MAX™ 6000/3000 Network Configuration Guide Part Number: 7820-0629-003 For software version 9.
Copyright© 2000, 2001 Lucent Technologies Inc. All rights reserved. This material is protected by the copyright laws of the United States and other countries. It may not be reproduced, distributed, or altered in any fashion by any entity (either internal or external to Lucent Technologies), except in accordance with applicable agreements, contracts, or licensing, without the express written consent of Lucent Technologies.
Customer Service To obtain product and service information, software upgrades, and technical assistance, visit the eSight™ Service Center at http://www.esight.com. The center is open 24 hours a day, seven days a week. Finding information and software The eSight Service Center at http://www.esight.com provides technical information, product information, and descriptions of available services. Log in and select a service. The eSight Service Center also provides software upgrades, release notes, and addenda.
Contents Customer Service ..................................................................................................................... iii About This Guide .......................................................................... xxix How to use this guide............................................................................................................ xxix What you should know .........................................................................................................
Contents Expansion slots ........................................................................................................ 3-3 Ethernet and WAN slots .......................................................................................... 3-3 How the VT100 menus relate to slots and ports on the MAX 3000............................... 3-3 System slot............................................................................................................... 3-4 T1 or E1 slot .....................
Contents Typical E1 configurations, with examples ................................................................... Using ISDN signaling............................................................................................ Using DPNSS signaling......................................................................................... Setting up a nailed connection............................................................................... Performing E1 line diagnostics.............................
Contents Configuring inverse-multiplexed WAN connections ................................................... Configuring bandwidth WAN connections .................................................................. Configuring an AIM call............................................................................................... Example of an AIM call configuration.................................................................. Configuring the FT1-B&O call ..............................................
Contents AppleTalk Options.......................................................................................................... 4-6 PPP Options .................................................................................................................... 4-7 Foundation parameters ............................................................................................ 4-7 Numeric parameters.................................................................................................
Contents OSPF Options ............................................................................................................... Authentication parameters ..................................................................................... More OSPF parameters ......................................................................................... Telco Options................................................................................................................
Contents Setting alternative name for CHAP authentication ............................................... Configuring bidirectional CHAP in RADIUS .............................................................. Setting up bidirectional CHAP in RADIUS for incoming calls ............................ Setting up bidirectional CHAP in RADIUS for outgoing calls............................. Setting up selective bidirectional CHAP with callback.........................................
Contents Base channel count ................................................................................................ 4-92 Compression .......................................................................................................... 4-92 Example of Combinet configuration............................................................................. 4-93 Configuring EU connections................................................................................................
Contents Examples of a UNI-DTE link interface .......................................................................... 5-9 Examples of a UNI-DCE link interface ........................................................................ 5-10 Examples of an NNI link interface ............................................................................... 5-12 Configuring a DLCI logical interface ..................................................................................
Contents Dialing, billing and signaling parameters................................................................ 6-3 LAPB parameters .................................................................................................... 6-3 X.25 profile parameters ........................................................................................... 6-4 X.121 and VCE Timer Val parameters ................................................................... 6-6 Example of an X.25 profile configuration ...
Contents Accounting records for each active AO/DI call .................................................... 6-41 RADIUS dial-in AO/DI profile for PAP/CHAP with a fixed IP address.............. 6-46 Changes to show users command .......................................................................... 6-47 Chapter 7 Configuring IP Fax .......................................................................... 7-1 Store-and-forward IP fax ....................................................................
Contents Subnet mask format ................................................................................................. 9-2 Zero subnetworks .................................................................................................... 9-3 IP routing table................................................................................................................ 9-4 MAX IP interfaces ..........................................................................................................
Contents Macintosh software................................................................................................ TCP/IP software configuration .............................................................................. Examples of WAN interface configuration .................................................................. Configuring dynamic address assignment to a dial-in host ................................... Configuring a host connection with a static address ..........................
Contents Chapter 11 Setting Up Virtual Private Networks............................................ 11-1 Introduction to Virtual Private Networks............................................................................. 11-1 Configuring ATMP tunnels ................................................................................................. 11-2 How the MAX creates ATMP tunnels.......................................................................... 11-2 Setting the UDP port......................
Contents Using Tunnel Options to support tunneling protocols ....................................................... SNMP MIB for L2TP Added............................................................................................. Configuring Virtual Routers .............................................................................................. Background ................................................................................................................. Current limitations .........
Contents Chapter 13 AppleTalk Routing ........................................................................ 13-1 Introduction to AppleTalk routing ....................................................................................... When to use AppleTalk routing.................................................................................... Reducing broadcast and multicast traffic ..............................................................
Contents IPX filters .............................................................................................................. 15-4 Specifying a filter’s direction ....................................................................................... 15-5 Specifying a filter’s forwarding action ......................................................................... 15-6 Defining generic filters ........................................................................................................
Figures Figure 2-1 Figure 2-2 Figure 3-1 Figure 3-2 Figure 3-3 Figure 3-4 Figure 3-5 Figure 3-6 Figure 4-1 Figure 4-2 Figure 4-3 Figure 4-4 Figure 4-5 Figure 4-6 Figure 4-7 Figure 4-8 Figure 4-9 Figure 4-10 Figure 4-11 Figure 4-12 Figure 4-13 Figure 4-14 Figure 4-15 Figure 4-16 Figure 4-17 Figure 4-18 Figure 4-19 Figure 5-1 Figure 5-2 Figure 5-3 Figure 5-4 Figure 5-5 Figure 5-6 Figure 5-7 Figure 5-8 Figure 5-9 Figure 5-10 Figure 5-11 Figure 5-12 Figure 6-1 Figure 6-2 Figure 6-3 Figure 6-4 Using the MAX as
Figures Figure 6-5 ISDN packet mode .......................................................................................... 6-29 Figure 6-6 T3POS setup ................................................................................................... 6-30 Figure 6-7 Example of a T3POS configuration ................................................................ 6-31 Figure 7-1 Incoming IP fax from fax machine to Internet ..................................................
Figures Figure 15-2 Call filters prevent certain packets from resetting the timer ...........................
Tables Table 2-1 Table 4-1 Table 4-2 Table 4-3 Table 4-4 Table 6-1 Table 6-2 Table 6-3 Table 6-4 Table 6-5 Table 6-6 Table 8-1 Table 8-2 Table 8-3 Table 8-4 Table 9-1 Table 9-2 Table 11-1 Table 11-2 Table 11-3 Table 11-4 Table 11-5 Table 11-6 Table 14-1 Table 14-2 Where to go next .............................................................................................. 2-9 Full-group ordering of slot and port numbers................................................ 4-105 Example of sorting order ......
About This Guide How to use this guide This guide explains how to configure and use the MAXTM as an Internet Service Provider (ISP) or telecommuting hub. Chapter 1, “Introduction,” begins with a condensed table of contents, followed by an overview of the manual’s contents. Each subsequent chapter begins with a chapter table of contents, followed by a brief overview of the chapter’s contents. Read the overview sections if you are not sure about which information applies to your installation.
About This Guide MAX 6000/3000 Series documentation set Convention Meaning [] Square brackets indicate an optional argument you might add to a command. To include such an argument, type only the information inside the brackets. Do not type the brackets unless they appear in boldface. | Separates command choices that are mutually exclusive. > Points to the next level in the path to a parameter or menu item.
About This Guide MAX 6000/3000 Series documentation set The MAX 6000/3000 documentation set is available on the Documentation Library CD-ROM included with your MAX unit, and on either CD-ROM or paper from the online bookstore (http://www.lucent.com/ins/bookstore).
Introduction 1 Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Chapter 2: Configuration Concepts and Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Chapter 3: Configuring WAN Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 Chapter 4: Configuring Individual WAN Connections . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Chapter 5: Configuring Frame Relay. . .
Introduction faxes. Your IP routing configuration can use Routing Information Protocol (RIP) or the newer Open Shortest Path First (OSPF) protocol, which addresses many of RIP’s limitations. If you have Novell Netware clients and servers, you can configure the MAX for Internetwork Packet eXchange (IPX) routing. Similarly, you can configure it for AppleTalk routing. If you need to use a protocol that cannot be routed, the MAX supports transparent bridging as an alternative.
Configuration Concepts and Profiles 2 Using the MAX as an ISP or telecommuting hub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Overview of MAX configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 MAX profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7 Where to go next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuration Concepts and Profiles Using the MAX as an ISP or telecommuting hub Figure 2-1 shows a typical ISP configuration with three POPs. Each POP has at least one MAX on an Ethernet LAN that also includes another Internet router, which could be, for example, a Lucent GRF 400 router. Figure 2-1.
Configuration Concepts and Profiles Overview of MAX configuration Figure 2-2. Using the MAX as a telecommuting hub Pipeline 25 Corporate headquarters Pipeline 400 Telecommuter Frame Relay line LAN Remote office Switched 56 WAN Pipeline 50 MAX ISDN BRI line Customer site LAN Analog line Modem LAN Traveling user In this sample network, a telecommuter in a home office uses a Pipeline 25 and Frame Relay to log in to the corporate LAN.
Configuration Concepts and Profiles Overview of MAX configuration Creating a network diagram Lucent strongly recommends that, after you have read these introductory sections, you diagram your network and refer to the diagram while configuring the MAX unit. Creating a comprehensive network diagram helps prevent problems during installation and configuration, and can help in troubleshooting any problems later.
Configuration Concepts and Profiles Overview of MAX configuration Feature Description Caller-ID and called-number authentication You can restrict who can access the MAX, by verifying the caller-ID before answering the call. You can also use the called number to authenticate and direct the call. Authentication servers You can off load the authentication responsibility to a RADIUS or TACACS server on the local network.
Configuration Concepts and Profiles Overview of MAX configuration Using IPX routing (NetWare 3.11 or later) The MAX can operate as an IPX router, linking remote NetWare LANs with the local NetWare LAN on the Ethernet network. IPX routing has its own set of concerns related to the client-server model and user logins. For example, users should remain logged in for some period even if the connection has been brought down to save connection costs.
Configuration Concepts and Profiles MAX profiles A PPTP session occurs between the MAX and a Windows NT server over a special TCP control channel. Either end might initiate a PPTP session and open the TCP control channel. Note that opening a PPTP session does not mean that a call is active. It simply means that a call can be placed and received. MAX profiles A profile is a group of related parameters and always appears as a menu item in the VT100 interface.
Configuration Concepts and Profiles MAX profiles 4 Select 1 to load the profile. Profile loaded as current profile appears. The newly activated profile reappears. Saving a profile When you exit a profile after changing any of the settings, you are prompted to accept or discard the changes. You must select the accept option if you want to retain the new settings.
Configuration Concepts and Profiles Where to go next Using session accounting Both RADIUS and TACACS+ enable administrators to keep track of connection statistics, usually for billing purposes. For details on session accounting see the TAOS RADIUS Guide and Reference. Where to go next When you have planned your network, you are ready to configure the MAX. The flexibility of the MAX and its ever-increasing number of configurations means there is no set order for configuration.
Configuring WAN Access 3 Introduction to WAN configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Configuring T1 lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 Configuring E1 lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19 Configuring the serial WAN port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring WAN Access Introduction to WAN configuration Introduction to WAN configuration To configure a MAX unit, you set parameters in the VT100 menus. (For a description of navigating the interface, see the Installation and Basic Configuration Guide for your MAX.) Many of the menus and submenus include profiles, which are groups of related parameters. To begin setting the parameters, you must understand how the VT100 menus relate to slots and ports.
Configuring WAN Access Introduction to WAN configuration 10-000 Net/T1 or Net/E1 10-100 Line Config 10-200 Line Diag 20-000 Net/T1 or Net/E1 20-100 Line Config 20-200 Line Diag Expansion slots The six expansion slots are slots 3–8 (menus 30-000 through 80-000), numbered as shown in Figure 3-1. (Before installing an expansion card, be sure to read any instructions that might be packaged with the card.) Ethernet and WAN slots Slot 9 is the Ethernet slot (menu 90-000).
Configuring WAN Access Introduction to WAN configuration System slot The system itself is assigned to slot 0 (menu 00-000). The System menu contains the following profiles and submenus, which are all related to systemwide configuration and maintenance: 00-000 System 00-100 Sys Config 00-200 Sys Diag 00-300 Security 00-400 Feature Codes 00-500 Destinations 00-600 Dial Plan T1 or E1 slot The physical built-in T1 or E1 line interfaces are assigned to slot 1 (menu 10-000).
Configuring WAN Access Introduction to WAN configuration Assigning telephone numbers A MAX unit receives calls on telephone numbers assigned to its T1 or E1 and (if applicable) Net/BRI channels. Each number has a limit of 24 characters, which can include the following: 1234567890()[]!z-*#| To assign the numbers, you must understand add-on numbers, hunt groups, and Service Profile Identifiers (SPIDs). Add-on numbers You build multichannel calls (MP, MP+, AIM, or BONDING) by specifying add-on numbers.
Configuring WAN Access Introduction to WAN configuration Hunt groups A hunt group is a group of channels to which the carrier assigns a single telephone number. When a call comes in on that number, the Central Office switch delivers the call to the first available channel. Because channels in a hunt group share a common telephone number, the add-on numbers in the profile are the same. Note: If all of a line’s channels have the same add-on number, you can leave the telephone number assignment blank.
Configuring WAN Access Configuring T1 lines channel routes inbound calls and places outbound calls. For details, see “Configuring inbound calls” on page 3-59 and “Configuring outbound calls” on page 3-69. Configuring T1 lines A MAX 6000 unit that supports T1 lines has two T1 slots, each of which supports two T1 lines. Configure a Line Config profile for each of the two slots. You can also configure additional Line Config profiles, but only one can be active for a given slot at a given time.
Configuring WAN Access Configuring T1 lines Connecting to the Central Office switch To configure a line’s connection to the Central Office switch, open the Net/T1 > Line Config > Line Config profile > Line N subprofile for the line and set the following parameters: Parameter Specifies Sig Mode The signaling type for the line. NFAS ID Num An interface ID number for a line using Non-Facility Associated Signaling (NFAS). Each NFAS line must have a different ID number.
Configuring WAN Access Configuring T1 lines If you set Sig Mode to Inband signaling (also called robbed-bit signaling), you must set the Rob Ctl parameter to specify a call-control mechanism. For additional information, consult your carrier. Switch-specific settings Set the Switch Type parameter to specify the network switch providing ISDN service on the T1/PRI line. The carrier supplies the setting.
Configuring WAN Access Configuring T1 lines Ans Service A data service (voice, for example). Any call that uses the specified data service will be routed to line 2. This parameter can be used as an alternative to Ans # when the second line’s signaling mode is PBX T1. (For more information, see “Configuring inbound calls” on page 3-59 and “Configuring outbound calls” on page 3-69.
Configuring WAN Access Configuring T1 lines Following are the parameters you set in the Net/T1 > Line Config profile > Line N > Net2Net Incoming Calls profile: Parameter Specifies Ch N A switched connection for MAXDAX. That is, you must set Ch N to Switched. Ch N Dest ChanGroup The channel group number to which the MAX unit directs outbound calls. Ch N Dial Plan # A Dial Plan profile for the calls received by this channel.
Configuring WAN Access Configuring T1 lines Hunt-N # A hunt-group number (a telephone number) associated with the T1 line in a specific Line N profile. Your carrier assigns the huntgroup number. For detailed information about each parameter, see the MAX Reference. The Ch N parameters are repeated for each channel in the line. (There are 23 channels if you use PRI signaling and 24 channels if you use robbed-bit signaling.
Configuring WAN Access Configuring T1 lines Configuring a line for ISDN PRI service When configuring ISDN PRI service for a MAX unit, you must configure ISDN signaling for the line. Optionally, you can configure the unit to send either ISDN code 16 (Normal call clearing) or code 17 (User busy) when the PRI switch servicing the unit triggers the T310 timer. Also, you can configure overlap receiving if you want the unit to obtain complete called-number information from the network switch.
Configuring WAN Access Configuring T1 lines To use the MAX ISDN Pre-T310 timer, it must be set to a time period less than that of the T310 timer on the switch. Then, after the MAX unit’s Pre-T310 timer expires but before the switch’s T310 timer expires, the MAX sends ISDN code 17 (User busy) and clears the call. Note: Only calls presented on T1/PRI lines support the Pre-T310 timer feature.
Configuring WAN Access Configuring T1 lines Ethernet Mod Config Auth Timeout Busy=No Configuring robbed-bit signaling For robbed-bit signaling, set the line you are configuring to Trunk service, and set the signaling mode and the robbed-bit control mechanism. To configure a T1 line for robbed-bit signaling, proceed as follows: 1 Open a Net/T1 > Line Config > Line Config profile and, depending on which line you are configuring, set the 1st Line or 2nd Line parameter to Trunk.
Configuring WAN Access Configuring T1 lines channel is used only if the primary line goes down or if it receives a signal commanding a change to the other D channel. Note: On a MAX 6000 unit, both lines must be connected to the same slot. Also note that if you were to configure both slots for NFAS signaling, you would have to assign different ID numbers to the lines in the second slot.
Configuring WAN Access Configuring T1 lines Encoding=AMI Send Disc=0 Overlap Receiving=Yes Enabling a robbed-bit PBX with PRI access lines (PRI-to-T1 conversion) If your WAN uses ISDN PRI signaling on its T1 lines, a MAX unit can convert the signaling to standard T1 for use with a PBX. With this configuration, the MAX emulates a WAN switch, such as a Lucent 5ESS, connected to the PBX. Note: In most cases, you cannot use this feature in combination with digital modems.
Configuring WAN Access Configuring T1 lines Call by Call The ISDN PRI call-setup request to add to calls dialed out from the PBX. For more information about each parameter, see the MAX Reference. Other considerations for PRI-to-T1 conversion On a MAX unit with multiple lines configured for ISDN (PRI), each outgoing call from the PBX uses the first channel available on any PRI line.
Configuring WAN Access Configuring E1 lines Nailed, and set the Ch N Prt/Grp parameter to specify the channel’s group number. For example: Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch 1=Nailed 1 Prt/Grp=3 2=Nailed 2 Prt/Grp=3 3=Nailed 3 Prt/Grp=3 4=Nailed 4 Prt/Grp=3 5=Nailed 5 Prt/Grp=3 In a Connection profile, you can use this permanent link by setting the Group parameter to specify the nailed channels’ group number.
Configuring WAN Access Configuring E1 lines Setting the general parameters To begin creating a new E1-line configuration, open the Net/E1 > Line Config menu and display an available profile: Net/E1 Line Config Line Config profile Name= 1st Line= 2nd Line= back-to-back= Line 1... Line 2... Line 3... Set the Name parameter to assign a descriptive name to the configuration. (You can configure multiple profiles for the same slot and activate a profile when it is needed.
Configuring WAN Access Configuring E1 lines If you set Sig Mode to ISDN_NFAS, you can also establish an interface ID or NFAS ID number for this type of signaling. You must specify a different interface ID for each NFAS line. If you set Sig Mode to Inband signaling (also called robbed-bit signaling), you must set the Rob Ctl parameter to specify a call-control mechanism. Switch-specific settings Set the Switch Type parameter to specify the network switch providing ISDN service on the E1/PRI line.
Configuring WAN Access Configuring E1 lines Defining settings for DPNSS signaling on DASS 2 switches If you are connecting a MAX unit to a standard DPNSS or DASS2 switch, you do not have to change the DPNSS/DASS2 settings. But connection to a nonstandard switch could require changes in these settings. Also, if you connect two units back-to-back, you have to change settings for the unit that acts as the network (PBX) side.
Configuring WAN Access Configuring E1 lines L3 End=x-side L2 End=b-side NL Value=64 LoopAvoidance=7 5 Exit the profile and, at the exit prompt, select the exit and accept option.
Configuring WAN Access Configuring E1 lines Using MAXDAX MAXDAX enables you to route incoming calls from PRI lines to specific outgoing channels on the same or different PRI lines. To implement MAXDAX, you must set parameters in the Net2Net Incoming Calls and Net2Net ChanGroup ID profiles. In the Net2Net Incoming Calls profile, you define parameters used in configuring channels on which the MAX unit receives incoming calls.
Configuring WAN Access Configuring E1 lines Following are the relevant parameters, which are in each Net/E1 > Line Config > Line Config profile > Line N subprofile. (In the parameter names, N represents a number distinguishing an individual parameter from other parameters of the same type). Parameter Specifies Ch N Type of connection that uses the channel. Ch N # Any add-on telephone number associated with a switched channel only.
Configuring WAN Access Configuring E1 lines Using ISDN signaling To configure an E1/PRI line for ISDN signaling in Belgium, the Netherlands, Switzerland, Sweden, Denmark, or Singapore: 1 Open the Net/E1 > Line Config > Line Config profile > Line N subprofile for the line you are configuring, and set the Sig Mode parameter to ISDN. For example: Net/E1 Line Config Line Config profile Line 1...
Configuring WAN Access Configuring E1 lines If the profile you have configured is not the active profile, activate it as described in “Activating a profile” on page 2-7. Setting up a nailed connection The number of nailed channels must be the same at both ends of the connection, but the channel assignments do not have to match.
Configuring WAN Access Configuring E1 lines Performing E1 line diagnostics A MAX unit’s software provides the following E1 diagnostic commands: Net/E1 Line Diag Line LB1 Line LB2 You can use these commands to test the line configuration. For detailed information about each parameter, see the MAX Reference. Network Terminating (NT) support for European ISDN PRI You can configure MAX units as Network Terminating (NT) devices for European ISDN E1/PRI connections.
