mode
Bytes Xmit Retries
----------------------------------------------------------
1
2
3
5 temp.txt
6 tmp
7 text.txt
Client/Put
Server/Get
Server/Put
12752
423
8481
1
0
0
Select the ID of the TFTP Session to display or <RET> to cancel? 2
TFTP Session ID:
Type:
Mode:
6
Server
Get
Local Address:
Local File:
190.5.6.8
c:\tmp
190.5.6.11 (UDP Port: 5011)
N/A
netascii
935
(UDP Port: 5001)
Remote Address:
Remote File:
Transfer Mode:
Bytes Transferred:
Bytes Remaining:
Total Retries:
1145723
0
tftp stats
statistics and their definitions.
TRACE COMMANDS
Note: For an explanation regarding the output resulting from the family of trace commands, refer
The following commands are used to enable and disable trace reporting information:
trace ipxwan [on/off]
Enables or disables the IPXWAN tracing option, which tracks all packets which are received or
sent out using IPXWAN protocol, and places this information in the system log. To display the
log file, issue the drcommand. This option is initially disabled.
trace lapb [on/off]
Enables or disables the LAPB data link information packet tracing option. This feature displays
up to 15 octets of the packet. To display the log file, issue the drconsole command. This option
is initially disabled.
trace [on/off]
Enable or disables the call trace information reports. If enabled, you can then view the logged
call trace information by issuing the drcommand. For details on call trace messages, refer to
trace ppp [on/off]
Enables or disables the tracing of incoming and outgoing PPP packets. If enabled, you can view
the trace PPP information by issuing the drcommand.
556
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
UDP Commands
trace x25 [on/off]
Enables or disables the X.25 packet tracing option. This feature displays up to 15 octets of the
packet. To display the log file, issue the drconsole command. This option is initially disabled.
wan fr-ietf trace [on/off] [in/out] [device/fr_accessname_dlci] [prot]
Enables or disables the tracing of incoming and out going frame relay IETF packets. This
feature displays the direction of the packet, the device or PVC name, the line protocol, and up
to 15 octets of the packet. To display the log file, issue the drconsole command. This option is
initially disabled.
UDP COMMANDS
UDP (User Datagram Protocol) provides a datagram mode of communication for delivery of
packets to a remote or on-node device. When the system’s IP operating mode is enabled, the
following UDP commands are available:
udp conns
Displays the current UDP connection status.
udp stats
statistics and their definitions.
USER LEVEL SECURITY COMMANDS
The following console commands are available to provide information on the authentication
servers for user level security. They may be used to diagnose the following problems with:
•
•
•
connections to an off-node authentication server
CyberSWITCH configuration
authentication server user database entries
sentry log
This command acts as a toggle switch, enabling or disabling user authentication rejection
messages. If enabled, authentication rejection messages (identifying users who generated the
messages) are written to the log file. To display the log file, issue the drconsole command. This
option is initially disabled.
sentry status
Displays current Sentry status. This includes whether or not trace is enabled, as well as the
status and port number of each authentication server on the system.
sentry tacacs
Attempts an authentication session using TACACS. The system will report whether the
authentication attempted was successful or rejected.
sentry radius
Attempts an authentication session using RADIUS. The system will report whether the
authentication attempted was successful or rejected.
Workgroup Remote Access Switch
557
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
sentry ace
Attempts an authentication session using ACE. The system will report whether the
authentication attempted was successful or rejected.
WAN COMMANDS
The following commands are used to display current system WAN diagnostic information:
wan fr-ietf stats [device/fr_accessname_dlci] [prot]
list of available statistics and their definitions.
wan stats
their definitions.
X.25 COMMANDS
The following commands are used to display information concerning both the status and traffic
statistics of a particular X.25 connection. A command is also available to allow the X.25 and LAPB
packet tracing options to be enabled or disabled.
trace lapb [on/off]
Enables or disables the LAPB data link information packet tracing option. This feature displays
up to 15 octets of the packet. To display the log file, issue the drconsole command. This option
is initially disabled.
trace x25 [on/off]
Enables or disables the X.25 packet tracing option. This feature displays up to 15 octets of the
packet. To display the log file, issue the drconsole command. This option is initially disabled.
x25 clear
Clears the statistics counters associated with the x25 stat command for the currently
selected access and LCN.
x25 clearall
Clears all statistics associated with the x25 stat command for the currently selected access
and LCN.
x25 display [access name]
Displays the configuration for the default X.25 access if no access name is specified. If an access
name is specified, the configuration for that access is displayed. Note that this also includes any
configuration information of any PVCs associated with this access.
x25 l <LCN “m”>
The “l” option will set the Logical Channel Number (LCN) index specified by “m” as the
default LCN for subsequent commands entered without an explicit LCN specifier. LCN “m”
will remain the default LCN until the default is changed through reissuing the x25 l <lcn
“m”>command.
558
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM COMMANDS
X.25 Commands
x25 a <access name>
The “a” option will set the access name specified by <access name>as the default access for
subsequent commands entered without an explicit access specifier. This access name will
remain the current access, until it is changed through issuing another x25 a <access name>
command.
Note: This command may be used with all other x25 commands. For example, x25 a acc1
vcwould be a valid command, changing the default X.25 access to “acc1”, and would
display virtual circuit information for the X.25 access named “acc1”.
x25 stats
available statistics and their definitions.
x25 vc <LCN>
Sets the default virtual circuit (VC) by specifying the VC’s LCN. This VC will be the default for
subsequent vccommands. This VC will remain the default VC, until it is changed through
issuing another x25 vc <LCN>command.
x25 vc active
Displays a list of all active VCs for the default X.25 access and LCN.
x25 vc clear
Clears the statistics for the default VC.
x25 vc stats
Displays the statistics for the default VC. Refer to X.25 Statistics for a list of available statistics
and their definitions.
Workgroup Remote Access Switch
559
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
OVERVIEW
Statistics can either be generated by issuing the ds command to display the set of statistics known
as the System Statistics, or by issuing a specific command to display statistics in a specific category.
In addition to using the dscommand to display the system statistics, they are also automatically
written to a statistics log every 30 minutes. The statistics are stored in the following location:
Directory:
File Name:
\log
stat_log.nn
(“nn” is an integer that is incremented each time a new file is written.
The first set of statistics, System Statistics, are arranged by function. These are:
The rest of the statistics are arranged in alphabetical order. These statistics pertain to specific
features. The statistics you choose to display will depend on which system options you have
enabled. These statistics provide valuable information.
CONNECTIVITY STATISTICS
You can access Network Connectivity statistics by issuing the dsconsole command.
ISDN_Re-try
Retry count for re-establishing the data link after it fails.
ID_Re-try
Retry count for exchanging identification messages with a remote CyberSWITCH.
ID_Fail
Failure count for exchanging identification messages with a remote CyberSWITCH.
WAN_Reset
Reset count for the resetting of the WAN adapters.
CALL RESTRICTION STATISTICS
The system keeps a tally of the following Call Restriction statistics. These statistics can be compared
to the limits you have configured. These statistics can be displayed by issuing the cr stats or
the ds command at the administration console.
call minutes (day)
The total call minutes that have been logged for the day.
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
Call Statistics
call minutes (month)
The total call minutes that have been logged for the month.
calls (day)
The total number of calls that have been made for the day.
calls (month)
The total number of calls that have been made for the month.
CALL STATISTICS
You can access these statistics by issuing the dsconsole command.
Initiated
The number of switched calls initiated.
Completed
The number of switched call attempts that were completed successfully.
Re-tries
The number of switched call retries.
NoResource
The number of switched call requests that could not be completed because of a call resource
shortage. This could be a shortage on the requesting side or the receiving side.
THROUGHPUT MONITORING STATISTICS
You can access these statistics by issuing the dsconsole command.
Overload
The number of bandwidth overload conditions.
Underload
The number of bandwidth underload conditions.
Idle
The number of idle conditions that caused the last switched connection to be disconnected.
Workgroup Remote Access Switch
561
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
APPLETALK STATISTICS
You may display AppleTalk protocol statistics (subdivided into six subgroups) and AppleTalk port
statistics.
You can display all six subgroups of the AppleTalk protocol statistics by issuing the atalk stats
command, or you can display the individual subgroups by adding an extra variable to the atalk
statscommand.
You can display the AppleTalk port statistics by issuing the atalk port statsconsole
APPLETALK PROTOCOL STATISTICS
The six subgroups of AppleTalk protocol statistics are:
•
•
•
•
•
•
AppleTalk DDP Statistics
AppleTalk AEP Statistics
AppleTalk RTMP Statistics
AppleTalk ZIP Statistics
AppleTalk NBP Statistics
AppleTalk ATP Statistics
We include a section of available statistics and their definitions for each subgroup.
APPLETALK DATA DELIVERY PROTOCOL (DDP) STATISTICS
You can display this subgroup of AppleTalk statistics by issuing the atalk stats ddpconsole
command.
ddpOutRequests
The total number of DDP datagrams which were supplied to DDP by local DDP clients in requests
for transmission. Note that this counter does not include any datagrams counted in
ddpForwRequests.
ddpOutShorts
The total number of short DDP datagrams which were transmitted from this system.
ddpOutLongs
The total number of long DDP datagrams which were transmitted from this system.
ddpInReceives
The total number of input datagrams received by DDP, including those received in error.
ddpInLocalDatagrams
The total number of input DDP datagrams for which this system was their final DDP destination.
ddpNoPrtclHandlers
The total number of DDP datagrams addressed to this system that were addressed to an upper
layer protocol for which no protocol handler existed.
562
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
AppleTalk Statistics
ddpTooShortErrors
The total number of input DDP datagrams dropped because the received data length was less than
the data length specified in the DDP header or the received data length was less than the length of
the expected DDP header.
ddpTooLongErrors
The total number of input DDP datagrams dropped because they exceeded the maximum DDP
datagram size.
ddpShortDDPErrors
The total number of input DDP datagrams dropped because this entity was not their final
destination and their type was short DDP.
ddpChecksumErrors
The total number of input DDP datagrams for which this DDP entity was their final destination,
and which were dropped because of a checksum error.
ddpFwdingTblOverflws
The number of times this system attempted to add an entry to the forwarding table but failed due
to overflow.
ddpForwRequests
The number of input datagrams for which this system was not their final DDP destination, as a
result of which an attempt was made to find a route to forward them to that final destination.
ddpOutNoRoutes
The total number of DDP datagrams dropped because a route could not be found to their final
destination.
ddpBroadcastErrors
The total number of input DDP datagrams dropped because this system was not their final
destination and they were addressed to the link level broadcast.
ddpHopCountErrors
The total number of input DDP datagrams dropped because this system was not their final
destination and their hop count would exceed 15.
APPLETALK ECHO PROTOCOL (AEP) STATISTICS
You can display this subgroup of AppleTalk statistics by issuing the atalk stats echoconsole
command.
atechoRequests
The number of AppleTalk Echo requests received.
atechoReplies
The number of AppleTalk Echo replies sent.
atechoOutRequests
The count of AppleTalk Echo requests sent.
Workgroup Remote Access Switch
563
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
atechoInReplies
The count of AppleTalk Echo replies received.
APPLETALK ROUTING TABLE MAINTENANCE PROTOCOL (RTMP) STATISTICS
You can display this subgroup of AppleTalk statistics by issuing the atalk stats rtmpconsole
command.
rtmpInDataPkts
A count of the number of good RTMP data packets received by this system.
rtmpOutDataPkts
A count of the number of RTMP packets sent by this system.
rtmpInRequestPkts
A count of the number of good RTMP Request packets received by this system.
rtmpNextIREqlChanges
A count of the number of times RTMP changes the Next Internet Router in a routing entry because
the hop count advertised in a routing table was equal to the current hop count for a particular
network.
rtmpNextIRLesChanges
A count of the number of times RTMP changes the Next Internet Router in a routing entry because
the hop count advertised in a routing table was less than the current hop count for a particular
network.
rtmpRouteDeletes
A count of the number of times RTMP deletes a route because it was aged out of the table. This can
help to detect routing problems.
rtmpRoutingTblOvflws
The number of times RTMP attempted to add a route to the RTMP table but failed due to lack of
space.
APPLETALK ZONE INFORMATION PROTOCOL (ZIP) STATISTICS
You can display this subgroup of AppleTalk statistics by issuing the atalk stats zipconsole
command.
zipInZipQueries
The number of ZIP Queries received by this system.
zipInZipReplies
The number of ZIP Replies received by this system.
zipInZipExtReplies
The number of ZIP Extended Replies received by this system.
564
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
AppleTalk Statistics
zip ZoneConflctErrors
The number of times a conflict has been detected between this entity’s zone information and
another system’s zone information.
zipInObsoletes
The number of ZIP Takedown or ZIP Bringup packets received by this system. Note that as the ZIP
Takedown and ZIP Bringup packets have been obsoleted, the receipt of one of these packets
indicates that a node sent it in error.
APPLETALK NAME BINDING PROTOCOL (NBP) STATISTICS
You can display this subgroup of AppleTalk statistics by issuing the atalk stats nbpconsole
command.
nbpInLookUpRequests
The number of NBP LookUp Requests received.
nbpInLookUpReplies
The number of NBP LookUp Replies received.
nbpInBroadcastReqs
The number of NBP Broadcast Requests received.
nbpInforwardRequests
The number of NBP Broadcast Requests received.
nbpOutLookUpReplies
The number of NBP LookUp Replies sent.
nbpRegistrationFails
The number of times this node experienced a failure in attempting to register an NBP system.
nbpInErrors
The number of NBP packets received by this system that were rejected for any error.
APPLETALK TRANSACTION PROTOCOL (ATP) STATISTICS
You can display this subgroup of AppleTalk statistics by issuing the atalk stats atpconsole
command.
atpInPkts
The number of ATP packets received by this entity.
atpTRequestRextmis
The number of times that a timeout occurred and a Transaction Request packet needed to be
retransmitted by this host.
atpReleaseTmExpCnts
The number of times the release timer expired, as a result of which a Request Control Block had to
be deleted.
Workgroup Remote Access Switch
565
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
atpRetryCntExceeds
The number of times the retry count was exceeded, and an error was returned to the client of ATP.
