CENTRAL SITE REMOTE ACCESS SWITCH USER’S GUIDE Release 7.4 Cabletron Systems (603) 332-9400 phone (603) 337-3075 fax support@ctron.
USER’S GUIDE ! Only qualified personnel should perform installation procedures. CAUTION NOTICE You may post this document on a network server for public use as long as no modifications are made to the document. Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made.
TRADEMARKS Cabletron Systems, CyberSWITCH, MMAC-Plus, SmartSWITCH, SPECTRUM, and SecureFast Virtual Remote Access Manager are trademarks of Cabletron Systems, Inc. All other product names mentioned in this manual are trademarks or registered trademarks of their respective companies. COPYRIGHTS All of the code for this product is copyrighted by Cabletron Systems, Inc. © Copyright 1991-1997 Cabletron Systems, Inc. All rights reserved. Printed in the United States of America.
USER’S GUIDE WARNING: Changes or modifications made to this device which are not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. DOC NOTICE This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.
CONTENTS USING THIS GUIDE 25 Documentation Set 26 Guide Conventions 27 SYSTEM OVERVIEW 29 The CyberSWITCH 30 Unique System Features 31 Interoperability Overview 34 Interoperability Protocols 34 Interoperability Devices 35 Encryption Overview 36 Network Layer 36 Link Layer 36 Security Overview 37 Network Interface Overview 37 System Components 38 Remote ISDN Devices 39 Switches Supported 40 Hardware Overview 41 System Platforms 41 The CSX5500 42 Platform Description 42 Cleaning the CSX5500 Air Filter 43 Pl
USER’S GUIDE System Adapters 58 Ethernet Adapters 58 Ethernet-2 Adapter 58 Ethernet-1 Adapter 58 Hardware Characteristics 59 LAN Connection 59 Basic Rate Adapters 59 BRI-4 Basic Rate Adapter 59 BRI-1 Basic Rate Adapter 60 BRI Connection 60 Primary Rate Adapters 61 The PRI-8 61 The PRI-23 61 The PRI-23/30 62 PRI-8, PRI-23, and PRI-23/30 Connection 63 Expander Adapter 63 Hardware Characteristics 63 V.35 Adapter 64 Hardware Characteristics 64 V.
Hardware Installation 83 Overview 83 Pre-Installation Requirements 83 Selecting Slots for the Adapters 84 Adapter Settings 85 Adapter Interrupt and I/O Address Settings 86 WAN Adapters 86 DM-8 Adapter I/O Address Settings 86 DM-24 Adapter Interrupt and I/O Address Settings 87 DM-24+ and the DM-30+ Adapter Address Settings 88 Encryption Adapter Settings 89 MVIP Settings 89 Additional Adapter Settings 90 PRI-8 90 PRI-23 91 PRI-23/30 92 Inserting the Adapters into the CyberSWITCH 93 Connecting Adapter Inter-Bo
USER’S GUIDE BASIC CONFIGURATION 110 Configuration Tools 111 Overview 111 CFGEDIT 111 Executing CFGEDIT 112 Saving CFGEDIT Changes 112 Dynamic Management 112 Executing Dynamic Management 112 Utility Dynamic Management Commands 113 Saving Dynamic Management Changes 113 Using the Network Worksheets 114 Using the Configuration Chapters 114 Configuring Resources and Lines 115 Overview 115 Resources 115 Configuring Resources 115 Resource Configuration Elements 116 Resource Background Information 117 Lines 119
IP Network Interfaces 133 Configuring Interfaces 133 Network Interface Configuration Elements 135 IP Network Interface Background Information 140 IP RIP and the IP Network Interfaces 145 IP RIP over Dedicated Connections 148 IP Host Operating Mode and the IP Network Interfaces 150 Using Multiple IP Addresses 150 Static Routes 152 Configuring Static Routes 152 Static Route Configuration Elements 154 Static Route Background Information 156 Default Routes 157 Configuring Default Routes 157 Default Route Config
USER’S GUIDE Configuring System Options and Information 174 Overview 174 System Options 174 Configuring System Options 174 System Options Configuration Elements 175 System Options Background Information 177 System Information 178 Configuring System Information 178 System Information Configuration Elements 178 System Information Background Information 179 Administrative Session 179 Configuring Administrative Sessions 179 Administrative Session Configuration Elements 180 Administrative Session Background Inf
Configuring Off-node Server Information 207 Overview 207 Multiple Administration Login Names 207 CSM Authentication Server 208 Configuring CSM Authentication Server 208 CSM Authentication Server Configuration Elements 209 CSM Authentication Server Background Information 209 RADIUS Server 209 Configuring a RADIUS Authentication Server 209 RADIUS Authentication Server Configuration Elements 211 RADIUS Authentication Server Background Information 211 Configuring a RADIUS Accounting Server 212 RADIUS Accounting
USER’S GUIDE Configuring Encryption 231 Configuration 231 Configuring an Encryption adapter 231 Configuring Security Associations and Authentication (IP Security Only) 232 Configuring Link Layer Encryption (PPP Encryption Only) 233 Encryption Configuration Elements 234 Encryption Background Information 236 IP Network Layer Encryption 236 ESP Implementation 236 IP Encryption Example 237 Authentication Headers 237 Link Layer Encryption 238 Link Layer Encryption: Manually-Configured Keys 238 Automated Key Exc
Configuring Advanced Bridging 264 Overview 264 Bridge Dial Out 264 Configuring the Device List for Bridge Dial Out 265 Spanning Tree Protocol 266 Configuring Spanning Tree Protocol 266 Spanning Tree Protocol Configuration Elements 267 Spanning Tree Protocol Background Information 267 Bridge Mode of Operation 268 Configuring the Bridge Mode of Operation 268 Bridge Mode of Operation Configuration Elements 268 Bridge Mode of Operation Background Information 268 Unrestricted Bridge Mode 268 Restricted Bridge Mo
USER’S GUIDE IP Filters 291 Initiating the IP Filter Configuration 292 Configuring Packet Types 292 Configuring the Common IP Portion 293 Configuring TCP 294 Configuring UDP 294 Configuring ICMP 295 Configuring Forwarding Filters 296 Configuring Connection Filters 297 Configuring Exception Filter 298 Modifying the Final Condition for a Filter 299 Applying Filters 299 Applying Filters to Network Interfaces 299 Applying the Global Forwarding Filter 299 Applying per-device Forwarding Filters 299 IP Filters Co
IPX Network Interfaces 325 Configuring IPX Network Interfaces 325 IPX Network Interface Configuration Elements 327 General IPX Network Interface Configuration Elements 327 RIP IPX Network Interface Configuration Elements 327 SAP IPX Network Interface Configuration Elements 328 IPX Network Interface Background Information 329 IPX Routing Protocols 330 Configuring IPX Routing Protocols 330 IPX Routing Protocol Configuration Elements 330 IPX Routing Protocol Background Information 331 Routing/Service Tables 33
USER’S GUIDE Configuring SNMP 350 Overview 350 Configuring SNMP 350 SNMP Configuration Elements 352 SNMP Background Information 353 Using Cabletron NMS Systems 356 Configuring AppleTalk Routing 357 Overview 357 AppleTalk Routing Option 357 Enabling AppleTalk Routing 357 AppleTalk Routing Option Configuration Element 358 AppleTalk Routing Background Information 358 AppleTalk Ports 358 Configuring AppleTalk Ports 358 AppleTalk Ports Configuration Elements 359 AppleTalk Ports Background Information 360 The A
Call Restrictions 372 Configuring Call Restrictions 372 Call Restriction Configuration Elements 373 Call Restrictions Background Information 376 Bandwidth Reservation 376 Configuring Bandwidth Reservation 376 Bandwidth Reservation Configuration Elements 378 Bandwidth Reservation Background Information 379 Semipermanent Connections 379 Configuring Semipermanent Connections 379 Semipermanent Connections Configuration Elements 381 Semipermanent Connections Background Information 381 Interactions with Other Fea
USER’S GUIDE Default Line Protocol 399 Configuring Default Line Protocol 399 Default Line Protocol Configuration Elements 400 Default Line Protocol Background Information 400 Log Options 400 Configuring Log Options 400 Log Options Configuration Elements 401 Log Options Background Information 402 Local Log File Overview 402 Syslog Server Overview 402 System Messages 404 Authentication Messages 404 Call Detail Recording 404 Compression Options 410 Configuring Compression Options 410 Compression Options Confi
Alternate Accesses 429 Dedicated Connections 429 Frame Relay Connections 430 PPP Link Failure Detection 430 X.25 Connections 431 X.
USER’S GUIDE Modem Callback 470 Verifying a Semipermanent Connection 471 Proxy ARP 472 TROUBLESHOOTING 474 LCD Messages 475 Overview 475 LCD Message Groups 475 Initialization LCD Message 475 Normal Operation LCD Messages 475 Error LCD Messages 476 System Messages 480 Overview 480 Informational Messages 481 Initialization Messages 481 Normal Operation Messages 481 Spanning Tree Messages 481 Warning Messages 481 Error Messages 481 System Message Summary 482 Trace Messages 544 Overview 544 Call Trace Messa
TFTP 568 Installation and Configuration 568 Usage Instructions 569 Carbon Copy 570 Installation and Configuration 570 Changing CARBON COPY Configuration Parameters 570 CARBON COPY Configuration Parameters for Modem Usage 571 Usage Instructions 572 Establishing a Remote Administration Session 572 Terminating a Remote Administration Session 573 Running without Carbon Copy 574 Removing Carbon Copy 575 Null Modem Connection 575 Adding Carbon Copy 575 System Commands 576 Overview 576 Accessing Administration Se
USER’S GUIDE Telnet Commands 618 Terminal Commands 620 TFTP Commands 621 Trace Commands 622 UDP Commands 623 User Level Security Commands 623 WAN Commands 624 X.
RIP Statistics 651 RIP Global Statistics 651 RIP Interface Statistics 651 Serial Interface Statistics 652 SNMP Statistics 652 TCP Statistics 655 TFTP Statistics 656 Statistics for Server or Remote initiated TFTP Activity 656 Statistics for Local or Client Initiated TFTP Activity 656 Statistics for all TFTP Activity 657 UDP Statistics 658 WAN FR_IETF Statistics 658 WAN L1P Statistics 659 PRI S/T (T1/E1) Interface Statistics 659 Layer 1 PRI Error Statistics 659 Layer 1 General Statistics 660 WAN Statistics 66
USER’S GUIDE System Worksheets 683 Network Topology 684 System Details 685 Resources 685 Lines 685 Accesses 686 Device Information 687 Bridging and Routing Information 688 Bridging 688 IP Routing 688 IPX Routing 689 AppleTalk Routing 690 CFGEDIT Map 691 Overview 691 Main Menu 691 Physical Resources Menu 692 Options Menu 693 Security Menu 696 Getting Assistance 699 Reporting Problems 699 Contacting Cabletron Systems 699 Administrative Console Commands Table 701 Manage Mode Commands Table 708 Cause Codes
USING THIS GUIDE The User’s Guide is divided into the following parts: SYSTEM OVERVIEW We begin with an overview of bridging, routing, and specific CyberSWITCH features. Next, we provide an overview for both the system software and hardware. SYSTEM INSTALLATION In this segment of the User’s Guide we provide guidelines for ordering ISDN service in the US, and a step-by-step description of installing hardware and upgrading software.
USER’S GUIDE APPENDICES The User’s Guide provides the following appendices: NETWORK WORKSHEETS These worksheets are provided to help you gather pertinent information for configuring your system. We recommend that you print copies of these blank forms and fill in the appropriate information before you begin configuring your system. CFGEDIT MAP This map provides a guide through the Configuration Editor structure, and may be a helpful reference when configuring the CyberSWITCH using the CFGEDIT utility.
Guide Conventions The Quick Start provides abbreviated installation and configuration instructions for experienced users. Specific instructions for setting up various types of remote devices are also included. The RADIUS Authentication User’s Guide describes the setup of the RADIUS server software on a UNIX-based system. RADIUS (Remote Authentication Dial In User Service) provides multiple systems central database access for security authentication purposes.
USER’S GUIDE DOCUMENTATION TITLES All references to CyberSWITCH documentation titles will use the same font as normal text, but will be italicized.
SYSTEM OVERVIEW We include the following chapters in the System Overview segment of the User’s Guide. • The CyberSWITCH Provides the “big picture” view of a CyberSWITCH network. We include an overview of unique system features, interoperability, security, interfaces, system components, remote devices, and switches supported. • Hardware Overview A description of system platforms and adapters. • Software Overview A description of the CyberSWITCH’s system and administrative software.
THE CYBERSWITCH The CyberSWITCH family of products represents the latest in high-speed remote access hardware and software tools. These products allow customers to implement the connectivity solution ideally suited to the needs of their business - with support over a wide range of technologies covering both permanent and on-demand connections using ISDN, analog modem, Frame Relay, dedicated lines, and X.25.
THE CYBERSWITCH Unique System Features UNIQUE SYSTEM FEATURES The CyberSWITCH combines unique features that improve cost-effectiveness, reliability, and performance for wide area network connections to remote devices. These features include: • Bandwidth Agility The CyberSWITCH dynamically controls the bandwidth in use between itself and other PPP devices. This is accomplished by establishing and disconnecting calls. The number of calls is limited only by the types and number of lines available.
USER’S GUIDE • Data Encryption The CyberSWITCH encryption option provides data encryption through the Data Encryption Standard (DES) algorithm. DES provides data security for transmissions over the WAN between encryption devices. Options are available for encrypting communications over pointto-point, frame relay, or Internet-based WANs. For more information, refer to the Encryption Overview and IP Security discussions.
THE CYBERSWITCH Unique System Features • IP Security The CyberSWITCH encryption option implements Encapsulating Security Payload (ESP) protocol. ESP allows you to use CyberSWITCH nodes to implement a Secure Wide Area Network using the Internet as a backbone. ESP provides confidentiality of data transmissions using encryption to assure that packets intercepted during transit through the internet cannot be interpreted.
USER’S GUIDE • • • • • • • • • • User name and password Calling Line ID (CLID) Ethernet Address User Authentication Device Authentication Connection Services Manager (CSM) TACACS Client with Radius Server RADIUS Security Dynamic’s ACE/SecurID Server Support The CyberSWITCH supports both Authentication and Accounting Servers. Authentication Servers provide a central database for networks with more than one CyberSWITCH.
THE CYBERSWITCH Interoperability Overview • • • • Authentication Protocols Challenge Handshake Authentication Protocol (CHAP) Password Authentication Protocol (PAP) Network Control Protocols (NCP) Internet Protocol Control Protocol for TCP/IP (IPCP) Internetwork Packet Exchange Control Protocol for IPX (IPXCP) Bridge Control Protocol for bridges (BCP) Compression Control Protocol (CCP) AppleTalk Control Protocol (ATCP) The CyberSWITCH supports the following AppleTalk protocols: • EtherTalk Link Access
USER’S GUIDE ENCRYPTION OVERVIEW Cabletron’s encryption options provide two popular approaches for encrypting WAN communications, each with distinct advantages in certain applications. These options are: Network Layer Encryption and Link Layer Encryption. NETWORK LAYER Cabletron’s Network Layer Encryption is an IP Security-based form of encryption. IP Security (IPSec) can potentially reside in many devices within the network.
THE CYBERSWITCH Security Overview Link layer encryption is independent of any network layer protocols. Since PPP provides transport of IP, IPX, AppleTalk, and other protocols, link layer encryption based on ECP provides multiprotocol encryption by default. Devices implementing it can act as routers or bridges, as long as the underlying WAN protocol is PPP. To use link layer encryption, the connection between encrypting and decrypting devices must truly be point-to-point.
USER’S GUIDE • • • • • WAN IP Network Interface WAN (Direct Host) IP Network Interface WAN RLAN IP Network Interface WAN RLAN IPX Network Interface WAN (UnNumbered) Network Interface The variety of network interfaces allows the installation of a wide range of devices at remote sites. As illustrated below, you can simultaneously choose bridges, routers, or host devices based on the specific remote site requirements. 192.1.1.2 Host (or Router) 206.32.11.0 CyberSWITCH 206.32.11.1 100.1.1.
THE CYBERSWITCH Remote ISDN Devices More detailed descriptions of system software and hardware are included in the next two chapters. The following section describes remote ISDN devices. REMOTE ISDN DEVICES The CyberSWITCH provides a centralized concentrator function for remote ISDN devices.
USER’S GUIDE SWITCHES SUPPORTED Switch types supported by the CyberSWITCH’s basic rate and primary rate ISDN adapters: Type of Switch Basic Rate Primary Rate AT&T # 4ESS NA Yes AT&T # 5ESS Yes Yes AT&T Definity Yes Yes AT&T Legend Yes NA NET3 Yes NA NET5 NA Yes NT DMS 100 Yes Yes NT DMS 250 NA Yes NT DMS 500 NA Yes NT SL-100 Yes Yes NTT Yes Yes NI-1 Yes NA TS013 Yes NA TS014 NA Yes 1TR6 Yes Yes Switch support may vary from country to country.
HARDWARE OVERVIEW The product you have purchased is integrated on the following platforms: the CSX5500, CSX6000, and CSX7000. Through the use of adapters, these platforms support remote routing and bridging of local area networks using ISDN BRI or PRI services. Options also include V.35, RS232, encryption adapters, and Digital Modem connections. This chapter provides a description of system platforms and adapters.
USER’S GUIDE THE CSX5500 Door Latch & Lock Air Intake Grill Rack Mounting Plates 5500 TM Keyboard Connector (auxillary) Air Filter 3.5" Diskette Drive Reset Button 5500 HDD POWER RESET TM TM Power & Activity Indicators Power On/Off Diskette Drive Activity Indicator Diskette Release PLATFORM D ESCRIPTION The CSX5500 is a high capacity, central site communications platform. This platform is a LAN/ WAN bridge/router built to accommodate multiple WAN technologies.
HARDWARE OVERVIEW System Platforms The CSX5500 is a rack-mountable platform. The front panel has an air-intake grill, an auxiliary keyboard jack, and a peripheral access door, which may be latched. The activity indicators for power-on and disk activity, diskette drive, and control buttons are located behind the access door. The back of the chassis has mountings for a RS-232 serial port, and connectors for a keyboard and monitor. The chassis has eight ISA slots for LAN and WAN adapters.
USER’S GUIDE To clean the air filter: 1. Power down the system and disconnect the system’s power cord from the power source. 2. Open the door located on the right side of the front chassis. 3. Once the door is opened, you can slide the air filter out from the left side of the chassis. 4. Once removed, clean the filter by washing it in warm water and a mild detergent. Make sure it is completely dry before you place it back in the system. 5. Slide the filter back into place. 6.
HARDWARE OVERVIEW System Platforms CAUTION FOR DC-POWERED CSX5500S ! CAUTION • • • • • To reduce the risk of electrical shock or energy hazards: Connect to a reliably-grounded SELV source. Use branch circuit overcurrent protection rated at 15A only. Use 12 or 14 AWG conductors only. Incorporate a readily-accessible disconnect device in the field wiring that is suitably approved and rated. Install in a restricted access area in accordance with the NEC or the authority having jurisdiction.
USER’S GUIDE THE CSX6000 Z Slot 1 A M P Power Input Socket A M P Circuit Breakers Keyboard Connector PLATFORM D ESCRIPTION The CSX6000 is a high density, modular, central-site communications platform. It utilizes a built in CPU with 90 MHz Pentium processing. The CSX6000 is a rack-mountable platform. The front panel has the activity indicators for poweron and disk activity, an air-intake grill, and a peripheral access door, which may be latched or locked closed.
HARDWARE OVERVIEW System Platforms CLEANING THE CSX6000 AIR FILTER The CSX6000 has a removable air filter. This filter is provided to ensure system cleanliness and stability in dusty operating environments. The filter is located just behind the chassis’ front panel. For best performance (and as an alternative to replacement) regularly wash the filter in warm water and a mild detergent. Before removing the air filter for cleaning, read the following warning and caution notes.
USER’S GUIDE Environmental Characteristics Operating Temp: Operating Humidity: Operating Altitude: Non-operating Shock: Storage Temperature: 0° to 55° C (32° to 131° F) 5 to 95% non-condensing 3048 m maximum (10,000 ft maximum) 40 G, 11 ms 1/2 sine wave 0° to 70° C (32° to 158° F) Electrical AC Power Input Voltage: Voltage: Frequency: 90 - 120 V 180 - 265 V 47 - 63 Hz Current:5 A Current:4 A Regulatory Compliance Meets or exceeds the following: Safety: UL 1950, CSA C22.2 No.
HARDWARE OVERVIEW System Platforms THE CSX7000 7000 GROUP PWR ON OFF BC GROUP MULTIPORT BOARD MP SERIAL PORT MP BC RESET PWR SUPPLY 1 PWR SUPPLY 2 FANS DATA HIGHWAY SUBSYSTEM FAULT ENVIROMENTAL ALLERT AUDIBLE CLEAR LOCK BC TRANSMIT SUBSYSTEM DATA RECIEVE CARRIER DTR DSR RING RTS CTS LAN ATTATCHED DISK ACTIVITY ENABLED UNLOCK DISABLED VIDEO SELECT CONSOLE PLATFORM D ESCRIPTION The CSX7000 is designed for large, central sites and Internet Service Providers.
USER’S GUIDE Physical Characteristics Height: Width: Depth: Weight: 218 mm (8.60 in) 483 mm (19.0 in) 641 mm (25.25 in) 36 kg max. (80 lb. max.) Power Supply Specifications 350 Watt power supply; two versions with different input AC voltages: • Version 1 AC Input Voltage: 90 to 135 V AC Input Current: 7.5 A AC Input Frequency: 47 - 63 Hz • Version 2 AC Input Voltage: 180 to 264 V AC Input Current: 4.
HARDWARE OVERVIEW System Platforms THE NE 2000-II (A NETWORK EXPRESS PLATFORM) Front View 3.
USER’S GUIDE PLATFORM C HARACTERISTICS Physical Characteristics Height: Width: Depth: Weight: Environmental Characteristics Operating Temp: Operating Humidity: Operating Altitude: Non-operating Shock: Storage Temperature: Electrical AC Power Input Voltage: Voltage: Frequency: 107 mm (4.2 in) 437 mm (17.2 in) 411 mm (16.
HARDWARE OVERVIEW System Platforms THE NE 4000 (A NETWORK EXPRESS PLATFORM) Front View Power Indicator LCD Diagnostic Display 3.5" Diskette Drive Front Panel Lock Network Express Hard Disk Access Indicator Back View Reset Power On/Off Remote RS232 Port Ethernet-1 Adapter BRI-4 Adapters WARNING 1 A/C Power Keyboard In/Out Connector Video Connector 2 3 4 5 6 Board Slots 1-6 PLATFORM D ESCRIPTION The NE 4000 platform has six slots for adapters.
USER’S GUIDE Environmental Characteristics Operating Temp: Operating Humidity: Operating Altitude: Non-operating Shock: Storage Temperature: 10° to 35° C (50° to 95° F) 80% non-condensing 3,048 m maximum (10,000 ft maximum) 30 G, 11 ms, 1/2 sinewave -40° to 65° C (-40° to 149° F) Electrical AC Power Input Voltage: Voltage: Frequency: 100 - 120 V 200 - 240 V 47 - 63 Hz Current: 8 A Current: 5 A Regulatory Compliance Meets or exceeds the following: Meets or exceeds the following: Safety: UL 1950, CSA C2
HARDWARE OVERVIEW System Platforms THE NE 5000 PLATFORM (A NETWORK EXPRESS PLATFORM) Grill Light Door Network Express NE 5000 Chassis Handle Front Panel Door Open Door Chassis Latch & Lock Handle Disk Light LCD Display Power 3.5" Diskette Keyboard Lock Drive Reset PLATFORM D ESCRIPTION The NE 5000 is a rack-mountable platform which provides eight slots for adapters.
USER’S GUIDE Remote RS-232 Port Back Panel 1 A/C Power In/Out Keyboard Connector VGA Port 2 BRI-4 Adapter 3 4 5 Slots for Adapters 6 7 8 Ethernet-2 Adapters CLEANING THE NE 5000 AIR FILTER The NE 5000 has a removable air filter. This filter is provided to ensure system cleanliness and stability in dusty operating environments. The filter is located just behind the chassis’ front panel.
HARDWARE OVERVIEW System Platforms 6. Insert the clean and dry air filter back into its slot behind the chassis front. Tilt the filter forward into place until it is flush against the chassis front panel. 7. Reinstall the two retaining screws along the top lip of the chassis. 8. Replace the system’s top cover. 9. Reconnect the power cord and power up the system. PLATFORM C HARACTERISTICS Physical Characteristics Height: Width: Depth: Weight: 178 mm (7.0 in) 432 mm (17.0 in) 452 mm (17.
USER’S GUIDE SYSTEM ADAPTERS This section describes the following adapters which are supported by Central Site CyberSWITCH platforms: • Ethernet • Basic Rate • Primary Rate • Expander • V.35 • RS232 • Digital Modem • Encryption For adapter illustrations, refer to the System Adapters Appendix. For required adapter settings, refer to the Hardware Installation chapter. ETHERNET ADAPTERS ETHERNET-2 ADAPTER The Ethernet-2 adapter was formerly known as the Ethernet adapter.
HARDWARE OVERVIEW System Adapters The Ethernet-1 incorporates an Intel i960 RISC processor executing at 16Mhz. When coupled with the integrated, high-performance Ethernet controller, the adapter can operate at the maximum speed of the LAN (10Mbps). This is equivalent to a packet rate of 14,800 packets per second (pps). The adapter has 2MB of DRAM, which allows it to execute sophisticated filtering and forwarding functions. The adapter maintains a large table of over 1000 entries for local MAC addresses.
USER’S GUIDE Hardware Characteristics Processor: Speed: Number of Ports: Connector: Interface: MTBF: MTTR: Intel 80C186 16 Mhz 4 RJ-45 Point-to-Point, Point-Multipoint for single device 75000hours 0.25hour BRI-1 BASIC RATE ADAPTER The BRI-1 provides a single basic rate port with a standard S/T interface for attachment to an ISDN basic rate line. This adapter can take advantage of such services as NTT’s INS-64, BOC’s Centrex ISDN Basic Rate and PBX’s basic rate lines.
HARDWARE OVERVIEW System Adapters PRIMARY RATE ADAPTERS Primary Rate is a communications service that provides up to 23 B channels for data and a 64Kbps signaling D channel (for North America and Japan), or up to 30 B channels for data and a 64 Kbps signaling D channel. The system uses the B channels for switched connections to carry device data. The CyberSWITCH supports the following Primary Rate adapters: • PRI-8 • PRI-23 • PRI-23/30 These adapters are described in the following discussion.
USER’S GUIDE The PRI-23 adapter is fully compatible with our other WAN adapters and the digital modem. It has both a TDM and an MVIP bus connector to accommodate connection to these adapters. Note: The PRI-23 adapter was formerly called PRI-23/30 in releases prior to 7.0. In release 7.0 and beyond, the name PRI-23 refers to the adapter which supports up to 23 T1 channels only. The name PRI-23/30 refers to the adapter which supports up to 23 T1 channels or 30 E1 channels.
HARDWARE OVERVIEW System Adapters Hardware Characteristics Processor: Speed: Number of Ports: Connector: Interface: Intel 80C186 16 Mhz 1 RJ-45 Point-to-Point PRI-8, PRI-23, AND PRI-23/30 CONNECTION The Primary Rate adapters use four wire S/T ISDN interface. Each primary rate line will connect to a RJ-45 connector at the back of the system. Refer to the following chart for pin and signal assignments.
USER’S GUIDE V.35 ADAPTER The V.35 adapter provides two V.35 ports. The card contains two female DB26 connectors. A V.35 adapter cable converts the DB26 connection to a standard V.35 connection. You can configure each port for DTE (external clocking) or DCE (internal clocking), and each port supports data rates from 56 Kbps to 2,048 Kbps. The V.35 supports network side connections, providing dedicated connections to other systems.
HARDWARE OVERVIEW System Adapters Pin and Signal Assignments for the V.35 Connection V.35 Pin Signal Function V.
USER’S GUIDE HARDWARE CHARACTERISTICS Number of Ports: Connectors: Interface: MTBF: MTTR: 4 (using RS232 adapter cable) DB26 RS232 DTE/DCE (using RS232 adapter cable) 75000hours 0.25hour RS232 CONNECTION The RS232 interface is provided by an adapter cable which converts the DB26 connection on a RS232 adapter to two standard 25-pin RS232 connections. Each port on a RS232 adapter has software configurable for DTE (external clocking) or DCE (internal clocking).
HARDWARE OVERVIEW System Adapters DIGITAL MODEMS The CyberSWITCH supports the DM-8, DM-24, DM-24+ and DM-30+ Digital Modem adapters. These adapters allow the CyberSWITCH to receive calls from asynchronous PPP remote devices connected by modem. They also provide a vehicle for remote analog console access. Available Digital Modem adapters include the following type and quantity of modems on a single adapter card: DM-8 eight V-34+ (33.6 Kbps) modems DM-24 twenty-four V-34+ (33.
USER’S GUIDE THE DM-8 Hardware Characteristics Processor: Speed: Number of Ports: Connector: MTBF: MTTR: LSI LOGIC - LR33000RISC 25 Mhz 8 MVIP 100,000 hours 0.25 hours THE DM-24 The DM-24 adapter consists of a mother board/daughter board combination. The userconfigurable switches on the adapter are located on the back side of the mother board. Note: “ON” and dip switch numbering (“1”,”2”, etc.
HARDWARE OVERVIEW System Adapters ENCRYPTION ADAPTER The CyberSWITCH supports the DES/RSA Encryption adapter. This adapter is available in the United States and Canada only. The DES/RSA adapter includes a high-speed encryption processor that provides data encryption capabilities to the CyberSWITCH. This processor has been implemented in a hardware LSI chip and designed into an ISA bus board and a PCMCIA card.
SOFTWARE OVERVIEW OVERVIEW The system software fits into one of three categories: • system software for the System, adapter modules and administration functions • administration software that provides configuration, diagnostics and maintenance on the CyberSWITCH • system files containing configuration and operational information This chapter provides an overview for each of the above software categories. SYSTEM SOFTWARE Included with each CyberSWITCH is a set of 3.
SOFTWARE OVERVIEW System Files SYSTEM FILES The system files consist of the required configuration files, as well as the operational files that the CyberSWITCH maintains. All of these files may be accessed by using available administrative commands. (Refer to the System Commands chapter for details.) Below is a brief description of the configuration and operational files. CONFIGURATION FILES The configuration files store the configuration data. These files are located in the system’s \config directory.
USER’S GUIDE atalk.nei This file contains configuration information used when AppleTalk Routing is enabled. This file also contains information regarding ports and static routes. Information from this file is configured and used only when the AppleTalk routing is enabled. platform.nei This is a text file that contains a list of platform names and the currently selected platform. Each line in the file contains an ASCII string representing a platform name and a corresponding integer value.
SOFTWARE OVERVIEW System Files USER LEVEL SECURITY FILES As administrator, you may create a welcome banner file as well as a message-of-the-day file to display at login with user level security. Neither file should exceed the limits of 80 characters in width and 21 lines in length, and must reside in the \config directory. The creation of these files is optional; if you choose to use them, create the files, and TFTP them to the CyberSWITCH. welcome.
SYSTEM INSTALLATION We include the following chapters in this segment of the User’s Guide: • Ordering ISDN Service Provides guidelines for ordering ISDN service in the United States. • Hardware Installation Step-by-step instructions for installing hardware components. • Accessing the CyberSWITCH Provides a description of the possible ways to access the CyberSWITCH (for diagnostic purposes or for software upgrades). • Upgrading System Software A description of the software upgrade process.
ORDERING ISDN SERVICE (US ONLY) OVERVIEW This chapter was designed to be a guideline for ordering ISDN service in the United States. For BRI ISDN Service: If you are using NI-1 lines, try using EZ-ISDN Codes to order BRI service. If your service provider does not support EZ-ISDN Codes, try using the NI-1 ISDN Ordering Codes. If your service providers does not support either types of codes, or, if you are using a non-NI-1 line, refer to Ordering BRI ISDN Lines using Provisioning Information.
USER’S GUIDE If the AT&T 5ESS switch type is available, the ISDN services available will be one of the following: • NI-1 • Custom Point-to-Point If Northern Telecom DMS-100 switch type is available, the ISDN services available will be one of the following: • NI-1 • DMS-100 Custom 3. Refer to section in this document that applies to your service type. 4. Order your ISDN service. If available, ask for two telephone numbers and two SPIDs for your ISDN line. 5.
ORDERING ISDN SERVICE (US ONLY) Ordering BRI ISDN Lines using Provisioning Settings AT&T 5ESS NI-1 SERVICE Note that some of the elements below are set per directory number. With NI-1 Service, you will typically have two directory numbers.
USER’S GUIDE AT&T 5ESS CUSTOM POINT-TO-POINT SERVICE Note that some of the elements below are set per directory number. With Custom Point-to-Point Service, you will have two directory numbers.
ORDERING ISDN SERVICE (US ONLY) Ordering BRI ISDN Lines using Provisioning Settings NORTHERN TELECOM DMS100 NI-1 SERVICE Note that you must set either EKTS or ACO to yes. You may not set both of them to yes.
USER’S GUIDE NORTHERN TELECOM DMS100 C USTOM SERVICE Note that you must set either EKTS or ACO to yes. You may not set both of them to yes.
ORDERING ISDN SERVICE (US ONLY) Ordering BRI ISDN Lines using Provisioning Settings is ordered, the customer may be asked for the FCC registration number for the type of CSU that is being used. The CSU should support ESF framing and B8ZS line encoding. RJ-45 Adapter Local or InterExchange Carrier 4 Wire CSX5500 T1 Line US Only CSU The cabling between the CSU and the CyberSWITCH is very important, and is also where most problems occur.
USER’S GUIDE 3. What type of switch is the line connected to? 4. For # 4ESS, what release of software is running on the switch? When the phone company installs the line, they assign it certain characteristics (sometimes called translations). These are different depending on the type of ISDN switch to which the line is attached. The customer must know what type of switch is being used. The following table provides correct settings for important configuration options.
HARDWARE INSTALLATION OVERVIEW This chapter provides a description of the hardware installation process. It includes: • pre-installation requirements • selecting slots for adapters • setting switches • inserting adapters into backplane • connecting inter-board cables Your distributor may have already completed this adapter installation. If not, follow this chapter’s specific instructions. ! Only qualified personnel should install adapters into the CyberSWITCH.
USER’S GUIDE • Verify administration console requirements You will need an administration console to install your system. (We do not provide this.) The system supports two administration console options: a local administration console in which a keyboard and monitor are directly connected to the system, or a remote administration console in which an IBM Compatible PC is remotely connected to the system. Refer to Accessing the CyberSWITCH for more details.
HARDWARE INSTALLATION Adapter Settings 2. c. If you are installing WAN adapters and an Encryption adapter: Select slots for all WAN adapters as described in step a, then select the next available slot for the Encryption adapter. d. If you are installing WAN and DM adapters, and an Encryption adapter: Select slots for all WAN and DM adapters as described in step b, then select the next available slot for the Encryption adapter.