Configuring WAN Access Configuring the serial WAN port Configuring the serial WAN port A MAX unit has a built-in V.35 serial WAN DB-44 port. A serial WAN port provides a V.35/RS-449 WAN interface that typically connects to a Frame Relay switch. To configure the serial WAN port, open the Serial WAN > Mod Config profile and set the following parameters: Parameter Specifies Module Name A descriptive name for the interface. (This parameter is optional.
Configuring WAN Access Configuring digital modems Serial WAN Mod Config Module Name=wan-serial Nailed Grp=3 Activation=Static Ethernet Frame Relay NNI Name=NNI Active=Yes Call Type=Nailed FR Type=NNI Nailed Grp=3 ... Configuring digital modems A digital modem is a device that connects to a digital line (such as an ISDN line) and communicates with a modem that is connected to an analog line at the other end of the connection.
Configuring WAN Access Configuring digital modems ascend% show modems slot:item 8:0 8:1 8:2 8:3 8:6 8:7 8:10 8:11 modem 1 2 3 4 5 6 7 8 status idle idle idle idle idle idle idle idle 12-MOD modem numbering Modems in the 12-MOD K56Flex modem card are numbered 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13.
Configuring WAN Access Configuring digital modems Following are the parameters that appear for most of the cards available on the MAX unit: Parameter Specifies Module Name Your descriptive name for the Mod Config subprofile. (This parameter is optional. Functionality is not affected if you do not enter a value.) Ans N# Telephone number for incoming-call routing. When the MAX receives calls to this telephone number, it routes the call to the first available modem.
Configuring WAN Access Configuring V.110 modems Configuring V.110 modems A V.110 card, on a MAX 6000 or a MAX 3000 provides eight V.110 modems that each enable the MAX unit to communicate with an asynchronous device over synchronous digital lines. An asynchronous device such as an ISDN modem encapsulates its data in a V.110 protocol. A V.110 modem removes the V.110 encapsulation and enables an asynchronous session (a terminal-server session). To configure a V.
Configuring WAN Access Configuring Personal Handyphone System (PHS) Configuring Personal Handyphone System (PHS) Personal Handyphone System (PHS) is a mobile telephone service currently offered in Japan and other Asian countries only. In addition to voice communication, PHS offers data communication at a bandwidth of 32 Kbps, and can thus provide Internet access as well as voice service. A MAX unit supports PHS through PHS slot cards, each of which supports 8 or 16 concurrent PHS users.
Configuring WAN Access Configuring ISDN BRI network cards have to assign a profile name and set a couple of other parameters that apply to the entire profile, but most parameters are specific to a single line. You have to open each Line N subprofile and set a few basic operational parameters, parameters for configuring the B channels, and parameters for configuring add-on numbers and SPIDs.
Configuring WAN Access Configuring ISDN BRI network cards Configuring the B channels Each BRI line has two B channels for user data and one D channel for signaling. To configure the B channels, open a Net/BRI > Line Config profile, then open the line’s Line N subprofile and set the following parameters: Parameter Specifies B1 Usage Usage (Switched, Nailed, or Unused) of the first B channel. B2 Usage Usage (Switched, Nailed, or Unused) of the second B channel.
Configuring WAN Access Configuring ISDN BRI network cards BRI channels in the same trunk group. For details, see “Configuring outbound calls” on page 3-69. Configuring add-on numbers and SPIDs The Pri Num and Sec Num parameters define additional telephone numbers for multichannel calls, and SPIDs identify services provisioned for your ISDN line. For more details about add-on numbers and SPIDs, see “Assigning telephone numbers” on page 3-5.
Configuring WAN Access Configuring ISDN BRI network cards 9 Close the Line 1 subprofile and proceed to configure the other seven lines, repeating step 5 through step 9 for each line. 10 Exit the profile and, at the exit prompt, select the exit and accept option. If the profile you have configured is not the active profile, activate it as described in “Activating a profile” on page 2-7.
Configuring WAN Access Configuring ISDN BRI network cards 4 Exit the profile and, at the exit prompt, select the exit and accept option. 5 Open the Net/BRI > Line Config > Line Config profile > Line 1 subprofile. 6 Set the B1 Trnk Grp and B2 Trnk Grp parameters to assign both of the line’s channels to trunk group N. 7 Repeat this trunk-group setting for the remaining BRI lines (lines 2–8), so that all BRI lines are in the same trunk group.
Configuring WAN Access Configuring Host/BRI lines InOctets and OutOctets show the number of bytes received by the answering device and transmitted by the calling device, respectively. Note: When an ISDN call disconnects in Germany, the ISDN switch sends call billing information to the call originator as part of the call tear-down process. For lines that use the German 1TR6 switch type, you can access ISDN call charges in the Ascend Enterprise MIB through SNMP management utilities.
Configuring WAN Access Configuring Host/BRI lines Ans N# Telephone number for call routing.This number routes incoming WAN calls to the local BRI lines connecting to the Host/BRI card. (For details, see “Configuring outbound calls” on page 3-69.) For detailed information about each parameter, see the MAX Reference. Typical Host/BRI configurations, with examples Ally has a personal computer connected to a Pipeline 85™ unit. The Pipeline 85 connects to a port on a MAX unit’s Host/BRI card.
Configuring WAN Access Configuring Host/BRI lines Enabling the device to make outbound calls Jim’s setup is similar to Ally’s, but he needs to access the Internet, so you must configure the MAX unit to enable outbound calls. Proceed as follows: 1 Open System > Sys Config and enable trunk groups systemwide. 2 Exit the profile and, at the exit prompt, select the exit and accept option.
Configuring WAN Access Configuring IDSL connections Configuring local BRI-to-BRI calls To enable trunk groups: 1 Open System > Sys Config and set Use Trunk Grps to Yes to enable trunk groups systemwide. 2 Exit the profile and, at the exit prompt, select the exit and accept option. 3 Open the Host/BRI > Line Config > Line Config profile > Line N subprofile for the line you are configuring, and set the Dial Plan parameter to Trunk Grp to specify the use of trunk groups.
Configuring WAN Access Configuring IDSL connections When you are ready to configure the IDSL connections, set the following parameters in each BRI/LT > Line Config >Line Config profile > Line N subprofile: Parameter Specifies Enabled Availability of the line. If you set the Enabled parameter to No, the line is not available for use. Dial Plan Whether the port uses trunk groups or the extended dial plan to send and receive calls.
Configuring WAN Access Configuring IDSL connections channel for calls to and from the specified slot or port. For details, see “Configuring inbound calls” on page 3-59 and “Configuring outbound calls” on page 3-69. Note: You cannot control whether an incoming call rings on the first or second B channel, so set the BN Slot parameters to identical values. With a nailed channel, BN Prt/Grp is a Group number. To make use of this nailed connection, the Group number is referenced in a Connection or call profile.
Configuring WAN Access Configuring IDSL connections The unit receives outgoing call requests from the device connected to the IDSL card and routes voice calls to the Public Switched Telephone Network (PSTN) over a T1 line or ISDN PRI line. The unit receives incoming voice calls on any attached T1 or PRI line, and uses Dialed Number Identification Service (DNIS) to route the calls to devices connected to IDSL cards.
Configuring WAN Access Configuring IDSL connections To instruct the unit to route calls to the IDSL card on the basis of the called number: 1 Open a BRI/LT > Line Config > Line Config profile > Line N subprofile. 2 Set Ans 1#, Ans 2#, or both to the called number that is dialed to reach the end user’s TE. The Central Office (CO) switch must support DNIS, because the unit matches the DNIS number of the incoming call to numbers specified by Ans N# parameters.
Configuring WAN Access Configuring Host/AIM6 and Host/Dual ports 3 Select the Line LoopBack command and press Enter. 4 In the confirmation dialog box that appears, select 1=Line N LB. While the line loops back, normal data transfer is disrupted. 5 Press Escape to cancel the loopback. In a local loopback test, data originating at the local site loops back to its originating port without going out over the WAN.
Configuring WAN Access Configuring Host/AIM6 and Host/Dual ports software. Make sure that your call-routing configuration accommodates calls destined for the local Ethernet network. (For details, see “Configuring inbound calls” on page 3-59 and “Configuring outbound calls” on page 3-69.
Configuring WAN Access Configuring Host/AIM6 and Host/Dual ports Parameter Specifies RS-366 Esc Escape character the MAX uses during RS-366 ext2 dialing or during X.21 ext2 dialing. Early CD When the MAX unit is to activate the Carrier Detect (CD) signal at the AIM port. When the unit receives a signal indicating that a sender has data to transmit, it activates the CD signal.
Configuring WAN Access Configuring Host/AIM6 and Host/Dual ports Ans 1#=1212 Ans 2#=1213 Ans 3#=1214 Ans 4#=1215 Dial=RS-366 ext1 Answer=Auto Clear=Terminal Port diagnostics After configuring port, you can perform a local loopback test to verify the configuration. Select the Host/AIM6 (or Host/Dual) > PortN Menu > Port Diag > Local LB command. When you press the Right Arrow (or Enter) key to select the command, the serial host port begins looping back toward the serial host.
Configuring WAN Access Configuring Host/AIM6 and Host/Dual ports Parameter Specifies Palmtop Whether the MAX enables or disables access to inverse multiplexing ports through the palmtop controller. Palmtop Port # Inverse multiplexing port to which a palmtop port has access if palmtop access is restricted. Palmtop Menus Whether the user of a palmtop controller connected to a palmtop port has access to the standard set of menus, the command-line interface, or the simplified menus.
Configuring WAN Access Configuring Host/AIM6 and Host/Dual ports Configuring inverse-multiplexed WAN connections To configure inverse-multiplexed WAN connections, you not only set parameters based on the provisioning of the line but also parameters that are defined in the specifications you receive from the service provider’s Central Office (CO). The parameters are in call profiles, which are the profiles in the Host/AIM6 (Host/Dual) > PortN Menu > Directory menu.
Configuring WAN Access Configuring Host/AIM6 and Host/Dual ports Parameter Specifies Call-by-Call PRI service to use when using a Dial Plan, Connection or call profiles to place a call. To set this parameter, contact your service provider, who will supply you with the correct services information. (For the definition of call profile, see “Assigning nailed channels to groups” on page 3-12.) Bill # Telephone number to be used either as a billing suffix or the calling party number.
Configuring WAN Access Configuring Host/AIM6 and Host/Dual ports Parameter Specifies Dyn Alg The algorithm to use for calculating Average Line Utilization (ALU) over the number of seconds specified by the Sec History parameter. Sec History A time period, in seconds, that serves as the basis for calculating ALU.
Configuring WAN Access Configuring Host/AIM6 and Host/Dual ports 4 Set Base Ch Count to specify the base number of channels and set Inc Ch Count and Dec Ch Count to specify the number of channels to be added or subtracted, respectively, when bandwidth requirements change. 5 Set the bandwidth parameters, as described in “Configuring bandwidth WAN connections” on page 3-54. 6 Exit the profile and, at the exit prompt, select the exit and accept option.
Configuring WAN Access Configuring Host/AIM6 and Host/Dual ports 4 Specify the Group number for the nailed channels. 5 Set the FT1 Caller parameter to Yes to specify that the MAX unit initiates the call. If the other end of the link initiates the call, set this parameter to No. Only one side of the link can initiate the call for FT1-AIM or FT1-B&O calls. 6 Exit the profile and, at the exit prompt, select the exit and accept option.
Configuring WAN Access Configuring Host/AIM6 and Host/Dual ports Example of configuring a single-channel call Host/AIM6 Port3 Menu Directory terminal-adaptors Name=terminal-adaptors Dial #=241 Call Type=1 Chnl Configuring a dual-port call In a dual-port call, two inverse multiplexing ports on the MAX unit connect the call to the serial host. The two ports are a primary port and a secondary port.
Configuring WAN Access Configuring inbound calls 3 Set Call Type to 2 Chnl: Call Type=2 Chnl 4 Exit the profile and, at the exit prompt, select the exit and accept option. Configuring inbound calls When a MAX unit receives a call on a WAN line, it performs CLID or DNIS authentication (if available and configured), and answers the call.
Configuring WAN Access Configuring inbound calls System Sys Config Sub-Adr=Routing Serial=0 LAN=0 DM=0 V.110=4 Specifying answer numbers for destination host ports If the MAX unit does not find an ISDN subaddressing, it checks for answer-number specifications. If it finds a matching answer number, it uses that number to route the call. If not, the unit goes on to the next comparison. Each host port can specify one or more answer numbers.
Configuring WAN Access Configuring inbound calls Ans 2#=1237 Ans 3#=1238 Ans 4#=1239 Note: When a MAX unit has more than one digital modem slot card installed, the cards and modems form a pool, and any modem can answer a call routed to any digital modem slot. Specifying host ports’ slot and port numbers in WAN channel configurations A MAX unit checks for slot and port number specifications. If a slot is specified for the channel on which the call arrives, it uses it to route the call.
Configuring WAN Access Configuring inbound calls • 3–8 represent expansion slots. When looking at the back panel of the unit, slot 3 is the bottom slot in the left bank of slots, followed by 4 and 5 in ascending order. Slot 6 is the bottom right slot, followed by 7 and 8 in ascending order. • 9 represents the LAN. The unit routes calls to the bridge/router module.
Configuring WAN Access Configuring inbound calls 1 The unit compares the value specified for the DNIS #N Max Calls parameter to the number of calls that have already dialed the called number and are still active. If the maximum has been reached, the unit rejects the call. 2 If the call is a modem call, the unit compares the value specified for the DNIS #N Max Modem parameter to the number of active modem calls made to the called number. If the maximum has been reached, the unit rejects the call.
Configuring WAN Access Configuring inbound calls 4 Set the DNIS #N Max Calls parameter to specify the total number of simultaneous V.110, HDLC, and modem calls to the called number specified by DNIS #N. Note: You must set the DNIS #N Max Calls parameter even if you configure the unit to limit calls on the basis of modem, V.110, or HDLC calls. 5 Set DNIS #N Max Modem if you want to limit the number of simultaneous modem calls to the called number specified by DNIS #N.
Configuring WAN Access Configuring inbound calls • Unspecified Max HDLC=0 • Unspecified Max V110=0 Limiting all calls that do not specify a DNIS number To specify that the MAX unit accepts twenty calls, of any type, that do not specify a DNIS number, set the following parameters as shown: • Unspecified Max Calls=20 • Unspecified Max Modem=20 • Unspecified Max HDLC=20 • Unspecified Max V110=20 Limiting V.
Configuring WAN Access Configuring inbound calls Incoming call routing state diagram The following pages show detailed state information about inbound call routing in the MAX unit. To understand these charts, you should be familiar with the parameters referenced in many of the steps.
Configuring WAN Access Configuring inbound calls Does Sub-Adr=TermSel? No Yes No Does call have ISDN subaddress? Do not answer. Yes Is call received on a channel whose telephone number parameter Yes (Ch N #, Pri Num, Sec Num) does not match the called number? Do not answer. Telephone number matches or called number not provided. Determine if call is net-to-net: See MAXDAX section. Is the MAXDAX call net-to-net? If Sub-Adr=Routing and the called number has an ISDN subaddress that matches setting of V.
Configuring WAN Access Configuring inbound calls From preceding page “A” Perform the following Ans N# steps without including the subaddress in the From preceding page: “B” Does called number with subaddress match Ans N# in the Ethernet (Mod Config) profile? Yes Is bridge/router module available? Yes Route call to it. No Does called number with subaddress match Ans N# in a LAN Modem profile? Yes Is a digital modem available? No Yes Route call to it. No Yes Does called number with Is a V.
Configuring WAN Access Configuring outbound calls From preceding page Are both true: Excl Routing=No and the slot parameter (Ch N Slot, B1 Slot, B2 Slot)=0 or null? Is bearer service of call Voice and are digital modems installed? No Yes No Is bearer service of call V.110? Yes Reject call. Route to any available digital modem. If none available, reject call. Route to any V.110 module. If none available, reject call.
Configuring WAN Access Configuring outbound calls Dialing through trunk group 2 (local port-to-port calls) Use trunk group 2 for port-to-port calls within the MAX system. When 2 is the first digit in a three-digit dial number, the MAX unit interprets the second and third digits as the slot and port number of the called port. The second digit can be 0 or any number from 3 to 8. If it is zero, the call goes to any available AIM port (the third digit is ignored in this case).
Configuring WAN Access Configuring outbound calls use different numbering. An actual display would include a profile number for the Destination profile named outdial-1 in the example above.) Destination profiles let you instruct the unit to use the first available channels to place the call, or to try one trunk group first, followed by another if the first is unavailable. For example, if the Destination profile has Option set to 1st Avail, the unit takes the first available channels for the call.
Configuring WAN Access Configuring outbound calls Ethernet Connections Connection profile Dial #=5-555-1212 Host/AIM6 (or Host/Dual) PortN Menu Directory call profile Dial #=4-555-1217 Host/BRI Line Config Line Config profile Line N... Dial Plan=Trunk Grp If Dial Plan=Trunk Grp in the Mod Config > WAN Options profile, and Dial # has a single-digit dialing prefix from 4 to 9 in a Connection or call profile, the unit places the call through channels in that trunk group.
Configuring WAN Access Configuring outbound calls Dial Plan=Extended Dial #=806-212-555-1217 Ethernet Mod Config WAN Options... Dial Plan=Extended Ethernet Connections Connection profile Dial #=806-212-555-1212 With the dialing prefix 806, the first digit is a trunk-group number and the next two digits instruct the unit to read Dial Plan profile 6. Placement of the call uses channels in trunk group 8 and the PRI settings in Dial Plan profile 6.
Configuring WAN Access Configuring MAXDAX If the outbound call originates from a terminal adapter connected to a Host/BRI or BRI/LT port, the call originates from the slot and port of the Host/BRI or BRI/LT card. If the outbound call originates from a terminal server user dialing out through a digital modem, the digital modem slot is the source of the call. (No matter where the call originates, if it goes out through a digital modem, the digital modem slot is the source of the call.
Configuring WAN Access Configuring MAXDAX • Channel-specific Dial Plan profile—The unit routes a call received on a specific channel to a channel assigned to the configured destination channel-group, and to a specified Dial Plan profile. The Dial Plan profile either contains a dial number for the outgoing call or enables you to specify digits that the unit prepends to the incoming calls’s called number.
Configuring WAN Access Configuring MAXDAX Figure 3-4. MAXDAX call routing MAX makes call, on first available channel assigned to specified channel group, using Dial Plan profile specified by the leading digit (or two) of the called number. MAX receives a call on line A, channel N.
Configuring WAN Access Configuring MAXDAX channel you configure, the Ch N parameter to Switched and the Ch N ChanGroup parameter to a value from 1–65536. These parameters function as follows: Parameter How it’s used Ch N N is a number representing a channel. For each channel used for outbound calls, you must set Ch N to Switched, or MAXDAX does not function. Ch N ChanGroup Assigns channel to a group.
Configuring WAN Access Configuring MAXDAX Configuring the MAX unit to directly map channels To configure the MAX unit to map incoming calls to outgoing channel groups, without specifying a Dial Plan profile: 1 Open Net/T1 (E1) > Line Config > Line Config profile > Line N > Net2Net Incoming Calls. 2 For each incoming channel you configure: 3 – Set the Ch N parameter to Switched.
Configuring WAN Access Configuring MAXDAX 4 Set the PRI # Type parameter to the type of telephone number the unit dials for the outgoing call: – National specifies telephone numbers within the United States. – Intl specifies telephone numbers outside the United States. – Local specifies telephone numbers within your Centrex group. – Inherit specifies the same PRI # Type value assigned to the incoming call. PRI # Type does not apply to outbound calls on inband T1 lines.
Configuring WAN Access Configuring MAXDAX – 3 Set the Ch N #DialPlanSelDigits parameter to either 1 or 2. The MAX unit strips the number of leading digits you specify, and uses them to identify the Dial Plan profile for the outgoing call. When finished with the Net2Net Incoming Calls profile, exit the profile and, at the exit prompt, select the exit and accept option. To configure the Dial Plan profile: 1 Open a System > Dial Plan profile.
Configuring WAN Access Configuring MAXDAX Configuring the MAX unit to use Answer Plan profiles With MAXDAX, you can define Answer Plan profiles, which the MAX unit checks if you have set no channel-specific parameters. You configure the unit to compare called number, data service of the call, or both, to values in the profiles. If the unit finds a match, it routes the incoming call to the first available channel in the channel group specified in the Answer Plan profile.
Configuring WAN Access Configuring MAXDAX E=Termsrv D=Diagnostics V=View ChanGroup/s To display the current MAXDAX channel-group mappings, press V or select V=View ChanGroup/s. The current MAXDAX configuration appears, including a channel-by-channel listing of channel groupings.
Configuring WAN Access Configuring MAXDAX Routing calls on the basis of called number Figure 3-5 shows an example of a MAXDAX installation. Figure 3-5. Sample MAXDAX (T1) installation Video System C Video System A Serial line MAX 1 MAX 2 PRI Leased T1 PSTN T1 Serial line Pipeline 75 PBX Video System B On MAX 1, T1 Drop and Insert enables users connected to the PBX to make and receive calls. The system administrator configures MAXDAX on MAX 2.
Configuring WAN Access Configuring MAXDAX System Answer Plan Site C Name=Site C Answer #=6175551212 Answer Data Svc= Dest ChanGroup=1 Dial Plan #=12 MAX 2 makes a call on the first available channel assigned to destination channel-group 1, using Dial Plan profile 12. Because the system administrator leaves Answer Data Svc blank, MAX 2 ignores the data service of the incoming call, and matches on the basis of called number only.
Configuring WAN Access Configuring MAXDAX Routing calls on the basis of the channel on which MAX 2 receives the call This example illustrates a different call-routing process for the MAX unit labeled MAX 2 in Figure 3-5. The physical environment for this example is the same as displayed in Figure 3-5, but MAX 2 routes calls on the basis of the channel on which it receives the call from MAX 1.
