NSPDIAG User Guide Abstract NSPDIAG is a general purpose tool that runs on HP NonStop Servers and HP Integrity NonStop Servers. This tool can be used to test the functionality of various types of Atalla Network Security Processors (NSPs). NSPDIAG is an online, interactive diagnostic program that communicates with the Atalla NSP through either an Ethernet or asynchronous port.
Document History Part Number Product Version 529007-001 T5860D42_30JUN2003_AAC Published May 2004
NSPDIAG User Guide Glossary Index What’s New in This Manual iii Manual Information iii New and Changed Information Examples Figures iii About This Manual v Your Comments Invited v Notation Conventions v 1.
Index Contents Option W – I/O Timeout in Seconds, 0 Seconds = Wait Forever Option X – Exit 1-17 Using NSPDIAG with ARM 1-17 Index Examples Figures Tables Table 1-1. Table 1-2. Table 1-3. Table 1-4.
What’s New in This Manual Manual Information NSPDIAG User Guide Abstract NSPDIAG is a general purpose tool that runs on HP NonStop Servers and HP Integrity NonStop Servers. This tool can be used to test the functionality of various types of Atalla Network Security Processors (NSPs). NSPDIAG is an online, interactive diagnostic program that communicates with the Atalla NSP through either an Ethernet or asynchronous port.
New and Changed Information What’s New in This Manual NSPDIAG User Guide —529007-002 iv
About This Manual Your Comments Invited After using this manual, please take a moment to send us your comments. You can do this by: • • Faxing or mailing the form located at the back of this manual. Our fax number and mailing address are included on the form. Sending an e-mail message to the address included on the form. We will immediately acknowledge receipt of your message and send you a detailed response as soon as possible.
Hypertext Links About This Manual NSPDIAG User Guide —529007-002 vi
1 NSPDIAG Operation This Guide describes the capabilities and operations of NSPDIAG, version 2.4 T5860D42_27OCT2007_AAD. The following main topics are covered in this section: • • • • • • Running NSPDIAG I/O Configuration Using Command Line Parameters Using Main Menu Main Menu Options Using NSPDIAG with ARM Running NSPDIAG There are two ways to set up the parameters and start running NSPDIAG: 1. Using command line parameters.
I/O Configuration NSPDIAG Operation You can also use the command line parameters to set initial values before going to the Main Menu. For example, begin the NSPDIAG program by entering the following command at TACL prompt: RUN NSPDIAG -D$NSP1 -FTESTFILE -LNSPLOG When the NSPDIAG is running, the initial values are set as noted in the command line and the Main Menu is displayed. I/O Configuration The first step in communicating with the Atalla NSP is defining the communication interface.
Using Command Line Parameters NSPDIAG Operation Table 1-1. Using the Command Line Parameters (page 2 of 2) Line Parameters Description -Ddevice Normally the NSP is controlled by Boxcar, if this is the case provide the boxcar process name. If boxcar is not running and you wish to communicate directly with the NSP, provide the IP address. If the configuration is Asynchronous provide the device name.
Required Parameters NSPDIAG Operation When parameter -F (data file) is specified, NSPDIAG sends the test commands read from the data file to the device. The command line parameter -S is required to bypass the Main Menu and start the data file testing. Without parameter -S, the Main Menu is displayed with the initial values noted in the command line. See Using Main Menu for details.
Using Main Menu NSPDIAG Operation Using Main Menu At the TACL prompt type: run NSPDIAG The following menu is displayed: Table 1-2. Main Menu Options Command Description ? Help.
Main Menu Options NSPDIAG Operation • Option S – Start Testing Device by reading the test commands from the data file that was specified using Option F – Data File Name. Main Menu Options Option? – Help, Information on Files and Parameters When -? is selected, the following information is displayed on the screen: This program uses three types of files. There are DATA, BATCH, and LOG files. DATA files are described in detail below. BATCH Files contain DATA file names.
Option B – Batch File Name NSPDIAG Operation An additional requirement must be met to view the security audit log. The NSP’s security setting must be set to low to view the security audit log; see Appendix C in the Atalla Secure Configuration Assistant-2 User Guide. Select main menu option A once these requirements have been met. A menu will appear: Choose the type of log : 1 = Audit 2 = Configuration Enter your choice : Select 1 to display the NSP’s security audit log.
Option D – Test Device Name NSPDIAG Operation This is the default configuration, which allows NSPDIAG to communicate with Atalla NSP through the Boxcar or ARM process interface. 6 - A6000 (Without IFM) A discontinued model of Atalla NSP. 7 - A7000 (Without BOXCAR) A discontinued model of Atalla NSP. E - Ethernet (Without BOXCAR) This configuration allows NSPDIAG to communicate with the Atalla NSP directly without the Boxcar or ARM process interface.
