DIGITAL NetRider Network Access Server Management Part Number: AA-PW5VE-TE June 1997 Revision/Update Information: Software and Version: This is a revised document. DECserver Network Access Software, Version 2.
© Digital Equipment Corporation 1997. All rights reserved. Digital Equipment Corporation makes no representations that the use of its products in the manner described in this document will not infringe on existing or future patent rights, nor do the descriptions contained in this document imply the granting of licenses to make, use, or sell equipment or software in accordance with the description.
Contents Preface 1 DNAS Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 HELP TUTORIAL Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 HELP Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Exiting from a Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11 Using Menus to Set Up a Captive Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11 Displaying a Menu Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11 Purging Menu Lines and Entire Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preparing Telnet Listeners for Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Do This. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Initializing the Access Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Using the INITIALIZE Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Identification String in a Login Procedure Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7 KEEPALIVE TIMER Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-8 Keepalive Timer Default Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7 TCP/IP Network Characteristics Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Configuring the Internet Address and Subnet Mask .
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25 BOOTP Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25 Learning Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25 Setting Up IP Configuration Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying AppleTalk Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12 Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12 Displaying AppleTalk Routes Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12 Fields in the AppleTalk Routes Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Specifying LONGBREAK LOGOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13 Specifying INACTIVITY LOGOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-14 Specifying the INACTIVITY TIMER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-14 10 Configuring Modem Signals Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Establishing a Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Response to Momentary Loss of CTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Disconnecting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring DTR and DSR Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introduction . . . .
Profiles Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-18 Profile Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-18 Telnet Client Session Characteristics Predefined for Each Profile. . . . . . . . . . . . . . . . . . . 11-19 Configuring Individual Telnet Client Session Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying Session Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-48 Terminating Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-51 12 Configuring and Managing LAT Services Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1 Introduction . . . . . . . . . . . . . . . . . . . . . . .
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2 Configuring a Printer for Access Through a Telnet Listener . . . . . . . . . . . . . . . . . . . . . . . . 13-2 Configuring a Computer for Access Through a Telnet Listener . . . . . . . . . . . . . . . . . . . . . 13-3 Configuring a Modem for Access Through a Telnet Listener . . . . . . . . . . . . . . . . . . . . . . .
Control and Data Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4 Configuring LPD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5 Configuring Remote Hosts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling CSLIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13 Disabling CSLIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13 Automatic CSLIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13 Compression States. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2 Distributing Devices on Access Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2 Controlling the Number of Known Service Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2 Checking LAT Service Accessibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying and Customizing Keyboard Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-9 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-9 Server-Wide Keyboard Maps Customization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-9 Default Server-Wide Terminal Types and Keyboard Maps . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying LCP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying IPCP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying ATCP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Displaying PPP Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Novell Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-17 Operational Checkout and Diagnosis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-19 Verifying Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-19 Disabling IPX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Defining Dialer Script Strings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-4 Assigning the Dialer Script to a Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-6 Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-6 Determining the Current Dialer Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Authentication Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-10 Changing a User Name and Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-11 User Authentication Counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-11 Managing RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23 Accounting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-1 In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-1 Accounting Description. . . . . . . . . . . . . . . . . . . . . . . . .
A Cable and Adapter Recommendations Cable and Adapter Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-1 Cable and Adapter Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-1 Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preface Overview Purpose Network Access Server Management is written for the person who sets up, maintains, and manages any one of the Digital Equipment Corporation family of network access servers. To use this manual, you must be familiar with using a terminal on a Digital Equipment Corporation access server.
Conventions This manual uses the following conventions: xxviii • The Return key, which you must press to execute all commands, is not shown in command line displays. • The Local> prompt, which appears in most examples, is the default access server prompt. You can change this prompt to something other than Local> with the SET/DEFINE/CHANGE SERVER PROMPT command. • All numbers are expressed in decimal notation unless otherwise noted. • All Ethernet addresses are shown in hexadecimal notation.
Associated Documents Refer to the following documentation for additional information: • LAT Network Concepts — Provides an overview of the LAT protocol. • Terminal Server Manager Installation and Use — Provides the procedures to install and use TSM. • DECserver 700 Site Preparation and Maintenance — Provides the procedures to prepare the site before installing the DECserver 700 hardware.
How to Order Additional Documentation To order additional documentation, use the following information: To Order: Contact: By Telephone USA (except Alaska, New Hampshire, and Hawaii): 1-800-DIGITAL (1-800-344-4825) Alaska, New Hampshire, and Hawaii: 1-603-884-6660 Canada: 1-800-267-6215 xxx Electronically (USA only) Dial 1-800-DEC-DEMO (For assistance, call 1-800-DIGITAL) By Mail (USA and Puerto Rico) DIGITAL EQUIPMENT CORPORATION P.O.
Correspondence Documentation Comments If you have comments or suggestions about this document, send them to the DIGITAL documentation organization. Attn.: Documentation Project Manager FAX: (508) 486-5655 E-mail: doc_quality@lkg.mts.dec.com Online Services To locate product-specific information, refer to the following online services: BBS To read the Bulletin Board System, set your modem to 8 bits, no parity, 1 stop bit, and dial 508-486-5777 (U.S.). Outside of the U.S.
Chapter 1 DNAS Management Overview Introduction This chapter describes the tasks that the following types of users perform when managing the access server: • System administrators who configure and manage the access server • End users of network services and applications In This Chapter This chapter includes the following topics: • Configuration Tasks for System Administrators • Management Tasks for System Administrators • User Tasks • Storage of Configuration Settings and Changes in Memory •
Configuration Tasks for System Administrators Configuration Tasks for System Administrators Configuration Tasks The following table lists the tasks that system administrators can perform when configuring an access server and the chapter of this manual that describes each task: To Configure: Refer to: User interface Chapter 3 Network access server on the network Chapter 6 Devices on a port Chapter 9 Interactive devices Chapter 11 LAT services Chapter 12 Telnet listeners Chapter 13 SLIP ports
Management Tasks for System Administrators Management Tasks for System Administrators System Management Tasks The following table lists the tasks that system administrators can perform to manage the access server. This table also lists the chapter that describes each task.
User Tasks User Tasks Introduction The access server enables end users to perform tasks such as connecting to network resources and managing sessions. For a description of these tasks, refer to the Specifying the Telnet Client Session Profile section in Chapter 11. Accessing Online Help The tutorial for online help also describes user tasks.
Storage of Configuration Settings and Changes in Memory Storage of Configuration Settings and Changes in Memory Memory Types The access server stores configuration settings in two types of memory: • Permanent data is stored in nonvolatile random access memory (NVRAM). • Operational data is stored in volatile random access memory (VRAM). Power Loss An initialization or power loss has no effect on NVRAM.
Commands to Display and Change Configuration Settings Commands to Display and Change Configuration Settings Introduction This section lists the type of commands that operate on the configuration settings stored in VRAM and NVRAM. The CHANGE and SET commands listed in the following chapters have an immediate effect when you enter them.
Chapter 2 Management Tools Overview Introduction This chapter describes the tools for managing the access server.
Access Server Commands Access Server Commands Introduction The access server has a command line interface. You enter commands at a prompt on a terminal attached to an access server port. The default for the prompt is: Local> Reference For a complete description of command syntax and use, refer to the Network Access Server Command Reference.
Access Server Commands User Groups For practical purposes, the access server command set syntax is divided into command groups. These groups are: • Command descriptions • CLEAR/PURGE commands • SET/DEFINE/CHANGE commands • SHOW/LIST/MONITOR commands In the above list, the command descriptions group includes any command that does not functionally fit into the CLEAR/PURGE, SET/DEFINE/CHANGE or SHOW/LIST MONITOR groups (for example, DIAL, CONNECT, SEND, and LOOP).
Access Server Commands Reference For more information about this command group and its qualifiers, please refer to the Network Access Server Command Reference. Privileged Commands To manage and configure the network, you use privileged commands. To enable privileged commands, use the SET PRIVILEGED command. The command line interface prompts you to enter the privileged password (which does not appear on the screen).
Help Help Introduction The access server provides online help about access server commands. This section describes two types of online help that are available on the access server. HELP TUTORIAL Command The command HELP TUTORIAL provides a brief introduction to the access server. You enter this command as follows: Local> HELP TUTORIAL The access server then displays a screen that explains how to use the tutorial.
Console Port Console Port Displaying Port Parameters The console port receives the access server system messages. An access server can have only one console port at a time. The default console port number is 1. To change the console port, use the SET/DEFINE/CHANGE CONSOLE PORT command. To find out the current port number for the console port, use the SHOW SERVER command. Reference The console port helps with troubleshooting as described in the Network Access Server Problem Solving manual.
Remote Console Port Remote Console Port Description The remote console port is a logical port that enables you to configure the access server from a remote terminal on the network.
Remote Console Port OpenVMS Utility — Terminal Server Manager For OpenVMS systems, DIGITAL offers the Terminal Server manager (TSM) to facilitate managing the access server using the MOP remote console. TSM allows the user to store access information such as the maintenance password, Ethernet address, and login password for a server in a local database.
Remote Console Port Example: Using NCP to Connect to an Access Server Remote Console Port from a Load Host The following example shows a connection from an OpenVMS DECnet Phase IV load host to an access server that has the DECnet node name SHRIMP. The maintenance password is FEDCBA. The login password is the default, ACCESS. $ MCR NCP NCP> CONNECT NODE SHRIMP SERVICE PASSWORD FEDCBA Console connected (press CTRL/D when finished) # ACCESS (not echoed) Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.
Remote Console Port Example: Using MOP to Connect to an Access Server from a DECnet/OSI OpenVMS Node The following example shows a connection from a DECnet/OSI OpenVMS node to an access server remote console port. In this example: • The access server has a DECnet node name of DGD700. • The maintenance password is FEDCBA. On the SET HOST/MOP command line, however, the DECnet/OSI software transposes this password into the string BADCFE. • The access server has a password of ACCESS.
Remote Console Port Example: Using CCR to Connect to an Access Server from an ULTRIX DECnet Node The following example shows a connection from an ULTRIX DECnet node to an access server remote console port. In this example: • The access server has the DECnet node name DRUMCORPS. • The maintenance password is FEDCBA. • The access server password is ACCESS. /etc/ccr -n drumcorps -p FEDCBA ccr: Remote console reserved ACCESS (not echoed) Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.
Remote Console Port Characteristics of the Telnet Remote Console Port The following table describes the characteristics for Telnet remote console connections on the access server: Characteristic Description Number of connections allowed on the remote console port at one time 1 Default TCP port number 23 The port is shared with the MOP remote console port so it will not be accessible to Telnet if the remote console port is active. By default, the remote console is accessed via TCP port number 23.
Access Server Manager Access Server Manager Description The Access Server Manager application is a management tool for DECserver access servers. It runs on 32-bit Windows-based operating systems. The Access Server Manager has a graphical user interface that allows you to easily configure some DECserver features. The Access Server Loader application is integrated with the Access Server Manager. Functions Use the Access Server Manager to: • Download firmware from a PC load host to the access server.
Chapter 3 User Interface Overview Introduction This chapter describes how to customize and manage the user interface to the access server. The access server provides two features to manage the user interface: • A command group defines a set of commands that a specified group of users can access and execute. • A menu provides a customized selection of commands that a specified group of users can select on the terminal screen.
Command Groups and Menus Command Groups and Menus Description In addition to convenience, command groups and menus provide the access server with a security feature. Since command groups and menus both have an associated port list, you can control which users can access them. Command groups and menus can also enable nonprivileged users to access a subset of privileged commands.
Using Command Groups Using Command Groups Creating a Command Group To create a command group, follow these steps: Step Action 1 Use the CHANGE COMMAND GROUP command to specify a command group name and port list. Example: The following defines the command group called SERVICE_A that is available on ports 2, 3, and 5: Local> CHANGE COMMAND GROUP SERVICE_A PORT 2, 3, 5 2 Enter the individual commands that define the command group.
Using Command Groups Executing a Command Group To execute a command group, use the DO command. Example: Executing a Command Group The following example executes the command group SERVICE_A defined in the previous example. When this command executes, it substitutes the value 3 for the port place holder %P1 and SALES for the service place holder %P2. Local> DO SERVICE_A 3 SALES Displaying a Command Group Use the SHOW COMMAND GROUP command to display a command group.
Using Menus Using Menus Displaying a List of Enabled Menus To display a list of the menus enabled on a port, use the SHOW MENU command. If you are a privileged user, the SHOW MENU command displays the names of all menus available on the access server. To enable a menu on a port, you must use the CHANGE MENU command. See section Defining Menu Choices in this chapter.
Using Menus Assigning a Default Menu to a Port To assign a default menu to a port, use the DEFINE PORT n DEFAULT MENU command. If a port has a default menu, it displays whenever you: • Log in to the port. • Press the Local Break key or enter the Local Switch character while in a host session. • Log out of a host session.
Using Menus Figure: Windows on Access Server Menus The following figure shows a typical access server menu: User Interface 3-7
Defining Menus Defining Menus Introduction This section describes how to define menus and provides examples. Reference For complete information about the commands mentioned in this section, refer to the Network Access Server Command Reference. Main Menu Whenever the server has its factory-set default settings, it stores the main menu in NVRAM. You can display and modify the default menu using the same commands that you use for any other menu.
Defining Menus Main Menu Display The following figure shows how the Main Menu displays on the screen: Defining Menu Choices For each menu choice line, you can define: • One line of display text • A server command, which can: — Specify up to 8 optional input parameters — Be a DO command • A prompt string for each specified input parameter • A default string for each specified input parameter User Interface 3-9
Defining Menus Example: Sample Definition of a Menu Selection The following example shows one way to define the selection Open Telnet Session that appears on line 5 of the main menu: Local> CHANGE Local> CHANGE ADDRESS" Local> CHANGE Local> CHANGE MENU MAIN LINE 5 DISPLAY "OPEN TELNET SESSION" MENU MAIN LINE 5 P1PROMPT "ENTER HOST NAME OR IP MENU MAIN LINE 5 P1DEFAULT "16.195.1.
Defining Menus If the port is type ANSI, menu items can be selected by either using the up- and downarrow keys or by entering the item number. To use the arrow keys, press the up- or down-arrow key until the desired item is highlighted and press Return. If the port is type SOFTCOPY or HARDCOPY, you can still enter a menu but the arrow keys are disabled. Enter the item number to select a menu item.
Defining Menus Line 7 Execute: CONNECT TELNET 195.20.0.15 Line 7 Display: TCP/IP Host Line 9 Display Logout Line 9 Logout LOGOUT Purging Menu Lines and Entire Menus Use the PURGE MENU command to delete a string from a menu line, an entire menu line, an entire menu, or all menus from the access server database.
Chapter 4 Managing Load Hosts Overview Introduction This chapter describes the command procedures that you use to manage hosts that load the access server software image on a LAT network.
Load Host Procedures Load Host Procedures Description The specific command procedure that you use to manage the load host depends on the network version, protocol, and operating system of the load host.
DSV$CONFIGURE DSV$CONFIGURE Introduction DSV$CONFIGURE is a command procedure that runs on a DECnet Phase IV OpenVMS load host or on a DECnet/OSI OpenVMS load host. This procedure enables you to: • Maintain configuration information about access servers. • Modify the local MOP (Maintenance Operation Protocol) client configuration. • Access the remote console port of the access server. DIGITAL provides DSV$CONFIGURE as part of the access server software.
DSV$CONFIGURE Example: Starting DSV$CONFIGURE and Displaying Help The following example shows how to use the symbol DSV to start DSV$CONFIGURE. This example also shows how to use HELP to display a list of DSV$CONFIGURE commands. The remainder of this section explains each command shown. $ DSV %DSV-I-IDENT, executing DSV$CONFIGURE version x.x.
DSV$CONFIGURE Example: DSV$CONFIGURE ADD Command This example shows the ADD command on a DECnet/OSI system. In this example, at the end of each line you must press return to continue. DSV> ADD SERVER _Server Name: DGD700 _Ethernet Address: 08-00-2B-26-AE-32 _Server Type: DS700 _Service Circuit [SVA-0]: _Maintenance Password [none]: FEDCBA _Dump File [MOP$DUMP:DS7DGD700.DMP]: _Load Image [MOP$LOAD:WWENG2.
DSV$CONFIGURE Example: DELETE Command for DSV$CONFIGURE The following example shows the DELETE command. This example omits the optional SERVER keyword. In this example, NCL displays the message NODE 0 MOP Client DGD700 on a DECnet/OSI system. NCP displays a similar message on a DECnet Phase IV system. DSV> DELETE DGD700 Server: DGD700 Circuit: SVA-0 Address: 08-00-2B-26-AE-32 Maint. Password: FEDCBA Type: DS700 Dump File: MOP$DUMP:DS7DGD700.DMP Image File: MOP$LOAD:WWENG2.
DSV$CONFIGURE Example: CONNECT Command for DSV$CONFIGURE on a DECnet/OSI System The following example shows how to use CCR and DSV$CONFIGURE to connect to a remote console port from a DECnet/OSI system: DSV> USE DGD700 %CCR-I-CONNEST, connection established to remote system 08-002B-26-AE-32 Press CTRL/ \ to disconnect, CTRL/] to send break # ACCESS (not echoed) Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.
DSV$CONFIGURE Context-Sensitive Help for DSV$CONFIGURE DSV$CONFIGURE provides context-sensitive help. At any prompt other than the Local> prompt after a CONNECT/USE command, type a question mark (?) for an explanation.
DSVCONFIG DSVCONFIG Introduction DSVCONFIG is a menu-driven command procedure that runs on DECnet Phase IV and DECnet/OSI ULTRIX load hosts. This procedure enables you to: • Store configuration data about the access server in the DECnet node databases. • Downline load the software image from the load host to the access server. • Upline dump memory contents from the access server to the load host. DIGITAL provides DSVCONFIG as part of the access server software.
Using a BOOTP/TFTP Server Using a BOOTP/TFTP Server Introduction A BOOTP/TFTP server is a UNIX host that downloads the access server software using the BOOTP and TFTP protocols. The BOOTP/TFTP server stores the information necessary to downline load the access server software in the /etc/bootptab file. Reference For information about installing and configuring a BOOTP/TFTP server refer to the DECserver Network Access Software Installation guide.
Using a BOOTP/TFTP Server Remote Connection Password DNAS has a password feature for remote logins, similar to the main login password. DNAS uses a single value for the remote password server-wide that is separate from the main login password. The factory default value is the same, however, for both the remote login password and the main login password. Each port enabled for remote or dynamic access, may have its remote password feature individually enabled or disabled.
Upline Dumping Upline Dumping Introduction The access server upline dumps its memory when: • An unexpected failure occurs. • You force a crash. The access server always dumps to a load host with the protocol that was used for its download. After an upline dump, the access server automatically reinitializes. Reference To send a dump file to Digital Equipment Corporation for evaluation, follow the procedure described in the Network Access Server Problem Solving manual.
Terminal Server Manager (TSM) Terminal Server Manager (TSM) Introduction TSM is a utility that runs on OpenVMS load hosts. TSM enables you to configure and manage the access servers on the same extended LAN. TSM is not included in the access server software and must be purchased separately. Reference For more information about TSM, refer to the Terminal Server Manager Installation and Use manual. For TSM Users If you use TSM, do not use DSV$CONFIGURE or NCP to update the DECnet database.
Chapter 5 Initializing the Access Server Overview Introduction This chapter describes how to initialize the access server. Initializing the access server reloads the software image. Initializing the access server does not affect the configuration settings stored in NVRAM. To reset the access server to the factory-set defaults, you need to reboot the access server and press the appropriate switch on the hardware unit.
Preparing LAT Services for Initialization Preparing LAT Services for Initialization Do This If the access server offers LAT services, follow these steps before you initialize: Step Action 1 Enter the following command to disable queuing on the access server: Local> SET SERVER QUEUE LIMIT 0 2 Disable additional connections to local services.
Preparing Telnet Listeners for Initialization Preparing Telnet Listeners for Initialization Do This If the access server has Telnet listeners, follow these steps before you initialize: Step Action 1 Disable further Telnet connections. The network access server fails to execute the SET TELNET LISTENER CONNECTIONS DISABLED command if a session exists on the specified listener.
Initializing the Access Server Initializing the Access Server Using the INITIALIZE Command To use the INITIALIZE command, log in to one of the following: • A terminal attached to the access server • The remote console port Login Methods You can use any of the following methods to log into the remote console port: • NCP • SET HOST/MOP • CCR • Telnet remote console Refer to Remote Console Port section in Chapter 2 for additional information about the remote console port.
Initializing the Access Server Specifying Initialization from a Load Host To specify initialization from a network load host, use the following command: Local> INITIALIZE FROM ETHERNET This command causes the access server to request the image name stored in its NVRAM from a load host. Specifying an Image Name When Initializing You can specify the name of an image when initializing.
Initializing the Access Server Using the DIAGNOSE Option with INITIALIZE Using the DIAGNOSE option with INITIALIZE enables you to test the access server hardware. You can specify three types of tests as described in the INITIALIZE DIAGNOSE Option Tests. The following example shows the DIAGNOSE option with INITIALIZE: Local> INITIALIZE DIAGNOSE FULL This command initializes the access server in the default mode and performs an extended test.
Using NCP to Initialize the Access Server Using NCP to Initialize the Access Server NCP Initialization Commands The following table shows the NCP commands used to initialize the access server if you are on a load host: NCP Initialization Commands Description LOAD Ensures that the host at which you issue the command is the node that performs the load. TRIGGER Causes the access server to load the software image from any host on the network.
Booting from the Network Booting from the Network Loading the Software Image If your network server is configured with Flash RAM, but does not have the correct image, the access server performs a network load. Determining Boot Protocols During the network boot sequence, the access server searches for a load host. The access server tries both MOP and BOOTP protocols in a factory-defined order. The boot sequence includes a wait period after passing through all the boot protocols.
Booting Using Console Commands Booting Using Console Commands Introduction Console functions require DECserver ROM Version 4.0 or greater. If you program Flash RAM with a nonstandard boot image name and a load host is not available, pressing the reset-to-factory button may leave the access server unbootable.
Booting Using Console Commands Boot Command Options The following table lists the command options you can select for the boot command: Option Definition Associated Options B This command, without an argument, starts a new boot sequence to load the access server with an executable image using the default boot parameters. – B name This command and the argument name specifies a nonstandard boot image. The access server looks for the software name; first from Flash RAM, then from the network.
Booting Using Console Commands Option Definition Associated Options B/M This command boots the maintenance mode software for the access server. The network load host defines this software and is typically based on the Ethernet MAC address of the access server. – B/S This command boots the standard system software for the access server. The network load host defines this software and is typically based on the Ethernet MAC address of the access server.