Configuring WAN Access Configuring MAXDAX Users specify which Dial Plan profile MAX 2 uses for their calls. In this example, the system administrator configures two Dial Plan profiles, 31 and 32, and tells the users which profile to use for specific destinations.
Configuring WAN Access Configuring MAXDAX Note: Because MAX 2 considers Answer Plan profiles after determining whether it should route on the basis of specific channels, the system administrator could leave the configuration from the preceding example as it is. The system administrator configures MAX 1 to deliver calls to MAX 2 on specific channels. MAX 1 sends calls with calling number 1234 to channel 1 or 2 of the leased T1 line on MAX 2.
Configuring WAN Access Configuring MAXDAX Name=PRI plan Bill #= Dest #=14155551212 PrependDigits= Because the system administrator specifies a Dest # value of 14155551212, the MAX 2 dials that number to make the outbound call.
Configuring Individual WAN Connections 4 Introduction to WAN links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 The Answer profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 The Connection profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17 Configuring Names/Passwords profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Individual WAN Connections Introduction to WAN links The MAX unit provides a number of Dynamic Host Configuration Protocol (DHCP) services, such as responses to DHCP requests from hosts that need to borrow IP addresses. With a MAXPOTS FXS slot card installed, a MAX unit can initiate and receive Plain Old Telephone Service (POTS) calls. Introduction to WAN links This chapter describes configuring various types of links across the WAN.
Configuring Individual WAN Connections The Answer profile Connection type Description Dynamic Host Configuration Protocol (DHCP) DHCP is a TCP/IP protocol that enables a client to obtain a temporary IP address from a central server (known as a DHCP server). This chapter does not describe RADIUS user profiles that serve the same function as resident Connection profiles. For details about WAN connection security, see the MAX Security Supplement.
Configuring Individual WAN Connections The Answer profile For detailed information about each parameter, see the MAX Reference. The Answer profile also includes the following subprofiles, for encapsulation, routing protocols and options that support the incoming call: Subprofile Contains Encaps The encapsulation protocols the MAX unit can negotiate with incoming callers. IP Options Preliminary IP routing parameters needed for initial negotiation for incoming callers.
Configuring Individual WAN Connections The Answer profile Call Type Description MP MP connections, which use RFC 1990 encapsulation. MP enables the unit to interact with MP-compliant equipment from other vendors to use multiple channels for a call. Both connection sides must support MP. PPP Incoming PPP connections. PPP sessions are single-channel connections to any remote device running PPP software. COMB Calls that use Combinet encapsulation and meet all other Answer profile criteria.
Configuring Individual WAN Connections The Answer profile Call Type Description TCP-Clear Calls that use a proprietary encapsulation method and rely on raw TCP sessions to a local host for processing that encapsulation. Raw TCP is a method of supporting encapsulation performed by an application that runs on top of TCP. Raw TCP must be understood by both the login host and the caller. As soon as the connection is authenticated, the MAX unit establishes a TCP connection to the host.
Configuring Individual WAN Connections The Answer profile PPP Options Synchronous connections use an encapsulation protocol such as PPP to deliver packets from one box to another. PPP sessions are single-channel connections to any remote device running PPP software. Following are the Answer > PPP Options parameters that define what type of routing or bridging protocol is supported over a PPP connection: Parameter Specifies Route IP Routing of IP data packets on the interface.
Configuring Individual WAN Connections The Answer profile Parameter Specifies BACP Enable/disable BACP. If BACP is enabled, a connection encapsulated in MP uses BACP to manage dynamic bandwidth on demand. Both sides of the connection must support BACP. (BACP uses the same criteria as MP+ connection for managing bandwidth dynamically.
Configuring Individual WAN Connections The Answer profile Graceful shutdown and IPX Header Compression The following PPP Options parameters define a choice for a graceful shutdown for a PPP connection and a choice for the use of compression for the IPX header: Parameter Specifies Disc on Auth Timeout Whether or not the MAX unit gracefully shuts down the PPP connection on an external authentication server timeout. IPX Header Compression Whether to use or disable IPX header compression in PPP sessions.
Configuring Individual WAN Connections The Answer profile Parameter Specifies N2 Retran Count Retry limit—the maximum number of times the MAX unit can retransmit a frame on an X.75 connection when the T1 Retran Timer expires. T1 Retran Timer Maximum amount of time in ticks (1 tick=1/18th of a second) the transmitter should wait for an acknowledgment before initiating a recovery procedure. Frame Length Maximum number of bytes allowed in the information field by V.120 or X.
Configuring Individual WAN Connections The Answer profile Parameter Specifies CUG Index Closed user group (CUG) index/selection facility to use in the next call request. The CUG selection/index facility is used to indicate to the called switch the CUG selected for a virtual call. (A CUG is a calling group to which access is restricted. A user can be a member of more than one CUG. In general, members of a specific CUG can communicate among themselves, but not with users outside the group.
Configuring Individual WAN Connections The Answer profile Parameter Specifies T3POS T2 Maximum amount of time permitted between the SYN signals sent from the DTE to the PAD.This timer applies to opening frames in Local or Bin-Local mode. Normally, the PAD sends SYN signals to the DTE at the interval specified by the T2 timer to indicate that an idle link is still alive.
Configuring Individual WAN Connections The Answer profile Miscellaneous The last several parameters in the Answer > T3POS Options subprofile further help to define the incoming calls that use T3POS encapsulation: Parameter Specifies Data Format Data format and parity checking/generation behavior of the PAD when it validates opening frames and performs Local mode data transfer. Link Access Type Type of DTE connection—permanent, leased-line, or dial-up.
Configuring Individual WAN Connections The Answer profile Filter-related parameters The Answer > Session Options subprofile contains the following filter-related parameters: Parameter Specifies Data Filter Number of a filter used to determine if packets should be forwarded or dropped. If both a call filter and data filter are applied to a connection, the MAX unit applies a call filter after applying a data filter. (Only those packets that the data filter forwards can reach the call filter.
Configuring Individual WAN Connections The Answer profile Parameter Specifies IPX SAP Filter A SAP filter applied to the LAN or WAN interface. You can apply an IPX SAP filter to exclude or include certain remote services from the MAX SAP table. If you apply a SAP filter in a Connection profile, you can exclude or include services in both directions. Framed Only Whether or not the user is allowed access to all the terminal-server commands or to a subset of them.
Configuring Individual WAN Connections The Answer profile Parameter Specifies Packet Flush Length Maximum number of bytes to buffer. Valid values are from 1 to 8192. The default value is 256. (Note that buffering large packets consumes more system resources.) If the system has buffered the specified number of bytes without matching the End of Packet Pattern, it flushes the buffer by writing the data to TCP. Packet Flush Time Timer in milliseconds. Valid values are from 1 to 1000.
Configuring Individual WAN Connections The Connection profile Route IPX=Yes Route AppleTalk=Yes Bridge=Yes Recv Auth=Either COMB Options Password Reqd=Yes The Connection profile Connection profiles define specific connections for individual users. Whereas the Answer profile specifies parameters for the initial negotiation of an incoming call, a Connection profile specifies parameters that support authentication and detailed aspects of an individual connection.
Configuring Individual WAN Connections The Connection profile Parameter Specifies NumPlanID NumberPlanID field in the called party’s information element. NumPlanID is used for outbound calls made by the unit on PRI lines so that the switch can properly interpret the telephone number dialed. Ask your PRI provider for details.
Configuring Individual WAN Connections The Connection profile Parameter Specifies Route AppleTalk Whether this Connection profile supports AppleTalk routing. AppleTalk routing must be set on both sides of the connection, and in the AppleTalk options submenu for the profile. Framed Only Whether or not the user is allowed access to all the terminal-server commands or to a subset of them.
Configuring Individual WAN Connections The Connection profile Encaps Options The Encaps Options subprofile parameters vary depending on whether you set the Encaps parameter to MPP, MP, PPP, COMB, FR or FR_CIR, XI5PAD, X25/TSPOS, X25/IP, X.32, TCP-Clear, or AR4.
Configuring Individual WAN Connections The Connection profile Parameter Specifies Base Ch Count Number of channels to use to set up a session initially. If the session uses MP, Base Ch Count specifies the total number of channels to be used for the call. For an AIM, BONDING, or multichannel PPP call, the channel count may be augmented. Min Ch Count Minimum number of channels that can be established for a multilink call.
Configuring Individual WAN Connections The Connection profile CBCP parameters The following parameters in Ethernet > Connections > Connection profile > Encaps Options define callback features for incoming calls and trunk groups: Parameter Description CBCP Mode Specifies the method of callback the MAX unit offers the incoming caller. CBCP Trunk Group Assigns the callback to a unit trunk group. This parameter is used only when the caller is specifying the telephone number the unit uses for the callback.
Configuring Individual WAN Connections The Connection profile Encaps=MP When Connections > Connection profile > Encaps=MP, the following parameters appear in the interface for Ethernet > Connections > Connection profile > Encaps Options: Ethernet Connections Connection profile Send Auth Send Name Send PW Aux Send PW Recv PW Base Ch Count Min Ch Count Max Ch Count Inc Ch Count Dec Ch Count MRU LQM LQM Min LQM Max Link Comp VJ Comp CBCP Mode CBCP Trunk Group BACP Dyn Alg Sec History Add Pers Sub Pers Target
Configuring Individual WAN Connections The Connection profile CBCP Mode CBCP Trunk Group IPX Header Compression Split Code.User Encaps=COMB When Connections > Connection profile > Encaps=PPP, the following parameters appear in the interface for Ethernet > Connections > Connection profile > Encaps Options: Ethernet Connections Connection profile Password Reqd Send PW Recv PW Interval Base Ch Count Compression Password Reqd Whether a password will be required to authenticate the Combinet connection.
Configuring Individual WAN Connections The Connection profile Parameter Specifies Circuit Alphanumeric name for a DLCI endpoint. When combined as a circuit, the two DLCI endpoints act as a tunnel—data received on one DLCI bypasses the Lucent router and is sent out on the other DLCI. Encaps=X25/PAD When Connections > Connection profile > Encaps=X25/PAD, the following parameters appear in the interface for Ethernet > Connections > Connection profile > Encaps Options: Parameter Specifies X.
Configuring Individual WAN Connections The Connection profile NUI and PAD parameters The remainder of the parameters in Ethernet > Connections > Connection profile > Encaps Options provide NUI and PAD settings: Parameter Specifies NUI Set of Network User Identification-related facilities to use in the next call request. NUI provides information to the network for billing, security, and network management, and to invoke subscribed facilities.
Configuring Individual WAN Connections The Connection profile X.25 Prof The X.25 Prof parameter specifies the name of an X.25 profile to use for this connection. To guard against misconfiguration, the MAX unit does not allow you to save an active Connection profile specifying X.25 encapsulation unless the named X.25 profile is defined and active. Recv PW The Recv PW parameter specifies the password that the unit expects to receive from the far end while the connection is being authenticated.
Configuring Individual WAN Connections The Connection profile Inactivity Timer The Inactivity Timer parameter specifies the number of seconds to allow a connection to remain inactive before dropping the virtual circuit. Call Mode The Call Mode parameter specifies whether or not the unit can initiate a call request on the X.25 IP connection. Answer X.121 Addr The Answer X.121 Addr parameter specifies the X.121 address of the remote X.25 host to which this profile connects.
Configuring Individual WAN Connections The Connection profile device, authentication fails. For PPP links, the password can contain up to 20 characters. For X.25/PAD, it can contain up to 48 characters. Login Host The Login Host parameter specifies the IP address or DNS hostname of the host to which raw TCP connections will be directed. Login Port The Login Port parameter specifies the TCP port that the raw TCP connection uses to connect to the specified host.
Configuring Individual WAN Connections The Connection profile Encaps=ARA When Connections > Connection profile > Encaps=ARA, the following parameters appear in the interface for Ethernet > Connections > Connection profile > Encaps Options: Parameter Specifies Password Password that an incoming ARA caller must supply (in a Connection profile) or the password the foreign agent must specify under Ascend Tunnel Management Protocol (ATMP) in order to access this unit (in an Ethernet profile).
Configuring Individual WAN Connections The Connection profile Parameter Specifies Preference Preference value for a route. RIP is a distance-vector protocol, which uses a hop count to select the shortest route to a destination network. RIP keeps a database of routing information that it gathers from periodic broadcasts by each router on a network.
Configuring Individual WAN Connections The Connection profile Multicast parameters The following parameters in Ethernet > Connections > Connection profile > IP Options define the ability of the MAX unit to respond to multicast clients, and the rate at which the unit accepts multicast clients: Parameter Specifies Multicast Client Enable/disable the MAX unit to respond to multicast clients on the WAN link.
Configuring Individual WAN Connections The Connection profile IPX RIP and IPX SAP handle RIP packets across the WAN, and whether the MAX unit sends out queries for the nearest IPX server: Parameter Specifies Peer Whether or not the remote IPX caller is a router or a dialin client. The Peer parameter specifies how the unit negotiates IPX with callers that have no configured Connection profile, assuming them to be either IPX routers or IPX clients.
Configuring Individual WAN Connections The Connection profile Parameter Specifies Netware t/o Number of minutes the unit enables clients to remain logged into a NetWare server even though their IPX connections has been torn down. AppleTalk Options For the MAX unit, you need to enable AppleTalk routing by setting Ethernet > Mod Config > AppleTalk to Yes. For incoming switched calls, you have to configure the Answer profile to enable AppleTalk routing.
Configuring Individual WAN Connections The Connection profile Session Options The Connections > Session Options parameters define the characteristics of the session and filter specifications: Parameter Specifies Data Filter Number of a filter used to determine if packets should be forwarded or dropped. If both a call filter and data filter are applied to a connection, the unit applies a call filter after applying a data filter. (Only those packets that the data filter forwards can reach the call filter.
Configuring Individual WAN Connections The Connection profile Parameter Specifies IPX SAP Filter A SAP filter to the LAN or WAN interface. You can apply an IPX SAP filter to exclude or include certain remote services from the MAX SAP table. If you apply a SAP filter in a Connection profile, you can exclude or include services in both directions. BackUp Name of a backup Connection profile for a nailed connection.
Configuring Individual WAN Connections The Connection profile OSPF Options The Ethernet > Connections > Connection profile > OSPF Options subprofile includes the following parameters that define the OSPF area and type on the interface, timing issues for OSPF packets, priority of the OSPF router, and authentication for validating OSPF packets: Parameter Specifies RunOSPF Enable/disable OSPF on the interface. When OSPF is active, the MAX unit sends update packets out on the interface.
Configuring Individual WAN Connections The Connection profile Parameter Specifies MD5 Key An authentication key (a password) used to allow OSPF routing. MD5 Key is a number from 0 to 255 inserted into the OSPF packet header. OSPF routers use MD5 Key to allow or exclude packets from an area. The default value is 0. The key can contain as many as 16 characters.
Configuring Individual WAN Connections The Connection profile Parameter Specifies Exp Callback Whether or not the MAX unit expects outgoing calls to result in a callback from the far-end device. Use this parameter when the remote device requires callback security. Call Type Type of connection. For example; Nailed, Switched, Nailed/MP+, Perm/Switched, or D-channel.
Configuring Individual WAN Connections The Connection profile Parameter Description Bill # Specifies a telephone number to be used for billing purposes. If a number is specified, it is used either as a billing suffix or the callingparty number. For robbed-bit lines, the MAX unit uses the billing number as a suffix appended to each telephone number it dials for the call.
Configuring Individual WAN Connections The Connection profile Parameter Specifies Acct-ID Base Whether or not the numeric base of the RADIUS Acct-Session-ID attribute is 10 or 16. It controls how the Acct-Session-ID attribute is presented to the accounting server; for example, a base-10 session ID is presented as 1234567890, and a base-16 ID as 499602D2. You can set this parameter globally and for each connection.
Configuring Individual WAN Connections Configuring Names/Passwords profiles 7 Set the Max Call Duration parameter to specify the maximum duration in minutes of an established session for an incoming call. The connection is checked once per minute, so the actual time of the call will be slightly longer (usually less than a minute longer) than the actual time you set. 8 Exit the profile and, at the exit prompt, select the exit and accept option.
Configuring Individual WAN Connections Configuring PPP connections Configuring PPP connections A PPP connection is a temporary WAN connection brought up by a remote device dialing into the MAX. It is the most common type of WAN connection, and can be configured in a local Connection profile or in RADIUS. The next sections contain examples of both types of configuration. A PPP connections can be one of the following types: • PPP—A single-channel connection to any remote device running PPP software.
Configuring Individual WAN Connections Configuring PPP connections VJ Comp=Yes CBCP Enable=No BACP= Dyn Alg= Sec History= Add Pers= Sub Pers= Target Util Ethernet Connections Connection profile Encaps=PPP Encaps Options Send Auth=None Send Name=N/A Send PW=N/A Recv PW= MRU=1524 LQM=No LQM Min=600 LQM Max=600 Link Comp=Stac VJ Comp=Yes CBCP Mode=N/A CBCP Trunk Group=N/A Split Code.
Configuring Individual WAN Connections Configuring PPP connections Example of a PPP connection Figure 4-1 shows the MAX unit with a PPP connection to a remote user who is running Windows 95 with a TCP/IP stack and PPP dialup software. The dial-in user has a modem, so the call is asynchronous and uses only one channel. Figure 4-1.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Framed-Protocol = PPP, Framed-IP-Address = 10.2.3.31, Framed-IP-Netmask = 255.255.255.0 Enabling PPP dial-out for V.110 modems The MAX unit can make outgoing calls to a V.110 terminal-adapter client by means of the PPP protocol. This feature also supports the callback feature via V.110 for the MAXLink Client software product.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Encaps Options Base Ch Count=1 (The settings shown for MP and PPP are required. The others are examples.) If BACP is enabled, MP connections use BACP to manage dynamic bandwidth on demand. Both sides of the connection must support BACP.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections specified in the Answer profile. The base channel count specifies the number of channels to use to establish the connection, and this number of channels remains fixed for the whole session. You can ignore the rest of the parameters discussed in this section. Enabling BACP for MP Connections Enable BACP in the Answer profile and in the Connection profile for each connection that should use it.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Target utilization Target Util specifies a percentage of line utilization (default 70%) to use as a threshold when determining when to add or subtract bandwidth. Adding or dropping links (Add Pers, Sub Pers, Inc Ch Count, Dec Ch Count) Add Pers specifies a number of seconds that the ALU must persist beyond the Target Util threshold before the MAX unit adds bandwidth.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Attribute Value Ascend-Maximum-Chan Maximum number of channels available to a multilink PPP nels (235) connection. In this release, MP does not make use this value. However, it’s value does apply to MP+ connections. Note: If a RADIUS profile does not specify Ascend-Maximum-Channels, the default value of 1 prevents the client from establishing a multichannel call.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Following is a comparable RADIUS profile: fred Password = "localpw" Service-Type = Framed-User, Framed-Protocol = MP, Framed-IP-Address = 10.10.1.2, Framed-IP-Netmask = 255.255.255.255, Ascend-Base-Channel-Count = 2, Ascend-Maximum-Channels = 2 Example of a MP connection with BACP To configure a MP connection that uses BACP: 1 Open the Answer profile.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Dec Ch Count=1 Dyn Alg=Quadratic Sec History=15 Add Pers=5 Sub Pers=10 Target Util=70 Note: For optimum performance, both sides of a connection must set the channel count parameters to the same values. 8 Exit the profile and, at the exit prompt, select the exit and accept option. Configuring Lucent MP+ connections Multilink PPP Plus (MP+) uses PPP encapsulation with Lucent extensions.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Target Util=70 Idle Pct=0 The MP+ parameters This section provides some background information about MP+ connections. For detailed information about each parameter, see the MAX Reference. Channel counts and bandwidth allocation parameters BACP and MP+ use the same criteria for increasing or decreasing bandwidth for a connection.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Attribute Value Ascend-Remove-Seconds Number of seconds for which the ALU must persist below the Target-Utilization threshold before the unit subtracts bandwidth. (241) Ascend-Target-Util (234) Percentage of line utilization (default 70%) to use as a threshold when determining when to add or subtract bandwidth. Ascend-Maximum-Chan Maximum number of channels available to a multilink PPP nels (235) connection.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Encaps=MPP Encaps Options Send Auth=PAP Send PW=remotepw Aux Send PW=secondpw Recv PW=localpw 6 Configure the DBA Monitor and the Lucent criteria for bandwidth management.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections The maximum number of channels for the nailed/MP+ connection is either the Max Ch Count setting or the number of nailed channels in the specified group, whichever is greater. If a nailed channel fails, the unit replaces that channel with a switched channel, even if the call is online with more than the minimum number of channels.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections When you have created or modified a nailed profile in RADIUS, you must reload the information from the RADIUS server. To request a reload of all nailed profiles (permanent connections) from the RADIUS server, select the command Sys > Sys Diag > Upd Rem Cfg.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Stacking requires an endpoint discriminator. Every MP/MP+ call that comes to any member of the stack is compared to all existing MP/MP+ calls in the MAX stack to determine whether it is a member of an existing bundle. If the call belongs to an existing bundle, the unit that answered and the bundle owner exchange information about the bundle.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Figure 4-6. Packet flow from the Ethernet WAN MAX #1 (master) A 1 1 64K 3 2 64K MAX #2 (slave) Ethernet 10Mbps Connection profiles within a stack A stack does not support sharing of local Connection profiles between the MAX units in the stack. Every MAX unit that is set up to use internal authentication must retain all authentication information for every call.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Take into account that you do not know ahead of time how many bundles span the stack, or how many multi- or single-channel calls you are going to get. You can base an estimate on your traffic expectations. But in most situations, the majority of bundles are on a single unit, for which there is no overhead.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections Figure 4-7. Hunt groups for a MAX stack handling both MP and MP+ calls Three T1 lines, all in 555-1212 and 555-1215 hunt groups Three T1 lines, all in 555-1213 and 555-1215 hunt groups MAX #1 MAX #2 MAX #3 Three T1 lines, all in 555-1214 and 555-1215 hunt groups In Figure 4-7, suppose an MP+ call is connected to MAX #1.
