Enterprise OS Software Version 11.4 Release Notes 3Com provides a CD-ROM that includes all Enterprise OS software version 11.4 software manuals plus version 11.4 new installation and upgrade manuals. To obtain a hardcopy version of the 11.4 documentation, order part number C36460T. You can order the documentation CD-ROM using part number 3C6461T. Additionally, all documentation for Enterprise OS software version 11.4 is located on the 3Com website: http://infodeli.3com.com/infodeli/tools/bridrout/index.
3Com Corporation 5400 Bayfront Plaza Santa Clara, California 95052-8145 Copyright © 3Com Corporation, 2000. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without permission from 3Com Corporation.
CONTENTS ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES Encryption Packages Notice 7 Supported Platforms 8 OfficeConnect NETBuilder and SuperStack II NETBuilder SI Release 9 Platforms Not Supported 9 New Features and Feature Enhancements 9 JAVA Runtime Environment 9 VPN and Security Features 9 Routing Support Features 11 Traffic Shaping & QoS Features 14 Dial Service Features 17 Voice & Multiservice Features 17 Network Management Features 18 Transcend VPN Application Suite 21 11.
Upgrade Link and Netscape Browser Scroll Bars 46 Upgrade Link Window Resizing 47 IBM Protocols and Services Notes 47 APPN 47 APPN Connections to 3174 through Token Ring 47 APPN CP-CP Sessions and SNA Boundary Routing 47 APPN CP-CP Sessions on Parallel TGs 47 APPN DLUr Connections to 3174 Systems 47 BSC and Leased Lines 47 Boundary Routing and NetView Service Point 48 Configuring BSC and NCPs 48 DLSw Circuit Balancing 48 DLSw and CONNectUsage Parameter Default Change 48 DLSw Prioritization 48 DLSw and IBM Bo
DTR Modems 55 Dynamic Paths 55 Frame Relay Congestion Control 55 History-Based Compression Negotiation Failure 55 History Compression Not Allowed With Async PPP 55 Multilink PPP Configurations 55 SPID Wizard Detection Errors 56 STP AutoMode Does Not Select the Right Mode 56 Supported Modems 56 Routing Protocols and Services Notes 56 BGP Configuration Files 56 CPU Utilization with XNS Protocol 57 IPX to Non-IPX Configuration Error 57 IPX Routing, Route Receive and Route Advertisement Policies 57 Managing IP
PKI: Entrust CA Installation Notes 61 PPTP Tunnel Security Validation 62 RSA Signature for Phase 1 Authentication 62 Windows NT MS-CHAP Authentication 62 Platform Notes 63 OfficeConnect NETBuilder and SuperStack II NETBuilder SI Additional Memory Requirements 63 Approved DRAM SIMMs 63 Supported PC Flash Memory Cards 64 Line Error Reporting on PathBuilder S5xx Series Switch Statistics Display 64 T3 Bandwidth Limitation 64 MBRI Ownership During Board Swapping 64 Multiport MBRI Module SNMP Management 64 Token
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES These release notes provide information on the following topics for Enterprise OS software version 11.4: ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Encryption Packages Notice Supported Platforms Platforms Not Supported New Features and Feature Enhancements 11.
ENTERPRISE OS SOFTWARE VERSION 11.
Platforms Not Supported ■ ■ OfficeConnect NETBuilder and SuperStack II NETBuilder SI Release 9 PathBuilder S5xx series switch models S500, S580, S593, S594, S598 and S599 PathBuilder S400 Due to increased memory requirements, the OfficeConnect NETBuilder and SuperStack II NETBuilder SI will be released after the general release of Enterprise OS Software version 11.4.
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES Public-Key Infrastructure (PKI) Implementation Applications like IP Security (IPsec) and Internet Key Exchange (IKE) employ public-key technology for such security purposes as identifying oneself to remote entities, verifying a remote entity's identity, or initiating secure communications with remote peers. Such applications require a public-key infrastructure (PKI) to securely manage public keys for widely-distributed users or systems.