Chapter 6 Configuring LAT Characteristics Overview In This Chapter This chapter describes how to configure the LAT characteristics for the access server.
LAT Characteristics LAT Characteristics Preparing to Change LAT Characteristics Before you change LAT characteristics, make sure to: • Install the latest software image on the access server and all load hosts. • Read the release notes. • Know what devices and cables are connected at the various ports. • Enter the SET PRIVILEGED command for the port. • Check if the current values or default values are appropriate.
LAT Characteristics Characteristic Default Range Refer to Section PASSCHECK 200 0 to 200 PASSCHECK Characteristic QUEUE LIMIT 100 0 to 200 QUEUE LIMIT Characteristic RESPONDER Disabled – RESPONDER Characteristic RETRANSMIT LIMIT 8 4 to 120 RETRANSMIT LIMIT Characteristic SERVICE GROUPS 0 ENABLED, 1 to 255 DISABLED 0 to 255 Service Groups Configuring LAT Characteristics 6-3
Displaying LAT Characteristics Displaying LAT Characteristics Command To Use To display the current LAT characteristics, use the SHOW/LIST/MONITOR SERVER command as shown in the following example. LAT Characteristics Display Example The following example shows a typical display that appears when you use the SHOW SERVER command: Local> SHOW SERVER Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.
ANNOUNCEMENTS Characteristic ANNOUNCEMENTS Characteristic Introduction The ANNOUNCEMENTS characteristic determines if the access server sends LAT multicast messages about local services over the Ethernet. The access server does not send any announcements if no local services are defined.
CIRCUIT TIMER Characteristic CIRCUIT TIMER Characteristic Introduction The CIRCUIT TIMER characteristic defines the interval at which the access server sends virtual circuit messages to the LAT service node. This value is important for balancing fast response time and network utilization against optimal service node performance. The circuit timer value ranges from 30 to 200 milliseconds. The default is 80 milliseconds, which is recommended for normal interactive functions.
IDENTIFICATION Characteristic IDENTIFICATION Characteristic Introduction The IDENTIFICATION characteristic is a string that can be up to 40 characters long. This string displays: • Under the welcome banner during a login procedure • In the SHOW SERVER displays The access server also uses the identification string when it multicasts messages about the availability of services.
KEEPALIVE TIMER Characteristic KEEPALIVE TIMER Characteristic Introduction The KEEPALIVE TIMER characteristic maintains a virtual circuit between the access server and service node when no messages are exchanged over a period of time. If the keepalive timer expires, the access server sends a message to determine if the service node is still reachable. If the service node fails to respond, the access server can time out the virtual circuit.
MULTICAST TIMER Characteristic MULTICAST TIMER Characteristic Introduction The MULTICAST TIMER characteristic determines the interval at which a service node sends service announcements. Multicast Timer Default Values You can specify a value from 10 to 180 seconds. The default value is 30 seconds.
ACCESS SERVER NAME Characteristic ACCESS SERVER NAME Characteristic Introduction The SERVER NAME characteristic is a string of 1 to 16 characters. This name must be unique on the LAT network. When the access server offers a service, it periodically multicasts the name over the local area network. Default Access Server Name The default access server name is LAT_ethernet-address. This value is the 12-digit hexadecimal Ethernet address of the access server. This address does not contain hyphens.
NODE LIMIT Characteristic NODE LIMIT Characteristic Introduction The NODE LIMIT characteristic specifies the maximum number of LAT service nodes that the access server maintains in its node database. The range is from 1 to 2000, and the default is 200. You can also specify a node limit of NONE. This keyword indicates that the only limit is the available memory of the access server. Changing the Access Server NODE LIMIT Use the DEFINE/SET/CHANGE SERVER NODE LIMIT command to change this characteristic.
Access SERVER NUMBER Characteristic Access SERVER NUMBER Characteristic Introduction Each access server has a number that uniquely identifies it. Access SERVER NUMBER Values This number is a value from 0 to 32,767. The default is 0. When the access server offers a service, it periodically multicasts the number over the network. Changing the Access SERVER NUMBER Use the DEFINE/SET/CHANGE SERVER NUMBER command to change this characteristic.
PASSCHECK Characteristic PASSCHECK Characteristic Introduction The PASSCHECK characteristic determines whether a host is required to provide a password as part of a host initiated contact (HIC) request to a password-protected local service. With PASSCHECK disabled, HIC requests are not required to supply a password. With PASSCHECK enabled, HIC requests are required to supply a password. Changing the PASSCHECK Characteristics The factory default for the PASSCHECK characteristic is DISABLED.
QUEUE LIMIT Characteristic QUEUE LIMIT Characteristic Introduction The LAT QUEUE LIMIT characteristic specifies the maximum number of outstanding connection requests for remote access to access server ports. The range is from 0 to 200, and the default is 100. Special QUEUE LIMIT Values Two values have special meaning: • The value 0 disables the queue. • The keyword NONE places no limit on connection requests.
RETRANSMIT LIMIT Characteristic RETRANSMIT LIMIT Characteristic Introduction The RETRANSMIT LIMIT characteristic specifies the number of times that the access server resends a message without an acknowledgment. After the specified time limit, the access server times out the circuit. If other service nodes offer the same service that timed out, the access server attempts automatic failover. RETRANSMIT LIMIT Values The retransmit limit range is from 4 to 120.
RESPONDER Characteristic RESPONDER Characteristic Access Server Mapping In order to connect to other nodes on the LAN, the access server must be able to map node names, port names, and services to specific nodes.
RESPONDER Characteristic Changing the RESPONDER Characteristic The factory default setting for the RESPONDER characteristic is disabled. To enable it, use the following command: Local> CHANGE SERVER RESPONDER ENABLED Use the SHOW SERVER command to determine the current setting. When the feature is enabled, “RESPONDER” is displayed as one of the enabled characteristics.
Service Groups Service Groups Introduction A service group defines the access that service nodes and port users have to the network. Each service group has an identifying number from 0 to 255. Viewing Service Groups To view service groups that have access to services on the access server, use the SHOW SERVER command. (See the LAT Characteristics Display Example section in this chapter.
Chapter 7 TCP/IP Network Characteristics Overview Introduction This chapter describes the configuration characteristics for a TCP/IP network. To enable the access server to operate on a TCP/IP network, you need to: 1) Configure the Internet address and subnet mask. 2) Configure the TCP/IP characteristics, for example: • List of commonly used Internet hosts • List of gateway addresses • List of ARP entries • TCP keepalive timer 3) Configure domain name characteristics.
• Learning IP Information From a DHCP Server • Assigning WINS Server Addresses 7-2 TCP/IP Network Characteristics
Configuring the Internet Address and Subnet Mask Configuring the Internet Address and Subnet Mask Tasks You can perform the following tasks: • Set an Internet address. • Set a subnet mask. • Display the Internet address and subnet mask.
Configuring the Internet Address and Subnet Mask Setting an Internet Subnet Mask The Internet subnet mask is used to partition the host section of an Internet address into subnets. The default subnet mask depends on the class of the Internet address that you assigned. The following table lists these defaults: Internet Address Class Default Subnet Mask A 255.0.0.0 B 255.255.0.0 C 255.255.255.
Configuring the Internet Address and Subnet Mask supernetting, you can give a Class C subnet mask a range of 255.255.0.0 to 255.255.255.254. This allows you to address a block of Class C IP addresses as a “domain” or a single destination address with more than 254 hosts.
Configuring the Internet Address and Subnet Mask Displaying the Internet Address and Subnet Mask To display the Internet address and subnet mask, use the SHOW/LIST/MONITOR INTERNET command.
Configuring Domain Name System (DNS) Characteristics Configuring Domain Name System (DNS) Characteristics Tasks This section describes how to display and set the access server characteristics for the Internet domain name system (DNS) to resolve host names into Internet addresses. You can perform the following tasks: • Display DNS characteristics. • Display DNS counters. • Configure the default name resolution domain. • Change the time limit. • Change the retry limit.
Configuring Domain Name System (DNS) Characteristics Nameservers (Learned): 99.99.99.99 Local 88.88.88.88 Local name.acme.com secondary.acme.com DHCP server: 16.20.244.250 Local> The following table describes the DNS characteristics that appear in the previous example. (See the Displaying WINS Characteristics section in this chapter for an explanation of the WINS characteristics in the display.) Field Description Domain Name Name of the access server default domain.
Configuring Domain Name System (DNS) Characteristics Displaying the DNS Counters To display the DNS counters, use the SHOW/LIST INTERNET NAME RESOLUTION COUNTERS command. To reset the DNS counter, use the ZERO INTERNET NAME RESOLUTION COUNTERS command.
Configuring Domain Name System (DNS) Characteristics Field Description Bad Responses Number of bad responses received. A bad response could be due to: 1) An unrecognizable response from the DNS server. 2) A fail response from the DNS server. 3) A response indicating that DNS could not understand the query from the access server. Truncated Responses Number of incomplete (truncated) responses from the DNS server. This is not necessarily an error condition. Fail Answers Number of fail answers received.
Configuring Domain Name System (DNS) Characteristics The following example shows the procedure for and results of configuring the default name resolution to FINANCE.ACME.COM: Step Action 1 Define the default name resolution domain as follows: Local> CHANGE INTERNET NAME RESOLUTION DOMAIN FINANCE.ACME.COM 2 Enter the following connect command: Local> CONNECT SALES 3 In this situation, the access server automatically appends the default name resolution domain to SALES.
Configuring Domain Name System (DNS) Characteristics Changing the Time Limit The domain name resolution time limit specifies the time that the access server waits before it resends a query to a name server. The range is from 1 to 10 seconds, and the default is 4 seconds.
Configuring Domain Name System (DNS) Characteristics Mode When the access server attempts to resolve a host name or address, it searches: Stub Remote data only, using recursive name service. The access server performs no DNS caching. Slave Local data and remote data, using recursive name service. The access server performs no DNS caching. When conflicts occur, the local data takes precedence.
Configuring Domain Name System (DNS) Characteristics A local name server is any name server that is authoritative for the default domain of the access server. Before adding a local name server, you must first define the access server domain name. The following example shows how to enter a local Internet name server: Local> CHANGE INTERNET NAMESERV NAMED.ACME.COM ADDRESS 99.99.99.99 LOCAL You can use a relative domain name if you are defining a local name server for the default domain only.
Configuring Domain Name System (DNS) Characteristics If the access server cannot reach a learned name server because of gateway restrictions outside the server, it does not flag the unreachable name server. This can often cause name resolution to time out and fail. In this configuration use either the STUB or SLAVE name resolution mode.
Configuring a List of Internet Gateway Addresses Configuring a List of Internet Gateway Addresses Introduction If the access server users need to access hosts in different networks or subnets, you can define a database of Internet gateways. The access server uses gateways to route traffic to different networks and subnets. Displaying a List of Gateway Addresses To display a list of Internet gateway addresses, use the SHOW/LIST/MONITOR INTERNET GATEWAY command.
Configuring a List of Internet Gateway Addresses Defining Networks Available Through a Specific Gateway To indicate that the access server can reach a given network through a specific gateway, use the DEFINE/SET/CHANGE INTERNET GATEWAY command with the NETWORK parameter to do this. Default Gateway Definition Example The following example shows how to define the mapping of the default gateway to the network: Local> CHANGE INTERNET GATEWAY 195.1.1.72 NETWORK 197.0.0.
Configuring a List of Internet ARP Entries Configuring a List of Internet ARP Entries Introduction The list of address resolution protocol (ARP) entries maps Internet addresses to Ethernet hardware addresses for devices on the same network as the access server. You only need to enter the network hosts that do not support ARP. Displaying the List of Internet ARP Entries To display a list of ARP entries, use the SHOW/LIST/MONITOR INTERNET ARP ENTRY command.
Setting the TCP Keepalive Timer Setting the TCP Keepalive Timer What the Timer Does The TCP keepalive timer determines whether a TCP connection with a remote host is active and should remain open. After the access server and a remote host establish a TCP connection, the access server waits a set amount of time and sends a keepalive probe to the remote host. If the access server receives a valid response from the remote host, it waits again and sends a new keepalive probe.
Setting the TCP Keepalive Timer Retry Set Example The following example show how to set the maximum number of keepalive probes that the access server sends (10): Local> CHANGE INTERNET TCP KEEPALIVE RETRY 10 Displaying Timer Characteristics Use the SHOW/LIST INTERNET command to display the TCP keepalive timer characteristics. Timer Characteristics Display The following shows an example of the display. If you disable the timer, the value for the Keepalive Timer field is DISABLED.
Displaying the Internet Counters Displaying the Internet Counters Using the SHOW Command Use the SHOW/LIST/MONIITOR INTERNET command to display the Internet counters. To reset the Internet counters, use the ZERO INTERNET COUNTERS command. To reset the Internet counters, use the ZERO INTERNET COUNTERS command.
Displaying the Internet Counters Internet Counter Display Fields The following table describes the fields in a typical Internet counters display: Field Description TCP Segments The following counters contain statistics on TCP segments: Transmitted: Total number of TCP segments transmitted by the access server. The following counters are a breakdown of this total: Data: Number of transmitted segments that contained data.
Displaying the Internet Counters Field Description IP Fragments Dropped: Total number of IP fragments dropped due to either a lack of memory to store the fragment or received a duplicate fragment. IP Error in Header: Internet Connections Total number of IP datagrams received with errors in the header. These are discarded. The following counters contain statistics on connections: Requested: Number of outgoing Telnet connect attempts made by users.
Displaying the Internet Counters Field Description UDP Datagrams The following counters contain statistics on connections: Transmitted: Total number of UDP datagrams transmitted by the network access server. Received: Total number of UDP datagrams received by the network access server. Dropped: Total number of USDP datagrams dropped by the network access server, because of an error in the UDP header, checksum fails, or length is incorrect.
Learning IP Information From a BOOTP Server Learning IP Information From a BOOTP Server Introduction Instead of manually configuring IP information, you can have the access server learn its IP address and other IP configuration information from a BOOTP server on the network. If you use the BOOTP server to load the DNAS software on the access server, it can also learn its IP configuration from the BOOTP server during the load operation.
Learning IP Information From a BOOTP Server Setting Up IP Configuration Learning Do the following to set up your access server to learn IP configuration information from a BOOTP server on the network: Step Action 1 Set up the BOOTP server: a) Add an entry for the access server’s Ethernet address. b) Associate the Ethernet address with an IP address. c) Optionally, associate the Ethernet address with a subnet mask and default gateway.
Learning IP Information From a DHCP Server Learning IP Information From a DHCP Server Description You can use the Dynamic Host Configuration Protocol (DHCP) to automatically configure TCP/IP characteristics on the access server and remote clients. DHCP provides dynamic assignment of IP addresses and discovery of IP configuration parameters (for example, subnet mask or default gateways). A DHCP client requests and receives this information from a DHCP server on the network.
Learning IP Information From a DHCP Server Using a BOOTP Server Using a DHCP Server The access server writes the information it learns from the BOOTP server to NVRAM. The access server does not write the information it learns from the DHCP server to NVRAM. This ensures that the access server receives the most recent information from the DHCP server.
Learning IP Information From a DHCP Server DHCP Proxy Operation The access server can act as a DHCP proxy to provide IP address assignment for most remote clients. IP Address Assignment When you enable DHCP, the access server sends requests for IP addresses to a DHCP server on behalf of the remote client if: • You do not configure an IP address on the ports configured for remote access. • You do not specify an IP address using RADIUS authentication.
Learning IP Information From a DHCP Server IP Address Renewals When the DHCP server assigns an IP address to a remote client, it “leases” the address to the remote client for a finite or infinite amount of time. If the lease is about to expire and the remote client still has a dial-up connection, the access server renews the lease on behalf of the remote client. The access server attempts to renew the lease as long as the remote client maintains a dial-up connection.
Assigning WINS Server Addresses Assigning WINS Server Addresses What Does WINS Do? Windows Internet Naming Service (WINS) performs NetBIOS name and IP address resolution, similar to the Domain Name Service (DNS). WINS allows systems that use NetBIOS to communicate with each other over TCP/IP.
Assigning WINS Server Addresses Assigning WINS Addresses If you enable DHCP on the access server, it receives the WINS server addresses from a DHCP server on the network and writes the values to VRAM when you reinitialize the access server. When a remote client sends a request to the access server for WINS server addresses during PPP negotiation, the access server responds with the addresses it finds in VRAM.
Assigning WINS Server Addresses Nameservers (Learned): 99.99.99.99 Local 88.88.88.88 Local DHCP server: Local> name.acme.com secondary.acme.com 16.20.244.250 The following table lists the WINS characteristics displayed in the previous example. (See the Displaying DNS Characteristics section in this chapter for a description of the DNS characteristics shown in the example.) Field Description Primary The Internet address or host name for the primary WINS server.
Chapter 8 Managing AppleTalk Overview Introduction This chapter explains how to configure and manage the AppleTalk protocol suite on an access server.
Configuring AppleTalk on an Access Server Configuring AppleTalk on an Access Server Introduction You can configure an access server to act as an AppleTalk node on the network and many different components can then be monitored. The configuration of the AppleTalk characteristics can be done only in the NVRAM database. This means that the manager has to reinitialize the access server after making a change to any of the AppleTalk characteristics before the changes take effect.
Configuring AppleTalk on an Access Server Disabling AppleTalk If you decide that your access server should no longer act as an AppleTalk node, all AppleTalk capabilities can be turned off using the following privileged DEFINE command: Local> DEFINE APPLETALK DISABLED Reinitialize the access server to have this command take effect. Upon reinitialization, the access server no longer functions as an AppleTalk node.
Configuring AppleTalk on an Access Server The default value for n is the number of access server asynchronous ports divided by 8. For instance, the default cache size on a 16 port access server would be 2. The DEFINE APPLETALK ADDRESS CACHE command lets the access server manager trade off address use versus the probability of simultaneous Appletalk session requests.
Displaying AppleTalk Characteristics Displaying AppleTalk Characteristics Commands Use the LIST APPLETALK CHARACTERISTICS command to display the AppleTalk characteristics. This command is nonprivileged. Use the SHOW/MONITOR APPLETALK STATUS command to see the values being used operationally.
Displaying AppleTalk Counters Displaying AppleTalk Counters Command Use the SHOW/MONITOR APPLETALK COUNTERS command to display the AppleTalk counters on an access server. The command is nonprivileged.
Displaying AppleTalk Counters Field DDP Description Unsent Responses The number of AARP responses that could not be sent due to insufficient access server resources. In Receives The number of DDP datagrams the access server has received, including those received in error. Out Requests The number of DDP datagrams DDP sent out on behalf of access server AppleTalk components. In Local Datagrams The number of DDP datagrams the access server has received that were destined for the access server.
Displaying AppleTalk Counters Field NBP RTMP ZIP 8-8 Managing AppleTalk Description Broadcast Errors The number of input DDP datagrams dropped because the access server was not their final destination and they were addressed to the link level broadcast. Out Shorts The number of short DDP datagrams transmitted. Out Longs The number of long DDP datagrams transmitted. Out No Routes The number of DDP datagrams dropped because a route could not be found.
Displaying AppleTalk Counters AARP Values Two important counter values are those for AARP. Unsent AARP probes or responses can indicate network problems. This happens when the access server is too overloaded to respond to AARP requests. When there are unsent probes, other AppleTalk nodes can acquire AppleTalk addresses used by the access server or its clients. There can be connectivity problems when there are unsent responses.
Displaying AppleTalk Status Displaying AppleTalk Status Command Use the SHOW/MONITOR APPLETALK STATUS command to display the AppleTalk status on the access server. The command is nonprivileged. Displaying AppleTalk Status Example The following example shows how to display the AppleTalk status on an access server: Local> SHOW APPLETALK AppleTalk Status State: Address: Network: Name: Object: Type: Zone: Cache: Attached Hosts: Last Error: STATUS Server: Up 401.
Displaying AppleTalk Status Field Value Description Up AppleTalk is fully operational. Address The AppleTalk address of the access server, learned from the EtherTalk network at initialization. Its value is 0.0 until the Learning state. Network The AppleTalk network range the access server learned at initialization. If no AppleTalk router is on the access server’s network, the value is 1-65534. The value is 0-0 until the Learning state.
Displaying AppleTalk Routes Displaying AppleTalk Routes Command Use the SHOW/MONITOR APPLETALK ROUTES command to display the available AppleTalk routes to an access server. The command is nonprivileged. Displaying AppleTalk Routes Example The following example shows how to use the SHOW APPLETALK ROUTES command to display available AppletTalk routes: Local> SHOW APPLETALK ROUTES AppleTalk Routes Server: LAT_08002B24F24F Destination Next Hop Status Interface Seconds since Last Validated 12344-12350 12346.
Displaying AppleTalk Routes Field Value Status Description The current state of the route, as follows: Up The route is known to be valid. Suspect The route is thought valid, but has not been refreshed recently. Bad The route has not been refreshed recently enough to warrant further use. Down The route exists in the routing table, but is not being used. Interface The interface the access server uses to route packets to the destination.
Displaying AppleTalk ARP Entries Displaying AppleTalk ARP Entries Introduction When an attached host sends a message to an unknown AppleTalk node on the access server network, the access server creates an entry in the AppleTalk ARP cache and transmits an ARP request for the node’s data link address. At this time, the access server does not know the address for the desired node. When it receives a reply, it fills in the node’s corresponding Ethernet address.
Displaying AppleTalk ARP Entries Field Value Description Local The entry designates either: 1 A host that is presently running AppleTalk over its asynchronous link to the access server or 2 The access server AppleTalk address Acquired Interface The entry has been pre-acquired for later use by an attached AppleTalk host. It is also possible that the address has already been used by one or more attached hosts, but has been returned to the address cache.
Chapter 9 Configuring Basic Device Characteristics Overview Introduction This chapter explains how to configure the basic characteristics for all types of devices that attach to the access server ports.
Configuring Basic Device Characteristics Configuring Basic Device Characteristics Introduction If you attach a standard DIGITAL video terminal to an access server port, the basic device characteristics described in this chapter are the only ones that you need to consider. If you are configuring a port to communicate with a modem, PC, computer interface, or nonstandard terminal, refer to the signal characteristics described in Chapter 10 in addition to the characteristics described in this chapter.