APPLETALK PORT STATISTICS
You can display the AppleTalk port statistics by issuing the atalk port statsconsole
command.
portInPackets
The number of AppleTalk packets received on this port by this system.
portOutPackets
The number of AppleTalk packets sent out on this port by this system.
zipInGetNetInfos
The number of ZIP GetNetInfo packets received on this port by this system.
zipOutGetNetInfos
The number of ZIP GetNetInfo packets sent out this port by this system.
zipInGetNetInfoReplies
The number of ZIP GetNetInfo Reply packets received on this port by this system.
zipOutGetNetInfoReplies
The number of ZIP GetNetInfo Reply packets sent out this port by this system.
zipZoneInInvalids
The number of times this system has received a ZIP GetNetInfo Reply with the zone invalid bit set
because the corresponding GetNetInfo Request had an invalid zone name.
zipZoneOutInvalids
The number of times this system has sent a ZIP GetNetInfo Reply with the zone invalid bit set in
response to a GetNetInfo Request with an invalid zone name.
zipAddressInvalids
The number of times this system had to broadcast a ZIP GetNetInfo Reply because the GetNetInfo
Request had an invalid address.
zipInErrors
The number of ZIP packets received by this system that were rejected for any error.
566
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
Bridge Statistics
BRIDGE STATISTICS
The system collects bridge statistics for each LAN port and for WAN connections. These bridge
statistics include information on the number of frames received, forwarded, discarded or
transmitted. If the system is configured for two LAN ports, there is a line of counters for each LAN
port. However, the WAN counters are totaled for all WAN ports.
Display bridge statistics by issuing the br statscommand at the administration console:
Received
Number of frames received from a LAN port or WAN connection.
Forwarded
Number of frames received from LAN port 1 or LAN port 2 or all WAN ports and processed for
transmission to the proper networks. Discarded frames are not forwarded for transmission.
Discarded
Number frames received and then discarded (i.e., not forwarded to another LAN port or WAN
connection).
Transmit
Number of frames sent out through LAN port 1 or LAN port 2 or all WAN ports to connected
networks.
Note: Forward refers to the passing of a received frame from one port to another within the
CyberSWITCH. A frame can be received on any port (LAN or WAN) and forwarded to any
other port, unless it is discarded. A forwarded frame is one which is not deliberately
discarded (for example, via filters) by the CyberSWITCH. Once the frame gets to the new
port, it is usually transmitted. However, it may not be transmitted, such as when a packet is
forwarded to a WAN port, but no connection is up on that port.
CALL DETAIL RECORDING STATISTICS
You can access these statistics by issuing the cdr stats command.
OutOfBuffer
The number of times a buffer was unavailable to send a CDR report record. In this case, the
intended record is discarded. The OutOfBuffer counter reflects the number of CDR records that
have been discarded.
Connects
This counter reflects the number of connect events that have occurred since the system was loaded.
This is an unsigned long integer; it will wrap after 0FFFFFFFF hex or 4,294,967,295 decimal.
Disconnects
This counter reflects the number of disconnect events that have occurred since the system was
loaded. This is an unsigned long integer; it will wrap after 0FFFFFFFF hex or 4,294,967,295 decimal.
Rejects
This counter reflects the number of reject events that have occurred since the system was loaded.
This is an unsigned long integer; it will wrap after 0FFFFFFFF hex or 4,294,967,295 decimal.
Workgroup Remote Access Switch
567
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
COMPRESSION STATISTICS
The system collects the following compression statistics for each active compression connection.
These statistics can be displayed by issuing the cmp stats or the cmp stats <device name>
command at the administration console. The cmp stats command will display the compression
statistics for all active connections. The cmp stats <device name>command will display the
compression statistics for the specified device. Note that the device name is case sensitive.
Note: When using PPP, it is possible that CCP can open with no agreed upon compression
algorithm in one or both directions. In such cases, the connection is considered to be
running with compression, and will consequently be picked up by the CMP command.
However, the ratios and counters for the direction(s) without an actual compression
algorithm negotiated will not indicate any effective compression or decompression.
COMPRESSION RELATED STATISTICS
cmp ratio
The number of uncompressed bytes divided by the number of compressed bytes.
uncmp Kbytes
The total number of uncompressed kilobytes received.
cmp Kbytes
The total number of compressed kilobytes sent.
total cmp reset count
The total number of compression resets (peer and System sent resets).
peer sent resets
The number of compression resets sent from peer devices.
system sent resets
The number of decompression resets sent from the System.
dropped pkts
The number of dropped packets that could not be queued.
DECOMPRESSION RELATED STATISTICS
dmp ratio
The number of decompressed bytes divided by the number of compressed bytes.
dmp Kbytes
The total number of decompressed kilobytes sent.
cmp Kbytes
The total number of compressed kilobytes sent.
568
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
DHCP Statistics
total dmp reset count
The total number of decompressed resets (peer and System sent resets).
peer sent resets
The number of decompression resets sent from peer devices.
system sent resets
The number of decompression resets sent from the System.
dropped pkts
The number of dropped packets that could not be queued.
fcs errors
The number of frame checksum errors.
DHCP STATISTICS
Access DHCP statistics by using the dhcp stats command. The DHCP statistics are grouped into
Common DHCP statistics (relevant to both DHCP Relay Agent and DHCP Proxy Client),
DHCP Relay Agent statistics and DHCP Proxy Agent statistics.
COMMON DHCP STATISTICS
Msgs rcvd on BOOTPS port
Total number of UDP datagrams received on the BOOTPS UDP port. These datagrams have not
been through the initial DHCP packet consistency checks yet. If packets pass these checks, they will
be dispatched to either the DHCP Relay Agent or the DHCP Proxy Client.
Msgs rcvd on BOOTPC port
Total number of UDP datagrams received on the BOOTPC UDP port. These datagrams have not
been through the initial DHCP packet consistency checks yet. If packets pass these checks, they will
be dispatched to the DHCP Proxy Client.
BOOTPS msgs sent to Relay
Number of datagrams received on the BOOTPS port which passed the initial consistency checks,
and were delivered to the DHCP Relay Agent.
BOOTPS msgs sent to Proxy
Number of datagrams received on the BOOTPS port which passed the initial consistency checks,
and were delivered to the DHCP Proxy Client.
BOOTPS msgs discarded
Number of datagrams received on the BOOTPS port which were discarded without being
dispatched to either the DHCP Proxy Client or the DHCP Relay Agent. Normally, any datagrams
the Proxy Client does not want are forwarded to the Relay Agent. But if the Relay Agent is not
enabled, these datagrams are discarded.
DHCP/BOOTP msg too small
Stat incremented whenever a DHCP/ BOOTP message is received with a total length less than the
minimum BOOTP header length. Messages that are too small are discarded.
Workgroup Remote Access Switch
569
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
DHCP/BOOTP invalid’op’
Stat incremented whenever a DHCP/ BOOTP message is received with an’op’ field that is not equal
to either BOOTREQUEST or BOOTREPLY. These messages are discarded.
DHCP RELAY AGENT STATISTICS
BOOTREQUEST msgs rcvd
Incremented whenever the system identifies a UDP datagram as a DHCP/ BOOTP
BOOTREQUEST message. This datagram has passed the initial consistency checks.
BOOTREQUEST msgs rlyd
Incremented whenever the system has successfully “relayed” a BOOTREQUEST message to a
configured destination (i.e., another Relay Agent, or a DHCP/ BOOTP server).
BOOTREQUEST no dests cfg
Number of DHCP/ BOOTP BOOTREQUEST messages received by the DHCP Relay Agent that
were discarded due to the fact that there weren’t any relay destination addresses configured.
BOOTREQUEST over max hops
Incremented whenever the DHCP Relay Agent has received a DHCP/ BOOTP BOOTREQUEST
message with a ’hops’ field that has exceeded the maximum allowable value. These messages are
discarded.
BOOTREQUEST no giaddr I/F
Number of DHCP/ BOOTP BOOTREQUEST messages received by the DHCP Relay Agent with
’giaddr’ fields of ’0.0.0.0’ that were discarded due to the fact that they were received over
unnumbered interfaces. It will not be possible to return a reply to the client, since we have not
determined on which network interface the client is located.
BOOTREQUEST bad rly dest
Number of DHCP/ BOOTP BOOTREQUEST messages received by the DHCP Relay Agent that
were discarded due to the fact that the Relay Agent must not rebroadcast messages on the same
network interface on which they were received.
BOOTREQUEST msg too big
Number of times that the DHCP Relay Agent aborted sending a BOOTREQUEST message due to
the fact that the message was too big to fit into a buffer allocated from the Relay Agent’s transmit
buffer pool.
BOOTREQUEST no buffer
Incremented whenever the DHCP Relay Agent cannot successfully get a buffer from the Relay
Agent’s transmit buffer pool when trying to relay BOOTREQUEST messages to multiple
destinations.
BOOTREQUEST xmit fail
Number of UDP subsystem errors returned to the DHCP Relay Agent while it was trying to send
BOOTREQUEST messages to configured destinations.
BOOTREPLY msgs rcvd
Incremented whenever the system identifies a UDP datagram as a DHCP/ BOOTP BOOTREPLY
message. This datagram has passed the initial consistency checks.
570
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
DHCP Statistics
BOOTREPLY msgs rlyd
Number of BOOTREPLY messages that were successfully relayed to DHCP/ BOOTP clients.
BOOTREPLY bad ’giaddr’:
Number of DHCP/ BOOTP BOOTREPLY messages that were discarded by the DHCP Relay Agent
because the ’giaddr’ (gateway IP address) field could not be mapped to one of the system’s IP
network interfaces.
BOOTREPLY arp_add0 fail
Number of times that the DHCP/ BOOTP Relay Agent failed to add a client’s IP address/ hardware
address pair to the ARP table. When this occurs, an attempt is still made to send the BOOTREPLY
to the client.
BOOTREPLY xmit fail
Number of UDP subsystem errors returned to the DHCP Relay Agent while it was trying to send
BOOTREPLY messages to DHCP clients.
DHCP PROXY CLIENT STATISTICS
DHCPDISCOVERS sent
Incremented whenever the DHCP Proxy Client has successfully broadcasted a DHCPDISCOVER
message.
DHCPDISCOVERS xmit fail
Incremented whenever an unsuccessful result is returned from UDP, when the DHCP Proxy Client
was trying to broadcast a DHCPDISCOVER message.
DHCPREQUESTS sent
Incremented whenever the DHCP Proxy Client has successfully sent a DHCPREQUEST message.
DHCPREQUEST xmit fail
Incremented whenever an unsuccessful result is returned from UDP, when the DHCP Proxy Client
was trying to send a DHCPREQUEST message.
DHCPRELEASEs sent
Incremented whenever the DHCP Proxy Client has successfully sent a DHCPRELEASE message.
DHCPRELEASE xmit fail
Incremented whenever an unsuccessful result is returned from UDP, when the DHCP Proxy Client
was trying to send a DHCPRELEASE message.
DHCPDECLINE sent
Incremented whenever the DHCP Proxy Client has successfully sent a DHCPDECLINE message.
DHCPDECLINE xmit fail
Incremented whenever an unsuccessful result is returned from UDP, when the DHCP Proxy Client
was trying to send a DHCDECLINE message.
DHCPOFFERSs recd
Incremented whenever the DHCP Proxy Client has received a DHCPOFFER message from a DHCP
server.
Workgroup Remote Access Switch
571
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
DHCPACKs rcvd
Incremented whenever the DHCP Proxy Client has received a DHCPACK message from a DHCP
server.
DHCPNAKs rcvd
Incremented whenever the DHCP Proxy Client has received a DHCPNAK message from a DHCP
server.
Invalid DHCP pkts rcvd
Incremented whenever the DHCP Proxy Client encounters a DHCP message that is invalid due to
either of the following:
•
•
the ’op’ field is not equal to BOOTREPLY
the DHCP ’special field’ is not found at the beginning of the options field
When this occurs, the packet is silently discarded.
Invalid XID rcvd
Incremented whenever the DHCP Proxy Client manager receives a DHCP message with a
transaction ID that was not reserved by any of the underlying DHCP client invocations. When this
occurs, the packet is silently discarded.
No xmt buffer available
Incremented whenever the DHCP Proxy Client cannot successfully get a buffer from the Proxy
Client’s transmit buffer pool. This can happen whenever we are trying to send BOOTREQUEST
messages to a DHCP server.
FRAME RELAY STATISTICS
You can access these statistics by issuing the fr statsconsole command. The statistics displayed
will be associated with the currently selected Access and DLCI.
ACCESS RELATED STATISTICS
Access State
The condition of the Frame Relay Access. Possible values are TERMINATED, INIT, UP, and
DOWN. The definitions for the possible values are as follows:
TERMINATED
The access state entered when the access is dynamically removed.
INIT
The access state entered when the access is first initialized. The access has entered the LMI
dialogue phase, but has not yet received an appropriate LMI STATUS message response.
UP
The access state entered when the access either has no LMI, or the LMI message exchange
is confirmed.
DOWN
The access state entered when the access has been lost due to layer 1 loss, or after no
response has been received on the LMI link.
572
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
Frame Relay Statistics
# Line Ready Count
The number of times the physical link underlying the Frame Relay Access has become “ready” for
use.
# Line Not Ready Count
The number of times the physical link underlying the Frame Relay Access has become unusable.
# Frames Received
The total number of frames received on the Frame Relay Access. This is the sum of the number of
frames received on each PVC associated with this access.
# Frames Sent
This item refers to the total number of frames sent on the Frame Relay Access. This is the sum of
the number of frames sent on each PVC associated with this access.
# Bytes Received
The total number of bytes received on the Frame Relay Access. This is the sum of the number of
bytes received on each PVC associated with this access.
# Bytes Sent
The total number of bytes sent on the Frame Relay Access. This is the sum of the number of bytes
sent on each PVC associated with this access.
# Reset Rx Seq
The number of times the receive sequence variable had to be reset. This event occurs when a receive
sequence number of ‘0’ is received from the network.
# Reset Tx Seq
The number of times the transmit sequence variable had to be reset. This event occurs when a
transmit sequence number of ‘0’ is received from the network.
# Lost Rx Seq
The number of times a receive frame was lost. This event is indicated by a break in the receive
sequence numbers of received frames (i.e., the receive sequence number of a particular receive
frame did not compare with the software’s expected receive sequence number).
# Lost Tx Seq
The number of times a transmit frame was lost. This event is indicated by a break in the transmit
sequence numbers of received frames (i.e., the transmit sequence number of a particular receive
frame did not compare with the software’s expected transmit sequence number).