New Features and Feature Enhancements 11 Tunnel Switching Between Different Tunnel Types So that tunnel switching between two sessions of different tunnel types can be easily implemented and maintained, Enterprise OS software version 11.4 has been re-structured to support tunnel switching from PPP over Ethernet (PPPoE) to PPTP, and from PPPoE to L2TP. Users can now dial-in through a PPPoE tunnel and “switch out” through a PPTP or L2TP tunnel.
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES Multicast Border Router (MBR) To allow sources and receivers inside multiple autonomous multicast routing domains (each running a different multicast routing protocol -- DVMRP, MOSPF, or PIM-SM) to communicate, the regions must be connected by multicast border routers (MBRs). The primary role of the MBR is to pull down the traffic from one domain to the another domain.
New Features and Feature Enhancements 13 ■ Provides end users with ease of installation and configuration; no special configuration of the PC or modem is needed. ■ Provides services providers with ease of provisioning, services, and management. ■ Operates independent of access device (that is, works for xDSL, cable, or wireless devices) which shields end users from the need to learn complicated technologies (for example, ATM).
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES occur during, for example, TFTP file transfers using Large Blocksize Negotiation (RFC 1783). Each fragmented packet contains an IP Identification (ID) number that is used for re-assembly. When the first fragment arrives, the ID is stored in the NAT session that has already been setup for the TFTP file transfer, so when subsequent fragment’s arrive with no UDP header, a search is made for the session by ID and the relevant IP address.
New Features and Feature Enhancements 15 Given the scalability problems associated with RSVP, the emerging IETF standard for scalable end-to-end QoS–IP Differentiated Service is supported.
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES ■ Class-Based Queuing (CBQ) Management Class-Based Queuing (CBQ) is a link-sharing packet scheduler which is an enhanced version of the existing Protocol Reservation queuing policy. It performs priority scheduling and supports specific traffic class characteristics, such as the average transfer rate.
New Features and Feature Enhancements 17 may cause some flows to be locked out of bandwidth if a simple tail drop is employed when the queue becomes full. However, RED works well only with compliant TCP implementations that backs off when network congestion is detected. It has no effect on non-IP or UDP traffic. RED is supported on CBQ class queues only. Dial Service Features Dial service features include increased asynchronous baud rate for the all Enterprise OS platforms. In releases prior to 11.
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES ■ Up to 250 calls can be supported within each VC subject to available bandwidth. ■ Support for FXS and FXO voice ports. ■ Support for FAX data over the voice call. Voice Over VPN (VoVPN) Due to the interaction between VPN (L2TP or PPTP) and VoIP when they are sharing the same system IP (sysip) address, voice calls do not get tunneled over L2TP or PPTP.
New Features and Feature Enhancements ■ 19 Voice Wizard Starting with 11.2.2 and with enhancements made in 11.4 for the PathBuilder S400 WAN convergence switch, Web Link provides a new Wizard configuration tool to aid in the configuration of the voice parameters. The Voice Wizard eases the task of configuration by creating a dial plan that can be viewed and later edited.
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES Console Output in Telnet Sessions With 11.4, all system messages can be displayed to a Telnet session as well as through a terminal attached to the local console port. Administrators will be able to view all important status messages from the Telnet session improving manageability. Audit Log Messaging Enhancements Many enhancements are added in the 11.4 release regarding the logging of events.
New Features and Feature Enhancements 21 message identifier(s) and /or SYSLOG server. The action to send all messages to the SYSLOG server is still the default when auditing is enabled. ■ The audit log messages can also be sent out through an SNMP trap to be received by the configured SNMP trap manager(s). Domain Name Use in FTP and TFTP Commands Starting with 11.
ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES Features of PKI Manager version 1.0 ■ Multi-Enterprise PKI Management: Administrators can use the application to manage multiple enterprises (or different business units of an enterprise) separately. ■ Limited RA functionality: The application uses a proprietary Enrollment key mechanism to authenticate Enterprise OS devices.