USER’S GUIDE ADAPTER INTERRUPT AND I/O ADDRESS SETTINGS WAN ADAPTERS The WAN adapters (except for the RS-232 and V.35) use jumpers to set the interrupt and switches to set the I/O address. The following chart contains the WAN adapter’s interrupt jumper and I/O address switch settings required for each configured slot number.
HARDWARE INSTALLATION Adapter Settings first DM-8 installed, 388 for the second, 390 for the third, and 398 for the fourth. Refer to the System Adapter Appendix for jumper locations; refer to the following chart for the required jumper settings.
USER’S GUIDE DM-24+ AND THE DM-30+ ADAPTER ADDRESS SETTINGS The DM-24+ and the DM-30+ adapters both use switches to set the interrupt, I/O address, and MVIP clock termination. Switch blocks SW1 and SW3 determine I/O address, SW2 and SW4 determine interrupts, and SW5 determines MVIP clock termination. Note: Refer to the System Adapter Appendix for switch locations. Configure a DM-24+ or a DM-30+ only in slots 2, 4, and/or 6. Switch settings will differ depending upon the slot you wish to configure.
HARDWARE INSTALLATION Adapter Settings ENCRYPTION ADAPTER SETTINGS DES/RSA Adapter The DES/RSA adapter is available in the United States and Canada only. The adapter has a set of eight dip switches in a switch block labelled SW1.
USER’S GUIDE ADDITIONAL ADAPTER SETTINGS On certain adapters, there are specific jumper settings which are independent of slot configuration. These adapters include the: • PRI-8 • PRI-23 • PRI-23/30 Refer to the System Adapters Appendix for the locations of various jumpers. PRI-8 Line Type Settings In addition to the interrupt jumper and I/O address settings, the PRI-8 has settings specific to the PRI line type in use. Refer to the following table for correct settings.
HARDWARE INSTALLATION Adapter Settings PRI-23 Clock Settings In addition to the interrupt jumper and I/O address settings, the PRI-23 requires clock settings (JP4 through JP7). Refer to the following table for the correct settings. Place the jumper on the pins identified to enable the function.
USER’S GUIDE PRI-23/30 In addition to the interrupt jumper and I/O address settings, the PRI-23/30 requires settings for: • channel selection (T1 or E1) • MVIP bus termination • Robbed Bit Signaling (RBS) • E1/R2 signaling Refer to the following chart for correct settings. Place the jumper on the pins identified to enable the function, unless specified otherwise.
HARDWARE INSTALLATION Inserting the Adapters into the CyberSWITCH INSERTING THE ADAPTERS INTO THE CYBERSWITCH Now that you’ve selected the slots and set all switches and jumpers, insert the cards in this way: 1. Remove any existing board hold-down bars/brackets to obtain clear access to the backplane ISA bus connectors. 2. Remove the adapter hold-down screw located on the bracket of the appropriate slot, and remove the bracket. This screw will be needed later to secure the adapter once in place. 3.
USER’S GUIDE CONNECTING ADAPTER INTER-BOARD CABLES There are three possible cables used to connect adapters: flat, crossover, and LCD. Flat cables connect adapters with like connectors, and crossover cables connect the flat cables of adapters with differing connectors. LCD cables apply to former Network Express products (NE2000-II, 4000, 5000) only. These cables connect the system’s liquid crystal display (LCD) to the WAN adapter group.
HARDWARE INSTALLATION Connecting Adapter Inter-Board Cables If you have PRI-23/30 cards: Use an MVIP bus connection between cards whenever possible to achieve the best results. This applies to both: • multiple PRI-23/30 configurations • PRI-23/30 cards in combination with DM cards If you have only PRI-23 cards: Use a TDM bus between WAN cards and an MVIP bus to connect to the DM. (I.e., connect all TDM connectors to other TDM connectors, and all MVIP connectors to other MVIP connectors within the system.
USER’S GUIDE The following graphic illustrates a crossover cable application. The adapter with the TDM connector can be one of the following: BRI-4, PRI-8 or Expander. Pin 40 TDM Connector Pin1 Pin 40 Pin 1 MVIP Connector Pin 1 Pin 1 (arrow on underside) Digital Modem Adapter BRI Adapter Front Panel For crossover cable applications, make absolutely sure that pin 1 (on all six connectors) is aligned so that it is closest to the front panel.
HARDWARE INSTALLATION Connecting Adapter Inter-Board Cables CAUTION: Failure to line up triangles on LCD cable and WAN adapter’s “1” label may result in damage to the LCD. SUMMARY OF GUIDELINES CABLING GUIDELINES Now that you have attached all the inter-board cables, refer to the connector-type table and verify that: 1. On BRI-4, PRI-8, PRI-23 and Expander adapters, all TDM bus connectors are connected by a flat bus cable. 2.
ACCESSING THE CYBERSWITCH OVERVIEW This chapter describes accessing your CyberSWITCH, which includes: • making proper connections • establishing an administration session • accessing Release Notes MAKING CONNECTIONS There are a number of ways to make a connection to the system, which include: • direct connection using a keyboard and monitor • null-modem connection using a null-modem cable and a PC with Carbon Copy • remote connection using Telnet • remote connection using a modem, a remote PC, and one of
ACCESSING THE CYBERSWITCH Making Connections 6. Turn on the CyberSWITCH by pressing the POWER-ON button. 7. Turn on the monitor. 8. After a few seconds, power-on initialization will begin. Proceed to Establishing an Administrative Session. NULL-MODEM CONNECTION TO A PC If you wish to use an IBM-compatible PC to locally administer your system, you will need to establish a null-modem connection between PC and CyberSWITCH.
USER’S GUIDE 4. Ensure that the administration console is properly connected to the administration port on the CyberSWITCH. 5. Plug the power cord into a grounded electrical outlet. 6. Power on the CyberSWITCH by pressing the POWER-ON button. 7. Power on the administration console PC. After a few seconds, power-on initialization will begin. Initiating a Connection: 1. Execute Carbon Copy’s cchelp program which invokes Carbon Copy for guest operation. 2.
ACCESSING THE CYBERSWITCH Making Connections After you make a Telnet connection, you will be presented with a login prompt. Proceed to Establishing an Administrative Session. For more information on Telnet, refer to the Remote Management chapter. REMOTE CONNECTIONS (MODEM TO MODEM) To make modem-to-modem connections, you will need a remote PC and one of the following: a. Carbon Copy software (analog modem to analog modem connection) b.
USER’S GUIDE Initiating a Call: 1. Execute Carbon Copy’s cchelp program which invokes Carbon Copy for guest operation. 2. Select Call CC Device from displayed menu. 3. Supply the telephone number to the modem connected to the CyberSWITCH. Press . 4. Supply password when prompted. The CyberSWITCH recognizes the default password of CC. (You may change this password through ccinstal if you so choose). 5. Upon successful connection, Carbon Copy will present you with a login prompt.
ACCESSING THE CYBERSWITCH Establishing an Administration Session ESTABLISHING AN ADMINISTRATION SESSION If a login prompt is displayed after the power-on initialization, the system software was preinstalled. Complete the login: 1. The login controls which class of commands the user can access. Each access level (guest or administrator) is protected by a unique login password. This allows managers to assign different responsibility levels to their system users.
USER’S GUIDE ACCESSING THE RELEASE NOTES The Release Notes provide release highlights and important information related to this release that should be reviewed before you begin the system’s installation and configuration. Access these notes via your Web browser: http://www.cabletron.com/support/relnotes. In addition, an abbreviated form of the release notes are in a file called REL_NOTE.TXT.
UPGRADING SYSTEM SOFTWARE OVERVIEW This chapter describes how to install system software onto the CyberSWITCH. Instructions are included for the following actions: • installing system software • upgrading system software • accessing Release Notes The following sections provide instructions to help you complete each of these actions. INSTALLING SOFTWARE There is a possibility that your distributor has already completed software installation.
USER’S GUIDE machine being installed. If you cannot determine the platform being used, temporarily configure the platform type as “CSX Series,” then call Technical Support to help you identify the platform type. If one of the following messages is displayed: Couldn’t open the file C:\SYSTEM\PLATFORM.NEI Error reading C:\SYSTEM\PLATFORM.
UPGRADING SYSTEM SOFTWARE Upgrading System Software UPGRADING SYSTEM SOFTWARE LOCAL UPGRADE The system upgrade package consists of a set of 3.5" diskettes that contain the necessary upgrade software. These upgrade diskettes may be used on more than one CyberSWITCH. Once a system is upgraded, you may then upgrade any Manager diskettes purchased for the upgraded system. Notes: If you have an older platform, there is a possibility that the new features we have added may use up the available memory.
USER’S GUIDE Error reading platform type: type was not converted to an int Error reading platform type: there is no “plat name” field The diskettes you have are corrupted. Call your distributor or Technical Support for a new set of diskettes. 5. Follow the on screen prompts for inserting diskettes # 2, # 3, and # 4. 6. If you wish to upgrade the Manager at this time: a. issue the quit command to terminate the system software b. insert the Manager diskette c.
UPGRADING SYSTEM SOFTWARE Accessing the Release Notes • • 3. • TFTP feature is enabled • TFTP server is enabled • TFTP server is assigned ADMIN file access rights Using the MANAGE MODE command fileattr, verify that: • ADMIN has READ/WRITE access to CONFIG files • ADMIN has READ/WRITE access to OTHER files Exit MANAGE MODE by typing exit . If you are upgrading to Release 7.2 software, perform the following: • Using the TFTP client on the remote workstation, TFTP PKUNZIP.
BASIC CONFIGURATION We define basic configuration as the configuration needed by most users. Basic configuration will get your system up and running. Note that not all configuration steps in this part are required. For example, if you are only using bridging, you will have no need to complete the configuration steps included in Configuring Basic IP Routing.
CONFIGURATION TOOLS OVERVIEW We provide the following configuration tools to set up and/or alter your configuration: • CFGEDIT, the configuration utility • Manage Mode, the dynamic management utility CFGEDIT is the comprehensive utility you use to initially set up your system; you may use it later to make configuration changes as well. However, CFGEDIT is NOT dynamic. This means you will have to interrupt normal system operations in order to update configuration files.
USER’S GUIDE EXECUTING CFGEDIT After the system software has been loaded, you can start CFGEDIT by entering the following command at the system prompt as shown below: [product name]> cfgedit As long as there is no other “change” session active (CFGEDIT or Manage Mode), access is granted, and the following menu is displayed: Main Menu: 1) 2) 3) 4) Physical Resources Options Security Save Changes Select function from above or to exit: From this screen you will begin the configuration process.
CONFIGURATION TOOLS Dynamic Management Before using Dynamic Management commands, you must first enter the special Manage Mode by typing the following command at the system prompt: >manage Once Manage Mode is entered, the prompt changes from [system name]> to [system name]: MANAGE>. While operating in Manage Mode, only Dynamic Management commands are available. All other system commands are ignored until you exit Manage Mode.
USER’S GUIDE USING THE NETWORK WORKSHEETS Please take the time to fill out the requirements worksheets located in System Worksheets. The requirements worksheets are: • Network Topology Worksheet • System Details Worksheet • System Device List Worksheet(s) • Bridging/Routing Worksheets These worksheets will be helpful in configuring and managing your system. They capture important network information. To see examples of completed worksheets, refer to the Example Networks Guide.
CONFIGURING RESOURCES AND LINES OVERVIEW This chapter describes the configuration of physical resources, lines and subaddresses. Resources refer to the hardware adapters that plug into the CyberSWITCH. For example, a WAN resource is the physical component (i.e., interface) for the attachment of lines (or connections) to your system. Lines are communication facilities from the carriers. These lines directly attach to your system.
USER’S GUIDE 4. For BRI and PRI resource types: select the proper BRI/PRI switch type for the lines you will be using. The table in the Overview identifies which switch types are available; your carrier will identify which particular switch is used in your area. If you select the NET3 or NET5 international switch, you will be prompted for the region of operation: 1) 2) 3) 4) 5) 6) DEFAULT AFRICA AMERICAS ASIA EUROPEAN PACIFIC-RIM Region from above [default = 1]: Select the appropriate region.
CONFIGURING RESOURCES AND LINES Resources REGION For NET3 and NET5 switchtypes. When configuring switches, first identify the region of operation, and then the country. COUNTRY For the NET3 and NET5 switchtypes. The country in which the system is operating. GENERIC NUMBER For PRI_4ESS primary rate switch type only. The software load (generic # ) the switch is running. SYNCHRONIZATION TYPE For Primary adapters only.
USER’S GUIDE • • 1TR6 TS0-14 The expander resource provides additional connections to the PRI resource. It supports eight additional connections. The V.35 resource provides two standard V.35 connections when used with the V.35 adapter cable. The RS232 resource provides four standard RS232 connections when used with the RS232 adapter cable. The ethernet-2 resource provides direct support for two standard AUI LAN connections.
CONFIGURING RESOURCES AND LINES Lines a three card maximum for DM-24s or DM-30s. These cards may also be combined (for example, a DM-8 along with two DM-24s), as long as you adhere to the lower card maximum per system. LINES CONFIGURING LINES Note: There is a preconfigured serial line named ASYNDMPORT to parallel the preconfigured serial resource (COMMPORT). You may not delete this line; however, you may change the line’s values (including the default mode of operation).
USER’S GUIDE 3. Select following line characteristics: • framing type • line coding type • T1 signaling method If you are unsure of your line's characteristics, try the following defaults: Characteristic PRI/T1 lines E1 line Framing type ESF Multiframe CRC Line coding type B8ZS N/A Signaling Method Common_Channel N/A 4. Select the correct T1 line build out value (US only). If you are using an external CSU, specify a short haul build out (line length in meters).
CONFIGURING RESOURCES AND LINES Lines care that the idle character is set to a value that the receiving device will understand. For example, CISCO devices require the flag data line idle character. CONFIGURING C HANGES FOR A COMMPORT R ESOURCE 1. 2. 3. Select Change from the Data Lines menu of Physical Resources. Select ASYNCDMPORT. You will be prompted to accept the default or provide new information for the following: a. baud rate b. data bits c. stop bits d. parity value e. flow control type f.
USER’S GUIDE datalink delete Deletes an existing data link. LINE CONFIGURATION ELEMENTS LINE NAME A 1 to 16 user-defined character string (using all non-blank characters) that identifies the line. Each line must have a unique name. LINE SLOT The slot number assigned to the resource that will terminate this line. LINE PORT The port number of the resource that will terminate this line. LINE INTERFACE TYPE For basic rate lines only. Choice of point-to-point or point-multipoint.
CONFIGURING RESOURCES AND LINES Lines NI-1 and DMS100 switch types, contact your Service Provider for the number of data links required. The table below summarizes the number of data links and SPIDs that are required for each switch type. Switch Type Number of Data Links Number of SPIDs Number of Directory Numbers DMS100 custom 2 2 2 NI-1 1 or 2 1 or 2 1 or 2 all other 1 0 0 When adding a data link for BRI lines, designate whether to use Automatic TEI Negotiation.
USER’S GUIDE The SPID format for Northern Telecom DMS-100 NI-1 Service is: aaannnnnnnss where aaa is the 3 digit area code of the BRI line nnnnnnn is the 7 digit phone number of the BRI line ss is the SPID suffix (optional, 01 can be used for one number, 02 for the other) The SPID format for Northern Telecom DMS-100 Custom Service is: aaannnnnnnsstt where aaa is the 3 digit area code of the BRI line nnnnnnn is the 7 digit phone number of the BRI line ss is the SPID suffix (optional, 01 can be used for one
CONFIGURING RESOURCES AND LINES Lines LINE ENCODING For Primary Rate lines only. Line encoding specifies the nature of the signals that are used to represent binary one and zero at the physical layer. Two encoding methods are Alternate Mark Inversion (AMI) and Bipolar 8 Zero Substitution (B8ZS). AMI as the encoding scheme implies that the applications using the transmission line must guarantee a certain number of 1s in the signal to help prevent a loss of synchronization in the network.
USER’S GUIDE decibel value of 0.0 (meaning no attenuation). If the distance is much closer (for example, 1000 ft.), the decibel value may be -15.0 (i.e., the signal is strong enough that it needs a certain amount of attenuation). LINE TYPE For V.35 and RS232 lines only. This parameter differentiates the network connections from connections to local computing devices. The network line type should be specified for lines that will be used by a Dedicated, Frame Relay, or X.25 Access.
CONFIGURING RESOURCES AND LINES Subaddresses R2 SIGNALING R2 Signaling is a particular framing type commonly found in Korea and other locations outside of North America. With 7.3 software, this feature will be available for Korean markets only. This feature allows the CyberSWITCH to accept incoming calls and create outgoing calls over E1 lines provisioned for R2 signaling. The CyberSWITCH treats the R2 user or device just as it would a digital modem user.
CONFIGURING BASIC BRIDGING OVERVIEW This chapter provides information for configuring basic bridging features. Basic bridging configuration includes: • enabling/disabling bridging A separate chapter, Configuring Advanced Bridging, provides information for configuring advanced bridging features. Advanced bridging features include: • bridge dial out • Spanning Tree Protocol • mode of operation • bridging filters • known connect lists MAC LAYER BRIDGING OPTION ENABLING/DISABLING BRIDGING USING CFGEDIT 1.
CONFIGURING BASIC BRIDGING MAC Layer Bridging Option MAC LAYER BRIDGING BACKGROUND INFORMATION You are given the option of either enabling or disabling the MAC layer bridging feature. When bridging is enabled, the system bridges data packets to the proper destination, regardless of the network protocols being used. The default configuration is bridging enabled. Note: If the bridge and the IP options are both enabled, the system will act as a “brouter.
CONFIGURING BASIC IP ROUTING OVERVIEW This chapter provides information for configuring basic IP routing features. Basic IP routing configuration includes: • enabling/disabling the Internet Protocol (IP) When you enable this option, the system operates as an IP Router. If you also enable bridging, it will route IP packets and bridge all other packet types. • configuring the IP operating mode The operating mode may be either host or router. The router operating mode is the default.
CONFIGURING BASIC IP ROUTING IP Operating Mode IP Configuration Menu: 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) 12) IP Routing (Enable/Disable) IP Operating Mode IP Interfaces Static Routes RIP (Enable/Disable) IP Static ARP Table Entries.
USER’S GUIDE IP Configuration Menu: 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) 12) IP Routing (Enable/Disable) IP Operating Mode IP Interfaces Static Routes RIP (Enable/Disable) IP Static ARP Table Entries Isolated Mode (Enable/Disable) Static Route Lookup via RADIUS (Enable/Disable) IP Address Pool IP Filter Information DHCP Security Associations Select function from above or for previous menu: b.
CONFIGURING BASIC IP ROUTING IP Network Interfaces internally, while all other traffic is bridged. With IP host mode, AppleTALK and/or IPX routing may also be enabled. Off-node authentication servers are available when IP is enabled regardless of the operating mode. With IP host mode, all traffic is considered bridge traffic, so no IP-specific off-node server lookups are performed.
USER’S GUIDE l. IP RIP receive control m. IP RIP v2 authentication control n. IP RIP v2 authentication key (required only if the IP RIP v2 authentication control has been configured with a value other than “No Authentication” Note: 3. With the Secondary IP Addressing feature, you may add more than one LAN network interface. Upon adding a second LAN interface, you must provide a unique interface name and address.
CONFIGURING BASIC IP ROUTING IP Network Interfaces If IP RIP is enabled, enter the following additional information: h. i. j. k. l. IP RIP send control IP RIP respond control IP RIP receive control IP RIP v2 authentication control IP RIP v2 authentication key (required only if the IP RIP v2 authentication control has been configured with a value other than “No Authentication” 6. For a WAN IP UnNumbered network interface enter the following information: a. MTU size 7.
USER’S GUIDE SUBNET MASK The Subnet Mask value (the number of significant bits for the subnet mask) associated with the IP address specified for this interface. The Subnet mask is specified by entering the number of contiguous bits that are set for the mask. The mask bits start at the most significant bit of the IP address field and proceed to the least significant bit. Subnet Mask applies to LAN, WAN, and WAN RLAN type interfaces only.
CONFIGURING BASIC IP ROUTING IP Network Interfaces entered for the interface. For example, if the IP address of the interface is 199.120.211.98, the portion of the menu displaying the available transmit broadcast addresses would appear as: Transmit Broadcast Address: 1) 199.120.211.255 2) 199.120.211.0 3) 255.255.255.255 4) 0.0.0.0 5) Specify Explicitly Enter Transmit Broadcast Address [default = 1]? 1 In almost all cases, the default transmit address is used (1).
USER’S GUIDE IP RIP SEND CONTROL If IP RIP is enabled for a specific interface (LAN, WAN RLAN, and/or numbered WAN interfaces), an IP RIP send control must be selected. This element controls how IP RIP update messages are sent on an IP RIP interface. There is a different default value depending on the type of interface configured. The default value is automatically preconfigured when IP RIP is enabled. The following tables provide the possible options for IP RIP send control.
CONFIGURING BASIC IP ROUTING IP Network Interfaces The following table provides the possible choices for IP RIP respond control. Switch Meaning Do Not Respond This switch indicates responding to no IP RIP requests at all. IP RIP v1 Only This switch indicates responding only to IP RIP requests compliant with RFC 1058. IP RIP v2 Only This switch indicates responding only to IP RIP v2 requests compliant with RFC 1723.
USER’S GUIDE The following table provides the possible choices for IP RIP v2 authentication control Type Meaning No Authentication * This control type indicates that IP RIP v1 and unauthenticated IP RIP v2 messages are accepted. Simple Password This control type indicates that IP RIP v1 messages and IP RIP v2 messages which pass authentication test are accepted. The authentication test is done using a simple password. * This is the default switch.
CONFIGURING BASIC IP ROUTING IP Network Interfaces An IP Host device has only one network interface that it uses for data transfer. This network interface is assigned an IP address and belongs to one subnet. A remote IP host typically uses an ISDN line for this network interface. All data is sent through this network interface. An IP router device can have multiple network interfaces. Each of these are assigned an IP address and belong to a separate subnet.
USER’S GUIDE The WAN IP Network Interface is used to define remote IP devices (hosts or routers) that require access to the central network. This network interface represents a different subnet than that connected to a LAN network interface. The WAN IP Network Interface is used for both IP Host and PPP remote devices. The WAN (Direct Host) IP Network Interface allows you to extend the LAN subnet to remote devices. The WAN (Direct Host) IP Network Interface is used for IP Host and PPP remote devices.
CONFIGURING BASIC IP ROUTING IP Network Interfaces Host 128.1.1.8 File Server Subnet 128.1.1.0 128.1.1.3 (128.1.1.2 uses WAN Direct Host Interface) Host 128.1.1.1 CSX5500 128.1.1.2 Interfaces: LAN Interface 128.1.1.1 WAN Direct Host Interface 192.2.2.1 WAN Interface 192.2.2.1 both WAN Interfaces use one PRI line Subnet 192.2.2.0 Needed for WAN Interface ISDN 192.2.2.3 Router 198.1.2.3 Subnet 198.1.2.
USER’S GUIDE File Server Host 128.1.1.8 Subnet 128.1.1.0 128.1.1.3 128.1.1.1 CSX5500 Interfaces: LAN Interface 128.1.1.1 131.3.3.1 RLAN Interface 131.3.3.1 Host Bridge WAN UnNumbered Interface both WAN Interfaces use one PRI line ISDN 131.3.3.2 Host Subnet 131.3.3.
CONFIGURING BASIC IP ROUTING IP Network Interfaces IP RIP AND THE IP NETWORK INTERFACES Routing Information Protocol (RIP) is a protocol used to exchange routing information among IP devices. Using IP RIP can automate the maintenance of routing tables on IP devices and relieve you of having to keep the routing tables up to date manually. IP RIP determines the shortest path between two points on a network in terms of the number of “hops” between those points.
USER’S GUIDE See illustration, Example 1. Because SITE1 is the only CyberSWITCH that is connected to the logical network, it is reasonable for SITE1 to advertise the IP RIP information on Network 3 as subnetwork routes, meaning that SITE1 will always advertise the remote IP devices’ IP RIP information. Network 1 (1.0.0.0) i/f 1 1.0.0.1 R1 i/f 2 2.0.0.1 Network 2 (2.0.0.0) i/f 1 2.0.0.2 CSX5500 "SITE1" i/f 2 3.0.0.2 ISDN Network 3 (3.0.0.
CONFIGURING BASIC IP ROUTING IP Network Interfaces Network 1 (1.0.0.0) i/f 1 1.0.0.1 R1 i/f 2 2.0.0.1 Network 2 i/f 1 2.0.0.3 i/f 1 2.0.0.2 CSX5500 i/f 2 3.0.0.2 (2.0.0.0) CSX5500 "SITE2" "SITE1" 3.0.0.11 i/f 2 3.0.0.3 3.0.0.12 ISDN 3.0.0.13 Network 3 (3.0.0.0) WAN RIP Interfaces: Example 2 For the WAN interface to function properly with IP RIP, additional WAN interface information is configured.
USER’S GUIDE Currently, IP RIP is not supported across an UnNumbered WAN interface. For example, in the following network setup, SITE1 could not advertise IP RIP information across the UnNumbered WAN IP Interface to Router 2 (R2). Therefore, SITE1 would know about Networks 1 and 2, but would not learn anything about Network 3. In this situation, a static route would have to be configured on the CyberSWITCH. For information on the configuration of static routes, refer to Static Routes. Network 1 (1.0.0.
CONFIGURING BASIC IP ROUTING IP Network Interfaces CSX1200 WORKGROUP REMOTE ACCESS SWITCH "SITE3" B-CHANNELS POWER SERVICE TX LAN RX 10BASE-T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 ONLY B17 B19 B21 B23 B18 B20 B22 B24 E1 D B25 B27 B29 B31 B26 B28 B30 L1 T1 D 1.1.1.3 CSX5500 "SITE1" ISDN 1.1.1.2 Dedicated Connection 1.1.1.
USER’S GUIDE IP HOST OPERATING MODE AND THE IP NETWORK INTERFACES Only one network interface can be configured when the IP operating mode is host. The network interface configuration is not much different from the others available in router mode except that the following configuration items will not be asked: • Network Interface Type • Network Interface Name • IP RIP Send Control USING MULTIPLE IP ADDRESSES You may use multiple IP addressing for system backup and/or network flattening implementations.
CONFIGURING BASIC IP ROUTING IP Network Interfaces with a remote device on a different subnet, the local device will ARP for the remote host’s MAC address. Since routers do not forward ARP requests across subnets, ARPs sent for hosts which are not on the same physical network segment will go unanswered. The proxy ARP feature will potentially generate an ARP reply for remote hosts.
USER’S GUIDE When a local host ARPs for a remote host, the CyberSWITCH (with Proxy ARP enabled) determines if it provides the best route to the destination. If it does, it will reply to the ARP request with its own MAC address. • Suppose Host A wishes to contact Host D. Since Host A thinks every other host is local, it will broadcast an ARP request. The CyberSWITCH, which is on the same physical wire as Host A, will receive the ARP request on one of its LAN network interfaces.
CONFIGURING BASIC IP ROUTING Static Routes USING MANAGE MODE COMMANDS iproute Displays the current IP static routing configuration data. The meaning of each displayed field for a route entry is: DESTINATION IP address for the destination network or host. SUBNET-MASK Subnet mask value for the destination network or host. A value of 255.255.255.255 indicates that this entry is for a specific IP host.
USER’S GUIDE IP RIP PROPAGATION CONTROL The IP RIP propagation control determines how a static route is propagated via IP RIP. The following table provides an explanation of how a IP RIP propagation control flag is assigned to a static route. Flag Meaning Propagate Always This flag indicates that the route information is always propagated via IP RIP. This flag is available when the next hop is over a LAN or a WAN interface.
CONFIGURING BASIC IP ROUTING Static Routes reachable directly and therefore no intermediate router will be used. The default metric value is 2. The range of metric values for static routes is from 0 to 15. You may manipulate the metric value to promote a certain default route, or to impede a default route from being used.
USER’S GUIDE STATIC ROUTE BACKGROUND INFORMATION You only need to configure Static Routing entries if you need to access a WAN network that is not directly connected to the system, or if you need to access a LAN network through a router that does not support IP RIP. Static Routes specify the IP address of the next hop router or gateway that provides access to this network. The following diagram gives an example of a static route definition. Host 156.1.0.0 Router 192.1.1.2 128.1.1.
CONFIGURING BASIC IP ROUTING Default Routes DEFAULT ROUTES CONFIGURING DEFAULT ROUTES The default route is a form of static route that is useful when there are a large number of networks that can be accessed through a gateway. However, care must be taken when specifying a default route. All IP datagrams with a destination IP address that do have an explicit routing table entry will be sent to the default route.
USER’S GUIDE connection is over a WAN. You may want to assign this route a high number of hops to limit toll charges, in case there is a local route that could be used. IP RIP PROPAGATION CONTROL This controls how a default route is propagated via IP RIP. The following table provides an explanation of how a IP RIP propagation control flag can be assigned to a default route. Flag Meaning Propagate Always This flag indicates that the route information is always propagated via IP RIP.
CONFIGURING BASIC IP ROUTING Routing Information Protocol (RIP) Option USING MANAGE MODE COMMANDS iprip This command tells you if IP RIP is currently enabled or disabled. iprip off If IP RIP is enabled, this command allows you to disable IP RIP. iprip on If IP RIP is disabled, this command allows you to enable IP RIP. IP RIP CONFIGURATION ELEMENTS IP RIP STATUS The status IP RIP may be enabled or disabled.
SECURITY AND ENCRYPTION OPTIONS The CyberSWITCH product allows you to decide the extent and type of security for your network. This security may consist of standard security options, or it could include data encryption through the purchase of the CyberSWITCH encryption option. The CyberSWITCH supports standard security options which are independent of the encryption process. These options may or may not be encrypted.
SECURITY OVERVIEW OVERVIEW Security is an important issue to consider when you are setting up a network. The CyberSWITCH provides several security options, and this chapter describes the “Big Picture” of how these options work and interoperate. This information will better equip you to proceed with the following phases of security configuration: 1. configuring the level of security 2. configuring system options and information 3. configuring device level databases 4. configuring user level databases 5.
USER’S GUIDE Multilevel security provides both user level security and device level security for local (on-node) database, Radius, and CSM. This provides added protection; first, a device will be authenticated, and then a particular user (on the device) will be authenticated. The feature also allows the configuration of an on-node device database at the same time as an offnode device database. Calls first check the on-node database (if enabled) and then the off-node database for the correct device.
SECURITY OVERVIEW User Level Databases These environments include an on-node database and a variety of off-node, central authentication databases. The on-node database contains a list of valid devices that can access the network resources connected to the CyberSWITCH. This list of valid devices is configured and stored locally. A central database allows a network with more than one CyberSWITCH to access one database for device authentication.
CONFIGURING SECURITY LEVEL OVERVIEW The CyberSWITCH offers the following levels of network security: no security, device level security, user level security, or device and user level security. The network security level determines the type of security you want activated on your network. As the name implies, no security is used if you configure your network security level as “no security.
CONFIGURING SECURITY LEVEL Overview CSX5500 CSX5500 ISDN ISDN ISDN Router Plan what level(s) of security you will use, and configure them now. You will later assign and configure authentication databases to the network security level you configure and to administration sessions. The table below identifies the types of authentication databases that are applicable (specified by yes) for each type of network security and for administration sessions.
USER’S GUIDE NO SECURITY CONFIGURING NO SECURITY USING CFGEDIT 1.
CONFIGURING SECURITY LEVEL Device Level Security DEVICE LEVEL SECURITY CONFIGURING DEVICE LEVEL SECURITY USING CFGEDIT 1. Select Device Level Security from the Security Level Menu. If you need guidance to find this menu, refer to the instructions provided in the No Security configuration section. 2. Refer to the chapter Configuring Device Level Databases in order to select and configure the device level database. USING MANAGE MODE seclevel Displays the current security level configuration data.
USER’S GUIDE OVERVIEW OF D EVICE AUTHENTICATION PROCESS When a remote device connects, the CyberSWITCH negotiates the required authentication. It then collects the information which is used to identify and authenticate the remote device. The system compares this collected information against information maintained in a device database.
CONFIGURING SECURITY LEVEL User Level Security The following sections provide information regarding authentication via SecurId cards, system requirements for user level security, and the authentication process with user level security. AUTHENTICATION U SING A SECURITY TOKEN C ARD The CyberSWITCH supports interactive, user level security through the TACACS or ACE server programmed for use with security token cards. Token cards are credit card-sized devices.
USER’S GUIDE Security Server CSX5500 ISDN SYSTEM REQUIREMENTS When providing user level security for the CyberSWITCH, you must establish Remote User-toLAN Connectivity (like terminal servers). You may not establish LAN-to-LAN Connectivity as routers usually do.
CONFIGURING SECURITY LEVEL User Level Security AUTHENTICATION PROCESS WITH USER LEVEL SECURITY Making a Telnet Connection In order to access user level security, you must first establish a Telnet connection to the CyberSWITCH.
USER’S GUIDE TACACS: with PINPAD SecureID Card 1. Enter login Id (remote machine). 2. Enter password onto SecurID card, which generates a dynamic password. 3. Enter dynamic password onto remote machine’s password prompt. 4. Press key when prompted for dynamic password. with non-PINPAD SecureID Card 1. Enter login Id (remote machine). 2. Enter password (remote machine). 3.
CONFIGURING SECURITY LEVEL Device and User Level Security DEVICE AND USER LEVEL BACKGROUND INFORMATION Multi-level security (device and user level) provides you with increased security options for your network. This feature supports device level security for all remote devices. User-level authentication can be performed on top of device level authentication for IP, IPX, AppleTalk and bridge users. Only users configured for user level authentication will be required to do so.
CONFIGURING SYSTEM OPTIONS AND INFORMATION OVERVIEW System options include security options for remote devices. The security required for the authentication of each device will depend on the information you have entered for that device. System information includes a system name, system password, and a system secret. These values are required only if there are remote devices on the network that require this information for system validation.
CONFIGURING SYSTEM OPTIONS AND INFORMATION System Options System Options Menu: PPP Link: 1) PAP Password Security 2) CHAP Challenge Security ENABLED ENABLED HDLC Bridge Link: 3) Bridge MAC Address Security ENABLED IP Host (RFC 1294) Link: 4) IP Host Id Security ENABLED ISDN: 5) Calling Line Id Security ENABLED Id of the Option to change or for previous menu: Note: It is not necessary to disable a security option, even if you are not using the option.
USER’S GUIDE PAP Authentication CHAP Authentication Yes No Bridge MAC Address Authentication No No Yes No No No Yes No No No Note: Calling Line Id Authentication Optional Duplicates allowed for these Devices. Optional Duplicates allowed for these Devices. Optional Duplicates allowed for these Devices. Required Duplicates not allowed.
CONFIGURING SYSTEM OPTIONS AND INFORMATION System Options The above process applies to the system’s authentication of the remote device. It is also possible that the remote device may wish to authenticate the system itself, a desire that is also negotiated during the LCP initialization of the link. Enabling CHAP via configuration also permits the system to agree to be authenticated via CHAP during LCP negotiation.