# Lost Rx Frame
Related to the “# Lost Rx Seq” counter in that it represents the number of actual lost frames, not just
the number of times a frame (or frames) was lost.
# Invalid Frame Size
The number of times a frame is discarded because it exceeded the maximum frame size supported
by the frame relay network.
# Timed Lost Rx Frame
Not currently supported.
Workgroup Remote Access Switch
573
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
# No Control Block
Not currently supported.
# NEW & Existing PVC
The number of times a NEW PVC was indicated by a LMI STATUS message—but the frame relay
software believed the PVC already existed.
# PVC Not Configured
The number of times a frame was received containing an unknown DLCI value, and hence, an
unconfigured PVC.
# No NEW Bit
Not currently supported.
# Not Full ENQUIRY
The number of times a STATUSmessage was received containing a LINK INTEGRITY
VERIFICATION ONLYreport type, when in fact a FULL REPORT was expected.
# Errored Full ENQUIRY
The number of times an errored STATUSmessage was received of type FULL REPORT.
# Delete Absent PVC
Not currently supported.
# Errored LMI Header
The number of LMI frames received in which the LMI encapsulation header was errored.
PVC RELATED STATISTICS
PVC State
The condition of the Frame Relay Permanent Virtual Circuit. Possible values are: TERMINATED,
INIT, NOT READY,and NETWORK OUTAGE. The definitions for the possible values are as follows:
TERMINATED
The PVC state entered when the PVC has been dynamically removed.
INIT
The PVC state entered when the PVC is ready for use.
NOT READY
The PVC state entered when the PVC has been marked unavailable by the network via a
STATUS message, an alarm condition, or failure of the LMI link.
NETWORK OUTAGE
The PVC state entered when the PVC has been marked unavailable. This follows the
receipt of a CLLM message indicating a network failure has occurred.
# PVC activations
The number of times the PVC has been marked available for use, or “up”.
# PVC deactivations
The number of times the PVC has been marked unavailable for use, or “down”.
574
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
LAN Statistics
# Frames received
The total number of frames received on the PVC.
# Bytes received
The total number of bytes received on the PVC.
# Frames sent
The total number of frames sent on the PVC.
# Bytes sent
The total number of bytes sent on the PVC.
# Flow Control Events
The number of times the PVC was congested due to busy transmit hardware.
# No registered device
The number of times a frame is received on a PVC which is configured, but not associated with any
Frame Relay Service Device.
Current receive rate
The currently enforced receive data rate, taking into account congestion.
Current transmit rate
The currently enforced transmit data rate, taking into account congestion.
LAN STATISTICS
You can access LAN statistics by issuing the lan statsconsole command.
pkts rcvd
The total number of packets received on the LAN port.
rcv overruns
The number of frames known to be lost because the local system bus was not available. If the traffic
problem persists for more than one frame, the frames that follow the first are also lost; however,
because there is no lost frame indicator they are not counted.
crc errors
The number of aligned frames discarded because of a CRC error.
align errors
The number of frames that are both misaligned and contain a CRC error.
resource errors
The number of good frames discarded because there were no resources available.
pkts xmit
The number of packets transmitted on the LAN port.
xmit errors
The number of packets transmitted with errors on the LAN port.
Workgroup Remote Access Switch
575
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IP STATISTICS
You can access IP statistics by using the ip stats console command. These statistics are parts of
the IP Group and the ICMP Group MIB variables that are defined in RFC-1213:MIB-II.
IP GROUP STATISTICS
ipForwarding
The indication of whether the system is acting as an IP gateway in respect to the forwarding of
datagrams received by, but not addressed to, this CyberSWITCH. IP gateways forward datagrams,
IP hosts do not (except those source-routed via the host).
ipDefaultTTL
The default value inserted into the Time-To-Live field of the IP header of datagrams originated at
this system, whenever a TTL value is not supplied by the transport layer protocol.
ipInReceives
The total number of input datagrams received from interfaces, including those received in error.
ipInHdrErrors
The number of input datagrams discarded due to errors in their IP headers. Possible errors include
bad checksums, version number mismatches, other format errors, time-to-live exceeded, errors
discovered in processing their IP options, etc.
ipInAddrErrors
The number of input datagrams discarded because the IP address in their IP header’s destination
field was not a valid address to be received at this system. This count includes invalid addresses
(e.g., 0.0.0.0) and addresses of unsupported Classes (e.g., Class E). For systems that are not IP
Gateways, and therefore do not forward datagrams, this counter includes datagrams discarded
because the destination address was not a local address.
ipForwDatagrams
The number of input datagrams for which this system was not their final IP destination, as a result
of which an attempt was made to find a route to forward them to that final destination. In systems
that do not act as IP Gateways, this counter will include only those packets that were Source-
Routed via this system, and the Source-Route option processing was successful.
ipInUnknownProtos
The number of locally addressed datagrams received successfully but discarded because of an
unknown or unsupported protocol.
ipInDiscards
The number of input IP datagrams for which no problems were encountered that would prevent
their continued processing, but which were discarded (e.g., for lack of buffer space). Note that this
counter does not include any datagrams discarded while awaiting re-assembly.
ipInDelivers
The total number of input datagrams successfully delivered to IP device-protocols (including
ICMP).
576
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
IP Statistics
ipOutRequests
The total number of IP datagrams which local IP device-protocols (including ICMP) supplied to IP
in requests for transmission.
ipOutDiscards
The number of output IP datagrams for which no problem was encountered that would prevent
their transmission to their destination, but which were discarded (e.g., for lack of buffer space).
Note that this counter would include datagrams counted in ipForwDatagrams if any such packets
met this (discretionary) discard criterion.
ipOutNoRoutes
The number of IP datagrams discarded because no route could be found to transmit them to their
destination. Note that this counter includes any packets counted in ipForwDatagrams that meet
this “no-route” criterion. Note that this includes any datagrams that a host cannot route because all
of its default gateways are down.
ipReasmTimeout
The maximum number of seconds that received fragments are held while they are awaiting
reassembly at this system.
ipReasmReqds
The number of IP fragments received which needed to be reassembled at this system.
ipReasmOKs
The number of IP datagrams successfully reassembled.
ipReasmFails
The number of failures detected by the IP reassembly algorithm (for whatever reason: timed out,
errors, etc.). Note that this is not necessarily a count of discarded IP fragments since some
algorithms (notably the algorithm in RFC 815) can lose track of the number of fragments by
combining them as they are received.
ipFragOKs
The number of IP datagrams that have been successfully fragmented at this system.
ipFragFails
The number of IP datagrams that have been discarded because they needed to be fragmented at
this system but could not be, for example, because their “Don't Fragment” flag was set.
ipFragCreates
The number of IP datagram fragments that have been generated as a result of fragmentation at this
system.
ICMP GROUP STATISTICS
icmpInMsgs
The total number of ICMP messages that the system received. Note that this counter includes all
those counted by icmpInErrors.
icmpInErrors
The number of ICMP messages that the system received but determined as having ICMP-specific
errors (bad ICMP checksums, bad length, etc.).
Workgroup Remote Access Switch
577
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
icmpInDestUnreachs
The number of ICMP Destination Unreachable messages received.
icmpInTimeExcds
The number of ICMP Time Exceeded messages received.
icmpInParmProbs
The number of ICMP Parameter Problem messages received.
icmpInSrcQuenchs
The number of ICMP Source Quench messages received.
icmpInRedirects
The number of ICMP Redirect messages received.
icmpInEchos
The number of ICMP Echo (request) messages received.
icmpInEchoReps
The number of ICMP Echo Reply messages received.
icmpInTimestamps
The number of ICMP Timestamp (request) messages received.
icmpInTimestampReps
The number of ICMP Timestamp Reply messages received.
icmpInAddrMasks
The number of ICMP Address Mask Request messages received.
icmpInAddrMaskReps
The number of ICMP Address Mask Reply messages received.
icmpOutMsgs
The total number of ICMP messages that this system attempted to send. Note that this counter
includes all those counted by icmpOutErrors.
icmpOutErrors
The number of ICMP messages that this system did not send due to problems discovered within
ICMP, such as a lack of buffers. This value should not include errors discovered outside the ICMP
layer such as the inability of IP to route the resultant datagram. In some implementations there may
be no error types that contribute to this counter’s value.
icmpOutDestUnreachs
The number of ICMP Destination Unreachable messages sent.
icmpOutTimeExcds
The number of ICMP Time Exceeded messages sent.
icmpOutParmProbs
The number of ICMP Parameter Problem messages sent.
578
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
IPX Statistics
icmpOutSrcQuenchs
The number of ICMP Source Quench messages sent.
icmpOutRedirects
The number of ICMP Redirect messages sent. For a host, this will always be zero, since hosts do not
send redirects.
icmpOutEchos
The number of ICMP Echo (request) messages sent.
icmpOutEchoReps
The number of ICMP Echo Reply messages sent.
icmpOutTimestamps
The number of ICMP Timestamp (request) messages sent.
icmpOutTimestampReps
The number of ICMP Timestamp Reply messages sent.
icmpOutAddrMasks
The number of ICMP Address Mask Request messages sent.
icmpOutAddrMaskReps
The number of ICMP Address Mask Reply messages sent.
IPX STATISTICS
You can access the following types of IPX statistics: general, RIP and triggered RIP, SAP and
triggered SAP and IPX spoofing. The sections below provide information for each category.
IPX GENERAL STATISTICS
You can access IPX general statistics by using the ipx statsconsole command. IPX general
statistics include basic and advanced system table statistics.
IPX BASIC SYSTEM TABLE STATISTICS
ipxBasicSysExistState
The validity of this entry in the IPX system table. Setting this field to off indicates that this entry
may be deleted from the system table at the IPX implementation’s discretion.
ipxBasicSysNetNumber
The network number portion of the IPX address of this system.
ipxBasicSysName
The readable name for this system.
ipxBasicSysInReceives
The total number of IPX packets received, including those received in error.
Workgroup Remote Access Switch
579
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
ipxBasicSysInHdrErrors
The number of IPX packets discarded due to errors in their headers, including any IPX packet with
a size less than the minimum of 30 bytes.
ipxBasicSysInUnknownSockets
The number of IPX packets discarded because the destination socket was not open.
ipxBasicSysInDiscards
The number of IPX packets received but discarded due to reasons other than those accounted for
by ipxBasicSysInHdrErrors, ipxBasicSysInUnknownSockets, ipxAdvSysInDiscards, and
ipxAdvSysInCompressDiscards.
ipxBasicSysInBadChecksums
The number of IPX packets received with incorrect checksums.
ipxBasicSysInDelivers
The total number of IPX packets delivered locally including packets from local applications.
ipxBasicSysNoRoutes
The number of times no route to a destination was found.
ipxBasicSysOutRequests
The number of IPX packets supplied locally for transmission, not including any packets counted in
ipxAdvForwPackets.
ipxBasicSysOutMalformedRequests
The number of IPX packets supplied locally that contained errors in their structure.
ipxBasicSysOutDiscards
The number of outgoing IPX packets discarded due to reasons other than those accounted for in
ipxBasicSysOutMalformedRequests, ipxAdvSysOutFiltered and
ipxAdvSysOutCompressDiscards.
ipxBasicSysOutPackets
The total number of IPX packets transmitted.
ipxBasicSysConfigSockets
The configured maximum number of IPX sockets that may be open at one time.
ipxBasicSysOpenSocketFails
The number of IPX socket open calls which failed.
IPX ADVANCED SYSTEM TABLE STATISTICS
ipxAdvSysMaxPathSplits
The maximum number of paths with equal routing metric value which this instance of the IPX may
split between when forwarding packets.
ipxAdvSysMaxHops
The maximum number of hops a packet may take.
580
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
IPX Statistics
ipxAdvSysInTooManyHops
The number of IPX packets discarded due to exceeding the maximum hop count.
ipxAdvSysInFiltered
The number of incoming IPX packets discarded due to filtering.
ipxAdvSysInCompressDiscards
The number of incoming IPX packets discarded due to decompression errors.
ipxAdvSysNETBIOSPackets
The number of NETBIOS packets received.
ipxAdvSysForwPackets
The number of IPX packets forwarded.
ipxAdvSysOutFiltered
The number of outgoing IPX packets discarded due to filtering.
ipxAdvSysOutCompressDiscards
The number of outgoing IPX packets discarded due to compression errors.
ipxAdvSysCircCount
The number of circuits known to this instance of IPX.
ipxAdvSysDestCount
The number of currently reachable destinations known to this instance of IPX.
ipxAdvSysServCount
The number of services known to this instance of IPX.
IPX RIP STATISTICS
You can access IPX RIP statistics by using the ipx rip statsconsole command.
ripInstance
With the CyberSWITCH, the value of this statistic is always 1. With other products, this statistic is
useful. Currently, it is not useful for the CyberSWITCH.
ripIncorrectPackets
The number of times incorrect RIP packets were received.
ripState
Represents the status of the IPX RIP feature: 1 = disabled, 2 = enabled.
Workgroup Remote Access Switch
581
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IPX TRIGGERED RIP STATISTICS
You can access IPX triggered RIP statistics by using the ipx trigrip statscommand.
trigRipUpdateRequestsSent
Number of triggered RIP update requests sent.
trigRipUpdateRequestsRcvd
Number of triggered RIP update requests received.
trigRipUpdateResponsesSent
Number of triggered RIP update responses sent.
trigRipUpdateResponsesRcvd
Number of triggered RIP update responses received.
trigRipUpdateAcksSent
Number of triggered RIP update acknowledgments sent.
trigRipUpdateAcksRcvd
Number of triggered RIP update acknowledgments received.
trigRipInputErrors
Number of Triggered RIP input message errors.
IPX ROUTE STATISTICS
You can access IPX Route statistics by using the ipx route statsconsole command.
Static Routes
Number of static routes configured on this router.
Rip Routes
Number of routes learned through RIP from other routers.
Internal Routes
Number of internal routes on this router. There is one for the internal network number, and two for
each IPX network interface.
Total Routes
Total number of routes. Should be equal to the sum of Static, RIP and Internal Routes.
Maximum Routes
Maximum number of routes this router is configured to handle.
Available Routes
Number of routes currently available on this router.
High Water Mark
Peak number of routes this router has used.