11.4 Software Packages 11.4 Software Packages NETBuilder II Bridge/Router 23 The tables in this section list the features in the packages available in software version 11.4 for the NETBuilder and PathBuilder platforms.
Table 1 NETBuilder II Software Features (continued) Software Packages Feature AC BRITSS DW DL DE DS X X X X APPN X LNM X X X X X LAA X X X X X Token Ring in Fast Ethernet (IOS not supported) X X X X X ISDN BRI X X X X X ISDN PRI X X X X X X X X X X BSC Conversion X X X X QLLC/LLC2 Conversion X X X X ISDN T1/E1 ISDN CT1/CE1 ISDN T3/E3 ISDN CT3/CE3 Data over Analog (Call Originate only) CSU/DSU Loopback SDLC/SHDLC/Polled Async/Bisync Frame Relay
11.
SuperStack II NETBuilder SI SuperStack II NETBuilder SI bridge/routers are supported with the following packages: ■ BF– Boundary Router ■ NW–IP/IPX/AT Router ■ NE– IP/IPX/AT Router with 56-bit Encryption ■ NS–IP/IPX/AT Router with 128-bit Encryption and 3DES ■ CF–Multiprotocol Router] ■ CL–Multiprotocol Router with 40-bit Encryption ■ CE–Multiprotocol Router with 56-bit Encryption ■ CS–Multiprotocol Router with 128-bit Encryption and 3DES ■ AX–APPN/Connection Services Table 3 lists th
11.
Table 3 SuperStack II NETBuilder SI Software Features (continued) Software Packages Feature BF NW NE IP/IPX RAS, Radius, traps MS-CHAP EAP Authentication NS CF CL CE CS X X X X X X X X X X AX X X X X X X VPN/PPTP/L2TP/L2TP (FP) Tunnel Switch PPTP/L2TP (R2R, VLL) X X X X X X X X IP (Routing, FireWall, NAT, Proxy, ARP, DHCP, DHCP Proxy, Traffic Director, Internal IP Ports, IPQoS) X X X X X X X X IP OSPF X X X X X X X X IPX NLSP X X X X X X X X
11.4 Software Packages PathBuilder S5xx Series Switch 29 The PathBuilder S5xx Series Switches support the following software packages: ■ PW–Multiprotocol Router ■ PE–Multiprotocol Router with 56-bit Encryption ■ PL–Multiprotocol Router with 40-bit Encryption ■ PS–Multiprotocol Router with 128-bit Encryption and 3DES Table 4 lists the software features in each package for the PathBuilder S5xx series switches.
Table 4 PathBuilder S5xx Series Switches Software Features (continued) Software Package PW PL PE PS LAA X X X X Token Ring in Fast Ethernet (IOS not supported) X X X X ISDN PRI X X X X ISDN T1/E1 X X X X X X X X SDLC/SHDLC/Polled Async/Bisync X X X X BSC Conversion X X X X QLLC/LLC2 Conversion X X X X Frame Relay X X X X SMDS X X X X X.
11.
PathBuilder S400 Series Switches The PathBuilder S400 series switches support the following software packages: ■ XW–IP/IPX/AT Data/Voice Router ■ XE–IP/IPX/AT Data/Voice Router with 56-bit Encryption ■ XL–IP/IPX/AT Data/Voice Router with 40-bit Encryption ■ XS-IP/IPX/AT Data/Voice Router with 128-bit Encryption and 3DES ■ MW–Multiprotocol Data/Voice Router ■ ME–Multiprotocol Router with 56-bit Encryption ■ ML–Multiprotocol Router with 40-bit Encryption ■ MS–Multiprotocol Router with 128-
11.