Configuring Individual WAN Connections Configuring MP, MP+ and BACP connections MAX units in the stack. As in “MP without BACP” on page 4-47 calls dialing 555-1215 first completely fill the channels of MAX #1, then continue to MAX #2, and so on. Both MP+ and MP callers dial the global hunt group number to connect to the stack. MP+ and MP-with-BACP callers do not have to dial the global hunt group numbers to connect. Only the MP-without-BACP callers need to dial the global hunt group.
Configuring Individual WAN Connections Configuring bidirectional CHAP support Stack Options UDP Checksum=No When you press Enter, the Ethernet > Mod Config > Stack Options subprofile appears. For example: Ethernet Mod Config Stack Options Stacking Enabled=Yes Stack Name=maxstack-1 UDP Port=6000 Multicast Addr= 2 Set the Stacking Enabled parameter to Yes. 3 Set the Stack Name parameter to a unique name for the stack. A stack name has 16 characters or less.
Configuring Individual WAN Connections Configuring bidirectional CHAP support For incoming calls, the MAX first challenges the caller for its username and password, then the MAX compares the username and password to those in Connection profiles or RADIUS profiles. A user can have either a Connection profile defined or a RADIUS profile defined, but not both. For outgoing calls, the MAX dials the called device and it is the caller’s responsibility to challenge the MAX for authentication.
Configuring Individual WAN Connections Configuring bidirectional CHAP support has been negotiated, and Bi-Dir Auth is set to Required, the authentication takes place in only one direction. The calling unit authenticates the MAX unit. Setting up bidirectional CHAP on the MAX unit for selected incoming calls Figure 4-10 shows a configuration in which the MAX unit authenticates the calling device by means of CLID or DNIS authentication.
Configuring Individual WAN Connections Configuring bidirectional CHAP support 16 Exit the profile and, at the exit prompt, select the exit and accept option. Setting up bidirectional CHAP on the MAX unit for outgoing calls To set up bidirectional CHAP on the MAX unit for outgoing calls, proceed as follows: 1 Open the dialout Connections > PPP Options subprofile. 2 Set the Send Auth parameter to CHAP, MS-CHAP, or Cache-Token.
Configuring Individual WAN Connections Configuring bidirectional CHAP support In the pseudo-user profile, specify CLID or DNIS authentication, and then set the Ascend-Bi-Directional-Auth attribute to Bi-Directional-Auth-Allowed or Bi-Directional-Auth-Required: • Bi-Directional-Auth-Allowed specifies that authentication can be bidirectional. The MAX unit identifies the calling device. The system also allows the calling device to authenticate the MAX unit, but this authentication is not mandatory.
Configuring Individual WAN Connections Configuring bidirectional CHAP support Mike1-out User-Password="ascend" Service-Type=Outbound-User, User-Name="Mike1", Framed-Protocol=PPP, Framed-IP-Address=111.5.1.1, Framed-IP-Netmask=255.255.255.
Configuring Individual WAN Connections Configuring bidirectional CHAP support Ascend-Base-Channel-Count=2, Ascend-Minimum-Channels=1, Ascend-Maximum-Channels=2, Framed-Address=111.5.1.1, Framed-Netmask=255.255.255.
Configuring Individual WAN Connections Configuring bidirectional CHAP support Consider the network in Figure 4-11: Figure 4-11. Multiprovider network Ethernet PRI PSTN BRI Pipeline unit MAX unit Proxy RADIUS ISP #1 RADIUS server #1 ISP #2 RADIUS server #2 ISP #3 RADIUS server #3 During an outgoing call with bidirectional authentication, the MAX unit first recovers the dialout profile. Once the call is brought up, the MAX unit needs to authenticate the called party, in this case a Pipeline unit.
Configuring Individual WAN Connections Configuring bidirectional CHAP support Framed-IP-Netmask=255.255.255.0, Ascend-Dial-Number=90492386067, Ascend-Data-Svc=Switched-64K, Ascend-Send-Auth=Send-Auth-CHAP, Ascend-Send-Secret="passin", Ascend-Bi-Directional-Auth=Bi-Directional-Auth-Required, Ascend-Recv-Name="pipe-pat", Ascend-Route-IP=1 To enforce the second RADIUS lookup, the dialout profile name (pipe-pat-out in this example) must be different from the name of the called device in the user profile.
Configuring Individual WAN Connections Enhanced support for MS-CHAP 9 If the first authentication was successful, the MAX unit sends a challenge request to the called party. 10 The called party responds with a challenge response. 11 The MAX unit sends the authentication request to RADIUS, which performs the second lookup. 12 The RADIUS server informs the MAX unit about whether the authentication was successful.
Configuring Individual WAN Connections Configuring dial-in PPP for AppleTalk Configuring an AppleTalk PPP connection with a Connection profile To use a Connection profile to configure an AppleTalk PPP connection: 1 Open the Ethernet > Mod Config subprofile. 2 Set the Appletalk parameter to Yes. 3 Open the appropriate Connection profile. 4 Set the Route Appletalk parameter to Yes. 5 Open the AppleTalk Options subprofile.
Configuring Individual WAN Connections Configuring AppleTalk connections from RADIUS If there are other AppleTalk routers on the network, you must configure the zone names and network ranges to coincide with the other routers on the LAN. The default for the Zone Name parameter is blank. Enter up to 33 alphanumeric characters to identify the zone name for the unit you are configuring. Note: These parameters are N/A if you have not enabled AppleTalk in the Ethernet profile.
Configuring Individual WAN Connections Configuring ARA connections Configuring ARA connections ARA uses V.42 Alternate Procedure as its data link, so ARA can be used only over asynchronous modem connections. Example of an ARA configuration To configure ARA connections, you set the following parameters (shown with sample settings): Ethernet Mod Config Appletalk=Yes AppleTalk Zone Name=* Ethernet Answer Profile Reqd=Yes Encaps ARA=Yes Ethernet Connections Encaps=ARA Encaps Options Password=*SECURE* Max.
Configuring Individual WAN Connections Configuring ARA connections Figure 4-12. An ARA connection enabling IP access Macintosh with ARA Client and Open Transport WAN MAX Note: If you do not require IP access, the Connection profile does not need IP routing and the Macintosh client does not need a TCP/IP configuration. For ARA connections that support IP access, the unit receives IP packets encapsulated in AppleTalk’s DDP protocol. It removes the DDP headers and routes the IP packets normally.
Configuring Individual WAN Connections Configuring terminal-server connections 4 Open a Connection profile, specify the dial-in user’s name, and activate the profile. Ethernet Connection margaret Station=margaret Active=Yes 5 Select ARA encapsulation and configure the ARA options. Encaps=ARA Encaps Options Password=localpw Max. Time (min)=0 6 Configure the connection for IP routing.
Configuring Individual WAN Connections Configuring terminal-server connections Options in a Connection profile, see “Introduction to WAN links” on page 4-2. These Telco options apply equally to PPP and terminal-server calls. Connection authentication issues When the terminal server receives a forwarded call, it waits briefly to receive a PPP packet. If the terminal server times out waiting for PPP, it sends its login prompt.
Configuring Individual WAN Connections Configuring terminal-server connections Ethernet Connections joshua Station=joshua Active=Yes Encaps=PPP Encaps Options Recv PW=localpw The following example includes optional parameters for bringing down the terminal-server connection after a specified amount of idle time: Ethernet Connections catherine Station=catherine Active=Yes Encaps=PPP Encaps Options Recv PW=localpw Session Options TS Idle Mode=Input/Output TS Idle=60 For information about the parameters, see
Configuring Individual WAN Connections Configuring terminal-server connections • V.120 maximum receive frame size=260 bytes. • Logical link ID=256. • Modulo=128. • Line channel speed: Select 56K if the unit accepts calls from the V.120 device on a T1 line, or if you are not sure that you have 64-Kbps channel speed end-to-end. After checking the configuration of the V.120 device, make sure you enable V.120 calls in the Answer profile. For example: Ethernet Answer Encaps V.120=Yes V.
Configuring Individual WAN Connections Configuring terminal-server connections First, make sure you enable TCP-Clear calls in the Answer profile: Ethernet Answer Encaps TCP-Clear=Yes Then, to configure a TCP-Clear connection, set the parameters shown in the following example: Ethernet Connections louie Station=louie Active=Yes Encaps=TCP-Clear Encaps Options Recv PW=localpw Login Host=techpubs Login Port=23 Session Options TS Idle Mode=Input TS Idle=60 If you configure DNS, you can enter a hostname for th
Configuring Individual WAN Connections Configuring terminal-server connections Following is a sample RADIUS profile: tcpapp1 Password = "localpw" Service-Type = Login-User, Login-Service = TCP-Clear, Login-IP-Host = 10.10.10.1, Login-TCP-Port = 23, Login-IP-Host = 10.10.10.2, Login-TCP-Port = 125 TCP-modem connections (DNIS Login) The TCP-modem feature enables the MAX unit to accept connections through the Ethernet interface though as they were modem connections.
Configuring Individual WAN Connections Configuring terminal-server connections Menu mode The menu interface lists up to four local hosts. Users select a hostname to initiate a Telnet session to that host. The menu interface with four hosts looks like this: Up to 16 lines of up to 80 characters each will be accepted. Long lines will be truncated. Additional lines will be ignored 1. host1.abc.com 2. host2.abc.com 3. host3.abc.com 4. host4.abc.
Configuring Individual WAN Connections Configuring terminal-server connections To influence the outcome for modem negotiation and data packetizing, you can set the following parameters in Ethernet > Mod Config > Tserv Options: Parameter Specifies V42/MNP How the digital modems negotiate LAPM/MNP error control with the analog modem at the other end of the connection.
Configuring Individual WAN Connections Configuring terminal-server connections Configuring terminal mode When a user communicates with the terminal server itself (rather than with a host, in immediate mode), the MAX unit establishes a session between the remote user’s PC and the terminal server.
Configuring Individual WAN Connections Configuring terminal-server connections Example of terminal-mode configuration This example shows how to configure the password and make the Rlogin option available to dial-in users. 1 Open Ethernet > Mod Config > TServ Options. 2 Specify the terminal-server password. Passwd=tspasswd 3 Set the Telnet parameter to Yes. 4 Configure a multiline login prompt.
Configuring Individual WAN Connections Configuring terminal-server connections 6 Exit the profile and, at the exit prompt, select the exit and accept option. Following is an example of this configuration: Ethernet Mod Config TServ Options Immed Service=Telnet Immed Host=host1.abc.com Immed Port=23 Telnet Host Auth=Yes Configuring menu mode You can set up the terminal server to display a menu of up to four Telnet hosts that dial-in users can select for logging in.
Configuring Individual WAN Connections Configuring terminal-server connections Host #4 Addr=10.2.3.224 Host #4 Text=host4.abc.com Dial-in users are able to Telnet to these hosts by selecting the hostname or IP address. 4 Exit the profile and, at the exit prompt, select the exit and accept option. Configuring PPP mode Users who are logged into the terminal server in terminal mode can invoke an asynchronous PPP session by using the PPP command to initiate PPP mode.
Configuring Individual WAN Connections Configuring terminal-server connections Parameter Specifies SLIP BOOTP That the terminal server responds to BOOTP within SLIP sessions. A user who initiates a SLIP session can then get an IP address from the designated IP address pool via BOOTP. If the parameter is set to No, the terminal server does not run BOOTP. Instead, the user is prompted to accept an IP address at the start of the SLIP session.
Configuring Individual WAN Connections Configuring terminal-server connections 1 Invoke the terminal-server command-line interface (System > Sys Diag > Term Serv). The user sees the terminal-server prompt. For example: ascend% 2 Enter the terminal-server Open command. ascend% open Without an argument, the Open command sets up a virtual connection to the first available digital modem.
Configuring Individual WAN Connections Configuring a Combinet connection 3 Specify the port on which the immediate-modem feature functions, and specify a password for modem access. For example: Ethernet Mod Config TServ Options Imm. Modem port=5000 Imm. Modem Pwd=dialoutpwd 4 Exit the profile and, at the exit prompt, select the exit and accept option. Configuring a Combinet connection The MAX unit supports Combinet bridging to link two LANs as if they were one segment.
Configuring Individual WAN Connections Configuring a Combinet connection The Combinet bridging parameters This section provides some background information about a Combinet configuration. Specifying the hardware address of the remote Combinet bridge The (Connection profile) Station parameter must specify the MAC address of the remote Combinet bridging device. Enabling bridging A Combinet connection is always a bridging connection, so the Bridge parameter in the Connection profile must be set to Yes.
Configuring Individual WAN Connections Configuring EU connections Example of Combinet configuration To configure a Combinet connection: 1 Open a Connection profile. 2 Specify the MAC address of the remote device as the value for the Station parameter, and activate the profile.
Configuring Individual WAN Connections Configuring EU connections Called #=555-1212 Encaps=EU-RAW Encaps Options MRU=1524 Ethernet Connections Connection profile Calling #=555-7878 Called #=555-1212 Encaps=EU-UI Encaps Options MRU=1524 DCE Addr=1 DTE Addr=3 The EU parameters This section provides some background information on EU parameters. For detailed information about each parameter, see the MAX Reference. EU-RAW and EU-UI EU-RAW is a type of X.
Configuring Individual WAN Connections Configuring EU connections Example of an EU connection Figure 4-17 shows three connections that use EU encapsulation with CLID authentication. Figure 4-17. EU Connection Connection #1 MAX Switched network with CLID Connection #2 Connection #3 To configure a connection that uses EU-RAW framing: 1 Open the Answer profile and make sure that EU-RAW encapsulation is enabled.
Configuring Individual WAN Connections Configuring DHCP services Ethernet Answer Id Auth=Calling Reqd Encaps EU-UI=Yes 3 Close the Answer profile. 4 Open a Connection profile, specify the name of the remote device, and activate the profile. For example: Ethernet Connections Connection profile Station=remote-device Active=Yes 5 Specify the calling-line number.
Configuring Individual WAN Connections Configuring DHCP services How the MAX assigns IP addresses When you configure a MAX unit to be a DHCP server and it receives a DHCP client request, it assigns an IP address by means of Plug and Play, reserved address, lease renewal, or assignment from a pool.
Configuring Individual WAN Connections Configuring DHCP services Maximum no reply wait=5 IP group 1=181.100.100.100/16 Group 1 count=1 IP group 2=0.0.0.0/0 Group 2 count=0 Host 1 IP=181.100.100.120 Host 1 Enet=0080c75Be95e Host 2 IP=0.0.0.0/0 Host 2 Enet=000000000000 Host 3 IP=0.0.0.0/0 Host 3 Enet=000000000000 For detailed information about each parameter, see the MAX Reference.
Configuring Individual WAN Connections Configuring DHCP services 11 To define an additional address pool for dynamic address assignment, set the IP Group 2 parameter to the first address for the second IP address pool. 12 Set the Group 2 Count parameter to the number of addresses in the pool. The second pool, which can also contain up to 20 addresses, is used only if there are no addresses available in the first pool.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 DHCP Spoofing DHCP Spoofing=Yes Always Spoof=No Additionally, you can set the following parameters: Renewal Time=nn Become Def. Router=Yes|No Dial If Link Down=Yes|No Validate IP=Yes Maximum no reply wait=n For detailed information about each parameter, see the MAX Reference.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 FXS line profiles There are five possible slot profiles for each MAXPOTS slot card. The first profile (default) is always the active profile. You can save alternative configurations in the other four profiles.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 The alternative profile appears. 2 Press Ctrl-D to access the DO menu. The DO menu appears. 3 Select L (Load). Note: The Load option does not appear when you are in the active profile. 4 The alternative profile becomes the active profile. Call Routes profile You must configure a Call Routes profile to specify how the MAX unit handles the call.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 For example, with MAXDAX and Trunk Groups enabled and the following call routes defined: System > Call Routes 901-> Active=Yes Phone= Src Slot=0 Src Port=0 Call Rte Type=Trunk-Any Dst Chan Grp=9999 Dst Trnk Grp=9 Dst Slot=3 Dst Port=1 902-> Active=Yes Phone=85000 Src Slot=0 Src Port=0 Call Rte Type=Trunk-Any Dst Chan Grp=9999 Dst Trnk Grp=9 Dst Slot=3 Dst Port=1 903-> Active=Yes Phone=85001 Src Slot=0 Src Port=0
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 Viewing the call routes with the DO command displays the following screen:. The columns on the Call Routes screen are: # Call route profile number in System > Call Routes. phone # Phone # filter in the call route profile. Note that if the phone # is > 11 digits, then the first 10 digits are displayed followed by the abbreviation indicator ~ SSP Source slot and port filter.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 Parameter Sort order within the parameter Dst Port From the most specific to the least specific. You can configure the most specific slot and port by setting values other than zero. You can configure the least specific slot and port by setting zero values. Table 4-1 shows the full-group ordering from most specific to least specific. Table 4-1.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 Table 4-2. Example of sorting order (continued) Phone Number Src Slot/ Src Port Call Rte Type Dst Slot/ Dst Port 5551 ““ Fair Share routing You can set the Call Distrib Type parameter to Fair Share so that a call is routed to the available port that has been idle the longest. This value distributes the calls among several destinations.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 combination is busy, the other gets the call. If both are busy, the longest idle among all ports in Slots 6 and 5 gets the call and so on. Numbering Plan profile Numbering Plan profiles enable you to optimize the placement of outgoing calls. You can fine tune the point at which the MAX assumes it has received all the dialed digits, and you can provide callers with a more familiar dialing procedure.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 Automatically prepend trunk digit If you configure the MAX to use trunk groups and the callers do not enter a trunk digit when dialing, you must configure a Call Routes profile to direct the unit to prepend a trunk digit.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 Route by area code To route MAXPOTS calls on the basis of area codes, configure Call Routes profiles with Dial Prefix Filter and New Trunk Group settings. Also make sure that the MAX unit is using trunk groups and that the trunk groups are defined.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 Phone Number= Src Slot=0 Src Port=0 Call Rte Type=Trunk-Voice Dst Chan Grp=N/A or 0 Dst Trnk Grp=8 Dst Slot=0 Dst Port=0 Dial Plan=0 Rewrt Pattn= Rewrt Replce= Use call-setup parameters To configure call-setup parameters for a PRI line, set the Use Dial Plan parameter in one or more Call Routes profiles, and define the dial plan (or plans).
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 Port-to-port routing This routing allows the routing of calls from one POTS port on a MAX to another POTS port on the same MAX. The ports do not need to be on the same MAXPOTS slot card, and no other trunks are necessary. You can configure calls 4001 and 4002 to be routed to POTS ports 1 and 2, respectively, on MAXPOTS slot 3 card.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 Dst Slot=3 Dst Port=4 Examples of Rollover configurations With MAXPOTS, if a port is busy, the MAX can roll over a call to another port or send the far-end a busy signal. Following are four sample configurations. With the first configuration, the MAX rolls over a phone call to one port. With the second, the MAX rolls over a call to a second available port.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 Active=Yes Phone Number=^5551212$ Dst Slot=3 Dst Port=1 System Call Routes Call Routes profile 2 Active=Yes Phone Number=^5551212$ Dst Slot=3 Dst Port=2 If Call Distrib Type were set to Fair Share, in this example the MAX would route 5551212 calls to port 1 or port 2, whichever had been idle the longest. If both ports are busy, the far end receives a busy signal.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 Example of a Numbering Plan profile With the following configuration, the MAX expects eleven digits for all phone numbers beginning with a 1, and seven digits otherwise. Callers do not need to press the # key after entering the phone number.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 Active=Yes Dst Chan Grp=4 For more information about MAXDAX functions, see the MAX Reference. Routing inbound calls When the MAX receives a call on a WAN line, it performs CLID or DNIS authentication (if configured), answers the call, and routes the call to the MAXPOTS card. The following are examples of incoming call routing.
Configuring Individual WAN Connections Configuring POTS capability on the MAX 6000 and MAX 3000 Phone Number=5556602 Dst Slot=3 Dst Port=2 Line Status From Main Status Menu > Analog FXS > Line Status, you can monitor the activity of each port. Each port can be represented by one of the following characters. Character Description – (dash) idle . (period) off-hook D dialing R ringing = connected For example, the status windows in Figure 4-19 indicate that all 8 POTS ports are idle. Figure 4-19.
Configuring Frame Relay 5 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 Configuring nailed bandwidth for Frame Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Defining Frame Relay link operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4 Configuring a DLCI logical interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Frame Relay Introduction configured with a User-to-Network (UNI) interface to Frame Relay, the MAX acts as the user side (UNI-DTE) communicating with the network side (UNI-DCE) of a switch. The network-side device connects the CPE device to a Frame Relay network. For example, the MAX labeled MAX-01 in Figure 5-1 receives Frame Relay encapsulated frames from a CPE and forwards them on to another Frame Relay switch.
Configuring Frame Relay Introduction Figure 5-2. Frame Relay concentrator Frame Relay PPP DLCI 50 In this kind of configuration, the decision to forward frames onto the Frame Relay interface can be made through OSI layer 3 (routing), or by Frame Relay Direct. Using the MAX as a Frame Relay switch As a Frame Relay switch, the MAX receives frames on one interface and transmits them on another interface.