582
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
IPX Statistics
IPX SAP STATISTICS
You can access IPX SAP statistics by using the ipx sap statsconsole command.
sapInstance
With the CyberSWITCH, the value of this statistic is always 1. With other products, this statistic is
useful. Currently, it is not useful for the CyberSWITCH.
sapIncorrectPackets
The number of times incorrect SAP packets were received.
sapState
Represents the status of the IPX SAP feature: 1 = disabled, 2 = enabled.
IPX TRIGGERED SAP STATISTICS
You can access IPX triggered SAP statistics by using the ipx trigsap statscommand.
trigSapUpdateRequestsSent
Number of triggered SAP update requests sent.
trigSapUpdateRequestsRcvd
Number of triggered SAP update requests received.
trigSapUpdateResponsesSent
Number of triggered SAP update responses sent.
trigSapUpdateResponsesRcvd
Number of triggered SAP update responses received.
trigSapUpdateAcksSent
Number of triggered SAP update acknowledgments sent.
trigSapUpdateAcksRcvd
Number of triggered SAP update acknowledgments received.
trigSapInputErrors
Number of Triggered SAP input message errors.
IPX SERVICE STATISTICS
You can access IPX Service statistics by using the ipx service statsconsole command.
Static Services
Number of static services configured on this router.
Sap Services
Number of services learned through SAP from other routers.
Total Services
Total number of services. Should be equal to the sum of Static and SAP services.
Workgroup Remote Access Switch
583
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Maximum Services
Maximum number of services this router is configured to handle.
Available Services
Number of services currently available on this router.
High Water Mark
Peak number of services this router has used.
RIP STATISTICS
You can access RIP statistics by using the ip rip statsconsole command. Global RIP statistics
and statistics for each configured RIP interface are included.
RIP GLOBAL STATISTICS
GlobalRouteChanges
The number of route changes made to the IP route database by RIP. This does not include the
refresh of a route’s age.
GlobalQueries
The number of responses sent to RIP queries from other systems.
RIP INTERFACE STATISTICS
The following set of RIP interface statistics are displayed for each configured RIP interface.
IfStatAddress
The IP address of this system on the indicated RIP interface. For unnumbered interfaces, the value
0.0.0.N, where the last signification 24 bits (N) is the index for the IP interface in network byte order.
IfStatRcvBadPackets
The number of RIP response packets received by the RIP process which were subsequently
discarded for any reason. Example reasons include: a version 0 packet, or an unknown command
type.
IfStatRcvBadRoutes
The number of routes, in valid RIP packets, which were ignored for any reason. Example reasons
include: an unknown address family, or an invalid metric.
IfStatRcvRequests
The number of RIP messages with ‘request’ command code received on this interface.
IfStatRcvResponses
The number of RIP messages with ‘response’ command code received on this interface.
IfStatSentRequests
The number of RIP messages with ‘request’ command code sent on this interface.
584
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
SNMP Statistics
IfStatSentResponses
The number of RIP messages with ‘response’ command code sent on this interface.
IfStatSentUpdates
The number of triggered RIP updates actually sent on this interface. This explicitly does NOT
include full updates sent containing new information.
SNMP STATISTICS
If the SNMP Agent is enabled, you can access SNMP statistics by using the snmp stats
command. Each of the following statistics are counters that refer to an MIB-2 SNMP group object.
snmpInPkts
The total number of messages delivered to the SNMP Agent from the transport service.
snmpOutPkts
The total number of SNMP messages that were passed from the SNMP Agent to the transport
service.
snmpInBadVersions
The total number of SNMP messages that were delivered to the SNMP Agent and were for an
unsupported SNMP version.
snmpInBadCommunityNames
The total number of SNMP messages delivered to the SNMP Agent that used an SNMP community
name not known to said system.
snmpInBadCommunityUses
The total number of SNMP messages delivered to the SNMP Agent that represented an SNMP
operation that was not allowed by the SNMP community named in the message.
snmpInASNParseErrs
The total number of ASN.1 or BER errors encountered by the SNMP Agent when decoding received
SNMP messages.
snmpInTooBigs
The total number of SNMP PDUs that were delivered to the SNMP Agent and for which the value
of the error-status field is “tooBig”.
snmpInNoSuchNames
The total number of SNMP PDUs that were delivered to the SNMP Agent and for which the value
of the error-status field is “noSuchName”.
snmpInBadValues
The total number of SNMP PDUs that were delivered to the SNMP Agent and for which the value
of the error-status field is “badValue”.
Workgroup Remote Access Switch
585
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
snmpInReadOnlys
The total number of valid SNMP PDUs that were delivered to the SNMP Agent and for which the
value of the error-status field is “readOnly”. It should be noted that it is a protocol error to generate
an SNMP PDU that contains the value “readOnly” in the error-status field, as such this object is
provided as a means of detecting incorrect implementations of the SNMP.
snmpInGenErrs
The total number of SNMP PDUs that were delivered to the SNMP Agent and for which the value
of the error-status field is “genErr”.
snmpInTotalReqVars
The total number of MIB objects that have been retrieved successfully by the SNMP Agent as the
result of receiving valid SNMP Get-Request and Get-Next PDUs.
snmpInTotalSetVars
The total number of MIB objects that have been altered successfully by the SNMP Agent as the
result of receiving valid SNMP Set-Request PDUs.
snmpInGetRequests
The total number of SNMP Get-Request PDUs that have been accepted and processed by the SNMP
Agent.
snmpInGetNexts
The total number of SNMP Get-Next PDUs that have been accepted and processed by the SNMP
Agent.
snmpInSetRequests
The total number of SNMP Set-Request PDUs that have been accepted and processed by the SNMP
Agent.
snmpInGetResponses
The total number of SNMP Get-Response PDUs that have been accepted and processed by the
SNMP Agent.
snmpInTraps
The total number of SNMP Trap PDUs that have been accepted and processed by the SNMP Agent.
snmpOutTooBigs
The total number of SNMP PDUs that were generated by the SNMP Agent and for which the value
of the error-status field is “tooBig”.
snmpOutNoSuchNames
The total number of SNMP PDUs that were generated by the SNMP Agent and for which the value
of the error-status is “noSuchName”.
snmpOutBadValues
The total number of SNMP PDUs that were generated by the SNMP Agent and for which the value
of the error-status field is “badValue”.
snmpOutGenErrs
The total number of SNMP PDUs that were generated by the SNMP Agent and for which the value
of the error-status field is “genErr”.
586
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
TCP Statistics
snmpOutGetRequests
The total number of SNMP Get-Request PDUs that have been generated by the SNMP Agent.
snmpOutGetNexts
The total number of SNMP Get-Next PDUs that have been generated by the SNMP Agent.
snmpOutSetRequests
The total number of SNMP Set-Request PDUs that have been generated by the SNMP Agent.
snmpOutGetResponses
The total number of SNMP Get-Response PDUs that have been generated by the SNMP Agent.
snmpOutTraps
The total number of SNMP Trap PDUs that have been generated by the SNMP Agent.
snmpEnableAuthenTraps
Indicates whether the SNMP agent process is permitted to generate authentication-failure traps.
The value of this object overrides any configuration information. For example, it provides a means
whereby all authentication-failure traps may be disabled.
TCP STATISTICS
You can access these statistics by issuing the tcp statsconsole command.
tcpRtoAlgorithm
The algorithm used to determine the timeout value used for retransmitting unacknowledged
octets. This value is always equal to 4 for the Van Jacobson’s algorithm.
tcpRtoMin
The minimum value permitted by a TCP implementation for the retransmission timeout, measured
in milliseconds.
tcpRtoMax
The maximum value permitted by a TCP implementation for the retransmission timeout, measured
in milliseconds.
tcpMaxConn
The limit on the total number of TCP connections the system can support.
tcpActiveOpens
The number of times TCP connections have made a direct transition to the SYN-SENT state from
the CLOSED state.
tcpPassiveOpens
The number of times TCP connections have made a direct transition to the SYN-RCVD state from
the LISTEN state.
Workgroup Remote Access Switch
587
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
tcpAttemptFails
The number of times TCP connections have made a direct transition to the CLOSED state from
either the SYN-SENT state or the SYN-RCVD state, plus the number of times TCP connections have
made a direct transition to the LISTEN state from the SYN-RCVD state.
tcpEstabResets
The number of times TCP connections have made a direct transition to the CLOSED state from
either the ESTABLISHED state or the CLOSE-WAIT state.
tcpCurrEstab
The number of TCP connections for which the current state is either ESTABLISHED or CLOSE-
WAIT. This counter is not currently kept up to date.
tcpInSegs
The total number of segments received, including those received in error. This count includes
segments received on currently established connections.
tcpOutSegs
The total number of segments sent, including those on current connections but excluding those
containing only retransmitted octets.
tcpRetransSegs
The total number of segments retransmitted (the number of tcp segments transmitted containing
one or more previously transmitted octets).
tcpInErrs
The total number of segments received in error (for example, bad TCP checksums).
tcpOutRsts
The number of TCP segments sent containing the RST flag.
TFTP STATISTICS
You can access these statistics by issuing the tftp statsconsole command.
STATISTICS FOR SERVER OR REMOTE INITIATED TFTP ACTIVITY
Successful file puts
Displays the count of the successful puts from the remote hosts.
(Remote host uploaded a file to local system.)
Successful file gets
Displays the count of the successful gets from the remote hosts.
(Remote host downloaded a file from the local system.)
Failed file puts
Displays the count of failed puts.
(Remote host failed to upload a file to the local system.)
588
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
TFTP Statistics
Failed file gets
Displays the count of failed gets.
(Remote host failed to download a file from the local system.)
Total bytes put
Displays the total number of bytes successfully put.
(Number of bytes uploaded to the local system by remote hosts.)
Total bytes get
Displays the total number of bytes successfully gotten.
(Number of bytes downloaded from the local system by remote hosts.)
STATISTICS FOR LOCAL OR CLIENT INITIATED TFTP ACTIVITY
Successful file puts
Displays the count of successful puts from the local system.
(Files uploaded from the local system to remote hosts.)
Successful file gets
Displays the count of successful gets to the local system.
(Files downloaded from remote hosts to the local system.)
Failed file puts
Displays the count of failed puts.
(Local system failed to upload a file to a remote host.)
Failed file gets
Displays the count of failed gets.
(Local system failed to download a file from a remote host.)
Total bytes put
Displays the total number of bytes successfully put.
(Number of bytes uploaded from the local system to remote hosts.)
Total bytes get
Displays the total number of bytes successfully gotten.
(Number of bytes downloaded from remote hosts to the local system.)
STATISTICS FOR ALL TFTP ACTIVITY
Read Requests Sent
Displays the total number of Read Requests sent.
Read Requests Received
Displays the total number of Read Requests received.
Write Requests Sent
Displays the total number of Write Requests sent.
Write Requests Received
Displays the total number of Write Requests received.
Workgroup Remote Access Switch
589
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Data Packets Sent
Displays the total number of Data Packets sent.
Data Packets Received
Displays the total number of Data Packets received.
Error Packets Sent
Displays the total number of Error Packets sent.
Error Packets Received
Displays the total number of Error Packets received.
ACK Packets Sent
Displays the total number of ACK Packets sent.
ACK Packets Received
Displays the total number of ACK packets received.
TFTP Sessions Opened
Displays the total number of TFTP Sessions that have been opened.
TFTP Sessions Closed
Displays the total number of TFTP Sessions that have been closed.
TFTP Sessions still open
Displays the total number of TFTP Sessions that are still open.
UDP STATISTICS
If the IP operating mode is enabled, you can access the following UDP statistics by using the udp
statscommand:
udpInDatagrams
The total number of UDP datagrams delivered to UDP devices.
udpInErrors
The number of received UDP datagrams that could not be delivered for reasons other than the lack
of an application at the destination port.
udpNoPorts
The total number of received UDP datagrams for which there was no application at the destination
port.
udpOutDatagrams
The total number of UDP datagrams sent from this system.
590
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
WAN FR_IETF Statistics
WAN FR_IETF STATISTICS
You can access FR_IETF statistics by issuing the wan fr-ietf stats [device/
fr_accessname_dlci] [prot] console command.
Protocol
The line protocol of the packets transmitted or received.
Frames Sent
The number of frames sent for the indicated protocol.
Octets Sent
The number of octets sent for the indicated protocol.
Send Errors
The number of transmission errors for the indicated protocol.
Frames Received
The number of frames received for the indicated protocol.
Octets Received
The number of octets received for the indicated protocol.
Receive Errors
The number of errored frames received for the indicated protocol.
WAN L1P STATISTICS
You can access WAN L1P statistics by issuing the wan l1p stats display
<slot #> console command. These statistics are divided into the following groups of statistics:
PRI S/ T (T1/ E1) interface statistics, error statistics, and layer 1 general statistics. These groups are
defined below.
PRI S/T (T1/E1) INTERFACE STATISTICS
Layer 1 Up
The number of times layer 1 has reported itself up to the upper ISDN layers.
Layer 1 Down
The number of times layer 1 has reported itself down to the upper ISDN layers.
L1 Deactivates
The number of times the upper ISDN layers requested layer 1 to deactivate.
Loss of Frame (RED)
The number of times layer 1 has detected a qualified loss of frame condition; excluding AIS (alarm
indication signal).
Loss of Signal (RED)
The number of times layer 1 has detected an all zero signal (or complete lack of signal).
Workgroup Remote Access Switch
591
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
AIS (Blue)
The number of times layer 1 has detected a qualified unframed all ones signal.
RAI (Yellow)
The number of times layer 1 has detected a qualified RAI (remote alarm indication) signal.
LAYER 1 PRI ERROR STATISTICS
Note: Layer 1 PRI error statistics apply to the line connected to the indicated slot.
Bipolar Violations
The number or times there has been either a mismatch between encoding types (B8ZS not selected)
or line noise.
ESF CRC Errors
The number of Cyclic Redundancy Check (CRC) errors in the PRI framing format (ESF framing
only).
Framing Bit Errors
The number of errors in the framing bits of the PRI layer 1 framing format.
Recv Negative Slips
The Number of PRI frames lost due to timing problems in the negative direction.
Global Parity Errors
The number of parity errors seen across all transmit and receive channels.
Recv Positive Slips
The number of PRI frames lost due to timing problems in the positive direction.
Recv Parity Errors
The number of receive parity errors.
Xmit Slips
The number of times an error has occurred in the host clock system. If the wander of the transmit
route clock is too great, data transmission errors will occur.