Configuring Basic Device Characteristics Characteristic Default Allowed Values Refer to Section LONGBREAK LOGOUT Disabled Enabled, Disabled Specifying LONGBREAK LOGOUT OUTPUT FLOW CONTROL Enabled Enabled, Disabled FLOW CONTROL Direction PARITY None Even, Odd, Mark, None PARITY SPEED 9600 75,110, 134, 150, 300, 600, 1200, 1800, 2000, 2400, 4800, 9600, 19200, 38400, 57600, 115200 SPEED STOP BITS Dynamically set 1, 2 STOP BITS TYPE ANSI Hardcopy, Softcopy, ANSI TYPE Configuring Basi
Displaying Basic Device Characteristics Displaying Basic Device Characteristics Command To display basic device characteristics, use the SHOW PORT command.
Configuring the ACCESS Characteristic Configuring the ACCESS Characteristic Description The ACCESS characteristic determines which types of devices can use a port.
Matching the Port and Device Characteristics Matching the Port and Device Characteristics Introduction You must ensure that the physical characteristics of the access server port match the physical characteristics of the device as described in this section. If these characteristics do not match, the device does not operate correctly.
Matching the Port and Device Characteristics CHARACTER SIZE and PARITY Settings The AUTOBAUD characteristic functions only if the input and output speeds of the port device are the same and the character size and parity settings have the combinations listed in the following table: Character Size Parity 8 None 7 Even Example: Disabling AUTOBAUD The following example shows how to disable the autobaud characteristic: Local> CHANGE PORT 5 AUTOBAUD DISABLED CHARACTER SIZE The CHARACTER SIZE characteristic
Matching the Port and Device Characteristics Setting Check Performed Per Character Space A cleared parity bit None (default) No parity checking performed Example: Changing the PARITY Settings The following example shows how to change the parity: Local> CHANGE PORT 5 PARITY ODD SPEED The SPEED characteristic enables you to configure the port for devices that operate at the following speeds: 75, 110, 134, 150, 300, 600, 1200, 1800, 2000, 2400, 4800, 9600, 19200, 38400, 57600, and 115200 bits per second
Matching the Port and Device Characteristics TYPE The TYPE characteristic indicates the device attached to the port. Device Types The following table lists device types available for each port of the access server: Device Type Applies to: Hardcopy Printers Softcopy Non-ANSI video terminals ANSI (default) Most video terminals such as the VT100. This causes the screen to clear before each display and enables command-line recall.
Configuring the FLOW CONTROL Characteristic Configuring the FLOW CONTROL Characteristic Introduction The FLOW CONTROL characteristic allows the access server to start and stop data transfer between the port and the attached device. Flow control prevents data losses due to lack of buffering space. The FLOW CONTROL characteristic does not apply to data transfer between the access server and a network resource.
Configuring the FLOW CONTROL Characteristic Example: Enabling XON/XOFF FLOW CONTROL The following example shows how to enable XON/XOFF FLOW CONTROL: Local> CHANGE PORT 5 FLOW CONTROL XON DSR DSR FLOW CONTROL operates as follows: • If the access server receives data too quickly from the port device, it turns off DTR until it can accept more data. • If the port device receives data too quickly from the access server, it turns off the DSR signal until can accept more data.
Configuring the FLOW CONTROL Characteristic Example: Disabling FLOW CONTROL The following command shows how to disable FLOW CONTROL on port 5 of an access server: Local> CHANGE PORT 5 FLOW CONTROL DISABLED FLOW CONTROL Direction The access server software allows you to specify flow input and output FLOW CONTROL: • Input FLOW CONTROL refers to the data flow from the attached device to the access server. • Output FLOW CONTROL refers to the data flow from the access server to the attached device.
Specifying the Automatic Logout Characteristics Specifying the Automatic Logout Characteristics Introduction This section describes the characteristics that you can use to log out a port automatically when the device attached to the port is turned off or when there is no activity for a specified period of time. Specifying DSRLOGOUT The DSRLOGOUT characteristic causes the access server to logout a port device when the device deasserts DSR. You cannot enable DSR logout if you enable DSR FLOW CONTROL.
Specifying the Automatic Logout Characteristics Specifying INACTIVITY LOGOUT The INACTIVITY LOGOUT characteristic allows you to enable or to disable automatic log out for the port. If INACTIVITY LOGOUT is enabled, the access server automatically disconnects the session and logs out the port if there is no input or output activity for the time specified by the INACTIVITY TIMER characteristic.
Chapter 10 Configuring Modem Signals Overview Introduction This chapter describes the various port characteristics that you can use to control the modem signals. You use modem signals to support devices that use these signals, such as modems, computers, and printers.
DTE/DCE Device Configuration DTE/DCE Device Configuration Port Configuration The role of the access server in the communication is determined by the configuration of the port and the port device: • If the port access characteristic is set to local, the access server appears as a data terminal equipment (DTE) device to a dial-in modem connected as a port device, and as a data communication equipment (DCE) device to a personal computer or terminal.
Determining the Supported Modem Signals Determining the Supported Modem Signals Access Servers and MODEM CONTROL Not all access servers support all modem signals. There are three types of access servers: • Full MODEM CONTROL • MODEM CONTROL Access servers that support MODEM CONTROL can use only one of two sets of modem signals. • DTR/DSR support Access Server Types and Supported Modem Signals The following table lists the types of access servers and the modem signals that each type supports.
Determining the Supported Modem Signals Network Access Server Type Modem Signals Supported • Set 2 — Data Signal Rate Selector (DSRS) — RING Indicator (RI) — Data Carrier Detect (DCD) — Data Terminal Ready (DTR) DSR/DTR support (Example: DECserver 90TL access server) 10-4 Configuring Modem Signals Data Set Ready (DSR) Data Terminal Ready (DTR)
Modem Signals Description Modem Signals Description Types of Modem Signal The following table describes the various modem signals: Modem Signal Description Request To Send (RTS) Asserted by the access server to indicate to the port device that the access server is ready to exchange further control signals with the port device to initiate the exchange of data. The RTS signal is the same state as the DTR signal unless CTS input flow control is enabled.
Modem Signals Description Modem Signal Description Data Signal Rate Selector (DSRS) Asserted by the access server to indicate the speed at which the modem should initiate communications. On a port configured for a multispeed modem (where both SPEED and ALTERNATE SPEED are specified), DSRS indicates the higher of the two speeds.
Specifying MODEM CONTROL and SIGNAL CONTROL Specifying MODEM CONTROL and SIGNAL CONTROL Introduction The MODEM CONTROL and SIGNAL CONTROL characteristics are identical, except that MODEM CONTROL is only used with full MODEM CONTROL access servers, and SIGNAL CONTROL is used on all other access servers. These characteristics enable or disable the use of MODEM CONTROL signals on a port.
Specifying MODEM CONTROL and SIGNAL CONTROL Example: Enabling MODEM CONTROL The following example shows how to enable MODEM CONTROL on port 5: Local> DEFINE PORT 5 MODEM CONTROL ENABLED Local> LOGOUT PORT 5 Example: Enabling SIGNAL CONTROL The following example shows how to enable SIGNAL CONTROL on port 11: Local> DEFINE PORT 11 SIGNAL CONTROL ENABLED Local> LOGOUT PORT 11 Normally, you should disable SIGNAL CHECK when MODEM CONTROL or SIGNAL CONTROL is enabled.
Specifying SIGNAL SELECT Specifying SIGNAL SELECT Introduction The SIGNAL SELECT characteristic is used only with MODEM CONTROL access servers. This characteristic determines which of two sets of signals that the access server uses: • CTS, DSR, RTS, and DTR or • RI, DCD, DSRS, and DTR The port device must be cabled correctly to work with the set of signals that you choose.
Specifying SIGNAL CHECK Specifying SIGNAL CHECK Introduction The SIGNAL CHECK characteristic allows the access server to check for any modem signal when a host requests a connection. If any one modem signal is present, the access server makes a connection; otherwise, a connection is denied. If all modem signals are dropped at the port once a connection is made, the access server disconnects the session and logs out the port.
Specifying DTRWAIT Specifying DTRWAIT Description When functioning with modems and computer interfaces, the access server port normally asserts the DTR signal at all times except during a disconnect sequence. However, there are instances when assertion of DTR is undesirable. For example, when a computer is offered as a service, the automatic reassertion of DTR after a disconnect sequence might cause the computer to act as if a session is in progress.
Specifying RING Specifying RING Description The RING characteristic is supported only on those access servers that support the DSRS signal. Certain terminal switches and computers need to detect a RING indicator signal (RI) before they activate. The access server can emulate the RI signal when the port is used with a BC22R or equivalent cable that crosses the DSRS signal of the access server over to the RI pin on the device. For information on this cable, refer to the access server hardware documentation.
Specifying ALTERNATE SPEED Specifying ALTERNATE SPEED Description The ALTERNATE SPEED characteristic is only used with full MODEM CONTROL access servers. Two speeds for a modem port can be defined in the access server database: primary and alternate (or fallback). The primary speed is defined with the speed characteristic; the ALTERNATE SPEED is defined with the ALTERNATE SPEED characteristic. You normally set up the primary speed as the high speed and the ALTERNATE SPEED as the low speed.
Specifying DIALUP Specifying DIALUP Description The DIALUP characteristic is used to notify LAT service nodes that a port user connected to the service through a dial-in modem. The service node can use this information to implement system security. With DIALUP enabled, the access server sends DIALUP notification to service nodes. With DIALUP disabled (the default), the access server does not notify the service nodes.
Sample Modem Configurations Sample Modem Configurations Introduction This section provides sample modem configurations for access servers that support full MODEM CONTROL. Configuring a Dial-In Modem on a Full MODEM CONTROL Server The following example provides a sample configuration for a dial-in modem operating at 57600 baud. Note that when the port password characteristic is enabled, you must have previously defined a server login password (refer to Specifying Passwords in Chapter 22).
Sample Modem Configurations Configuring a Dial-Out Modem on a Full MODEM CONTROL Server The following example provides a sample configuration for a dial-out modem operating at 1200 baud with an ALTERNATE SPEED of 300 baud: Local> Local> Local> Local> Local> Local> DEFINE DEFINE DEFINE DEFINE DEFINE LOGOUT PORT PORT PORT PORT PORT PORT 3 ACCESS REMOTE AUTOBAUD DISABLED 3 AUTOPROMPT DISABLED BREAK DISABLED 3 DSRLOGOUT DISABLED DTRWAIT ENABLED 3 MODEM CONTROL ENABLED SIGNAL CHECK DISABLED 3 SPEED 1200 ALTE
Sample Modem Configurations Configuring a Dial-Out Modem on a MODEM CONTROL Server The following example provides a sample configuration for a dial-out modem operating at 2400 baud and configured for the RI-DCD-DSRS-DTR signals: Local> Local> Local> Local> Local> Local> Local> DEFINE DEFINE DEFINE DEFINE DEFINE DEFINE LOGOUT PORT 3 ACCESS REMOTE AUTOBAUD DISABLED PORT 3 AUTOPROMPT DISABLED BREAK DISABLED PORT 3 DSRLOGOUT DISABLED DTRWAIT ENABLED PORT 3 SIGNAL CONTROL ENABLED SIGNAL CHECK DISABLED PORT 3
MODEM CONTROL Sequences MODEM CONTROL Sequences Introduction Modem-controlled communication requires that the access server recognize what type of device is on a port and detect when this device is ready to communicate and when the device has ceased to communicate. The following section describes the general sequences of modem signals involved in establishing, in monitoring, and in ending communications.
MODEM CONTROL Sequences 3 After first detecting DSR, the access server monitors the port for CTS and DCD. If it detects CTS and DCD within 30 seconds, the access server enables data flow on the line. If it does not detect CTS and DCD within 30 seconds, the access server disconnects the line. 4 At this point, if an ALTERNATE SPEED is defined, the access server examines the state of the SMI signal. The modem asserts SMI if it has accepted the higher port speed.
Configuring DTR and DSR Signals Configuring DTR and DSR Signals Introduction This section describes how to configure DTR and DSR signals for those access servers that do not support the other modem signals. DSR flow control must be disabled when you are using the various port characteristics to control the DSR and DTR signals. DSR flow control can override the port characteristics.
Configuring DTR and DSR Signals Enabled Characteristic DTR and DSR Actions Port status indicates “Signal Wait” if connections cannot be accepted because DSR is deasserted. DTRWAIT Has no affect unless SIGNAL CONTROL is enabled. SIGNAL CONTROL and DTRWAIT DTR is asserted only if there is a solicited remote connection. (SIGNAL CHECK disabled) Solicited remote connection is established regardless of the state of DSR. Reception of asynchronous data is accepted once the connection is established.
Configuring DTR and DSR Signals Enabled Characteristic DTR and DSR Actions Port is logged out if DSR is deasserted after initial assertion. DTR is deasserted for 5 seconds minimum as a consequence of a logout. DTR can only be reasserted when a connection is accepted. Reception of asynchronous data is not accepted unless DSR and DTR are asserted. Port status indicates “Signal Wait” if connections cannot be accepted because DSR is deasserted.
Chapter 11 Configuring and Managing Interactive Devices Overview Introduction This chapter explains how to configure and manage interactive devices, such as terminals, terminal-like devices, and personal computers (PCs) in terminal emulation mode. Before you use the procedures in this chapter, you must: • Connect and test the devices. • Enable privileged status. • Configure the port and device characteristics to match.
• Managing Users • Managing Sessions 11-2 Configuring and Managing Interactive Devices
Configuring an Interactive Device for LAT Sessions Configuring an Interactive Device for LAT Sessions Configuring an Interactive Device for LAT Sessions The following example shows a sample configuration of a device connected to LAT services: Local> CHANGE PORT 6 ACCESS LOCAL AUTHORIZED GROUPS 10,24,46 Local> CHANGE PORT 6 AUTOBAUD ENABLED AUTOPROMPT ENABLED Local> CHANGE PORT 6 BREAK LOCAL DEDICATED NONE DEFAULT PROTOCOL LAT Local> CHANGE PORT 6 DSRLOGOUT ENABLED FLOW CONTROL XON Local> CHANGE PORT 6 INAC
Configuring an Interactive Device for LAT Sessions Sample Network Configuration The following figure show the sample network configuration for LAT and Telnet sessions: Configuring LAT Group Codes for Interactive Devices Group codes are subdivisions of a LAT network. Group codes are used to partition the network into combinations of service nodes, service-node services, and access server ports.
Configuring an Interactive Device for LAT Sessions Step Action 2 Enable the applicable groups on the port as illustrated by the following commands: Local> CHANGE PORT 5 AUTHORIZED GROUPS 10,24,46 Local> SET PORT 5 GROUPS ALL ENABLED 3 If necessary, disable any unwanted group that was previously enabled.
Configuring an Interactive Device for LAT Sessions Specifying AUTOPROMPT The AUTOPROMPT characteristic is only used with the LAT protocol. This characteristic controls the initiation of a login process on some service nodes when a session begins. The access server sends the status of the AUTOPROMPT characteristic whenever you establish a new LAT service session. By default, AUTOPROMPT is enabled.
Configuring an Interactive Device for LAT Sessions Authentication in Chapter 21 for details. Specifying Failover If a LAT service node suddenly becomes unavailable during a session, the access server searches for another LAT service node that offers the same service. If the access server finds one or more suitable nodes, it attempts to connect to the service on the node with the highest service rating. This process is called failover.
Configuring an Interactive Device for LAT Sessions The Service Connections Characteristic The service connections characteristic allows you to disable additions to the connection queue when a given service is busy. Changing this characteristic does not affect requests that are already in the queue.
Configuring an Interactive Device for LAT Sessions SHOW QUEUE ALL Display Example The following example shows how to generate a queue display. For each queued request, the displays have one line of information arranged in columns under fixed headings.
Configuring an Interactive Device for LAT Sessions Configuring Port Characteristics The port characteristic, remote modification, when enabled, allows a LAT node to modify particular access server port characteristics. These characteristics include speed, character size, parity, and LOSS NOTIFICATION. The LAT node must also support this feature. The factory-set default is disabled. You should avoid enabling remote modification and security on the same port.
Configuring an Interactive Device for Telnet Sessions Configuring an Interactive Device for Telnet Sessions Introduction User-oriented characteristics, such as forward switch and VERIFICATION and the various Telnet session characteristics (see Configuring Individual Telnet Client Session Characteristics in this chapter), are not included in this example. Also, this example assumes that the port and device characteristics match. (See the Matching the Port and Device Characteristics section in Chapter 9.
Configuring an Interactive Device for Telnet Sessions Reference For a description of the default protocol characteristic, refer to Specifying the Default Protocol in this chapter. For a description of the Telnet client profiles, refer to Specifying the Telnet Client Session Profile in this chapter.
Configuring a Session Management (TD/SMP) Terminal Configuring a Session Management (TD/SMP) Terminal Introduction The MULTISESSION characteristic allows a session management terminal using the terminal device/session management protocol (TD/SMP) to manage each terminal session at the terminal itself, not at the access server. A terminal session is a single session on an access server port that is operating under session management control.
Configuring a Session Management (TD/SMP) Terminal • The dedicated service characteristic must be disabled. (See the User Account Command Parameters section in this chapter.) Local Mode Command Restrictions During Session Management The following table list the restrictions on some of the access server commands: Command Descriptions CONNECT Establishes a service session for any terminal session. You cannot use it to establish an additional service session.
Configuring a Session Management (TD/SMP) Terminal Logging In with Multisessions The following is a typical procedure for logging in at a session management terminal with MULTISESSIONS enabled at the access server port: Step Action 1 Press the Return key once or twice to obtain the introductory banner and username prompt. After the user optionally enters a user name, the access server invokes session management, and the terminal prompts the user for a network resource name.
Configuring On-Demand Loading for Asian Terminals Configuring On-Demand Loading for Asian Terminals Introduction Asian terminals implementing the On-Demand Loading (ODL) font protocol can communicate with an OpenVMS load host through an access server. The access server software has an on-demand loading characteristic that enables the ODL protocol.
Configuring for Block-Mode Terminals Configuring for Block-Mode Terminals Description Block-mode terminals do not require any special setup to communicate with a host through an access server. The access server software automatically allows terminals that support block mode to transmit large blocks of data without using FLOW CONTROL. Buffer Size The maximum receive buffer size is 2048 bytes (512 bytes for DS700-16 access servers with less than 1 MB).
Specifying the Telnet Client Session Profile Specifying the Telnet Client Session Profile Introduction You can set various features for a Telnet client session. You can either choose a profile that has many of the characteristics predefined or set the characteristics individually (refer to Configuring Individual Telnet Client Session Characteristics in this chapter). Many of the characteristics have factory-set defaults.
Specifying the Telnet Client Session Profile Telnet Client Session Characteristics Predefined for Each Profile The following table lists the Telnet client session characteristics that are predefined for each profile. Enabling a profile automatically sets all the characteristics to the value specified by the profile, except those listed as “use current value.” Those characteristics keep their existing value.
Specifying the Telnet Client Session Profile Profiles Session Characteristics Character Binary SWITCH CHARACTERS Enabled Disabled TERMINAL TYPE Use current access Use current access server server value value 1. If ECHO is in local mode, the ECHO characteristics are suppressed, and characters are not echoed.
Configuring Individual Telnet Client Session Characteristics Configuring Individual Telnet Client Session Characteristics Modifying Telnet Session Characteristics You can modify the Telnet client session characteristics in two ways: at the port level or for the individual session using the SET SESSION command. Modifying the characteristics at the port level enables those values for Telnet client sessions at that port when sessions are created.
Configuring Individual Telnet Client Session Characteristics The following example shows how to disable the BINARY characteristic: Example: Disabling BINARY Characteristics Local> CHANGE PORT 5 TELNET CLIENT BINARY DISABLE Specifying CHARACTER SIZE The CHARACTER SIZE characteristic allows the user to select the character size, 7or 8-bit, that is used during a session with an Internet host. In addition, the character size can be specified in the transmit direction, receive direction, or both directions.
Configuring Individual Telnet Client Session Characteristics Telnet Keymapping Functions The following table shows key function definitions mapped to specific keys. You can disable any of the Telnet commands in this table by using the keyword NONE. For example, to disable AO for port 5, you enter the following: Local> CHANGE PORT 5 TELNET CLIENT AO NONE Function Description Default Abort Output (AO) Aborts any output that is on its way to the user’s terminal.
Configuring Individual Telnet Client Session Characteristics Specifying AUTOFLUSH The AUTOFLUSH characteristic automatically invokes the AO function whenever you enter the IP, SYNCH, AYT, EOR, or BRK characters. AUTOFLUSH aborts all output on its way to the user’s terminal By default, AUTOFLUSH is enabled for IP, and is disabled for SYNCH and AYT.
Configuring Individual Telnet Client Session Characteristics • NEWLINE TO TERMINAL — When entered, the character sequence is sent to the user’s terminal whenever a NEWLINE FROM HOST sequence is received. The factory-set default is . • NEWLINE FROM HOST — When received from the Internet host, the character sequence is interpreted as a new line. The factory-set default is . Note that the Telnet protocol specifies that the CRLF sequence should be sent.
Configuring Individual Telnet Client Session Characteristics The following shows how to enable FLOW CONTROL from port 5 to the device: Local> CHANGE PORT 5 TELNET CLIENT OUTPUT FLOW CONTROL ENABLED Specifying MESSAGE VERIFICATION The MESSAGE VERIFICATION characteristic controls the display of session information when an existing Telnet client session is started, stopped, or resumed. With VERIFICATION enabled (factory-set default), the access server displays the session number and the Internet address.
Configuring Individual Telnet Client Session Characteristics Example: Configuring SWITCH CHARACTER The following example shows how to disable the SWITCH CHARACTERs on port 5: Local> CHANGE PORT 5 TELNET CLIENT SWITCH CHARACTER DISABLED Local> CHANGE PORT 5 LIMITED VIEW ENABLED The limited view characteristic does not apply when you set privileges on the port.
Managing Access Server User Accounts Managing Access Server User Accounts Minimal Setup for Local User Accounts A limited amount of storage is available for defining user account records within the access server volatile and nonvolatile memory. Note Theoretically, all of NVRAM could be allocated for storage of user account data.
Managing Access Server User Accounts SHOW/LIST/MONITOR USERACCOUNT Display The following table defines the values in the SHOW USSERACCOUNT display: Field Description Username Establishes a database for a user account for authentication/authorization. Password Specifies that a password has been set for the user account Access Specifies the default access mode this user is granted. Max Connect Time Indicates the maximum number of minutes the user can be logged in before being forcibly logged out.
Managing Access Server User Accounts Service Types and Access Levels The following table defines the service type and access level: Service Type Description Login User will be connected to a dedicated host. Framed SLIP or PPP will be started on the session. LOCAL User may utilize the access server commands. NONE The configuration value of the port access parameter or realmwide access parameter determines user access to the realm.