Configuring Frame Relay Configuring nailed bandwidth for Frame Relay The logical interface is a PVC endpoint, which requires a DLCI. DLCIs uniquely identify the logical endpoints of a virtual circuit (a specific end device). Administrators obtain DLCIs from Frame Relay providers and assign them in Connection profiles or RADIUS user profiles. Configuring nailed bandwidth for Frame Relay Each Frame Relay interface in the MAX requires its own nailed bandwidth, which is similar to a dedicated leased line.
Configuring Frame Relay Defining Frame Relay link operations The Ethernet > Frame Relay > Frame Relay profile includes the following parameters that define the name of the Frame Relay profile and make it available for use, the type of call connection, and the type of frame relay for the switch: Parameter Specifies Name Name of the Frame Relay profile to use for forwarding this link on the Frame Relay network. The name must be unique and cannot exceed 15 characters.
Configuring Frame Relay Defining Frame Relay link operations Call-by-Call A signaling value the PRI service uses when placing a call using that profile. Transit # A dialing prefix for use in the transit network IE for PRI calling when going through an Interexchange Carrier (IEC). The default (null) causes the MAX to use any available IEC for long-distance calls.
Configuring Frame Relay Defining Frame Relay link operations Parameter Specifies T392 Interval for Status Enquiry messages (from 5 to 30 seconds). The MAX records an error message if it does not receive an Status Enquiry message within T392 seconds. This parameter is N/A when FR Type is DTE. MRU Maximum Receive Units. Maximum number of bytes the MAX can receive in a single packet across this link. Usually the default of 1532 is the right setting, unless the far end device requires a lower number.
Configuring Frame Relay Defining Frame Relay link operations The following attributes can be used to define a frdlink pseudo-user profile: Attribute Value Ascend-FR-ProfileName (180) A Frame-Relay profile name (up to 15 characters), to be referenced in user profiles that make use of this datalink. Ascend-FR-Nailed-Grp (158) Group number assigned to nailed bandwidth in a line profile, such as a T1 or E1 profile. The default is 1. Make sure the Frame-Relay profile specifies the correct group number.
Configuring Frame Relay Defining Frame Relay link operations Attribute Value Ascend-FR-T391 (166) Link Integrity Verification polling timer. The value should be less than that of Ascend-FR-T392. The default is 10, which indicates that after Ascend-FR-N391 status requests spaced 10 seconds apart, the UNI-DTE device requests a Full status report. Does not apply when Ascend-FR-Type is Ascend-FR-DCE. Ascend-FR-T392 (167) Interval in which Status Enquiry messages should be received (from 5 to 30 seconds).
Configuring Frame Relay Defining Frame Relay link operations Figure 5-4. Frame Relay DTE interface Frame Relay FR switch DCE DTE The following parameters specify nailed group 11 as the bandwidth for the sample DTE interface. Make sure that the Frame-Relay profile specifies the correct nailed group. Ethernet Frame Relay Frame Relay profile Active=Yes FR Type=DTE Nailed Grp=11 Link Mgmt=Q.933A With these link management settings, the MAX uses the CCITT Q.
Configuring Frame Relay Defining Frame Relay link operations For example, if the MAX expects a Status Enquiry from the DTE every ten seconds, it records an error if it does not receive a Status Enquiry in ten seconds. Figure 5-5 shows an example of the MAX with a UNI-DCE interface. Figure 5-5. Frame Relay DCE interface Frame Relay CPE endpoint DTE DCE The following parameters specify nailed group 36 as the bandwidth for the sample DCE interface.
Configuring Frame Relay Defining Frame Relay link operations Examples of an NNI link interface An NNI interface implements procedures used by Frame Relay switches to communicate status between them. The MAX uses these procedures to inform its peer switch about the status of PVC segments from its side of the Frame Relay network, as well as the integrity of the datalink between them. The procedure is bidirectional.
Configuring Frame Relay Configuring a DLCI logical interface (every 60 seconds). It also sends a Full Status report in response to requests from the other switch. If it does not receive a Status Enquiry within a 15-second interval (T392), it records an error.
Configuring Frame Relay Configuring a DLCI logical interface For gateway connections: Ethernet Connections Connection profile Encaps=FR Encaps options... FR Prof=pacbell DLCI=16 Circuit=N/A Route IP=Yes Ip options... LAN Adrs=10.2.3.4/24 For Frame Relay circuits: Ethernet Connections Connection profile Encaps=FR_CIR Encaps options... FR Prof=pacbell DLCI=16 Circuit=circuit-1 For FR Direct connections: Ethernet Connections Connection profile Encaps=PPP Route IP=Yes Ip options... LAN Adrs=10.2.3.
Configuring Frame Relay Configuring a DLCI logical interface Frame Relay circuits (Encaps=FR_CIR) A circuit is a PVC segment configured in two Connection profiles. Data coming in on the DLCI configured in one Connection profile is switched to the DLCI configured in the other. Data gets dropped if the circuit has only one DLCI. If more than two Connection profiles specify the same circuit name, the MAX uses only two DLCIs.
Configuring Frame Relay Configuring a DLCI logical interface Attribute Value Ascend-Backup (176) Name of a backup Connection profile to the next hop (optional). See “Examples of backup interfaces for nailed Frame Relay links” on page 5-17. Examples of a DLCI interface configuration In the following example, the MAX has a connection to a Frame Relay switch that also supports IP routing, as shown in Figure 5-7: Figure 5-7. Frame Relay PVC Frame Relay 10.11.12.
Configuring Frame Relay Configuring a DLCI logical interface Examples of backup interfaces for nailed Frame Relay links On UNI-DTE and NNI interfaces, the MAX issues Status Enquiries that check the state of the other end of PVC segments on the interface. If a DLCI becomes inactive, and the profile configuring its nailed interface specifies a backup connection, the MAX uses the backup connection to provide an alternate route to the other end.
Configuring Frame Relay Configuring a DLCI logical interface Ascend-Route-IP=Route-IP-Yes, Ascend-Backup="pvc", Ascend-Metric=7, Ascend-FR-DLCI=18, Ascend-FR-Profile-Name="radius-frt2-7", Framed-MTU=1524, Ascend-Call-Type=Nailed permconn-max1-2 Password="ascend", User-Service=Dialout-Framed-User User-Name="pvc", Framed-Protocol=FR, Framed-Address=10.168.7.11, Framed-Netmask=255.255.255.
Configuring Frame Relay Concentrating incoming calls onto Frame Relay Concentrating incoming calls onto Frame Relay A common way to concentrate incoming connections onto a Frame Relay link is by making use of OSI layer 3 (IP routing). For this purpose, the MAX requires ordinary profiles for the callers, and a DLCI logical interface that specifies a destination IP router. When clients dial in to reach the destination router, the MAX consults its routing table to forward the packets onto Frame Relay.
Configuring Frame Relay Concentrating incoming calls onto Frame Relay Routing parameters in RADIUS In addition to the attributes described in “Overview of DLCI interface settings” on page 5-13, the following attribute-value pairs must be specified in the permconn profile of a Frame Relay gateway: Attribute Value Ascend-Route-IP (228) Enables/disables IP routing for this connection. (IP is enabled by default.
Configuring Frame Relay Concentrating incoming calls onto Frame Relay The next set of parameters configures a DLCI Connection profile to the CPE router: Ethernet Connections cpu-router Station=cpe-router Active=Yes Encaps=FR IP options LAN Adrs=10.9.8.7/24 Encaps options FR Prof=fr-dte DLCI=55 Following is a comparable RADIUS profile: permconn-max-2 Password="ascend", User-Service=Dialout-Framed-User User-Name="cpe-router", Framed-Protocol=FR, Framed-Address=10.9.8.7, Framed-Netmask=255.255.255.
Configuring Frame Relay Concentrating incoming calls onto Frame Relay LAN Adrs=10.111.112.113/24 Session options FR Direct=Yes FR Prof= FR Dlci=16 Parameter Specifies Encaps Specifies the supported encapsulation protocol. Must be set to PPP, MP, or MPP for Frame Relay Direct connections. FR Direct Enables/disables FR-Direct mode for this connection. FR Prof Specifies the name of the Frame Relay profile that defines the datalink.
Configuring Frame Relay Concentrating incoming calls onto Frame Relay Attribute Value Framed-Address (8) PPP caller’s IP address. As the MAX receives return packets for many Frame Relay Direct connections on the same DLCI, it uses this address to determine which PPP caller should receive the return packets. Framed-Netmask (9) A subnet mask for Framed-Address.
Configuring Frame Relay Concentrating incoming calls onto Frame Relay The following set of parameters configures FR Direct Connection profiles for the incoming calls: Ethernet Connections caller-1 Station=caller-1 Active=Yes Encaps=PPP Encaps options Recv PW=caller1*3 IP options LAN Adrs=10.5.6.7/32 Session options FR Direct=Yes FR Prof=fr-dte FR Dlci=72 Ethernet Connections caller-2 Station=caller-2 Active=Yes Encaps=PPP Route IP=Yes Encaps options Recv PW=caller2!!8 IP options LAN Adrs=10.5.6.
Configuring Frame Relay Configuring the MAX as a Frame Relay switch Configuring the MAX as a Frame Relay switch As a Frame Relay switch, the MAX receives frames on one DLCI interface and transmits them on another one. The decision to forward frames is made on the basis of circuit name assignments. To use the MAX as a switch, you must configure a circuit that pairs two DLCI interfaces.
Configuring Frame Relay Configuring the MAX as a Frame Relay switch Parameter Specifies FR Circuit Circuit name (up to 16 characters). The other endpoint must specify the same circuit name. If only one profile specifies a circuit name, data received on the specified DLCI is dropped. If more than two profiles specify the same circuit name, only two of the profiles will be used to form a circuit.
Configuring Frame Relay Configuring the MAX as a Frame Relay switch Nailed Grp=111 Ethernet Frame Relay p130east Name=p130east Active=Yes FR Type=DCE Nailed Grp=222 The next set of parameters specifies the circuit between the two Frame Relay interfaces: Ethernet Connections max6 Station=max6 Active=Yes Encaps=FR-Cir Route IP=No Encaps options FR Prof=max DLCI=100 FR Circuit=frcir1 Ethernet Connections p130 Name=p130 Active=Yes Encaps=FR-Cir Encaps options FR Prof=p130east DLCI=200 FR Circuit=frcir1 Using
Configuring Frame Relay Configuring the MAX as a Frame Relay switch The next set of profiles specifies the circuit between the two Frame Relay interfaces: permconn-max-10 Password="ascend" , User-Service=Dialout-Framed-User User-Name="max6", Framed-Protocol=FR-CIR, Ascend-Route-IP=Route-IP-No, Ascend-FR-DLCI=100, Ascend-FR-Profile-Name="max", Ascend-FR-Circuit-Name="fr-cir1" permconn-max-11 Password="ascend", User-Service=Dialout-Framed-User User-Name="p130", Framed-Protocol=FR-CIR, Ascend-Route-IP=Route-IP
Configuring Frame Relay Configuring the MAX as a Frame Relay switch Ethernet Connections asnd-a Station=asnd-a Active=Yes Encaps=FR-Cir Route IP=No Encaps options FR Prof=fr-asnd-a DLCI=100 FR Circuit=pvc-pipe Ethernet Connections asnd-b Station=asnd-b Active=Yes Encaps=FR-Cir Route IP=No Encaps options FR Prof=fr-asnd-b DLCI=200 FR Circuit=pvc-pipe Using RADIUS profiles The following frdlink pseudo-user profiles define the datalinks to the two switches labeled FRAsnd-A and FR-Asnd-B: frdlink-max-23 Passwo
Configuring Frame Relay Configuring the MAX as a Frame Relay switch Ascend-Route-IP=Route-IP-No, Ascend-FR-DLCI=200, Ascend-FR-Profile-Name="fr-asnd-b", Ascend-FR-Circuit-Name="pvc-pipe" Examples of circuits that use UNI and NNI interfaces Figure 5-12 shows circuit configurations that use one UNI-DCE and one NNI interface. Figure 5-12.
Configuring Frame Relay Configuring the MAX as a Frame Relay switch The next set of parameters on MAX-42 specifies the circuit between its two Frame Relay interfaces: Ethernet Connections max Station=max Active=Yes Encaps=FR-Cir Route IP=No Encaps options FR Prof=dce-max DLCI=100 FR Circuit=cir-42 Ethernet Connections max39 Name=max39 Active=Yes Encaps=FR-Cir Route IP=No Encaps options FR Prof=nni-39 DLCI=200 FR Circuit=cir-42 The following parameters on MAX-39 define the datalinks to MAX-42 and to the Pip
Configuring Frame Relay Configuring the MAX as a Frame Relay switch The next set of parameters on MAX-39 specifies the circuit between its two Frame Relay interfaces: Ethernet Connections max42 Name=max42 Active=Yes Encaps=FR-Cir Route IP=No Encaps options FR Prof=nni-42 DLCI=200 FR Circuit=cir-39 Ethernet Connections max39 Name=max39 Active=Yes Encaps=FR-Cir Route IP=No Encaps options FR Prof=dce-p130 DLCI=300 FR Circuit=cir-39 Using RADIUS profiles The following profiles define the datalinks from MAX-42
Configuring Frame Relay Configuring switched Frame Relay connections permconn-max-15 Password="ascend", User-Service=Dialout-Framed-User User-Name="max39", Framed-Protocol=FR-CIR, Ascend-Route-IP=Route-IP-No, Ascend-FR-DLCI=200, Ascend-FR-Profile-Name="nni-39", Ascend-FR-Circuit-Name="cir-42" The following profiles define the datalinks from MAX-39 to MAX-42 and the Pipeline 130: frdlink-max-27 Password="ascend", User-Service=Dialout-Framed-User Ascend-FR-Profile-Name="nni-42", Ascend-Call-Type=Nailed, Asce
Configuring Frame Relay Configuring switched Frame Relay connections rate of 64K or 56K, depending on the ISDN network configuration. Authentication can be by DNIS and CLID. Switched Frame Relay connections support the same logical interfaces as do nailed connections: NNI, DTE, and DCE. Keep the following information in mind: • Your Frame Relay service provider must allow switched Frame Relay connections. • A switched Frame Relay connection is a point-to-point connection and supports only one DLCI.
Configuring Frame Relay Configuring switched Frame Relay connections 5 Set FR Type=NNI. 6 Specify the data link information as given to you by your Frame Relay Service provider. 7 Exit the profile and, at the exit prompt, select the exit and accept option. Configuring a Connection profile Next, to configure a Connection profile for a Frame Relay switched connection, proceed as in the following example: 1 Open Ethernet > Connections > any profile 2 Specify a Station name.
Configuring Frame Relay Configuring 64 switched Frame Relay connections 6 Exit the profile and, at the exit prompt, select the exit and accept option. Establishing the connection To bring up the Frame Relay manually, open the Connection profile and press Ctrl-D, then select 1=Dial. If you configure an Answer profile, an incoming call with the correct CLID or DNIS brings up the session.
Configuring Frame Relay Configuring 64 switched Frame Relay connections Ascend-Metric=2, Ascend-FR-DLCI=16, Ascend-FR-Profile-Name="SWITCHED-FR-DTE", Ascend-Bridge=Bridge-No, Ascend-Call-Type=Switched, Ascend-Idle-Limit=120 Be sure to: • Set Ascend-Require-Auth to Not-Require-Auth. • Specify the corresponding Frame Relay Data Link profile in the Ascend-FRProfile-Name attribute. • Set Ascend-Call-Type to Switched.
Configuring Frame Relay Configuring 64 switched Frame Relay connections Sample RADIUS Frame Relay Data Link profile The following example profile corresponds to the user profile in “Sample RADIUS user profile” on page 5-38: SWITCHED-FR-DTE Password="ascend", User-Service= Framed-User Ascend-FR-Profile-Name="SWITCHED-FR-DTE", Ascend-Call-Type=Switched, Ascend-FR-Type=Ascend-FR-DTE, Ascend-FR-Link-Mgt=Ascend-FR-T1-617D, Ascend-FR-N391=6, Ascend-FR-DTE-N392=3, Ascend-FR-DTE-N393=4, Ascend-FR-T391=10 Dialout-
Configuring X.25 6 Introduction to Lucent X.25 implementation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 Configuring the logical link to an X.25 network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2 Configuring X.25 IP connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8 Configuring X.25 PAD connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11 Setting up X.25 PAD sessions . . .
Configuring X.25 Introduction to Lucent X.25 implementation WWW pages with graphics, or X.25 Transaction Processing Protocol for Point of Service (T3POS) sends transaction data over the D channel.) Introduction to Lucent X.25 implementation This chapter describes how the MAX unit supports X.25. The CCITT Blue Book Recommendation X series 1988 has full technical specifications for X.25, X.3, X.28, X.29, and Link Access Protocol–Balanced (LAPB). IETF RFC 1356 has the technical specification for IP over X.
Configuring X.25 Configuring the logical link to an X.25 network Call Type Type of connection, such as switched, or nailed. You can set the Call Type parameter to specify the type of connection between the local and remote codecs. (A codec–COder/DECoder– is a device that encodes analog data into a digital signal for transmission over a digital medium. Codecs are often used for videoconferencing.) Nailed Grp The group number that supports the serial WAN connection.
Configuring X.25 Configuring the logical link to an X.25 network The next set of parameters in Ethernet > X.25 > X.25 profile includes defining the maximum number of seconds before recovery procedures begin, how many times the MAX can resend frames when the timer expires, and the maximum number of sequentially numbered frames that can be unacknowledged: Parameter Specifies LAPB T1 Maximum number of seconds the transmitter waits for acknowledgment before initiating a recovery procedure (Response timeout).
Configuring X.25 Configuring the logical link to an X.25 network Parameter Specifies X.25 pkt size The default (128) maximum, and minimum number of bytes in the data field of a data packet. X.25 Min pkt size Minimum number of bytes in the data field of a data packet when negotiating the packet size with a remote X.25 switch. X.25 Max pkt size Maximum number of bytes in the data field of a data packet when negotiating the packet size with a remote X.25 switch.
Configuring X.25 Configuring the logical link to an X.25 network X.121 and VCE Timer Val parameters The last two parameters in to set values for in Ethernet > X.25 > X.25 profile is the X.121 src addr parameter and the VCE Timer Val parameter. The X.121 Src Addr parameter specifies the MAX source address for logical links defined in the X.25 profile. An X.121 address contains from 1 to 15 decimal digits (for example, 031344159782738).
Configuring X.25 Configuring the logical link to an X.25 network Table 6-1. Sample telco subscription form (continued) Subscription-item Value X.25 profile setting Maximum number of outstanding data packets allowed between a DTE and a DCE before acknowledgment is required (W) 2 X.25 Window Size=2 Number of PVCs 0 X.25 Lowest PVC=0 Highest PVC channel number 0 X.25 Highest PVC=0 Default packet size 128 X.25 Pkt Size=128 Minimum packet size 64 X.
Configuring X.25 Configuring X.25 IP connections Configuring X.25 IP connections This section describes how to configure the MAX to exchange IP datagrams over the X.25 network connection specified in an X.25 profile. X.25 IP connections must be routed. They cannot be bridged. You must first set Ethernet > Answer > Encaps...> X25/IP=Yes, and Ethernet > Connection > Connection profile > Encaps=X25/IP. The Encaps parameter specifies the encapsulation method to use when exchanging data with a remote network.
Configuring X.25 Configuring X.25 IP connections Max Unsucc. calls, Inactivity Timer, and MRU parameters The next set of parameters in Ethernet > Connections > Connection profile > Encaps Options define the maximum number of calls, the number of seconds the MAX allows a connection to remain inactive, and the maximum number of bytes the MAX can receive in a single IP packet: Parameter Specifies Max Unsucc. calls The maximum number of unsuccessful X.
Configuring X.25 Configuring X.25 IP connections Route IP and LAN Adrs The last two parameters to set values for are the Route IP parameter and the LAN Adrs parameter. The Ethernet > Connections > Connection profile > Route IP parameter specifies the routing of IP data packets on the interface. IP routing must be enabled on both sides of the connection, and the MAX unit must be configured with an IP address in the Ethernet profile.
Configuring X.25 Configuring X.25 PAD connections Encaps=X25/IP Encaps options... X.25 Prof=ATT 6 Set the inactivity timer (to 30 seconds, for example): Inactivity Timer=30 7 Set the call mode and the local and remote X.121 addresses: Call Mode=Both Answer X.121 Addr=031344159782111 Remote X.121 Addr=031344159782111 8 Exit the profile and, at the exit prompt, select the exit and accept option. Configuring X.25 PAD connections An X.
Configuring X.25 Configuring X.25 PAD connections Note that you must set Encaps to X.25/PAD in the Connection profile to access the X.25/PAD parameters in Encaps Options: Ethernet Connections Connection profile Encaps=X.25/PAD Encaps options X25 Prof X.3 Param Prof VC Timer enable Auto-Call X.121 addr Reverse Charge RPOA CUG Index NUI X.3 Param Prof The X.3 Param Prof parameter specifies a default X.3 profile for the connection. You can also use a PAD command to specify a profile.
Configuring X.25 Configuring X.25 PAD connections Parameter Specifies PAD prompt The PAD prompt parameter specifies the prompt the user or the calling device sees when running an X.25 (Triple-X) PAD session on the MAX. The PAD user can either be a human user or a calling device running a script. You can specify up to 12 characters. The default is null.
Configuring X.25 Setting up X.25 PAD sessions 4 Open the Encaps Options subprofile and specify the name of the X.25 profile that carries this connection. 5 Specify the password that authenticates the user connection. 6 Specify a default X.3 parameter profile for this connection. 7 Specify the X.121 address and password for automatic calling. 8 Exit the profile and, at the exit prompt, select the exit and accept option. Example of X.25 PAD Ethernet Answer Encaps...