Table 5 PathBuilder S400 Series Switches Software Features (continued) Software Package XW XS MW X X X X X IKE/IPsec - KEK/ISAKMP Tunnel Mode/Fast Tunnel/Policy UI/Policy Manager, IPPCP X MS-CHAP EAP Authentication Feature XL XE ML ME MS X X X X X X X X X X X X X X X X X X X X X X X X X X X X X MPPE/RC4 IP/IPX RAS, Radius, traps X VPN/PPTP/L2TP/L2TP (FP) Tunnel Switch PPTP/L2TP (R2R, VLL) X X X IP (Routing, FireWall, NAT, Proxy, ARP, DHCP, DHCP Proxy,
11.4 Software Packages 35 Table 6 lists the software features in each package for the OfficeConnect NETBuilder bridge/routers.
Table 6 OfficeConnect NETBuilder Bridge/Router Software Features (continued) Software Packages JW JE JS BF NW NE NS AF OF OL OE OS Data over Analog (Call Originate only) X X X X X X X X X X X X CSU/DSU Loopback X X X X X X X X X X X X X X X X X X X X X X X X X Feature ISDN CT3/CE3 SDLC/SHDLC/Polled Async/Bisync X BSC Conversion QLLC/LLC2 Conversion X Frame Relay X X X X X X X X X SMDS X X X X X X X X X.
11.4 Software Packages 37 Table 6 OfficeConnect NETBuilder Bridge/Router Software Features (continued) Software Packages JW JE JS BF NW NE DRAM 16 MB 16 MB 16 MB 16 MB 16 MB Flash memory (Minimum required for Enterprise OS 11.
Table 7 OfficeConnect NETBuilder 10/ST Bridge/Router Software Features (continued) Software Packages Feature RW RE RS IPCP X X X X X X Token Ring in Fast Ethernet (IOS not supported) X X X ISDN BRI X X X X X X Data over Analog (Call Originate only) X X X CSU/DSU Loopback X X X IPv6/BGP VRRP (Ethernet/FDDI/Token Ring) VRRP for DLSW VRRP over VLAN RSVP, RSVP Proxy Multicast IP, PIM, IGMP, MBR IP/OSI Connection Services IPX XNS, OSI Appletalk VINES, DECnet, Ph-IV, Ph-IV/V GW D
11.
SuperStack II NETBuilder Token Ring SuperStack II Token Ring bridge/routers support the following packages for the specified models. ■ CF–Multiprotocol Router ■ TE–Multiprotocol Router with 56-bit encryption Table 8 lists software features for each package for the SuperStack II Token Ring bridge/routers.
11.4 Software Packages 41 Table 8 SuperStack II NETBuilder Token Ring Software Features (continued) Software Package Feature CF for TE for model 327 model 327 CF for TE for model 527 model 527 Token Ring in Fast Ethernet (IOS not supported) ISDN BRI X X X X ISDN PRI ISDN T1/E1 ISDN CT1/CE1 ISDN T3/E3 ISDN CT3/CE3 Data over Analog (Call Originate only) CSU/DSU Loopback SDLC/SHDLC/Polled Async/Bisync X X X X QLLC/LLC2 Conversion X X X X Frame Relay X X X X SMDS X X X X X.
Table 8 SuperStack II NETBuilder Token Ring Software Features (continued) Software Package CF for TE for model 327 model 327 CF for TE for model 527 model 527 IP (Routing, FireWall, NAT, Proxy, ARP, DHCP, DHCP Proxy, Traffic Director, Internal IP Ports, IPQos) X X X X IP OSPF X X X X IPX NLSP X X X X Virtual Ports 28 28 28 28 18 18 18 18 DRAM 12 MB 12 MB 12 MB 12 MB Flash memory (Minimum required for Enterprise OS 11.
Upgrade Management Utilities Upgrade Management Utilities 43 This section includes information about Enterprise OS software version 11.4 Upgrade Management Utilities. The Upgrade Management Utilities can be executed using the command line, via the GUI-interface in Transcend Upgrade Manager, the GUI-interface in Upgrade Link, or via user-defined scripts. The Enterprise OS software version 11.4 Upgrade Management Utilities support upgrades from NETBuilder bridge/routers running version 8.x through 11.4.