USER’S GUIDE The following table summarizes the identifying and authenticating information used by each remote device type to connect to the system: Device Type Identifier Authenticator HDLC Bridge (MAC Layer Bridge) Bridge Ethernet Address or Calling Line Id Bridge Ethernet Address Optional: Password Optional: Calling Line Id IP Host (with RFC 1294 encapsulation) IP Host Id IP Host Id Optional: Calling Line Id PPP Device Name CHAP Secret or PAP Password Optional: Calling Line Id SYSTEM INFORMA
CONFIGURING SYSTEM OPTIONS AND INFORMATION Administrative Session SYSTEM PASSWORD The System Password is a user-defined password that is only required if there are remote devices on the network that require this information for system validation. This is passed in the password field during PAP negotiation. This password can be from 1 to 17 ASCII characters in length.
USER’S GUIDE 4. You may specify an authentication database location for administrative sessions that is different from the user authentication database location. Note: 5. If you select RADIUS, TACACS, or ACE, you must be sure that the selected server is active before you initiate an administrative session. From the Administrative Session menu select (2) Session Inactivity Timeout. The following prompt is displayed: Enter the Session Inactivity Timeout value in minutes.
CONFIGURING SYSTEM OPTIONS AND INFORMATION Administrative Session TIMEOUT V ALUE Allows you to terminate login sessions after the configured “time-out value” length in time. If “0” is entered, the value will be disabled. The time-out will be enabled by entering a number greater than 0. The range is from 0 to 1,440 minutes. NUMBER OF SESSIONS This value disables, or limits the number of Telnet administrative sessions allowed. The default value and the maximum value is 3.
USER’S GUIDE EMERGENCY TELNET SERVER PORT NUMBER BACKGROUND INFORMATION There are some Telnet client programs that do not clear Telnet connections when terminating Telnet sessions. Since they do not clear the Telnet connections, those connections stay alive and soon all Telnet sessions are used up. Once this happens, no more Telnet sessions can be established until the inactivity timer of one of the sessions expires.
CONFIGURING DEVICE LEVEL DATABASES OVERVIEW Device level security is an authentication process between internetworking devices, in which authentication takes place automatically. Both bridges and routers support this form of security.Device level security is available to the network locally through the On-node Device Database or remotely through the Connection Services Manager (CSM) or RADIUS Server.
USER’S GUIDE Device Level Databases Menu: 1) On-node Device Database (Enable/Disable) 2) On-node Device Entries 3) Off-node Device Location Select function from above or for previous menu: 1 2. Select option (1) On-node Device Database from the Device level Databases menu. The following screen will be displayed.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries 4. The Device Table menu will then be displayed similar to the example screen shown below: Device Table Menu: (Device = "DAN") 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) ISDN Frame Relay X.25 Digital Modem Authentication IP IPX AppleTalk Bridge Compression Encryption Select function from above or for previous menu: 1 We suggest that you first enter the information pertaining to the device’s access type(s).
USER’S GUIDE 6. For Frame Relay devices: Note: You must first configure the Frame Relay Access. Instructions for configuring the access is found in the Frame Relay Accesses section of the Configuring Alternate Accesses chapter. Begin by selecting Frame Relay from the Device Table Menu. A screen similar to the following is displayed: Device Frame Relay Menu: (Device = "DAN") 1) PVC Information Access Name DANACCESS DLCI 16 Protocol PPP You cannot change this information from within this menu.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries If you select PVC, the list of available PVCs are displayed. The LCN of the selected PVC and the X.25 Access Name are stored in the Device Table to bind the device to a particular virtual circuit configuration: Select the type of the Virtual Circuit 1) Permanent Virtual Circuit (PVC) 2) Switched Virtual Circuit (SVC) [default 2]: 1 Current Permanent Virtual Circuits defined for X.
USER’S GUIDE 9. Enter the authentication information needed. To begin entering the information, select Authentication from the Device Table Menu.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries If your device requires an IP address, enter it now. Options are: • none for Direct Host or WAN links that plan to use dynamic address allocation • 0.0.0.0 for unnumbered WAN links • IP address # for traditional numbered WAN links Enable or disable IP routing for this device. If you want dial-out capabilities to this device, enable Make calls for IP data.
USER’S GUIDE b. Press 2 at the above menu to enter the device’s AppleTalk address. If the device is over an unnumbered link, enter 0.0. If the device is over a MAC dial-in port, you may either enter an address, or leave the value at “none”. c. Press 3 at the above menu, then follow the on-screen instructions to configure whether or not dial out to this device is allowed for this device. d. Press 4 at the above menu to specify an AppleTalk routing protocol the system should use with this device.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries USING MANAGE MODE COMMANDS device Displays the current Device Table. Included in this display is each device’s ID and name. After the list has been displayed, you may enter a specific device Id to display detailed information for that device. device add Allows you to add a device entry to the Device Table. You will be prompted for the device name and device type.
USER’S GUIDE • IP Host (RFC 1294) RFC 1294 provides a simple security exchange at connection time, along with an encapsulation method for IP datagrams. BASE D ATA RATE Only used for Dial-Out. This value represents the throughput on a B-channel or pre-ISDN link connecting the CyberSWITCH to a device. The data rate can be specified as either 56,000 or 64,000 bps. The default configuration for the base data rate is 64,000 bps.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries DIAL-OUT PHONE NUMBER(S) This configuration element is required when the Dial-Out feature is used. The dial-out capability allows the CyberSWITCH to initiate connections to PPP or HDLC devices located at remote sites. A phone number must be defined for each remote device that will be dialed. This number includes any prefix digits, area codes, or extensions as required to dial the destination device.
USER’S GUIDE X.121 ADDRESS If you choose an SVC for your virtual circuit, you must provide the X.121 address of the remote device you are currently adding to the Device Table. (The X.121 addresses for both local and remote devices are provided by your X.25 provider.) DIGITAL MODEM CONFIGURATION ELEMENTS Note: These elements are configured for digital modem devices only. LINE PROTOCOL The available line protocols for ISDN access devices. The only available selection at this time is PPP.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries OUTBOUND AUTHENTICATION This parameter allows you to enable or disable PPP outbound authentication procedures. When PPP outbound authentication is enabled, PPP (CHAP or PAP) authentication is required at both ends of the connection. When PPP outbound authentication is disabled, the CyberSWITCH does not authenticate the remote device when dialing out. If enabled, the CyberSWITCH will authenticate the remote device.
USER’S GUIDE compare the incoming CLID with the value configured in the On-node Device Table. If the numbers are identical the connection will be established. Otherwise, the system will reject the incoming call. When two remote devices share the same line (a single point-multipoint ISDN line), they can also configure the same CLIDs if they both also have some other type of authentication configured (for example, PAP, CHAP, or Bridge MAC Address Authentication).
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries IPX EXTERNAL WAN NETWORK NUMBER Specifies a user-configurable IPX external network number on the WAN (necessary with CSX200 and CSX400 platforms only). This parameter can be a hexadecimal value from 1 to 4 bytes in length.The default value is none. WAN PEER TYPE Specifies an active WAN peer (receives and sends information at all times) or a passive WAN peer (receives/sends information only when a connection is up).
USER’S GUIDE BRIDGE INFORMATION CONFIGURATION ELEMENTS IP (SUB) NETWORK NUMBER If the CyberSWITCH uses an IP RLAN interface to connect to a remote bridge, you must provide this information. This address associates the bridge with the IP network to which it connects. Enter this address using dotted decimal notation. This parameter applies to the network-portion of the IP address only. Note that if you change the IP address under the IP information menu selection, this parameter will reflect that change.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries COMPRESSION C ONFIGURATION ELEMENTS DEVICE COMPRESSION S TATUS Allows you to enable or disable compression for the individual device. If this option is enabled, then the CyberSWITCH will negotiate compression with this device. Otherwise, the system will not negotiate compression with this device, leaving the compression resources available for other devices.
USER’S GUIDE The following table identifies the configuration requirements for possible security options for remote bridge devices.
CONFIGURING DEVICE LEVEL DATABASES On-node Device Entries IP Routing with IP Host Devices (RFC1294) To allow an IP Host device to connect to the CyberSWITCH, you must have IP Routing and IP Host Security enabled. For each IP Host device using this type of connection, you may need to enter the device’s IP address, IP Host Id, and Calling Line Id. The following table identifies the configuration requirements for possible security options for IP Host devices.
USER’S GUIDE Bridging with PPP Bridge Devices (Using BCP) To allow a PPP Bridge device to connect to the CyberSWITCH, you must have Bridging enabled. For each PPP Bridge device using this type of connection, you may need to enter a PAP Password or a CHAP Secret, and a Calling Line Id. The following table identifies the configuration requirements for possible security options for PPP Bridge Devices.
CONFIGURING DEVICE LEVEL DATABASES Off-node Device Database Location The following table identifies the configuration requirements for possible security options for IP Routing with PPP Bridge Devices.
USER’S GUIDE OFF-NODE DEVICE DATABASE LOCATION CONFIGURATION ELEMENTS DATABASE LOCATION The database location for device level security. The choices for the off-node database location are None (Use on-node), CSM, or RADIUS. Choosing an off-node database location enables the particular database. Note: Enabling CSM as the off-node device database location automatically enables CSM as a Call Control Manager. However, disabling CSM as the authentication agent will not disable CSM as a Call Control Manager.
CONFIGURING USER LEVEL DATABASES OVERVIEW User level security is an authentication process between a specific user and a device. The authentication process is interactive; users connect to a terminal server and need to interact with it in order to communicate with other devices beyond the server. The CyberSWITCH supports user level security through the RADIUS, TACACS, or ACE Server. This chapter provides information for enabling an off-node user level database.
USER’S GUIDE USER LEVEL AUTHENTICATION DATABASE LOCATION CONFIGURATION ELEMENTS DATABASE LOCATION The database location for user level security. Choices are: RADIUS Server, TACACS Server, or ACE Server. DATABASE TELNET PORT NUMBER You must also specify the Telnet port number to be used for authentication with the selected server. This port number is a unique number that identifies the server. For remote authentication, users will need to Telnet into this specially configured port.
CONFIGURING OFF-NODE SERVER INFORMATION OVERVIEW This chapter provides information on configuring the CyberSWITCH so that it will be able to communicate with an off-node server. This communication may be for Authentication or Accounting purposes. The off-node servers supported are: • Connection Services Manager (CSM) • RADIUS • TACACS • ACE CSM, RADIUS Authentication, TACACS and ACE are all authentication servers; RADIUS Accounting is the accounting server.
USER’S GUIDE CSM AUTHENTICATION SERVER CONFIGURING CSM AUTHENTICATION SERVER Notes: In order for the CyberSWITCH to reference CSM for device authentication, the following configuration steps must first be completed: • IP Routing must be enabled. If you try to enable CSM before IP routing has been enabled, an error message will be displayed. • The appropriate LAN network interface(s) must be configured to represent the local IP network.
CONFIGURING OFF-NODE SERVER INFORMATION RADIUS Server CSM AUTHENTICATION SERVER CONFIGURATION ELEMENTS TCP PORT NUMBER The TCP port number used by CSM. Note that you can assign a device-defined port number, but that the CSM TCP port number must be entered identically on both the CyberSWITCH and CSM. CSM AUTHENTICATION SERVER BACKGROUND INFORMATION When a remote site calls a CyberSWITCH, it sends its identification (such as the system name) and a password (or challenge).
USER’S GUIDE For Device Level Security: • Specify Device Level Security (from Main Menu, Security, Security Level) • Select RADIUS from Off-Node Device Database Location (Main Menu, Security, Device Level Databases) For User Level Security: • Select User Level Security (from Main Menu, Security, Security Level) • Enable RADIUS Authentication Server (from Main Menu, Security, User Level Databases) If you are using an RFC2138 RADIUS Server, you must reflect this correctly under Main Menu, Security, Off-node
CONFIGURING OFF-NODE SERVER INFORMATION RADIUS Server USING MANAGE MODE COMMANDS radius Displays the current RADIUS server configuration data. radius change Allows you to change the current RADIUS server configuration data. After entering the radius change command, you will be prompted for the configuration elements you want to change. RADIUS AUTHENTICATION SERVER CONFIGURATION ELEMENTS IP ADDRESS The IP address in dotted decimal notation for the RADIUS Server.
USER’S GUIDE The Remote Authentication Dial-In User Service (RADIUS) is a central database supported by the CyberSWITCH. RADIUS operates using two components: an authentication server and client protocols. The RADIUS Server software is typically installed on a UNIX-based or NT-based system that is local to the network. The client protocols allow the CyberSWITCH to communicate with the RADIUS server, ultimately authenticating devices.
CONFIGURING OFF-NODE SERVER INFORMATION RADIUS Server RADIUS ACCOUNTING Menu: Primary (Master) Server IP Address Shared Secret UDP Port Number is 010.000.000.108 is “ralph” is 1813 Secondary (Slave) Server is Not Configured Access Request Retry Number of Access Retries Time between Retries is 3 is 1 second RADIUS Accounting Server Options: 1) Primary (Master) Server 2) Secondary (Slave) Server 3) Miscellaneous Information Select function from above or for previous menu: 4.
USER’S GUIDE radius Displays the current RADIUS server configuration data. radacc Allows you to change the current RADIUS Accounting Server configuration data. After entering the radacc command, you will be presented with a RADIUS Accounting Menu similar to that in CFGEDIT. RADIUS ACCOUNTING SERVER CONFIGURATION ELEMENTS RADIUS ACCOUNTING You may enable or disable this feature. The default is disabled. UDP PORT NUMBER The UDP port number used by the RADIUS Accounting Server.
CONFIGURING OFF-NODE SERVER INFORMATION RADIUS RFC2138 VERIFICATION AND DIAGNOSIS After configuring the RADIUS Accounting Server, connect via a dial-in client, and then disconnect. On the RADIUS Accounting Server, verify that it has received the Accounting Start and Stop message. If it has not, check the CyberSWITCH system log. If there is a message that no response was received from the Accounting Server, then verify your configuration.
USER’S GUIDE USING MANAGE MODE offnode Allows you to change current settings for off-node server options. You may use this command to enable the RFC2138 compliance feature. RADIUS TYPE CONFIGURATION ELEMENTS RADIUS TYPE Specify the type of RADIUS implementation: Cabletron implementation or RFC2138 implementation. For preexisting systems upgraded to UAA 7.3 software, the default is Cabletron implementation. For new systems shipped with 7.3 software, the default is RFC2138.
CONFIGURING OFF-NODE SERVER INFORMATION Dynamic Device Option USING MANAGE MODE offnode Allows you to change current settings for off-node server options. You may use this command to enable and configure the dynamic device option. DYNAMIC DEVICE CONFIGURATION ELEMENTS DEVICE NAME A 1 to 17-character, user-specified name. Any name may be entered. For dynamic devices, this name will not be used, but it must be entered to allow for creation of a device.
USER’S GUIDE If a specific set of parameters is required for a particular device, configure the specific device independently, either locally (through the on-node device list) or in CSM. The CyberSWITCH will look at the configured device table first before proceeding to the dynamic device default configuration. Since the configured device table overrides the default configuration, leave the dynamic device option enabled, and configure specific devices for exceptional cases only.
CONFIGURING OFF-NODE SERVER INFORMATION TACACS Authentication Server USING MANAGE MODE COMMANDS tacacs Displays the current TACACS off-node server configuration data. tacacs change Allows you to change the current TACACS off-node server configuration data. After entering the tacacs change command, you will be prompted for the configuration elements you want to change. TACACS AUTHENTICATION SERVER CONFIGURATION ELEMENTS IP ADDRESS The IP address in dotted decimal notation for the TACACS Server.
USER’S GUIDE ACE AUTHENTICATION SERVER CONFIGURING AN ACE AUTHENTICATION SERVER Note: In order for the CyberSWITCH to reference an ACE server, the following configuration steps must first be completed: • basic IP routing information must be configured for ACE • a LAN Network interface must be configured appropriately for the IP network connected to each LAN port on the system • at least one WAN Network Interface must be configured for ACE to be operable After ACE configuration but before attempting to acc
CONFIGURING OFF-NODE SERVER INFORMATION ACE Authentication Server b. c. Specify the time between retries. Choose between the DES or SDI Encryption Method. The algorithm you select must be compatible with the ACE Server setup. d. You will also be prompted for a source IP address. This source IP address should be a valid address for the CyberSWITCH. The IP address must match the IP address listed for the system in the ACE Server host machine’s /etc/hosts file.
USER’S GUIDE TIME BETWEEN ACCESS REQUEST RETRIES The time between Access Request Retries sent from the system. The initial default value is 1 second. The acceptable range is from 1 to 10,000. ENCRYPTION METHOD This option should always indicate SDI, and is not currently configurable. If the ACE Server is not also configured to use SDI encryption, then any authentication attempts via the system will fail.
CONFIGURING NETWORK LOGIN INFORMATION OVERVIEW The CyberSWITCH offers a number of configurable options to control the login process for this system and for off-node authentication servers. These options include: • general network login configuration • network login banners • login configuration specific to RADIUS • login configuration specific to TACACS NETWORK LOGIN GENERAL CONFIGURATION CONFIGURING GENERAL NETWORK LOGIN INFORMATION USING CFGEDIT 1. Select Security from the main menu. 2.
USER’S GUIDE Telnet session for authentication. Item (11), Terminal Server Security, allows you to specify type of security for this special connection. See following description. AUTHENTICATION TIMEOUT Note: If using the Security Dynamics Ace Server, modify the timeout value to be greater than the change frequency value of the SecurID cards. Refer to the Security Dynamics documentation for more information on this change frequency value.
CONFIGURING NETWORK LOGIN INFORMATION Network Login Banners NETWORK LOGIN GENERAL CONFIGURATION BACKGROUND INFORMATION Allows you to change the network login prompts. These include the prompts for: • login ID • dynamic password • user password • old password, new password • passcode You may also specify the number of login attempts, password change attempts and the amount of time in seconds before an authentication timeout.
USER’S GUIDE netlogin change Allows you to change the current network login configuration data. After entering the netlogin change command, you will be prompted for the type of login configuration information you want to change. The prompt will resemble the CFGEDIT screen in which this information was originally configured. You may change: user level security general configuration, login banners, login configuration specific to RADIUS, and login configuration specific to TACACS.
CONFIGURING NETWORK LOGIN INFORMATION Login Configuration Specific to RADIUS Server RADIUS Device Login Prompt Order Menu: Current Prompt Order is: ----------------------------------------------------------------First Prompt is LOGIN ID PROMPT (fixed) Second Prompt is USER PASSWORD PROMPT 1) Prompt Order Select function from above or for previous menu: 1 Prompts available for Second Prompt 1) USER PASSWORD 2) DYNAMIC PASSWORD Select function from above or for previous menu: USING MANAGE MODE
USER’S GUIDE The password control character is a key sequence you specify to switch between the login mode and the change password mode. In order to enable this feature for the general user, you need to configure this password control character. LOGIN CONFIGURATION SPECIFIC TO TACACS SERVER CONFIGURING TACACS SERVER LOGIN INFORMATION USING CFGEDIT 1. Select option (4), Login Configuration Specific to TACACS Server from the Network Login Information menu.
CONFIGURING NETWORK LOGIN INFORMATION Login Configuration Specific to TACACS Server TACACS Return Code Messages Menu: RESPONSE REASON MESSAGE ----------------------------------------------------------------- 1) 2) 3) 4) 5) 6) 7) ACCEPTED(1) ACCEPTED(1) ACCEPTED(1) REJECTED(2) REJECTED(2) REJECTED(2) REJECTED(2) NONE(0) EXPIRING(1) PASSWORD(2) NONE(0) EXPIRING(1) PASSWORD(2) DENIED(3) "" "**** "**** "**** "**** "**** "" Password about to expire ****" Password expiration imminent ****" Login invalid ***
USER’S GUIDE TACACS may provide return code messages upon user login. You may customize these messages through CFGEDIT.
CONFIGURING ENCRYPTION OVERVIEW The CyberSWITCH encryption option provides 56-bit data encryption through two different implementations: • IP (or Network Layer) Security • PPP (or Link Layer) Encryption These implementations use the Data Encryption Standard (DES) algorithm. DES provides data security for transmissions over the WAN between encryption devices, either through PPP or frame relay connections, or over unprotected media, such as the Internet.
USER’S GUIDE CONFIGURING SECURITY ASSOCIATIONS AND AUTHENTICATION (IP SECURITY ONLY) IP Security encryption configuration consists of the following elements: • setting up security associations for Encapsulating Security Payload (ESP) • optionally specifying keys for Authentication Headers (AH) Security Associations are necessary for IP networks that plan to use an untrusted/unprotected media, such as the Internet.
CONFIGURING ENCRYPTION Configuration Note: 5. For the Final Destination and Source IP addresses, you may enter the entire address (i.e., 197.1.2.2 vs. 197.1.0.0); however, the subnet mask will determine how many significant bits the system will actually consider. The next series of questions pertain to the Authentication Header. To implement an Authentication Header, select Authentication using MD5, and provide a shared secret authentication key.
USER’S GUIDE Device PPP Encryption Menu 1) 2) 3) 4) Decryption/Encryption Proprietary Key Exchange Decryption key Encryption key DISABLED DISABLED Id of parameter to change or to cancel: 7. 8. Enable the Decryption/Encryption feature. (This selection is a toggle switch). Configure encryption key implementation: • If you plan to use the CyberSWITCH’s automated key exchange, enable Proprietary Key Exchange. (This selection is a toggle switch.) Then skip to step 11.
CONFIGURING ENCRYPTION Configuration associations for incoming and outgoing packets. The incoming packet security association on site “A” must match the outgoing packet security association on site “B” and vice versa. FINAL DESTINATION IP ADDRESS IP address using dotted decimal notation that specifies the remote (“destination”) trusted network or host. SUBNET MASK The subnet mask identifies a subnetwork. The value of the mask determines which part of the 32bit IP address is the “network” address.
USER’S GUIDE SECURITY P ARAMETER INDEX (SPI) A 32-bit number (eight hexadecimal digits) used to identify the security associations between CyberSWITCH nodes. The SPI must be greater than or equal to 00000100hex. The SPI is transmitted in the Encapsulating Security Payload (ESP) header and used by the peer CyberSWITCH node to identify the necessary information to decrypt the ESP payload.
CONFIGURING ENCRYPTION Encryption Background Information The peer must also have corresponding Security Associations. (Note that the gateway address and the source/destination subnet addresses are switched to reflect the peer subnet.) Security Associations between peer CyberSWITCH nodes are identified by a Security Parameter Index (SPI). The SPI is transmitted in the ESP header and is used by the peer node to identify the necessary information to decrypt the ESP payload.
USER’S GUIDE On the CyberSWITCH, AH is added to a packet after ESP application. When a remote node receives the encrypted packet, it first processes the authentication information in the AH. If the AH information is valid, the node proceeds to decrypt the packet. If authentication fails, the packet is dropped. LINK LAYER ENCRYPTION Link layer encryption is available for WAN services using PPP (data-link layer) protocol.
CONFIGURING ENCRYPTION Encryption Background Information AUTOMATED KEY EXCHANGE The CyberSWITCH’s automated key exchange uses a proprietary protocol defined for use with Cabletron remote access products. This proprietary protocol exchanges information during ECP (Encryption Control Protocol) negotiation to produce proper keys. To use automated key exchange, the feature must be enabled for each device, and the DES/RSA resource must be properly configured and installed on the CyberSWITCH.
USER’S GUIDE MULTIPLE MAC/IP ADDRESSES For backup purposes, you may want to consider using the multiple MAC or multiple IP address feature to set up redundant configurations to use in conjunction with encryption. In such configurations, you must be sure that all CyberSWITCH nodes have the same or comparable Security Associations. When multiple paths through different secure gateways exist, you must be sure such paths are properly protected.
ADVANCED CONFIGURATION We define advanced configuration as the configuration you may use to fine tune your system, or to configure options that are not necessarily needed by the majority of users. For example, to configure an alternate access (an alternate to ISDN access), this would be considered advanced configuration.
CONFIGURING ALTERNATE ACCESSES OVERVIEW An access defines the connection details the CyberSWITCH uses to reach the network. The default access is ISDN access, a switched-network access. Configurable accesses are required for dedicated network connections, and for packet-switched network connections including X.25 and frame relay connections. Refer to the following information for the alternate access you wish to add. DEDICATED ACCESSES CONFIGURING A DEDICATED ACCESS USING CFGEDIT 1.
CONFIGURING ALTERNATE ACCESSES Dedicated Accesses DEDICATED ACCESS CONFIGURATION ELEMENTS LINES The line that will be used for the dedicated access. A dedicated access can be defined on either a BRI, a PRI, a network V.35, or a network RS232 line. BEARER CHANNELS For BRI and PRI lines only. Also referred to as B channels. B channels can carry voice or data in either direction. CLOCKING TYPE For V.35 and RS232 lines only. Clocking types can be either external or internal.
USER’S GUIDE To define a Dedicated Access, you must select a previously defined line. Then, input the details required to use the line. Notes: To achieve maximum bandwidth, you could theoretically dedicate two T1s to one remote device (3072 Kbps). Any configuration above this maximum bandwidth is not supported. Keep in mind that you can aggregate a maximum of 32 connections. These connections can be any combination of dedicated and/or switched connections to the same device.
CONFIGURING ALTERNATE ACCESSES X.25 Accesses 4. 5. 6. Enter the X.121 address of the local DTE (the CyberSWITCH). Select the data rate for the line. Enter a list of bearers (a channel map). For PRI lines, the range of channels is from 1 to 24. For BRI lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/or list a range by using a dash (-). LAPB CONFIGURATION INFORMATION 1. Enter the LAPB sequence number range to use, regular, or extended.
USER’S GUIDE 3. Configure the X.25 Reliability, Windows, and Acknowledgment Facilities. a. Select the type of sequence numbers to be used for X.25: regular or extended. Extended sequence numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128), as opposed to 0-7 (modulo 8). b. Enter the Maximum Window Size. This is the largest possible window size to be supported on any virtual circuit.
CONFIGURING ALTERNATE ACCESSES X.25 Accesses PERMANENT VIRTUAL CIRCUIT INFORMATION Note: 1. SVCs and PVCs are specified in the X.25 Logical Channel Assignments section of the configuration. However, PVCs require additional configuration, which is done in this section. Follow the onscreen instructions to begin the configuration of a virtual circuit. Note: Default values are configured for each PVC when an access is newly created.
USER’S GUIDE BEARER CHANNELS A list of bearers (a channel map) that will be used on the line associated with this X.25 access. For PRI lines, the range of channels is from 1 to 24.For BRI lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/or list a range by using a dash (-). LAPB CONFIGURATION ELEMENTS Link Access Protocol-Balanced (LAPB), is a data link layer protocol that is used in X.25 connections. LAPB is based on the HDLC protocol.
CONFIGURING ALTERNATE ACCESSES X.25 Accesses X.25 ACCESS CONFIGURATION ELEMENTS The X.25 Access configuration elements are divided into seven different categories: • X.25 Logical Channel Assignments • X.25 Timer Configuration • X.25 Reliability, Windows, and Acknowledgment Facilities • X.25 Quality-of-Service Facilities • X-25 Charging -Related Facilities • X-25 Restriction Facilities • X.25 Miscellaneous Facilities Each category has multiple configuration elements that must be entered.
USER’S GUIDE X.25 RELIABILITY, WINDOWS, AND ACKNOWLEDGMENT X.25 SEQUENCE NUMBER RANGE The type of sequence numbers to be used for X.25; regular or extended. Extended sequence numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128), as opposed to 0-7 (modulo 8). The default value is modulo 8. MAXIMUM WINDOW SIZE This is the largest possible window size to be supported on any virtual circuit.
CONFIGURING ALTERNATE ACCESSES X.25 Accesses NONSTANDARD DEFAULT TRANSMIT WINDOW SIZE The number of frames that a DTE can send without receiving an acknowledgment. Using modulo 128, the DTEs can send up to 127 frames without receiving an acknowledgment. Using modulo 8, the DTEs can send up to 7 frames without receiving an acknowledgment. The default value for both modulo 8 and modulo 128 is 2.
USER’S GUIDE X.25 RESTRICTION FACILITIES These facilities are used to place restrictions upon incoming and outgoing X.25 calls. BARRING INCOMING CALLS Allows to you bar X.25 calls coming in to the system. The default configuration is to not bar incoming X.25 calls. BARRING OUTGOING CALLS Allows you to bar X.25 calls going out of the system. The default configuration is to not bar outgoing X.25 calls. X.
CONFIGURING ALTERNATE ACCESSES X.25 Accesses NONSTANDARD DEFAULT RECEIVE WINDOW SIZE The number of frames that a DTE can receive without receiving an acknowledgment. Using modulo 128, the DTEs can send up to 127 frames without receiving an acknowledgment. Using modulo 8, the DTEs can send up to 7 frames without receiving an acknowledgment. The default value for both modulo 8 and modulo 128 is 2. NONSTANDARD DEFAULT TRANSMIT PACKET SIZE The size of a packet that a DTE can transmit.
USER’S GUIDE a virtual path, although it appears that a real circuit exits, in reality, the network routes the device’s information packets to the designated designation. Any given path may be shared by several devices. When the virtual circuit is established, a logical channel number is assigned to it at the originating end.
CONFIGURING ALTERNATE ACCESSES Frame Relay Accesses CURRENT X.25 R ESTRICTIONS • • • • • • • • • • X.25 virtual circuits must be two-way logical channels; one-way incoming and one-way outgoing channels are not currently supported. Each system can have only one X.25 access. The X.25 access can use only one line. A maximum of forty eight virtual circuits can be configured per access. This can be any combination of PVCs or SVCs. Each virtual circuit counts as one of the system’s available 48 connections. X.
USER’S GUIDE 6. Enter a list of bearers (a channel map). For T1 or PRI lines, the range of channels is from 1 to 24.For BRI lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/ or list a range by using a dash (-). 7. Enter the maximum frame size supported by the network (including the endpoints). 8. Select whether or not HDLC Data is inverted. 9. Enable/disable Link Failure Detection. 10.
CONFIGURING ALTERNATE ACCESSES Frame Relay Accesses 8. Indicate whether or not Congestion Control should be enabled. 9. Enter the Rate Measurement Interval in msecs. Note: You must restart the CyberSWITCH in order to associate the PVC with a device. After all of the above PVC information is entered, an index number will be assigned to the associated DLCI. This is the index number that should be used when issuing various frame relay access console commands.
USER’S GUIDE have a per packet charge, therefore, the administrator should be cautious when enabling this feature. LMI Indicates whether or not this frame relay access will support the Local Management Interface (LMI). If this frame relay access supports LMI, LMI information can be displayed by entering the fr lmi command at the system console prompt. For further LMI information, refer to the Local Management Interface Overview. LMI FORMAT The LMI format used by this frame relay access.
CONFIGURING ALTERNATE ACCESSES Frame Relay Accesses network, the one to which the access line is directly connected, routes the packet to the intended destination based on the DLCI therein. Hence, each packet is routed independently through the network based on the addressing information provided by this identifier. PVC LINE PROTOCOL The PVC line protocol determines which type of data encapsulation will be used on the PVC. The options are PPP Point to Point Protocol or FR_IETF.
USER’S GUIDE FRAME RELAY ACCESS BACKGROUND INFORMATION Frame Relay is a frame mode service in which data is switched on a per frame basis, as opposed to a circuit mode service that delivers packets on a call-by-call basis. This feature will allow the system to efficiently handle high-speed, bursty data over wide area networks. It offers lower costs and higher performance than a X.25 packet switched network for those applications that transmit data at a high speed in bursts.
CONFIGURING ALTERNATE ACCESSES Frame Relay Accesses configured in the device table. It will find the PVC and the line protocol that corresponds to the PVC name and change its PVC name to match the corresponding device name. Notes: Connection Services Manager (CSM) is currently the only off-node device database supported by the CyberSWITCH for Frame Relay. The management of Frame Relay permanent virtual circuits requires the use of some form of security.
USER’S GUIDE -- the rate at which data frames may be sent into the network without incurring congestion. This is generally accepted as the end-to-end available bandwidth at which frame relay service devices may enjoy sustained frame transmission. By definition this must be less than the throughput that the actual physical access link can support. However, for short periods of time, service devices may exceed this rate by defined values.
CONFIGURING ALTERNATE ACCESSES Frame Relay Accesses However, under the above stated conditions, the network configuration shown below would not be allowed: CSX5500 DLCI 1 -> SITE2 Frame Relay DLCI 2 ->SITE2 CSX5500 "SITE1" NOT ALLOWED "SITE2" Switched connections can only be used as a backup to frame relay. As such, a switched connection would be made to a given node connected by a frame relay access only after that frame relay access had failed.
CONFIGURING ADVANCED BRIDGING OVERVIEW When bridging is enabled, optional advanced features are available. Optional bridging features include: • bridge dial out • Spanning Tree Protocol • mode of operation • bridging filters • known connect lists This chapter includes a section for each advanced bridging feature. BRIDGE DIAL OUT With bridging enabled, bridge dial out is supported. Bridge dial out allows the CyberSWITCH to initiate connections to bridge devices at remote sites.
CONFIGURING ADVANCED BRIDGING Bridge Dial Out CONFIGURING THE DEVICE LIST FOR BRIDGE DIAL OUT Note: The Configuring Device Level Databases chapter contains the information needed to completely configure an on-node device entry. The following section provides instructions for entering on-node device information specific to the bridge dial out feature. USING CFGEDIT 1. Select Security from the main menu. 2. Select Device Level Databases from the security menu. 3.
USER’S GUIDE Device Bridging: (Device = "DAN") 1) 2) 3) 4) 5) IP (sub)network number Bridging Make Calls for bridge data IPX Network Number IPX Spoofing Options None ENABLED None None Id of option to change or press for previous menu? 3 9. Enable Bridging. 10. Enable Make Calls for bridge data. You must have already configured the device’s phone number (Step 6) before the system allows you to enable this feature. Return to the Current Device Table.
CONFIGURING ADVANCED BRIDGING Spanning Tree Protocol SPANNING TREE PROTOCOL CONFIGURATION ELEMENTS Only the Ethernet-2 adapter supports the Spanning Tree Protocol in its entirety. Outlined below are the Spanning Tree configuration elements that the User can define. These elements are available when the system is running the local bridging option. SPANNING TREE PROTOCOL OPTION STATUS You can enable or disable the Spanning Tree protocol for CyberSWITCHes with Ethernet-2 adapters.
USER’S GUIDE BRIDGE MODE OF OPERATION CONFIGURING THE BRIDGE MODE OF OPERATION USING CFGEDIT 1. Select Mode of Operation from the Bridging menu. 2. Select the bridge mode of operation. The unrestricted bridge mode is the default. BRIDGE MODE OF OPERATION CONFIGURATION ELEMENTS BRIDGE MODE The forwarding method that the bridge will use to distribute LAN packets to the remote sites and to the LAN ports of the CyberSWITCH. The default value is unrestricted bridging.