Configuring X.25 Setting up X.25 PAD sessions Table 6-2. X.
Configuring X.25 Setting up X.25 PAD sessions Table 6-2. X.3 parameters (continued) Parameter Description Possible values 11 (continued) Terminal-server access speed The following values are dependent on the PAD type: 4—600 bps 3—1200 bps 7—1800 bps 11—75 bps from, 1200 bps to DTE-C.
Configuring X.25 Setting up X.25 PAD sessions Table 6-2. X.
Configuring X.25 Setting up X.25 PAD sessions Table 6-3. X.3 profiles (continued) X.3 profile Contents DEFAULT (MINIMAL) 1:64, 2:1, 3:2, 4:0, 5:2, 6:5, 7:2, 8:0, 9:25, 10:72, 12:1, 13:5, 14:25, 15:1, 16:8, 17:24, 18:18, 19:1, 20:0, 21:0, 22:0 NULL 1:0, 2:0, 3:0, 4:0, 5:0, 6:0, 7:0, 8:0, 9:0, 10:0, 12:0, 13:0, 14:0,15:0, 16:0, 17:0, 18:0, 19:0, 20:0, 21:0, 22:0 X.25 PAD commands This section describes the X.
Configuring X.25 Setting up X.25 PAD sessions – LCL sets the number of columns to which tabs are expanded locally (num1). If the EXP keyword disables local tab expansion, LCL num1 specifies the number of columns to which the asynchronous device expands tabs sent to it. You can specify a number from 0 to 16. Zero specifies that no expansion takes place. – REM sets the number of columns to which tabs are expanded remotely (num2), that is, on input from the terminal to the network.
Configuring X.25 Setting up X.25 PAD sessions If you specify *F, the MAX inserts all the data into the user data portion of the call packet (with a maximum length of 124 bytes), and the MAX flags the packet as a fast select call. 6-20 • clr The Clr command clears a virtual circuit by sending a Clear-Request packet (from a DTE) or a Clear-Indication packet (from a DCE). • facilities [ * | facilities ] The Facilities command specifies which facilities to use in subsequent Call commands.
Configuring X.25 Setting up X.25 PAD sessions The Listen command specifies the match pattern for accepting an incoming call. It uses the following syntax: – The MAX matches the address argument against the subaddress specified by the incoming call. If the subaddresses match, the MAX accepts the incoming call. – The MAX matches the data against the last 12 bytes of the user data field of incoming calls. If the data matches, the MAX accepts the incoming call.
Configuring X.25 Setting up X.25 PAD sessions X.25 clear cause codes Table 6-5 shows hexadecimal X.25 clear cause codes. Table 6-5.
Configuring X.25 Setting up X.25 PAD sessions Table 6-6. X.
Configuring X.25 Configuring X.25 PAD users from RADIUS Table 6-6. X.
Configuring X.25 Customizing script support for X.25 PAD command-line modified profile (with the storeprof command) is no longer available. Since the X.3 profile is stored in RADIUS, there is no method to write the new profile back to RADIUS. Customizing script support for X.25 PAD The MAX X.25 PAD provides additional flexibility to work with a variety of devices that have their own expectations of banner messages, PAD prompts, PAD commands, and PAD signals.
Configuring X.25 Customizing script support for X.25 PAD Storeprofile Use the Storeprof command to store the current settings of the PAD parameters in a specified X.3 profile. Note: At the moment, you can store the current settings only in the X.3 profile named Custom. To store the current settings of the PAD parameters in the X.3 profile named Custom, use the following syntax to enter the Storeprof command at the PAD prompt: storeprof custom For instructions on how to set the X.3 parameters, see “X.
Configuring X.25 Configuring X.32 profiles for incoming switched X.25 connections ****** PROMPT> PROMPT> profile 6 */User loads the CUSTOM profile. */ PROMPT> set 1:1 /* User sets the Escape char to ctrl-P */ PROMPT> n 031454159782738 /* User places X.25 call. */ PROMPT> COM /* X.25 call connected. */ PROMPT> /* After exchanging some data with the called host, the user escapes to command mode. */ PROMPT> PROMPT> clr /* User clears the X.25 call.
Configuring X.25 Configuring X.32 profiles for incoming switched X.25 connections Net2Net circuit mode With traditional X.25 connections, you configure one X.25 switched connection per client, as in Figure 6-3. Figure 6-3. Traditional X.25 connection sX.25 DTE DCE sX.25 DCE DTE X.25 switch Client DCE Client sX.25 DTE Client But a MAX 6000 unit can enable several X.25 clients to share a single connection to an X.25 network. In Figure 6-4, the X.25 switch connects to the MAX 6000. The X.
Configuring X.25 Configuring X.32 profiles for incoming switched X.25 connections 11 Set X.25 Node Type to DCE. Note: The X.25 Node Type parameter specifies the X.25 application and manner in which the MAX unit uses the switched-B channel(s) to support that application. 12 Set the other parameters to match the requirements of the calling X.25 DTE. 13 Exit the profile and, at the exit prompt, select the exit and accept option. ISDN packet mode (on-demand X.25) MAX 6000 units support switched X.
Configuring X.25 Setting up ISDN D channel X.25 support Setting up ISDN D channel X.25 support This section discusses support of nailed X.25 connection over the D channel, but T3POS, X25/PAD, X25/IP, X25/PPP, and X25/MP (AO/DI) protocols are also supported over any channel that supports nailed X.25 connections (for example, B channel and serial WAN). Configuring ISDN D channel X.25 support To configure the MAX to support X.25 over the signaling D channel: 1 Open Ethernet > X25 > any X25 profile.
Configuring X.25 Setting up ISDN D channel X.25 support Figure 6-7. Example of a T3POS configuration Cash registers / kiosks PC or terminal server Retail outlet Asynchronous lines Ethernet X.
Configuring X.25 Setting up ISDN D channel X.25 support Depending on the current state of a transaction or call, and the mode of operation selected, T3POS uses different data formats and frame structures. The MAX supports four modes of operation: Local, Binary-Local, Transparent, and Blind. General frames A general frame (or data frame) is any sequence of octets received from or sent to the DTE within the period specified by the T1 timer (this timer is known as the Char-to-Char timer).
Configuring X.25 Setting up ISDN D channel X.25 support • T2: SYN-to-SYN timer • T3: ENQ Handling timer • T4: Response timer • T5: DLE, EOT timer • T6: Frame Arrival timer DTE-initiated calls If the first T3POS frame (which can be either a general frame or a control frame) the MAX receives is from the DTE, the session is qualified as DTE-initiated.
Configuring X.25 Setting up ISDN D channel X.25 support Configuring a T3POS connection Configuring a T3POS PAD connection requires two general procedures: • Create a Connection profile for each authenticated user connecting to the T3POS, or configure the Answer profile for unauthenticated users. • Create an X.25 profile that defines the X.25 connection the T3POS PAD uses. For detailed information about the T3POS parameters, see the MAX Reference.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) Accessing the T3POS from a dial-in connection The following example describes how a user accesses the X.25/T3POS from a modem. The X.25 data link is already up because it is a nailed physical connection. This scenario also applies to Telnet users connecting to port 150 of the MAX. Note: Telnet client programs should use 8-bit mode to connect to the MAX. In this example: 1 A user dials in through a modem or through Telnet.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) Introduction AO/DI is a networking service that enables you to send and receive data by means of an X.25 connection by way of an ISDN line (or leased-56k line) as well as by means of switched B-channels. Through its use of X.25 and Bandwidth Allocation Control Protocol (BACP), the MAX avoids dialup charges and usage of switched B-channels whenever it sends or receives data by way of the X.25 connection.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) • Net/BRI > Line Config > Line profile > Pri Num parameter • Net/BRI > Line Config > Line profile > Sec Num parameter Note: If you do not specify a value for the B Ch # parameter, you must specify a phone number for every B-channel that the MAX can use for additional AO/DI bandwidth.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) Configuring the Answer profile To configure the Answer profile to allow support of AO/DI: 1 From the main Edit menu, select Ethernet > Answer profile. 2 Open the Encaps submenu. 3 Set MP to Yes. 4 Set PPP to Yes. 5 Close the Encaps submenu. 6 Open the PPP options submenu. 7 Set BACP=Yes. 8 Exit the profile and, at the exit prompt, select the exit and accept option.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) 10 From the Connection profile main menu, open the Interface options submenu. 11 Set X.25 Prof to the name of the X.25 profile that the MAX uses for the connection. 12 Specify additional parameters for the X.25 connection as directed by the carrier. If you set Call Mode to Incoming or Both, proceed as follows: 1 From the Connection profile menu, open the Interface options submenu. 2 Set Answer X.121 addr to the value specified in the X.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) highlight any status window, then use the left and right arrow keys to display the Sys Options window. When the MAX displays the Sys Options window, press the down arrow key until the AO/DI feature appears.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) Displaying packet processing for a specific session The Ethernet > WAN Stat window displays the name, number of received packets, number of transmitted packets, and number of CRC errors of each online connection.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) For AO/DI B-channel accounting records, an NAS-Port value such as 10123 should be interpreted as: • 1=digital service • 01=line number • 23=channel number However, the NAS-Port value for an AO/DI X.25 SVC accounting record has a different meaning. An NAS-Port value such as 10123 should be interpreted as: • 1=digital service • 01=X.25 nailed group • 23=X.25 SVC channel number/Logical Channel Number (LCN) For easy identification of each X.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) While the AO/DI B-channel accounting records report the Ascend-Xmit-Rate and Ascend-Data-Rate attributes as either 56K or 64K (as for an MP call), the AO/DI X.25 SVC session always reports the Ascend-Xmit-Rate and Ascend-Data-Rate attributes as 9.6K. Note that the input and output packets logged are the actual X.25 data packets.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) Wed Dec 23 16:20:48 1998 User-Name="aodi1" NAS-Identifier=12.126.212 NAS-Port=10102 NAS-Port-Type=Sync Acct-Status-Type=Start Acct-Delay-Time=0 Acct-Session-Id="212345678" Acct-Authentic=RADIUS Ascend-Multilink-ID=1 Ascend-Num-In-Multilink=3 Ascend-Modem-PortNo=5 Ascend-Modem-SlotNo=9 Framed-Protocol=MP Framed-Address=1.2.3.4 4 The AO/DI client drops a B channel from line 1, channel 2.
Configuring X.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) Ascend-Modem-SlotNo=9 Framed-Protocol=MP Framed-Address=1.2.3.4 RADIUS dial-in AO/DI profile for PAP/CHAP with a fixed IP address You can now configure an AO/DI DNIS-service profile. The first-tier dial-in setup uses the new AO/DI value for Ascend-Call-Type. For example: # # AO/DI service-based DNIS profile. (12345 is the X.25 called address.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) # # For a client with a fixed IP address, the Framed-Address and the # Framed-Netmask attributes must be set for the client’s IP address. # Framed-Address=13.13.1.201, Framed-Netmask=255.255.255.0, # # If the unit must assign an IP address, replace the attributes that # set the local and/or remote IP address with the Ascend-Assign-IP-Pool # attribute.
Configuring X.25 Always On/Dynamic ISDN (AO/DI) O ID Chan Port I 285427858 N/A 9:2 I 285427859 1:23 9:3 I 285427860 1:22 9:4 ascend% Data Rate Type[mpID] 9600 9600 MP[2] 56K 56K MP[2] 56K 56K MP[2] Address 13.13.1.201 13.13.1.201 13.13.1.201 Name aodi1 aodi1 aodi1 Note that the X.25 channel reports N/A for the Line: Chan field, and reports 9.6k for both the Tx Data and the Rx Data fields.
Configuring IP Fax 7 Store-and-forward IP fax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Configuring system parameters for IP fax modem usage . . . . . . . . . . . . . . . . . . . . . . . 7-2 Configuring IP fax options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Atlas redialer and DID support on MAX 6000 units . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring IP Fax Configuring system parameters for IP fax modem usage Figure 7-1. Incoming IP fax from fax machine to Internet Fax server forwards fax on Internet... Fax server RAS Internet End user sends fax... PSTN INCOMING Outgoing IP faxes Figure 7-2 shows the basic structure of an outgoing IP fax operation. The fax server receives an outgoing fax from the Internet and interacts with the MAX unit to transfer it to the PSTN.
Configuring IP Fax Configuring system parameters for IP fax modem usage Net/E1 Line Config any profile Ch 1 TrnkGrp=9 System Sys Config Use Trunk Grps=0 Parameter Specifies Use Trunk Grps Enable/disable the use of trunk groups in the MAX. With the default setting of no, the Num Trunk Digits and Trunk-Group settings do not apply. With the yes setting, all channels must be assigned trunk-group numbers. Num Trunk Digits Number of digits to allow for trunk groups.
Configuring IP Fax Configuring system parameters for IP fax modem usage Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch Ch 1 Trnk Grp=5 2 Trnk Grp=5 3 Trnk Grp=5 4 Trnk Grp=5 5 Trnk Grp=5 6 Trnk Grp=5 7 Trnk Grp=5 8 Trnk Grp=5 9 Trnk Grp=5 10 Trnk Grp=5 11 Trnk Grp=5 12 Trnk Grp=5 13 Trnk Grp=5 14 Trnk Grp=5 15 Trnk Grp=5 16 Trnk Grp=5 17 Trnk Grp=5 18 Trnk Grp=5 19 Trnk Grp=5 20 Trnk Grp=5 21 Trnk Grp=5 22 Trnk Grp=5 23 Trnk Grp=5 24 Trnk Grp=5 Configuring a typical Call Route profil
Configuring IP Fax Configuring IP fax options This operation is transparent to the fax server, except that the modems can time out if a dial-out request is delayed more than 30 to 40 seconds. Following is an example with Parallel Dial set to the maximum value for T1: System Sys Config Parallel Dial=64 Configuring IP fax options Following are the IP fax parameters that enable the MAX to interact with a third-party fax server. (The settings shown are the defaults.
Configuring IP Fax Configuring IP fax options Parameter Specifies All Calls Are Fax Enable/disable the handling of all incoming calls as IP fax calls. When this parameter is set to no (the default), the MAX unit recognizes incoming fax calls by matching the caller’s DNIS number to one of the Fax-DNIS numbers specified by DNIS #N [N=1-4]. With the yes setting, IP fax service can be supported where DNIS is not available. DNIS #N [N=1–4] Up to 4 DNIS numbers.
Configuring IP Fax Configuring IP fax options Following is an example of an IP fax configuration that enables the MAX unit to handle incoming fax calls as shown in Figure 7-3: Ethernet Mod Config IP Fax Options IP Fax Enabled=Yes Incoming Port=1234 DNIS #1=2222 Server #1=10.1.2.34 Server #2=10.1.2.56 With this configuration, an IP fax is processed as follows: 1 An end user sends a fax to 123-555-1111.
Configuring IP Fax Configuring IP fax options Figure 7-4. Sending an outgoing IP fax to a fax machine Fax is received Fax is sent...
Configuring IP Fax Configuring IP fax options • +FHNG 11—when no fax tones are recognized at the far end ISDN disconnect cause codes are returned when fax calls fail, if they are available as part of the fax hangup codes. To avoid conflict with codes returned by modems and with codes returned by other units, the fax cause codes add 1000 to the standard codes so that they are in the range of 1000 through 1255.
Configuring IP Fax Configuring IP fax options MIB field name Reports eventTimeStamp For an IP fax call, the time that the modem is reserved for an outgoing call request. For any other type of call, this field reports the actual connected time. This information is available when the event type is callCleared(3). eventInOctets Total received bytes for the call. This information is available when the event type is callCleared(3). eventOutOctets Total transmitted bytes for the call.
Configuring IP Fax Configuring IP fax options RADIUS attribute Value NAS-Port Shelf, slot, line, and channel number from which the outgoing call originates. The value appears in the following binary format: FFSS SSLL LLLC CCCC FF specifies the shelf number. SSSS specifies the slot number. LLLLL specifies the line number. CCCCC specifies the channel number. Each value is zero-based.
Configuring IP Fax Atlas redialer and DID support on MAX 6000 units Attribute Value Ascend-CBCP-Trunk-Group applies only if one or both of the following conditions are true: • Calback Control Protocol (CBCP) is negotiated for a connection. • The call is an outgoing IP fax call and trunk groups are enabled in the System profile.
Configuring IP Fax Atlas redialer and DID support on MAX 6000 units Specifying the type of redialer You can select the type of redialer for incoming fax calls by setting the Dialer Type parameter, in the IP Fax Options profile to specify Mitel or Atlas. In previous software releases, MAX units supported only the Mitel redialer. DID on inbound IP fax calls Every DID subscriber, such as a network user or network device (such as a printer) receives a DID number.
Configuring OSPF Routing 8 OSPF overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1 Configuring OSPF routing in the MAX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9 To configure your MAX for Open Shortest Path First (OSPF) routing, you need to determine the interfaces—LAN or WAN—you wish to support the protocol. To configure OSPF for a LAN (Ethernet) interface, you use the Ether Options profile.
Configuring OSPF Routing OSPF overview TAOS implementation of OSPF The primary goal for the TAOS current implementation of OSPF is to enable the MAX to communicate with other routers within a single Autonomous System (AS). The TAOS implementation includes Area Border Router (ABR) capabilities and MD5 authentication. The MAX does not function as a full AS Border Router (ASBR), although it performs ASBR calculations for external routes such as WAN links that do not support OSPF.
Configuring OSPF Routing OSPF overview Masks (VLSM), or Classless Inter-Domain Routing (CIDR). The MAX routes a packet to the best (longest, or most specific) match. The MAX considers host routes to be subnets whose masks are all ones (0xFFFFFFFF). Note: Although OSPF is very useful for networks that use VLSM, Lucent recommends that you attempt to assign subnets as contiguously as possible, to prevent excessive link-state calculations by all OSPF routers on the network.
Configuring OSPF Routing OSPF overview Figure 8-2. Designated and Backup Designated Routers Router-1 Designated Router (DR) MAX Backup Designated Router (BDR) Router-2 To reduce the number of adjacencies each router must form, OSPF calls one of the routers the Designated Router. A Designated Router is elected as routers are forming adjacencies, and then all other routers establish adjacencies only with the designated router.
Configuring OSPF Routing OSPF overview Figure 8-3. OSPF costs for different types of links Cost = 10 Router-2 A Router-1 T1 T1 56Kbps Router-2 Cost = 10 Router-3 B Router-3 Cost = 240 The MAX has a default cost of one for a connected route (Ethernet) and ten for a WAN link. If you have two paths to the same destination, the MAX selects the one with the lower cost. You might want to account for the bandwidth of a connection when assigning costs.
Configuring OSPF Routing OSPF overview Figure 8-4. Dividing an AS into areas Area 1 Backbone Area ABR Area 3 Area 2 ABR ABR Stub areas For areas that are connected only to the backbone by one ABR (that is, the area has one exit point), there is no need to maintain information about external routes. To reduce the cost of routing, OSPF supports stub areas, in which a default route summarizes all external routes.
Configuring OSPF Routing OSPF overview When you configure the MAX as an NSSA internal router, you define the Type-7 LSAs you want to advertise throughout the NSSA as static routes. You must also specify whether these Type-7 LSAs should be advertised outside the NSSA. If you choose to advertise a Type-7 LSA, the NSSA Area Border Router (ABR) converts it to a Type-5 LSA, which can then be flooded throughout the AS. If you choose not to advertise a Type-7 LSA, it is not advertised beyond the NSSA.
Configuring OSPF Routing OSPF overview router, enabling the passing of additional information between routers on the boundary of the AS. Table 8-2. Shortest-path tree and resulting routing table for Router-1 N-1 Destination Next Hop Metric Network-1 Direct 0 Network-2 Direct 0 Network-3 Router-2 20 Network-4 Router-2 50 N-2 R-1 20 R-2 30 N-3 R-3 N-4 Table 8-3.
Configuring OSPF Routing Configuring OSPF routing in the MAX Configuring OSPF routing in the MAX This section shows how to add a MAX to your OSPF network. It assumes that you know how to configure the MAX with an appropriate IP address, (as described in Chapter 9, “Configuring IP Routing.”) The procedures in this section are examples based on Figure 8-6. To apply one or more of the procedures to your network, enter the appropriate settings instead of the ones shown. Figure 8-6.
Configuring OSPF Routing Configuring OSPF routing in the MAX Make sure the MAX is configured as an IP host To ensure the MAX is configured as an OSPF host, open Ethernet > Mod Config > Ether Options, and make sure that the following parameters have been set with appropriate values for your MAX: Ethernet Mod Config Ether options... IP Adrs=10.168.8.17/24 2nd Adrs=0.0.0.
Configuring OSPF Routing Configuring OSPF routing in the MAX Parameter Description AuthType Type of authentication to use for validating OSPF packet exchanges. With the None setting, no authentication is required. If the parameter is set to Simple (the default), the router uses the password supplied in the AuthKey parameter to validate OSPF packet exchanges.
Configuring OSPF Routing Configuring OSPF routing in the MAX If authentication is not required, set AuthType to None. 5 Set the Cost parameter to specify the cost for the MAX to route into the backbone area. For example: Cost=1 Specify a value greater than zero and less than 16777215. By default the cost of an Ethernet-connected route is 1. 6 Set the Transit Delay parameter to specify the expected transit delay for Link State Update packets.
Configuring OSPF Routing Configuring OSPF routing in the MAX RIP=Off Pool=0 (For detailed information, see Chapter 9, “Configuring IP Routing.”) 2 Open the OSPF Options subprofile and enable the RunOSPF parameter. RunOSPF=Yes 3 Set the Area parameter to specify the area ID number for the remote device and set the AreaType parameter to specify the area type. The area number must always be specified in dotted-quad format similar to an IP address. For example: Area=0.0.0.