Xmit Parity Errors
The number of transmit parity errors.
LAYER 1 GENERAL STATISTICS
Note: Layer 1 general statistics apply to the indicated slot.
Interrupts
The number of hardware interrupts received from the layer 1 hardware device.
Forced Resynchs
The number of times layer 1 has attempted to manually synchronize to the incoming signal.
592
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
WAN Statistics
Unknown Events
If this counter is ever non-zero, call Customer Support Personnel.
Unused Events
If this counter is ever non-zero, call Customer Support Personnel.
Unknown Mail
If this counter is ever non-zero, call Customer Support Personnel.
Wrong State
If this counter is ever non-zero, call Customer Support Personnel.
WAN STATISTICS
You can access WAN statistics by issuing the wan statsconsole command.
data link up
A counter that is incremented every time a data link comes up.
data link down
A counter that is incremented each time a data link goes down.
switched call initiated
A counter that is incremented for each attempt to make a switched call.
switched call completed
A counter that is incremented each time a switched call successfully completes and passes
identification.
switched call retry
A counter that is incremented for each retry of an original switched call attempt.
switched call not possible
A counter that is incremented each time a switched call needs to be made to a site and it is not
possible.
connection request failure
A counter that is incremented each time a connection is requested and no response has been
received after a connection request failure period of time.
rcv fail
A counter that is incremented each time an incoming connection is accepted and no response has
been received after a connection receive failure period of time.
wan board recover
A counter that is incremented each time a WAN board is restarted after it originally comes up.
call minutes (day)
The total call minutes that have been logged for the day.
Workgroup Remote Access Switch
593
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
call minutes (month)
The total call minutes that have been logged for the month.
calls (day)
The total number of calls that have been made for the day.
calls (month)
The total number of calls that have been made for the month.
X.25 STATISTICS
There are two sets of statistics available related to an X.25 access: statistics for the access itself, and
statistics for specific Virtual Circuits (VCs) used by the X.25 access.
X.25 ACCESS RELATED STATISTICS
You can access these statistics by issuing the x25 statsconsole command. The statistics
displayed will be associated with the currently selected Access and LCN.
Local Address
The X.121 address of the local DTE.
Subnet ID
The subnet Id of the local DTE.
# Max Connections
The maximum number of active VCs allowed at any time.
# Active Conn
The number of currently active VCs.
# Max Conn Active
The maximum number of VCs that can be active at any time.
# Conn Failed
The number of VCs that have failed.
# Normal Disconnect
The number of SVC connections that terminated normally.
# Abnrml Disconnect
The number of VC connections that terminated due to LAPB problems.
# Packets Sent count
The number of X.25 data packets sent.
# Packets Received
The number of X.25 data packets received.
# Resets Sent count
The number of resets sent.
594
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM STATISTICS
X.25 Statistics
# Resets Received
The number of resets received.
# RR Sent count
The number of receive ready packets sent.
# RR Received
The number of receive ready packets received.
# RNR Sent count
The number of receive not ready packets sent.
# RNR Received
The number of receive not ready packets received.
# REJ Sent count
The number of remote connection requests that have been rejected.
# REJ Received
The number of locally generated connection requests that have been rejected.
# Restarts Sent
The number of times the X.25 network has been restarted by the local DTE.
# Restarts Received
The number of times the X.25 network has been restarted by a remote DTE or the network.
# Diag Pkt Sent
The number of diagnostic packets sent.
# Diag Pkt Received
The number of diagnostic packets received.
# Bytes Sent count
The total number of data bytes sent.
# Bytes Received
The total number of data bytes received.
X.25 VIRTUAL CIRCUIT (VC) RELATED STATISTICS
You can access these statistics by issuing the x25 vc statsconsole command. The statistics
displayed will be associated with the currently selected default VC.
Access Name
The name of the access on which this VC resides.
LCN index
The index assigned to the VC LCN.
Workgroup Remote Access Switch
595
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Permanent Virtual Circuit or Switched Virtual Circuit
Identifies the type of VC in use.
Local Address
The local DTE X.121 address.
Remote Address
The remote DTE X.121 address.
# Packets Sent count
The number of X.25 data packets sent.
# Packets Received
The number of X.25 data packets received.
# Resets Sent count
The number of times the local DTE reset the VC.
# Resets Received
The number of times the network or remote DTE reset the VC.
# RR Sent count
The number of receive ready packets sent.
# RR Received
The number of receive ready packets received.
# RNR Sent count
The number of receive not ready packets sent.
# RNR Received
The number of receive not ready packets received.
# Bytes Sent Count
The total number of data bytes sent since the last reset or restart.
# Bytes Received
The total number of bytes received since the last reset or restart.
596
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
ROUTINE MAINTENANCE
OVERVIEW
The information in this chapter provides instructions for performing routing maintenance on the
CyberSWITCH. The information falls into the following categories:
INSTALLING/UPGRADING SYSTEM SOFTWARE
System software is delivered on a CD. For details regarding your specific software version, view
the System Release Notes by issuing the list rel_notes.txt command. For installation and/
EXECUTING CONFIGURATION CHANGES
There is a configuration utility, CFGEDIT, and a dynamic management mechanism, Manage Mode,
which may be used together to execute configuration changes. The following sections briefly
describe these tools. For a detailed explanation of the configuration process, refer to Configuration
Tools. For information on configuration elements, refer to the configuration chapters of this guide.
CONFIGURATION FILES
The system maintains configuration information in four separate configuration files, which are
located in the system’s \config directory. These files are:
•
•
•
•
•
•
network.nei
node.nei
devdb.nei
lan.nei
ip.nei
platform.nei
MAKING CHANGES USING CFGEDIT
If you need to make changes to the system’s configuration, you can change the configuration files
using the run-time configuration utility, CFGEDIT. To begin, you must have an active
administration session up. Then, enter the following command at the system prompt:
cfgedit
As long as there is no other “change” session active (CFGEDIT or Manage Mode), you will have
access to the configuration editor. Make the required configuration changes. Note that these
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
changes are NOT dynamic. The changes are saved in a temporary copy of configuration data, and
will not affect the current run-time operation of the system in any way.
To terminate the session, return to the main CFGEDIT menu. Select the save changes option. Then
press <RET> to exit.
Note: This “save” process also includes all unsaved Manage Mode changes which were made
prior to the CFGEDIT session, if any.
At your earliest possible convenience, reboot the system. This will then activate the new
configuration data. It is also wise to make a copy of the new configuration files, as described earlier.
MAKING CHANGES USING MANAGE MODE
In addition to CFGEDIT, you may use the Dynamic Management feature to make certain changes
to configuration. The Manage Mode consists of a series of console commands that enable you to
display current system parameters, change many parameters dynamically, and write changes to
disk files so that they remain permanent.
To access Dynamic Management commands, enter the Manage Mode by typing the following
command at the system prompt:
>manage
Once Manage Mode is active, the prompt changes from “>“to “MANAGE>“. While operating in
this mode, only Dynamic Management commands are available. All other system commands are
ignored until you exit Manage Mode and return to the normal system command mode. To return
to the system command mode, issue the following command:
MANAGE> exit
Available Manage Mode commands are dispersed throughout the configuration chapters. Refer to
CONFIGURATION BACKUP AND RESTORE
After making configuration changes, back up the new configuration, either to diskette or network
management station. To accomplish this, use TFTP to copy the configuration data (\ system\ *.nei)
chapter.
To restore a configuration, use TFTP to transfer the configuration files back to the system. Then
restart the system for the new configuration to take effect.
OBTAINING SYSTEM CUSTOM INFORMATION
If diskettes are included with your system, the labels affixed to the System Diskettes specify
customized information for that copy of the system software, which may include: Version, Serial
Number, Variant, Release and Options. Once this software is installed on the system, it is possible
to obtain this information from the Administration Console when the system is running by issuing
the vercommand at the system prompt. The customized information for the system software will
then be displayed.
598
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
APPENDICES
The User’s Guide includes the following appendices:
We have designed a set of worksheets you can fill out before you begin your CyberSWITCH
configuration. Once filled out, they will contain information you will need for the configuration
process.
A CFGEDIT map you can use as an aid when configuring your system. As you proceed through
the configuration process, this map can help you understand where you are in the CFGEDIT
structure.
Includes a System Problem Report you can use to inform us of any difficulties you have with
our products.
A table that lists all system administration commands (including both Administrative and
Guest commands).
A table that lists all of manage mode commands (used for dynamic management).
A table that provides Q.931 cause codes and their corresponding meanings. Cause codes may
appear in Call Trace Messages.
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM WORKSHEETS
The worksheets included in this appendix will be helpful in configuring and managing your
system. They capture important network information. To see examples of completed worksheets,
refer to the Example Networks Guide.
Worksheets included in this appendix are:
•
•
•
•
•
The Users or Remote Sites in your network.
The telephone numbers associated with the Users or Remote Sites in your network.
IP/ IPX/ AppleTalk information related to the Users or Remote Sites in your network.
Bridge addresses related to the Users or Remote Sites in your network.
Password information related to the Users or Remote Sites in your network.
CyberSWITCH in your network:
•
•
The resource details for each adapter in your CyberSWITCH. Note the switch type.
Details on each ISDN line attached to your CyberSWITCH. If a line has more than one
SPID, use an extra worksheet line to record that SPID and its associated directory number.
Details on any configured accesses.
•
worksheet for each of your network’s remote devices.
(from the Network Topology Worksheet) to ease the configuration process.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
SYSTEM DETAILS
System Name: _____________________ PAP Password:_______________ CHAP Secret:___________________
RESOURCES
Type
Slot
Switch type
Synchronization type
LINES
BRI Lines
Name
Slot
Port
Line type
Call screen
TEI
SPID
Directory number
PRI Lines
Name
Slot
Port
Framing type
Line coding
Sig. method
Line build-out
602
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM WORKSHEETS
System Details
ACCESSES
Dedicated Accesses
Over ISDN:
Line name
Data rate
Bearer
channels
Line
protocol
Device tied to this
access
❒ 56 Kbps ❒ 64 Kbps
❒ 56 Kbps ❒ 64 Kbps
❒56 Kbps ❒ 64 Kbps
❒ 56 Kbps ❒ 64 Kbps
Over Serial connection:
Line name
Clocking
Data rate
Line
protocol
Device tied to this
access
❒ Internal ❒ External
❒ Internal ❒ External
❒ Internal ❒ External
❒ Internal ❒ External
X.25 Accesses
Over ISDN:
Line name
Access name
X.121 address
of local DTE
Data rate
Bearer
channels
Virtual circuits
(PVCs)
Over serial connection:
Line name
Access name
X.121 address
of local DTE
Clocking
❒ Internal ❒External
Data
rate
Virtual circuits
(PVCs)
Frame Relay Accesses
Over ISDN:
Line name
Access name
Data rate
Bearer
channels
DLCI
DLCI
PVC name
PVC name
CIR
CIR
EIR
EIR
❒ 56 Kbps ❒ 64 Kbps
Over serial connection:
Line name Access name
Clocking
Data rate
❒ Internal ❒ External
Workgroup Remote Access Switch
603
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
DEVICE INFORMATION
Device Name: _____________________________
Calling (ISDN, FR, etc.) Information
X.25 Information
Line Protocol
PVC
Base Data Rate
Initial Data Rate
Max Data Rate
SVC
Dial-Out Number(s)
Authentication Information:
Frame Relay Information
PAP Password
DLCI
CHAP Secret
IP Host ID
Bridge Ethernet Address*
Bridge Password*
CLID(s)
* HDLC Bridge only
Protocol for this particular device?
Bridge
IP
Bridging enabled?
❒ enabled ❒ disabled
❒ enabled ❒ disabled
IP enabled?
❒ enabled ❒ disabled
Make calls
IP Address
for bridged data?
(on WAN link)
For IP RLAN, IP (Sub-)
network number
❒ 0.0.0.0 if
unnumbered link
For IPX RLAN, external
network number
Make calls for IP data?
❒ enabled ❒ disabled
IP input filter?
IP output filter?
IPX
AppleTalk
IPX enabled?
❒ enabled ❒ disabled
❒ enabled ❒ disabled
❒ enabled ❒ disabled
AppleTalk enabled?
❒ enabled ❒ disabled
❒ enabled ❒ disabled
Callable by IPX?
IPXWAN protocol?
AppleTalk Address
Make calls for
AT data?
IPX routing protocol?
IPX spoofing?
❒ none
❒ RIP/SAP
❒ triggered RIP/SAP
AT Routing Protocol
604
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM WORKSHEETS
Bridging and Routing Information
BRIDGING AND ROUTING INFORMATION
BRIDGING
Bridging
❒ enabled
❒ disabled
Mode of Operation
Bridge Filters
❒ restricted
❒ unrestricted
Bridge Dial Out/
Known Connect List
IP ROUTING
IP Routing
❒ enabled
❒ router
❒ disabled
❒ IP host
Mode of Operation
Network Interface Information
LAN
Name
IP address
Mask
Unnumbered WAN
❒ need
❒ don’t need
Input filters
Output filters
Name
Remote LAN
IP address
Mask
Input filters
Output filters
Name
Traditional WAN
Direct Host WAN
IP Host Mode
IP address
Mask
Input filters
Output filters
Name
IP address
Mask
Input filters
Output filters
IP address
Mask
Input filters
Output filters
Workgroup Remote Access Switch
605
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
IP ROUTING, CONTINUED
Static Routes
Destination network address
Mask
Next hop
❒ default?
❒ default?
❒ default?
❒ default?
IPX ROUTING
Routing Information
IPX routing
❒ enabled
❒ disabled
Internal network number
Network Interface Information
LAN
Name
External network number
Name
Remote LAN
External network number
Static Routes
Destination network number
Next hop
❒ Int. ❒ Ext.
❒ Int. ❒ Ext.
❒ Int. ❒ Ext.
❒ Int. ❒ Ext.
❒ Int. ❒ Ext.
❒ Int. ❒ Ext.