Managing Access Server User Accounts User Account Command Parameters The commands in the following table allow the security manager to manage a small local database to be used for authentication and authorization. The table shows the command keywords associated with user account variables. Command Clause Description Variables CLEAR/PURGE Allows local data base entries to be deleted. SET/DEFINE/ CHANGE Permits entry addition and modification.
Managing Access Server User Accounts Command Clause Description Variables Comments MAX CONNECT Indicates the maximum number of minutes the user can be logged in before being forcibly logged out. USER STATUS Specifies user status. ENABLED/ DISABLED Setting DISABLED prevents any login using this user-name. ACCESS Specifies the default access mode this user is granted. LOCAL FRAMED NONE See the following table for a definition of the ACCESS clause variables.
Managing Users Managing Users This section describes various tasks for managing users. Providing a Contact Name and Access Server Location The SET/DEFINE/CHANGE SYSTEM command allows you to provide all access server users with a person’s name to contact in case of problems. This command also allows you to specify the location of the access server.
Managing Users Example: Enabling a Preferred LAT Service on a Specific Node and Port The following example shows how to specify that port 5 connects to port JAMES on node MARKETING for service FILES: Local> CHANGE PORT 5 PREFERRED FILES NODE MARKETING DESTINATION JAMES For the Telnet Protocol To set an Internet host as a preferred service, the port’s default protocol must be set to TELNET.
Managing Users Specifying Keys to Switch Between Sessions Access server users can define keys as switches. These keys can switch from one session to another without having to return to local mode. When the user presses the key, the access server interprets the character and does not pass it to the service node. Pressing the BACKWARD SWITCH character activates the user’s previous session. The FORWARD SWITCH character activates the next session.
Managing Users Defining the Break Key The BREAK characteristic defines how the Break key is used. The Break key can be defined in three ways: • LOCAL — Pressing the Break key switches the user from service mode to local mode. This is the factory-set default. The following shows how to set the Break key to LOCAL on port 5: Local> CHANGE PORT 5 BREAK LOCAL • REMOTE — The Break key is ignored by the access server and passed to the LAT service for the port’s current session.
Managing Users Example: Configuring a Key as a Switch The following example shows how to identify “-” as the local switch for port 3: Local> CHANGE PORT 3 LOCAL SWITCH - Example: Disabling a Local Switch The following example shows how to disable the local switch, which is also the factory-set default: Local> CHANGE PORT 5 LOCAL SWITCH NONE Specifying BROADCAST There are three types of BROADCAST characteristics: • BROADCAST — A port user uses this command to send messages.
Managing Users A user with privileges set can use the privileged BROADCAST ALL command to send a message to all interactive users. Example: BROADCAST ALL The following example shows a sample of a message broadcasted to all users: Local> BROADCAST ALL "Server shut down at 12:15; back up at 1:00." At a port with a session management terminal, broadcast messages are delivered to the current terminal session. The factory-set default allows port users to send broadcast messages.
Managing Users Specifying Message Codes Each access server message has a message code. In the following example, the number 750 is the message code: Local -750- Another port has this name With message codes disabled, the same message would look like: Local - Another port has this name The factory-set default shows the message codes.
Managing Users Example: Configuring LOCK The following example shows how to enable LOCK on the access server, while disabling LOCK on ports 5 through 7: Local> CHANGE SERVER LOCK ENABLED Local> CHANGE PORT 5-7 LOCK DISABLED Since anyone can LOCK any terminal, the LOCK facility can cause inconvenience in a situation where there are irresponsible users. If a user forgets the LOCK password, you have to log out the port with the LOGOUT command before the port can be used again.
Managing Users SHOW/LIST/MONITOR USERS Display Headings The following table provides an explanation of the information in the display in the previous example: Heading Description Port Number of the port. Username Any user name or the name of the port established by the PORT NAME characteristic. Note: Any port having the user name “(Remote)” designates a remote-access session in progress. Status Service Status of the port, which can be one of the following: Connected Port is connected to a service.
Managing Users Current groups (user-specified groups) are stored only in the operational database. Therefore, users must use the SET PORT command to configure these groups; users cannot use the DEFINE PORT or CHANGE PORT command. Current groups are always equal to or a subset of the AUTHORIZED GROUPS. If a user enters SET PORT GROUPS ALL, the current groups consist of all the enabled authorized groups.
Managing Sessions Managing Sessions This section shows how to initiate and terminate sessions and how to display session information. Initiating a Session to a LAT Service To initiate a session to a LAT service, use the CONNECT LAT command with the service name. If the default protocol (refer to Specifying the Default Protocol in this chapter) is set to LAT or ANY, you can ignore the LAT keyword.
Managing Sessions Example: Initiating a Session with an Internet Host The following three commands show how to initiate a session with the same host. The first command uses the relative domain name, SALES; the second command uses the absolute domain name SALES.MARKETING.DEC.COM; and the third command uses the Internet address, 129.122.30.11. Local> CONNECT TELNET SALES Local> CONNECT TELNET SALES.MARKETING.DEC.COM Local> CONNECT TELNET 129.122.30.
Managing Sessions command starts a PING session, which continues until the PING succeeds (and sends a VERIFICATION message) or until the timeout period of 30 seconds is exceeded. The following shows how to test the communication to an Internet host with an address of 22.46.72.167: Local> TEST INTERNET 22.46.72.167 or Local> PING 22.46.72.167 Controlling the Number of Sessions You can control the number of sessions at the individual port and the total number of sessions allowed for the access server.
Managing Sessions For ports with session management terminals, the kind of terminal at the port further determines the port’s session limit, where the access server port can support up to eight terminal sessions. However, terminal devices typically support a maximum of less than eight terminal sessions. The documentation for the terminal device should tell you how many terminal sessions the device can have. Set the port session limit to a value in that range.
Managing Sessions SHOW/MONITOR SESSIONS Display Fields The following table describes the information in the SHOW/MONITOR SESSIONS display: Field Description Session n Number of the session. First column Status of a session, which can be one of the following: Connected Port is connected to the service. Connecting Port is attempting to connect to a service Disconnected Session was terminated while dormant. Disconnecting Access serve is disconnecting the port from the service.
Managing Sessions Displaying Session Characteristics You can display the characteristics of any current LAT or Telnet session. Example: SHOW PORT SESSIONS CHARACTERISTICS Display for a LAT Session The following example displays the characteristics of LAT session 1 on port 4: Local> SHOW PORT 4 SESSIONS 1 CHARACTERISTICS Port 4, Session 1, Protocol LAT Transparency Mode: Interactive There are only two lines in this display.
Managing Sessions SHOW/MONITOR PORT SESSIONS STATUS Display Fields The following table provides a description of the SHOW/MONITOR PORT SESSIONS STATUS display information: Field Description Do-Binary Enabled — Interpreting all data received as in a BINARY access server format. Disabled — Not interpreting all data received as in a BINARY format. Will-Binary Enabled — Sending data in a BINARY format. Disabled — Not sending data in a BINARY format.
Managing Sessions Field Description Do-End of Record Enabled — The access server is enabled to receive EOR commands. Disabled — The access server is not enabled to receive EOR commands. Will-End of Record Enabled — The access server has permission to transmit EOR commands to the remote peer. Disabled — The access server does not have permission to transmit EOR commands to the remote peer.
Managing Sessions Terminating Sessions There are two commands you can use to terminate a session on another port: • The privileged LOGOUT PORT command allows you to manually log out any port, and all sessions terminate at the specified port. If the port device supports session management, the LOGOUT PORT command disconnects all the terminal sessions (and the associated sessions) then logs out the port.
Chapter 12 Configuring and Managing LAT Services Overview Introduction This chapter explains how to configure devices attached to the access server ports as LAT services. A LAT node can offer devices as LAT services to users on the port itself and other LAT nodes. Prerequisites Before you use the procedures in this chapter, you must: • Connect and test the devices. • Enable privileged status. • Configure the port and device characteristics to match.
Configuring a Port to Offer a LAT Service Configuring a Port to Offer a LAT Service Configuration Parameters After you attach a device to a port and ensure that the port and device characteristics match, you need to specify certain configuration parameters to enable all devices as LAT services. The following table lists the configuration parameters.
Configuring Access to a LAT Service Configuring Access to a LAT Service Assigning a Service Name A service name is a name you assign to the LAT service using the CHANGE SERVICE NAME command. When you assign a service name, the access server periodically multicasts the service’s availability over the network. When you select a service name for a device, follow these guidelines: • Service names must be 1 to 16 characters long and cannot be abbreviated.
Configuring Access to a LAT Service Assigning an Identification String A service identification string helps users recognize and use the service. It can be up to 40 characters in length. The factory-set default is no identification string. Example: Assigning the Service Name, to a Specific Port and Identification String The following example shows how to assign a service name LN03_PRINT to the printers connected to ports 5, 6, 7, and 12.
Configuring Access to a LAT Service Specifying the Service Password An optional service password restricts access to a service. When a service contains a password, the access server prompts you for the password before allowing you to use the service. There are two characteristics that you need to specify: SERVICE PASSWORD and PASSWORD LIMIT. The service password can be up to 16 ASCII characters.
Configuration of Specific Types of Devices As LAT Services Configuration of Specific Types of Devices As LAT Services Introduction This section provides examples of configuring the following types of devices as LAT services: • A personal computer (as both a LAT service and a terminal) • A computer • A modem • A printer When you configure each type of device, you need to determine if the devices use SIGNAL CONTROL or MODEM CONTROL.
Configuration of Specific Types of Devices As LAT Services Local> DEFINE PORT 2 LOCAL SWITCH ^L PASSWORD DISABLED PREFERRED NONE Local> DEFINE PORT 2 SIGNAL CHECK ENABLED SIGNAL CONTROL DISABLED Local> LOGOUT PORT 2 Local> CHANGE SERVER SERVICE GROUPS 10,24,46 ENABLED Local> CHANGE SERVICE MICRO PORT 2 IDENTIFICATION "Personal computer 2" Configuring a Computer As a LAT Service By using multiple terminal interfaces and access server ports, you can use more than one access server port with a single computer
Configuration of Specific Types of Devices As LAT Services Configuring a Modem As a LAT Service The following example shows a sample configuration of a dial-out modem used as a LAT service: Local> DEFINE PORT 3 ACCESS REMOTE AUTOBAUD DISABLED Local> DEFINE PORT 3 AUTOPROMPT DISABLED BREAK DISABLED Local> DEFINE PORT 3 DSRLOGOUT DISABLED DTRWAIT ENABLED Local> DEFINE PORT 3 MODEM CONTROL ENABLED SIGNAL CHECK DISABLED Local> DEFINE PORT 3 SPEED 1200 Local> LOGOUT PORT 3 Local> CHANGE SERVER SERVICE GROUPS 10
Configuration of Specific Types of Devices As LAT Services Configuring a Printer As a LAT Service After you configure a printer as a LAT service, you need to set up the appropriate LAT remote print queue as described in the following sections of this chapter: Setting Up a LAT Remote Print Queue on an OpenVMS Host and Setting Up a LAT Remote Print Queue on an ULTRIX System.
Configuration of Specific Types of Devices As LAT Services Creating a Logical Device to Access a Printer Service The following example shows how to run LATCP to create a logical device. This example configures the logical port LTA1925 to access the LAT service PRINT. $RUN SYS$SYSTEM:LATCP LCP> CREATE PORT LTA1925: /NOLOG LCP> SET PORT LTA1925: /APPLICATION /NODE=LAT_08002B054DE0 /SERVICE=PRINT LCP> EXIT $COPY/LOG FILE.
Configuration of Specific Types of Devices As LAT Services $! $SET DEVICE LTA1925: /SPOOLED=(LN03_QUE,SYS$SYSDEVICE:) $! $DEFINE/FORM LN_FORM 10 /WIDTH=60 /STOCK=DEFAULT /TRUNCATE $! $! Initialize and start the print queue $! $INIT/QUE /START /PROCESSOR=LATSYM /RETAIN=ERROR- /DEFAULT=(NOBURST,FLAG=ONE) /RECORD_BLOCKING LN03_QUE/ON=LTA1925: $EXIT On a VAXcluster system, you can configure the applications ports on the local node only.
Configuration of Specific Types of Devices As LAT Services # # # # :lf=/usr/lib/adm/lpd-errs: cd /usr/spool mkdir lpd chown daemon lps lpr -Plps test 12-12 Configuring and Managing LAT Services
Configuring a Printer with Unannounced Availability Configuring a Printer with Unannounced Availability Introduction This section describes how to configure a printer with unannounced availability. The only users that know about the device’s availability are those users that you tell about the device. By defining a port name and not a service name, you can configure a device on the access server for access by users on a LAT network.
Configuring a Printer with Unannounced Availability Example: Configuring a Printer with Unannounced Availability on a LAT Network on Port 4 Local> DEFINE PORT 4 ACCESS REMOTE AUTHORIZED GROUPS 10,24,46 Local> DEFINE PORT 4 AUTOBAUD DISABLED AUTOCONNECT DISABLED Local> DEFINE PORT 4 DEDICATED NONE DSRLOGOUT DISABLED Local> DEFINE PORT 4 INACTIVITY LOGOUT ENABLED LONGBREAK LOGOUT DISABLED Local> DEFINE PORT 4 NAME PORT_4 SIGNAL CHECK ENABLED Local> DEFINE PORT 4 SIGNAL CONTROL DISABLED Local> LOGOUT PORT 4 F
Verifying the LAT Service Verifying the LAT Service Do This To verify whether the service is functioning, try connecting to the new service. Once connected, you can assess whether the device responds appropriately. The appropriate response depends on what device is attached to the access server port. When you have adequate information, return to local mode (press the Break key or a local-switch character) and disconnect the service by typing DISCONNECT at the Local> prompt.
Managing Your Access Server As a LAT Node Offering a Service Managing Your Access Server As a LAT Node Offering a Service Introduction By default, once there is a service, the access server functions as a service node by issuing multicast service announcements, which describe its available services to access servers on the network. These announcements contain information about the service node (such as its name and identification string) and about the available services.
Managing Your Access Server As a LAT Node Offering a Service Example: SHOW SERVICE CHARACTERISTICS Display The following example below shows how to generate a service characteristics display for the service named PRINTER: Local> SHOW SERVICE PRINTER CHARACTERISTICS Service: PRINTER Identification: Printer Ports to PEACH Ports: 1-3, 5, 7 Rating: 255 Enabled Characteristics: Connections, Password, Queuing Local> SHOW/LIST/MONITOR SERVICE CHARACTERISTICS Display Fields The following table describes the fields
Managing Your Access Server As a LAT Node Offering a Service Field Description Password Access server requires the requester of the service to supply a password before access to the service is allowed. Queuing Access server places queued connection requests for this service in a queue if the request cannot be immediately satisfied.
Managing Your Access Server As a LAT Node Offering a Service Example: SHOW SERVICE STATUS Display The following example shows how to generate a service status display for a service named DEVELOP: Local> SHOW SERVICE DEVELOP STATUS Service DEVELOP - Available Node Name Status Rating Identification ORANGE Reachable 27 Development System PEACH Unreachable 255 Development System TEST Unknown 150 Performance Testing Terminals Engineering High-powered SHOW/LIST/MONITOR SERVICE STATUS Display Headings The follow
Managing Your Access Server As a LAT Node Offering a Service Heading Description Rating Relative capability for a service node to process new sessions. The service rating is assigned by a service node for each service that it offers. With the higher rating, the capability of the service node to accept a new connection is greater. The access server uses service ratings to decide where to establish a service session when two or more service nodes offer the same service.
Managing Your Access Server As a LAT Node Offering a Service Example: SHOW SERVICE SUMMARY Display The following example shows how to generate a service summary display for all network services: Local> SHOW SERVICES ALL SUMMARY Service Name Status Identification DEVELOP DOCUMENT TEST TIMESHARING Connected Available Unavailable Unknown Hardware Development System Documentation Timesharing High-powered Performance Testing Accts.
Chapter 13 Configuring and Managing Telnet Servers Overview Introduction This chapter explains how to configure various types of devices as a Telnet or raw TCP server. A Telnet or raw TCP server is a resource on a TCP/IP network. To use the procedures in this chapter, you must: • Connect and test the devices • Enable privileged status • Configure the port and device characteristics to match Refer to your access server hardware documentation for information about connecting device cables.
Sample Device Configurations Sample Device Configurations Introduction This section provides examples of configuring the following types of devices for access through a Telnet listener: • A printer • A computer • A modem You must configure the device and port characteristics as described in Chapter 9 before performing the procedures described in this chapter. The examples in this section do not include the various Telnet server characteristics.
Sample Device Configurations Local> CHANGE TELNET LISTENER 2010 PORTS 4 ENABLED Local> CHANGE TELNET LISTENER 2010 IDENTIFICATION "PRINTER" Local> CHANGE TELNET LISTENER 2010 CONNECTIONS ENABLED Configuring a Computer for Access Through a Telnet Listener The following example shows a sample configuration of a computer used for access through a Telnet listener on port 2: Local> DEFINE DISABLED Local> DEFINE DISABLED Local> DEFINE Local> DEFINE DISABLED Local> DEFINE Local> LOGOUT Local> CHANGE Local> CHANGE
Sample Device Configurations Example: Configuring a Dial-In and Dial-Out Modem The following example shows a sample configuration of a dial-out modem used for access through a Telnet listener on port 4: Local> DEFINE Local> DEFINE Local> DEFINE Local> DEFINE Local> DEFINE Local> LOGOUT Local> CHANGE Local> CHANGE 890-1234" Local> CHANGE PORT 4 PORT 4 PORT 4 PORT 4 PORT 4 PORT 4 TELNET TELNET ACCESS DYNAMIC AUTOBAUD DISABLED DSRLOGOUT DISABLED FLOW CONTROL XON INACTIVITY ENABLED MODEM CONTROL ENABLED PASSW
Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener Sample Configuration To configure a PC for access through a Telnet listener only, use the following example and: • Substitute MODEM CONTROL for SIGNAL CONTROL if your access server supports modem control. • Use LONGBREAK LOGOUT instead of DSRLOGOUT if your access server, device, or device cable does not support the DSR signal.
Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener Setting User Priority for Devices Using Dynamic Access You can enable interrupts if you want the owner or main user of the device to have full control over it. For example, the main user of a personal computer may require priority over other users that want to copy files from the computer disk. You can provide this control by setting the port to INTERRUPTS ENABLED and the Break key to LOCAL.
Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener Configuring a File Transfer Partner The access server supports the file transfer capability of a personal computer on an access server port. This allows a user of a personal computer to send and receive files over the LAN. For a particular session, the access server permits a user to control whether flow control and other special characters are intercepted by the access server.
Configuring a Remote Print Queue Configuring a Remote Print Queue Introduction The following sections explain how to configure a print queue on an ULTRIX or UNIX system. Configuring a TCP/IP Remote Print Queue on an ULTRIX System An ULTRIX print spooler can be configured to access one or more access server ports through the access server Telnet listener. Thus, a file can be queued for printing using the host’s lpr command.
Configuring a Remote Print Queue Procedure The following procedure describes how to configure an ULTRIX (Version 4.0 or subsequent maintenance release) host’s print system. The host will use the access server internet address and Telnet listener TCP port number to connect to the access server printer port. It is assumed that you are familiar with configuring an ULTRIX print system. For more detailed description of the ULTRIX print system, refer to the ULTRIX Guide to System Environment Setup.
Configuring a Remote Print Queue Step Action 2 Modify the printcap entry: ds0|lp1:\ :lp=@tsb0c3/prds3:\ :sd=/usr/spool/lpd1: The tsb0c3 entry identifies the access server internet address and is an entry in /etc/hosts for the access server. The prds3 entry identifies the access server TCP port number and is an entry in /etc/services. For example: 16.20.48.43 prds3 3 tsb0c3.lkg.dec.com 2010/tcp tsb0c3 Print a file using the host’s lpr command. The lpr command queues and submits a job for printing.
Configuring a Telnet Listener Configuring a Telnet Listener Introduction Perform the following steps to assign a Telnet listener to one or more devices attached to access server ports: Step Action 1 Assign a TCP port to the access server port. The access server uses 23, and 2001 to 2032 as TCP port numbers. The TCP port number is the number that users on the TCP/IP network use to connect to the device on the access server port.
Configuring Telnet Server Session Characteristics Configuring Telnet Server Session Characteristics Introduction The following sections describe how to configure the various Telnet server session characteristics. Mapping Event Indications to Keyboard Characters You can map the event indications to keyboard characters. The factory-set default for each indication is that no character is sent to the device or application on the access server port set up as a Telnet server port.
Configuring Telnet Server Session Characteristics Event Indication Description Erase Previous Line (EL) Occurs when the remote user of this connection issues an EL request. No operation (NOP) Occurs when the remote user of this connection issues a NOP command. Specifying Newline Characteristics The NEWLINE characteristics allow the person managing the access server to define a new line as a 1- or 2-character sequence.
Configuring Telnet Server Session Characteristics Example: Setting Character Size in a Specific Direction The following example shows how to set CHARACTER SIZE to 7 in the TRANSMIT direction: Local> CHANGE PORT 5 TELNET SERVER TRANSMIT CHARACTER SIZE 7 To set the character size in the receive direction, use RECEIVE instead of TRANSMIT.
Managing Your Access Server As a Telnet Listener Node Managing Your Access Server As a Telnet Listener Node Introduction This section contains the procedures to display and remove Telnet listeners. Displaying Telnet Listeners The SHOW/LIST/MONITOR TELNET LISTENER command displays the Telnet listener characteristics. The ALL characteristic displays all the Telnet listeners. You can specify a specific Telnet listener by its TCP port number.
Managing Your Access Server As a Telnet Listener Node Removing a Telnet Listener You can remove a Telnet listener that was defined in either the permanent or operational databases. Use the privileged CLEAR TELNET LISTEN command (which acts on the operational database) or PURGE TELNET LISTEN command (which acts on the permanent database) to remove a defined Telnet listener and its associated characteristics.
Managing Your Access Server As a Telnet Listener Node Reassigning a Port This process allows you to manage a failed access server port that is configured as a Telnet listener. Use the following steps to reassign a port: Step Action 1 Use the LIST PORT n CHARACTERISTICS command to learn the values used in the existing configuration. 2 Disconnect the device from the port. 3 Select a new port and reattach the device at the new port. 4 Set the new port’s values to those of the existing port.