The Windows files are as follows: ruu114.zip Contains the compressed Upgrade Management Utilities for Windows95/98 and Windows NT platforms. ruu114.txt Contains the instructions for downloading and expanding the Upgrade Management Utilities and Upgrade Link. This file also contains instructions on how to integrate the utilities into the Transcend Network Control Services Manager application. Executing profile.bat Version 11.4 Upgrade Management Utilities Upgrading to 11.
Upgrade Management Notes 45 EncryptionLicenseRead Environment Variable Transcend Enterprise Manager for Windows Upgrade Manager and Transcend Enterprise Manager for UNXI Upgrade Manager 4.2.x will not allow you to upgrade 3Com NETBuilder bridge/routers with encryption technology unless you set the EncryptionLicenseRead environment variable to 1. Setting this variable implies that you have read and agree to the export regulations enforced by the US Department of Commerce.
File Conversion Considerations This section describes file conversion considerations for APPN, bridge static routes, DLSw, the PROfile service, and X.25 SVCs. APPN APPN file conversion is supported in software version 8.2 and later. Upgrading from software versions prior to 8.2 requires manual configuration. High Performance Routing (HPR) is a new feature for the NETBuilder bridge/router after software version 8.3.
IBM Protocols and Services Notes 47 fails to add scroll bars with text fields. If you experience this or other problems, you may want to use a later version of Netscape when it becomes available. Upgrade Link Window Resizing IBM Protocols and Services Notes APPN Since Enterprise OS software version 11.4 Upgrade Link cannot resize the browser window, you should maximize the browser window so that all of the Upgrade Link dialog boxes are fully visible without scrolling.
Boundary Routing and NetView Service Point When configuring NetView Service Point in a Boundary Routing environment, note that the SSCP-PU session actually flows over LLC2 rather than DLSw, even though the -SNA PortDef parameter is defined as DLSw. As a result, the session does not show up as a DLSw circuit. Configuring BSC and NCPs When connecting a NETBuilder bridge/router to an Network Control Program (NCP) for a BSC configuration, be careful when disabling the 3780/2780 EP lines.
IBM Protocols and Services Notes 49 You must reboot the bridge/router before this change takes effect. Table 9 shows the maximum number of circuits possible with the different CONNectionUsage parameter settings. The practical limit may be lower and depends on the traffic load, CPU, and memory usage by other services.
NetBIOS sessions occurs if the primary link fails and the redundant link is activated. If this happens, end users need to log on and initiate another session. IBM-Related Services in Token Ring IBM-related services such as DLSw and APPN are affected by parameter settings in the BRidge, SR, and LLC2 Services. Table 11 shows the required settings in source route (SR), source route transparent (SRT), and transparent bridging environments for each of the IBM-related services.
IBM Protocols and Services Notes 51 and route discovery are configured, bridge numbers must be unique for each bridge/router on the same ring, and LLC2 is enabled on token ring ports. Token Ring Frame Copy Errors For transparent bridge or source route transparent configurations, token ring end systems may generate a small number of MAC frame copy error reports when the NETBuilder II bridge/router token ring interface is initializing or when the bridge/router ages out a MAC address from its bridge table.
LLC2 Frames and PPP LLC2 frames are not sent or received over PPP unless global bridging is enabled using the SETDefault -BRidge CONTrol = Enabled command. You must enable LLC2 on the port using: SETDefault ! -LLC2 CONTrol = Enabled.
ATM Services Notes 53 VTAM Version 4.2 requires PTF #UW20787. VTAM Version 4.3 requires PTF #UW20788. Visible symptoms of this problem can be seen as a lack of network management data for PUs that are downstream of a NETBuilder II bridge/router using APPN DLU services. The NetView message “AAU251I AAUDRTIB 02 UNEXPECTED SENSE CODE X'1002' ENCOUNTERED FOR TARGET=pu_name” is printed in the log file when this problem occurs.