CONFIGURING ADVANCED BRIDGING Bridge Filters RESTRICTED BRIDGE MODE If the Restricted Bridge Mode is selected, packets will be discarded unless overridden by a userdefined bridge filter. The bridge filters, therefore, allow you to transfer only the packets that you specify. If the Restricted Bridge Mode is selected, the following packet forwarding possibilities exist: • If the packet matches a discard filter (packet filter only), it is discarded.
USER’S GUIDE 5. Configure protocol filters. a. Select to add a protocol filter. b. Select a protocol definition Id. c. Select a distribution list. 6. Configure packet data filters. a. Select to add a packet data filter. b. Enter the off set value. c. Enter the mask in hex. d. Enter the data value in hex. e. Select a distribution list. USING MANAGE MODE COMMANDS Manage Mode can be used to complete all of the bridge filter configuration.
CONFIGURING ADVANCED BRIDGING Bridge Filters Destination MAC Filter Commands destfilt Displays the current destination address filter configuration data. destfilt add Allows a destination address filter to be added to the current configuration. Refer to the Using CFGEDIT section for required configuration elements (page 269). destfilt change Allows the current destination address filter configuration data to be changed.
USER’S GUIDE BRIDGE FILTER CONFIGURATION ELEMENTS PROTOCOL DEFINITION C ONFIGURATION ELEMENTS PROTOCOL NAME A user-defined name for the protocol to be filtered. It can be from 1 to 17 alphanumeric characters in length. ETHERNET TYPE IN HEX A four digit hexadecimal number (from 0600 to FFFF) that checks the protocol Id of a MAC frame. LSAP IN HEX A four digit hexadecimal number (from 0000 to FFFF) that checks the protocol Id of a MAC frame.
CONFIGURING ADVANCED BRIDGING Bridge Filters BRIDGE FILTERS BACKGROUND INFORMATION User-defined bridge filters allow you to filter unwanted traffic out of the network.
USER’S GUIDE Two of the more common protocols used today are: • The IP Protocol Id, which identifies DOD Internet Protocol packets with Ethernet type equal to hexadecimal 800, or 802.3 LSAP equal to hexadecimal 6060. • The IPX Protocol Id, which identifies Novell (old) NetWare IPX packets with Ethernet type equal to hexadecimal 8137, or 802.3 LSAP equal to hexadecimal E0E0.
CONFIGURING ADVANCED BRIDGING Bridge Filters 3. DESTINATION MAC-address DISCARD < distribution list > This filter allows you to discard MAC frames addressed to the specified MAC address. When the specified MAC address appears in the destination address field of the MAC frame, the frame will NOT be forwarded as specified in the distribution list. If no distribution list is specified, the frame will not be forwarded. 4.
USER’S GUIDE The following charts summarize the filter actions available for Unrestricted Bridging: 276 Filter Action Distribution List Result DISCARD LAN A packet matching this filter will not be forwarded on any LAN port. The packet will be sent to remote sites connected over the WAN according to the normal learning bridge methods. DISCARD WAN A packet matching this filter will not be forwarded to any remote sites connected on the WAN.
CONFIGURING ADVANCED BRIDGING Bridge Filters For Unrestricted Bridging, the following additional filter actions are available only on a system with an Ethernet-2 adapter executing the local bridge option. Filter Action Distribution List Result DISCARD LAN PORT 1 A packet matching this filter will not be forwarded on LAN port 1. The packet will be sent to remote sites connected over the WAN and to LAN port 2 according to the normal learning bridge methods.
USER’S GUIDE Restricted Mode Bridge Filters Restricted Mode Type of Filter available 278 Forwarding Action SOURCE FORWARD SOURCE CONNECT DESTINATION FORWARD DESTINATION CONNECT PROTOCOL FORWARD PROTOCOL CONNECT PACKET FORWARD PACKET DISCARD PACKET CONNECT 1. SOURCE unicast-address FORWARD This filter allows you to stipulate access privileges of a given device.
CONFIGURING ADVANCED BRIDGING Bridge Filters 5. PROTOCOL protocol-Id FORWARD < distribution list > This filter allows you to restrict packets based on the Ethernet protocol Id field or the corresponding 802.3 LSAP field. You can specify the protocol Id that is to be forwarded. The filtering mechanism will determine if the packet is Ethernet format or 802.3 format. The Ethernet type or LSAP field will be checked based on packet format. 6.
USER’S GUIDE The following chart summarizes the forward and connect filter actions available for Restricted Bridging: 280 Filter Action Distribution List Result FORWARD LAN A packet matching this filter will only be forwarded on the LAN ports. The packet will not be sent to any remote sites connected over the WAN. FORWARD WAN A packet matching this filter will only be forwarded to remote sites connected on the WAN. The packet will not be sent to the LAN ports.
CONFIGURING ADVANCED BRIDGING Bridge Filters For Restricted Bridging, the following additional filter actions are available only on a system with an Ethernet-2 adapter executing the local bridge option: Filter Action Distribution List Result FORWARD LAN PORT 1 A packet matching this filter will only be forwarded on LAN port 1. The packet will not be sent to remote sites connected over the WAN or to LAN port 2. FORWARD LAN PORT 2 A packet matching this filter will only be forwarded on LAN port 2.
USER’S GUIDE Filter Action Distribution List Result DISCARD LAN A packet matching this filter will be discarded on the LAN ports. The packet will be sent to all remote sites connected over the WAN. DISCARD WAN A packet matching this filter will be discarded to remote sites connected on the WAN. The packet will be sent to the LAN ports. DISCARD ALL A packet matching this filter will be discarded on the LAN ports and WAN ports.
CONFIGURING ADVANCED BRIDGING Bridge Filters DIAL OUT USING BRIDGE FILTERS Each type of bridge filter for each operating mode supports a different set of “forwarding actions.” Your particular set up and device configuration will determine which type of filter and forwarding arrangement will be the most useful. For our purposes, we will illustrate what we feel to be the most commonly used filter arrangement: the Destination MAC Address Filter used in Unrestricted Mode.
USER’S GUIDE 3. From the Bridging Menu, select Bridge Filters. The menus similar to the following will then be displayed. Follow the item selection process shown in the screens (the selections are in bold).
CONFIGURING ADVANCED BRIDGING Known Connect List Current Destination Address Filter Configuration: id DEST ADDRESS ACTION DISTRIBUTION LIST -------------------------------------------------------1 112233445566 CONNECT John (1) Add, (2) Change, (3) Delete a Destination Address Filter or to return to the previous menu? Your filter is now configured for this example. Remember, each type of filter for each operating mode supports a different set of “forwarding actions.
USER’S GUIDE KNOWN CONNECT LIST CONFIGURATION ELEMENTS DEVICE NAME The name of a bridge device that has been preconfigured in the On-node Device Database section of the Configuring Device Level Databases chapter. This is a device to which you want the system to connect and forward bridged unicast packets. KNOWN CONNECT LIST BACKGROUND INFORMATION In Unrestricted Mode, standard bridge processing attempts to forward frames with unknown or broadcast MAC addresses through all available interfaces.
CONFIGURING ADVANCED IP ROUTING OVERVIEW By default, IP routing is disabled when you first install your system software. After IP routing is enabled, there are optional advanced features available. Optional advanced IP routing features include: • Static ARP Table Entries ARP (Address Resolution Protocol) is used to translate IP addresses to Ethernet addresses. As a rule, this translation is handled dynamically. In rare situations, a user may need to manually enter this translation.
USER’S GUIDE STATIC ARP TABLE ENTRIES CONFIGURING STATIC ARP TABLE ENTRIES USING CFGEDIT Once IP has been enabled, the full IP Configuration menu will be displayed as shown below: IP Routing Menu: 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) 12) 13) IP Routing (Enable/Disable) IP Operating Mode IP Interfaces IP Static Routes RIP (Enable/Disable) IP Static ARP Table Entries Isolated mode (Enable/Disable) Static Route Lookup via RADIUS (Enable/Disable) IP Address Pool DHCP Configuration IP Filters NBNS and DNS name
CONFIGURING ADVANCED IP ROUTING The Isolated Mode THE ISOLATED MODE CONFIGURING THE ISOLATED MODE USING CFGEDIT 1. Select Isolated Mode (Enable/Disable) from the IP menu. 2. Follow the onscreen instructions to either enable or disable the isolated mode. ISOLATED MODE CONFIGURATION ELEMENTS ISOLATED MODE STATUS You may enable or disable the Isolated Mode option.
USER’S GUIDE STATIC ROUTE VIA RADIUS CONFIGURATION ELEMENTS STATIC ROUTE VIA RADIUS STATUS You may enable or disable this option. STATIC ROUTE LOOKUP VIA RADIUS BACKGROUND INFORMATION The Static Routes Lookup via RADIUS option allows you to maintain static routes for devices on the RADIUS Server. When there are multiple CyberSWITCHes at one site, the IP static routes information needs to be duplicated on all systems.
CONFIGURING ADVANCED IP ROUTING IP Filters IP ADDRESS POOL BACKGROUND INFORMATION The IP Address Pool feature allows you to configure a list of IP addresses that can be dynamically assigned to remote IP devices as they connect to the system. This would occur if a remote IP device calls in to the system and has no IP address, and requests to have one assigned.
USER’S GUIDE INITIATING THE IP FILTER CONFIGURATION USING CFGEDIT To begin the configuration process, IP must be enabled. Access IP Filter configuration through the extended IP Routing Menu: IP Routing Menu: 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) IP Routing (Enable/Disable) IP Operating Mode IP Interfaces IP Static Routes RIP (Enable/Disable) IP Static ARP Table Entries Isolated Mode(Enable/Disable) Static Route Lookup via RADIUS(Enable/Disable) IP Address Pool DHCP Configuration IP Filter Information.
CONFIGURING ADVANCED IP ROUTING IP Filters Current Configuration for PACKET TYPE "Type_One" 1) IP Source Address 2) IP Destination Address 3) IP Protocol AND 0.0.0.0 EQUAL 0.0.0.0 AND 0.0.0.0 EQUAL 0.0.0.0 EQ ANY Select function from above or for previous menu: The screen identifies the common portion of the packet type, which includes the IP addresses and protocol information. To modify these values, refer to the following section entitled Configuring the Common IP Portion.
USER’S GUIDE 8. Select IP protocol. If you choose an upper-level protocol, refer to the three following configuration sections: Configuring TCP, Configuring UDP, and Configuring ICMP. CONFIGURING TCP If you have selected TCP as your IP protocol, a screen similar to the following is displayed.
CONFIGURING ADVANCED IP ROUTING IP Filters 1. Select UDP Source Port. Note that the ports are specified in terms of an operator. 2. Select a comparison operator. 3. If you have chosen the comparison operator of “RANGE”, you will be prompted for upper-range and lower-range values. If you have chosen a comparison operator other than “RANGE”, you will be prompted for a specific UDP port number. 4. Select UDP Destination Port. Note that the ports are specified in terms of an operator. 5.
USER’S GUIDE CONFIGURING FORWARDING FILTERS The configuration of Forwarding Filters is a two-part process. First you must name the filter, and then you must create a list of conditions for the filter. To add a condition, you must name a previously-created packet type, and then name the action to perform on the specified packet type (i.e., forward or discard). USING CFGEDIT 1. Select Forwarding Filters from the IP Filter menu. 2. Select Add a Forwarding Filter. 3.
CONFIGURING ADVANCED IP ROUTING IP Filters CONFIGURING CONNECTION FILTERS The IP Connection Filter is used at the point when an IP packet attempts to establish an outbound connection in order to continue the forwarding process. Its configuration parallels that of forwarding filters. USING CFGEDIT 1. Select Connection Filter from the IP Filter menu. 2. Enable the Connection Filter. (By default, the Connection Filter is disabled.) 3. Select Edit the Connection Filter.
USER’S GUIDE CONFIGURING EXCEPTION FILTER The IP Exception Filter is intended for temporary, special conditions within an existing forwarding filter. When enabled, it is logically appended to the beginning of each forwarding filter in effect. USING CFGEDIT 1. Select Exception Filter from the IP Filter menu. 2. Enable the Exception Filter. (By default, the Exception Filter is disabled.) 3. Select Edit the Exception Filter.
CONFIGURING ADVANCED IP ROUTING IP Filters MODIFYING THE FINAL C ONDITION FOR A FILTER To change the final condition for a filter, select Change Default Condition (currently selection (5) on the Conditions for Filter menu. APPLYING FILTERS Once you have defined your forwarding filters, you must apply them to selected points in the IP routing process. There are three ways to apply filters: • through a Network Interface • globally • on a per-user basis APPLYING FILTERS TO NETWORK INTERFACES 1.
USER’S GUIDE 6. Select IP Information. 7. Select either IP Input Filter or IP Output filter. 8. Provide the filter name. IP FILTERS CONFIGURATION ELEMENTS The following elements are described in terms of the individual comparisons which make up the packet types. When an IP packet is subjected to a filter, the following comparisons are executed. The final result of the comparisons is a “match” if all comparisons are true, and a “no match” otherwise.
CONFIGURING ADVANCED IP ROUTING IP Filters EQ NEQ LT GT RANGE equal to not equal to less than greater than inclusive range <= packet port value> = Examples: EQ 23: TCP port for the Telnet protocol. RANGE 0 65535:Any TCP port (wild card and default). TCP CONTROL This element accesses the control bits of the TCP header, which are utilized to initiate and maintain the state of a TCP connection. “ANY” is the wild card and default value.
USER’S GUIDE FILTER IP Packet Conditions Discard Type 3 Discard Type 1 Forward Type 4 Action: Discard/Forward Packet Types: Type 1: www,www,www Type 2: xxx,xxx,xxx Type 3: yyy,yyy Type 4: zzz,zzz Final Condition Discard All Other Types Sample packet passing through a filter FILTER COMPOSITION The IP filtering mechanism is composed of three fundamental building blocks: • Packet Types The criteria for describing an IP datagram’s contents: IP Source and Destination Addresses, Protocol (TCP, UDP
CONFIGURING ADVANCED IP ROUTING IP Filters • • attached network. through the Output Network Interface: applies the filter only to packets which are transmitted on a specific attached network (i.e. after the Routing process has determined the next-hop network for the datagram). on a per-Device basis: applies a device-specific filter in addition to any Input or Output filters. This type of filtering is applicable only to WAN Network Interfaces.
USER’S GUIDE Because the Packet Types within the conditions specify both source and destination address information, Global application may often be sufficient to filter IP traffic across the entire system. However, the Input, Output and User-Based application points are defined in case the administrator needs to apply a finer level of filtering which cannot be obtained on a Global basis.
CONFIGURING ADVANCED IP ROUTING IP Filters Common Portion: IP Source Address AND mmm.mmm.mmm.mmm EQ/NEQ ttt.ttt.ttt.ttt IP Destination Address AND mmm.mmm.mmm.mmm EQ/NEQ ttt.ttt.ttt.
USER’S GUIDE EXAMPLE OF AN IP FILTER CONFIGURATION This example provides a simple filtering scenario in which a corporate LAN utilizes a CyberSWITCH to provide WAN access to both dial-in devices as well as the global Internet. A Netserver resides on the LAN to provide configuration support for the CyberSWITCH. Also on the LAN are an anonymous FTP server and a WWW server. Host Host FTP Server SFVRA Manager WWW Server Internet 128.131.25.10 128.131.25.12 128.131.25.11 128.131.25.15 193.57.50.
CONFIGURING ADVANCED IP ROUTING IP Filters FORWARD IP Src 0.0.0.0, 0.0.0.0 IP Dst: 255.255.255.255, 128.131.25.10 IP Prot: ANY Permits any host to access the FTP Server. FORWARD IP Src 0.0.0.0, 0.0.0.0 IP Dst: 255.255.255.255, 128.131.25.12 IP Prot: ANY Permits any host to access the WWW Server FORWARD IP Src 0.0.0.0, 0.0.0.0 IP Dst: 0.0.0.0., 0.0.0.
USER’S GUIDE FORWARD IP Src 255.255.255.255, 201.55.89.100 IP Dst: 255.255.255.255, 128.131.25.11 IP Prot: ANY Allows specific host to access the Netserver. FORWARD All other packet types If no match, let filter execution continue with the existing input filter. Once the offsite maintenance is completed, the Exception filter would be disabled.
CONFIGURING ADVANCED IP ROUTING DHCP Relay Agent DHCP CONFIGURATION ELEMENTS DHCP/BOOTP RELAY AGENT ENABLE/DISABLE FLAG A global flag that indicates whether the system is relaying the DHCP/BOOTP BOOTREQUEST messages or not. The relay agent is disabled by default. RELAY DESTINATION IP ADDRESSES These are the IP addresses to which the system will relay BOOTREQUEST messages.
USER’S GUIDE Bridge to Bridge Environment CSX5500 Using bridging DHCP CSX1200 Remote Bridge DHCP Server WORKGROUP REMOTE ACCESS SWITCH B-CHANNELS POWER SERVICE TX LAN RX 10BASE-T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 E1 ONLY B17 B19 B21 B23 B18 B20 B22 B24 E1 D DHCP Client B25 B27 B29 B31 B26 B28 B30 L1 T1 D DHCP Client As shown in the picture above, when a remote LAN is connected with bridge devices, the DHCP server and clients communicate with each other
CONFIGURING ADVANCED IP ROUTING DHCP Relay Agent DHCP CSX5500 Using routing DHCP Server CSX1200 Remote Bridge WORKGROUP REMOTE ACCESS SWITCH B-CHANNELS POWER SERVICE TX LAN RX 10BASE-T B1 B3 B5 B7 B9 B11 B13 B15 B2 B4 B6 B8 B10 B12 B14 B16 DHCP Client E1 ONLY E1 D B17 B19 B21 B23 B18 B20 B22 B24 T1 D B25 B27 B29 B31 B26 B28 B30 L1 DHCP DHCP Client EXAMPLE DHCP CONFIGURATIONS Below we have included two of the more common DHCP scenarios.
USER’S GUIDE Routers shown in the diagram above.
CONFIGURING ADVANCED IP ROUTING DHCP Relay Agent Remote Bridge to IP Router (w/Relay Agent) This configuration is useful when requests by a DHCP Client must be “bridged” to an IP Router that is also a DHCP/BOOTP Relay Agent. Our equipment is shown in this example, but any remote bridge device should work. DHCP Client DHCP Server 192.168.1.5 ISDN 192.168.1.168 204.157.42.
USER’S GUIDE Configuration for IP Router "Alex" Configuration for Remote Bridge "Ruby" System Information: System Name = Alex System Password = stone System Information: System Name = Ruby System Password = rubble Security Level = Device Level (On-node Device Database, PAP security) Security Level = Device Level (On-node Device Database, PAP security) Bridging disabled Bridging enabled Bridge Packet Data Filter: offset=1; mask=00;value=00;action=CONNECT; dist list=“Alex” IP enabled (router mode) I/
CONFIGURING ADVANCED IP ROUTING DHCP Proxy Client DHCP PROXY CLIENT CONFIGURING THE DHCP PROXY CLIENT In order to configure the DHCP Proxy Client, you must first enable the client, and then configure client information for a WAN or a WAN (Direct Host) type interface. USING CFGEDIT 1. Select DHCP Configuration from the IP menu. 2. Select DHCP Proxy Client. 3. Follow the onscreen instructions to enable the DHCP Proxy Client. Then return to the IP Routing Menu. 4.
USER’S GUIDE DHCP CONFIGURATION ELEMENTS DHCP PROXY CLIENT ENABLE/DISABLE FLAG A global flag that indicates whether the DHCP Proxy Client feature is enabled or not. The proxy client is disabled by default. MAXIMUM NUMBER OF IP ADDRESSES Refers to the maximum number of IP addresses obtained from DHCP servers for this network interface. This number of IP addresses can be leased from DHCP servers for this interface and placed into the IP Address Pool.
CONFIGURING ADVANCED IP ROUTING DHCP Proxy Client The DHCP Proxy Client feature is not applicable for the CyberSWITCH running in IP HOST mode. DHCP servers must support use of the broadcast bit in order to obtain IP addresses for WAN (Direct Host) interfaces. SAMPLE CONFIGURATION: IP ROUTER WITH DHCP PROXY CLIENT The following illustrates a typical use of the DHCP Proxy Client. This configuration has the DHCP server and the CyberSWITCH located on the same LAN: ETHERNET DHCP Server 192.168.1.5 192.168.
USER’S GUIDE Configuration for IP Router “Chloe” System Information: System Name = Chloe System Password =pets Security Level = Device Level (On-node Device Database, PAP security) Bridging disabled IP enabled (router mode) I/F = LAN (192.168.1.168); LAN port 1 I/F = WAN explicit (192.168.10.168) DHCP related: max addrs to obtain=10 num addrs to pre-fetch=5 LAN port to reach server=1 DHCP configuration: Relay Agent disabled. Proxy Client enabled.
CONFIGURING ADVANCED IP ROUTING DNS and NetBIOS Addresses DNS AND NETBIOS ADDRESSES CONFIGURING DNS AND NETBIOS ADDRESSES USING CFGEDIT 1. 2. 3. From the CFGEDIT Main Menu, select Options. Select IP Routing. If IP routing is disabled, enable this now. Select NBNS and DNS name server addresses. A menu similar to the following will display: Name Servers Menu: 1) 2) 3) 4) Primary Domain Name System server is not configured. Primary NetBIOS Name Server is 2.22.222.2 Secondary Domain Name System server is 3.
USER’S GUIDE Name Servers Menu: 1) 2) 3) 4) Primary Domain Name System server is 1.2.33.44 Primary NetBIOS Name Server is 2.22.222.2 Secondary Domain Name System server is not configured. Secondary NetBIOS Name Server is not configured. Select name server to change or for previous menu: USING MANAGE MODE ipnamesv This command displays the Name Servers menu from which you can enable, disable or change an IP address for a name server.
CONFIGURING IPX OVERVIEW IPX protocol accepts data from remote devices and formats the data for transmission onto the network, and conversely, accepts data from the LAN and formats it so it can be understood by remote devices. In short, IPX allows remote devices and their servers to communicate. The CyberSWITCH supports the standard method of routing datagrams over a network.
USER’S GUIDE CONFIGURING IPX INFORMATION Note: IPX is available only if you have purchased the additional software module for our IPX feature. To help you configure your IPX information, we have included an illustration of a sample network. As we explain the steps, we provide sample CFGEDIT screens. The screens include information from the sample network. You may find it helpful to refer to the graphic and to the sample screens for clarification while completing your IPX configuration.
CONFIGURING IPX IPX Routing Option IPX ROUTING OPTION ENABLING/DISABLING IPX Note: The CyberSWITCH does not currently provide IPX data transfer over X.25 links. USING CFGEDIT 1. Select Options from the main menu. 2. Select IPX Routing from the Options menu. The following menu will be displayed: IPX Menu: 1) IPX Routing (Enable/Disable) Select function from above or for previous menu: 1 The IPX Routing feature is currently DISABLED.
USER’S GUIDE IPX OPTION BACKGROUND INFORMATION The Internetwork Packet Exchange (IPX) protocol is a datagram, connectionless protocol in the NetWare environment analogous to the Internet Protocol (IP) in the TCP/IP environment. With the help of Routing Information Protocol (RIP) and Service Advertising Protocol (SAP), the IPX router performs the network layer tasks of addressing, routing and switching information packets, to move packets from one location to another in a complex network.
CONFIGURING IPX IPX Network Interfaces IPX NETWORK NUMBER BACKGROUND INFORMATION Novell NetWare networks use IPX external and internal network numbers. An IPX internal network number is a unique identification number assigned to a network server or router at the time of installation. Servers and routers periodically broadcast their numbers across the network to advertise their presence. Each server/router must have a unique internal network number to distinguish itself from other servers/routers.
USER’S GUIDE 9. If IPX RIP has been enabled for the system, enter the following: a. RIP send control (do not respond or respond) b. frequency (in seconds) of sending RIP updates c. RIP receive control (do not respond or respond) d. time (in seconds) to age RIP entries e. RIP respond control (do not respond or respond) 10. If IPX SAP has been enabled for the system, enter the following: a. SAP send control (do not respond or respond) b. frequency (in seconds) of sending SAP updates c.
CONFIGURING IPX IPX Network Interfaces IPX NETWORK INTERFACE CONFIGURATION ELEMENTS GENERAL IPX NETWORK INTERFACE C ONFIGURATION ELEMENTS INTERFACE TYPE When configuring an IPX Network interface, this parameter specifies the type of network segment to which the network interface connects. The network Interface type of LAN indicates that the system is physically connected to an Ethernet LAN segment. The WAN (Remote LAN) interface allows the system to connect to remote bridge devices.
USER’S GUIDE SEND FREQUENCY Specifies the frequency at which the system will transmit RIP packets, if the Send control parameter is set to send for this interface. This parameter is a decimal value specified in seconds from 1 to 300. The default value is 60 seconds. RECEIVE CONTROL Specifies how the system will process RIP packets received on this network interface.
CONFIGURING IPX IPX Network Interfaces IPX NETWORK INTERFACE BACKGROUND INFORMATION Traditional routing products ask you to define the network interfaces to which the router is directly connected: LAN INTERFACES LAN network interfaces are fixed broadcast media type interfaces. These interfaces are assigned a specific network number and all devices on that LAN must agree on the IPX network number used on the LAN segment.
USER’S GUIDE IPX ROUTING PROTOCOLS CONFIGURING IPX ROUTING PROTOCOLS USING CFGEDIT 1. Select Routing Protocols from the IPX menu. The following will be displayed: IPX Routing Protocol Menu: 1) 2) 3) 4) IPX IPX IPX IPX RIP RIP SAP SAP Processing is Table maximum Processing is Table maximum currently ENABLED is 282 currently ENABLED number of entries is 282 Select function from above or for previous menu: 2.
CONFIGURING IPX IPX Routing Protocols RIP/SAP NUMBER OF TABLE ENTRIES Specifies the maximum number of routing entries which can be stored in the route or service table. You may select a number between 20 and 3072. The default value is 282 (141 routes + 141 services). IPX ROUTING PROTOCOL BACKGROUND INFORMATION Routing Information Protocol (RIP) and Service Advertising Protocol (SAP) are used to automate the exchange of information across a network.
USER’S GUIDE Static services are configured locally on the system. SAP entries are learned from incoming SAP packets. All services are stored, used internally and advertised to other routers. The same factors that affect the maximum number of routes stored also affect the maximum number of services stored. Because of these factors, the maximum number of services for each router must be configurable. Each route or service entry requires memory.
CONFIGURING IPX IPX Static Routes IPX STATIC ROUTES Note: With the availability of Triggered RIP/SAP (page 343), the configuration of static routes is no longer necessary but still supported. Situations may arise in which a remote router does not support our implementation of Triggered RIP/SAP. In this case, it would be necessary to configure a static route to that particular router. CONFIGURING IPX STATIC ROUTES USING CFGEDIT 1. From the IPX menu, select IPX Static Routes. 2.
USER’S GUIDE USING MANAGE MODE COMMANDS ipxroute Displays the current IPX routes (both statically entered and "learned"). ipxroute [add/change/delete] Allows you to add/change/delete an IPX route. IPX STATIC ROUTES CONFIGURATION ELEMENTS DESTINATION NETWORK The IPX network number reachable through this static route entry. This parameter is a hexadecimal value from 1 to 4 bytes in length.
CONFIGURING IPX IPX NetWare Static Services IPX NETWARE STATIC SERVICES Note: With the availability of Triggered RIP/SAP (page 343), the configuration of static services is no longer necessary but still supported. Situations may arise in which a remote router does not support our implementation of Triggered RIP/SAP. In this case, it would be necessary to configure a static service for that particular router. CONFIGURING IPX NETWARE STATIC SERVICES USING CFGEDIT 1.
USER’S GUIDE IPX NETWARE STATIC SERVICES CONFIGURATION ELEMENTS SERVICE NAME Specifies the NetWare service name that is the target of this static service definition. This parameter is a 48 character NetWare service name. SERVICE TYPE Indicates the type of NetWare service that is the target of this static service definition. You may enter the hexadecimal service type value, or request a list of common service types.
CONFIGURING IPX IPX Spoofing IPX NETWARE STATIC SERVICES BACKGROUND INFORMATION This IPX feature allows you to configure service servers that are on networks across the WAN. The IPX NetWare Static Services configuration tells the system which servers are available for access. The static route configuration tells the system how to get to the network on which the servers are located. IPX SPOOFING CONFIGURING IPX SPOOFING USING CFGEDIT 1. Press 7 from the IPX menu to configure IPX spoofing options.
USER’S GUIDE b. 5. Press 2 to select the system serialization packet handling level. The default values for all parameters will be displayed. Enter the Id of any parameters you need to change. Follow the onscreen instructions for changing the default values. Return to the IPX spoofing menu. Press 4 to configure the message packet handling. A message packet handling menu will be displayed. a. Press 1 to select the message packet handling configuration level.
CONFIGURING IPX IPX Spoofing WATCHDOG PROTOCOL Watchdog Protocol is used by NetWare Servers to detect “dead” clients. If no traffic has been seen by a server from an attached client for a configurable amount of time, the server sends a watchdog packet to the client to determine if the client is still alive or merely inactive. If, after a few minutes, a watchdog reply is not received by a server, it is assumed that the client is no longer alive and the connection to the server is terminated.
USER’S GUIDE Some of these packets are overloaded in that they are not just keep-alive packets but are control packets needed for the application to run successfully and hence have to be routed like regular SPX data packets. If any NetWare application does not seem to work across WANs, it may be because of the mishandling of these packets and can be traced by disabling SPX keepalive spoofing.
CONFIGURING IPX IPX Isolated Mode IPX TYPE 20 PACKET H ANDLING DEVICE CONFIGURATION ELEMENTS Once you enable the feature, you can then enter devices to use the feature. The following configuration elements are entered for each device. IPX TYPE 20 PACKET DEVICES The device name of the previously configured device. IPX TYPE 20 PACKET FORWARD CONTROL METHOD Allows you to determine under what conditions IPX type 20 broadcast packets will be broadcasted to the designated device.
USER’S GUIDE IPX TRIGGERED RIP/SAP IPX Triggered RIP/SAP is a type of broadcast protocol used over WAN circuits for router-to-router exchange of route and service information. Its broadcasts are “triggered” by events such as updates or changes to route and service tables. Triggered RIP/SAP offers an alternative to running periodic broadcasts over the WAN, and is especially useful when you consider the costs of periodic broadcasts over WAN links.
CONFIGURING IPX IPX Triggered RIP/SAP CONFIGURATION ELEMENTS DATABASE TIMER This timer starts when an update response is received. While this timer is running, the routes learned from this router are still considered reachable, and advertised as such on other interfaces. When this timer expires, the routes are considered unreachable and advertised as such until the hold-down timer expires. Valid range for timer: 1 to 10,000 seconds; default: 180 seconds.
USER’S GUIDE Specifically, triggered RIP and SAP updates are only transmitted on the WAN: • when a specific request for a routing/service update has been received; • when the routing or service databases are modified by new information from another interface (in which case, only the latest changes are sent); • when a destination has changed from an unreachable to a reachable state; and • when the unit is powered up.
CONFIGURING IPX IPX-Specific Information for Devices 7. Enable IPX routing. Select IPX Routing and follow on-screen instructions. 8. Enable make calls feature. Select Make calls for IPX data and follow on-screen instructions only if the CyberSWITCH is to dial-out to remote1. 9. Although IPXWAN Protocol appears on the menu, the feature is not yet completely functional. 10. Select Routing Protocol.
USER’S GUIDE c. Press to return to the IPX Device Spoofing menu. Press 2 to configure SPX Watchdog Spoofing. The following menu will be displayed: Device Level SPX Watchdog Spoofing Menu: 1) 2) 3) 4) Default Handling is Discard Handling while the connection is up is Forward Handling for the special period after disconnecting is Spoof Special period of time after disconnecting is 120 Minutes Select function from above or for previous menu: d.
CONFIGURING IPX IPX-Specific Information for Devices 3. Select On-node Device Entries from the device level databases menu. 4. Press 1 to add a device. 5. Enter the device’s name and press . You should provide ISDN and Authentication information first. 6. Select Bridging from the Device Table Menu.
USER’S GUIDE Otherwise, a WAN connection is not established. With triggered RIP/SAP, this field must also be enabled for an active WAN peer type to function properly. IPXWAN PROTOCOL The IPXWAN protocol option is not yet completely functional. In the future, it will provide interoperability with Novell products. IPX ROUTING PROTOCOL Indicates the method, if any, the remote device will be using to maintain routes and service tables. NONE Specifies no RIP and SAP protocols (neither periodic nor triggered).
CONFIGURING IPX IPX-Specific Information for Devices This parameter is only necessary for IPX over Frame Relay when at least one of the CyberSWITCHes in the Frame Relay connection is a CSX200 or CSX400. (CSX200 and CSX400 platforms do not support unnumbered connections). In this instance, you must specify the same number on both CyberSWITCHes supporting the Frame Relay access. IPX REMOTE LAN NETWORK NUMBER Specifies the IPX external network number on the remote LAN. The default value is none.
CONFIGURING SNMP OVERVIEW A Network Management Station (NMS) is a device that contains SNMP-specific software, giving it the ability to query SNMPAgents using various SNMP commands. If you have purchased an NMS (such as Cabletron’s SPECTRUM® Management Platform), you should enable and configure the CyberSWITCH to be an SNMP Agent. This will allow you to use the NMS to monitor the CyberSWITCH and other remote devices on your network. (Refer to Remote Management: SNMP.
CONFIGURING SNMP Configuring SNMP 1. Enable IP routing if you have not already done so. 2. Select SNMP from the Options menu. 3. Follow the onscreen instructions to enable SNMP. The following SNMP menu will then be displayed: SNMP Menu: 1) 2) 3) 4) SNMP (Enable/Disable) SNMP Community Name SNMP Trap Information MIB-2 System Group Objects Select function from above or for previous menu: 4. Enter the Community Name information. a. Enter a user-defined Community Name.
USER’S GUIDE USING MANAGE MODE COMMANDS Currently you cannot configure SNMP using the Manage Mode, but the following command is available: snmp This Manage Mode command displays the current SNMP configuration data. An example output screen is shown below: MANAGE> SNMP The SNMP feature is enabled.
CONFIGURING SNMP SNMP Background Information IP ADDRESS The IP address assigned to the management station that should receive Trap PDUs. COMMUNITY NAME A list of configured Community Names will be displayed. Select the Community Name that should be inserted in the Trap PDUs to be sent to the NMS with the corresponding IP address. AUTHENTICATION FAILURE TRAPS STATUS You may enable or disable the generation of SNMP Authentication Failure Traps.
USER’S GUIDE ASN. 1 File CSX5500 MIB 128.111.1.1 LAN A MIB Formatter WAN 128.111.1.1 Network Management Station MIB Network Management Station The SNMP Agent will process all SNMP Protocol Data Units (PDUs) which are received at a LAN port or which are received at a WAN port. (A PDU contains both data and control (protocol) information that allows the two processes to coordinate their interactions.
CONFIGURING SNMP SNMP Background Information Protocol (ICMP) group, the User Datagram Protocol (UDP) group, the Transmission Control Protocol (TCP) group, and the Simple Network Management Protocol (SNMP) group. Currently, each object in the above MIB-2 groups can be retrieved via an SNMP GetRequest or GetNextRequest PDU. However, only the snmpEnableAuthenTraps object in the SNMP group can be changed via the SNMP SetRequest PDU.