Supplying User Location Data to Telnet Servers Supplying User Location Data to Telnet Servers Introduction When the access server creates a Telnet client connection, it automatically negotiates with the Telnet server to send port user data. If the server responds with a “send” message, the access server transmits the session port name and port number. Appropriate software on the server can then use the location data for each session to generate statistics about Telnet use.
Configuring a Raw TCP Listener Configuring a Raw TCP Listener Introduction When you configure a Telnet listener to use raw TCP, the associated port sends data to a device or a remote host without any data manipulation or interpretation of control characters. Because raw TCP sends the data it receives to a port without any interpretation, sending data this way is faster than using the Telnet protocol.
Configuring a Raw TCP Listener Displaying Raw TCP Characteristics Use the SHOW/LIST TELNET LISTENER command to view the raw TCP settings. Example: Raw TCP Display The following example shows a typical display for a Telnet listener configured for raw TCP: Local> SHOW TELNET LISTENER 2003 Listener TCP-port: 2003 Identification: Ports: 3 Connections: ENABLED IP address: 12.22.22.
Chapter 14 Configuring LPD Printers Overview Introduction The Line Printer Daemon (LPD) handles remote networking printing. It listens for print requests from remote hosts on the Local Area Network (LAN) and responds to these requests. The LPD software that the access server implements is similar in function to the LPR/LPD (Line Printer Remote/Daemon) on UNIX systems.
LPD Operation LPD Operation Supported File Types The access server’s LPD implementation supports printing of ASCII text and PostScript files. The access server does not convert files from one format to the other. Users must be aware of the type of file they want to print and select the appropriate printer when submitting a print job. Control and Data Files During the printing operation, the access server receives control and data files from the remote host.
LPD Operation sends the user data to the printer as the last page of the print job. In this situation, the access server cannot display or use user information from the control file while the file is printing. If the Data File Arrives First and the: Does the Header/ Trailer Print? Does the User Information Print? Header is enabled. Yes No Header is disabled. No No Header is optional. No No Trailer is enabled. Yes Yes Trailer is disabled. No No Trailer is optional.
LPD Operation Operation The access server receives print requests from remote hosts on TCP port 515. It uses LPD to send the file to a local printer through the access server’s LAN interface and a serial port.
Configuring LPD Configuring LPD Configuring Remote Hosts Remote network printing using LPR/LPD requires that you set up the host system correctly. The following table describes the setup requirements for specific types of hosts: If Printing From This Host: Then: UNIX Create an entry in the /etc/printcap file that includes the name of the remote printer and the IP address of the access server (the LPD server). Refer to your system’s LPR/LPD documentation for details.
Configuring LPD The following table lists the print characteristics that you can configure: Characteristic Description AUTOCR Automatically inserts a carriage return. When you enable this option, the access server inserts a carriage return after each line feed character if there is no existing carriage return. The AUTOCR option applies only to ASCII text files. CONNECTIONS Specifies whether a user can queue a print job to a printer.
Configuring LPD Printer Configuration Example The following example shows how to configure the access server to use LPD for remote network printing: Local> DEFINE PRINTER LPS32_PS CONNECTIONS ENABLED HEADER ENABLED PORTS 4,5 TRAILER DISABLED AUTOCR DISABLED In this example: • The name of the printer is LPS32_PS. • The printer is set to allow users to submit print jobs to it. • A header page prints at the start of each job. • The ports associated with the printer are 4 and 5.
Configuring LPD Flow Control: Parity: Stop Bits: Access: Backwards Switch: Break: Forwards Switch: Default Protocol: XON None Dynamic Remote None Local None LAT Output Speed: Signal Control: 9600 Disabled Local Switch: Name: Session Limit: Type: Default Menu: Dialer Script: None PORT_3 4 Ansi None None Preferred Service: None Authorized Groups: (Current) Groups: 0 0 Enabled Characteristics: Broadcast, Failover, Input Flow Control, Lock, Loss Notification, Message Codes, Output Flow Control, Verifica
Chapter 15 Configuring and Managing SLIP Ports Overview Introduction This chapter explains how to configure and manage access server ports for use with PCs and computers acting as serial line Internet protocol (SLIP) hosts. A SLIP host is an Internet host that uses SLIP as its data link over low-speed serial lines. To use the procedures in this chapter, you must: • Ensure that the devices support SLIP. • Connect and test the devices. • Enable privileged status.
• Establishing Terminal Sessions with a PC • Establishing a SLIP Session • Establishing a SLIP Session • Compressed SLIP • Displaying SLIP Counters • Disabling SLIP 15-2 Configuring and Managing SLIP Ports
Packet Forwarding to and from SLIP Hosts Packet Forwarding to and from SLIP Hosts Description During SLIP sessions, the access server forwards packets from an attached SLIP host through the Ethernet interface to the Internet. When the access server receives a packet addressed to an attached SLIP host, it forwards the packet to that host. The access server also directly forwards packets from one attached SLIP host to another attached SLIP host.
Displaying SLIP Characteristics Displaying SLIP Characteristics Introduction The LIST/SHOW/MONITOR SLIP CHARACTERISTICS command enables you to display the SLIP configuration for a given port. The characteristics that you manage are the host address, the Maximum Transmission Unit (MTU) and the compression. If you change SLIP characteristics while a SLIP session is already established, the changes have no effect until you start a new SLIP session.
Managing Internet Addresses for SLIP Hosts Managing Internet Addresses for SLIP Hosts Introduction The Internet address for the SLIP host must be unique on the subnet and must have the same subnet identifier as the access server. A subnet identifier is the result of a logical AND operation on the Internet address and the subnet mask. For example, assume that you set: 1 The access server Internet address as follows: Local> CHANGE INTERNET ADDRESS 83.62.18.
Managing Internet Addresses for SLIP Hosts How a Port Automatically Obtains the SLIP Host Address If you configure a port for SLIP communication and do not assign a host address, the access server does the following: 1 Reads the source address from the attached host’s first output IP packet. 2 Automatically assigns this address to the port if it is valid. The access server clears this address when the SLIP host logs out from the port.
Managing the Maximum Transmission Unit Managing the Maximum Transmission Unit Introduction The maximum transmission unit (MTU) value specifies the maximum size of the datagram that a given access server port accepts. The range is 64 to 1500 bytes. The default is 1500 bytes. Changing the MTU You can change the MTU value using the SET/DEFINE/CHAGE PORT n MTU command. If you use the SET or CHANGE command, the new value does not affect an existing SLIP connection.
Configuring a Port So That a PC Can Function as a Terminal or SLIP Host Configuring a Port So That a PC Can Function as a Terminal or SLIP Host Introduction This section describes how to configure an access server port so that you can use an attached PC as a both a terminal and a SLIP host. With this configuration, port users can switch between terminal emulation and SLIP mode.
Configuring a Dedicated SLIP Port Configuring a Dedicated SLIP Port Introduction The dedicated SLIP port allows a single SLIP session. Before you perform this procedure, you must configure the device and port characteristics as described in Chapter 9.
Configuring a Dial-In Modem for Use with a SLIP Host Configuring a Dial-In Modem for Use with a SLIP Host Introduction Before you perform this procedure, you must configure the device and port characteristics as described in Chapter 9.
Establishing Terminal Sessions with a PC Establishing Terminal Sessions with a PC Prerequisites Before you can use a PC to establish a terminal session with the access server, you must: 1 Configure the device and port characteristics as described in Chapter 9. 2 Enter the commands to set up SLIP operating characteristics as shown in the Example: Configuring a PC As a Terminal and SLIP Host, in this chapter.
Establishing a SLIP Session Establishing a SLIP Session Enabling a SLIP Session from the PC The following example shows how a nonprivileged user could configure and start a SLIP session. The example assumes that the port characteristics are configured as shown this example. The CHANGE PORT SLIP MTU command is optional. Local> CHANGE PORT SLIP HOST 195.1.1.
Compressed SLIP Compressed SLIP Introduction The access server has the ability to enable compressed SLIP (CSLIP). Enabling CSLIP compresses the lengthy headers of IP datagrams on low-speed asynchronous serial lines. Therefore, enabling CSLIP can improve performance. Enabling CSLIP Use the SET/CHANGE PORT n SLIP COMPRESSION command to enable or disable CSLIP. By default, compression is disabled. When you enable CSLIP, make sure that it is enabled at both ends of the communications link.
Displaying SLIP Counters Displaying SLIP Counters Commands The SHOW/MONITOR PORT SLIP COUNTERS command displays the various SLIP counters. To reset the counters, use the ZERO COUNTERS PORT SLIP command.
Disabling SLIP Disabling SLIP Command Use the CHANGE PORT n SLIP DISABLED command to disable SLIP on a port.
Chapter 16 Configuring for SNMP Access Overview Introduction This chapter describes how to configure the access server simple network management protocol (SNMP) agent so that it can be controlled by a remote Network Management Station (NMS). Reference For complete information about managing SNMP on the access server, refer to the file snmp_survival.txt contained in the software installation kit. This file fully describes every SNMP-accessible variable and table in the access server.
Supported SNMP Features Supported SNMP Features Supported Specifications The access server supports the SNMP specifications listed in the following table: Specification Title RFC 1155 Structure for Management Information for TCP/IP-Based Protocols RFC 1157 A Simple Network Management Protocol (SNMP) SNMP Community Names An SNMP community name is a character string that the NMS uses as a password to gain access to the access server. A community name contains a maximum of 32 characters.
Supported SNMP Features Supported MIBs The access server supports the Management Information Bases (MIBs) listed in the following table. The release kit contains all supported MIBs. The network manager can enroll these MIBs in the appropriate NMS. MIB Description RFC 1213 Management Information Base (MIB II) for Internet protocol suite management. This makes RFC 1158 obsolete. RFC 1243 Definitions of Managed Objects for the AppleTalk MIB.
Supported SNMP Features Supported Management Information Base Variables The following figure illustrates the access server implementation of MIB-II, the Character MIB, RS-232-like MIB, AppleTalk MIB, and Ethernet-like MIB variables. The objects described in this section are implemented as defined in RFCs 1213, 1243, 1284, 1316, and 1317.
Configuring the Access Server for SNMP Access Configuring the Access Server for SNMP Access Enabling and Disabling SNMP The access server must have an Internet address to enable SNMP. To enable SNMP, enter: Local> CHANGE SNMP ENABLED To disable SNMP, enter: Local> CHANGE SNMP DISABLED Displaying Information About SNMP Use the SHOW SNMP command to display the access server’s SNMP characteristics.
Configuring the Access Server for SNMP Access Configuring a Community Name for Access by Any NMS Use the CHANGE SNMP COMMUNITY community-name SET ENABLED command to create a community name. When you create a community name without specifying an address the access server assigns the default address ANY. The address ANY enables any NMS that knows this community name to GET or SET information about the access server.
Configuring the Access Server for SNMP Access Configuring Community Names to Send TRAP Messages You can optionally configure the access server to send TRAP messages to a specific NMS for each community name. The access server generates TRAP messages in response to the events listed in the following table: This Event: Occurs When: Cold start The access server was reinitialized. Line up A network data link session was established on port n.
Configuring the Access Server for SNMP Access Sample SNMP Configuration The following figure is a diagram of a network configuration that results from the commands in the Configuring a Community Name for Access by Any NMS, Configuring a Community Name with an Address, and Configuring Community Names to Send TRAP Messages sections: Disabling TRAP Messages for a Community Name To disable TRAP messages, use the CLEAR SNMP COMMUNITY community-name TRAP DISABLED command.
Configuring the Access Server for SNMP Access After you remove a community name, any NMS that used the community name is no longer able to communicate with the access server. The following example shows how to remove community name BUGS: Local> CLEAR SNMP COMMUNITY "BUGS" Removing an Address from a Community Name You can remove an NMS address from a community name by using the ANY keyword in the CHANGE SNMP COMMUNITY community-name ADDRESS command.
Configuring the NMS Configuring the NMS Procedure To configure an NMS to manage an access server using SNMP, do the following: Step Action 1 Enter the access server management information bases (MIBs) in the NMS database (see Supported MIB Variables in this chapter). The software installation kit includes ASCII text files of these MIBs. 2 Enter the access server IP address, each appropriate community name, and desired access rights in the NMS database.
Chapter 17 Managing the Access Server Overview Introduction The following lists the actions you perform to manage the access server. These actions should be done on an as-needed basis. • Manage the access server as part of the LAT network. • Manage the access server as part of the TCP/IP network. • Manage access server characteristics. • Check port status and counters. • Reassign a port device (in case of port failure).
Managing Your Access Server As Part of the LAT Network Managing Your Access Server As Part of the LAT Network Introduction The network manager should coordinate the activities of service nodes and access servers. This section describes a set of configuration guidelines that helps maximize performance from your LAT network. All the guidelines presented are optional; however, failure to follow these guidelines might result in unnecessary performance degradation.
Managing Your Access Server As Part of the LAT Network The following example shows how to decrease the node limit to 100: Local> CHANGE SERVER NODE LIMIT 100 Reducing Memory Usage Set the node limit characteristic to a lower value. The access server automatically reduces the number of nodes in the database. This reduces the amount of memory used by the node database. Viewing LAT Node Status Information The SHOW/MONITOR NODE STATUS command displays information about the status of the selected nodes.
Managing Your Access Server As Part of the LAT Network SHOW/LIST/MONITOR NODE STATUS Display Fields The following table describes the information in the fields and headings of the node status display: Field Description Node Name of the service node. LAT Protocol Vx.x LAT protocol version number and update level of the service node software. LAT Version 5.2 protocol permits queued connection requests for printers connected to network access servers. LAT Version 5.
Managing Your Access Server As Part of the LAT Network Field Description Rating column Value assigned to the service by the service node, indicating relative capacity to accept new connections or new queue connections. This value is the current load-balancing rating associated with the service. The rating varies from 0 to 255. With the higher value, the capacity of the service node to accept a new connection is greater.
Managing Your Access Server As Part of the LAT Network Example: SHOW/LIST/MONITOR NODE COUNTERS Display The following example shows how to generate a display of the counters for LAT messages between the access server and a service node named PEACH. Each counter displayed has a maximum value of 4,294,967,295. If a counter reaches that value, it remains at that value until either the counters are set to zero or the access server is initialized. Typically, the maximum values are not reached for several months.
Managing Your Access Server As Part of the LAT Network Field Description Multiple Node Addresses Number of times that a node advertised itself with a physical address different from that in a previous advertisement. Duplicates Received Number of messages the access server received from this node that were not in the correct sequence. This value should be less then 1/1000 of the value for Messages Received. This count usually indicates that the service node is retransmitting a message.
Managing Your Access Server As Part of the LAT Network Field Description Solicitations Rejected Number of queued connection requests that the access server has rejected. The sum of the number of solicitations accepted and the number of solicitations rejected equals the number of queued connection requests that were received by the access server.
Managing Your Access Server As Part of the LAT Network Example: NODE SUMMARY Display The following example shows how to generate a node summary display: Local> SHOW NODE ALL SUMMARY Node Name Status Identification BANANA 2 ORANGE PEACH PEAR TEST Connected Documentation System Reachable Terminals Development System Unreachable Software Engineering Development Requesting Printer Service Unknown High-powered Performance Testing Local> NODE SUMMARY Display Fields The following table describes the informat
Displaying Information About the Access Server Displaying Information About the Access Server Introduction The LIST/MONITOR/SHOW SERVER command displays information about the access server or about data maintained by the access server. You can obtain characteristics, counter, status, and summary displays for the access server. Specifying the Prompt The factory-set default access server prompt is Local>. You can change this prompt to any ASCII character, with a restriction of 1 to 16 characters.
Displaying Information About the Access Server Each counter has a maximum value of 4,294,967,295. If a counter reaches that value, it latches (remains) at that value until either the counters are set to zero or the access server is initialized. Example: SHOW SERVER COUNTERS Display The following example shows how to generate an access server counters display: Local> SHOW SERVER COUNTERS Network Access SW Vx.x for DSxxx-xx BLxx-xx ROMx.
Displaying Information About the Access Server Field Description Frames Received Number of datagram frames successfully received by the access server, including multicast frames. Frames Sent Number of datagram frames successfully transmitted by the access server, including multicast frames. Multicast Bytes Rcv’d Number of bytes received by the access server in multicast frames, excluding Ethernet header and CRC data.
Displaying Information About the Access Server Field Send Failure Reasons Description Mask providing information about the type or types of send failure encountered if the Send Failures counter is not zero. This is a cumulative mask.The following are the bits defined in the mask: Bit 0 1 4 5 8 9 If a reason for send failures is heartbeat errors and the access server characteristic HEARTBEAT is enabled for a transceiver that supports heartbeat, you can usually expect up to about 200 such errors daily.
Displaying Information About the Access Server Field Receive Failure Reasons Description Mask providing information about the type or types of receive failure encountered if the Receive Failures counter is not zero. This is a cumulative mask. The following are the bits defined in the mask: Bit 0 1 2 Unrecognized Destination Number of times a frame was passed through the hardware, but the access server did not recognize the multicast address and discarded the message.
Displaying Information About the Access Server Field System Buffer Unavailable Description Number of times a system buffer was not available in the access server for an incoming frame. This counter should accumulate at a rate of less than two counts per day. It is normal to experience some errors when nodes are added to the Ethernet. LAT protocol Counters: Messages Received Number of LAT circuit messages successfully received by the access server.
Displaying Information About the Access Server Field Description Illegal Messages Rcv’d Number of LAT messages with an illegal format received by the access server. This value should be 0. A service node transmitting such messages might have a software problem. Illegal Slots Rcv’d Number of LAT messages with an illegal slot format received by the access server. This value should be 0. A service node transmitting such messages might have a software problem.
Displaying Information About the Access Server Queue Entries: Available Services: Local Services: Reachable Nodes: Active Circuits: Connected Nodes: Connected Sessions: % CPU Used: % Memory Used: 0 89 2 75 4 3 12 15 36 0 92 2 78 7 5 20 36 53 100 N/A 20 200 Resource Errors: Port Framing Errors: Port Parity Errors: Port Overrun Errors: 0 0 0 0 32 32 64 100 100 Boot Device: Ethernet: 0 Primary Host: PEACH Load Address: AA-00-04-00-46-DC Dump Address: None Available Console User: None Available Boot
Displaying Information About the Access Server Field Description Active Ports Ports that have either interactive sessions or remote access connections. Active Users Ports that have interactive sessions. Queue Entries Queued connection requests that are in the access server queue. Available Services (LAT protocol only) Network services that the access server recognizes as being available to users on the access server. (The information about these services is stored in access server memory.
Displaying Information About the Access Server Field Description The memory used for storing service and node information is shared with that used for handling multiple sessions and queued connection requests. If the access server receives information on a greater number of nodes than specified in the node limit access server characteristic, it discards that information and increments the Discarded Nodes counter.
Displaying Information About the Access Server Field Description Load Address Ethernet address of the node or the gateway from which the access server was last loaded. Some access servers display all zeroes if a downline load occurs using BOOTP and TFTP. Dump Address Ethernet address of the node or gateway that received the last up-line dump. Some access servers display all zeroes if a dump is to an Internet host.
Displaying Information About the Access Server Field Description Selftest Status (continued) Each number represents a bit map in which a bit set indicates a problem with the port. Bit 1 2 4 Service:00000: This value is a hexadecimal representation of a bit map in which a bit set indicates which service or services contained a checksum error.
Displaying Information About the Access Server Field Description 10000 20000 40000 80000 Port: 0000000000000000: This value is a hexadecimal number that corresponds to ports 1 to 16 from left to right. Note: If more than one bit is set in a bit map, the value shown is the sum of the values for each bit. For example, if the Service Status value is 18C (hexadecimal), this is the sum of 100, 80, 8, and 4.
Displaying Information About the Access Server Example: SHOW SERVER SUMMARY Display The following example shows how to generate an access server summary display: Local> SHOW SERVER SUMMARY Network Access SW Vx.
Checking Port Status and Counters Checking Port Status and Counters Introduction The LIST/MONITOR/SHOW PORT command displays information about one or more ports on the access server. You can obtain characteristics, counter, status, and summary displays for ports. Displaying Port Characteristics The LIST/MONITOR/SHOW PORT CHARACTERISTICS command displays the values of the characteristics of the selected ports. The bottom of the display lists all the enabled port characteristics.
Checking Port Status and Counters Example: SHOW PORT CHARACTERISTICS Display The following example shows how to generate a port characteristics display: Local> SHOW PORT 1 CHARACTERISTICS Port 1: Joe Smith Character Size: Flow Control: Parity: Stop Bits: Access: Backwards Switch: Break: Forwards Switch: Default Protocol: Server: Servername 8 XON None Dynamic Local None Local None LAT Input Speed: 9600 Output Speed: 9600 Signal Control: Disabled Signal Select: CTS-DSR-RTS-DTR Local Switch: None Name: POR
Checking Port Status and Counters Example: SHOW PORT COUNTERS Display The following example shows how to generate a port counters display: Local> SHOW PORT 1 COUNTERS Port 1: Seconds Since Zeroed: Framing Errors: Parity Errors: Joe Smith 1182768 0 0 Server: Servername Local Accesses: Remote Accesses: Overrun Errors: SHOW/MONITOR PORT COUNTERS Display Fields The following table describes the information in the port counters display: Field Description Port n Number n of the port.
Checking Port Status and Counters Field Description Overrun Errors Number of characters lost because the access server input buffers were full. If this value accumulates more than 10 errors daily on any one port, you might have flow control problems. If the port device supports flow control, ensure that the access server flow control and the flow control in the hardware for that device are set the same way. To check the FLOW CONTROL setting, use the SHOW PORT CHARACTERISTICS command.
Checking Port Status and Counters Field Description Access Current setting of the ACCESS port characteristic. Access determines how a port can access a service node or how a port can be accessed by other interactive users and service nodes. Access is shown as one of the following: • Dynamic — Access server allows access on the port to alternate between local and remote. • Local — Access server allows only interactive use of the port. • None — Access server prevents any use of the port.
Checking Port Status and Counters Field Description Current Port Identification of the port at the service node or at the requesting node. Input or Output XOFFed Status of the data flow for the specified direction for the port. Input or Output Signals Modem signals either currently asserted by the access server or currently monitored by the access server. Displaying Port Summary The LIST/MONITOR/SHOW PORT SUMMARY command displays one line of general information for each selected port.
Checking Port Status and Counters SHOW/LIST/MONITOR PORT SUMMARY Display Fields The following table describes the information under the headings in the SHOW/LIST/ MONITOR PORT SUMMARY display: Heading Description Port Number n of the port. Access Current setting of the ACCESS port characteristic. Access determines how a port can access a service node or how a port can be accessed by other interactive users and by service nodes.