NetWare Static Services
Service name
Type
Internal network number
Node
number
Socket
number
606
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
SYSTEM WORKSHEETS
Bridging and Routing Information
APPLETALK ROUTING
AppleTalk Routing/Port Information
AppleTalk routing
LAN
❒ enabled
❒ disabled
Name
Port number
Network type
❒ extended
❒ nonextended
Netwk range/
number
AppleTalk
address
Zone name(s)
Name
WAN
Network type
❒ extended
❒ extended
❒ extended
❒ nonextended
❒ nonextended
❒ nonextended
Netwk range/
number
AppleTalk
address
Zone name(s)
Unnumbered WAN
❒ need
❒ don’t need
MAC Dial In WAN
Network type
❒ extended
❒ extended
❒ extended
❒ nonextended
❒ nonextended
❒ nonextended
Netwk range/
number
AppleTalk
address
Zone name(s)
Name
WAN (Remote LAN)
Network type
❒ extended
❒ extended
❒ extended
❒ nonextended
❒ nonextended
❒ nonextended
Netwk range/
number
AppleTalk
address
Zone name(s)
AppleTalk Port Static Routes
Network type
to be
accessed
Destination
network
range
Next hop
address
Next hop
name
Number
hops
Zone
name(s)
❒ extended
❒ nonextended
❒ extended
❒ nonextended
Workgroup Remote Access Switch
607
Download from Www.Somanuals.com. All Manuals Search And Download.
CFGEDIT MAP
OVERVIEW
The following pages provide an outline of the CyberSWITCH CFGEDIT configuration utility. As
you configure your system, you may find it helpful to use this outline as a map to help you navigate
through CFGEDIT.
MAIN MENU
Note: All options listed may not be available on your particular system. The availability of these
options depends upon the platform and software you have ordered, as well as your
configuration choices.
Physical Resources
•
•
•
•
Resources
Lines
Accesses
ISDN SubAddress
Options
•
•
•
•
•
•
•
•
•
•
•
Bridging
IP Routing
IPX
AppleTalk Routing
SNMP
PPP
Call Control
Default Line Protocol
Log Options
Compression
FR DBU
Security
•
•
•
•
•
•
Security Level
System Options and Information
Device Level Databases
User Level Databases (Enable/ Disable)
Off-node Server Information
Network Login Information
Download from Www.Somanuals.com. All Manuals Search And Download.
CFGEDIT MAP
Physical Resources Menu
PHYSICAL RESOURCES MENU
RESOURCES
•
Basic Rate
switch type
T1/ E1/ PRI
switch type
synchronization
DES, FEAL
•
•
DATA LINES
•
•
Name/ Slot/ Port/ Framing/ Line coding/ Signalling/ Line build out
Datalinks
PPP: TEI negotiation
PMP: Call Screen Method
name
subaddress
telephone number
ACCESSES
•
Dedicated
Data rate
Bearers list
Line protocol
HDLC
PPP
FR DBU
Device name
X.25
•
•
Name
Data rate
X.121 address
BPS
Bearers list
LAPB info
VC
Frame Relay
Data rate
Bearers
Access info
PVCs
Workgroup Remote Access Switch
609
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
OPTIONS MENU
BRIDGING
•
•
•
Enable/ Disable
Spanning Tree
Mode of Operation
unrestricted, restricted
Bridge Filters
protocol definition
filters (source, destination, protocol, packet data)
Known Connect List
•
•
IP ROUTING
•
•
•
Enable/ Disable
IP Operating Mode (host/ router)
Interfaces
LAN
WAN
WAN (Direct Host)
WAN (RLAN)
WAN (unnumbered)
IP Host
•
•
•
•
•
•
•
Static Routes
RIP (enable/ disable)
Static ARP table
Isolated Mode (enable/ disable)
Static Route via RADIUS
IP Address Pool
IP Filters
Packet Type
Source, Destination,
Protocol
Forwarding Filters
Connection Filters
Exception Filters
Application
•
DHCP
Relay Agent
hop count
destination IP address
Proxy Client
maximum # addresses
IP addresses to prefetch
LAN port
IPX ROUTING
•
•
•
Enable/ Disable
IPX Network Number
IPX Interfaces
LAN
Remote LAN
610
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CFGEDIT MAP
Options Menu
•
•
Routing Protocols
IPX RIP, IPX SAP
number table entries
IPX Static Routes
RIP info
number of ticks, hops
next hop
destination IPX number
Netware Static Services
SAP info
•
number of hops to service
service IPX socket number
service IPX node number
service IPX network number
service type
service name
•
•
IPX Spoofing
IPX, SPX watchdog
serial packet handling
message packet handling
Type 20 Protocol
change devices
enable WAN forwarding
Isolated Mode (enable/ disable)
Triggered RIP/ SAP
WAN peer list display
RIP/ SAP timers
•
•
APPLETALK ROUTING
•
•
•
•
•
Enable/ Disable
Port information
Static Routes
Capacities
Isolated Mode
SNMP
•
•
•
Enable/ Disable
Community info
Trap info
B-channel usage
authentication failures
MIB2 group objects
•
PPP
•
•
•
•
Global options
LCP options
IPCP options
Link failure options
Workgroup Remote Access Switch
611
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
CALL CONTROL
•
•
•
•
•
•
•
•
Throughput Monitor
Call Interval
Monthly call charges
Call Restrictions
Device Profile
Bandwidth Reservation
Semipermanent Connection
VRA Manager for Call Control
enable/ disable
TCP port number
DEFAULT LINE PROTOCOL
•
•
Action Timeout
Timeout Value
LOG OPTIONS
•
•
Log Server Definitions
Call Detail Recording
COMPRESSION
•
•
•
Enable/ Disable
Default-per device
PPP STAC-L25 sequence number
FR DBU
•
•
Command/ Control DLCI
Outgoing data rate
DEFAULT ASYNC PROTOCOL
•
•
•
Action on data timeout
Use PPP protocol/ use Terminal Mode
Data timeout value
612
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CFGEDIT MAP
Security Menu
SECURITY MENU
SECURITY LEVEL
•
•
•
•
No Security
Device Level Security
User Level Security
Device and User Level Security
SYSTEM OPTIONS AND INFORMATION
•
System Options
PAP password
CHAP challenge
Bridge MAC address
IP Host ID
Calling Line ID
System Information
system name
system password
system secret
Administrative Session
Database Location
On-node
•
•
VRA Manager
RADIUS
TACACS
ACE
Inactivity time-outs
Telnet admin sessions
TCP port number
Emergency Telnet port number
DEVICE LEVEL DATABASES
•
•
On-node Device Database (Enable/ Disable)
On-node Device Entries (by name)
ISDN
line protocol
data rate
dial out numbers
subaddress
Frame Relay
X.25
SVC, PVC
Digital Modem
line protocol
baud rate
bearer capability
dial out numbers
Workgroup Remote Access Switch
613
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Authentication
PAP password
CHAP secret
outbound authentication
user level authentication
IP host ID
bridge Ethernet
calling line ID
IP information
IP address
IP enable/ disable
make calls for IP data
IPX
enable/ disable
calls for IPX data
IPXWAN
IPX routing
none
RIP/ SAP
trig RIP/ SAP
IPX spoofing
AppleTalk information
AppleTalk address
enable/ disable
make calls for AppleTalk data
AppleTalk routing protocol
Bridge information
IP (sub)network number
enable/ disable
make calls
IPX network number
spoofing
Compression
PPP STAC-L25
•
Off-node Device Database Location
None (Use On-node)
VRA Manager
RADIUS
USER LEVEL DATABASES (ENABLE/DISABLE)
•
•
•
•
VRA Manager
RADIUS Authentication Server
TACACS Authentication Server
ACE Authentication Server
614
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CFGEDIT MAP
Security Menu
OFF-NODE SERVER INFORMATION
•
VRA Manager
TCP port
•
RADIUS
Primary Server
Secondary Server
Miscellaneous info
number of retries
time between retries
•
•
TACACS
Primary Server
Secondary Server
Miscellaneous info
number of retries
time between retries
packet format
ACE
Primary Server
Secondary Server
Miscellaneous info
number of retries
time between retries
encryption method (SDI or DES)
source IP address
Load Server Configuration file
NETWORK LOGIN INFORMATION
•
•
•
•
Network login configuration (Terminal Server Security)
Network login banners
Login configuration RADIUS
Login configuration TACACS
Workgroup Remote Access Switch
615
Download from Www.Somanuals.com. All Manuals Search And Download.
GETTING ASSISTANCE
REPORTING PROBLEMS
For a fast response, please take the time to fill out the System Problem Report to inform us of any
difficulties you have with our products. A copy of this report can be found at the end of this
chapter. This report provides us with important information to diagnose and respond to your
questions. Please pay special attention to the following areas:
FAX Header
The System Problem Report has been designed as a FAX form. Please fill in all information in this
area before you FAX the report to Cabletron Systems. If you plan to mail the System Problem
Report, please fill in the company information in this section for reference information.
Software
Please fill in the following sections:
Release, Issue, and Version (From the VERsion command.)
Hardware
Select the Platform and resources that you are using.
Problem
Please fill in the following sections:
Type (Software, Hardware, Unknown.)
Occurrence (Reproducible, Intermittent, Single Occurrence.)
Original Number (This field is for your use. Enter your problem tracking number, if desired,
for future reference.)
Description (Briefly describe the problem you are experiencing.)
Description (including sequence of events):
Briefly describe the problem you are experiencing. As best you can, describe the events or
conditions that led to the problem you are experiencing.
Please send the System Problem Report form and any extra information (for example, line traces,
system reports, and configuration files) that you have.
CONTACTING CABLETRON SYSTEMS
You can call us directly at:
Phone: (603) 332-9400
FAX: (603) 337-3075 fax
or, you can send email to us at:
support@ctron.com
Download from Www.Somanuals.com. All Manuals Search And Download.
DATE: ______________
TO: CUSTOMER SERVICE
Cabletron Systems
NUMBER OF PAGES INCLUDING THIS PAGE: ______
FROM: ______________________________________
COMPANY:_______________________________________
ADDRESS: ______________________________________
______________________________________
(603) 332-9400 PHONE
(603) 337-3075 FAX
PHONE: ______________________________________
FAX:
______________________________________
_____________________________________________________________________________________________
CABLETRON SYSTEMS
SYSTEM PROBLEM REPORT
SOFTWARE
Release: __________
Issue: __________
Version: ___________
HARDWARE
Platform
Resources
__ CSX154
__ CSX155
__ CSX1000
__ CSX1200
__ CSX5500
__ CSX6000
__ CSX7000
__ 9W006-200
__ Ethernet-1
__ Ethernet-2
__ PRI-8
__ BRI-4
__ V.35
__ 9W006-400
__ 9W006-220
__ 9W007-200
__ 9W007-400
__ 9W007-220
__ RS232
__ DM8
__ PRI- 23
__ PRI- 23/ 30
__ Expander
__ BRI-1
__ DM24
__ DM24+
__ DM30
PROBLEM
Type
Occurrence
__ Hardware
__ Software
__ Unknown
__ Reproducible
__ Intermittent
__ Single Occurrence
DESCRIPTION (including sequence of events prior to problem occurrence):
CABLETRON SYSTEMS USE ONLY
Control No:
Resolution:
Priority:
Date Received:
Download from Www.Somanuals.com. All Manuals Search And Download.
ADMINISTRATIVE CONSOLE COMMANDS TABLE
The following table lists all system administration commands. Guest commands are identified in
the command column.
Command
Use
?
(GUEST) displays help screen
autobaud
atalk arp
notifies boot device to check baud rate
displays the AARP cache
atalk ping <dnet>.<dnode>
{timeout/dnnn]
pings a specified device, where:
dnet = destination network number (required)
dnode = destination node ID (required)
timeout = seconds to wait for reply (optional)
nnn = data size included in ping packet (optional)
example:
atalk ping 1.3 30 /d200
atalk port
displays AppleTalk port information
atalk port stats [clear]
atalk route
displays or clears current AppleTalk port statistics
displays AppleTalk static route information
atalk stats
displays all six groups of current AppleTalk statistics
the commands below display individual group statistics
atalk stats atp
atalk stats ddp
atalk stats echo
atalk stats nbp
atalk stats rtmp
atalk stats zip
atalk zone
displays current AppleTalk ATP statistics
displays current AppleTalk DDP statistics
displays current AppleTalk AEP statistics
displays current AppleTalk NBP statistics
displays current AppleTalk RTMP statistics
displays current AppleTalk ZIP statistics
displays AppleTalk zone information
displays current packet statistics
br stats
br stats clear
br stpbrdg
clears current packet statistics
displays Spanning Tree bridge information
displays Spanning Tree information for the specified port
br stpport <port #>
call peer
<phone number> [data rate]
calls a device at the given phone number, data rate is
optional
call device <device name>
calls the specified device
cdr stats
(GUEST)
displays call detail recording statistics
Download from Www.Somanuals.com. All Manuals Search And Download.