Auto Start-up Does Not Include Async Automatic detection of the line type (LineType=Auto) and link protocol (OWNer=Auto) do not include recognition of Async PPP and AT dial. For Async PPP and AT dial (which must be used together), the following parameters must be explicitly configured: -PATH -PATH -PATH -PORT LineType=Dialup DialMode=ATdial ExDevType=Async OWNer=PPP The PATH service parameter TransferMode should not be changed from its default value of AUto.
WAN Protocols and Services Notes Dial Idle Timer 55 The dial idle timer is not accurate and it will take a client longer to idle out than is configured. For a 180 second dial idle time it takes approximately 8.5 minutes for the client to idle out if no traffic is ever sent.
synchronization, which causes packets to be dropped when the MLP port is enabled. SPID Wizard Detection Errors STP AutoMode Does Not Select the Right Mode Supported Modems If the two routers are connected to a single NT-1, SPID Wizard cannot detect the correct switch type and corresponding SPIDs. To work around the problem, disconnect one of the routers from the NT-1 before running SPID Wizard. Reconnect the router after SPID Wizard completes the detection process.
Routing Protocols and Services Notes CPU Utilization with XNS Protocol IPX to Non-IPX Configuration Error IPX Routing, Route Receive and Route Advertisement Policies 57 When the PathBuilder S5xx switch is configured for 2048 tunnels and XNS protocol, very high CPU utilization will occur. A mechanism does not exist to prevent adding a path from a non-IPX routing port to an IPX routing port.
checksums on the PIM headers only. Enterprise OS devices, when acting as RPs, are capable of accepting register checksums in both formats. In the scenario where Cisco IOS devices are the RPs and Enterprise OS devices act as sender designated routers (DRs), a super user command 'SU PIM RegCksum FullPayload' is required on the Enterprise OS devices.
Network Management System and Services Notes 59 http://www.microsoft.com/windows95/downloads/default.asp Capturing Commands to boot.cfg File When using Capture to save commands to the boot.cfg, the commands are not immediately written to the boot.cfg file. A system crash or reboot may occur at a time when commands that have been executed have not been written to the boot.cfg file causing these commands to be lost.
table and re-enable BootP on the port waiting for the IP address. BootP must be re-enabled before route update are received. Remote Access Default Change To increase network security, the default value for the NetAccess parameter in the SYS Service is set to NoRemote. This means that by default, no remote connection attempts will be accepted by the bridge/router. If you are accustomed to or want to use remote access, you must specifically set the value of the NetAccess parameter to Remote.
VPN Protocols and Services Notes 61 was unavailable. To determine the required version, refer to the online version of these release notes available on the 3Com website: http://infodeli.3com.com/infodeli/tools/bridrout/index.htm Microsoft MPPE Patches and Updates Microsoft has acknowledged performance problems with their original implementation of MPPE. You should use MSDUN1.2c or later for Windows 95 and apply Hot Fixes in article Q162230 for Windows NT.
Directory operation to reinitialize the directory in binary mode. See Chapter 2 of the Entrust/PKI 4.0 Administration Guide. PPTP Tunnel Security Validation ■ The following are guidelines for installing the Entrust/PKI 4.0 VPN Connector product: n The Entrust installation guide provides instructions for installing the Entrust/PKI 4.0 VPN Connector product. The installation guide specifies the exact system requirements.
Platform Notes 63 Platform Notes This section describes the supported PC flash memory cards, approved DRAM SIMMS, notes, cautions, and other considerations to be aware of when using the Enterprise OS software on the various NETBuilder bridge/router and PathBuilder platforms. The topics are presented in alphabetical order.
Supported PC Flash Memory Cards Table 18 lists 3Com-approved vendors of the PC flash memory card. The 20 MB flash memory card has a formatted capacity of 19.86 MB. For dual image and full dump capability, 3Com recommends using a 20 MB card used in the NETBuilder II bridge/router.