Chapter 18 Configuring and Managing 3270 Terminal Emulation (TN3270) Overview Introduction This chapter explains how to configure and manage the 3270 Terminal Emulator (TN3270) software for the access server. This software enables ASCII terminals and PCs to access IBM applications. The TN3270 software enables an ASCII terminal to emulate an IBM 3278 Display Station Model 2. The display screen of this model has 80 columns and 24 rows.
Supported ASCII Terminals Supported ASCII Terminals Definition TN3270 supports the following models of DIGITAL ASCII terminals: • VT100 with Advanced Video Option • VT102 • VT220, VT240, and VT241 • VT320, VT330, VT340, and VT341 • VT420 In the remainder of this chapter, the term ASCII terminal refers to all the models listed above and any compatible terminal emulation package.
Definition and Description of a Keyboard Map Definition and Description of a Keyboard Map 3278 Keyboards Because the IBM 3278 keyboard differs greatly from those on ASCII terminals, TN3270 provides keyboard maps. A keyboard map assigns the functions on the IBM 3270 keyboards to keys or key sequences on the ASCII terminals. For example, Ctrl/ Z on an ASCII keyboard by default maps to the IBM 3270 EXIT function when you use the VT100 keyboard map.
Configuring Basic 3270 Terminal Emulation Configuring Basic 3270 Terminal Emulation Once the IBM system administrator has configured the IBM host with TCP/IP, you need to do the following: 1 Set up the ASCII terminal. 2 Indicate the model number of the IBM 3270 Information Display Station that a terminal emulates. 3 Specify the type of ASCII terminal attached to the port.
Configuring Basic 3270 Terminal Emulation Terminal Setup Parameters The following table provides information on terminal setup for the various DIGITAL terminal models: Terminal Model Setup Parameters VT100 ANSI mode AUTO XON/XOFF = ON VT2xx, VT3xx, V4xx General: • VT100 through VT400 mode • 7-bit or 8-bit controls Communications: • XOFF at 64 or 128 • No local echo Indicating the 3270 Model Number To enable 3270 emulation on a port, you must specify the 3270 model number as follows: Local> CHANGE POR
IBM Host Communications IBM Host Communications Introduction This section describes IBM host communications with a terminal attached to the access server. Connecting to an IBM Host After you complete the basic configuration of a port for 3270 emulation, you can use the CONNECT, OPEN, or TELNET commands to access an IBM host. The following example shows a connection to an IBM host that uses the host’s Internet address: Local> CONNECT 195.20.0.
IBM Host Communications The status line is restored when: • You use the STATUS function. • You send data to the host. • The IBM application clears the screen. Status Line Messages The following table describes the messages that appear on the status line indicator: Message Description EXTEND You have pressed the EXT function. HIDDEN The status line is covering some screen data that you have not yet seen. This indicator turns off when you enable the status display after viewing the hidden data.
IBM Host Communications Status Line Indicator Display The following figure shows the position of the status line indicator on the screen: 18-8 Configuring and Managing 3270 Terminal Emulation (TN3270)
Displaying and Customizing Keyboard Maps Displaying and Customizing Keyboard Maps Introduction Although the default TN3270 keyboard maps are sufficient for most users, some may want to customize keyboard maps for specific applications. This section describes the default keyboard maps and the options for displaying and customizing them. There are two ways to manage customization of keyboard maps: on a server-wide basis and a port-by-port basis.
Displaying and Customizing Keyboard Maps Default Server-Wide Terminal Type and Keyboard Maps The following table shows the default keyboard map and the associated terminal type: Predefined Terminal Type Default Keyboard Map ANSI VT100 VT100 VT100 VT220 VT220 VT320 VT220 VT420 VT220 These particular associations between terminal types and keyboard maps are fixed. You cannot reassign any of the five default terminal types to different keyboard maps.
Displaying and Customizing Keyboard Maps Local> CHANGE TN3270 TERMINAL PC_100_DCA KEYMAP NEW_KEYS You can carry out a similar process for terminal devices that use the VT220 keyboard map—the other default map.
Displaying and Customizing Keyboard Maps Selecting a Server-Wide Terminal Type and Keyboard Map for a Port A port user who wants to establish a TN3270 session using a server-wide keyboard map can do the following: Step Action 1 Check to see what terminal types (and associated keyboard maps) are available with the following command: Local> SHOW TN3270 TERMINAL Server: LAT_08002B26D0DE 2 Terminal Keymap VT100 VT100 VT220 VT220 VT320 VT220 VT420 VT220 ANSI VT1000 PC_100_DCA NEW_KEYS PC_220_D
Displaying and Customizing Keyboard Maps Selecting and Customizing Keyboard Maps for a Port Server-wide keymapping is the recommended method for customizing users’ TN3270 keymapping assignments. It uses access server memory efficiently and provides a common customized environment across all TN3270 ports. Port-by-port keymapping is also possible, but uses additional access server resources. A user can set up unique keymapping assignments for use only on his or her port.
Displaying and Customizing Keyboard Maps You can list the defaults with this command: Local> SHOW TN3270 KEYMAP "KEYMAPNAME" The defaults are shown in the Default Server-Wide Terminal Type and Keyboard Maps and the Keyboard Map and Terminal Type.
Displaying and Customizing Keyboard Maps Example: SHOW PORT TN3270 KEYMAP Command The following example shows a partial display of a keymap: Local> SHOW PORT 2 TN3270 KEYMAP Port 1: john 3270 function Keystroke CLEAR . . .
ASCII-to-EBCDIC and EBCDIC-to-ASCII Translation Tables ASCII-to-EBCDIC and EBCDIC-to-ASCII Translation Tables Commands The following table lists and describes the commands that enable you to display and modify the ASCII-to-EBCDIC and EBCDIC-to-ASCII translation tables. These tables use ASCII codes 0 to 255. When you display or change a given translation, you must enter the codes in hexadecimal format.
Guidelines for Managing the Use of NVRAM for TN3270 Guidelines for Managing the Use of NVRAM for TN3270 Introduction There is a pool of approximately 2.5 KB of shared NVRAM for the customization of the following TN3270 characteristics: • Keyboard maps for the ports • ASCII-to-EBCDIC and EBCDIC-to-ASCII translation tables This section provides guidelines on managing the available memory pool.
Guidelines for Managing the Use of NVRAM for TN3270 Limiting NVRAM Usage To limit the number of NVRAM keyboard maps that the port user can customize, use the command shown in the following example: Local> DEFINE PORT TN3270 NVRAM LIMIT 5 The default limit is 0.
Commands to Manage TN3270 Terminal Emulation Commands to Manage TN3270 Terminal Emulation Introduction This section summarizes the commands to manage 3270 emulation. Reference For a complete description of these commands and the correct syntax, refer to the Network Access Server Command Reference.
Commands to Manage TN3270 Terminal Emulation TN3270 Port Characteristics The following table provides information on port characteristics and their defaults: SET/DEFINE/ CHANGE PORT TN3270 Description Default MODEL Specifies the model of IBM 3270 Information Display Station the ASCII terminal emulates. NONE Indicates the type of ASCII terminal and associated keymap attached to the port. VT100 KEYMAP Enables you to change a definition in the keyboard map.
Commands to Manage TN3270 Terminal Emulation SHOW Commands The following table provides information on the SHOW Commands for port characteristics: SHOW Displays PORT TN3270 KEYMAP The TN3270 keyboard map for a specified port. PORT TN3270 CHARACTERISTICS The TN3270 port characteristics for a specified port. TN3270 ATOE The ASCII-to-EBCDIC translation table. TN3270 ETOA The EBCDIC-to-ASCII translation table.
Chapter 19 Configuring and Managing Point-to-Point Protocol (PPP) Ports Overview Introduction This chapter explains how to configure and manage access server ports for use with PCs and computers acting as Point-to-Point Protocol (PPP) hosts. A PPP host uses PPP as its data link over low-speed asynchronous serial lines. Prerequisites Before you use the procedures in this chapter, you must: • Ensure that the devices support PPP. • Connect and test the devices.
Enabling PPP on an Access Server Port Enabling PPP on an Access Server Port Introduction To check if PPP is enabled on a given port, use the SHOW PORT command. When enabled, the keyword PPP displays in the list of enabled characteristics at the bottom of the screen. The section provides examples of enabling PPP on an access server port.
Enabling PPP on an Access Server Port Enabling Dedicated PPP Traffic The following example shows a series of commands used to dedicate a port to PPP.
Establishing and Ending a PPP Session Establishing and Ending a PPP Session Using the CONNECT PPP Command If PPP is configured, you can start a PPP session on a port by entering the following secure command: Local> CONNECT PPP You can stop a PPP session by: • Logging out of the port • Generating a BREAK to the access server if the login is interactive, followed by the DISCONNECT command causing the peer to negotiate an end to the link The exact mechanism for causing a peer to negotiate the end of a li
Displaying PPP Characteristics Displaying PPP Characteristics Introduction This section describes the commands used to display characteristics for LCP, IPCP, and ATCP. Displaying LCP Characteristics Use the SHOW PORT n PPP LCP CHARACTERISTICS command to display LCP characteristics for a port. This command is nonprivileged. The fields shown in the LCP display show the latest values configured by the SET PORT n PPP LCP characteristic commands.
Displaying PPP Characteristics Fields in the LCP Characteristics Display The following table explains the fields in the LCP characteristics display. Field Description Values Default LCP Indicates if LCP is enabled. Enabled Disabled Enabled Passive Open When enabled, LCP negotiation does not begin until initiated by the attached device. Enabled Disabled Disabled Restart Timer Indicates the amount of time between LCP configure- or terminaterequest retransmissions when there is no response.
Displaying PPP Characteristics Field Description Values Default Magic Number* The current magic number. Disabled Disabled PF Compress Indicates if the access server negotiates to allow its peer to omit the extra protocol field byte from packets sent over the link. Enabled Disabled Disabled ACF Compress Indicates if the access server negotiates to allow its peer to omit the HDLC address and control fields from packets sent over the link.
Displaying PPP Characteristics Example: IPCP Characteristics Display The following example shows a sample IPCP characteristics display. Local> SHOW PORT 5 PPP IPCP CHARACTERISTICS IPCP Characteristics: IPCP: Disabled Passive Open: Disabled Restart Timer: 3 Max Configure: 10 Max Terminate: 2 Max Failure: 10 IPCP Options: Local: Negotiate Address: Disabled Remote IP Address: 0.0.0.
Displaying PPP Characteristics Field Description Values Default Max Terminate The number of times that LCP sends a terminaterequest packet to the peer without receiving an acknowledgment. 1 to 15 attempts 2 Max Failure The number of times that IPCP sends a negative acknowledgment for the peer’s proposed options before deciding to reject the options. 1 to 15 attempts 10 Negotiate Address Indicates if IP address negotiation is enabled for this link.
Displaying PPP Characteristics ATCP Characteristics The SHOW/LIST/MONITOR PPP ATCP CHARACTERISTICS command displays the ATCP configuration for a given port. The fields in the display show the latest values configured by the SET PORT n PPP ATCP characteristic commands. Use the SHOW/MONITOR PORT n PPP ATCP STATUS command to see the values actually used on the link.
Displaying PPP Characteristics Field Description Values Default Max Terminate The number of times that ATCP sends a terminate-request packet to the peer without receiving an acknowledgment. 1 to 15 attempts 2 Max Failure 1. The number of times that ATCP 1 to 15 sends a negative attempts acknowledgment for the peer’s proposed options before deciding to reject the options. This field has a fixed value in this software release.
Displaying PPP Status Displaying PPP Status Introduction This section describes how to display the PPP LCP and IPCP status. Displaying LCP Status Use the SHOW PORT n LCP STATUS command to display LCP characteristics. This command is nonprivileged. This command shows the actual state of the LCP implementation on the access server. Because of the nature of PPP negotiations, the display can differ from the configured characteristics shown on the SHOW PORT n PPP LCP CHARACTERISTICS display.
Displaying PPP Status Fields in the LCP Status Display The following table describes the fields in the LCP status display: Field Description State The LCP state as defined in RFC 1331. Negotiation Time The number of seconds required by the PPP negotiation procedure the last time LCP renegotiated. Since Open The number of seconds since LCP last attempted to negotiate the link. Failure Reason Provides a brief reason if LCP cannot complete negotiations. MRU Maximum Receive Unit.
Displaying PPP Status Displaying IPCP Status Use the SHOW PORT n PPP IPCP STATUS command to display IPCP status. This command shows the actual state of the IPCP implementation in the access server. Because of the nature of PPP negotiations, this display can differ from the configured characteristics shown on the SHOW PORT n PPP IPCP CHARACTERISTICS display.
Displaying PPP Status Fields in the IPCP Status Display The following table explains the fields in the IPCP status display: Field Description State The IPCP state as defined in RFC 1331. The possible states are Initial, Starting, Closed, Stopped, Closing, Stopping, Req Sent, Ack-Rcvd, Ack-Sent, Opened, and DHCP Req. DHCP Req (which is not part of RFC 1331) indicates the negotiations are waiting for DHCP to assign an IP address.
Displaying PPP Status Displaying ATCP Status Use the SHOW PORT n PPP ATCP STATUS command to display ATCP status. The This command shows the actual state of the ATCP implementation in the access server. Because of the nature of PPP negotiations, this display can differ from the configured characteristics shown on the SHOW PORT n PPP ATCP CHARACTERISTICS display.
Displaying PPP Status Fields in the ATCP Status Display The following table explains the fields in the ATCP status display: Field Description State The ATCP state as defined in RFC 1331. The possible states are Initial, Starting, Closed, Stopped, Closing, Stopping, Req Sent, Ack-Rcvd, Ack-Sent, and Opened. Negotiation Time The number of seconds required by the PPP negotiation procedure the last time ATCP negotiated.
Displaying PPP Counters Displaying PPP Counters Introduction The section describes PPP counters. Displaying LCP Counters Use the SHOW PORT n LCP COUNTERS command to display LCP counters for a port. The display shows all the counters relevant to LCP protocol operation. Most of this information is useful as a diagnostic aid. The CONNECT or DISCONNECT command zeroes each of the counters.
Displaying PPP Counters Fields in the LCP Counters Display The following table describes the fields in the LCP counters display: Field Description Negotiation Successes The number of times that LCP successfully entered a round of negotiations since the link was brought up. Ordinarily, this counter is 1. However, you can reconfigure LCP and then cause LCP to renegotiate This changes the performance characteristics for the link.
Displaying PPP Counters Field Description Code Rejects out The number of LCP code-rejects sent to the peer from the access server. Echo Reqs in The number of LCP echo-requests received from the peer. Echo Reqs out The number of LCP echo-requests sent to the peer from the access server. This number should always be zero in this version. Echo Resps in The number of LCP echo-replies received from the peer. Echo Resps out The number of LCP echo-replies sent to the peer from the access server.
Displaying PPP Counters Example: Command to Display the IPCP Counters The following example shows how to display the IPCP counters for port 5: Local> SHOW PORT 5 IPCP COUNTERS Port 5: Server: LAT_08002B26D0E7 IPCP Counters: Negotiation Successes: Negotiation Failures: 0 0 Configures in: Acks in: Naks in: Rejects in: Terminates in: Term Acks in: Configures out: Acks out: Naks out: Rejects out: Terminates out: Term Acks out: 0 0 0 0 0 0 0 0 0 0 0 0 Fields in the IPCP Counters Display The following ta
Displaying PPP Counters Field Description Naks in The number of IPCP configure-naks received from the peer. Naks out The number of IPCP configure-naks sent to the peer from the access server. This counter should always be zero in this release. Rejects in The number of IPCP configure-rejects received from the peer. Reject outs The number of IPCP configure-rejects sent to the peer from the access server. Terminates in The number of IPCP terminate-requests received from the peer.
Displaying PPP Counters Example: Command to Display the ATCP Counters The following example shows how to display the ATCP counters: Local> SHOW PORT 5 ATCP COUNTERS Port 5: Server: LAT_08002B26AA94 ATCP Counters: Negotiation Successes: Negotiation Failures: Configures in: 8 Acks in: 6 Naks in: 0 Rejects in: 6 Terminates in: 0 Term Acks in: 0 0 0 Configures out: Acks out: Naks out: Rejects out: Terminates out: Term Acks out: 12 6 1 1 0 0 Fields in the ATCP Counters Display The following table describes
Displaying PPP Counters Field Description Naks in The number of ATCP configure-naks received from the peer. Naks out The number of ATCP configure-naks sent to the peer from the access server. This counter should always be zero in this release. Rejects in The number of ATCP configure-rejects received from the peer. Reject outs The number of ATCP configure-rejects sent to the peer from the access server. Terminates in The number of ATCP terminate-requests received from the peer.
Chapter 20 Managing IPX Overview Introduction This chapter describes how to configure and manage IPX on an access server.
IPX Description IPX Description Introduction The purpose of IPX is to allow Novell NetWare clients to dial in to (or directly attach to) the network access server via asynchronous lines. Each remotely connected Novell client looks and acts as if it was directly connected to the LAN. The network access software provides PPP/IPXCP as the underlying data link on the asynchronous lines. This allows multiprotocol support (IP/IPX/AppleTalk) over the same asynchronous lines simultaneously.
IPX Description Login Procedures One or more serial ports of the access server can be configured for Novell dial-up access. Depending on your requirements, different login procedures for IPX can be configured including: • The remote PC user can choose to activate a connection to the Novell network after login to the access server local user interface. This allows the user to take advantage of other non-IPX services from the access server before connecting to the Novell network.
Getting Started Getting Started Checklist The following is a checklist for using this chapter to perform the basic steps to perform remote node access to a Novell network through a network access server: Step Action 1 Determine your hardware/software requirements (Hardware and Software Requirements). 2 Configure your PC (Setting Up the Network Access Server). 3 Configure your network access server (Setting Up the Network Access Server).
Hardware and Software Requirements Hardware and Software Requirements Introduction This section describes the hardware and software necessary to run IPX. There must be at least one NetWare fileserver version 3.xx or greater on the network. If a fileserver is not directly attached to the same LAN as the network access server, there must be a NetWare router on the LAN. Software Requirements The following software is required to run IPX: • Network Access Software version 1.4 or greater.
Setting Up Your PC Setting Up Your PC PC Remote Access Software Ensure you know whether the network access server port you are dialing in to requires you to enter a login password or logs directly in to the local user interface. If this is the case, you will need to use terminal emulation to communicate with the access server following modem connection. Ensure you know whether the network access server port requires a PPP/PAP password.
Setting Up the Network Access Server Setting Up the Network Access Server Enabling IPX By default, IPX is not enabled on the access server. A privileged user must enable IPX with the following commands: Local> CHANGE IPX INTERNAL ipx-net Local> CHANGE IPX ENABLED Note The ipx-net value must be a unique Novell network number on the network.
Setting Up the Network Access Server can be configured either CTS (CTS-DSR-RTS-DTR) or RI (RI-DCD-DSRSDTR). Based on configuration, correct adapter must be chosen (see Appendix A). Current high-speed modems (>9600 baud) typically use CTS. Configuring the Port for the Login Method You can configure a port to log in to a local user interface prompt or to be exclusively dedicated to PPP.
Setting Up the Network Access Server Configuring the Port Dedicated to PPP Following modem connection, the PC user will log in with or without password authentication. Then, PPP will automatically be activated to pass IPX network packets.
Setting Up the Network Access Server Disabling PPP/PAP Password Authentication To disable the optional PPP/PAP password authentication, use the following command: Local> CHANGE PORT n LCP AUTHENTICATION DISABLE Passwords Both login password authentication and PPP/PAP password authentication use the same password. One or both can be enabled at the same time. For PAP, verification of the password is case sensitive.
Summary of DECserver IPX Management Commands Summary of DECserver IPX Management Commands The following are the network access server commands you can use to manage IPX. Port PPP IPX Commands for LCP The following table explains the PORT PPP IPX commands for LCP. SHOW/LIST/MONITOR PORT n LCP Description CHARACTERISTICS Display the current values for the LCP characteristics. SHOW/MONITOR PORT n LCP Description COUNTERS Display the current values of the IPXCP counters.
Summary of DECserver IPX Management Commands PFC Protocol Field Compression for PPP datagram. RESTART Restart a suspended session. Port PPP IPX Commands for IPXCP The following table explains the PORT PPP IPX commands for IPXCP: SHOW/LIST/MONITOR Port n IPXCP Description CHARACTERISTICS Display the current values for the IPXCP characteristics. SHOW/MONITOR PORT n IPXCP Description STATUS Display the values of the IPXCP counters and characteristics.
Summary of DECserver IPX Management Commands SHOW/MONITOR PORT n PPP Description STATUS Display the values of the PPP counters and characteristics. Server IPX Commands The following table defines the server IPX commands: SHOW/LIST/MONITOR IPX Description CHARACTERISTICS Display the current values for the characteristics. SHOW/MONITOR IPX Description COUNTERS Display the values of the IPXCP counters. RIP Display the RIP entries known to the server.
Summary of DECserver IPX Management Commands SAP802 IEEE 802.2 standard. SNAP802 IEEE 802.2 with SNAP SAP format. CHANGE/SET/DEFINE IPX FRAME frametype NETWORK Description ipx-net Specify explicit internal network number. LEARN Learn internal network number from LAN. DISABLED Internal network disabled. CHANGE/SET/DEFINE IPX INTERNAL NETWORK Description ipx-net Specify ipx-net as the internal network number. NONE There is no IPX address for the internal network.
Modem Considerations Modem Considerations Dial-In Modems Keep the following in mind when using dial-in modems attached to the network access server: • Flow control for the dial-in modem and the access server port must match. CTS is recommended for DECserver 700 and DECserver 900TM. XON/XOFF is recommended for DECserver 90M and DECserver 90TL.
Modem Considerations Recommended Serial Port Baud Rate The following table lists guidelines for setting the serial port baud rate: UART Type Maximum Modem Speed Maximum Recommended Serial Port Baud Rate 8250 9600 Up to 9600 16450 9600 to 14400 9600 to 19200 16450-A 9600 to 14400 9600 to 19200 16550 Up to 28800 Up to 115200 20-16 Managing IPX
Novell Client/Server Operation Novell Client/Server Operation Establishing Remote Node Access Connection to Novell Network Vendors of PC remote node access software for Novell may have different procedures for dialing in and establishing a remote access connection to a Novell LAN through the access server. However, the following are generally the expected steps: Step Action 1 Dial in to the network access server.