ADMINISTRATIVE CONSOLE COMMANDS TABLE
Command
Use
cdr stats clear
cdr verify
cfg
(GUEST)
(GUEST)
clears current call detail recording statistics
verifies call detail recording servers are configured
provides information on changes to configuration files
starts the CFGEDIT configuration utility
cfgedit
cls
(GUEST) clears administration screen
cmp stats
displays the compression connection statistics for all
active connections
cmp stats <device name>
displays the compression connection statistics for the
specified device
cmp clear <device name>
cmp clearall
clears all the compression statistics for the specified device
clears all active connection compression statistics
displays the call restriction statistics
cr stats
cs
(GUEST) displays connected device information
date <month, day, year>
del <filename>
dhcp stats
changes the date as specified
deletes specified file
displays DHCP statistics
dhcp stats clear
dir
clears DHCP statistics
displays all files in flash file system
disconnects all calls to the specified device
displays message reports
disc device <device name>
dr
(GUEST)
(GUEST)
ds
displays system statistics
er
erases current system messages in memory
erases current system statistics in memory
es
exit
(GUEST) terminates a session
flash reclaim
searches the flashfile system for files marked as deleted,
then reclaims space
flash recover
starts the remote upgrade
perform only upon recommendation of Customer
Supports
flash update
use only when you need to update parts of flash array
fr a <frame relay access “n”>
sets frame relay access index to “n” as default context for
all subsequent “fr” console commands
Workgroup Remote Access Switch
619
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Command
fr clear
Use
clears the statistics counters for the selected frame relay
access and DLCI
fr clearall
fr cong
clears all statistics for the selected frame relay access and
DLCI
displays congestion control information for the selected
frame relay access and DLCI
fr d <DLCI “m”>
sets DLCI value to “m” as default DLCI for the selected
frame relay access
fr dbg level
displays the current debug level for frame relay
sets the current debug level for frame relay
fr dbg level <level>
fr display
displays the configuration information for the selected
frame relay access
fr lmi
displays LMI link information for the selected frame relay
access
fr stats
displays statistics for the selected frame relay access and
DLCI
ip addrpool
displays the current IP address pool
displays current ARP cache table
ip arp
ip filter trace <discard> <off>
controls the tracing of packets which are discarded as a
result of IP filters
ip ping <host ip address>
ip rip interface
ip rip routes
sends an ICMP echo message to the specified host
displays IP RIP interface information
displays IP RIP routing table(s)
ip rip send
forces an IP RIP update message to be sent
displays IP RIP statistics
ip rip stats
ip route
displays the current routing table
ip route <IP address>
ip stats
displays the routing information for the indicated device
displays or resets current IP related statistics
allows you to change the system’s default IP address
ipconfig
ipx diag <host>[timeout]
sends a diag packet to the specified host to confirm
connectivity; timeout value optional
ipx ipxwan clear
clears IPXWAN stats
ipx ipxwan stats <device>
displays system-level or device-level statistics
620
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
ADMINISTRATIVE CONSOLE COMMANDS TABLE
Command
Use
ipx ping <host>
ipx rip stats
sends an ICMP echo message to the specified host
displays IPX RIP statistics
ipx route
displays the current IPX routing table
displays IPX routing table statistics
displays IPX SAP statistics
ipx route stats
ipx sap stats
ipx service
displays routes to IPX services
displays current service table statistics
displays IPX SAP statistics
ipx service stats
ipx sap stats
ipx spoof stats
ipx stats
displays IPX spoofing statistics
displays IPX statistics
ipx trigreq <device>
generates a triggered RIP/ SAP update request to the
specified device.
ipx trigrip stats
ipx trigsap stats
isdn usage
displays the triggered RIP statistics
displays the triggered SAP statistics
displays ISDN B-channel monitoring information
clears portion of ISDN B-channel monitoring information
displays current LAN packet forwarding information
clears current LAN packet forwarding information
tests for proper LAN connections
isdn usage clear
lan stats
lan stats clear
lan test
led status
allows you view snapshot of remote device’s LED
information
list [file name]
log cdr display
log cdr erase
displays the indicated file
useful for displaying Release Notes (“list rel_notes.txt”)
(GUEST)
(GUEST)
local log file only - displays the call detail recording log
report
local log file only - erases the call detail recording log
report
log cdr write
logout
(GUEST)
(GUEST)
writes the local call detail recording log to disk
terminates a session
manage
switches the system to the Manage Mode, allowing
Dynamic Management to operate
mc
(GUEST)
displays connection monitor screen
Workgroup Remote Access Switch
621
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Command
neif
Use
displays the interface table
pkt capture <connection mode>
specifies which packets will be captured by the packet
capture feature (all, reqd, pend, actv, idle, or none)
pkt mac
enables the MAC address monitor display
enables or disables the Packet Capture feature
displays captured packets
pkt [on/off]
pkt display
pkt load <filename>
pkt save <filename>
pswd
loads previously saved Packet Capture file into memory
saves captured packets to a disk file
(GUEST)
changes password for current access level
attempts a RADIUS authentication session using CHAP
radius chap
radius iphost
attempts a RADIUS authentication session using IP Host
resolution
radius ipres
attempts a RADIUS authentication session using IP
resolution
radius macres
attempts a RADIUS authentication session using MAC
resolution
radius pap
recover
attempts a RADIUS authentication session using PAP
notifies the boot device that you are attempting a
download of SSB software
restore
copies backup config files into current files
restart
restarts the system program remotely using Telnet
attempts an authentication session using ACE
attempts an authentication session using RADIUS
displays current status of user level authentication servers
logs rejection messages from the authentication server
displays the current active administration sessions
terminates the active session specified by the session id
displays current SNMP related statistics
sentry ace
sentry radius
sentry status
sentry log
session
session kill <session id>
snmp stats
sp
lists each semi-permanent device and associated status
displays system errors and system messages
displays the current TCP connection status
status
(GUEST)
tcp conns
tcp stats
displays the current system TCP statistics
622
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
ADMINISTRATIVE CONSOLE COMMANDS TABLE
Command
telnet
Use
puts you in the Telnet command mode
see telnet mode commandsfor available commands
telnet <ip-address>[port #]
begins a Telnet session for the indicated Telnet host
telnet mode commands:
close
exit
closes the current Telnet connection to a target host
closes the current Telnet session
open [target host][port #]
send [send parameter]
establishes a Telnet session with a target host
sends special Telnet control functions to the currently
connected target host
set <name><value>
status
toggle
sets operating parameters for the current Telnet session
provides information about the current Telnet session
sets operating parameters for the current Telnet session
term
displays the terminal type.
sets the terminal type
term set <terminal type>
tftp get
invokes the TFTP GET command
invokes the TFTP PUT command
displays TFTP session statistics
tftp put
tftp session
tftp session kill <session id>
terminates the active TFTP session specified by the session
id
tftp stats
(GUEST)
displays the current TFTP statistics
t i m e [ h o u r s : m i n u t e s : s e c o n d s ]
trace [on/off]
displays or changes current system time
enabled or disables call trace information reports
enables or disables the IPXWAN tracing option
trace ipxwan [on/off]
trace lapb[on/off]
enables or disables the packet tracing option for LAPB
data link information
trace ppp [on/off]
trace x25 [on/off]
enables or disables the tracing of ppp packets
enables or disables the packet tracing option for X.25
connection information
udp conns
udp stats
update
displays UDP connection status
displays UDP statistics
notifies the boot device you are attempting an upgrade
prepares SSB for download of software via XMODEM
ver
(GUEST) displays current software version and hardware resource
revision information
wan fr-ietf stats [device/
fr_accessname_dlci] [prot]
displays WAN frame relay connection information for
devices configured for the FR_IETF line protocol
Workgroup Remote Access Switch
623
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Command
Use
wan fr-ietf trace [on/off] [in/out] enables or disables the tracing for WAN FR_IETF packets
[device/fr_accessname_dlci]
[prot]
wan stats
displays current WAN connection information
writes current system messages to disk
writes current system statistics to disk
wr
ws
x25 clear
clears the statistics counters for the currently selected X.25
access
x25 clearall
clears all statistics for the currently selected X.25 access
displays the configuration information for the default X.25
x25 display [access name]
(GUEST) access or the specified access
x25 l <LCN “m”>
(GUEST) sets LCN index default value to “m”
x25p<accessname>(GUEST)
x25 stats [l <access name>]
sets X.25 access name default to the specified access name
displays statistics for the default X.25 access or for the
(GUEST) specified X.25 access
x25 vc <LCN “m”>
sets the LCN index default value to “m”, which will
specify the default virtual circuit
x25 vc active
x25 vc clear
x25 vc stats
lists all active virtual circuits
clears statistics for a virtual circuit
displays statistics for a virtual circuit
624
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
MANAGE MODE COMMANDS TABLE
The following table displays the available Dynamic Management commands:
Command
Use
ace
displays ACE off-node server configuration
allows changes to the ACE off-node server configuration
reinitializes the CyberSWITCH ACE client
ace change
ace reinit
admlogin [change]
displays [or allows you to change] the current
administrative session configuration information
displays the current enabled status of the call restriction alarm
disables/ enables the audible call restriction alarm
alarm
alarm [off/on]
bwres
displays the current state of the bandwidth reservation
feature
bwres [on/off]
callrest
allows you to enable/ disable bandwidth reservation
displays the current call restriction configuration data
disables/ enables the call restriction feature
clears the display screen
callrest [off/on]
cls
commit
writes the current system data to the configuration file
commit status
displays the Manage Mode updates made since
configuration data was last committed
datalink
displays the current data link configuration data
adds/ changes/ deletes a data link
datalink [add/change/delete]
dedacc
destfilt
displays the current dedicated access configuration data
displays the current destination address filter
configuration data
destfilt [add/change/delete]
adds/ changes/ deletes a destination address filter
displays the current on-node device table
adds/ changes/ deletes a on-node device entry
displays current DHCP configuration data
changes current DHCP data
device
device [add/change/delete]
dhcp
dhcp change
exit
exits from Manage Mode and returns to the normal
system command mode
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Command
fileattr
Use
displays the current user file access rights (guest or admin)
fileattr change
allows the current file access rights configuration data to
be changed
help
displays a list of the valid Manage Mode commands
updates the IP filter configuration
ipfilt
ipnetif
displays the current IP network interface configuration
data
ipradius
displays current enabled status of IP route lookup via
RADIUS
ipradius off
disables lookup of IP routes via RADIUS
enables lookup of IP routes via RADIUS
displays selected type of RIP information
disables/ enables RIP
ipradius on
iprip
iprip [off/on]
iproute
displays the current IP static route configuration data
adds/ changes/ deletes an IP static route
displays current IPX address pool
iproute [add/change/delete]
ipxaddrpool
ipxaddrpool [add/change/delete]
adds/ changes/ deletes an IPX address from the IPX
address pool
ipxinet
allows you to enter the network number for the IPX router
allows you to enable/ disable IPX isolated mode
displays current IPX network interface data
adds/ changes/ deletes an IPX network interface
displays the current IPX RIP status (enabled or disabled)
disables/ enables IPX RIP
ipxiso
ipxnetif
ipxnetif [add/change/delete]
ipxrip
ipxrip [off/on]
ipxroute
displays current IPX routes
ipxroute [add/change/delete]
ipxsap
adds/ changes/ deletes an IPX route
displays the current IPX SAP status (enabled or disabled)
disables/ enables IPX SAP
ipxsap [off/on]
ipxsvc
displays current IPX service data
ipxsvc [add/change/delete]
ipxspoof
adds/ changes/ deletes an IPX service
allows you to configure system level spoofing data
626
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
MANAGE MODE COMMANDS TABLE
Command
Use
ipxt20
allows you to configure IPX type 20 information
displays the current line configuration data
displays the current default line protocol configuration
allows changes to default line protocol configuration
presents all configuration options for log options
displays network login parameters
line
lineprot
lineprot change
log
netlogin
netlogin change
options
allows changes to the network login parameters
displays the current operating mode, security options, and
system parameters
options change
pktfilt
allows the current system parameters to be changed
displays the current packet filter configuration data
adds/ changes/ deletes a packet filter
pktfilt [add/change/delete]
profile
displays current profile table
protdef
displays the current protocol definition configuration data
adds/ changes/ deletes a protocol definition
displays the current protocol filter configuration data
adds/ changes/ deletes a protocol filter
protdef [add/change/delete]
protfilt
protfilt [add/change/delete]
radius
displays RADIUS off-node server configuration
radius change
allows changes to the RADIUS off-node server
configuration
readme
displays helpful tips on how to use the Manage Mode
commands
semiperm [add| delete]
resource
adds/ deletes a semi-permanent connection
displays the current resource configuration data
displays the current SNMP configuration data
displays current security level
snmp
seclevel
semiperm
allows you to add or delete device entries for
semipermanent connections
srcfilt [add/change/delete]
tacacs
adds/ changes/ deletes the a source address filter
displays TACACS off-node server configuration
tacacs change
allows changes to the TACACS off-node server
configuration
Workgroup Remote Access Switch
627
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Command
Use
tftp
displays the current TFTP configuration
tftp change
thruput
allows the current TFTP configuration to be changed
displays the current throughput monitor configuration
data
thruput change
allows the current throughput monitor configuration data
to be changed
vra
displays current VRA manager configuration data
allows you to change the VRA TCP port number
vra change
628
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CAUSE CODES TABLE
The following table provides Q.931 cause codes and their corresponding meanings. Cause codes
may appear in Call Trace Messages.
Dec Value
Hex Value
Q.931 Cause
0
1
0
1
valid cause code not yet received
unallocated (unassigned number)
Indicates that, although the ISDN number was presented in a valid
format, it is not currently assigned to any destination equipment.
2
3
2
3
no route to specified transit network (WAN)
Indicates that the ISDN exchange was asked to route the call through
an intermediate network that is unrecognized.
no route to destination
Indicates that the call was actually routed through a network that
does not serve the destination address.
4
5
6
4
5
6
send special information tone
misdialed trunk prefix
channel unacceptable
Indicates that the quality of service provided by the specified
channel was insufficient to accept the connection.
7
7
call awarded and being delivered in an established channel
Indicates that the device has been awarded an incoming call and that
the call is being connected to a channel that has already been
established for similar calls.
8
8
9
prefix 0 dialed but not allowed
9
prefix 1 dialed but not allowed
10
11
16
A
B
prefix 1 dialed but not required
more digits received than allowed, call is proceeding
10
normal call clearing or normal disconnect
Reports the normal clearing of a call. No action required.
17
11
12
device busy
Indicates that the called system has acknowledged the connection
request, but is unable to accept the call because the B-channels are
currently in use.
18
no device responding
Indicates that the connection could not be completed because the
destination failed to respond to the call.
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Dec Value
Hex Value
Q.931 Cause
19
13
no answer from device (device alerted)
Indicates that the destination has responded to the connection
request but has failed to complete the connection within the
prescribed time. Problem at remote end.
21
22
15
16
call rejected
Indicates that the destination was capable of accepting the call (was
neither busy nor incompatible) but rejected the call for some reason.
number changed
Indicates that the ISDN number used to set up the call is no longer
assigned to any system. If an alternate address has been assigned to
the called equipment, this may be returned in the diagnostic field of
this message.
23
24
25
26
17
18
19
1A
reverse charging rejected
call suspended
call resumed
non-selected device clearing
Indicates that the destination was capable of accepting the call (was
neither busy nor incompatible) but rejected the call because it was
not awarded to the device.
27
28
1B
1C
destination out of order
Indicates that the destination could not be reached because the
interface was not functioning correctly and a signaling message
could not be delivered for some reason. This may be a temporary
fault but one that is expected to last a relatively long time. For
example, equipment off-line.
invalid number format (incomplete number)
Indicates that the connection could not be established because the
destination address was presented in an unrecognized format or
because the destination address was incomplete.
29
30
31
33
1D
1E
1F
21
facility rejected
Indicates that the facility requested by the device could not be
provided by the network. This could be a subscription problem.
response to STATUS INQUIRY
Indicates that the status message was generated in direct response to
the prior receipt of a status enquire message.
normal, unspecified
Reports the occurrence of a normal event when no standard cause
applies. No action required.
circuit out of order
630
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CAUSE CODES TABLE
Dec Value
Hex Value
Q.931 Cause
34
22
no circuit/ channel available
Indicates that the connection could not be established because there
was no appropriate channel available to handle the call.