Configuring OSPF Routing Configuring OSPF routing in the MAX Parameters already introduced in previous sections are listed in “Configuring OSPF on the Ethernet interface” on page 8-9. Additional parameters introduced in this section include: Parameter Description ASE-Type and Autonomous System External (ASE) routes are used only when OSPF is turned off on a particular interface. When OSPF is enabled, the ASE parameters are not applicable.
Configuring OSPF Routing Configuring OSPF routing in the MAX A Type-1 external metric is expressed in the same units as the link state metric (the same units as interface cost). Type-1 is the default. A Type-2 external metric is considered larger than any link-state path. Use of Type- 2 external metrics assumes that routing outside the AS is the major cost of routing a packet, and eliminates the need for conversion of external costs to internal link-state metrics.
Configuring OSPF Routing Configuring OSPF routing in the MAX 8-16 4 Exit the profile and, at the exit prompt, select the exit and accept option. 5 Reset the MAX.
9 Configuring IP Routing Introduction to IP routing on the MAX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Configuring LAN interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7 Configuring system-level routing policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10 Configuring WAN interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring IP Routing Introduction to IP routing on the MAX Table 9-1. IP address classes and number of network bits (continued) Class Address range Network bits Class B 128.0.0.0—191.255.255.255 16 Class C 192.0.0.0—223.255.255.255 24 For example, a class C address, such as 198.5.248.40, has 24 network bits, leaving eight bits for the host portion of the address. If no subnet mask is specified for a class C address, the MAX assumes the default mask of 24 bits, as shown in Figure 9-1. Figure 9-1.
Configuring IP Routing Introduction to IP routing on the MAX The broadcast address of any subnet has the host portion of the IP address set to all ones. The network address (or base address) represents the network itself, because the host portion of the IP address is all zeros. For example, if the MAX assigns the following address to a remote router: IP address=198.5.248.120/29 The Ethernet attached to that router has the following address range: 198.5.248.120 — 198.5.248.127 in which 198.5.248.
Configuring IP Routing Introduction to IP routing on the MAX IP routing table At system startup, a MAX unit builds an IP routing table that contains static routes established in various types of configuration profiles. In addition, the MAX unit uses routing protocols such as RIP or OSPF to learn additional routes from other IP routers and adds them to the routing table. (For additional information about configuring static and dynamic routing, see “Configuring routes for WAN connections” on page 9-31.
Configuring IP Routing Introduction to IP routing on the MAX Figure 9-3. Typical routing table ** Ascend MAX Terminal Server ** ascend% iproute show Destination 10.10.0.0/16 10.10.10.2/32 127.0.0.0/8 127.0.0.1/32 127.0.0.2/32 224.0.0.0/4 224.0.0.1/32 224.0.0.2/32 224.0.0.5/32 224.0.0.6/32 224.0.0.9/32 255.255.255.
Configuring IP Routing Introduction to IP routing on the MAX System-based routing With system-based routing, a MAX unit does not assign specific interface addresses to each WAN connection. It routes packets to the remote network through the WAN interface it created when the connection was brought up. Interface-based routing Interface-based routing uses numbered interfaces. Some routers or applications require numbered interfaces.
Configuring IP Routing Configuring LAN interfaces Configuring LAN interfaces To configure the LAN interface for IP routing, you need to establish an IP address, enable routing table updates, and configure Address Resolution Protocol (ARP) responses. The parameters for configuring the LAN interface are located in the Ethernet menu’s profiles.
Configuring IP Routing Configuring LAN interfaces Configuring routing table updates By setting the Ethernet > Mod Config > Ether Options > RIP parameter, you can configure each IP interface to send RIP updates (inform other local routers of its routes), receive RIP updates (learn about networks that can be reached through other routers on the Ethernet), or both. Note: Lucent recommends that you run RIP version 2 (RIP-v2) if possible.
Configuring IP Routing Configuring LAN interfaces Figure 9-6. Creating a subnet for the MAX GRF 10.0.0.17 WAN 10.0.0.0 MAX 10.2.3.1/24 You can place the MAX unit on a subnet of that network by including a subnet mask in the IP address specification. For example: 1 Open Ethernet > Mod Config > Ether Options. 2 Set the IP Adrs parameter to specify the IP subnet address for the MAX on the Ethernet network. For example: Ethernet Mod Config Ether options… IP Adrs=10.2.3.
Configuring IP Routing Configuring system-level routing policies You can terminate the Ping exchange at any time by pressing Ctrl-C. Configuring system-level routing policies Depending on the requirements of your network environment, you need to configure system-global routing policies in addition to the LAN interface.
Configuring IP Routing Configuring system-level routing policies Forcing callers configured for a pool address to accept dynamic assignment During PPP negotiation, a caller can reject the IP address offered by the MAX unit and present its own IP address for consideration. Connection profiles compare IP addresses as part of authentication, so the unit would automatically reject such a request if the caller has a Connection profile.
Configuring IP Routing Configuring system-level routing policies The address pool parameters enable the MAX unit to assign an IP address to incoming calls that are configured for dynamic assignment. These addresses are assigned on a first-come, first-served basis. After the unit terminates a connection, its address is freed up and returned to the pool for reassignment to another connection. Figure 9-7 shows a host using PPP dial-in software to connect to the unit. Figure 9-7.
Configuring IP Routing Configuring system-level routing policies advertises the entire pool as a route, and only privately knows which IP addresses in the pool are active, a remote network can improperly send the MAX unit a packet for an inactive IP address. Depending on the static-route specification, these packets are either bounced with an ICMP host unreachable message or silently discarded.
Configuring IP Routing Configuring system-level routing policies SLIP BOOTP makes it possible for a computer connecting to the unit over a SLIP connection to use BOOTP. A MAX unit supports BOOTP on only one connection. If you enable both SLIP BOOTP and BOOTP relay, you receive an error message. You can specify the IP address of one or two BOOTP servers with the Server parameters. If you specify two BOOTP servers, the unit that relays the BOOTP request determines when to use each server.
Configuring IP Routing Configuring system-level routing policies Client Pri DNS A primary DNS server address to be sent to any client connecting to the MAX. Client Sec DNS A secondary DNS server address to be sent to any client connecting to the MAX. DNS lists DNS can return multiple addresses for a hostname in response to a DNS query, but it does not include information about availability of those hosts. Users typically attempt to access the first address in the list.
Configuring IP Routing Configuring system-level routing policies Configure local DNS service Note: In this example of a DNS configuration, client DNS is not in use. You can, however, protect your DNS servers from callers by defining connection-specific client DNS servers and specifying that Connection profiles use those client servers. For information about client DNS, see “Client DNS” on page 9-15. To configure the local DNS service: 1 Open Ethernet > Mod Config > DNS.
Configuring IP Routing Configuring system-level routing policies • Can be a local name or a fully qualified name that includes the domain name. Periods at the ends of names are ignored. On a MAX unit, the DNS table provides additional information about each entry. The information is in the following two fields, which the unit updates when the system matches the table entry with a hostname not found by the remote server: • # Reads—The number of reads since the unit created the entry.
Configuring IP Routing Configuring system-level routing policies To place the initial entries in the table: 1 At the terminal-server interface, enter: dnstab edit Before you make any entries, the table is empty. The editor initially displays zeros for each of the eight entries in the table. To exit the table editor without making an entry, press Enter. 2 Type an entry number and press Enter. A warning appears if you type an invalid entry number.
Configuring IP Routing Configuring system-level routing policies If the address is in the correct format, the system places it in the table and prompts you for another entry. 5 When you are finished editing, type the letter O and press Enter when the editor prompts you for another entry.
Configuring IP Routing Configuring system-level routing policies can use the MAX to respond to distant networks without having to configure an IP address first. Reserved address If there is an IP address that is reserved for the host, the MAX assigns the reserved address. Lease renewal If the host is renewing the address it currently has, the MAX assigns the host the same address.
Configuring IP Routing Configuring system-level routing policies Enable and configure DHCP spoofing Configuring DHCP spoofing assigns a temporary IP address for a host in order for a security-card user to acquire a current password from a security server to bring up an authenticated dial-up session. Set the following parameters: Parameter Specifies Dial If Link Down Used with DHCP spoofing in conjunction with BOOTP Relay. This parameter applies when both DHCP spoofing and BOOTP relay are enabled.
Configuring IP Routing Configuring system-level routing policies Reserve IP addresses for specific hosts You can configure the MAX reserve IP addresses for the exclusive use of as many as three hosts, identified by their MAC addresses. Proceed as follows: 1 To reserve an IP address for a particular host, set the Host 1 IP parameter to the IP address to be reserved for the host. 2 Set the Host 1 Enet parameter to the MAC (Ethernet) address of the host.
Configuring IP Routing Configuring system-level routing policies Host 3 IP=0.0.0.0/0 Host 3 Enet=000000000000 Translating network addresses for a LAN Network Address Translation (NAT) functionality makes it possible for the MAX unit to translate private IP addresses on its local LAN to IP addresses temporarily supplied by a remote access router. To connect to the Internet or any other TCP/IP network, a host must have an IP address that is unique within that network.
Configuring IP Routing Configuring system-level routing policies The translations between the local network and the Internet or remote network are dynamic and do not need to be preconfigured. Incoming connection address translation For incoming calls, the MAX can perform NAT for multiple hosts on the local network by using its own IP address. The MAX routes incoming packets for up to 10 different TCP or UDP ports to specific servers on the local network.
Configuring IP Routing Configuring system-level routing policies The advantage of multiple-address NAT is that hosts on the remote network can connect to specific hosts on the local network, not just specific services such as Web or FTP service. This advantage can be realized only if the remote DHCP server is configured to assign the same address whenever a particular local host requests an address.
Configuring IP Routing Configuring system-level routing policies Configuring single- or multiple-address NAT To configure NAT on the MAX: 1 Open the Ethernet > NAT > NAT profile. For example: NAT 50-C01 NAT... Routing=Yes Profile=NATprofile Lan=Single IP addr FR address=10.10.10.10 Static Mappings... Def Server=N/A Reuse last addr=N/A Reuse addr timeout=N/A 2 Enable NAT by setting the Routing parameter to Yes. Without this setting, no other setting is valid.
Configuring IP Routing Configuring system-level routing policies Reuse last addr=No Reuse addr timeout=N/A Configuring NAT port routing (Static Mapping subprofiles) The Static Mappings profile includes 10 Static Mapping NN subprofiles, where NN is a value from 1 to 10. Each of these subprofiles contains parameters for controlling the translation of the private IP addresses to TCP or UDP port numbers when operating in single-address NAT mode.
Configuring IP Routing Configuring system-level routing policies 5 To ensure that all incoming sessions are routed to the default server, open each Ethernet > NAT > NAT > Static Mappings > Static Mapping NN subprofile (where NN is a number from 1 to 10) and make sure that the Valid parameter in each subprofile is set to No. 6 Set the Def Server parameter to the IP address of the server, on the local network, that is to receive all incoming packets from the remote network.
Configuring IP Routing Configuring system-level routing policies 13 Optionally, open the Ethernet > NAT > NAT profile and set the Def Server parameter to the IP address of a server, on the local network, that is to receive any remaining incoming packets from the remote network (that is, any that are not for ports you have specified in Static Mapping NN subprofiles). 14 Exit the profile and, at the exit prompt, select the exit and accept option.
Configuring IP Routing Configuring system-level routing policies communicate with the server, you must set the Ethernet > Mod Config > SNTP Server > SNTP Enabled parameter to Yes. In addition, you set the Time Zone parameter to specify your time zone as an offset from Universal Time Coordinated (UTC). UTC is the same as Greenwich Mean Time (GMT). Specify the offset in hours, using a 24-hour clock.
Configuring IP Routing Configuring WAN interfaces UDP checksums for ensuring data integrity If data integrity is of the highest concern for your network, and having redundant checks is important, you can turn on UDP checksums to generate a checksum whenever a UDP packet is transmitted. UDP packets are transmitted for queries and responses related to ATMP, SYSLOG, DNS, ECHOSERV, RADIUS, TACACS, RIP, SNTP, and TFTP. Set Ethernet > UDP CKsum to Yes to turn on UDP checksums.
Configuring IP Routing Configuring WAN interfaces Specify the remote IP address In the Connections profile’s IP Options subprofile, the LAN Adrs parameter specifies the IP address of the remote device. Before accepting a call from the far end, the MAX matches this address to the source IP address presented by the calling device.
Configuring IP Routing Configuring WAN interfaces Assigning metrics and preferences Connection profiles often represent switched connections, which have an initial cost that you avoid if you use a nailed-up link to the same destination. To favor nailed-up links, you can assign a higher metric to switched connections than to any of the nailed-up links to the same destination. Each connection represents a static route, which has a default preference of 100.
Configuring IP Routing Configuring WAN interfaces Settings in RADIUS profiles The following attribute-value pairs configure IP options in a RADIUS profile: Attribute Value Ascend-Route-IP (228) Enables/disables IP routing for the interface. IP routing is enabled by default. Framed-Compression (13) Enables/disables Van Jacobsen prediction. You can specify VanJacobson-TCP-IP to turn on TCP/IP header compression. If you do not specify this value, RADIUS uses the default of no header compression.
Configuring IP Routing Configuring WAN interfaces Attribute Value Ascend-Multicast-RateLimit (152) Multicast forwarding option. Ascend-MulticastGLeave-Delay (111) Multicast forwarding option. Ascend-Client-PrimaryDNS (135) Client DNS option. Ascend-ClientSecondary-DNS (136) Client DNS option. Ascend-Client-AssignDNS (137) Client DNS option. Ascend-Client-Gateway (132) Default route for traffic from this connection. Ascend-IP-TOS (87) Type of Service of the data stream.
Configuring IP Routing Configuring WAN interfaces UNIX software UNIX systems typically include a TCP/IP stack, DNS software, and other software, files, and utilities used for Internet communication. UNIX network administration documentation describes how to configure these programs and files. Windows or OS/2 software PCs running Windows or OS/2 need TCP/IP networking software.
Configuring IP Routing Configuring WAN interfaces configured to acquire its IP address dynamically. For example, the following a sample software configuration presumes that the PC has a modem connection to the MAX unit: Username=victor Accept Assigned IP=Yes IP address=Dynamic (or Assigned or N/A) Netmask=255.255.255.255 (or None or N/A) Default Gateway=None or N/A Name Server=10.2.3.55 Domain suffix=abc.
Configuring IP Routing Configuring WAN interfaces Encaps options... Send Auth=CHAP Recv PW=*SECURE* 9 Set the Route IP parameter to enable IP routing, and set the Pool parameter to specify the IP address pool from which the caller is assigned an IP address: Route IP=Yes IP options… LAN Adrs=0.0.0.0/0 RIP=Off Pool=1 10 Exit the profile and, at the exit prompt, select the exit and accept option. Configuring RADIUS pseudo-user profiles You can define address pools in a RADIUS pools pseudo-user profile.
Configuring IP Routing Configuring WAN interfaces Figure 9-10. A dial-in user requiring a static IP address (a host route) Site A Site B MAX WAN IP Adrs=10.2.3.1/24 IP Adrs=10.8.9.10 Host with ISDN modem card installed In this example, the PC at Site B is running PPP software that includes settings such as the following: Username=patti Accept Assigned IP=N/A (or No) IP address=10.8.9.10 Subnet mask=255.255.255.255 Default Gateway=N/A (or None) Name Server=10.7.7.1 Domain suffix=abc.
Configuring IP Routing Configuring WAN interfaces Configuring an IP Direct connection You can configure a Connection profile to automatically redirect incoming IP packets to a specified host on the local IP network without having the packets pass through the routing engine on the MAX, as shown in Figure 9-11. Figure 9-11. Directing incoming IP packets to one local host Site B Site A IP Direct=10.2.3.11 IP Adrs=10.2.3.1/22 IP Adrs=10.8.9.10/22 WAN MAX Ethernet Pipeline Host=10.2.3.
Configuring IP Routing Configuring WAN interfaces 6 Open the Session Options subprofile and specify the IP Direct host. For example: Session options… IP Direct=10.2.3.11 7 Exit the profile and, at the exit prompt, select the exit and accept option. Note: The IP Direct address you specify in Connections > any Connection profile > Session Options is the address to which the MAX directs all incoming packets on this connection.
Configuring IP Routing Configuring WAN interfaces To configure the Site B Pipeline: 1 Open the Connection profile for the Site A MAX. 2 Set the Station parameter to specify the Site A MAX unit’s name, set the Active profile to activate the profile, and specify the desired encapsulation options. For example: Ethernet Connections Connection profile 1 Station=MAXA Active=Yes Encaps=MPP Encaps options...
Configuring IP Routing Configuring WAN interfaces Figure 9-13. A connection between local and remote subnets Site A GRF 10.4.4.133/24 Site B 10.7.8.232 WAN MAX 10.4.5.1/24 Pipeline 10.7.8.200/24 10.7.8.204 This example assumes that the Answer profile in each of the two devices enables IP routing. Because the MAX unit specifies a subnet mask as part of its own IP address, the unit must use other routers to reach IP addresses outside that subnet.
Configuring IP Routing Configuring WAN interfaces 3 Exit the profile and, at the exit prompt, select the exit and accept option. To configure the Site B Pipeline unit for a connection to Site A: 1 Open the Connection profile in the Pipeline unit for the Site A MAX. 2 Set the Station parameter to specify the Pipeline unit’s system name, set the Active parameter to activate the profile, and specify the desired encapsulation options.
Configuring IP Routing Configuring WAN interfaces Figure 9-14. Example of a numbered interface 10.1.2.3/32 MAX WAN 10.2.3.4/24 10.5.6.7/24 10.7.8.9/24 10.5.6.8/24 The numbered interface addresses are: • IF Adrs=10.5.6.7/24 • WAN Alias=10.5.6.8/24 Figure 9-14 also shows an unnumbered interface. The 10.1.2.3/32 connection uses a single system-based address for both the MAX itself and the dial-in user.
Configuring IP Routing Configuring WAN interfaces Ascend-PPP-Addr = 10.5.6.7, Ascend-IF-Netmask = 255.255.255.0 Type of service (TOS) support for selecting quality of service Type of Service (TOS) support is an IP feature that enables the MAX unit to select a quality of service for an application. Quality of service (QoS) is important in transmission of high bandwidth audio and video data.
Configuring IP Routing Configuring WAN interfaces Parameter Specifies Precedence Priority level of the data stream. The three most significant bits of the TOS byte are priority bits used to set precedence for priority queuing.
Configuring IP Routing Configuring WAN interfaces Settings in a RADIUS profile Following are the relevant attribute-value pairs in RADIUS: Attribute Specifies Ascend-IP-TOS (88) Type of Service (TOS) of the data stream.
Configuring IP Routing Configuring WAN interfaces Defining TOS filters To specify the QoS for all packets that match a specific filter specification, you can define a TOS filter locally in a Filter profile, and then apply the filter to any number of Connection profiles or RADIUS profiles. (The Filter-ID attribute can apply a local Filter profile to RADIUS user profiles.) Administrators can also define TOS filters directly in a RADIUS user profile by setting the Ascend-Filter attribute.
Configuring IP Routing Configuring WAN interfaces Specifying a QoS for all packets matching a local Filter profile Following are the Ethernet > Filters parameters used in the example of specifying a QoS for all packets matching a local Filter profile: 9-50 Parameter Specifies Src Mask A subnet mask to apply to the Source-Address value before comparing the result to the source address in a packet.
Configuring IP Routing Configuring WAN interfaces Parameter Specifies Dst Port # Port number that the MAX compares with the destination port in a packet. See RFC 1700 for a list of port numbers. Precedence Priority level of the data stream. The three most significant bits of the TOS byte are priority bits used to set precedence for priority queuing.
Configuring IP Routing Configuring WAN interfaces Note: A filter definition cannot contain new lines. The syntax is shown here on multiple lines for printing purposes only. Keyword or argument Description iptos Specifies an IP filter. dir Specifies filter direction. You can specify in (to filter packets coming into the MAX) or out (to filter packets going out of the MAX). dstip n.n.n.
Configuring IP Routing Configuring WAN interfaces Keyword or argument Description precedence value type-of-service value Specifies the priority level of the data stream. The three most significant bits of the TOS byte are priority bits used to set precedence for priority queuing.
Configuring IP Routing Configuring WAN interfaces Src Adrs=0.0.0.0 Dst Mask=255.255.255.255 Dst Adrs=10.168.6.24 Protocol=6 Src Port Cmp=None Src Port #=0 Dst Port Cmp=Eql Dst Port #=23 Precedence=010 Type of service=Latency Following is a RADIUS user profile that contains a comparable filter specification: sampleProf Password="mypasswd", User-Service=Framed-User Framed-Protocol=PPP, Framed-IP-Address=10.168.6.120 Framed-IP-Netmask=255.255.255.0 Ascend-Filter="iptos in dstip 10.168.6.
Configuring IP Routing Configuring IP routes Applying a TOS filter to a RADIUS profile In a RADIUS profile, you can use one of the following attribute-value pairs to apply a TOS filter: Attribute Specifies Ascend-Filter (91) A string-format filter, which can include an IP TOS filter specification within a specific user profile. Filter-ID (11) Name of a local Filter profile that defines a TOS filter.
Configuring IP Routing Configuring IP routes Dynamic routes A dynamic route is a path, to another network, that is learned from another IP router rather than configured in one of the MAX unit’s local profiles. A router that uses RIP broadcasts its entire routing table every 30 seconds, updating other routers about the usability of particular routes. Hosts that run ICMP can also send ICMP Redirects to offer a better path to a destination network. OSPF routers propagate link-state changes as they occur.