Novell Client/Server Operation • Use DOS batch files with all the commands necessary to load and activate the remote node access software and Novell software for establishing an IPX connection. Refer to the remote node access software installation guide for additional information. • Use local Novell login scripts to facilitate logging in to a Novell fileserver. • If Novell packet burst is used, specify a maximum of 3 for PB BUFFERS in NET.CFG.
Operational Checkout and Diagnosis Operational Checkout and Diagnosis Verifying Configuration To verify proper configuration, at a access server management port, type SHOW IPX at the local user interface prompt: • At least one LAN frame should have a corresponding network number. • IPX should be enabled and the internal network should be defined with a unique network number. Reference If you have problems with your dial-in connection, refer to the Network Access Server Problem Solving book.
Disabling IPX Disabling IPX Using the DEFINE Command If you decide you no longer need IPX support, you can disable IPX by using the following privileged command: Local> DEFINE IPX DISABLED Reinitialize the access server to have this command take effect.
Frame Types Frame Types Introduction To support a broad base of network stations, the access server supports four different frame formats for encapsulating IPX packets on the LAN. The four frame types supported by the access server can be enabled simultaneously: • Ethernet • RAW802 • SAP802 • SNAP802 A LAN frame is enabled when a unique NetWare network number is associated with the frame. The network number can be automatically “learned” or explicitly configured.
Displaying IPX Characteristics Displaying IPX Characteristics Using the SHOW command Use the SHOW IPX CHARACTERISTICS command to display IPX characteristics, including IPX network and node numbers. The command is nonprivileged.
Displaying IPX Characteristics Field Description Internal Network None or up to 8 hexadecimal numbers (no leading zeroes, 1 to FFFFFFFE). This entry configures the IPX internal network number for the access server. It is used by the serial ports for configuring a common network number for all PC client dial-ins when PPP/IPXCP is negotiated. This occurs when the PC client requests the access server to configure the network through PPP.
Displaying IPX Status Displaying IPX Status Using the SHOW IPX Command Use the SHOW IPX command to display IPX status. The command is nonprivileged.
Displaying IPX Counters Displaying IPX Counters Use the SHOW IPX COUNTERS command Use the SHOW IPX COUNTERS command to display the IPX counters. The command is nonprivileged.
Displaying IPX Counters Field Description IPX Total Packets Received Total number of data packets received. IPX Local Transmits Number of data packets transmitted, originating from the access server. IPX Local Receives Number of data packets received that were destined for the access server. IPX Unknown Sockets Number of data packets with unknown socket addresses. IPX Receive Discards Number of data packets that were received and discarded.
Displaying IPX Counters Field Description RIP/SAP Requests Received Number of RIP/SAP request packets received. RIP/SAP Requests Discarded Number of RIP/SAP request packets discarded. RIP/SAP Request Resource Errors Number of RIP/SAP request packet resource errors. RIP/SAP Responses Transmitted Number of RIP/SAP response packets transmitted. RIP/SAP Responses Received Number of RIP/SAP response packets received. RIP/SAP Responses Discarded Number of RIP/SAP response packets discarded.
Displaying IPX Routes Displaying IPX Routes Using the SHOW IPX ROUTES Command Use the SHOW IPX ROUTES command to display IPX Routes. This command is nonprivileged. IPX Routes Display The following example shows the command to display IPX routes: Local> SHOW IPX ROUTES IPX Routes Destination 2B24F2DD.020000000001 911.000000000000 21000001.FFFFFFFFFFFF EEE8022.FFFFFFFFFFFF EEE8023.FFFFFFFFFFFF 1BEAD017.000000000000 Local> Next Hop 2B24F2DD.08002B24F2DD 21000001.00608C114E4A 21000001.08002B24F2DD EEE8022.
Resetting Counters Resetting Counters Using the ZERO Command Use the ZERO command to reset IPX counters.
Chapter 21 Managing Dial Services Overview Introduction Configuring dial services is similar in concept to configuring a LAT service or Telnet listener. You define a service with a specified configuration that dictates how the user can operate the dialer. Before you begin any dialer management, be sure to: • Install the latest software image on the access server and all load hosts. • Read the release notes. • Know what devices and cables are connected at the various ports.
Dial Services Command Groups Dial Services Command Groups Command Groups To configure and manage the dial services, use the SET/DEFINE/CHANGE DIALER and SHOW/LIST/MONITOR DIALER command groups. Reference For more detailed information about commands used in this chapter, refer to the Network Access Server Command Reference. Entering the SET PRIVILEGED command Before changing any other parameter, make sure you have the authority to make such changes.
Checking the Current Server Settings Checking the Current Server Settings Introduction Before you configure dialer services, determine the current server configuration. Use the SHOW SERVER command to display the server configuration. Server Configuration Display The following example shows a typical access server configuration display: Local> SHOW SERVER Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.
Defining a Dialer Script Defining a Dialer Script Introduction The first step in configuring a dial service is creating a dialer script. A dialer script tells the access server what text strings to use to control a modem on a specific port. These text strings are also known as “modem strings.” Defining Dialer Script Strings Use the SET, DEFINE, and CHANGE DIALER SCRIPT commands to define the modem strings that make up various modem commands in a dialer script.
Defining a Dialer Script Example: Set Dialer Script Name The following example illustrates how to modify dialer script strings in a dialer script called “dickens” in order to set unique dialer characteristics: Local Local Local Local Local Local > > > > > > DEFINE DIALER SCRIPT dickens COMMAND "AT" SET DIALER SCRIPT dickens INIT NONE SET DIALER SCRIPT dickens RESET NONE CHANGE DIALER SCRIPT dickens PREFIX "DT" DEF DIALER SCRIPT dickens RESET NONE SET DIALER SCRIPT dickens TIMEOUT NONE Managing Dial Servi
Assigning the Dialer Script to a Port Assigning the Dialer Script to a Port Steps After configuring the dialer strings in a dialer script, assign the script to a specific port. Do the following: Step Action 1 Are you defining the dialer script to the port for the first time? • If yes, go to step 2. • If no, use the SHOW PORT n command to determine the current dialer script by showing the port (optional).
Assigning the Dialer Script to a Port Example: The Show Port Command Display The following example shows the resulting display for the SHOW PORT command. In this example, the preferred dialer service is CALL_HOME and the dialer script name is Generic_14400.
Assigning the Dialer Script to a Port Verifying Dialer Script Configuration Use the SHOW PORT n command to verify any changes you make to dialer script assignments for a port. The change appears in the Dialer Script field of the display.
Defining the Dialer Service Defining the Dialer Service Steps After you define the dialer script and assign the dialer script to a port, define the dialer service. A dial service is used to establish a dial-back session. Do the following: Step Action 1 Display information (characteristics, status, and counters) about currently configured dialer services and system status. 2 Define or modify the dialer service using the SET/DEFINE/CHANGE DIAL SCRIPT SERVICE command.
Defining the Dialer Service Example: Show Dialer, Port Security Enabled In this example, a user on a port with SECURITY enabled would not have access to the STATUS display since it might provide access to unlisted or sensitive phone numbers and other information received from the modem.
Defining the Dialer Service Local> SHOW DIALER AT_TRADESHOW STATUS Dial Service: AT_TRADESHOW - Available Identification: Dial-back from tradeshow Port: User Status 9 10 11 12 13 14 (remote) Available Raymond Connected BUSY Connect Available Dialing Waiting Jim Bob Last Connection Status CONNECTED 14400/LAPM CONNECTED 9600 NO ANSWER No answer Local> SHOW DIALER STATUS Display Fields The following table lists values for the status field in the SHOW DIALER display: Status Meaning Initializing Send
Defining the Dialer Service Displaying Dialer Counters Use the SHOW DIALER service-name COUNTERS command to display the counters for a dialer service.
Defining the Dialer Service Dialer Service Characteristics The following table describes the dialer service characteristics: Characteristic Description Comments IDENTIFICATION Allows an identifying string to be associated with a given service. Maximum length = 40 characters CONNECTIONS Specifies whether a user may connect to the current dial service. Variables: ENABLED/ DISABLED PORTS One or more physical ports that are to offer this dial service.
Defining the Dialer Service Characteristic Description Comments USERNAME Defines the user name to be supplied to a peer that requires the access server to be authenticated. Maximum length = 1 to 16 characters PASSWORD Indicates the password to be supplied to a peer that requires authentication from the access server. Maximum length = 1 to 16 characters • May be entered either on the command line within quotes or at a prompt.
Configuring Interactive Dial Requests Configuring Interactive Dial Requests Configuring for Interactive Dial-Back The following example sets the access server to a predefined phone number: Local> CHANGE DIALER AT_HOME PORT 1-16 IDENT "DIALS YOU AT HOME" The dialer service AT_HOME is set up to allow any phone number to be dialed, but the user’s security profile allows for a connection to be made using only one number.
Framed Dial Requests Framed Dial Requests Introduction Dial-back requests can also be queued from a client that connects to the server using PPP. Unlike PPP, the SLIP protocol does not include a method of negotiating connection options including whether a call-back should be attempted and the phone number to which the call-back should be placed. Therefore, only PPP clients can request a call-back.
Framed Dial Requests 3 If you enable PPP call-back negotiation on a port, DIGITAL strongly recommends that you also enable some sort of authentication (for example PAP or CHAP) on the port. Without authentication, any user who happens to discover the phone number for that port’s modem could potentially request a call-back and run up unlimited phone charges. 4 To enable authentication on a port, use the SET/DEFINE/CHANGE PORT LCP AUTHENTICATION PAP/CHAP command.
Chapter 22 Managing Access Server Security Overview Introduction The DECserver Network Access Software (DNAS) supports the following authentication services: • RADIUS • SecurID • Local User Accounts • Kerberos V4 In This Chapter This chapter contains the following topics: • Security Type Descriptions • Common Terminology Across Security Realms • Managing Kerberos • Managing RADIUS • Managing SecurID • Managing Local Access Server Security • Determining Security Configuration • Managi
Security Type Descriptions Security Type Descriptions Introduction This section describes the types of security that the access server supports. Kerberos Kerberos is a user authentication system designed for open network computing environments. It provides for the authentication of a user name and password pair, by means of a host system accessible over the network.
Security Type Descriptions The following occurs: Stage Description 1 The access server uses the realm name to determine the security method to use when authenticating the login. 2 If the realm name is for a RADIUS server, the access server sends the login information to a RADIUS authentication host. 3 Upon completing authentication successfully, the RADIUS authentication host sends a list of authorization parameters to the access server after authentication completes successfully.
Common Terminology Across Security Realms Common Terminology Across Security Realms Introduction This section briefly defines the terms that are common to all of the security methods that the access server supports. Accounting Host A security server that accepts and records accounting information from the access server. Authentication Host A security server that provides authentication or authorization information to the access server.
Common Terminology Across Security Realms Security Server The remote host with which the access server communicates in order to request authentication clearance during the login process. Each security method (other than user accounts) defines one or more host processors that can support the authentication procedure. RADIUS Accounting The RADIUS security method supports logging of accounting information.
Managing Kerberos Managing Kerberos Introduction This section describes Kerberos security features and explains how to configure and manage these features on the access server. To use the procedures in this section, you must: • Ensure that the access server can communicate with a host running Kerberos V4 software. • Connect and test the devices. • Enable privileged status. • Configure the port and device characteristics to match.
Managing Kerberos Network Access Server Requirements Before configuring security-specific parameters, make sure that: • You have entered the correct Internet address and subnet mask. (See the Configuring the Internet Address and Subnet Mask section in Chapter 7.) • There is an Internet gateway to the KDC if the KDC is not on the access server subnet. (See the Defining Networks Available Through a Specific Gateway section in Chapter 7.
Managing Kerberos Example: Definition of Kerberos Settings The following example shows a sample of the commands used to change these settings: Local> CHANGE KERBEROS DEFAULT REALM finance.acme.com SECRET Secret> (not echoed) Verification> (not echoed) Local> CHANGE KERBEROS REALM finance.acme.com MASTER HOST security.acme.com Local> CHANGE KERBEROS REALM finance.acme.com HOST atlas.acme.
Managing Kerberos Displaying Kerberos Settings The following example shows a sample display of Kerberos settings: Local> show kerb characteristics Retransmit Interval: Ticket service port: Realm: Secret: Authorization Defaults: Access: Max Connect: Dialback Number: Dialout Number: Permissions: 750 Retransmit Timeout: 0 00:00:08 Password service port: 751 mfg.acme.
Managing Kerberos User Authentication Procedure When the system administrator configures Kerberos security features for a given access server port, you need to enter a valid user name and password when you log on to the access server. A complete Kerberos principal name has the following format: user-name[.instance]@realm-name To abort the authentication process, press the Break key or the Local Switch key. By default, Kerberos allows you three attempts to enter a valid user name and password.
Managing Kerberos Changing a User Name and Password Once the network manager has set up the access server, users can change their own passwords on the master KDC for their realm. Example: Sample Kerberos User Authentication Session The following example shows a sample session for changing a password. The way that message 468 wraps may appear differently on your terminal screen.
Managing Kerberos Port User Authentication Counters The following example shows how to display the authentication counters for a given port: Local> SHOW PORT 1 AUTHENTICATION COUNTERS Port 1: User Time Time Time j_smith Server: Cur. login Cur.
Managing RADIUS Managing RADIUS Introduction A RADIUS server must be operational on the network. The RADIUS server can include accounting capability, but the RADIUS accounting can be in a separate server, on a different node. In addition, there can be multiple RADIUS servers on the network, and RADIUS provides a method for using a second server should the attempt with the first server result in no response. A node that has the RADIUS server is considered an authentication host.
Managing RADIUS Optional Setup for RADIUS You can use the commands in the following examples to configure additional security parameters for RADIUS servers. The commands in these examples define a RADIUS server accounting node, the maximum timeout period for RADIUS server reply, and the interval between retries of an authentication request. • The following command defines a RADIUS server accounting node: LOCAL> CHANGE RADIUS REALM JONAS.
Managing RADIUS Example: Defining Realm Default Authorization Attributes LOCAL> CHANGE RADIUS REALM JONAS.COM PERMISSIONS (DIALBACK) LOCAL> CHANGE RADIUS REALM JONAS.COM CALLBACK ENABLED DIALBACK NUMBER "1-800-555-1111" Example: Defining Password Authentication Type LOCAL> CHANGE RADIUS REALM JONAS.COM ACCESS FRAMED Note The value NONE should be read as unspecified.
Managing RADIUS User Access to the Access Server The primary way to define a user’s type of access is to use the RADIUS server attribute called “User-Service-Type”. The following table shows User-Service-Type values that the access server supports: Value Description Login LAT/TELNET, depending on the Login-Service attribute or DEFAULT PROTOCOL value in PORT. Framed PPP/SLIP, depending on the Framed-Protocol attribute or DEFAULT PROTOCOL value in PORT.
Managing RADIUS Additional RADIUS Attributes The tables in this section contain lists of additional RADIUS attributes that the access server supports. General Session Attributes The following table defines the general session RADIUS attributes: General Session Attributes Definition Service-Type Type of link requested, or change in type of link. Used in both Access-Request and Access-Accept packets.
Managing RADIUS Framed Session Attributes The following table defines the framed session attributes: Framed Session Attributes Definition Framed-Protocol Type of framed protocol used for session. Used in Access-Accept packets. Values: • PPP • SLIP Framed-IP-Address IP address to be configured for the user (in lieu of DHCP, or similar). Used in AccessAccept packets. Note: Two values of this address require special action: • The value 255.255.255.
Managing RADIUS Interactive Session Attributes The following table defines the interactive session attributes: Interactive session attributes Definition Login-IP-Host The IP address of the host system with which the user is to be automatically connected. Used in Access-Accept packets. Login-Service The type of service to which the user is to be automatically connected. Used in AccessAccept packets.
Managing RADIUS RADIUS General Non-Session Attributes The following table defines the RADIUS general non-session attributes: RADIUS Overhead Attributes Definition NAS-IP-Address IP address of the NAS. Used in AccessRequest packets. NAS-Port NAS Port Number. Used in Access-Request packets. Reply-Message ASCII text, that the NAS may optionally display. Used in Access-Accept, AccessReject, or Access-Challenge packets.
Managing RADIUS DIGITAL Vendor-Specific Attributes Dialout Number (2) V-Type — 2 for dialout number. V-Length >= 3 String — Any printable ASCII characters. Dialback Number (3) V-Type — 3 for dialback number. V-Length >= 3 String — Any printable ASCII characters. Dialout Service (4) V-Type — 4 for dialout service name. V-Length >= 3 String — Uppercase ASCII printable characters, starting with a letter.
Managing RADIUS RADIUS Accounting Attributes Definition Acct-Authentic An indication of the means of authentication for this user: • RADIUS • Local (the DECserver User Data Base) • Remote (the DECserver Kerberos or SecurID client) Acct-Session-Time The number of seconds for which the service was delivered to the user.
Managing SecurID Managing SecurID Introduction The Security Dynamics ACE/Server software performs dynamic two-factor SecurID authentication. Dynamic two-factor authentication combines something the user knows—a memorized personal identification number (PIN)—with something the user possesses—a randomly generated access code that changes every 60 seconds. The second factor is the tokencode generated by the SecurID token.
Managing SecurID SecurID Realms SecurID servers do not provide any authorization data; therefore, any authorization information comes from the SecurID realm or the port characteristics. If a SecurID card is in a new PIN mode and the new PIN is coming from the access server, the new pin is displayed for 10 seconds and then erased. Minimal Setup for SecurID The minimal configuration requires the following commands to set up the remote ports used for communication with SecurID.
Managing SecurID Example: Including the Realm Name If your realm name has to be included when the access server sends messages to SecurID, issue the command shown in the following example: LOCAL> CHANGE SECURID REALM realm-name INCLUDE For most usage, you will not want to include the realm name. If you do, each entry in the SecurID users file will have to appear as “user-name@realm-name” instead of simply “user-name”.
Managing SecurID Setting User Permissions Permissions are explicitly given by the value in the realm defaults. When these are still missing, the port configuration can supply its specified values (for attributes having a corresponding representation in the port). Permissions are DIGITAL vendor-specific.
Managing Local Access Server Security Managing Local Access Server Security Introduction The tasks described in this section cover the configuration of the local access server realm and setup of local user accounts. Configuration of server security involves: • Access server realm configuration • Local user account configuration parameter Defining the Realm Realm names must be unique within a given type of authentication.
Determining Security Configuration Determining Security Configuration Displaying RADIUS, SECURID, and KERBEROS Characteristics The SHOW {RADIUS | SECURID | KERBEROS} CHARACTERISTICS command displays all configured realm names, along with any pertinent configuration parameters. This command is privileged. It shows the various RADIUS and SecurID servers that are configured for the access server as well as the Kerberos KDCs. It also shows the existing local server security database.
Determining Security Configuration Example: Showing SecurID The following example shows the resulting display for the SHOW SECURID CHARACTERISTICS command: LOCAL> SHOW SECURID Retransmit Interval: 00:00:02 Retransmit TimeOut: 00.00.20 Service Port: 755 Realm: AAA.BBB.CCC.COM Realm Inclusion: EXCLUDE Encoding Format: DES Prompt: Enter Passcode> Secret: (Entered) Primary Host: 16.20.55.
Determining Security Configuration Example: Displaying Kerberos Characteristics The following example shows the resulting display for the SHOW KERBEROS CHARACTERISTICS command: LOCAL> SHOW KERBEROS Retransmit Interval: 00:00:01 Retransmit TimeOut: 00:00:20 Ticket service port: 750 Password service port: 751 Default Realm: 33H.LKG.DEC.COM Secret: (None) Primary Host: prowlr.lkg.dec.com Master Host: ds900.lkg.dec.com Host: foo.bar.dec.
Determining Security Configuration Showing the Authentication Counters This access server can display the counters for all realms (local, RADIUS, KERBEROS). Any session authenticated by RADIUS attempts to send accounting data to the RADIUS Server. Sessions authenticated by other methods may be configured to send accounting packets to a RADIUS accounting server as well (if one exists). Reference See SHOW AUTHENTICATION COUNTERS in the Network Access Server Command Reference for a sample of this display.
Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication Introduction AUTOLINK lets PC clients log in using SLIP,PPP, and character cell terminal mode. AUTOLINK AUTHENTICATION provides a flexible and secure method for clients to authenticate when using AUTOLINK. A single port can support authenticated logins from different types of PPP clients, which may have different LCP authentication capabilities.
Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication Enabling AUTOLINK Authentication If you want authenticated logins, you must separately configure the port to require AUTOLINK AUTHENTICATION. The authentication can be by PPP PAP, PPP CHAP, or interactively by terminal emulation (which could be a script). The PC client is required to provide one authentication. SLIP users are treated as if they are character-cell users.
Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication LCP Authentication Results CHAP USERNAME PC clients that connect immediately to PPP will be authenticated using PPP CHAP authentication. If you user the CHAP NOUSERNAME options with the PORT LCP AUTHENTICATION command, the login fails. If you use either the PAP NOUSERNAME or CHAP NOUSERNAME options with the PORT LCP AUTHENTICATION command when you enable AUTOLINK authentication, the login fails.
Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication Timeouts The following are the properties of AUTOLINK timeouts: • A user has one minute to complete an interactive login successfully. The clock starts from the time the USERNAME> prompt is displayed. This includes the time for the user name/password request to be processed by the authentication server. After one minute elapses, the port is logged out and the modem is disconnected.
Specifying Other Security Features Specifying Other Security Features Introduction This section describes various security features on interactive ports. Specifying Dedicated Service for LAT or Telnet Resources The results of specifying a dedicated service on a port are as follows: • The device on the port appears hard-wired to a specific resource. • The access server establishes only one session for the port.
Specifying Other Security Features Telnet Requirement To set an Internet host as a dedicated service, the default protocol must be set to TELNET. You can use the host’s Internet address, domain name, or relative domain name if the host is defined in a name server; however, you cannot use the entire domain name if the name is more than 16 characters, including the dots. The following shows how to enable a host on the TCP/IP network, SALE.MKT.DEC.
Specifying Other Security Features Login Password Definition Example The following example shows how to define TOTAL as the login password: Local> CHANGE SERVER LOGIN PASSWORD "TOTAL" or Local> CHANGE SERVER LOGIN PASSWORD Password> TOTAL (not echoed) VERIFICATION> TOTAL (not echoed) Local> You must enable the PASSWORD characteristic at the port level.