USER’S GUIDE • isdnUsageNormal Trap An SNMP Agent will generate an isdnUsageNormal Trap PDU when the Agent detects that the number of B-Channels in use has returned to a value below the configured threshold value. • authTimeout Trap An SNMP Agent will generate an authTimeout Trap PDU anytime an off-node server times out. • clidDisconnect Trap An SNMP Agent will generate an clidDisconnect Trap PDU anytime there is a configuration problem with a device’s Calling Line Id.
CONFIGURING APPLETALK ROUTING OVERVIEW The AppleTalk routing feature allows the CyberSWITCH to efficiently route AppleTalk data as opposed to bridging all data relating to the protocol. With the addition of the AppleTalk Remote LAN feature, the CyberSWITCH can be configured to be a router, bridge or a mix of both when handling AppleTalk traffic. By default, AppleTalk routing is disabled when you first install your system software.
USER’S GUIDE APPLETALK ROUTING OPTION CONFIGURATION ELEMENT APPLETALK OPERATIONAL STATUS You can enable or disable the AppleTalk Routing option. When AppleTalk Routing is enabled, the CyberSWITCH acts as an AppleTalk Router, routing AppleTalk datagrams based on AppleTalk address information. When AppleTalk Routing is disabled, the CyberSWITCH will simply bridge AppleTalk protocol network traffic. By default, AppleTalk Routing is disabled.
CONFIGURING APPLETALK ROUTING AppleTalk Ports 8. If you are configuring your system in the nondiscovery mode (you entered numbers other than 0 or 0-0 for the network range/number), complete the following: a. Enter either the suggested AppleTalk address or the suggested AppleTalk node Id (depending on AppleTalk network type configured). • For extended networks: enter the suggested AppleTalk address (includes the network number and the node’s Id). • For nonextended networks: enter the suggested node Id.
USER’S GUIDE APPLETALK NETWORK RANGE/NUMBER The AppleTalk network range (for Extended network) or the AppleTalk network number (for NonExtended network) of the LAN segment that the port is connected to. Specifying 0.0 (for Extended) or 0 (for NonExtended) places the port in discovery mode (a.k.a., non-seed router), in which the system learns its configuration information from the seed router. Note that there must be at least one seed router on the network.
CONFIGURING APPLETALK ROUTING AppleTalk Ports THE ZONE C ONCEPT A zone is a logical group of nodes on an internet, much like the concept of subnetting with the world of IP. Within the framework of Phase 2 the logical assignment of zones is limited to 255 zone names for a network. Each name can be configured to represent a logical group within that respective internet. An example would be zone 1=Marketing, zone 2=Engineering etc.
USER’S GUIDE number/range configured for the Remote LAN port differs from the network number/range that is being broadcasted in RTMP packets by other remote routers, the port becomes unusable.
CONFIGURING APPLETALK ROUTING AppleTalk Capacities APPLETALK ROUTING STATIC ROUTES CONFIGURATION ELEMENTS APPLETALK NETWORK TYPE The AppleTalk network type used by the destination network of this static route. Type can be either Extended Network or NonExtended Network. DESTINATION NETWORK RANGE/NUMBER The remote AppleTalk network range (for Extended network) or network number (for NonExtended network) reachable through this static route entry.
USER’S GUIDE APPLETALK CAPACITIES BACKGROUND INFORMATION This option allows you to control the maximum number of table entries (routing and zone tables) for your network. APPLETALK ISOLATED MODE CONFIGURING THE APPLETALK ISOLATED MODE USING CFGEDIT 1. Select Isolated Mode (Enable/Disable) from the AppleTalk Routing Menu. 2. Follow the onscreen instructions to either enable or disable the isolated mode.
CONFIGURING CALL CONTROL OVERVIEW The CyberSWITCH offers a number of configurable options to control how the system will make and accept calls.
USER’S GUIDE THROUGHPUT MONITOR CONFIGURING THE THROUGHPUT MONITOR Notes: Throughput Monitoring parameters do not apply to Digital Modems. Refer to the Digital Modem Inactivity Timeout feature for an alternative. Certain restrictions apply to the use of the Throughput Monitor and Semipermanent Connections. Refer to the Background Information. USING CFGEDIT 1. Select Throughput Monitor from the Call Control Options menu. 2. The current throughput monitor configuration will be displayed.
CONFIGURING CALL CONTROL Throughput Monitor THROUGHPUT MONITOR CONFIGURATION ELEMENTS SAMPLE RATE A Sample Rate identifies the number of seconds for each sample period. The default setting for the sample rate is 5 seconds. During this period, the system keeps track of the total number of bytes that is transferred in both directions between two systems. The utilization percentage is determined by comparing this total with the realistic maximum for the current aggregate amount of bandwidth.
USER’S GUIDE The default Throughput Monitor configuration will work for initial installation. These parameters can be changed to better match the bandwidth needs of your location. Correctly tuning these parameters is important in order to eliminate unnecessary data calls. The default value for the sample rate is a 5 second sample period. The following chart provides the default values for the remaining throughput monitoring parameters.
CONFIGURING CALL CONTROL Throughput Monitor UNDERLOAD CONDITION MONITORING The underload condition is monitored by comparing the samples with a lower threshold. The sample is marked as a true condition if both the transmit and the receive byte count fall below the threshold. When the number of true samples in the window reaches the configured limit, the underload condition has occurred. The purpose of detecting this condition is to decide if connections can be released.
USER’S GUIDE Sample rate 5 Window 3 Trigger 2 Utilization 50% 50% Time 5 0 of 1 10 15 1 of 2 Sliding Window 1 of 3 20 1 of 3 25 1 of 3 30 2 of 3 Overload condition met 35 0 of 1 After 5 seconds the sample is checked and the average utilization for the 5 seconds was 40 percent. This is less than the configured utilization percentage of 50%, so no action is taken. For the second sample rate period, the average throughput is 60%.
CONFIGURING CALL CONTROL Call Interval Parameters CALL INTERVAL PARAMETERS CONFIGURING THE CALL INTERVAL PARAMETERS USING CFGEDIT 1. 2. Select Call Intervals from the Call Control Options menu. Enter the minimum time interval between call attempts. CALL INTERVAL CONFIGURATION ELEMENTS MINIMUM TIME INTERVAL The configured call interval is the minimum time between call attempts. The system will not make a call attempt in less than the configured call attempt value.
USER’S GUIDE MONTHLY CALL CHARGE CONFIGURATION ELEMENTS STATUS Allows you to enable or disable the monthly call charge option. MAXIMUM MONTHLY CHARGE The maximum monthly charge value. The legal values are from 1 to 10,000,000. This value is specified according to the country’s currency. ACTION Select the action to be taken if the maximum monthly call charge is exceeded. The Stop Calling action will cause the system to stop initiating switched calls.
CONFIGURING CALL CONTROL Call Restrictions USING MANAGE MODE COMMANDS alarm Displays the current status of the audible alarm. It is displayed as either enabled or disabled. If enabled, the audible alarm will sound when a call restriction condition has been met. alarm off Disables the audible alarm that sounds when a call restriction condition has been met. alarm on Enables the audible alarm that sounds when a Call Restriction condition has been met.
USER’S GUIDE The following chart provides example entries for hours calls are allowed: Hours Calls Allowed Entry 8am to 5pm 9-18 all hours 1-24 10am to 6pm, 8pm, 11pm 11-19, 21, 24 8am to 5pm, 7pm to 9pm 9-18, 20-22 MAXIMUM CALLS PER D AY Allows you to limit the number of calls made per day by configuring a maximum number of calls. The default value is 300 calls per day. Statistics will be logged to track the total number of calls made per day.
CONFIGURING CALL CONTROL Call Restrictions Two actions are available if this limit is exceeded. These actions are: 1. The call will not be allowed; a message will be displayed on the LCD, and written to the report log. 2. The call will be allowed; however, a warning will be displayed on the LCD, and written to the report log. Note: Existing calls will not be disconnected when this limit is reached. Subsequent calls may not be allowed, but existing calls will be allowed to continue.
USER’S GUIDE CALL RESTRICTIONS BACKGROUND INFORMATION The Call Restriction feature provides the ability to place limits on the toll costs of operating the CyberSWITCH. Call Restriction consists of a variety of features that can restrict the number of switched calls made to remote sites, and also limit the amount of call minutes accumulated for remote site access. Notes: It is important to note that the Call Restriction feature only applies to outbound calls from the system.
CONFIGURING CALL CONTROL Bandwidth Reservation Note that there are four lines in the default profile: (1,1), (1,2), (1,3), and (1,4). The leading “1” in the pair of numbers represents the slot number. The second number in the pair represents the port number. This example shows that there is only one BRI adapter, and it is installed in slot number one, and has four ports. There is a line for each port number. 4. Press 1 to add a device profile. 5. Enter a user-defined unique name to identify the profile.
USER’S GUIDE 5. Under ISDN information, enter the profile information. This is a profile name you configured in the previous section. Remember from the previous section that each configured profile reserves specific lines. By assigning this profile to the device, you are reserving specific lines for this device. To enable the bandwidth reservation feature: 1. Return to the Options Menu (selection 2 of the main menu). 2. Select Bandwidth Reservation. 3.
CONFIGURING CALL CONTROL Semipermanent Connections BANDWIDTH RESERVATION BACKGROUND INFORMATION This feature allows a portion of the possible connections to always be available to specific devices for both inbound and outbound calls. To increase flexibility, this feature may be configured to either allow or prevent bandwidth overlap.
USER’S GUIDE 6. Determine if the CyberSWITCH should always retry a call. If yes, then configuration for the device is done, the device is entered into the semipermanent device list, and appears as shown below. If no, continue to step 7.
CONFIGURING CALL CONTROL Semipermanent Connections SEMIPERMANENT CONNECTIONS CONFIGURATION ELEMENTS DEVICE NAME Specify the device name (from the Device List) that you wish to make a semipermanent connection. Once specified, the semipermanent feature will (at least) keep the Initial Data Rate active to the specified device, as long as it is not prohibited by call restrictions or a physical or configuration problem.
USER’S GUIDE Call Restrictions You may wish to disable call restrictions when using semipermanent connections. Call restrictions are mainly intended for use in areas where “per minute” ISDN tariffs are in place. Typically, this in not the case if semipermanent connections are in use. If you decide not to disable Call Restrictions, we recommend that you make the following Call Restriction parameter alterations: • Change the maximum call duration to warn only.
CONFIGURING CALL CONTROL CSM as a Call Control Manager CSM AS A CALL CONTROL MANAGER This feature allows you to use the CSM for call control management only. This feature allows you to continue to use other authentication servers (e.g., RADIUS, ACE) yet still gain the benefits of CSM call control management. CONFIGURING CSM FOR CALL CONTROL USING CFGEDIT 1. Select CSM as Call Control Manager from the Call Control Options menu. 2. The current status of the CSM Call Control Server will be displayed.
USER’S GUIDE AUTHENTICATION TIMEOUT TIMER This timer represents the amount of time the CyberSWITCH will wait for the Authentication Agent to handle a login attempt before timing out. If CSM is enabled as Call Control Manager, this timeout value must then represent the amount of time for both: • the Authenticating Agent to respond to the login attempt, and • CSM to respond to the login attempt.
CONFIGURING CALL CONTROL D Channel Callback If you use user level security for authentication: configure devices on CSM as well. This will provide access to the following CSM call control management features: call restrictions, maximum bandwidth, and grouping (in addition to the call logging feature). User level security and CSM call control management work together as follows: CSM allows a device to connect under an alias name until the user can be verified by its authentication server.
USER’S GUIDE 3. The current status D Channel Callback will be displayed. Select 1 to toggle from disabled to enabled (as shown by the following screen). D Channel Callback Menu: 1) D Channel Callback (Enable/Disable) Current Settings Enabled Select function from above or for previous menu: Note: In addition to the CFGEDIT configuration changes, you must also do some configuration through CSM for callback to work. You must define the calling device on CSM.
CONFIGURING CALL CONTROL Digital Modem Inactivity Timeout DIGITAL MODEM INACTIVITY TIMEOUT This feature allows the CyberSWITCH to disconnect inactive modem connections based on lack of activity for a specified amount of time. This feature does not affect digital HDLC connections. CONFIGURING THE DIGITAL MODEM INACTIVITY TIMEOUT USING CFGEDIT 1. 2. From CFGEDIT’s Options Menu, select Call Control Options. Select Digital Modem Inactivity Timeout.
USER’S GUIDE MODEM INACTIVITY TIMEOUT BACKGROUND INFORMATION The Modem Inactivity Timeout feature allows the CyberSWITCH to terminate connections to digital modem devices based on a lack of data transfer for a specified amount of time. This feature applies to both incoming and outbound calls. The Modem Inactivity Timeout feature supports DM-24, DM-24+ and DM-30+ modem adapters only, on CyberSWITCH systems running UAA software release 7.3 or beyond. The feature is not supported for DM-8 adapters.
CONFIGURING OTHER ADVANCED OPTIONS OVERVIEW This chapter provides information for configuring advanced system options that are not covered in the previous chapters.
USER’S GUIDE Routing chapter). Note that Digital Modem does not support WAN RLAN or WAN unNumbered interfaces. For IPX routing: a. Make sure IPX routing is enabled. b. Configure the LAN interface to represent local IPX Network that may receive and send datagrams (Configuring IPX chapter). c. Configure the WAN interface to represent remote networks that may receive and/or initiate calls. Note that Digital Modem does not support WAN Remote LAN interfaces. For AppleTalk routing: a.
CONFIGURING OTHER ADVANCED OPTIONS The Digital Modem The Digital Modem software identifies, directs, and converts the data stream appropriately. For example, if an incoming call to the system is identified as coming from an analog modem, the associated ISDN B-channel is routed to the Digital Modem adapter. Software assigns it to one of the digital modem modules, and all of the operations of a V.34+ or K56Flex modem are performed just as if the call had gone to an analog modem through an analog phone line.
USER’S GUIDE RELATIONSHIPS BETWEEN D IGITAL MODEM AND OTHER FEATURES Note the following: • RADIUS Authentication: Authentication is performed before the call is routed to the Digital Modem Adapter. Once the call is validated, the call is routed to the Digital Modem Adapter to establish a modem link. • Throughput Monitoring: Overload and Underload conditions do not apply, since the Digital Modem feature only uses one B-channel per call.
CONFIGURING OTHER ADVANCED OPTIONS Default Async Protocol TERMINAL MODE USING CFGEDIT 1. 2. 3. 4. 5. 6. 7. 8. From Options, select Default Async Protocol. Select Action on Data Timeout. Select Use Terminal Mode. Next, select Data Timeout Value. Change value, in seconds, as desired (minimum: 1; maximum: 60). Return to Main Menu and select Security. Select Network Login Information. Select Network Login General Configuration. Select Terminal Server Security: a.
USER’S GUIDE If no data is received within the data timeout duration, the following events will occur: • If Disconnect is configured, the CyberSWITCH will disconnect the call. • If Use PPP Protocol is configured, the CyberSWITCH will assign the call to a PPP subsystem. • If Use Terminal Mode is configured, the CyberSWITCH will assign the call to the terminal I/O subsystem and/or the user-level authentication server.
CONFIGURING OTHER ADVANCED OPTIONS Default Async Protocol Note: If the CyberSWITCH is configured for PPP Mode, the caller at the remote device can override this through manual intervention. The caller must initiate four carriage returns upon call connection to notify the system that the caller requests console access. (These CRs must take place within the time specified in the data timeout value).
USER’S GUIDE PPP CONFIGURATION CONFIGURING PPP Note: A thorough understanding of PPP protocol is required before you attempt to change the PPP configuration. By changing the PPP configuration, you are changing the PPP protocol negotiation parameters. These parameters only need to be changed when you are attempting to interoperate with devices that do not provide a standard PPP implementation.
CONFIGURING OTHER ADVANCED OPTIONS PPP Configuration RESTART TIMER Times transmissions of Configure-Request and Terminate-Request packets. Expiration of the Restart timer causes a Timeout event, and retransmission of the corresponding Configure-Request or Terminate-Request packet. LCP PROTOCOL FIELD COMPRESSION (PFC) Provides a way to negotiate the compression of the Data Link Layer Protocol field.
USER’S GUIDE PPP BACKGROUND INFORMATION Point-to-Point Protocol (PPP) can provide standard interoperability for remote devices. Interoperability will allow remote devices made by different manufacturers to operate and exchange information on the same network. PPP consists of three main parts: 1. A method of encapsulating datagrams so that they can be more easily transmitted over pointto-point links. 2. A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. 3.
CONFIGURING OTHER ADVANCED OPTIONS Default Line Protocol PPP Link Failure Detection can be enabled or disabled within the PPP Options configuration menu. When enabled, two other configurable parameters then control the mechanism. Upon entrance of a PPP link into Network Phase (the point at which device data transfer is allowed), Echo-Requests will be sent at a configured frequency. As long as Echo-Replies are received, the link is deemed to be functional.
USER’S GUIDE USING MANAGE MODE lineprot Displays the current default line protocol configuration. lineprot change Allows you to change the default line protocol configuration. For the configuration steps, refer to the previous CFGEDIT section. DEFAULT LINE PROTOCOL CONFIGURATION ELEMENTS ACTION ON FRAME TIMEOUT The action to be taken if no frame is received before the configured frame timeout value has expired. The default value is to disconnect the call.
CONFIGURING OTHER ADVANCED OPTIONS Log Options Log Options Menu: 1) 2) 3) 4) Log Servers Call Detail Recording System Message (DR) log Authentication Message (DA) log Select function from above or for previous menu: 2. Configure a Syslog Server: a. Select Log Servers. (Note that upon selection, no configuration is needed for a local log file. The local log file name is preconfigured.) b. Select Add a Syslog Server. c. Enter the Syslog Server IP address using dotted decimal notation. d.
USER’S GUIDE UDP PORT The default port number is “514”, which should work for most installations. Consult your UNIX documentation if you are unsure of the UDP port number. DECIMAL UNIX PRIORITY VALUE The default priority value is “38”, which should work for most installations. (Refer to Syslog Server description, or consult your Server documentation if there are any problems).
CONFIGURING OTHER ADVANCED OPTIONS Log Options • • the ease of data retrieval the management of a multi-node site; all nodes can send their log messages to a central log server Offnode log servers must be accessible via the system’s LAN port; they cannot be accessed via the WAN. In addition, it is recommended that the log servers either be located on the same LAN segment as the system, or that a static route be defined for the log server.
USER’S GUIDE SYSTEM MESSAGES The CyberSWITCH reports three different types of system messages: informational, warning, and error messages. These messages are always available on-node via the dr command. To send system message reports to an off-node server, however, you will need to properly configure the setup. First, you must configure IP Routing, a LAN IP interface and an IP route to the log server.
CONFIGURING OTHER ADVANCED OPTIONS Log Options must configure IP Routing, a LAN IP interface and an IP route to the log server. Then you must enable the CDR feature: • define and configure at least one log device for CDR • connect the Syslog Server via the LAN port of the CyberSWITCH, and • select an associated UNIX priority tag (default = 38) CDR Log Report This option allows you to select the storage destination of your CDR log reports.
USER’S GUIDE Call Detail Recording Events For switched ISDN services: There are five ISDN CDR events: connect, disconnect, reject, system up, and verify. A connect event occurs when the system authenticates the remote device of an ISDN connection. The time stamp for the connect event marks the time the ISDN connection was established. A disconnect event occurs when the system disconnects a connected device. The disconnect timestamp marks the time that the decision to disconnect was made.
CONFIGURING OTHER ADVANCED OPTIONS Log Options When multiple systems are logging to a shared, central log server, the combination of NAS name, Event and Connection Id allows all the records of a report to be processed without ambiguity. (It is crucial, in this case, that each system Name be set to a unique value; otherwise, it will be impossible to distinguish the NAS which originated a CDR report).
USER’S GUIDE EVENT TYPE This field indicates what type of event the associated message is reporting. The possible values are ‘CONNECT’, ‘DISCONNECT’, ‘REJECT’,’TERM CONN’,’TERM DISC’,’TERM SUCC’,’TERM FAIL’, ‘SYSTEM UP’ and ‘CDR VERIFY’. NAS NAME NAS Name (Network Access Server Name) contains the System Name of the system logging the message. PHONE NUMBER On incoming calls this field contains the Calling Line Id of the caller if the information is available (some switches do not provide Calling Line Id).
CONFIGURING OTHER ADVANCED OPTIONS Log Options The duration is calculated by subtracting the connect event time from the disconnect time. Example: Chicago-Schaumburg Chicago-Schaumburg Chicago-Schaumburg Chicago-Schaumburg 00000001 00000001 00000001 00000001 DISCONNECT DISCONNECT DISCONNECT DISCONNECT 1 2 3 4 OF OF OF OF 4 4 4 4 MonroeCounty PORT 1/1/1 IN FROM 3135551212 64Kb 08/28/97 23:11:55 DURATION 01:11:55 Reject Event Report Contents On a reject event, records 1 through 4 are used.
USER’S GUIDE Example: Chicago-Schaumburg SYSTEM UP 1 OF 1 Verify Event Report Contents On a Verify event, only record 1 is used. The event type is CDR VERIFY. No data is filled in for the Remote Device Name field or the Port field. Example: Chicago-Schaumburg CDR VERIFY 1 OF 1 COMPRESSION OPTIONS Compression allows the CyberSWITCH to compress outgoing data and decompress incoming data.
CONFIGURING OTHER ADVANCED OPTIONS Compression Options COMPRESSION OPTIONS CONFIGURATION ELEMENTS COMPRESSION SUBSYSTEM STATUS You may enable or disable the compression subsystem status. This option provides enable/disable control over the entire compression subsystem within the system. If this option is enabled, the system will negotiate compression with remote devices per their individual device compression configuration.
USER’S GUIDE COMPRESSION OPTIONS BACKGROUND INFORMATION The system data compression capability allows the system to negotiate compression algorithms with a remote device. This compression can be done using some proprietary bridging protocols and also the PPP CCP protocol. After successfully negotiating compression, data is compressed by a peer and transmitted to the system.
CONFIGURING OTHER ADVANCED OPTIONS Compression Options When using Sequence Number check mode and a non-zero number of histories, the STAC-LZS algorithm requires that incoming data packets be decompressed in the order they were compressed. The sequence numbers are used to assure proper ordering and that no packets have been lost.
USER’S GUIDE TFTP CONFIGURING TFTP Note: You cannot configure TFTP through CFGEDIT. The configuration can only be done through Manage Mode commands. USING MANAGE MODE COMMANDS tftp This command displays the current TFTP configuration.
CONFIGURING OTHER ADVANCED OPTIONS File Attributes Access to files on an system will be controlled by configuration through Manage Mode. File access attributes are associated with the existing system device id’s (GUEST and ADMIN) to allow configuration of file access rights. Configuration of the TFTP feature through Manage Mode allows the administrator to restrict upload and download access for each particular file type.
USER’S GUIDE FILE ATTRIBUTES BACKGROUND INFORMATION The tftp change Manage Mode command allows you to assign the file access rights for the TFTP server (see TFTP). Using the fileattr change Manage Mode command, you can change the access rights for each access level, depending on file type. The default file access for the GUEST device is “read” access to all files.
VERIFICATION AND DIAGNOSIS After configuring your CyberSWITCH and before proceeding with normal system operations, we suggest you verify that the system is functional. This segment of the User’s Guide provides instructions for verifying system hardware and system configuration, and then diagnosing potential problems encountered during the verification process.
VERIFYING THE BASE SYSTEM OVERVIEW This chapter describes the verification process for the base system. It includes the verification process for: • • • • • • • • • hardware resources WAN lines LAN connections bridge initialization routing initialization remote device connectivity multi-level security IP Host Mode alternate accesses To perform the verification procedures, WAN lines must be available and ready to use. LAN attachment components must also be available and ready to use.
VERIFYING THE BASE SYSTEM Hardware Resources Operational? Error mapping WAN adapter # into Host memory map Type mismatch of configured & installed adapter # Error initializing WAN card: # Failure during static RAM test on adapter # Error downloading operational software to adapter # Error downloading bootstrap program to adapter # To correct the problem, try the following: a. Verify the resource type and adapter configuration settings as described in the Hardware Installation chapter. b.
USER’S GUIDE To correct the problem, try the following: a. Verify the resource type and adapter configuration settings as described in the Hardware Overview and Hardware Installation chapter. b. Check the configuration for the LAN Adapter resource. The configuration must match the resource and its given slot number. Refer to the Configuring Resources and Lines chapter. c. If actions a or b fail to correct this problem, check to see if the LAN adapter is properly installed in the CyberSWITCH.
VERIFYING THE BASE SYSTEM WAN Lines Available for Use? a. If the system has been operational for longer than 2 minutes, verify that the line is correctly attached to the proper system resource and port. If not, wait for 2 minutes and check again for the WAN line availability messages. b. If using a NT1 or CSU, examine the local and network lights of the NT1 or CSU. If the local light is on, try another cable between the CyberSWITCH and the NT1 or CSU.
USER’S GUIDE 3. To correct the problem, try the following: Error mapping adapter # into Host memory map Type mismatch of configured & installed adapter # a. Terminate the system software: Type: quit Check the configuration for the Serial Adapter resource. The configuration must match the resource type and hardware settings. For details, refer to the Hardware Overview and the Hardware Installation chapter.
VERIFYING THE BASE SYSTEM Bridge Initialized? This command will display a message similar to the following: LAN port 1 Transmit was successful If the system displays this message, then the test packet was transmitted correctly. 3. If you receive the message: LAN port 1 Transmit was not successful Try the following to correct the problem: a. Check to see if the Ethernet LAN is properly connected to the CyberSWITCH. b. Check to see if the Ethernet LAN is properly terminated.
USER’S GUIDE 4. If you do NOT see the initialization message, check the configuration to verify that IP routing is enabled. 5. If IP routing is enabled, and you still do NOT receive a successful initialization message, it may be that you have either not configured a needed interface or have incorrectly configured an interface. Check the system’s IP network interface configuration using the ipnetif command (a Manage Mode command).
VERIFYING THE BASE SYSTEM Remote Device Connectivity fix> ConnId= In - CONNECT Call Id= Slot= Port= Chans= Ces= ConnId= If the system reports these messages, then continue with the next step. If the system does NOT report these messages, the remote device is not correctly connecting to the system. Check and verify the configuration of the remote device. 4.
USER’S GUIDE MULTI-LEVEL SECURITY To verify device and user level security to the CyberSWITCH, the WAN lines that are connected to the system must be available for use, and IP, AppleTalk, or bridging options must be properly initialized. The remote devices must be operational and available to initiate ISDN WAN connections. The remote device must be configured on a device database, with User Level Authentication initially disabled.
VERIFYING THE BASE SYSTEM IP Host Mode 3. Telnet from the client PC into the central site. For example, telnet to 100.0.0.1, port 7003. Follow the normal user level authentication process. 4. Once again, determine if the client PC can ping the Service Server. On the Client PC, type: ping 100.0.0.2 If the ping is successful, then multi-level security is operational. 5. If the ping is unsuccessful, try the following: a.
USER’S GUIDE Each section below uses example entries to verify IP Host mode operation. IP addresses are specific to the examples. Substitute the IP addresses of your network when you perform the IP Host mode feature verification steps. Each section also uses the ip ping command. The ip ping command sends a packet to a specified host, waits for a response, and reports success or failure. Substitute the equivalent command on your IP host. VERIFICATION OVER A LAN CONNECTION 1.
VERIFYING THE BASE SYSTEM Alternate Accesses VERIFICATION OVER A WAN CONNECTION 1. Determine if a remote IP Host (Host B) can access the system. On the remote IP host type: ping 100.0.0.1 2. If a message similar to the following is displayed, the IP host mode feature over the specified WAN connection is operational. 100.0.0.1 is alive 3. If this message is NOT displayed, then IP Host mode feature over the WAN connection is not operational. Try the following: a. Verify that the WAN connection is up.
USER’S GUIDE FRAME RELAY CONNECTIONS To verify a frame relay connection to the CyberSWITCH, the WAN lines that are connected to the System must be available for use, and the routing option must be properly initialized. To verify a frame relay connection, perform the following: 1. Enter the frame relay stats command at the administration console. a. If the statistics display appears, the frame relay feature is configured and the frame relay subsystem should be operational. b.
VERIFYING THE BASE SYSTEM Alternate Accesses 5. Display the system log (dr command). If the feature is operational, some frames similar to the following will be displayed: (I) (I) (I) (I) (I) (I) (I) (I) 6. 16:28:49.71 16:28:49.71 16:28:49.76 16:28:49.76 16:28:59.82 16:28:59.82 16:28:59.82 16:28:59.
USER’S GUIDE c. Wait 20 seconds, then enter the dr command to display the report log. The status log should display a sequence of the following messages: (I) 17:33:35.38 #1067: Out - LAPB RR, Rx Sequence = 1 (I) 17:33:35.38 #0000: 01 31 00 2A (I) 17:33:35.38 #1067: IN - LAPB RR, Rx Sequence = 1 (I) 17:33:35.38 #0000: 01 31 A2 00 d. If these messages are not displayed, verify with the service provider that the line and bearer are provisioned for X.
VERIFYING ROUTING PROTOCOLS OVERVIEW This chapter describes the verification process for the following CyberSWITCH routing protocols: • IP Routing • IPX Routing • AppleTalk Routing To perform the verification procedures, WAN lines must be available and ready to use. LAN attachment components must also be available and ready to use. During some of the procedures, we ask you to enter an administration console command. To enter these commands, you must have an active administration session.
USER’S GUIDE You should receive a response similar to the following: 100.000.000.002 is alive If the system displays this message, then IP routing over that LAN port is operational. Repeat this step for each LAN port on your Ethernet resource. 2. If this message IS NOT displayed, then IP routing over the LAN connection is not operational. If you receive the following message: No response from Try the following: a. Verify that the routing entry for the destination network exists.
VERIFYING ROUTING PROTOCOLS IP Routing Operational? Below is an example of a configuration used to verify IP routing over a WAN interface. It uses IP addresses specific to the example. Substitute the IP addresses of your network when you perform the verification steps. It also uses the “ping” command. The “ping” command sends a packet to a specified host, waits for a response, and reports success or failure. Substitute the equivalent command on your IP host. CSX5500 192.100.1.1 ISDN 100.0.0.1 100.0.0.
USER’S GUIDE 4. If the remote IP host CANNOT ping to the CyberSWITCH, try the following: a. Verify that the LAN interface is properly configured by using the ipnetif command (a Manage Mode command). If the proper LAN interface does not exist, use CFGEDIT to make corrections. b. 5. Verify that the remote IP Host is initiating a call to the CyberSWITCH.
VERIFYING ROUTING PROTOCOLS IP Routing Operational? CSX5500 ISDN 100.0.0.1 100.0.0.0 Host B 100.0.0.3 Host A 100.0.0.2 1. Determine if a remote IP host can access the CyberSWITCH over the WAN connection. On the remote IP host type: ping 100.0.0.1 If the remote IP host successfully pings to the CyberSWITCH, continue with the step 3. 2. If the remote IP host CANNOT ping to the CyberSWITCH, try the following: a. Verify that the WAN connection is up.
USER’S GUIDE IP ROUTING OVER A WAN REMOTE LAN INTERFACE To verify that IP routing is properly operational over a WAN Remote LAN interface, a remote IP Host must be operational and connected to the remote LAN. The remote bridge device must be operational and available to initiate connections. Also, a local IP host must be connected to the local LAN port on the CyberSWITCH. Below is an example of a configuration used to verify IP routing over a WAN Remote LAN interface.
VERIFYING ROUTING PROTOCOLS IP Routing Operational? 3. Determine if a remote IP host can access the LAN interface of the CyberSWITCH over the WAN connection. On the remote IP host type: ping 100.0.0.1 If the remote IP host successfully pings to the CyberSWITCH, then continue with step 5. 4. 5. If the remote IP host CANNOT ping to the CyberSWITCH, try the following: a. Verify that the remote IP Host can access the WAN RLAN interface of the CyberSWITCH. b.
USER’S GUIDE ISDN CSX5500 CSX5500 "SITE2" "SITE1" 100.0.0.1 192.1.0.2 1. Determine if SITE1 can access SITE2 over the WAN connection. On system A type: ip ping 192.1.0.2 2. Determine if system B can access system A over the WAN connection. On system B type: ip ping 100.0.0.1 3. If the systems CANNOT ping each other, try the following: a. b. c. Have the remote router ping itself using its LAN IP address. Have the CyberSWITCH ping itself using its LAN IP address.
VERIFYING ROUTING PROTOCOLS IP Routing Operational? 5. 6. If no packets have been discarded, check to see if the filters are properly configured. Try the following: a. From Manage Mode, issue the ipfilt command. Check the configured packet types, as well as the configured filters: • For packet types, it is important to verify that the contents of the packet in question are indeed correctly specified (IP Addresses, Protocol, TCP Ports, etc.).
USER’S GUIDE If you see this IP RIP initialization message, the IP RIP has initialized successfully. 3. If the CyberSWITCH does not display the correct IP RIP Initialization message, and instead, displays one or more of the following messages: [IP RIP] Initialization failed, unable to allocate buffers [IP RIP] Unable to open RIP/UDP port 512 There may be an a problem within the software. Contact Customer Support.
VERIFYING ROUTING PROTOCOLS IP Routing Operational? 3. Determine if a local IP Host A has learned the route to 192.1.1.0 from System A. On IP Host A type: netstat -r If the route to 192.1.10 is displayed, the IP RIP output processing is operational. 4. 5. If the route is NOT displayed, try the following: a. Using the ipnetif Manage Mode command, verify that the IP RIP Send Control is set to a RIP version that the IP Host can understand. b.
USER’S GUIDE LAN 131.1.0.0 Router 1 131.1.1.16 128.1.1.16 CSX5500 128.1.1.1 Z 1. Determine if the CyberSWITCH has learned the route to 131.1.0.0 from Router 1. On the administration console type: ip route If the following route entry is displayed among other route entries, the IP RIP input processing is operational. The ‘P’ (Protocol) field should have ‘R’, which indicates that the entry was learned via RIP. Destination Subnet-Mask Next Hop Mtr T/P TTL IF AGE 131.1.0.0 255.255.0.0 128.1.1.
VERIFYING ROUTING PROTOCOLS IP Routing Operational? perform the verification steps. It also uses the show ip route command. The show ip route command is used by a specific router to display the IP routing table. Substitute the equivalent command for your IP router. CSX5500 Router Dedicated Connection 100.1.1.1 192.1.1.1 192.1.2.1 100.1.1.2 1. Make sure that a dedicated connection between system and Router is up and operational. On the system’s administration console: Type: cs 2.
USER’S GUIDE The same example that is used in the previous section is used to verify IP RIP input processing on a WAN interface. 1. Make sure that a dedicated connection between system and Router is up and operational. On the CyberSWITCH administration console: Type: cs 2. Determine if system has learned the route to 192.1.2.0 from the Router. On the CyberSWITCH administration console: Type: ip route If the route to 192.1.2.0 is displayed, the IP RIP input processing is operational. 3.