Option O – TCP/UDP port number NSPDIAG Operation Option O – TCP/UDP port number This option sets the port used with the TCP/IP address. The default value is 7000. The port number must match the value specified in the NSP’s CONFIG.PRM file, see PORT_STATUS in section 4 of the Installation and Operations Guide for the Atalla Ax150 NSP. Option F – Data File Name NSPDIAG reads from a data file which may contain one or more commands. The default is no data file.
Option F – Data File Name NSPDIAG Operation When a test command is followed by its expected response in the data file, the expected response is compared with the actual response returned from the device. When it does not match, the command, the expected response, and the actual response are displayed on the screen and written to the log. When it matches, nothing is displayed. When Option V – Verbose Mode is turned on the command and the actual response are displayed or written to the log.
Option F – Data File Name NSPDIAG Operation Test Data Example 2: *The following command using command ‘+’ to split data *line S <00#This is a long data line 0123456 + 373839#> R <00#000070#This is a long data line 0123456373839#> Because the + command is used, 373839#> are concatenated without packing, so the actual command string sent to NSP is: <00#This is a long data line 0123456373839#> Test Data Example 3: * * S & + R The following command using command ‘&’ to split data line <00#This is a long dat
NSPDIAG Operation Option G – Copy Test Commands From Data File into Memory Option G – Copy Test Commands From Data File into Memory When -G is selected, the option of ‘copy test commands from data file into memory’ is toggled. The default is off, don’t copy the test commands into memory. Option G Off: NSPDIAG opens the data file, reads the first test command from the data file, and sends it to the device; then reads the next test command and sends it to the device.
Option I – Interactive Testing NSPDIAG Operation at end of line is: I I=Ignore, N=Normal, R=Require New action: _ Option I – Interactive Testing When -I is selected, the prompt for entering the test command sent to the device appears and after the command string is entered, the response from the device is displayed. When the device name is not specified, an error message appears. The maximum command length is 239 characters.
Option M – Specify MFK name in response NSPDIAG Operation Option M – Specify MFK name in response When -M is selected, the existing MFK name is displayed and the prompt for a new MFK name is displayed. When nothing but space(s) is entered the MFK name is erased. The default is no MFK name. If a MFK name has been entered it will be appended to the expected response, which is then compared to the actual NSP response. The option to append a MFK name to a response is configured in the NSP using Command 101.
Option S – Start Testing Device NSPDIAG Operation Option S – Start Testing Device When -S is selected, NSPDIAG starts processing the commands in the data file. When a device name is not specified, the error message ‘Invalid device name’ displays. When both data file and batch file are specified, the error message ‘Both data file and batch file specified’ appears. When neither data file nor batch file is specified, the error message ‘Data or batch file need to be specified’ appears.
Option W – I/O Timeout in Seconds, 0 Seconds = Wait Forever NSPDIAG Operation Example When Verbose mode is Off, all the non-printable characters are represented by a period character ‘.’. When Verbose mode is On any non-printable character in the command or response is displayed as a Hex/ASCII string. The message is split into 15 character sections, with hex displayed on the left, and ASCII displayed on the right. All non-printable characters are displayed as the period character ‘.’ in the ASCII section.
Index B Option H, Handle Device 1-12 Option I, Interactive Testing 1-13 Option K, Display Character Count for all Messages 1-13 Option L, Log File Name 1-13 Option M, Specify MFK name in response 1-14 Option R, Repeat Count 1-14 Option S, Start Testing Device 1-15 Option T, Timed Repeat Count 1-15 Option V, Verbose Mode 1-15 Option W, I/O Timeout in Seconds 1-16 Option X, Exit 1-16 Option ?, Help, Information on Files and Parameters 1-6 Batch File 1-7 C Copy file into Memory 1-12 D Data File Name 1-9 Di
V Index V Verbose Mode 1-15 View Log 1-6 NSPDIAG User Guide —529007-002 Index -2
Reader Comment Card Mail or E-Mail Your Comments To ATTN: Atalla Publications Hewlett-Packard Company Atalla Security Products Group 19091 Pruneridge Avenue, Mail Stop 4441 Cupertino, CA 95014 atalla.support@hp.com From Name ___________________________ Organization ___________________________ Work phone ___________________________ E-mail ___________________________ What publication do you have a comment about? (Please provide complete title or part number.