Specifying Other Security Features Example: Changing the Server Password Attempt Limit The following example shows how to change the password limit to 6: Local> CHANGE SERVER PASSWORD LIMIT 6 Managing Access Server Security 22-39
Chapter 23 7 Accounting Overview Introduction This chapter describes the network access server accounting component. The basis of an accounting facility is the logging of events related to user access. These events can be useful to support audit trails, billing, capacity planning, and connection troubleshooting.
Accounting Description Accounting Description Introduction The configuration of the accounting feature is supported using SNMP and the user interface. The accounting log itself is also accessible by both mechanisms. There is also a facility for sending accounting events to the access server console port as they occur. Accounting Log File The accounting component stores information about significant user events (for example, logins) in an accounting log file.
What Events Are Logged? What Events Are Logged? Contents of Log Entry Types The following table shows the fields that are logged in each accounting log entry type: Log Entry Type Event Time Port ID Port Acc ess Peer Rea son Tx Rx Port Login X X X Port Logout X X X Session Connect Attempt X X X X X Session Disconnect X X X X X Kerberos Password Fail X X X X Privilege Password Fail X X X X Maintenance Password Fail X X X Login Password Fail X X X Remote Passwo
What Events Are Logged? Log Entry Type Event Time Port ID Port Acc ess Peer Rea son Tx Rx Privilege Password Modified X X X X Maintenance Password Modified X X X X Login Password Modified X X X X User Privilege Level Modified X X X X SNMP Community Modified X X X X Remote Password Modified X X X X Event Field Descriptions The following table describes the fields in the accounting log entries: 23-4 Accounting Field Description Event Provides the ability to distin
What Events Are Logged? Field Description Port • For session connect/disconnect events: — Local Access: The port the session connect or disconnect occurred on. If the connection is initiated from a physical port, this field will have the physical port number. If the connection is initiated from an existing remote console connection, the port number will be one higher than the maximum physical port number.
What Events Are Logged? Field Description Port • Session connect/disconnect: The protocol associated with the session attempt or disconnect. These values can be: — LAT — TELNET — MOP — TN3270 — SLIP — PPP — AUTOLINK — PING Note: For a TN3270 session, the protocol type may appear as TELNET for the connect event and TN3270 for the disconnect event.
What Events Are Logged? Field Description Peer The value of this field varies depending on the protocol field, as follows: • LAT — Local Access: For nondedicated/preferred case, whatever you type following the CONNECT [LAT] command. For example, C CLUSTER1 (peer is CLUSTER1); C CLUSTER1 NODE NODE1 (peer is CLUSTER1 NODE1). If dedicated/preferred service is defined, the peer field will contain the service name. — Remote Access: The local service name followed by the remote node name.
What Events Are Logged? Field Description Tx • Session Disconnect Event: The number of bytes of successfully transmitted user data on this session at the time of session termination. This field will always be zero for MOP remote console connections. • Logout Event: The number of bytes output to the port during the life of the associated login. Rx • Session Disconnect Event: The number of bytes of successfully received user data on this session at the time of session termination.
When Events Are Logged When Events Are Logged Introduction This section describes when each specific event type is logged. Login Events Login events are logged at the time of the successful login (just before the user gets the Local> prompt). Unsuccessful login attempts are handled by Kerberos Password Fail, Login Password Fail, or Remote Password Fail events. Logout Events Logout events are stored when the port is logged out. There is always an associated login event.
When Events Are Logged Password Modified Events Password modified events (Privilege, Maintenance, Login, Remote) are logged whenever the associated password is modified with a SET/DEFINE/CHANGE command. A single event is logged for each UI command (only one event is logged for a CHANGE command). SET commands cannot be distinguished from DEFINE commands. If a user sets the password to the existing value, an event is still logged.
Managing Accounting Managing Accounting Introduction You can manage the accounting feature fully by using SNMP or the user interface. You can access the accounting log itself using both mechanisms. This section describes the user interface commands you can use to manage the accounting feature. Reference Refer to SNMP Survival Guide (located with the software) for instructions on managing the accounting component with SNMP.
Managing Accounting Changing the Accounting Threshold Use the ACCOUNTING THRESHOLD command to specify the point in the building of a log when the accounting component sends out a threshold notification.Valid values for the ACCOUNTING THRESHOLD variable are: • NONE: No notification. • HALF: Notify when each half of the log file is reached. • QUARTER: Notify when each quarter of the log file is reached. • EIGHTH: Notify when each eighth of the log file is reached.
Managing Accounting Displaying Accounting Characteristics Use the SHOW ACCOUNTING CHARACTERISTICS command to display the current values of the accounting variables.
Managing Accounting Displaying the Accounting Log Use the SHOW ACCOUNTING LOG command to view the log.
Using the Accounting Console Logging Feature Using the Accounting Console Logging Feature Description When console logging is enabled, the accounting component displays the accounting events on the server console as they occur. This can be useful for viewing events on a console terminal or printer. It is also possible to view (and log to a file) the console events remotely.
Using the Accounting Console Logging Feature Example: Telnet Remote View of the Accounting Log The following example shows the commands necessary to remotely view the accounting log via Telnet with a loopback connector on port 16: Local> Local> Local> Local> Local> CHANGE CHANGE CHANGE CHANGE CHANGE PORT 16 ACCESS REMOTE TELNET LISTENER 2001 PORT 16 TELNET LISTENER 2001 CONNECTION ENABLE SERVER CONSOLE 16 PORT 16 AUTOBAUD DISABLED SPEED 57600 From a remote UNIX system, the command is (replace x.x.x.
Appendix A Cable and Adapter Recommendations Cable and Adapter Hardware Cable and Adapter Table The following table lists the cable and adapter hardware you need to connect devices to specific DECserver models: To Connect This Device: To This DECserver Model: 90M or 90TL (8 Port) 700 (8 Port) 900TM (32 Port) 700 (16 Port) Use This Cable and Adapter Hardware: Terminal/printer with MMJ port BN24H-xx cable H8575-A adapter and BC16E-xx cable Terminal/printer with DB25 male port H8575-A adapter BC17D-x
To Connect This Device: To This DECserver Model: 90M or 90TL (8 Port) 700 (8 Port) 900TM (32 Port) 700 (16 Port) Use This Cable and Adapter Hardware: PC communication interface with DB9 male port H8585-AA adapter H8575-A adapter and and BN25G-xx cable H8571-J adapter and BC16E-xx cable Modems using RIDCD-DSRS-DTR signals (typically <9600 baud) with DB25 female port H8585-AB adapter BC22E-xx (10-wire) cable and or BN25G-xx cable BC22F-xx (25-wire) cable Modem using CTSDSR-RTS-DTR signals (t
Glossary access server A generic name for a family of Digital Equipment Corporation access servers. access server configuration database A load host database that contains the DECnet characteristics and the access server type, the load file name, and the dump file name for each access server. access server image A file in the access server directory on the load host that contains executable code. Address Resolution Protocol See ARP. American National Standards Institute See ANSI.
American Standard Code for Information Interchange See ASCII. AppleTalk An Apple Computer, Inc., trademark for their network protocol suite. ASCII American Standard Code for Information Interchange. A set of 8-bit binary numbers representing the alphabet, punctuation, numerals, and other special symbols used in text representation and communications protocols. asynchronous Pertaining to a communication method in which each event occurs with no relation to a timing signal.
BOOTP Internet Bootstrap Protocol. This Internet protocol is used to configure the communications software on a load host. BOOTP/TFTP Server This is a load host that uses the BOOTP and TFTP Internet protocols to configure the load host and downline load the software. broadcast A access server port characteristic that allows one port to send a single message to one or more ports simultaneously. CCR Console Carrier Request.
CRC Cyclic Redundancy Check. An error detection scheme in which a receiver checks each block of data for errors. CTS Clear To Send. A signal sent from the port device to the access server to indicate that the port device is ready to receive data. Cyclic Redundancy Check See CRC. datagram See IP datagram. Data Set Ready See DSR. Data Terminal Ready See Data Terminal Ready. data transparency During a session, the access server normally intercepts and interprets switch characters and flow control characters.
dequeue To remove the first entry in a queue and to attempt the function for which the entry was queued. DNS Domain Name System. An Internet naming system that maps, or translates, domain names to addresses. See domain names. domain names Internet. The domain name consists of a sequence of subnames separated by a period. The individual sections of the name might represent sites, groups, or computers, but the domain system simply calls each section a label. For example, the domain name super.dec.
event logging This is a process of recording significant occurrences on the network. failover LAT. A failure-recovery function provided by LAT software. Failover occurs when a user’s current LAT session is disrupted by the failure of the service node. Failover attempts to connect the user to the same service on an alternative service node. Failover is attempted only if the service is offered by two or more service nodes (as with a VAXcluster service).
image See access server image. initialization The process of running the access server diagnostic self-test program and, optionally, downline loading the access server with the access server image. Installation Verification Procedure See IVP. Internet Internet (written in all lowercase letters) is a collection of packet switching networks that use TCP/IP protocols and are interconnected by gateways. Software enables the networks to function logically as a single, large, virtual network.
Internet Protocol See TCP/IP. IP Internet Protocol. See TCP/IP. IP datagram Internet. A basic unit of information transferred over the Internet. IVP Installation Verification Procedure. This procedure verifies that the access server software was successfully installed on a OpenVMS load host. KDC Key Distribution Center. A Kerberos host that serves to validate a user’s identity with a Kerberos user name and password. keepalive timer LAT.
LAT architecture A layered networking model that identifies LAT communications functions, assigns specific functions to distinct layers, and specifies general rules for communication between LAT nodes. LAT Control Program A control program that provides a command interface that allows system and network managers to set up and manage an operating system as a LAT service. LAT network All the computer systems, or nodes, on a LAN that support the LAT protocol constitute a LAT network.
local name server A name server that is authorized for the domain where the access server is located. local service Network resource offered by your access server. loopback test A access server asynchronous port test during which data is looped to the module. There are two types of loopback tests: internal and external. The external loopback test requires a loopback connector. Maintenance Operation Protocol See MOP. Management Information Base See MIB. Maximum Transmission Unit See MTU.
name resolution Internet. Refers to the process of translating a name into a corresponding Internet address. The Internet domain name system provides a mechanism for naming computers in which programs use remote name servers to resolve computer names into Internet addresses for those computers. name server See Internet name server. NCP Network Control Program. The DECnet command interface used to configure, control, monitor, and test DECnet networks. network access server See access server.
Nonvolatile Random Access Memory See NVRAM. NVRAM Nonvolatile Random Access Memory. This is a RAM that retains its memory upon power loss. ODL Font Protocol On-Demand Loading Font Protocol. A protocol that enables Asian terminals connected to the access server to use the LAT protocol to access Japanese and Chinese OpenVMS systems on the LAN. On-Demand Loading Font Protocol See ODL Font Protocol. OpenVMS An operating system for DIGITAL VAX computers.
print spooler A program that enables many users to share the printing devices of a system, such as a access server. privileged status A port status that can only be set by a user that knows the access server privileged password. Users at privileged ports can execute all communications server commands. qualifier A parameter in a command string that modifies the command. queuing LAT. The process of putting LAT connection requests for a busy printer or service on a waiting list (queue).
remote print queue A queue on a service node. The queue holds connection requests made from the service node requesting use of a printer (remote printer) on a access server. See host-initiated request. Request To Send See RTS. retransmit limit The number of times a LAT virtual circuit message is retransmitted to a service node without an acknowledgment message. root name server A name server that is at the top level in a domain. RTS Request To Send.
service rating A value assigned to a network resource by the service node to indicate its relative capability to accept new sessions. The rating is scaled from 0 to 255, where 255 is the greatest capacity. Access servers use this rating to choose a service node when a user attempts to connect to a service that is offered by multiple service nodes. service session A session between a network resource and a terminal session on a session management terminal.
subnet identifier This is the part of the network address that is unique to the subnet. It can be determined by logically ANDing the Internet address with the subnet mask. subnet mask A 32-bit quantity that enables gateways and host computers to know which bits in the Internet address correspond to their subnet address and which correspond to their host addresses.
Terminal Device/Session Management Protocol See TD/SMP. Terminal Server Manager See TSM. terminal session A single session on a access server port that is operating under session management control. Time To Live See TTL. TFTP Trivial File Transfer Protocol. For access servers, this Internet protocol is used to downline load software from a load host to the access server. transceiver Hardware equipment that provides an electrical connection to a network cable for a network node.
UDP User Datagram Protocol. A protocol that is the part of the Internet Protocol that provides datagram service. It distinguishes between multiple destinations on a host, allowing multiple application programs executing on a host to independently exchange (send and receive) datagrams with multiple application programs on another host. User Datagram Protocol See UDP. virtual circuit A logical communications path between a access server and a service node.
Index Symbols * 4-6 /etc/add_DECserver procedure 4-2 /etc/list_DECserver procedure 4-2 /etc/rem_DECserver procedure 4-2 >>> 5-9 Numbers 3270 emulation 1-2, 18-1, 18-19 configuring 18-4 terminal 18-1 A AARP 8-6, 8-9 Abort Output (AO) 11-23, 13-12 ACCESS Device characteristic 9-2 ACCESS characteristic 9-5 Dynamic 9-5 Local 9-5 None 9-5 Remote 9-5 ACCESS DYNAMIC 21-15 Access field 23-6 Access levels 2-2 limited view 2-2 nonprivileged 2-2 privileged 2-2 secure 2-2 Access server 3270 emulation configuration 1-
address 8-2 cache size 8-3 characteristics 8-5 configuring 8-2 DDP packets 8-2 diaplaying routes 8-12 disabling 8-3 displaying counters 8-6 displaying status 8-10 echo packets 8-2 enabling 8-2 managing 8-1 network number 8-2 node number 8-2 Are You There (AYT) 11-23, 13-12 ARP entries 7-1, 7-18 ATalk Address AppleTalk ARP display 8-14 ATCP 8-2, 19-5, 19-10 Attached Hosts AppleTalk status display 8-11 Authentication 16-7 Authentication Host 22-4, 22-13 AUTOBAUD 9-2 Autoconfigure feature Domain Name System (D
executing 3-4 Commands CHANGE 1-6, 2-3 CLEAR 2-3 CLEAR/PURGE TELNET LISTENER 2-11 CONNECT 4-6, 11-11 DEFINE 1-6, 2-3 definitions 2-3 DELETE 4-5 DSV$CONFIGURE 4-4, 4-6 LIST 4-6 SERVER 4-4 SHOW 4-6 USE 4-6 HELP TUTORIAL 2-5 LIST 2-3 load hosts 4-4 logout 2-12 MODIFY 4-5 MONITOR 2-3 OPEN 11-11 privileged 2-4 PURGE 2-3 REMOVE QUEUE 11-9 SET 1-6, 2-3, 4-5 SHOW 2-3 syntax 2-2 TELNET 11-11 Communications 18-6 network LAT 1-3 Compressed SLIP (CSLIP) 15-13 Configuration 3270 emulation 1-2 ports 1-2 SLIP 1-3 system a
management 1-3 Dialback 21-15 to 21-16 Dialer 21-1 displaying status 21-10 scripts 21-6 defining 21-4 names 21-5 services changing 21-12 characteristics 21-13 defining 21-9 DIALUP characteristic 10-14 DISCONNECT commands 11-14, 12-15, 19-4 ALL 11-14 PORT 11-51 DNS 22-7 Do-Binary 11-49 Do-ECHO 11-49 Do-End of Record 11-50 Domain Name 7-8 Domain Name System (DNS) 7-7 autoconfigure utility 7-15 displaying counters 7-9 Domains Internet 7-7 name characteristic 7-8 name resolution 7-10 modes 7-12 retry limit 7-12
Last Error Appletalk status display 8-11 NCP 2-8 No Such Name 8-3 Errors framing 15-7, 17-25 overrun 17-25 parity 17-25 Ethernet 2-8, 8-14, 15-3, 17-2, 17-10 counters data link 17-10 Ethernet Address AppleTalk ARP display 8-14 Event field 23-4 GETNEXT 16-2 Group codes 11-4 H Help 2-1, 2-5, 4-8 command 2-5 HELP TUTORIAL command 1-4, 2-5 On-line accessing 1-4 example 2-5 Hop Count Errors 8-8 Hosts 2-7 gateway access 7-17 IBM Terminal emulation 18-4 Internet configuring 7-13 load commands 4-4 configuring 4-4
characteristic Changing the timeout period 9-14 SHOW SERVER display 2-6 Initialization access server 5-1 from Flash RAM image 5-5 specifying the software image name 5-5 using NCP 5-7 INITIALIZE command 5-4 DIAGNOSE option 5-6 Tests 5-6 DISABLE option 5-6 specifying the delay value 5-5 INPUT FLOW CONTROL device characteristic 9-2 Input Packets 7-9 Interactive devices 11-1 Interface AppleTalk ARP display 8-15 AppleTalk routes display 8-13 Internet 2-7, 11-43 address 2-11, 22-7 setting 7-3 SLIP hosts 15-5 AND
network communications 1-3, 17-2 networks 4-1, 11-16, 12-13, 15-11 protocol 17-2 counters 17-10 protocols 11-6 service 21-1 service node 2-8, 11-10, 12-16 Services limited view 2-2 services 1-2, 11-43, 11-46, 17-2 access configuration 12-3 configuring a computer as 12-7 configuring a modem as 12-8 configuring ports 12-2 counters 17-5 displaying characteristics 12-16 initialization 5-2 node status 17-3 preferred 11-33 enabling 11-33 printers configuring as 12-9 remote print queue 12-9 verifying 12-15 session
MODE command 21-14 MODEM CONTROL 10-3, 10-9 to 10-10, 10-12, 10-15, 10-18, 12-13, 13-5 characteristic 10-7 enabling 10-8 Modem signals 10-1, 10-3 Access server type 10-3 access server type 10-3 description 10-5 Full MODEM CONTROL 10-3 MODEM CONTROL 10-3 Modems 19-3 configuring 10-15, 12-6 Configuring as Telnet listener 13-3 dial-in 10-15 SLIP protocol 15-10 dial-out 10-16 strings 21-4 MODIFY command 4-5 MONITOR command 2-3 MOP protocol 2-7, 4-3, 4-5, 5-4, 23-6 to 23-7 MRU value 15-7 MSS 15-7 MTU value 15-7,
OUTPUT FLOW CONTROL device characteristic 9-3 Output Packets 7-9 P Packet forwarding 15-3 Packets received 15-14 Packets sent 15-14 PAP 20-8 PARITY Device characteristic 9-3 Parity errors 17-25 PASSALL 11-36 PASSCHECK characteristic 6-13 Password authentication type defining 22-25 Password fail 23-9 Password limit 2-6 characteristic 22-38 SHOW SERVER display 2-6 Password modified events 23-10 Passwords 2-12, 20-6, 22-2, 22-37 changing 22-11 Kerberos 22-8 maintenance 2-8, 2-12 resetting 2-4 service 12-5 SER
Privileged password changing 2-4 Prompts 4-4 >>> 5-9 changing 17-10 ENTER PASSCODE> 22-23 Enter username> 11-34 LOCAL> 2-6, 4-8 Local> 2-2 SecurID 22-23 Prot field 23-6 Protocols ANY 11-6 BOOTP 4-12 BOOTP/TFTP 4-2 MDS 4-2 MOP 2-7, 23-7 PPP 1-2 to 1-3, 11-6, 23-7 SLIP 1-3, 11-6, 22-16, 23-7 Telnet 22-37 TFTP 4-12 Protocols Telnet 11-6 PURGE command 2-3 Q Queue limit characteristic 6-14 SHOW SERVER display 2-6 Quote 11-23 R RADIUS 21-15 security 22-2 servers 22-1, 22-13, 22-15 Attributes Login 22-16 attribu
Response Information 6-16 Resume Output 11-44 Retransmit limit characteristic 6-15 SHOW SERVER display 2-6 RI 10-3 to 10-5, 10-9 RING characteristic 10-12 RING Indicator (RI) 10-3 to 10-4 Ring Indicator (RI) 10-5 Router Lost 8-8 RTMP 8-8 RTS 10-3, 10-5, 10-9, 10-12 to 10-13, 10-18 Rx Field 23-8 S Seconds Since Last Validated AppleTalk routes display 8-13 Secrets 22-4 SecurID 22-23 Secure access level 2-2 SecurID 22-1, 22-3, 22-24 attributes 22-25 vendor-specific 22-26 configuring ports 22-24 hosts 22-23 re
INTERNET TCP KEEPALIVE TIMER 7-19 PORT 11-14 PORT characteristics 2-7 Short DDP Errors 8-7 SHOW command INTERNET COUNTERS 7-21 SHOW commands 2-3, 8-6, 8-10 APPLETALK ROUTES 8-12 DSV$CONFIGURE 4-6 INTERNET NAME RESOLUTION 7-7 INTERNET NAME RESOLUTION COUNTERS 7-9 NODE 4-5 PORT 9-4 PORT CHARACTERISTICS 11-24 port characteristics 18-21 PORT SESSION STATUS 11-27 QUEUE ALL 11-9 SERVER 2-6, 6-4 example 2-6 SERVER STATUS 2-12 SHOW/LIST/MONITOR commands 2-3 INTERNET HOST 7-13 SHOW/MONITOR commands APPLETALK STATUS
AppleTalk ARP display 8-14 AppleTalk routes display 8-13 STOP BITS Device characteristic 9-3 Subnet mask 22-7 defaults 7-4 Subnets 15-5 routing 7-17 Suspect AppleTalk routes display 8-13 SWITCH CHARACTER characteristic 11-26 Configuring 11-27 Synch 11-23 T TCP keepalive timer 7-1, 7-19 TCP Segments 7-22 TCP/IP 4-2 TCP/IP network 10-14, 11-6, 11-11 characteristics 7-1 TCP/IP protocol 15-11 network communications 1-3 TD/SMP 11-13 Telent protocol 23-6 Telnet 2-7, 11-44, 22-16, 23-7 Telnet client configuring s
ULTRIX 4-2, 22-6 DECnet 2-7 UNIX 22-6 UNIX/OSF 4-2 UNIX/OSF/1 4-2 Unsent probes 8-6 Unsent responses 8-7 Up AppleTalk routes display 8-13 AppleTalk status display 8-11 USE command 4-6 User accounts 22-1, 22-3 changing usernames 22-11 User authentication 1-2 User field 23-8 User groups 2-3, 11-41 assigning 11-42 CLEAR/PURGE commands 2-3 command definitions 2-3 command descriptions 2-3 remote console port 2-7 SET/DEFINE/CHANGE commands 2-3 SHOW/LIST/MONITOR commands 2-3 User interface 1-2, 3-1 configuration 1