VERIFYING ROUTING PROTOCOLS IPX IPX ROUTING OPERATIONAL? To verify that IPX routing feature is properly operational, a local NetWare client, a local NetWare server and a remote NetWare server must be operational. The following graphic illustrates an example network we will use to describe how to verify that IPX routing is operational. It uses IPX network addresses specific to the example. Substitute the IPX network numbers of your network when you perform the verification steps.
USER’S GUIDE RIP. The output of an ipx route command contains a protocol (P) field for each route entry, which indicate if it is static (L- locally configured) or dynamically learned via RIP (R). If it is learned via RIP, then basic communication between the CyberSWITCH and the local NetWare server is operational, and it is uncertain why the NetWare server does not respond to the ping request. Contact Customer Support. b.
VERIFYING ROUTING PROTOCOLS IPX 4. From the remote bridge (SITE2), attempt to access the IPX router by issuing the following administration console command: ipx diag xxxx:yyyyyyyyyyyy where: xxxx yyyyyyyyyyyy is the IPX Network Number is the router’s MAC address If connection is up, host sends a message in response to this packet to confirm receipt. Note: The ipx diag and the ipx ping commands both test device connectivity (although both send back different types of responses).
USER’S GUIDE IPX ROUTING OVER A WAN CONNECTION 1. Determine if NetWare Client A can see the remote NetWare Server “remote.” To do this, activate NetWare Client A’s desktop network neighborhood feature. Then check to see if “remote” is included in Client A’s network neighborhood. 2. If “remote” is included in Client A’s network neighborhood, them IPX over the WAN connection is operational. If it does not appear in the network neighborhood, then IPX over the WAN connection is not operational.
VERIFYING ROUTING PROTOCOLS IPX 6. Create a change in the route (for example, shut down a server). Again examine statistics (ipx trigrip stats) to verify the change is propagated to other side. 7. If statistics do not reflect change, try the following: a. b. c. Verify triggered RIP/SAP has successfully started for peers. Issue the dr console command and look for the “starting” message in the log. Generate a triggered RIP/SAP update request to the devices in question.
USER’S GUIDE constraints. We recommend this value be at least 10% more than what you predict to be needed (more than 10% with larger network topologies). To predict need, use the following formula: (# configured static services) + (# SAP services) a. Determine number of needed entries in service table: • Issue the IPX service stats command to determine number of configured static services and SAP services; • plug this data into previously-described formula. b. Run CFGEDIT.
VERIFYING ROUTING PROTOCOLS AppleTalk Routing Below is an example of a configuration used to verify AppleTalk Routing operation. It uses AppleTalk addresses, zones and resource names specific to the example. Substitute those of your network when you perform the AppleTalk Routing feature verification steps.
USER’S GUIDE a. Verify that the AppleTalk LAN port that Local Mac is attached to is in up state by entering the following console command: atalk port b. If the command shows the port is not in up state, wait for a couple of minutes and repeat this step. c. Check to see if the LAN connection of the port is operational. If the LAN connection is not operational, then correct the problem. d.
VERIFYING ROUTING PROTOCOLS AppleTalk Routing If the Network Range is correct and the AppleTalk address is not within that range, then try to close the AppleTalk control panel once, and then reopen it. If the AppleTalk address is still invalid, then try to assign a valid address manually by marking User defined box. If you start seeing zones, then you can take out the User defined tag. If the Network Range is not correct, contact your Distributor or Customer Support. f.
USER’S GUIDE 2. If Remote Mac appears in Select a file server: box, then AppleTalk Routing over the WAN connection is operational. 3. If Remote Mac IS NOT displayed, then AppleTalk Routing feature over the WAN connection is not operational, try the following: a. Verify that AppleTalk Routing is operational on both the local and the remote LAN. b. Verify that the remote resources (remote Mac) can be seen when the WAN connection is up. c.
VERIFYING SYSTEM OPTIONS OVERVIEW This chapter describes the verification process for various system options. It includes the verification process for: • • • • • • • • • • SNMP Dial Out Call Detail Recording Compression Reserved Bandwidth DHCP Relay Agent and Proxy Client Semipermanent connections D Channel Callback Modem Callback Proxy ARP To perform the verification procedures, WAN lines must be available and ready to use. LAN attachment components must also be available and ready to use.
USER’S GUIDE 4. However, if one of the following messages appears, there is an unexpected condition present within the CyberSWITCH software. Contact Customer Support. [SNMP] SNMP initialization failure - unable to allocate necessary memory [SNMP] SNMP initialization failure - unable to open UDP port 5. Verify that the MIB objects can be retrieved via the SNMP get command. Begin by making sure that the latest version of the enterprise MIB (the ih_mib.
VERIFYING SYSTEM OPTIONS Dial Out c. 9. Enter dr at the administrative console to display the current system messages. If one of the following messages appears, the SNMP agent does not have enough memory to generate all of the Trap PDUs that need to be generated. If the “snmpOutTraps” counter is not increasing while these reports are being logged, there is an unexpected condition present within the CyberSWITCH System software. Contact Customer Support.
USER’S GUIDE 5. A message will be displayed indicating whether or not the call was made successfully. If the Dial Out call was not completed successfully, try the following: a. If you issued the call device console command to initiate the call, check to see that you entered the device name correctly. Device names are case sensitive. b.
VERIFYING SYSTEM OPTIONS Call Detail Recording • If there are no problems, check for the following system messages: For BRI resource: In - proceeding <#,#> In - disconnect <#,#> - For PRI resource: In - accept <#,#> In - disconnect <#,#> - If the system reports these messages, then the network disconnected the call attempt. For the disconnect cause meaning, refer to the Cause Code table.
USER’S GUIDE e. If syslogd is running but does not receive any log messages, make sure CDR is configured for the UDP port that syslogd is using. The typical port is 514, but some versions of syslogd may use a different port. f. Check that the priority value that you assigned in the CFGEDIT Call Detail Recording menu (default of 38) matches the priority setting on your syslog server (default of auth.info). COMPRESSION 1.
VERIFYING SYSTEM OPTIONS Reserved Bandwidth (I) (I) (I) (I) (I) (I) (I) (I) (I) (I) (I) (I) 15:35:09.98 15:35:09.98 15:35:09.98 15:35:09.98 15:35:09.98 15:35:09.98 15:35:09.99 15:35:09.99 15:35:09.99 15:35:09.99 15:35:09.99 15:35:09.
USER’S GUIDE DHCP RELAY AGENT The following sections provide instructions to verify that the DHCP/BOOTP Relay Agent is working properly. VERIFYING DHCP RELAY AGENT INITIALIZATION Regardless of whether or not the Relay Agent has been enabled via configuration, some initialization processing is always performed. If this initialization is successful, there should not be any warnings/errors written to the report log by the DHCP Relay Agent. 1. Examine the report log. Type: dr 2.
VERIFYING SYSTEM OPTIONS DHCP Relay Agent 4. If an error occurred while trying to enable the Relay Agent, the following message may be displayed in the report log: [DHCP-R] Failed to open UDP port (67), erc= This indicates that an internal error occurred while trying to open a UDP port for use by the DHCP/BOOTP Relay Agent. Therefore, the relay agent will not operate correctly. Contact your Distributor or Customer Support. 5.
USER’S GUIDE In this configuration, the DHCP Client is able to obtain its IP address from the DHCP Server, using the Relay Agent contained in the IP Router on the client’s LAN (“Ruby”). Shortly after a DHCP Client is powered on, it will attempt to get its IP address from a DHCP Server. If it is successful, its IP-related features (e.g., ping, telnet, etc.) will become operational. If the client could not obtain its IP address, it will retry periodically to do so. 1.
VERIFYING SYSTEM OPTIONS DHCP: Proxy Client DHCP: PROXY CLIENT The following sections provide instructions to verify that the DHCP Proxy Client is working properly. VERIFYING DHCP PROXY CLIENT INITIALIZATION Regardless of whether or not the Proxy Client has been enabled via configuration, some initialization processing is always performed. If this initialization is successful, there should not be any warnings/errors written to the report log by the DHCP Proxy Client. 1. Examine the report log.
USER’S GUIDE c. If desired, enter MANAGE mode, and use the dhcp change command to enable the Proxy Client. (Note: CFGEDIT can also be used to change the Proxy Client configuration; but the changes will not take effect until the system is restarted.) d. When Manage Mode is exited, an attempt will be made to enable the Proxy Client. 5. e. Re-examine the report log for the “Proxy Client Enabled” message. f. Remember to “commit” the Manage Mode configuration changes to make them permanent.
VERIFYING SYSTEM OPTIONS D Channel Callback VERIFICATION OF IP ADDRESS POOL As IP addresses are obtained from DHCP servers, they are placed into the system’s IP Address Pool. To verify the presence of these DHCP-obtained IP addresses, perform the following: 1. Examine the address pool. Type: ip addrpool 2. Look for addresses with an origin of DHCP. This verifies that IP addresses were obtained from a DHCP server, and the Proxy Client is working correctly. 3.
USER’S GUIDE c. Configure a calling line ID for the number the device will be using when calling into the CyberSWITCH (under the device’s Telephone tab). d. Enable callback (under the device’s Access/Other tab). e. 3. Enable outbound authentication if you want to make sure the device you are calling back to is the correct device (under the device’s Access/Authentication tab). On the CyberSWITCH: a. Enable the call trace message option by issuing the trace on console command. b.
VERIFYING SYSTEM OPTIONS Verifying a Semipermanent Connection 3. On the CyberSWITCH: a. Enable the call trace message option by issuing the trace on console command. b. Erase the current system messages (issue the er console command). c. Initiate a call from the remote device to the CyberSWITCH. d. The remote device should indicate it is waiting for a callback. e. Display the system messages (issue the dr console command).
USER’S GUIDE PROXY ARP Use the following graphic to help you in verifying that Proxy ARP is operational. When following the verification steps, substitute your addresses for the addresses used in the example. ISDN CSX5500 "Site1" CSX1200 "Site2" WORKGROUP REMOTE ACCESS SWITCH POWER SERVICE TX LAN RX 10BASE-T LINE 1 LINE 2 LINE 3 LINE 4 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 CH-1 CH-2 SYNC D-CH SYNC D-CH SYNC D-CH SYNC D-CH AGI 128.168.1.x 128.168.2.x Host A: 128.168.1.
VERIFYING SYSTEM OPTIONS Proxy ARP c. On both platforms, issue the iproute manage mode command to make sure that each system knows about the IP subnet at the other Ethernet segment. d. If the two IP host devices still can not communicate with each other, contact your Distributor or Customer Support.
TROUBLESHOOTING We include the following chapters in the Troubleshooting segment of the User’s Guide: • LCD Messages Provides an explanation of the LCD messages. These messages can provide valuable information for troubleshooting. • System Messages Provides a listing of all system messages, their meanings, and when applicable, possible actions you should take. • Trace Messages For certain features you may turn a trace option on, allowing you to track system messages particular to that feature.
LCD MESSAGES OVERVIEW The CyberSWITCH has an LCD display on its front panel, which displays information in a two-line format. The first line displays initialization and current status information (which includes any errors that have been detected). The second line displays current connection information. These messages can also be displayed on the monitor by issuing the status command. LCD MESSAGE GROUPS There are three groups of LCD messages: initialization, normal operation, and error messages.
USER’S GUIDE ERROR LCD MESSAGES The system keeps track of all active errors and displays/records them in a cycle. When the system detects an error, it displays the error on the first line of the LCD. (The “s” indicates slot, “p” indicates port, and “c” indicates bearer channel.) The LCD will continue to display the current connection information on the second line. To further investigate an error LCD message, enter the dr command at the console.
LCD MESSAGES LCD Message Groups System unable to access file.
USER’S GUIDE Out Svc # (s,p) ISDN line failure. The line connected to slot “s” port “p” is out of service for the reason indicated by # . 1= No layer 1 sync for 5 seconds This problem normally occurs due to WAN cabling problems. Check your cables to make sure they are connected correctly. If the problem still occurs after you have checked all the cables, call the phone company and report the problem. 2= No response to TEI requests This problem normally occurs due to invalid configuration.
LCD MESSAGES LCD Message Groups Over Max Charge Monthly call charges exceeded. Monthly call charge tracking is enabled and the configured maximum has been exceeded. Semiperm Error There is an problem with the semipermanent connection. A more detailed error message is displayed in the log messages. Display the log messages (enter dr command) and look for “Semipermanent.....” messages.
SYSTEM MESSAGES OVERVIEW System Messages provide useful system information. They are listed in the system’s report log, a memory resident table. To manipulate the report log, use the following commands at the administrative console: dr or ds display reports or display statistics er or es erase current messages/statistics from memory wr or ws write reports/statistics to disk When the CyberSWITCH writes system messages to disk, it stores them in the following locations: Directory: \log File Name: rprt_log.
SYSTEM MESSAGES Informational Messages INFORMATIONAL MESSAGES The system records informational messages. These are normal events that provide you with current system status. Informational messages include the following categories of messages: • initialization messages • normal operation messages • Spanning Tree messages INITIALIZATION MESSAGES The system reports a variety of messages during a successful system initialization.
USER’S GUIDE SYSTEM MESSAGE SUMMARY The following pages list all the informational, warning and error messages alphabetically. The text describes the messages, and includes suggestions for problem resolution (if applicable). Note that the trace messages have been isolated for your convenience, and are summarized in the next chapter. # 000: Couldn’t open the file C:\SYSTEM\PLATFORM.NEI The open operation failed, no further detail is available.
SYSTEM MESSAGES System Message Summary [ACCT] Warning code: Timeout This message is logged when there is no communication with the server. Either the accounting server is not up and running, or it cannot access the IP address. Verify the configuration of the server. ACE authentication is not available. You must first ENABLE ACE user level authentication. An attempt was made to configure the Terminal Server Security for ACE and ACE was not configured on the CyberSWITCH.
USER’S GUIDE AppleTalk successfully initialized on WAN port with address . This message is posted when the specified AppleTalk WAN port has initialized successfully. Attempted to start timer for inactive Signaling Session. Attempted to stop timer for inactive Signaling Session. Attempted to use session with no event handler. An error has been detected in the R2 signaling procedure, and will typically result in a failed call. The error was due to unrecognizable or incorrect information.
SYSTEM MESSAGES System Message Summary [AUTH] ACE Error receiving server log message acknowledgment. A client syntax error occurred during an authentication attempt via ACE. The server did not respond to the logging of the message. Make sure the ACE server configuration is accurate. [AUTH] ACE LOGIN rejected user: The remote Authentication server rejected the named user. This indicates that one of the following has occurred: 1.
USER’S GUIDE [AUTH] RADIUS IP HOST rejected IP Host id: The remote Authentication server rejected the IP Host id. This indicates that one of the following has occurred: 1. The is not in the remote Authentication server’s database. 2. The is entered incorrectly in the remote Authentication server’s database.
SYSTEM MESSAGES System Message Summary [AUTH] TACACS LOGIN rejected user: The remote Authentication server rejected the named user. This indicates that one of the following has occurred: 1. The is not in the remote Authentication server’s database. 2. The is entered incorrectly in the remote Authentication server’s database. [AUTH] TACACS No server configured for designated database location. TACACS is configured as a database location for security authentication.
USER’S GUIDE [AUTH] Warning code: 0010 Received unexpected authentication response code from server A message was received from an authentication server that contained an invalid response message identifier. [AUTH] Warning code: 0011 An unexpected server responded to the access request An access response message was received from an authentication server that is not configured in the System.
SYSTEM MESSAGES System Message Summary Bridge is operating in RESTRICTED mode Bridge is operating in UNRESTRICTED mode One of the above messages will be displayed to indicate the configured Bridge mode of operation. Calculating CRC’s..... An X-Modem transfer has been completed and the received data is being checked for integrity. Callback type is not currently supported.
USER’S GUIDE Call Restrictions have been enabled by user command The user has enabled Call Restrictions via the callrest on Dynamic Management command. Call Restriction statistics reset for new day Call Restriction device information. Call Restriction statistics reset for new month Call Restriction device information. Call Restrictions will allow calls to be made this hour Call Restriction device information.
SYSTEM MESSAGES System Message Summary Calls Active xxx to Bandwidth to each site. Capability description processing error - . System is in minimal configuration mode. A problem has occurred during system installation.
USER’S GUIDE Cause received for DLCI A CLLM message was received indicating that the PVC associated with the indicated DLCI is subject to the event denoted by the indicated cause code.
SYSTEM MESSAGES System Message Summary CHANNEL in use in HOST_CALL_REQUEST An error has been detected in the R2 or RBS signaling procedure, and will typically result in a failed call. If problem persists, contact your Distributor or Customer Support. [CHAP] Authentication Failure of remote device - On-node or off-node (for example, through the RADIUS Server) CHAP authentication has failed. The will contain the device name configured in the Device Table.
USER’S GUIDE Configured adapter # ’x’ type does not exist The interface adapter indicated does not match the resource configuration in the system. Correct the configuration on the system. Connection disconnected for license violation A connection was disconnected because there were more connections in place than allowed with your version of the system software. A larger software version should be ordered.
SYSTEM MESSAGES System Message Summary Data link test successful: DSL , CES 1 This message applies for 1TR6 BRI only. If Layer 1 is established, a test will be done to determine if the data link can be established. This message indicates successful test results. Data link up: Slot= Port= Ces= The data link on the specified line is active and can be used for establishing switched connections.
USER’S GUIDE [DHCP-P] Ignoring offers from DHCP server x.x.x.x; the server MUST be on a primary LAN interface, or IP addresses will not be obtained In order for the DHCP proxy client to successfully obtain IP addresses for multiple interfaces, the DHCP server must reside on a primary LAN interface. If it does not, this message is written to the Report Log, and no IP addresses will be obtained from the server and placed into the IP Address Pool.
SYSTEM MESSAGES System Message Summary [DHCP-R] Failed to close UDP port (67), erc = An error occurred while the device was trying to disable the DHCP Relay Agent from Manage Mode. Contact your Distributor or Customer Support. [DHCP-R] Failed to open UDP port (67), erc = An error occurred while attempting to enable the DHCP Relay Agent. The Relay Agent must open the BOOTPS UDP port in order to operate successfully. If this port could not be opened, the Relay Agent will not be enabled.
USER’S GUIDE DM card failed FLASH download bad xx SREC The Digital Modem card has failed the firmware update due to a corrupt file. Contact your Distributor or Customer Support. DM card in slot has bad FLASH The FLASH memory on the Digital Modem card has been identified as bad during an attempt to update or access it. Contact your Distributor or Customer Support. DM card in slot in unknown state The Digital Modem card is in an unrecognizable state.
SYSTEM MESSAGES System Message Summary CFGEDIT. If the board is configured properly, and the message still appears, contact your Distributor or Customer Support. DM card in slot will not come out of reset There are problems initializing the board. Contact your Distributor or Customer Support. DM upgrade timeout. Board=, Modem= DM upgrade error during download. Modem says = xxx DM upgrade no response at start. Board=, Modem= DM upgrade flash erase failed.
USER’S GUIDE Duplicate Calling Line ID detected for devices and This message is logged at system initialization if any devices are found to share duplicate Calling line Ids, and have no other authentication method. This problem should be corrected by adding additional authentication method(s) to the necessary device(s). Each mandatory connection uses xx bytes There is not enough memory available to accommodate the system’s total capacity load.
SYSTEM MESSAGES System Message Summary Error during channel initialization Access An error has occurred during the initialization of the indicated Frame Relay Access, or port. Likely cause of this entry is that the system has run out of memory. Contact your Distributor or Customer Support. Error during port initialization Access An error has occurred during the initialization of the indicated Frame Relay Access, or port.
USER’S GUIDE (Direct Host) interface. Afterwards, configure a LAN interface and then read the WAN (Direct Host) interface. Error parsing WAN (Direct Host) interface: no LAN interface for specified name The LAN network interface associated with this WAN (Direct Host) interface is not present. Use CFGEDIT to delete the problematic WAN (Direct Host). Check configuration for the suspect LAN interface; it most likely will not be there. Add LAN interface, then reconfigure the WAN (Direct Host) interface.
SYSTEM MESSAGES System Message Summary Facility not subscribed - Slot= Port= This probably indicates a SPID configuration error on the indicated line. The configuration should be corrected on the system or the switch. Failed to allocate enough memory for XILINX load file The WAN card initialization subsystem failed to allocate a buffer for use in downloading files. Restart the system. If the problem continues, contact your Distributor or Customer Support.
USER’S GUIDE Failure during read of file for WAN card in slot If seen repeatedly, the above message indicates a problem with your hard drive. Contact your Distributor or Customer Support. Failure during read of file ’s’ The WAN card initialization subsystem encountered an error reading the file indicated. Check for proper software installation. Failure during Static RAM test on adapter # ’x’ The WAN card bootstrap program encountered an error during the Static RAM test.
SYSTEM MESSAGES System Message Summary B, D The Network sent a DM(F=1) or a UA and will not allow establishment of the data link at this time. An attempt will be made to re-establish the data link after a switchtype dependent delay. C The Network sent an unsolicited UA and will not allow establishment of the data link at this time. An attempt will be made to re-establish the data link after a switchtype dependent delay. E The Network sent a DM(F=0). The data link will be restarted immediately.
USER’S GUIDE File Access Err System unable to access file.
SYSTEM MESSAGES System Message Summary IePvcStatus: Received Status Report for unknown PVC # The indicated unknown DLCI was indicated in a STATUS message received from the network. This DLCI number is entered in the “unknown DLCI” list and can be displayed via the FR LMI system console command. Incoming call from , Slot=, Port=, Chan= Rejected by BW Reservation A bandwidth reservation message.
USER’S GUIDE Invalid return code from SIG_get_rsc_inbound Invalid return code from SIG_get_rsc_outbound An error has been detected in the R2 signaling procedure, and will typically result in a failed call. The error was due to unrecognizable or incorrect information. If problem persists, contact your Distributor or Customer Support. Invalid SERIAL.001 file present, file is ignored. Contact your Distributor or Customer Support. Invalid SERIAL.BIN file present, system booting in minimal mode.
SYSTEM MESSAGES System Message Summary [IP] Cannot process incoming remote IP device , no rsc avail The IP software was unable to accept the incoming IP device to a WAN (Direct Host) interface because it could not obtain necessary resource. The WAN connection may remain for a while, but the remote IP device will not be able to communicate with any IP devices over WAN. Contact your Distributor or Customer Support.
USER’S GUIDE [IP] Invalid Peer IP Address , WAN IP Stream Closed A PPP or RFC 1294 (IP Host) connection came up, and the IP address of the peer device (preconfigured or negotiated) belongs to a WAN (RLAN) Interface. If the IP address is preconfigured, try changing the peer’s IP address (at the peer device and possibly on the device entry for the peer) that belongs to one of the WAN, WAN (Direct Host), or WAN (UnNumbered) interfaces.
SYSTEM MESSAGES System Message Summary [IP] WAN (Direct Host) Interface for network on LAN port initialized successfully This message is posted when WAN (Direct Host) interface for the indicated network is initialized successfully. [IPCP] Invalid pre-configured IP address for , ignored There is a configured IP address for the remote device in the Device Table, but the IP address does not belong to any configured WAN interfaces. Check the configuration.
USER’S GUIDE [IP RIP] All network interfaces used All RIP interface data structures are in use. No RIP information will be sent to any additional interfaces. Contact your Distributor or Customer Support. [IP RIP] Buffers allocated The RIP successfully allocated the UDP buffers needed to transmit RIP packets. [IP RIP] Initialization failed, unable to allocate buffers The RIP initialization was not completed. The machine contains insufficient memory to allocate the UDP buffers needed to transmit RIP packets.
SYSTEM MESSAGES System Message Summary [IP RIP] Unable to register with Network Interface Maintenance The IP RIP protocol was unable to register with the IP network interface notification system. Any dynamic changes of the network interface configuration will not be reflected in the RIP interface control. Contact your Distributor or Customer Support. [IPX] Invalid IPXWC passed In the unlikely event this message is posted, contact your Distributor or Customer Support.
USER’S GUIDE [IPX SAP] Buffers allocated The IPX SAP successfully allocated the buffers needed to transmit IPX SAP packets. [IPX SAP] SAP Protocol Initialization successful The IPX SAP protocol was successfully initialized. [IPX SAP] Shutdown complete The IPX SAP protocol was successfully shutdown via Dynamic Management. No IPX SAP service information will be transmitted or received. Any services learned via IPX SAP will soon expire.
SYSTEM MESSAGES System Message Summary LAN Adapter Command Timeout The system expected a command from the LAN adapter or subsystem that it did not receive. Check for proper LAN adapter configuration and hardware installation. If it persists, report the event using the problem reporting form included in Getting Assistance. LAN Adapter configuration conflict There is a configuration conflict between the Ethernet resource that was installed and the Ethernet resource that was configured.
USER’S GUIDE LAN Adapter Reset This is an initialization message. The Ethernet adapter has been reset as part of the adapter initialization sequence. LAN Adapter Response Timeout The system expected a command response from the adapter that it did not receive. Check for proper hardware installation. LAN Adapter ROM version # # # # # # # # .# # # # # # # # .# # # # # # # # The ROM version in the Ethernet adapter is indicated.
SYSTEM MESSAGES System Message Summary LAN Port is now in the Listening state The bridge LAN port is entering the specified state. LAN Port is now in the state The bridge LAN port indicated is entering the specified new state. LAN Xmit Error LAN connection failure. LAN packet transmit error detected by the system. Layer 1 sync not seen - Slot= Port= Ces=
USER’S GUIDE Manual restart initiated on DM board in slot There was an attempt to restart the specified Digital Modem with the modem restart command. Check subsequent log messages to verify the command was successful. Max ATI3 retries exceeded on modem of slot Modem in slot did not respond to the proper modem revision string on power up. Call Customer Support.
SYSTEM MESSAGES System Message Summary Missing BEARER_CAPABILITY in HOST_CALL_REQUEST Missing CALLED_NUMBER_IE in HOST_CALL_REQUEST Missing CHANNEL in HOST_CALL_REQUEST Missing CHANNEL_ID_IE in HOST_CALL_REQUEST Missing TN in HOST_CALL_REQUEST An error has been detected in the R2 or RBS signaling procedure, and will typically result in a failed call. The error was due to unrecognizable or incorrect information. Check configuration; if problem persists, contact your Distributor or Customer Support.
USER’S GUIDE Network sent Cause - SPID not supported - The indicated line does not support SPIDs; however, a SPID is configured for use on the line. Is the SPID configured incorrectly? Do you have the right switch type? Check the configuration. If the message persists, contact your BRI provider to determine corrective action. Network sent STATUS with state = 0, tear down call A STATUS message has been received from the network indicating that a specified call is not active.
SYSTEM MESSAGES System Message Summary No Sites Connected Currently, no sites are connected to the system. Not enough memory for Security module Not enough system memory available to operate security module. Contact your Distributor or Customer Support. No UA seen in response to SABMEs - Slot= Port= Ces= Layer 2 cannot be established between the system and the switch.
USER’S GUIDE Out Svc # ISDN line failure. The line connected to the indicated slot and port is out of service for the reason indicated by # . 1 = No layer 1 sync for 5 seconds This problem normally occurs due to WAN cabling problems. Check your cables to make sure they are connected correctly. If this problem still occurs after you have checked all the cables, call the phone company and report the problem.
SYSTEM MESSAGES System Message Summary not be working properly. Check the configuration of the remote device and reboot. If the problem recurs, contact your Distributor or Customer Support. [PAP] Remote device rejected System Information The system received the PAP Authenticate-Nak packet with the error message against the previous PAP Authenticate-Request sent by the system. The is from the remote device, and is device-specific.
USER’S GUIDE PVC for DLCI not ACTIVE A frame was received on the PVC associated with the indicated DLCI which was not active. This is a temporary condition, and results from an asynchronous operation between the network and customer-premise equipment regarding the state of the individual PVCs. If this problem persists, contact your Distributor or Customer Support.
SYSTEM MESSAGES System Message Summary RBS: Encountered unknown source ID. RBS_out_SM: NO Dial Digits supplied. RBS: Received unknown primitive from CC. RBS: Received unknown primitive from L1. RBS: Received unknown primitive from ME. RBS: Received unknown primitive from RBS. The above Robbed Bit Signaling messages indicate that the system software sent a message to the RBS state machine that the state machine was unable to recognize or the information was incorrect.
USER’S GUIDE Received charge amount - The system has received an advice of charge from the network for the call just disconnected. The charge for this call is indicated in the charge amount parameter. Received CLLM while PVC for DLCI in unexpected state A CLLM message was received indicating that a network condition should be expected for the PVC associated with the indicated DLCI.
SYSTEM MESSAGES System Message Summary Security Rejection - Bridge Address Security cannot use Authentication Server Both options (Bridge Address Security and off-node User Authentication) are not supported simultaneously. Security Rejection - Caller did not negotiate security Bridge Security is configured. A caller attempted to send device data before (or without) negotiating the Bridge Address security.
USER’S GUIDE Semipermanent. Device "x" disconnected by admin The administrator has issued a disc device command. Therefore, the system will not attempt to call the indicated device again. Issuing the call device command will make device “x” semipermanent again. Semipermanent. Device "x" has a smaller Initial Data Rate than Base Data Rate. No connection made. The semipermanent feature will make enough calls to meet but not exceed the device’s Initial Data Rate.
SYSTEM MESSAGES System Message Summary [SNMP] Authentication failure, improper access rights There are two possible causes for this message: • The SNMP Agent received a SetRequest PDU that contained a Community Name with an MIB access level of MIB GUEST or MIB USER. The MIB access level must be MIB ADMIN to perform a SetRequest. The request was discarded.
USER’S GUIDE SSB: i960 I/O memory copy differs from flash image at
After loading the i960 POST tests into the I/O memory, a value unexpectedly changed at the address given. SSB: i960 Memory read error at , expected , read While testing the shared memory area (I/O memory and the peripheral buffer memory), an error was detected. The boot process should continue; however, make note of the error message in the event of a future problem.SYSTEM MESSAGES System Message Summary SSB: Post 32 i960hdlc_1 FAILURE The i960 failed its 80532 test using the first HDLC controller. The boot process should continue; however, make note of the error message in the event of a future problem. SSB: Post 33 i960hdlc_2 FAILURE The i960 failed its 80532 test using the second HDLC controller. The boot process should continue; however, make note of the error message in the event of a future problem.
USER’S GUIDE Successfully Loaded Release Issue The specified release of System software was successfully loaded into memory. Switch could not recognize phone number nnnnnnn The switch did not accept the phone number dialed as a complete number. Check the correctness of the phone number (including any leading digits such as 8 or 9). System Clock Fault on Wan Adapter in Slot Indicates a TDM bus connection failure. Check to make sure that the TDM bus has been correctly connected.
SYSTEM MESSAGES System Message Summary [TFTP] Local error # 2: Feature not initialized The TFTP feature was not initialized properly. No file transfer will be attempted. Check the configuration, and then contact your Distributor or Customer Support. [TFTP] Local error # 3: Server not initialized The TFTP Server was not initialized. The TFTP Server will not attempt any file transfers. Check the configuration, and then contact your Distributor or Customer Support.
USER’S GUIDE [TFTP] Local error # 14: Bad file name The local file (as defined from a remote host) was not recognized as a valid file name. No file transfer will be attempted. [TFTP] Local error # 15: Bad mode string The TFTP mode string was not NETASCII nor OCTET. No file transfer will be attempted. [TFTP] Local error # 17: Unable to locate file/directory The file system was unable to locate the file requested. No file transfer will be attempted.
SYSTEM MESSAGES System Message Summary [TFTP] Remote error # 1: (Text from Remote Host) The REMOTE HOST could not find the file specified on its system. No file transfer will be attempted. [TFTP] Remote error # 2: (Text from Remote Host) The REMOTE HOST is reporting an access violation of the specified file. No file transfer will be attempted. [TFTP] Remote error # 3: (Text from Remote Host) The REMOTE HOST is reporting that its disk is full. The file being transferred may be corrupted.
USER’S GUIDE The conformance selection is prior to CCITT 1988 Verify that the facilities provided by the service provider are CCITT 1988. The RADIAC Feature is no longer supported. The RADIAC feature has been replaced by the TACACS Feature. The TACACS Feature configuration must be completed before usage. With the addition of User Level Security, the need for the RADIAC GATEWAY is gone. The CyberSWITCH has incorporated the functionality of the RADIAC GATEWAY within the CyberSWITCH itself.
SYSTEM MESSAGES System Message Summary Too many digits in TN in HOST_CALL_REQUEST (R2 Signaling) This illegal event typically results in a failed call. Contact your Distributor or Customer Support. Tried to free unallocated buffer , size= Internal error that should be reported to Customer Support.
USER’S GUIDE Unable to get Digital Modem resource to place call A Digital Modem dial-out call was attempted, and the system was unable to open a resource to place the call. Using the modem status command, check to ensure that there are usable modems available. If there are, and the problem persists, contact your Distributor or Customer Support. Unable to Identify a remote device A device that was not identified by any active security measures (for example, PAP or CHAP) was rejected.
SYSTEM MESSAGES System Message Summary Unable to send device information request to CSM after a terminal authentication. Unable to send information to CSM. Verify proper configuration of CSM and Call Control options.
USER’S GUIDE User Level Authentication flag is enabled for Terminal User xxx. Setting flag to disabled. The device definition for xxx should have User Level Authentication disabled. These two messages are displayed together. In device entries for terminal server connections, userlevel authentication should not be enabled. In the event the CyberSWITCH finds an enabled condition, it will disable the pertinent flag for the duration of the call only.
SYSTEM MESSAGES System Message Summary X25 facilities error, bad facility length The facilities length is missing. Contact your Distributor or Customer Support. X25 facilities error, invalid facilities length The length of the facilities packet is invalid. Contact your Distributor or Customer Support. X25 facilities error, invalid DTE address The supplied address in a X.25 call packet was invalid. Verify that the local DTE address configuration matches the address supplied by the service provider.
USER’S GUIDE X25 facilities error, facility not available A facility was requested which is not enabled. Verify that the specific facility is enabled by both DTE’s and the service provider. X25 facilities error, packet length negotiation not allowed The DTE packet length does not match the packet length available at either the DCE or the remote DTE, and packet length negotiation is not enabled. You should enable packet length negotiation at both DTE’s.
SYSTEM MESSAGES System Message Summary Zone allocation failed, maximum capacity already configured The maximum number of AppleTalk zones have been surpassed. Contact your Distributor or Customer Support.
TRACE MESSAGES OVERVIEW Trace messages include the following categories of messages: 1. Call Trace Messages 2. IP Filter Trace Messages 3. PPP Packet Trace Messages 4. WAN FR_IETF Trace Messages 5. X.25 Trace Messages 6. X.25 (LAPB) Trace Messages Before trace messages can be logged to the system report log, you must first enable the type of trace you would like to use. Once enabled, the system includes the trace messages in the memoryresident report log.