35
37
38
23
25
26
destination unattainable
degraded service
network (WAN) out of order
Indicates that the destination could not be reached because the
network was not functioning correctly and that the condition is
expected to last for a relatively long time. An immediate re-connect
attempt is likely to be unsuccessful.
39
40
41
27
28
29
transit delay range cannot be achieved
throughput range cannot be achieved
temporary failure
Indicates that an error has occurred because the network is not
functioning correctly, but that this problem is likely to be resolved
shortly.
42
43
44
2A
2B
2C
switching equipment congestion (network congestion)
Indicates that the destination could not be reached because the
network switching equipment was temporarily overloaded.
access information discarded
Indicates that the network could not provide the requested access
information.
requested circuit/ channel not available
Indicates that the remote equipment could not provide the requested
channel for an unspecified reason. This may, or may not, be a
temporary problem.
45
46
47
2D
2E
2F
preempted
precedence call blocked
resource unavailable, unspecified
Indicates that the requested channel or service was unavailable for
an unspecified reason. This may, or may not, be a temporary
problem.
49
31
quality of service unavailable
Indicates that the requested quality of service (as defined by CCITT
recommendation X.213) could not be provided by the network. This
may be a subscription problem.
50
51
32
33
requested facility not subscribed
Indicates that the remote equipment supports the requested
supplementary service but that this is available only by subscription.
reverse charging not allowed
Workgroup Remote Access Switch
631
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Dec Value
Hex Value
Q.931 Cause
52
53
54
55
56
57
34
35
36
37
38
39
outgoing calls barred
outgoing calls barred within CUG
incoming calls barred
incoming calls barred within CUG
call waiting not subscribed
bearer capability not authorized
Indicates that the device has requested a bearer capability that the
network is able to provide, but that the device is not authorized to
use. This may be a subscription fault.
58
3A
bearer capability not presently available
Indicates that the network is normally able to provide the requested
bearer capability, but not at the present time. This may be a
temporary network problem or a subscription problem.
59
61
63
3B
3E
3F
device busy 1TR6
call rejected 1TR6
service or option not available, unspecified
Indicates that the network or remote equipment was unable to
provide the requested service option for an unspecified reason. This
may be a subscription problem.
65
66
41
42
bearer service (or capability) not implemented
Indicates that the network is not capable of providing the bearer
capability requested by the device.
channel type not implemented
Indicates that the network or the destination equipment does not
support the requested channel type.
67
68
69
43
44
45
transit network selection not implemented
message not implemented
requested facility not implemented
Indicates that the remote equipment does not support the requested
supplementary service.
70
79
46
4F
only restricted digital information bearer capability is available
Indicates that the network is unable to provide unrestricted digital
information bearer capability.
service or option not implemented, unspecified
Indicates that the network or remote equipment was unable to
provide the requested service option for an unspecified reason. This
may be a subscription problem.
632
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CAUSE CODES TABLE
Dec Value
Hex Value
Q.931 Cause
81
51
invalid call reference value
Indicates that the remote equipment has received a call with a call
reference that is not currently in use by the device-network interface.
82
83
52
53
identified channel does not exist
Indicates that the receiving equipment has been requested to use a
channel that is not activated on the interface for calls.
a suspended call exists, but this call identity does not
Indicates that the network received a call resume request. The call
resume request contained a Call Identity information element which
indicated that it is in use for a suspended call.
84
85
54
55
call identity in use
no call suspended
Indicates that the network received a call resume request when there
was not a suspended call pending. This may be a transient error that
will be resolved by successive retries.
86
88
56
58
call having the requested call identity has been cleared
Indicates that the network received a call resume request. The call
resume request contained a Call Identity information element which
once indicated a suspended call; however, that suspended call was
cleared either by time-out or by the remote device.
incompatible destination
Indicates that an attempt was made to connect to non-ISDN
equipment; for example, to an analog line.
89
90
91
59
5A
5B
non-existent abbreviated address entry
remote device initiated 1 TR6
invalid transit network specified
Indicates that the ISDN exchange was asked to route the call through
an intermediate network that is unrecognized.
92
93
95
5C
5D
5F
invalid facility parameter
mandatory information element is missing
invalid message unspecified
Indicates that an invalid message was received and that no standard
cause applies. D-channel error. If this error is returned
systematically, report the occurrence to your authorized service
provider.
96
60
mandatory information element is missing
Indicates that the receiving equipment received a message that did
not include one of the mandatory information elements. D-channel
error. If this error is returned systematically, report the occurrence to
your authorized service provider.
Workgroup Remote Access Switch
633
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
Dec Value
Hex Value
Q.931 Cause
97
61
message type non-existent or not implemented
Indicates that the receiving equipment received a message that was
not recognized either because the message type was invalid, or
because the message type was valid but not supported. This is either
a problem with the remote configuration or a problem with the local
D-channel.
98
62
message not compatible with call state
or
message type non-existent or not implemented
or
wrong message
Indicates that an invalid message was received and that no standard
cause applies. D-channel error. If this error is returned
systematically, report the occurrence to your authorized service
provider.
99
63
information element nonexistent or not implement
Indicates that an invalid message was received by the remote
equipment that contained information elements which were not
recognized. D-channel error. If this error is returned systematically,
report the occurrence to your authorized service provider.
100
101
102
64
65
66
invalid information element contents
Indicates that a message was received by the remote equipment that
included invalid information in the information element. D-channel
error.
wrong message for state (message not compatible with call state)
Indicates that remote equipment received an unexpected message
that did not correspond to the current state of the connection. D-
channel error.
recovery on timer expiry
Indicates that an error-handling (recovery) procedure has been
initiated by a timer expiry. This should be a temporary problem.
103
111
67
6F
mandatory information element error
protocol error
Indicates an unspecified D-channel error when no other standard
cause applies.
112
113
127
70
71
7F
local procedure error 1TR6
remote procedure error 1TR6
internetworking, unspecified
Indicates that an event occurred but that the network does not
provide causes for the actions that it takes, therefore the precise
nature of the event cannot be ascertained. This may, or may not,
indicate the occurrence of an error.
634
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
CAUSE CODES TABLE
Dec Value
Hex Value
Q.931 Cause
UNKNOWN
Indicates that an event occurrent but that the network does not
provide causes for the actions that it takes, therefore the precise
nature of the event cannot be ascertained. This may, or may not,
indicate the occurrence of an error.
Workgroup Remote Access Switch
635
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
B
INDEX
backup
bandwidth 28
limitations 164
base data rate 163
basic rate ISDN lines
boot messages 427
br stat 530
BRI_5ESS 86
bridging
A
accesses
alternate accesses 196
X.25 198
ace 186
ACE Authentication Server
configuring 185
active WAN peer 296
adapters
configuring adapters 88
overview 90
filters 222
overview 221
admin 70, 513
admin login names 70
administration console
requirements 63
AIS 424
alarm LEDs 424
AMI encoding 97
ampconf 94
AppleTalk routing 305
capacities 311
statistics 567
C
cabling
device information 161
remote LAN 309
call control 313
call device 531
call restrictions
configuring 320
statistics 560
callrest 320
statistics 562
atalk 305, 525
atalk port stats 566
atalk stats 562
AUD 91
authentication 159
autobaud 515
cause codes 629
CDR
cdr 534
cfg 522
636
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
map 608
configuration
default 83, 86
cfgedit 83
packet types 242
CLID 166
tools
cmp 535
CFGEDIT 83
commands
dynamic management 84
console 47
AppleTalk 525
call restriction 534
dynamic management 625
frame relay 535
IP routing 537
console connections
remote 69
Console Information Port (CIP), refers to RS232
port
IPX 542
LAN 545
country code 90
log 545
cr stats 534
RADIUS 549
cs 516
CSU 61, 97
CSX1200-E11-MOD 48
security (user-level) 557
TCP 551
Telnet 551
terminal 554
CSX1200-U4-MOD 50
LEDs 421
D
data links 95
TFTP 555
datalink 93
throughput 520
trace 556
date 523
dedacc 196
UDP 557
WAN 558
X25 558
commit 85
and CCP 347
line protocol 196
default configuration 81
default per-device 346
default profile 323
default routes 129
del 524
configuring 345
statistics 568
destfilt 223
Workgroup Remote Access Switch
637
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
device add 162
file attributes 350
list 516
device level databases 155
device level security 133, 139
DHCP
fileattr 350
filters 29
flash reclaim 524
flash recover 524
proxy client 265
relay agent 258
statistics 569
verifying 378
flattening (network) 122
fr 536
frame relay
number 164
using bridge filters 233
verification 376
framing types 97
dir 524
G
disc device 533
generic number 90
global timers 291
guest 513
DLCI value 212
DMS100 60, 95
DOC notice 4
H
dr 52, 516
hardware
dynamic management 515
verification 353
help 85, 515
E
encapsulation 108, 275
er 522
hunt group 61
I
es 522
exit 513
ICMP 245
installation
F
FCC notice 3
features 28
638
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
LAN 105
over WAN unnumbered interface connection
verification 365
WAN 106
statistics 576
ip 538
ipconfig 514
IPCP
IP filters 250
ip addrpool 535, 537
IP filters 241, 251
applying filters 249
connection filters 247
example 256
ipfilt 242
ipnetif 107
iprip 131
iproute 125
ipx 542
global 249
network interfaces 249
per-device 249
trace messages 494
UDP configuration 244
verification 366
ipx route stats 582
IPX routing 269
commands 542
enable RIP/ SAP 278
IP host mode
host identifier 166
interface 104, 107
ip rip 539
RIP table size 278
statistics 579
IP routing
address pool 240
verification 370
configuring 102
IPX WAN
enabling 102
network interfaces 105
over LAN interface connection
verification 360
ipxinet 272
ipxiso 289
ipxnetif 274
ipxrip 278
ipxroute 282
over WAN interface connection
verification 361
over WAN remote interface connection
verification 364
ipxsap 278
ipxsvc 283
ipxt20 288
Workgroup Remote Access Switch
639
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
ISDN 27
ordering 56
local log file 339
isdn 544
login 70
logout 514
LOS 425
K
M
L
maintenance 597
lan 545
LAN adapter
LAN connection
LAN IP interface 105
lan test 355
MAU 44
maximum data rate 163
mc 516, 520
messages
boot 427
trace messages 487
module
LAPB 202
alarm 424
verification 353
LAN 418
MTU 108, 275
LANVIEW 420
NT1 status 421
service 422
multi-level security
user defined 160
WAN 418
led status 518
line 93
line build out 97
line encoding 97
lineprot 337
lines
line interface type 94
line type 98
N
neif 516
link failure detection 211, 335
link LEDs 421
list 524
LMI 215
network flattening
format 212
overview 215
local user list
Now referred to as on-node device database
LOF 425
log 545
640
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
network security
primary rate ISDN lines
framing types 97
generic number 90
line build out 97
line encoding 97
problem diagnosis
AppleTalk routing 404
CDR 411
NTT INS 86
IP filters 396
IP routing 385
O
on-node device table
RIP 397
protdef 223
protfilt 223
verification 382
pswd 70, 514
P
PAP password 165
ping 361
pkt 545
pkt mac 530
power requirements 63
PPP
bridging 173
R
link failure detection 335
routing 172
radius 181, 549
RADIUS Server
RAI 424
receive LEDs 420
STAC-LZS
extended mode 348
release notes 25
remote device connectivity
Workgroup Remote Access Switch
641
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
verification 371
propagation 284
security
Telnet 506
TFTP 509
reporting problems 616
requirements
device level databases 155
overview 133
token card 141
RIP (IP) 130
semiperm 327
commands 518
verification 382
sentry 557
service indicator 422
session 524
configuring 298
and interfaces 117
send control 110
verifying initialization 366
RIP (IPX)
statistics 585
description 279
entry aging time 276
software
robbed bit signaling 97
overview 51
system files 51
sp 518
Spanning Tree
S
messages 428
SAP (IPX)
SPID 95
srcfilt 223
description 279
entry aging time 276
642
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
AppleTalk routing 310
statistics
statistics 587
AppleTalk routing 562
bridging 567
call restriction 560
DHCP 569
TDM 97
Telnet 69, 506
commands 551
IP 576
IPX 579
TFTP 348, 509
LAN 575
statistics 588
TCP 587
TFTP 588
example 317
triggered RIP/ SAP 582, 583
UDP 590
statistics 561
WAN 591
status 518
thruput 314
tools
trace 556, 558
SVCs 208
trace messages 487
frame relay 500
sysName 301
system files 51
IP filters 494
PPP packet 495
summary 489
X.25 497
system messages
commands 544
statistics 582, 583
verification 372
U
statistics 590
udp 557
T
tacacs 184
Workgroup Remote Access Switch
643
Download from Www.Somanuals.com. All Manuals Search And Download.
USER’S GUIDE
update 515
upgrading software 597
WAN (Mac Dial In) 307
WAN IP interface 106
verification 361
WAN lines
wan stats 519
wr 52, 521
ws 52, 522
login banner files 53
utility commands 85
V
X
VCCI notice 4
ver 518
verification
X.25
module installation 353
requirements 353
access 198
commands 558
verifying the installation
bridge initialized 355
CDR 376
LAPB 202
PVCs 201
reliability, windows, and acknowledgment
statistics 594
SVC 208
timers 199
frame relay 356
IP filters 366
LAN connection 354
proxy ARP 382
RIP 366
trace messages 497
x25 558
triggered RIP/ SAP 372
WAN lines 354
vra 179
W
WAN
statistics 591
644
CyberSWITCH
Download from Www.Somanuals.com. All Manuals Search And Download.
|
Black Box Network Card Remote Port USB User Manual
Black Decker Blender BL10451 User Manual
Bosch Appliances Security Camera VG4 200 User Manual
Bosch Power Tools Power Hammer RHH181 01 User Manual
Cannon All in One Printer PIXMA MG5320 User Manual
Canon Camera Accessories 2478A002 User Manual
Carcomm PDAs Smartphones 169 User Manual
Casio Printer CW E60 User Manual
Casio Watch 1675 1 User Manual
Cisco Systems Modem DPC3000 User Manual