TRACE MESSAGES Call Trace Messages CALL TRACE MESSAGES A feature of the CyberSWITCH console is the ability to save and display a record of the high level ISDN calls between the system and the local telephone switch. If calls are unable to be completed, this is normally the first area to look. Call Trace puts messages into the Report log that can be read by using the dr command. Call Trace is enabled by using the trace on command, and disabled by trace off.
USER’S GUIDE CALL TRACE MESSAGE SUMMARY Access information discarded cause Call trace message. This message is used to indicate additional details on the received in the “call progress” information message. Alerting off Informational call trace message. The alerting signal information element is off. This indicates additional details on the received in the “call progress” information message. Alerting on - pattern Informational call trace message.
TRACE MESSAGES Call Trace Messages In - ABNORMAL RPT Call Id= Slot= Port= ConnId= Ces= The system has detected an internal error condition. The are included for your Distributor or Cabletron Customer Support. An error message describing the problem should be reported following this trace message.
USER’S GUIDE In - DISCONNECT Call Id= Slot= Port= Loc= Cause= Ces= ConnId= The system has received a disconnect message from the network. The Call Id and Ces values are for your Distributor or Cabletron Customer Support. The remaining parameters are used to report line details. Refer to the Cause Codes Table for more information.
TRACE MESSAGES Call Trace Messages In - PROGRESS Call Id= Slot= Port= Chans= CauseLoc= Cause= Signal= ProgLoc=
USER’S GUIDE Out - DL CFG Slot= Port= Ces= The system is initializing the indicated data link. Out - DSL CFG Slot= Port= The system is initializing the indicated line. Out - init data link The system is sending a message to the network to initialize a data link on an ISDN line. The are used to report line details.
TRACE MESSAGES IP Filters Trace Messages IP FILTERS TRACE MESSAGES You can trace packets that are discarded as a result of IP Filters. Enable this feature by using the ip filter trace discard command, and disable it with ip filter trace off. Note that when you enable this feature, the report log has the potential of filling quickly. Use the feature wisely, and be sure to turn it off once you’ve completed your troubleshooting.
USER’S GUIDE PPP PACKET TRACE MESSAGES PPP Packet Trace allows you to display the PPP protocol negotiation that takes place when a link is established. This information is useful when diagnosing mismatches in configuration between two systems. PPP Packet Trace puts PPP packet information into the Report log, which can be accessed by using the dr command. Enable this feature by using the trace ppp on command, and disable it with trace ppp off.
TRACE MESSAGES PPP Packet Trace Messages • Configure Request The Configure Request is used to indicate the options that are supported by this sending device. The Request contains an option list and the desired values if they are different from the default value. • Configure ACK The Configure ACK is transmitted in response to a Configure Request. It indicates that the sending device supports the options specified in the option list of the Configure Request and that all values are acceptable.
USER’S GUIDE • Echo Reply The Echo Reply is transmitted in response to an Echo Request. The Echo Reply packet contains the magic number of the sending device. Until the magic number option has been negotiated the value must be set to zero. • Discard Request The Discard request packet is transmitted by a device to exercise the data link layer processing. This packet is silently discarded by the receiving device.
TRACE MESSAGES X.25 Trace Messages In - X25 CONNECTION CONFIRMATION ConnId= Access= RemDteAddr= The system has received a connect message from the network. This indicates that a new call is now established. In - X25 CONNECTION INDICATION ConnId= Access= RemDteAddr= The system has received an incoming call from the network.
USER’S GUIDE Out - X25 Call Accept LCN , bytes The DTE is accepting an SVC call. Out - X25 Call Request LCN , bytes The DTE is attempting to place an SVC call. Out - X25 Clear Ind LCN , bytes The DCE is clearing the X.25 Virtual circuit on the indicated LCN.
TRACE MESSAGES X.25 (LAPB) Trace Messages Out - X25 DTE RR LCN , bytes The DTE is acknowledging 1 or more data packets received from the DCE. Out - X25 Reset Ind LCN , bytes The DCE is resetting a virtual circuit. Out - X25 Reset Request LCN , bytes The DTE is resetting a virtual circuit.
USER’S GUIDE In - LAPB SABME The DCE is resetting the link layer. In - LAPB UA The DCE is acknowledging a SABM or SABME from the DTE. Out - LAPB DISC The DTE link layer is going off-line. Out - LAPB DM The DTE is going off-line. Out - LAPB FRMR The DTE has received an invalid frame. Out - LAPB I Frame, Tx Sequence = , Rx Sequence = The DTE has sent a data frame from the DCE. Out - LAPB REJ, Rx Sequence = The DTE has detected a sequence error in the link layer.
SYSTEM MAINTENANCE This grouping of information provides information to help you maintain your CyberSWITCH once it is operating. Note that the included system statistics information may also prove valuable in troubleshooting. We include the following chapters in the System Maintenance segment of the User’s Guide: • Remote Management Once the CyberSWITCH is initially configured, you may use methods to remotely manage the CyberSWITCH. This chapter provides information for using each of these methods.
REMOTE MANAGEMENT OVERVIEW Once your system is initially configured (and thus assigned an IP address), you may use a variety of methods to remotely access and manage your system. This chapter describes many of these methods. For information on first-time access (either local or remote), refer to Accessing the CyberSWITCH. The CyberSWITCH has various tools to manage the system remotely. You may combine several of these tools to provide a complete, customized remote network management system.
REMOTE MANAGEMENT SNMP SNMP SITE.HQ Network Management Station ISDN SITE.2 SNMP: The NMS gathers information (including problem reports) from any CyberSWITCH SNMP (Simple Network Management Protocol) is a standard way of monitoring communication devices in IP networks. With SNMP, you purchase and then set up a Network Management Station (such as SPECTRUM® or SPECTRUM® Element Manager™) for your environment. This Network Management Station (NMS) is then used to monitor your network.
USER’S GUIDE INSTALLATION AND CONFIGURATION SNMP has two basic components: the SNMP Agent, which is executed on the CyberSWITCH, and the Network Management Station (NMS), which you purchase separately for the environment. This section will describe how to install and configure the SNMP Agent. Refer to the specific NMS documentation for its installation instructions. SNMP must be configured through CFGEDIT.
REMOTE MANAGEMENT Telnet TELNET Telnet Client IN_A> LAN TEST LAN Test Passed IN_A> LAN TEST LAN Test Passed SITE HQ ISDN Remote 1 SITE.2 Telnet is the standard way of providing remote login service. With Telnet, any user on the LAN or WAN executing a standard Telnet client program can remotely login to the CyberSWITCH and get an CyberSWITCH console session. When you have an active console session, CyberSWITCH commands can be entered as if you have a locally-attached keyboard and monitor.
USER’S GUIDE on the same subnetwork as the Telnet client on System 1’s LAN, a static route is needed to allow System 2 to communicate with devices on Network 1. Because the CyberSWITCH had no Telnet client capabilities in previous releases, the only way to fix the problem was to physically go to the remote site and add a static route. The second example network shown illustrates the current CyberSWITCH release.
REMOTE MANAGEMENT Telnet IP address of the CyberSWITCH. You will then be presented with the “Enter Login id:” prompt. Now enter commands as if directly connected to the CyberSWITCH. When finished with the session, enter the exit command at the system prompt to end the session with the CyberSWITCH. Terminate the Telnet session by typing logout. This will ensure that the Telnet session has been terminated, regardless of the specific Telnet client used.
USER’S GUIDE WIN95 DIAL-UP NETWORKING Many dial-up client software packages support a terminal type of connection. One such popular package is Win95 Dial-Up Networking. The CyberSWITCH can handle these terminal-type connections through its digital modem feature, thus providing yet another means of remote management. Refer to Default Async Protocol for details on CyberSWITCH configuration requirements.
REMOTE MANAGEMENT WIN95 Dial-Up Networking DIALING OUT 1. 2. 3. Double click on your new dialing icon to bring up the Connect To screen. Enter your user name and password. You may change options by clicking the box labelled Dialing Properties, but this isn’t necessary. Double click on Connect. This should place the call.
USER’S GUIDE TFTP TFTP Client PC SITE HQ ISDN Remote 1 Remote 1 SITE.2 TFTP (Trivial File Transfer Protocol) is the standard way of providing file transfers between devices. With TFTP any WAN or LAN user executing a standard TFTP client program can transfer files to and from the CyberSWITCH. You can control access to the different file types. Statistics concerning the file accesses are available.
REMOTE MANAGEMENT TFTP The default file access for the GUEST user is “read” access to all files. The default file access for the ADMIN user is “read” access to the report and statistics files, and “read and write” access to all other files. The default for the TFTP server is ADMIN file access rights.
USER’S GUIDE CARBON COPY WAN Phone Company Modem Modem CSX5500 LAN The Carbon Copy feature gives you complete remote management. Any command that you can issue on a local console session can be issued with Carbon Copy. Files can also be transferred between the Manager PC and the CyberSWITCH. The disadvantage of using Carbon Copy is that a separate telephone line must be connected to each CyberSWITCH being managed. Another disadvantage is that the Manager PC must be an AT compatible PC.
REMOTE MANAGEMENT Carbon Copy Enter the following command to start up the CCINSTAL program: C:\admin>ccinstal The Carbon Copy System Parameters screen will appear. Follow the directions on the screen to change parameter settings.
USER’S GUIDE Baud Rate If you wish to enter a new baud rate, enter a menu selection of “B “(for Baud Rate). Continue to press B until the baud rate you desire is displayed. When you have finished making Carbon Copy configuration parameter changes, enter a menu selection of “X” to save your changes and exit the CCINSTAL program. You will be asked if you wish to update the presently running Carbon Copy. Enter “Y” for yes. Carbon Copy will then be reinitialized and you will be returned to the MSDOS prompt.
REMOTE MANAGEMENT Carbon Copy The system will prompt you for a password. The default password set on each CyberSWITCH is “CC”. We recommend that you change this password on each CyberSWITCH using the CCINSTAL program. 7. Type: cc (or if the password has been changed) If connection with the CyberSWITCH is successful, then the system will remove the Carbon Copy screen. An active administration session now exists with the CyberSWITCH.
USER’S GUIDE [F1] [F2] [F3] [F4] [F5] [F6] [F7] [F8] [F10] Terminate Link Switch Voice to Data Mode Capture Screen/Session Review/Replay Captured Image File Transfer Program Printer/LOG/DOS Control Terminal Emulation Data Link Maintenance Return to Application To initiate the File Transfer Program, press the function key . The file transfer facility will display a one page tutorial. The administration console PC is considered the LOCAL PC. The CyberSWITCH is considered the HOST.
REMOTE MANAGEMENT Carbon Copy 1536Kb 4096Kb 2560Kb 1152Kb 768Kb 1384Kb 1024Kb Legend: Note: 2048Kb nnKb Remote Mgt (CC) or Local Console nnKb Only Local Console nnKb Maximum Throughput Supported 3072Kb 4096Kb The above graph represents the guaranteed throughput without CRC errors. The actual throughput may be higher. REMOVING CARBON COPY To remove Carbon Copy from your system: 1. QUIT from the CyberSWITCH. 2. At the DOS prompt, type “dropcc”. 3. Reboot your CyberSWITCH.
SYSTEM COMMANDS OVERVIEW Two classes of system administration commands are available on the CyberSWITCH: guest commands and administrator commands. Guest commands provide current operational information only, and are available to all security levels. Administrator commands allows access to the complete system command set. The log-in to the system controls command access. Each access level (guest or administrator) is protected by a unique log-in password.
SYSTEM COMMANDS Setting the IP Address exit Terminates the administration session by logging-out the current administrator. You can start another session by using one of the two log-in commands outlined above. logout Terminates the administration session by logging-out the current administrator. You can start another session by using one of the two log-in commands outlined above. pswd Changes the password for the current access level (administrator or guest).
USER’S GUIDE VIEWING OPERATIONAL INFORMATION The following commands are used to view system operational information: ? Displays a help screen outlining all of the commands that are available. br stats Displays the current system packet statistics. Refer to Bridge Statistics, for a list of available statistics and their definitions. cls Clears the administration screen. cs Displays the list of connected devices along with the data rate for each device.
SYSTEM COMMANDS Viewing Operational Information system prompt after the entire file has been displayed. If you are viewing the Release Notes, press the key to exit the release notes and continue with the installation. If the file name is incorrect, the following message will be displayed: Cannot find file "file name" mc Displays the Connection Monitor screen. This screen provides information on the remote sites to which the system is currently connected.
USER’S GUIDE Primary Rate (D-Channel) Each Primary Rate line which contains at least one data link is considered a Primary Rate (D-Channel) interface. A Primary Rate (D-Channel) interface is “up” if at least one data link associated with the interface is “up.” A Primary Rate interface is “down” if none of the data links associated with the interface is “up.” Primary Rate (Robbed Bit) Each Primary Rate line that uses Robbed Bit Signaling is considered a Primary Rate (Robbed Bit) interface.
SYSTEM COMMANDS Viewing Operational Information TRYING The system is attempting to call the device. Some connections may be up, but not at the initial data rate. status Displays initialization, current status, and connection information, as well as any errors that have been detected. For details on these messages, refer to the section titled LCD Message Groups found in the LCD Messages chapter. time Displays the current system time. This can be useful when viewing system messages or statistics.
USER’S GUIDE If there was enough memory for all connections, the connection table would reflect both potential and actual connections as the same number. wan stats Displays the current system WAN connection statistics. Refer to WAN Statistics, for a list of available statistics and their definitions. From the “Connection Monitor” screen you can press: To select a site that is currently connected. To view throughput monitoring for the selected site.
SYSTEM COMMANDS Viewing Throughput Information Throughput Monitor Wide Area Network Bandwidth Utilization to site #1 sitename = UNDERLOAD BANDWIDTH #2 @ current bandwidth Kbps = ACTUAL BANDWIDTH UTILIZATION 100 % of current bandwidth 30 0 8 16 24 32 Samples Throughput Parameters Sample Rate (seconds): Overload: Trigger 01 Underload: Trigger 05 Idle: Trigger 05 < Press Note: F to Freeze data capture, 03 Window Window Window 02 10 05 Utilization (%) 10 Utilization (%) 10 Esc to return t
USER’S GUIDE # 4. Example of three samples where actual bandwidth utilization was around 70% and underload was being monitored at around 25% utilization of current bandwidth. In this example, overload is occurring on all three samples. # 5. Example of three samples where actual bandwidth utilization was around 10% and underload was being monitored at around 25% utilization of current bandwidth. In this example, underload is occurring on all three samples. # 6.
SYSTEM COMMANDS Terminating and Restarting the CyberSWITCH CONFIGURATION-RELATED COMMANDS The following commands provide configuration file information, and restore backup configuration files: cfg Provides information on the status of system configuration changes. With Manage Mode and/ or CFGEDIT, you can make changes to the system configuration. (This, in turn, changes the .nei files.) If you do not commit these changes (Manage Mode) or restart your system (CFGEDIT), these changes do not become current.
USER’S GUIDE effect, you would need to issue the restart command from the Telnet session of your remote terminal. Note: If you lose your Telnet connection within 10 seconds of entering the restart command, the command will not be executed. SETTING THE DATE AND TIME The following commands are used to set the date and the time on the system: date Changes the date on the system as specified.
SYSTEM COMMANDS AppleTalk Routing Commands Sess-Id The session Id number associated with the session. Date/Time The date and time the session was initiated Idle (sec) The number of seconds the connection has been idle. Command How the administration session was initiated. Initiation methods include: manage - the user is in the Manage Mode session - the user is using a Telnet session Type (from) The type of session.
USER’S GUIDE dnet Required parameter. The destination network number. dnode Required parameter. The destination node Id. timeout Optional parameter. The number of seconds to wait for a reply message. The valid range is from 1 to 60 seconds. The default value is 10 seconds. nnnn Optional parameter. The data size to be included in the ping packet. The valid range for the data size is 5 to 586 octets. The default value is 100 octets. An example atalk ping command could read as follows: atalk ping 1.
SYSTEM COMMANDS AppleTalk Routing Commands get_info - The port is verifying network information and obtaining the default zone. get_zones - The port s obtaining a complete zone list for the network. get_routes - The port is requesting routes from another router on the network (if another router is present). up - The port is ready for use. down - The port is not ready for use.
USER’S GUIDE atalk port stats [clear] This command will display or clear current AppleTalk port statistics. Refer to AppleTalk Port Statistics, for a list of available atalk port statistics and their definitions. atalk route This command will display AppleTalk static route information. A sample output screen is shown below: network range ------------225 - 226 distance -------0 state -----good next hop -------0.
SYSTEM COMMANDS Bridge Commands atalk stats rtmp Displays the AppleTalk Routing Table Maintenance Protocol (RTMP) statistics. atalk stats zip Displays the AppleTalk Zone Information Protocol (ZIP) statistics. atalk stats nbp Displays the AppleTalk Name Binding Protocol (NBP) statistics. atalk stats atp Displays the AppleTalk Transaction Protocol (ATP) statistics. atalk zone This command will display AppleTalk zone information.
USER’S GUIDE MAC Address Monitor DEST SOURCE TYPE COUNT DEST SOURCE TYPE COUNT 90409A000000 00409A001023-L 3C09 00010 00409A001023 00409A001324-R 3C09 00140 00409A001324 00409A001023-L 3C02 00141 90409A000000 00409A001000-L 3C09 00010 90409A000000 00409A002345-L 8137 00015 00409A002345 00409A003217-R 8137 00045 00409A003217 00409A002345-L 8137 00045 Number of Packets Received 00406 In the above example, the DEST field is the destination MAC address field of the LAN fra
SYSTEM COMMANDS Call Control Commands To use this command for troubleshooting, you must use the System Call Trace feature to capture any connect and disconnect messages that are generated by issuing the call device command. To do this: 1. Erase the current report log by entering er at the system prompt. 2. Enable the Call Trace feature by entering trace on at the system prompt. 3. Issue the call device command. 4.
USER’S GUIDE Unable to prompt for device name at this time Indicates that the call command would prompt you for a device name, but the necessary resources are not available. The recommended actions are as follows: 1. If possible, enter the device name on the command line. 2.
SYSTEM COMMANDS Call Control Commands Calling at , device PPP The phone number will show what is sent to the switch. Any imbedded dashes will have been removed. The data rate that is used is displayed. If an invalid data rate is entered, the default of 56 Kbps will use used. Because dial out is only provided for PPP devices, the device type is always PPP.
USER’S GUIDE Unable to prompt for device name at this time Indicates that the call command would prompt you for a device name, but the necessary resources are not available. The recommended actions are as follows: 1. If possible, enter the device name on the command line. 2.
SYSTEM COMMANDS Compression Information Commands COMPRESSION INFORMATION COMMANDS Compression statistics are only available for connections that are using a compression protocol. The following commands are used to display current compression information: cmp stats Displays the compression statistics for all active connections. Refer to Compression Statistics, for a list of available compression statistics and their definitions.
USER’S GUIDE DHCP stats clear Clears the DHCP statistics. ip addrpool Displays the current IP address pool. Refer to the ip addrpool command description under IP Routing Commands. DIGITAL MODEM COMMANDS These commands allow you to display active connections, display or erase digital modem statistics, add or delete individual modems and upgrade modem firmware when necessary. modem add Adds a previously-deleted modem back to the available list for devices (i.e., after testing).
SYSTEM COMMANDS Frame Relay Commands Slot number refers to the slot in which the digital modem card resides, and all refers to all modems on the card. Example: modem upgrade 2 all upgrades all modems on the DM card in slot 2. We recommend you monitor the upgrade process by using the dr console command. The upgrade process should take approximately one minute. Only after the upgrade process completes for all modems, reset the system.
USER’S GUIDE fr clear Clears the statistics counters associated with the fr stat command for the currently selected access and DLCI. fr clearall Clears all statistics associated with the fr stat command. fr lmi Displays information relating to the LMI link on the currently-selected frame relay access, if that access has the layer Management Interface enabled. The following list describes the fields displayed when the FR LMI command is entered. LMI State The condition of the LMI link.
SYSTEM COMMANDS IP Routing Commands Access. In particular, the DLCI list is maintained within the code to identify all DLCIs for which the network has knowledge, but which are not currently configured. This list is updated when unknown DLCIs are noted through the LMI FULL REPORT STATUS messages, or through CLLM messages. fr dbg level Displays or sets the current debug level for frame relay. If the level parameter is not specified, then the current debug level is displayed.
USER’S GUIDE The first line indicates: • the number of the condition within that filter which matched the packet and consequently caused a discard action, • the point at which the filter was applied, or a designation of global. For an IP network interface, this will be the configured name of the interface. For a device-based filter, this will be the configured device’s name. • In or Out, corresponding to INPUT or OUTPUT application. The next lines contain a brief decode of the packet which was discarded.
SYSTEM COMMANDS IP Routing Commands [System Name]> ip rip interface Status: I/F Type: IP Address: Subnet Mask: Broadcast Address: Transmission: Reception: Query Response: Version 2 Authentication: Active LAN 192.168.1.1 255.255.255.0 192.168.1.255 Version 1 Version 1 or Version 2 Version 1 Password Status: I/F Type: IP Address: Subnet Mask: Broadcast Address: Host Route Propagation: Inactive WAN - UNNUMBERED 0.0.0.0 (left.CSX) N/A 255.255.255.
USER’S GUIDE P The propagation flag, where A = Always propagate N = Do not propagate H = Propagate when Next Hop Device Connected 1/2 RIP Version 1/Version 2 visibility flags determine whether or not this route is visible when send the route using RIP 1 or RIP 2, where 0 = Invisible 1 = Visible T The type of route, where A = Active Route, learned via RIP on a LAN interface P = Permanent Route, learned via RIP on a WAN interface S = Static Route, learned via IP Routing Table H = Host Route, created when an
SYSTEM COMMANDS IPX Routing Commands T/P (Type/Protocol) Type The destination type is “R” for a remote network or host, and “L” for a locally connected network or host. Protocol The mechanism used to determine the route. “L” is for local, “I” is icmp, and “R” is for RIP. TTL Time to Live for this route entry in seconds. This entry will expire after the specified number of seconds. A value of 999 implies that the entry will not expire. IF The interface Id. Age The age of the route in seconds.
USER’S GUIDE Displays Negotiation Parameters when device name specified and connected: WAN Statistics for device “xxxx” Negotiation Parameters: IPX Network Address = Telebit Compression = WAN Link Delay = IPX Node Number = Protocol = ipx diag [timeout] Tests device connectivity to specified IPX host by sending out a diag packet. If connection is up, host sends a message in response to this packet to confirm receipt.
SYSTEM COMMANDS ISDN Usage Commands ipx route Displays the current routing table for the system, including static and learned routes. ipx route stats Displays routing table statistics, including maximum number of routes configured, and number of currently-available routes. Refer to IPX Route Statistics. ipx service Displays the current routes to IPX services for the system, including static and learned routes.
USER’S GUIDE This information can help you determine if additional lines and/or systems are necessary. For example, the high water mark could be compared to the number of ISDN B channels available, taking into consideration the elapsed time.
SYSTEM COMMANDS Packet Capture Commands PACKET CAPTURE COMMANDS In many applications, it is often desirable to monitor incoming LAN data. The pkt commands will allow you to capture, display, save, and load bridged or routed data packets. You must configure the terminal setting the same for Telnet and the terminal emulation package. To do this, use the term set command. Note: Packet capture commands are available for both local and remote (Telnet) connections.
USER’S GUIDE pkt display Displays captured packets that have been collected via pkt on or via pkt load. Note that this command is not supported for a Telnet session.
SYSTEM COMMANDS Packet Capture Commands Banyan Vines Packet Detail Screen (Bridged Packet) Packet Number Received at Time Packet Length 0021 0000022190 mSEC 0060 Destination Address Source Address FFFFFFFFFFFF 02608C9BED38 EtherNet Type is 0BAD, VINES IP Check Sum Packet Length Protocol Type D75D 0x001A 04, ARP Transport Control Hop Count 0 0 Dest Network Dest SubNet Source Network Source SubNet FFFFFFFF FFFF 00000000 0x0000 Packet Type Query Network Number 126697007 Subnetwork Number 0x9183 Hit Escap
USER’S GUIDE RADIUS COMMANDS The following console commands may be used to diagnose problems with: • connections to the off-node RADIUS authentication server • CyberSWITCH configuration • authentication server device database entries radius chap Attempts an authentication session using CHAP. The following is an example display of the screen. [System Name]>radius chap Enter the device name ( to abort)? doe Enter secret ( to abort)? secret123 Send Radius Authentication Request...
SYSTEM COMMANDS RADIUS Commands radius ipres Attempts an authentication session using the IP resolution. The following is an example display of the screen. [System Name]>radius ipres IP Address of the Host logging in ( to abort)? 19.63.4.5 Send Radius Authentication Request... Please wait [AUTH] Warning code: 0001 Timeout. radius macres Attempts an authentication session using the MAC resolution. The following is an example display of the screen.
USER’S GUIDE SERIAL INTERFACE COMMANDS These commands are available only when you have a serial interface card (V.35 or RS232) properly installed: ser <#> stats Displays the current serial interface statistics for each line (V.35 or RS232) attached to the card in the specified slot # . Refer to Serial Interface Statistics for a list and definition of these statistics. ser <#> clear Clears the current serial interface statistics for each line (V.35 or RS232) attached to the card in slot # .
SYSTEM COMMANDS Spanning Tree Commands State The current state of the port. Possible values are; DISABLED, BLOCKING, LISTENING, LEARNING, and FORWARDING. Path Cost The configured path cost for this port. Designated Cost The path cost to the root bridge for this port. Desig Root Addr The MAC address for the root bridge. Desig Root Prior The bridge priority for the root bridge. Desig Brdg Addr The MAC address for the designated bridge. Desig Brdg Prior The bridge priority for the designated bridge.
USER’S GUIDE Root Priority The bridge priority of the root bridge. Root Path Cost The path cost to the root bridge. Root Port Num The port number on the CyberSWITCH that offers the lowest cost path to the root bridge. This is set to 0 if the system is the root bridge. Root Port Prior The port priority of the Root Port Number. Max Age The maximum time (in tenths of a second) allowed without receiving a Spanning Tree message from the root bridge.
SYSTEM COMMANDS TCP Commands STP Enabled A flag that is set to “1” if the Spanning Tree protocol is enabled. TCP COMMANDS TCP (Transmit Control Protocol) provides a connection-oriented reliable communication for delivery of packets to a remote or on-node device. When the IP feature is enabled, the following TCP commands are available: tcp conns Display the current TCP connection status with the following format: lport The local port number for this TCP connection.
USER’S GUIDE TELNET COMMANDS These commands are Telnet client console commands. These commands provide tools for you when you are using the system as a Telnet client. As a Telnet client, the CyberSWITCH can then be used to Telnet into another CyberSWITCH to perform system maintenance, for example, updating configuration information. These commands are not needed for a Telnet session as a rule, but may be beneficial for some users.
SYSTEM COMMANDS Telnet Commands [System Name]>send Available send commands: ayt - Send "Are You There?" request to server break - Send "Break" request to server. escape - Send current "escape" character to server. synch - Send "Synch" signal to server. ? - Display this help information. The possible send parameters are defined as follows: send ayt The send ayt command sends the Telnet command function for “Are You There?” to the target host.
USER’S GUIDE The set escape command can be used to change the “escape” character for the current Telnet session. This command may be useful when a device is connected to a target host, using several different Telnet connections. By changing the escape character to a value other than the default (), the user can return to Telnet “command” mode for a particular session. Typically, Telnet “escape” characters have the form ‘‘ (i.e., the CTRL key + some other key must be pressed).
SYSTEM COMMANDS TFTP Commands The following commands are used to display the terminal type currently in use or to set the terminal type. term Displays the terminal type name. term set Allows you to set the terminal type. You may set the terminal type to either vt100 or ANSI. TFTP COMMANDS The TFTP feature and its commands are only available when IP routing is enabled. The TFTP feature and file access are enabled by default when the system software is installed.
USER’S GUIDE > TFTP PUT >IP Address of the Host to receive the file ( to abort)? 19.233.45.33 >Enter the name of the local file to send (including the full path) ( to abort)? \config\config.nei >Enter the name for the remote file (including the full path) ( for same as local)? Enter the mode (BIN [binary] or ASC [ascii]) for ascii? bin Sending File... Please wait File Transfer Complete... tftp session Displays the TFTP session information of active TFTP sessions.
SYSTEM COMMANDS UDP Commands trace ipxwan [on/off] Enables or disables the IPXWAN tracing option, which tracks all packets which are received or sent out using IPXWAN protocol, and places this information in the system log. To display the log file, issue the dr command. This option is initially disabled. trace lapb [on/off] Enables or disables the LAPB data link information packet tracing option. This feature displays up to 15 octets of the packet. To display the log file, issue the dr console command.
USER’S GUIDE sentry log This command acts as a toggle switch, enabling or disabling user authentication rejection messages. If enabled, authentication rejection messages (identifying users who generated the messages) are written to the log file. To display the log file, issue the dr console command. This option is initially disabled. sentry status Displays current Sentry status. This includes whether or not trace is enabled, as well as the status and port number of each authentication server on the system.
SYSTEM COMMANDS X.25 Commands Alarm Type Alarm Meaning Loss of Signal (Red) An all zero signal (or complete lack of signal). Loss of Frame (Red) A signal which does not match the configured framing mode (for example, ESF). AIS (Blue) An unframed all one signal. RAI (Yellow) A Remote Alarm Indication signal. wan l1p error [display or clear] When display is used, this command displays the PRI layer 1 error counters.
USER’S GUIDE trace x25 [on/off] Enables or disables the X.25 packet tracing option. This feature displays up to 15 octets of the packet. To display the log file, issue the dr console command. This option is initially disabled. x25 clear Clears the statistics counters associated with the x25 stat command for the currently selected access and LCN. x25 clearall Clears all statistics associated with the x25 stat command for the currently selected access and LCN.
SYSTEM STATISTICS OVERVIEW Statistics can either be generated by issuing the ds command to display the set of statistics known as the System Statistics, or by issuing a specific command to display statistics in a specific category. In addition to using the ds command to display the system statistics, they are also automatically written to a statistics log every 30 minutes. The statistics are stored in the following location: Directory: \log File Name: stat_log.
USER’S GUIDE CALL RESTRICTION STATISTICS The system keeps a tally of the following Call Restriction statistics. These statistics can be compared to the limits you have configured. These statistics can be displayed by issuing the cr stats or the ds command at the administration console. call minutes (day) The total call minutes that have been logged for the day. call minutes (month) The total call minutes that have been logged for the month.
SYSTEM STATISTICS AppleTalk Statistics APPLETALK STATISTICS You may display AppleTalk protocol statistics (subdivided into six subgroups) and AppleTalk port statistics. You can display all six subgroups of the AppleTalk protocol statistics by issuing the atalk stats command, or you can display the individual subgroups by adding an extra variable to the atalk stats command. You can display the AppleTalk port statistics by issuing the atalk port stats console command.
USER’S GUIDE ddpTooShortErrors The total number of input DDP datagrams dropped because the received data length was less than the data length specified in the DDP header or the received data length was less than the length of the expected DDP header. ddpTooLongErrors The total number of input DDP datagrams dropped because they exceeded the maximum DDP datagram size.
SYSTEM STATISTICS AppleTalk Statistics atechoInReplies The count of AppleTalk Echo replies received. APPLETALK ROUTING TABLE MAINTENANCE PROTOCOL (RTMP) STATISTICS You can display this subgroup of AppleTalk statistics by issuing the atalk stats rtmp console command. rtmpInDataPkts A count of the number of good RTMP data packets received by this system. rtmpOutDataPkts A count of the number of RTMP packets sent by this system.
USER’S GUIDE zip ZoneConflctErrors The number of times a conflict has been detected between this entity’s zone information and another system’s zone information. zipInObsoletes The number of ZIP Takedown or ZIP Bringup packets received by this system. Note that as the ZIP Takedown and ZIP Bringup packets have been obsoleted, the receipt of one of these packets indicates that a node sent it in error.
SYSTEM STATISTICS AppleTalk Statistics atpRetryCntExceeds The number of times the retry count was exceeded, and an error was returned to the client of ATP. APPLETALK PORT STATISTICS You can display the AppleTalk port statistics by issuing the atalk port stats console command. portInPackets The number of AppleTalk packets received on this port by this system. portOutPackets The number of AppleTalk packets sent out on this port by this system.
USER’S GUIDE BRIDGE STATISTICS The system collects bridge statistics for each LAN port and for WAN connections. These bridge statistics include information on the number of frames received, forwarded, discarded or transmitted. If the system is configured for two LAN ports, there is a line of counters for each LAN port. However, the WAN counters are totaled for all WAN ports.
SYSTEM STATISTICS Compression Statistics COMPRESSION STATISTICS The system collects the following compression statistics for each active compression connection. These statistics can be displayed by issuing the cmp stats or the cmp stats command at the administration console. The cmp stats command will display the compression statistics for all active connections. The cmp stats command will display the compression statistics for the specified device.
USER’S GUIDE peer sent resets The number of decompression resets sent from peer devices. system sent resets The number of decompression resets sent from the System. dropped pkts The number of dropped packets that could not be queued. fcs errors The number of frame checksum errors. DHCP STATISTICS Access DHCP statistics by using the dhcp stats command.
SYSTEM STATISTICS DHCP Statistics DHCP RELAY AGENT STATISTICS BOOTREQUEST msgs rcvd Incremented whenever the system identifies a UDP datagram as a DHCP/BOOTP BOOTREQUEST message. This datagram has passed the initial consistency checks. BOOTREQUEST msgs rlyd Incremented whenever the system has successfully “relayed” a BOOTREQUEST message to a configured destination (i.e., another Relay Agent, or a DHCP/BOOTP server).
USER’S GUIDE BOOTREPLY bad ’giaddr’: Number of DHCP/BOOTP BOOTREPLY messages that were discarded by the DHCP Relay Agent because the ’giaddr’ (gateway IP address) field could not be mapped to one of the system’s IP network interfaces. BOOTREPLY arp_add0 fail Number of times that the DHCP/BOOTP Relay Agent failed to add a client’s IP address/hardware address pair to the ARP table. When this occurs, an attempt is still made to send the BOOTREPLY to the client.
SYSTEM STATISTICS Digital Modem Statistics DHCPNAKs rcvd Incremented whenever the DHCP Proxy Client has received a DHCPNAK message from a DHCP server. Invalid DHCP pkts rcvd Incremented whenever the DHCP Proxy Client encounters a DHCP message that is invalid due to either of the following: • the ’op’ field is not equal to BOOTREPLY • the DHCP ’special field’ is not found at the beginning of the options field When this occurs, the packet is silently discarded.
USER’S GUIDE INIT The access state entered when the access is first initialized. The access has entered the LMI dialogue phase, but has not yet received an appropriate LMI STATUS message response. UP The access state entered when the access either has no LMI, or the LMI message exchange is confirmed. DOWN The access state entered when the access has been lost due to layer 1 loss, or after no response has been received on the LMI link.
SYSTEM STATISTICS Frame Relay Statistics # Lost Rx Frame Related to the “# Lost Rx Seq” counter in that it represents the number of actual lost frames, not just the number of times a frame (or frames) was lost. # Invalid Frame Size The number of times a frame is discarded because it exceeded the maximum frame size supported by the frame relay network. # Timed Lost Rx Frame Not currently supported. # No Control Block Not currently supported.
USER’S GUIDE NOT READY The PVC state entered when the PVC has been marked unavailable by the network via a STATUS message, an alarm condition, or failure of the LMI link. NETWORK OUTAGE The PVC state entered when the PVC has been marked unavailable. This follows the receipt of a CLLM message indicating a network failure has occurred. # PVC activations The number of times the PVC has been marked available for use, or “up”.
SYSTEM STATISTICS IP Statistics crc errors The number of aligned frames discarded because of a CRC error. align errors The number of frames that are both misaligned and contain a CRC error. resource errors The number of good frames discarded because there were no resources available. pkts xmit The number of packets transmitted on the LAN port. xmit errors The number of packets transmitted with errors on the LAN port. IP STATISTICS You can access IP statistics by using the ip stats console command.
USER’S GUIDE ipInUnknownProtos The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol. ipInDiscards The number of input IP datagrams for which no problems were encountered that would prevent their continued processing, but which were discarded (e.g., for lack of buffer space). Note that this counter does not include any datagrams discarded while awaiting re-assembly.
SYSTEM STATISTICS IP Statistics ipFragCreates The number of IP datagram fragments that have been generated as a result of fragmentation at this system. ICMP GROUP STATISTICS icmpInMsgs The total number of ICMP messages that the system received. Note that this counter includes all those counted by icmpInErrors. icmpInErrors The number of ICMP messages that the system received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, etc.).
USER’S GUIDE icmpOutErrors The number of ICMP messages that this system did not send due to problems discovered within ICMP, such as a lack of buffers. This value should not include errors discovered outside the ICMP layer such as the inability of IP to route the resultant datagram. In some implementations there may be no error types that contribute to this counter’s value. icmpOutDestUnreachs The number of ICMP Destination Unreachable messages sent.
SYSTEM STATISTICS IPX Statistics IPX BASIC SYSTEM TABLE STATISTICS ipxBasicSysExistState The validity of this entry in the IPX system table. Setting this field to off indicates that this entry may be deleted from the system table at the IPX implementation’s discretion. ipxBasicSysNetNumber The network number portion of the IPX address of this system. ipxBasicSysName The readable name for this system. ipxBasicSysInReceives The total number of IPX packets received, including those received in error.
USER’S GUIDE ipxBasicSysOpenSocketFails The number of IPX socket open calls which failed. IPX ADVANCED SYSTEM TABLE STATISTICS ipxAdvSysMaxPathSplits The maximum number of paths with equal routing metric value which this instance of the IPX may split between when forwarding packets. ipxAdvSysMaxHops The maximum number of hops a packet may take. ipxAdvSysInTooManyHops The number of IPX packets discarded due to exceeding the maximum hop count.
SYSTEM STATISTICS IPX Statistics ripIncorrectPackets The number of times incorrect RIP packets were received. ripState Represents the status of the IPX RIP feature: 1 = disabled, 2 = enabled. IPX TRIGGERED RIP STATISTICS You can access IPX triggered RIP statistics by using the ipx trigrip stats command. trigRipUpdateRequestsSent Number of triggered RIP update requests sent. trigRipUpdateRequestsRcvd Number of triggered RIP update requests received.
USER’S GUIDE Available Routes Number of routes currently available on this router. High Water Mark Peak number of routes this router has used. IPX SAP STATISTICS You can access IPX SAP statistics by using the ipx sap stats console command. sapInstance With the CyberSWITCH, the value of this statistic is always 1. With other products, this statistic is useful. Currently, it is not useful for the CyberSWITCH. sapIncorrectPackets The number of times incorrect SAP packets were received.
SYSTEM STATISTICS RIP Statistics IPX SERVICE STATISTICS You can access IPX Service statistics by using the ipx service stats console command. Static Services Number of static services configured on this router. Sap Services Number of services learned through SAP from other routers. Total Services Total number of services. Should be equal to the sum of Static and SAP services. Maximum Services Maximum number of services this router is configured to handle.
USER’S GUIDE IfStatRcvBadRoutes The number of routes, in valid RIP packets, which were ignored for any reason. Example reasons include: an unknown address family, or an invalid metric. IfStatRcvRequests The number of RIP messages with ‘request’ command code received on this interface. IfStatRcvResponses The number of RIP messages with ‘response’ command code received on this interface. IfStatSentRequests The number of RIP messages with ‘request’ command code sent on this interface.
SYSTEM STATISTICS SNMP Statistics snmpInBadVersions The total number of SNMP messages that were delivered to the SNMP Agent and were for an unsupported SNMP version. snmpInBadCommunityNames The total number of SNMP messages delivered to the SNMP Agent that used an SNMP community name not known to said system. snmpInBadCommunityUses The total number of SNMP messages delivered to the SNMP Agent that represented an SNMP operation that was not allowed by the SNMP community named in the message.
USER’S GUIDE snmpInGetNexts The total number of SNMP Get-Next PDUs that have been accepted and processed by the SNMP Agent. snmpInSetRequests The total number of SNMP Set-Request PDUs that have been accepted and processed by the SNMP Agent. snmpInGetResponses The total number of SNMP Get-Response PDUs that have been accepted and processed by the SNMP Agent. snmpInTraps The total number of SNMP Trap PDUs that have been accepted and processed by the SNMP Agent.
SYSTEM STATISTICS TCP Statistics TCP STATISTICS You can access these statistics by issuing the tcp stats console command. tcpRtoAlgorithm The algorithm used to determine the timeout value used for retransmitting unacknowledged octets. This value is always equal to 4 for the Van Jacobson’s algorithm. tcpRtoMin The minimum value permitted by a TCP implementation for the retransmission timeout, measured in milliseconds.
USER’S GUIDE tcpInErrs The total number of segments received in error (for example, bad TCP checksums). tcpOutRsts The number of TCP segments sent containing the RST flag. TFTP STATISTICS You can access these statistics by issuing the tftp stats console command. STATISTICS FOR SERVER OR REMOTE INITIATED TFTP ACTIVITY Successful file puts Displays the count of the successful puts from the remote hosts. (Remote host uploaded a file to local system.
SYSTEM STATISTICS TFTP Statistics Failed file gets Displays the count of failed gets. (Local system failed to download a file from a remote host.) Total bytes put Displays the total number of bytes successfully put. (Number of bytes uploaded from the local system to remote hosts.) Total bytes get Displays the total number of bytes successfully gotten. (Number of bytes downloaded from remote hosts to the local system.
USER’S GUIDE UDP STATISTICS If the IP operating mode is enabled, you can access the following UDP statistics by using the udp stats command: udpInDatagrams The total number of UDP datagrams delivered to UDP devices. udpInErrors The number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port. udpNoPorts The total number of received UDP datagrams for which there was no application at the destination port.
SYSTEM STATISTICS WAN L1P Statistics WAN L1P STATISTICS You can access WAN L1P statistics by issuing the wan l1p stats display console command. These statistics are divided into the following groups of statistics: PRI S/T (T1/E1) interface statistics, error statistics, and layer 1 general statistics. These groups are defined below. PRI S/T (T1/E1) INTERFACE STATISTICS Layer 1 Up The number of times layer 1 has reported itself up to the upper ISDN layers.
USER’S GUIDE Recv Positive Slips The number of PRI frames lost due to timing problems in the positive direction. Recv Parity Errors The number of receive parity errors. Xmit Slips The number of times an error has occurred in the host clock system. If the wander of the transmit route clock is too great, data transmission errors will occur. Xmit Parity Errors The number of transmit parity errors. LAYER 1 GENERAL STATISTICS Note: Layer 1 general statistics apply to the indicated slot.
SYSTEM STATISTICS X.25 Statistics switched call completed A counter that is incremented each time a switched call successfully completes and passes identification. switched call retry A counter that is incremented for each retry of an original switched call attempt. switched call not possible A counter that is incremented each time a switched call needs to be made to a site and it is not possible.
USER’S GUIDE # Max Connections The maximum number of active VCs allowed at any time. # Active Conn The number of currently active VCs. # Max Conn Active The maximum number of VCs that can be active at any time. # Conn Failed The number of VCs that have failed. # Normal Disconnect The number of SVC connections that terminated normally. # Abnrml Disconnect The number of VC connections that terminated due to LAPB problems. # Packets Sent count The number of X.25 data packets sent.
SYSTEM STATISTICS X.25 Statistics # Restarts Received The number of times the X.25 network has been restarted by a remote DTE or the network. # Diag Pkt Sent The number of diagnostic packets sent. # Diag Pkt Received The number of diagnostic packets received. # Bytes Sent count The total number of data bytes sent. # Bytes Received The total number of data bytes received. X.25 VIRTUAL CIRCUIT (VC) RELATED STATISTICS You can access these statistics by issuing the x25 vc stats console command.
USER’S GUIDE # RNR Sent count The number of receive not ready packets sent. # RNR Received The number of receive not ready packets received. # Bytes Sent Count The total number of data bytes sent since the last reset or restart. # Bytes Received The total number of bytes received since the last reset or restart.
ROUTINE MAINTENANCE OVERVIEW The information in this chapter provides instructions for performing routing maintenance on the CyberSWITCH. The information falls into the following categories: • installing/upgrading system software • executing configuration changes • performing a configuration backup and restore • obtaining system custom information INSTALLING/UPGRADING SYSTEM SOFTWARE System software is delivered on 3.5" high-density diskettes.
USER’S GUIDE changes are NOT dynamic. The changes are saved in a temporary copy of configuration data, and will not affect the current run-time operation of the system in any way. To terminate the session, return to the main CFGEDIT menu. Select the save changes option. Then press to exit. Note: This “save” process also includes all unsaved Manage Mode changes which were made prior to the CFGEDIT session, if any. At your earliest possible convenience, reboot the system.
APPENDICES The User’s Guide includes the following appendices: • System Worksheets We have designed a set of worksheets you can fill out before you begin your CyberSWITCH configuration. Once filled out, they will contain information you will need for the configuration process. • CFGEDIT Map A CFGEDIT map you can use as an aid when configuring your system. As you proceed through the configuration process, this map can help you understand where you are in the CFGEDIT structure.
SYSTEM ADAPTERS This appendix includes the following illustrations of available CyberSWITCH adapters: • Ethernet • Basic Rate • Primary Rate: PRI-8 PRI-23 PRI-23/30 • Expander • V.35 • RS232 • Digital Modem DM-8 DM-24 DM-24+/DM-30+ • Encryption: DES (USA) Generally, adapter switch settings are preset and adapters are preinstalled prior to shipment. However, in the event you need to do any part of this installation on-site, you must determine the correct switch settings for the adapters in question.
SYSTEM ADAPTERS ETHERNET ADAPTER Front View AUI Connectors I/O Address (JP2) Interrupt Block (JP1) i960 RISC CPU DRAM (2 SIMMS) Ethernet Adapter Side View Central Site Remote Access Switch 669
USER’S GUIDE BASIC RATE ADAPTER This adapter is set for slot 3: Front View RJ-45 Connectors TDM Bus Connector BRI-4 Adapter Side View LCD Connector 670 CyberSWITCH Interrupt Block ON 3 4 5 6 7 9 10 11 12 14 15 I/O Switch BASIC RATE INTERFACE S1 S2 S3 S4 S5 S6 S7 S8 ON OFF ON OFF ON OFF OFF OFF Pin 1
SYSTEM ADAPTERS PRIMARY RATE ADAPTERS THE PRI-8 This adapter is set for slot 5: RJ-45 Connector J15 (jumper on left) J13 (jumper on bottom) J14 (jumper on left) Front View J13 J15 J14 J12 (jumper on bottom) J12 J11 (jumper on right) J11 J20 J20 (jumper on bottom) PRI-8 Adapter Side View TDM BUS Connector LCD Connector Interrupt Block ON 3 4 5 6 7 9 10 11 12 14 15 I/O Switch PRIMARY RATE INTERFACE S1 S2 S3 S4 S5 S6 S7 S8 ON ON OFF OFF ON OFF OFF OFF Pin 1 Central Site Remote Access Switch
USER’S GUIDE THE PRI-23 JP7 OFF S8 2 S1 1 2 3 J10 ON JP6 1 RJ-45 Connector MVIP Bus Connector 6 5 4 3 2 1 1 2 3 J14 1 2 3 6 5 4 3 2 1 JP5 3 6 5 4 3 2 1 J11 1 2 3 1 J13 6 5 4 3 2 1 JP4 2 J12 7KLV DGDSWHU LV VHW IRU VORW MVIP End-of-Bus Termination I/O Switch 4 3 PIN 1 15 14 12 11 10 9 7 6 5 4 3 TDM Bus Connector PIN 1 Interrupt Block PRI-23 Adapter Pin 1 LCD Connector 672 CyberSWITCH
SYSTEM ADAPTERS THE PRI-23/30 7KLV DGDSWHU LV VHW IRU VORW 1RWH WKDW 6 RQ WKH , 2 6ZLWFK LV QRW XVHG 7KH ERDUG VKRXOG IXQFWLRQ SURSHUO\ ZLWK WKH VZLWFK LQ HLWKHU WKH 21 RU 2)) SRVLWLRQ JP7 JP1 1 2 3 1 2 3 JP6 RJ-45 Connector 5 2 3 1 4 1 3 JP8 JP7 JP1 JP11 6 4 2 JP4 Interrupt Block 3 JP6 7 6 5 4 JP8 JP4 15 14 12 11 10 9 2 1 MVIP Bus Connector TDM Bus Connector JP3 4 3 JP3 TDM Bus Connector MVIP Termination ON ON 8 7 6 5 4 3 2 1 4 3 8 7 6 5 4 3 2 1 2 1 JP9 I/O
USER’S GUIDE EXPANDER ADAPTER This adapter is set for slot 5: Front View PRI-8 Expander Adapter Side View TDM Bus Connector I/O Switch Interrupt Block 3 4 5 6 7 9 10 11 12 14 15 S1 S2 S3 S4 S5 S6 S7 S8 ON ON OFF OFF ON OFF OFF OFF Pin 1 674 CyberSWITCH
SYSTEM ADAPTERS V.35 ADAPTER This adapter is set for slot 5: Front View DB26 Connectors V.35 Adapter Side View LCD Connector 3 4 5 6 7 9 10 11 12 14 15 ............ OPEN ............ OFF OFF OFF ON OFF OFF ON ON 1 2 3 4 5 6 7 8 I/O Switch Interrupt Block Note: Switch label “OPEN” is the same as OFF on I/O switch.
USER’S GUIDE RS232 ADAPTER This adapter is set for slot 5: Front View DB26 Connectors RS232 Adapter Side View LCD Connector 3 4 5 6 7 9 10 11 12 14 15 ............ OPEN ............ OFF OFF OFF ON OFF OFF ON ON 1 2 3 4 5 6 7 8 I/O Switch Interrupt Block Note: 676 Switch label “OPEN” is the same as OFF on I/O switch.
SYSTEM ADAPTERS DIGITAL MODEMS THE DM-8 This card is configured as the second DM-8 in the system as well as the last card on the MVIP bus: J5 (both jumpers installed; bus terminated) J6 MVIP Termination Jumpers Pin 1 J4 J3 J2 MVIP Bus Connector DM8 DM7 DM6 DM5 DM4 DM3 DM2 DM1 MVIP I/O Jumpers (jumpers 3 & 4 installed) DM-8 Adapter Central Site Remote Access Switch 677
USER’S GUIDE THE DM-24 The DM-24 adapter consists of a mother board/daughter board combination; daughter board sets on top of larger mother board.
SYSTEM ADAPTERS DM-24, back view (Illustration does not depict switches set for any particular slot): DM-24 Adapter (back view) I/O Address Switches S3 ON 123456 123456 IRQ15 IRQ14 IRQ12 IRQ11 IRQ10 A4 A5 A6 A7 A8 A9 S2 ON ON ON ON ON ON OFF ON Interrupt Block ON ON ON ON ON 12 IRQ15 IRQ14 IRQ12 IRQ11 IRQ10 A4 A5 A6 A7 A8 A9 123456 12 OFF S1 S4 123456 12 ON 12 MVIP End-of-Bus Termination Switches Note: In rare cases, there may be some variation with silk screening from card t
USER’S GUIDE THE DM-24+/DM-30+ The DM-24+ and the DM-30+ adapters consist of a mother board/daughter board combination. The two adapters closely resemble each other, but are distinguishable by the number of modems each supports. There are 30 modem chips on the DM-30+; and 24 modem chips on the DM-24+.
SYSTEM ADAPTERS ON OFF Pertinent switches are located on the back side of the mother board.
USER’S GUIDE ENCRYPTION ADAPTER DES ADAPTER (US VERSION) OFF ON 1 2 3 4 5 6 7 8 SW1 PQR512 Chips on RSA Board Only + + + J1 Battery LD1 LD2 LD3 RSA/DES Adapter (USA) Note: 682 Jumper J1 must be installed for the board to be operational.
SYSTEM WORKSHEETS The worksheets included in this appendix will be helpful in configuring and managing your system. They capture important network information. To see examples of completed worksheets, refer to the Example Networks Guide. Worksheets included in this appendix are: 1. Network Topology Worksheet. This worksheet identifies the following information: • The Users or Remote Sites in your network. • The telephone numbers associated with the Users or Remote Sites in your network.
USER’S GUIDE NETWORK TOPOLOGY 684 CyberSWITCH
SYSTEM WORKSHEETS System Details SYSTEM DETAILS System Name: _____________________ PAP Password:_______________ CHAP Secret:___________________ RESOURCES Type Slot Switch type Synchronization type LINES BRI Lines Name Slot Port Line type Call screen TEI SPID Directory number PRI Lines Name V.35 and RS232 Lines Name Slot Port Slot Framing type Port Line coding Device/Network Sig.
USER’S GUIDE ACCESSES Dedicated Accesses Over ISDN: Line name Data rate ❒ 56 Kbps ❒ 56 Kbps ❒ 56 Kbps ❒ 56 Kbps Bearer channels Line protocol Device tied to this access Data rate Line protocol Device tied to this access ❒ 64 Kbps ❒ 64 Kbps ❒ 64 Kbps ❒ 64 Kbps Over Serial connection: Line name Clocking ❒ Internal ❒ Internal ❒ Internal ❒ Internal ❒ External ❒ External ❒ External ❒ External X.25 Accesses Over ISDN: Line name Access name Over serial connection: Line name Access name X.
SYSTEM WORKSHEETS Device Information DEVICE INFORMATION Device Name: _____________________________ Calling (ISDN, FR, etc.) Information Line Protocol Base Data Rate Initial Data Rate Max Data Rate Dial-Out Number(s) X.
USER’S GUIDE BRIDGING AND ROUTING INFORMATION BRIDGING Bridging ❒ enabled ❒ disabled Mode of Operation ❒ restricted ❒ unrestricted IP Routing ❒ enabled ❒ disabled Mode of Operation ❒ router ❒ IP host Bridge Filters Bridge Dial Out/ Known Connect List IP ROUTING Network Interface Information LAN Name IP address Mask Unnumbered WAN ❒ need ❒ don’t need Input filters Output filters Remote LAN Name IP address Mask Input filters Output filters Traditional WAN Name IP address Mask Input filte
SYSTEM WORKSHEETS Bridging and Routing Information IP ROUTING, CONTINUED Static Routes Destination network address Mask Next hop ❒ default? ❒ default? ❒ default? ❒ default? IPX ROUTING Routing Information IPX routing Internal network number ❒ enabled ❒ disabled Network Interface Information LAN Name External network number Remote LAN Name External network number Static Routes Destination network number Next hop ❒ Int. ❒ Int. ❒ Int. ❒ Int. ❒ Int. ❒ Int.
USER’S GUIDE APPLETALK ROUTING AppleTalk Routing/Port Information AppleTalk routing ❒ enabled LAN ❒ disabled Name Port number Network type ❒ extended ❒ nonextended Netwk range/ number AppleTalk address Zone name(s) WAN Name Network type ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended ❒ extended ❒ nonextended Netwk range/ number AppleTalk addr
CFGEDIT MAP OVERVIEW The following pages provide an outline of the CyberSWITCH CFGEDIT configuration utility. As you configure your system, you may find it helpful to use this outline as a map to help you navigate through CFGEDIT. MAIN MENU Note: All options listed may not be available on your particular system. The availability of these options depends upon the platform and software you have ordered, as well as your configuration choices.
USER’S GUIDE PHYSICAL RESOURCES MENU RESOURCES • COMMPORT • Basic Rate switch type • T1/E1/PRI switch type synchronization • Expander • V.35 • RS232 • Ethernet 1, 2 • Digital Modem 8, 24, 30 mu law A-law • DES-RSA DATA LINES • ASYNDMPORT • Name/Slot/Port/Framing/Line coding/Signalling/Line build out • Datalinks PPP: TEI negotiation PMP: Call Screen Method name subaddress telephone number ACCESSES • Dedicated Data rate Bearers list Line protocol HDLC PPP FR DBU Device name • X.25 Name Data rate X.
CFGEDIT MAP Options Menu OPTIONS MENU BRIDGING • • • • • Enable/Disable Spanning Tree Mode of Operation unrestricted, restricted Bridge Filters protocol definition filters (source, destination, protocol, packet data) Known Connect List IP ROUTING • Enable/Disable • IP Operating Mode (host/router) • Interfaces LAN WAN WAN (Direct Host) WAN (RLAN) WAN (unnumbered) IP Host • Static Routes • RIP (enable/disable) • Static ARP table • Isolated Mode (enable/disable) • Static Route via RADIUS • IP Address Pool
USER’S GUIDE IPX R OUTING • Enable/Disable • IPX Network Number • IPX Interfaces LAN Remote LAN • Routing Protocols IPX RIP, IPX SAP number table entries • IPX Static Routes RIP info number of ticks, hops next hop destination IPX number • Netware Static Services SAP info number of hops to service service IPX socket number service IPX node number service IPX network number service type service name • IPX Spoofing IPX, SPX watchdog serial packet handling message packet handling • Type 20 Protocol change devi
CFGEDIT MAP Options Menu PPP • • • • Global options LCP options IPCP options Link failure options CALL CONTROL • Throughput Monitor • Call Interval • Monthly call charges • Call Restrictions • Device Profile • Bandwidth Reservation • Semipermanent Connection • Connection Services Manager (CSM) for Call Control enable/disable TCP port number • D-Channel Callback • Digital Modem Inactivity Timeout enable/disable timeout value (in minutes) DEFAULT LINE PROTOCOL • Action Timeout • Timeout Value DEFAULT ASY
USER’S GUIDE SECURITY MENU SECURITY LEVEL • No Security • Device Level Security • User Level Security • Device and User Level Security SYSTEM OPTIONS AND INFORMATION • System Options PAP password CHAP challenge Bridge MAC address IP Host ID Calling Line ID • System Information system name system password system secret • Administrative Session Database Location On-node CSM RADIUS TACACS ACE Inactivity time-outs Telnet admin sessions TCP port number Emergency Telnet port number DEVICE LEVEL D ATABASES • On
CFGEDIT MAP Security Menu • Authentication PAP password CHAP secret outbound authentication user level authentication IP host ID bridge Ethernet calling line ID IP information IP address IP enable/disable make calls for IP data IPX enable/disable calls for IPX data IPXWAN IPX routing none RIP/SAP trig RIP/SAP IPX External WAN network number IPX spoofing AppleTalk information AppleTalk address enable/disable make calls for AppleTalk data AppleTalk routing protocol Bridge information IP (sub)network number
USER’S GUIDE OFF-NODE SERVER INFORMATION • CSM TCP port • RADIUS Primary Server Secondary Server Miscellaneous info number of retries time between retries • TACACS Primary Server IP Address Shared Secret UDP Port Number Secondary Server Miscellaneous info number of retries time between retries packet format • ACE Primary Server Secondary Server Miscellaneous info number of retries time between retries encryption method (SDI or DES) source IP address Load Server Configuration file • RADIUS Accounting Primar
GETTING ASSISTANCE REPORTING PROBLEMS For a fast response, please take the time to fill out the System Problem Report to inform us of any difficulties you have with our products. A copy of this report can be found at the end of this chapter. This report provides us with important information to diagnose and respond to your questions. Please pay special attention to the following areas: FAX Header The System Problem Report has been designed as a FAX form.
DATE: ______________ TO: CUSTOMER SERVICE Cabletron Systems (603) 332-9400 PHONE (603) 337-3075 FAX NUMBER OF PAGES INCLUDING THIS PAGE: ______ FROM: ______________________________________ COMPANY:_______________________________________ ADDRESS: ______________________________________ ______________________________________ PHONE: ______________________________________ FAX: ______________________________________ _____________________________________________________________________________________________ CA
ADMINISTRATIVE CONSOLE COMMANDS TABLE The following table lists all system administration commands. Guest commands are identified in the command column. Command Use ? (GUEST) displays help screen atalk arp displays the AARP cache atalk ping . {timeout/dnnn] example: atalk ping 1.
USER’S GUIDE Command cdr verify (GUEST) verifies call detail recording servers are configured cfg provides information on changes to configuration files cfgedit starts the CFGEDIT configuration utility cls (GUEST) clears administration screen cmp stats displays the compression connection statistics for all active connections cmp stats displays the compression connection statistics for the specified device cmp clear clears all the compression statistics for the spe
ADMINISTRATIVE CONSOLE COMMANDS TABLE Command Use fr dbg level displays the current debug level for frame relay fr dbg level sets the current debug level for frame relay fr display displays the configuration information for the selected frame relay access fr lmi displays LMI link information for the selected frame relay access fr stats displays statistics for the selected frame relay access and DLCI ip addrpool displays the current IP address pool ip arp displays current ARP cache ta
USER’S GUIDE Command Use ipx sap stats displays IPX SAP statistics ipx spoof stats displays IPX spoofing statistics ipx stats displays IPX statistics ipx trigreq generates a triggered RIP/SAP update request to the specified device.
ADMINISTRATIVE CONSOLE COMMANDS TABLE Command Use modem upgrade installs new modem firmware onto specified modem modem devices displays active modem connections neif displays the interface table pkt capture specifies which packets will be captured by the packet capture feature (all, reqd, pend, actv, idle, or none) pkt mac enables the MAC address monitor display pkt [on/off] enables or disables the Packet Capture feature pkt display displays captured
USER’S GUIDE Command Use ser signal displays current state of input signals for each serial line attached to card in specified slot. “0” indicates inactive; “1” indicates active.
ADMINISTRATIVE CONSOLE COMMANDS TABLE Command Use trace lapb[on/off] enables or disables the packet tracing option for LAPB data link information trace ppp [on/off] enables or disables the tracing of ppp packets trace x25 [on/off] enables or disables the packet tracing option for X.
MANAGE MODE COMMANDS TABLE The following table displays the available Dynamic Management commands: Command Use ace displays ACE off-node server configuration ace change allows changes to the ACE off-node server configuration ace reinit reinitializes the CyberSWITCH ACE client admlogin [change] displays [or allows you to change] the current administrative session configuration information alarm displays the current enabled status of the call restriction alarm alarm [off/on] disables/enables the
MANAGE MODE COMMANDS TABLE Command Use exit exits from Manage Mode and returns to the normal system command mode fileattr displays the current user file access rights (guest or admin) fileattr change allows you to change current file access rights configuration data help displays a list of the valid Manage Mode commands ipfilt updates the IP filter configuration ipnamesv configures DNS and NetBIOS name server addresses ipnetif displays the current IP network interface configuration data ipr
USER’S GUIDE 710 Command Use ipxsvc [add/change/delete] adds/changes/deletes an IPX service ipxspoof allows you to configure system level spoofing data ipxt20 allows you to configure IPX type 20 information line displays the current line configuration data lineprot displays the current default line protocol configuration lineprot change allows changes to default line protocol configuration log presents all configuration options for log options netlogin displays network login parameters n
MANAGE MODE COMMANDS TABLE Command Use srcfilt [add/change/delete] adds/changes/deletes the a source address filter tacacs displays TACACS off-node server configuration tacacs change allows changes to the TACACS off-node server configuration termopt allows you to change default async protocol configuration tftp displays the current TFTP configuration tftp change allows the current TFTP configuration to be changed thruput displays the current throughput monitor configuration data thruput cha
CAUSE CODES TABLE The following table provides Q.931 cause codes and their corresponding meanings. Cause codes may appear in Call Trace Messages. Dec Value Hex Value Q.931 Cause 0 0 valid cause code not yet received 1 1 unallocated (unassigned number) Indicates that, although the ISDN number was presented in a valid format, it is not currently assigned to any destination equipment.
CAUSE CODES TABLE Dec Value Hex Value Q.931 Cause 19 13 no answer from device (device alerted) Indicates that the destination has responded to the connection request but has failed to complete the connection within the prescribed time. Problem at remote end. 21 15 call rejected Indicates that the destination was capable of accepting the call (was neither busy nor incompatible) but rejected the call for some reason.
USER’S GUIDE Dec Value 714 Hex Value Q.931 Cause 34 22 no circuit/channel available Indicates that the connection could not be established because there was no appropriate channel available to handle the call. 35 23 destination unattainable 37 25 degraded service 38 26 network (WAN) out of order Indicates that the destination could not be reached because the network was not functioning correctly and that the condition is expected to last for a relatively long time.
CAUSE CODES TABLE Dec Value Hex Value Q.931 Cause 52 34 outgoing calls barred 53 35 outgoing calls barred within CUG 54 36 incoming calls barred 55 37 incoming calls barred within CUG 56 38 call waiting not subscribed 57 39 bearer capability not authorized Indicates that the device has requested a bearer capability that the network is able to provide, but that the device is not authorized to use. This may be a subscription fault.
USER’S GUIDE Dec Value 716 Hex Value Q.931 Cause 81 51 invalid call reference value Indicates that the remote equipment has received a call with a call reference that is not currently in use by the device-network interface. 82 52 identified channel does not exist Indicates that the receiving equipment has been requested to use a channel that is not activated on the interface for calls.
CAUSE CODES TABLE Dec Value Hex Value Q.931 Cause 97 61 message type non-existent or not implemented Indicates that the receiving equipment received a message that was not recognized either because the message type was invalid, or because the message type was valid but not supported. This is either a problem with the remote configuration or a problem with the local D-channel.
USER’S GUIDE Dec Value Hex Value UNKNOWN 718 CyberSWITCH Q.931 Cause Indicates that an event occurrent but that the network does not provide causes for the actions that it takes, therefore the precise nature of the event cannot be ascertained. This may, or may not, indicate the occurrence of an error.
INDEX A access request retries 219, 221 accesses alternate accesses 242, 429 dedicated 242 frame relay 255 ISDN access 242 X.
USER’S GUIDE bridging bridge password 195 configuration 268 dial out 264 device list configuration 265 using bridge filters 283 using known connect list 285 filters 269 operation verification 423 overview 268 problem diagnosis (initialization) 462 statistics 634 bus cable 95 C cabling adapters 94 for multiple WAN adapters 95 requirements 83 call commands 592 call control 365 call detail recording 404, 405, 634 viewing reports 404 call interval parameters 371 call restrictions configuring 372, 373 statisti
configuration files 71, 665 packet types 292 restoring 666 tools CFGEDIT 111 dynamic management 112 congestion control 259 connection filters 297, 303 Connection Services Manager. See CSM.
USER’S GUIDE dynamic device option 216 dynamic management 577 command summary 708 H E E1/R2 signaling 127 EMS 49 Encapsulating Security Payload (ESP) 33 encapsulation 136, 327 encryption 32, 160, 236 configuration 231 link layer 238 network level 236 encryption adapters 69, 89, 231, 682 encryption method (ACE) 222 er 584 error messages 481 error threshold count 258 es 584 ESP Tunnel mode 33, 36, 239 Ethernet adapters 58, 669 exception filter 298, 303 excess information rate 259 exit 577 external network
IP filters, continued packet type configuration 292 per-device 299 TCP configuration 294 trace messages 551 UDP configuration 294 verification 440 IP host devices 201 IP host mode host identifier 195 interface 132, 135 verifying 427 IP operating mode 131 ip rip commands 602 ip route commands 604 IP routing address pool 290 commands 601 configuring 130 enabling 130 isolated mode 289 network interfaces 133 operation verification 423 over LAN interface connection problem diagnosis 434 verification 433 over WAN
USER’S GUIDE L LAN adapter initialization messages 419 problem diagnosis 423 verification messages 422, 423 lan commands 608 LAN IP interface 133 LAN statistics 642 lan test 422 LAPB 248 LCD cables 96 LCD messages 475 line 121 line build out 125 line encoding 125 lineprot 400 lines 119 background information 126 call screening methods 122 configuration 119, 122 for BRI resource 119 for PRI resource 119 line interface type 122 line type 126 link failure detection 257, 397 link layer encryption 231, 238 list
network number 327 network security configuring device and user level security configuring device level security 167 configuring no security 166 configuring user level security 168 network service provider CyberSWITCH as NSP 320 network topology worksheet 684 next hop 153, 154, 157, 235 NI-1 123 NI1 385 normal operation messages 481 NSP 320 172 O offnode 213, 216, 217 off-node server information 207 on-node device table: configuration elements 191 operational files 72 outbound authentication 195, 217, 386
USER’S GUIDE RADIUS Server configuring 211, 214 configuring a RADIUS Accounting Server 212 configuring login information 226 configuring user-level security 205 digital modem 392 RFC2138 215 static route lookup 289 rate measurement interval 259 readme 113 region 117 regulatory compliance of platforms 44, 48, 52, 54, 57 release notes 27 remote device connectivity operation verification 424 remote IP address 235 remote LAN 142, 325, 329, 346 remote management 560 Carbon Copy 570 remote analog console access
semipermanent connections 379, 381 and call device commands 381 and call restrictions 382 and throughput monitor 382 commands 580 configuring 379, 381 verification 471 sentry commands 624 ser commands 614 service tables (IPX) 451 session 586 shared secret (RADIUS) 211 Shared Secret Key 235 signaling method 125 SNMP 350, 353, 561 configuring 350 remote management 561 statistics 652 verification 457 snmp 352 snmp stats 614 socket number 336 software configuration files 71 installing 105 local upgrade 107 oper
USER’S GUIDE TCP 294, 300, 305 statistics 655 tcp commands 617 TDM 94, 124 bus connections 95 Teleos Simulator 116 Telnet 100, 563 remote management 563 telnet commands 618 term commands 621 term set 424 terminal mode 33, 102, 392, 393, authentication 395 CDR information 406 limitations 395 terminal server menu problem diagnosis 432 terminal server security 224, 394 termopt 392 TFTP 414, 568 configuration elements 414 remote management 568 statistics 656 tftp 414 tftp commands 621 The Local IP Address 235
verifying the installation, continued IP host mode 427 IP router initialized 423 IP routing over interfaces 433 IPX routing 446 LAN 422 multi-level security 426 PPP link detection failure 430 proxy ARP 472 remote device connectivity 424 reserved bandwidth 463 RIP 441 semipermanent connections 471 SNMP 457 triggered RIP/SAP 450 verifying an X.25 connection 431 WAN direct host 436 WAN lines 420 virtual circuits 193, 253 vra 208 X X.121 address 194, 247 X.