Configuring IP Routing Configuring IP routes The Static Rtes profile contains many of the parameters used to configure static routes, including the following: Parameter Specifies Name The name of the IP route, used for indexing. You can assign any name of 31 or fewer characters. Active Whether the route has been added to the routing table. A route must be active to affect packet routing. If Active=No, the route is ignored.
Configuring IP Routing Configuring IP routes Settings in a RADIUS route profiles A route profile is a pseudo-user profile in which the first line has this format: route-name-N Password = "ascend", Service-Type = Outbound-User The name argument is the MAX system name (specified by the Name parameter in the System profile), and N is a number in a sequential series, starting with 1. Make sure there are no missing numbers in the series specified by N.
Configuring IP Routing Configuring IP routes If a Framed-Route definition in a user profile duplicates a route defined in a route or IP-Route profile, the user profile definition takes precedence while the connection is active. For example, suppose a static route to network 10.10.10.10 is defined in a local IP-Route profile with a metric of 10. A RADIUS user profile in RADIUS defines a static route to 10.10.10.10 with a metric of 7.
Configuring IP Routing Configuring IP routes Defining a static route to a remote subnet If the connection does not enable RIP, the MAX does not learn about other networks or subnets that might be reachable through the remote device. The remote network shown in Figure 9-15 is an example of such a network. Figure 9-15. Two-hop connection that requires a static route when RIP is off Site B Site A Site C MAX Pipeline WAN Ethernet Ethernet 10.9.8.10/22 IP Adrs=10.2.3.1/22 Subnet=10.4.5.
Configuring IP Routing Configuring IP routes Dynamic route configuration You can configure the MAX unit to modify the IP routing table dynamically. To do so, you must configure each active interface to send or receive RIP or OSPF updates. You can also configure the Ethernet interface to accept or ignore ICMP redirects.
Configuring IP Routing Configuring IP routes ICMP Redirects ICMP Redirect packets enable the MAX to dynamically find the most efficient IP route to a destination, but they are one of the oldest and least secure route discovery methods on the Internet. ICMP Redirect packets can be counterfeited to change the way a device routes packets. Therefore, the ICMP Redirects parameter is set to Ignore by default. Change the setting to Accept if you want to accept these packets.
Setting Up IP Multicast Forwarding 10 Introduction to multicast forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1 Configuring multicast forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2 Examples of multicast forwarding configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up IP Multicast Forwarding Configuring multicast forwarding Configuring multicast forwarding To configure the MAX unit to act as a multicast forwarder, you must enable multicast forwarding and identify the MBONE interface. You also need to configure the local or WAN interfaces that support multicast clients. Depending on your network requirements, you might also configure heartbeat monitoring, which provides monitoring for connectivity problems.
Setting Up IP Multicast Forwarding Configuring multicast forwarding Specifying the rate which multicast clients accept packets The Rate Limit parameter specifies the rate at which the MAX accepts multicast packets from its clients. For a particular WAN connection, you can set the Multicast Rate parameter in the Connection profile. The rate limit does not affect the MBONE interface. The default setting is 100, which disables multicast forwarding on the interface.
Setting Up IP Multicast Forwarding Configuring multicast forwarding Implicit priority setting for dropping multicast packets For high-bandwidth data, voice, and audio multicast applications, the MAX supports prioritized packet dropping. If the MAX is the receiving device under extremely high loads, it drops packets according to a priority ranking, which the following UDP port ranges determine: • Traffic on ports 0–16384 (unclassified traffic) has the lowest priority (50).
Setting Up IP Multicast Forwarding Examples of multicast forwarding configuration Setting Parameters Threshold for generating an alarm Heartbeat Alarm Threshold specifies a number. If the number of monitored packets falls below this number, the MAX sends the SNMP alarm trap. Examples of multicast forwarding configuration The examples in this section show how to configure MBONE routers on the Ethernet and on a WAN. They also show how to configure multicast clients.
Setting Up IP Multicast Forwarding Examples of multicast forwarding configuration HeartBeat Addr=224.1.1.1 HeartBeat Udp Port=16387 3 Set the Heartbeat Slot Time, HeartBeat Slot Count, and Alarm Threshold parameters to specify the time, count, and alarm threshold. For example: HeartBeat Slot Time=10 HeartBeat Slot Count=10 Alarm threshold=3 Source Addr=0.0.0.0 Source Mask=0.0.0.0 4 Exit the profile and, at the exit prompt, select the exit and accept option.
Setting Up IP Multicast Forwarding Examples of multicast forwarding configuration Configuring the MAX to respond to multicast clients To configure the MAX to respond to multicast clients on the Ethernet: 1 Open Ethernet > Mod Config > Multicast and set the Forwarding parameter to enable multicast forwarding, set Mbone Profile to specify the number of the Connection profile for the MBONE interface, and set Client to Yes: Ethernet Mod Config Multicast...
Setting Up Virtual Private Networks 11 Introduction to Virtual Private Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1 Configuring ATMP tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2 Configuring PPTP tunnels for dial-in clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-27 Configuring L2TP tunnels for dial-in clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting Up Virtual Private Networks Configuring ATMP tunnels Configuring ATMP tunnels ATMP is a UDP/IP-based protocol for tunneling between two MAX units across an IP network. Data is transported through the tunnel in Generic Routing Encapsulation (GRE), as described in RFC 1701. (For a complete description of ATMP, see RFC 2107, Ascend Tunnel Management Protocol - ATMP.) This section describes how ATMP tunnels work between two MAX units.
Setting Up Virtual Private Networks Configuring ATMP tunnels two-second intervals, timing out and logging a message if it receives no response to the requests. 6 The Home Agent requests a password before it creates the tunnel. 7 The Foreign Agent returns an encrypted version of the Ascend-Home-Agent-Password value found in the mobile client’s RADIUS profile. This password must match the Home Agent’s Password parameter in the ATMP configuration in the Ethernet profile.
Setting Up Virtual Private Networks Configuring ATMP tunnels uses MTU discovery mechanisms to determine the maximum packet size, and fragments packets before sending them. How link compression affects the MTU If any kind of compression is on (such as VJ header or link compression), the connection can transfer larger packets without exceeding a link’s Maximum Receive Units (MRU).
Setting Up Virtual Private Networks Configuring ATMP tunnels is unreachable without fragmentation. This standard, expected behavior improves end-to-end performance by enabling the connection end-points to perform any required fragmentation and reassembly. However, some outdated client software does not handle this process correctly and continues to send packets that are larger than the specified GRE MTU.
Setting Up Virtual Private Networks Configuring ATMP tunnels Station=name-of-home-agent Active=Yes Dial #=555-1212 Route IP=Yes IP options... LAN Adrs=10.1.2.3/24 Following are the parameters (shown with sample settings) for using RADIUS authentication: Ethernet Mod Config Auth... Auth=RADIUS Auth Host #1=10.23.45.11/24 Auth Host #2=0.0.0.0/0 Auth Host #3=0.0.0.
Setting Up Virtual Private Networks Configuring ATMP tunnels Ascend-Primary-Home-Agent=10.1.2.3, Ascend-Home-Agent-Password="private" Understanding the Foreign Agent parameters and attributes This section provides some background information about configuring a Foreign Agent to initiate an ATMP request to the Home Agent MAX. For detailed information about each parameter, see the MAX Reference. For details about attributes and configuring external authentication, see the TAOS RADIUS Guide and Reference.
Setting Up Virtual Private Networks Configuring ATMP tunnels Table 11-1.Required RADIUS attributes to reach an IP home network (continued) Home Agent in router mode Home Agent in gateway mode Ascend-Home-Agent-UDP-Port Ascend-Home-Agent-UDP-Port Ascend-Home-Network-Name Table 11-2.
Setting Up Virtual Private Networks Configuring ATMP tunnels Attribute Description Framed-IPX-Network Virtual IPX network number. Assigned to dial-in NetWare clients (mobile clients) to enable the Home Agent to route back to the mobile client. This IPX network number must be represented in decimal, not hexadecimal, and it must be unique in the IPX routing domain. (Note that you typically specify IPX network numbers in hexadecimal.
Setting Up Virtual Private Networks Configuring ATMP tunnels 4 Exit the profile and, at the exit prompt, select the exit and accept option. 5 Open a Connection profile and configure an IP routing connection to the Home Agent. For example: Ethernet Connections 90-101 Connection profile 1 Station=home-agent Active=Yes Encaps=MPP Dial #=555-1212 Route IP=Yes Encaps options... Send Auth=CHAP Recv PW=home-pw Send PW=foreign-pw IP options... LAN Adrs=10.1.2.
Setting Up Virtual Private Networks Configuring ATMP tunnels Ascend-Primary-Home-Agent=10.1.2.3, Ascend-Home-Agent-Password="private" When the mobile client logs into the Foreign Agent with the password ipx-unit, the Foreign Agent uses RADIUS to authenticate the mobile client. It then looks for a profile with an IP address that matches the Ascend-Home-Agent-IP-Addr value, so that it can bring up an IP connection to the Home Agent.
Setting Up Virtual Private Networks Configuring ATMP tunnels IP Adrs=10.1.2.3/24 IPX Frame=802.2 IPX Enet #=00000000 ATMP options... ATMP Mode=Home Type=Router Password=private SAP Reply=No UDP Port=5150 GRE MTU=1472 Force fragmentation=No Idle limit=0 ATMP SNMP Traps=No The IP routing connection to the Foreign Agent uses the following parameters (shown with sample settings): Ethernet Connections any Connection profile Station=foreign-agent Active=Yes Encaps=MPP Dial #=555-1213 Route IP=Yes Encaps options.
Setting Up Virtual Private Networks Configuring ATMP tunnels Parameter Usage SAP Reply Enables a Home Agent to reply to the mobile client’s IPX Nearest Server Query if it knows about a server on the home network. If the parameter is set to No, the Home Agent simply tunnels the mobile client’s request to the home network. UDP Port ATMP uses UDP port 5150 for ATMP messages between the Foreign Agent and Home Agent.
Setting Up Virtual Private Networks Configuring ATMP tunnels 3 Specify the password used to authenticate the tunnel (Ascend-Home-Agent-Password). For example: ATMP options... ATMP Mode=Home Type=Router Password=private SAP Reply=No UDP Port=5150 GRE MTU=1472 Force fragmentation=No Idle limit=0 ATMP SNMP Traps=No 4 Exit the profile and, at the exit prompt, select the exit and accept option. 5 Open a Connection profile and configure an IP routing connection to the Foreign Agent.
Setting Up Virtual Private Networks Configuring ATMP tunnels 4 Set SAP Reply to Yes, and leave the default for UDP port: Password=private SAP Reply=Yes UDP Port=5150 5 Exit the profile and, at the exit prompt, select the exit and accept option. 6 Open a Connection profile and configure an IP routing connection to the Foreign Agent. For example: Ethernet Connections any Connection profile Station=foreign-agent Active=Yes Encaps=MPP Dial #=555-1213 Route IP=Yes Encaps options...
Setting Up Virtual Private Networks Configuring ATMP tunnels Limiting the maximum number of tunnels If you decide to limit the maximum number of tunnels a gateway will support, you should consider the expected traffic per mobile-client connection, the bandwidth of the connection to the home network, and the availability of alternative Home Agents (if any). For example, the lower the amount of traffic generated by each mobile-client connection, the more tunnels a gateway connection will be able to handle.
Setting Up Virtual Private Networks Configuring ATMP tunnels Type=Gateway Password=private SAP Reply=No UDP Port=5150 GRE MTU=1472 Force fragmentation=No Idle limit=0 ATMP SNMP Traps=No The IP routing connection to the Foreign Agent uses the following parameters (shown with sample settings): Ethernet Connections any Connection profile Station=foreign-agent Active=Yes Encaps=MPP Dial #=555-1213 Route IP=Yes Encaps options... Send Auth=CHAP Recv PW=foreign-pw Send PW=home-pw IP options... LAN Adrs=10.65.212.
Setting Up Virtual Private Networks Configuring ATMP tunnels Telco options... Call Type=Nailed Group=1,2 Session options... ATMP Gateway=Yes MAX ATMP Tunnels=0 ATMP RIP=Send-v2 The IPX routing parameters are required only if the MAX is routing IPX. Understanding the ATMP gateway-mode parameters This section provides some background information about configuring a Home Agent in gateway mode. For detailed information about each parameter, see the MAX Reference.
Setting Up Virtual Private Networks Configuring ATMP tunnels Connection profile to the home network The Connection profile to the home network must be a local profile. It cannot be specified in RADIUS. The name of this Connection profile must match the name specified by the Ascend-Home-Network-Name attribute in the mobile client’s RADIUS profile. In addition, the Connection profile for connection to the home network must specify the following values: • Nailed call type.
Setting Up Virtual Private Networks Configuring ATMP tunnels Encaps=MPP Dial #=555-1213 Route IP=Yes Encaps options... Send Auth=CHAP Recv PW=foreign-pw Send PW=home-pw IP options... LAN Adrs=10.65.212.226/24 Or comparable settings in a RADIUS profile: mclient Password = "local-password" Service-Type = Framed-User, Tunnel-Type = ATMP, Tunnel-Server-Endpoint = "2.2.2.
Setting Up Virtual Private Networks Configuring ATMP tunnels IPX Frame=802.2 IPX Enet #=00000000 For details, see Chapter 12, “Configuring IPX Routing.” 2 Open the ATMP Options subprofile, set ATMP Mode to Home, and set Type to Gateway. 3 Specify the password used to authenticate the tunnel. It must match the Ascend-Home-Agent-Password attribute of each mobile client’s RADIUS profile. 4 Set SAP Reply to Yes. The profile now has the following settings: ATMP options...
Setting Up Virtual Private Networks Configuring ATMP tunnels IPX options... IPX RIP=None IPX SAP=Both NetWare t/o=30 Telco options... Call Type=Nailed Group=1,2 Session options... ATMP Gateway=Yes MAX ATMP Tunnels=0 ATMP RIP=Send-v2 8 Exit the profile and, at the exit prompt, select the exit and accept option. Specifying the tunnel password The Home Agent typically requests a password before establishing a tunnel.
Setting Up Virtual Private Networks Configuring ATMP tunnels Figure 11-5. MAX acting as both Home Agent and Foreign Agent Home Network A Home Network B ATMP tunnel Home Agent for Network B Internet Home Agent for Network B Foreign Agent for Network A ATMP tunnel Home Agent for Network B Mobile Client A Mobile Client B To configure the MAX as a multimode agent, set ATMP Mode to Both and complete both the Foreign Agent and Home Agent specifications.
Setting Up Virtual Private Networks Configuring ATMP tunnels Auth Pool=No Auth Req=Yes Password Server=No Password Port=N/A Local Profile First=No Sess Timer=0 Auth Src Port=0 Auth Send Attr 6,7=Yes For detailed information about each parameter, see the MAX Reference. 2 Exit the profile and, at the exit prompt, select the exit and accept option. 3 On the RADIUS server, open the RADIUS user profile and create an entry for a mobile client.
Setting Up Virtual Private Networks Configuring ATMP tunnels Dial #=555-1213 Route IP=Yes Encaps options... Send Auth=CHAP Recv PW=foreign-pw Send PW=home-pw IP options... LAN Adrs=10.65.212.226/24 2 Open a Connection profile and configure a nailed WAN link to the Network B home network. For example: Ethernet Connections any Connection profile Station=homenet Active=Yes Encaps=MPP Dial #=N/A Calling #=N/A Route IP=Yes IP options... LAN Adrs=5.9.8.2/24 Telco options...
Setting Up Virtual Private Networks Configuring ATMP tunnels With these Framed-Address and Framed-Netmask settings (equivalent to 10.168.6.21/28) for the mobile client router, the connecting LAN can support up to 14 hosts. The network address (or base address) for this subnet is 10.168.6.16. This address represents the network itself, because the host portion of the IP address is all zeros. The broadcast address (all ones in host portion of address) for this subnet is 10.168.6.31.
Setting Up Virtual Private Networks Configuring PPTP tunnels for dial-in clients mobile-ipx Password="unit" User-Service=Framed-User, Ascend-Route-IPX=Route-IPX-Yes, Framed-Protocol=PPP, Ascend-IPX-Peer-Mode=IPX-Peer-Dialin, Framed-IPX-Network=40000000, Ascend-IPX-Node-Addr=12345678, Ascend-Home-Agent-IP-Addr=192.168.6.
Setting Up Virtual Private Networks Configuring PPTP tunnels for dial-in clients Ethernet Mod Config L2 Tunneling Options... PPTP Enabled=Yes Line 1 tunnel type=PPTP Route line 1=10.65.212.11 Line 2 tunnel type=None Route line 2=0.0.0.0 Line 3 tunnel type=None Route line 3=0.0.0.0 Line 4 tunnel type=None Route line 4=0.0.0.0 Understanding the PPTP PAC parameters This section provides some background information about configuring PPTP. For detailed information about each parameter, see the MAX Reference.
Setting Up Virtual Private Networks Configuring PPTP tunnels for dial-in clients To configure this MAX for PPTP: 1 Open Ethernet > Mod Config > PPTP Options. 2 Turn on PPTP, and set Route Line 4 to the PNS IP address. Ethernet Mod Config L2 Tunneling Options... PPTP Enabled=Yes Line 1 tunnel type=None Route line 1=0.0.0.0 Line 2 tunnel type=None Route line 2=0.0.0.0 Line 3 tunnel type=None Route line 3=0.0.0.0 Line 4 tunnel type=PPTP Route line 4=10.65.212.
Setting Up Virtual Private Networks Configuring PPTP tunnels for dial-in clients Line 4 tunnel type=None Route line 4=0.0.0.0 3 Exit the profile and, at the exit prompt, select the exit and accept option. The PAC must have a route to the destination address, in this case a route through the ISP POP #2. It does not have to be a static route. It can be learned dynamically by means of routing protocols.
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients Configuring L2TP tunnels for dial-in clients L2TP enables you to dial into a local ISP and connect to a private corporate network across the Internet. You dial into a local MAX, configured as an L2TP Access Concentrator (LAC), and establish a PPP connection. Attributes in your RADIUS user profile specify that the MAX, acting as an LAC, establishes an L2TP tunnel.
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients Figure 11-8 shows an ISP POP MAX, acting as an LAC, communicating across the WAN with a private network. Clients dial into the ISP POP and are forwarded across the Internet to the private network. Figure 11-8.
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients • The last LCP Config Request packet the LAC sent to the client. With this information, the LNS is not required to restart LCP negotiation. The LAC implements proxy authentication for clients configured for PPP authentication on the LAC. Following PPP authentication, the LAC sends the username and password to the LNS in the appropriate L2TP AVPs.
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients that matches a Client-Port-DNIS for any user profile. You can configure the LNS to perform PAP or CHAP authentication after the LAC and LNS establish the tunnel. If you use RADIUS to configure L2TP, but do not specify the Client-Port-DNIS attribute, the LAC performs PAP or CHAP authentication before the tunnel is established. Once the tunnel is up, the LNS can perform authentication again on the client.
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients Figure 11-9. L2TP tunnel setup using tunnel assignment IDs 10.1.1.1/24 (modem user) tunnel named modem-taid LAC IP LNS WAN 1.1.1.1 2.2.2.2 20.1.1.1/24 (ISDN user) tunnel named isdn-taid 1.1.1.2 2.2.2.
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients Ascend-Disconnect-Cause = 185 Ascend-Connect-Progress = 60 Ascend-Xmit-Rate = 28800 Ascend-Data-Rate = 33600 Ascend-PreSession-Time = 19 Ascend-Pre-Input-Octets = 0 Ascend-Pre-Output-Octets = 0 Ascend-Pre-Input-Packets = 0 Ascend-Pre-Output-Packets = 0 Ascend-Modem-PortNo = 1 Ascend-Modem-SlotNo = 7 Ascend-Modem-ShelfNo = 1 Caller-Id = "1119855510" Client-Port-DNIS = "3826" Tunnel-Type = L2TP Tunnel-Server-Endpoint = "1.1.1.
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients Configuring the MAX To configure the MAX as an L2TP LAC, you must first enable L2TP LAC on the MAX, then specify how the MAX determines which connections are tunneled. Configuring systemwide L2TP LAC parameters To configure systemwide L2TP LAC parameters on the MAX: 1 Open the Ethernet > Mod Config > L2 Tunneling Options menu. 2 Set L2TP Mode to LAC or to Both.
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients Table 11-3.RADIUS attributes for specifying L2TP tunnels (continued) Attribute Description Possible values Tunnel-Server-Endpoint (67) Specifies the IP address or fully qualified hostname of the LNS, if you set Tunnel-Type to L2TP, or PPTP Network Server (PNS), if you set Tunnel-Type to PPTP. If a DNS server is available, you can specify the fully qualified hostname of the LNS.
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients RADIUS attribute Value Tunnel-Type (64) Tunneling protocol(s) to be used. Must be set to L2TP (3) or L2F (2) to use this feature. Tunnel-Server-Endpoint (67) IP address or hostname of the tunnel end point. If a DNS lookup returns several IP addresses, the system attempts to establish a tunnel to each address in turn. Tunnel-Password (69) Shared secret for authenticating the tunnel.
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients Max tunnels=N/A ATMP HA RIP=N/A UDP Port=N/A Home Network Name=N/A Pri. Tunnel Server=1.1.1.1 Sec. Tunnel Server= Password=conn-pass Client ID=conn-LAC Tunnel VRouter= There is no need to assign an IP address, because the IP address is assigned by the LNS.
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients LNS, the unit sends the Client ID to the LNS and the end points use the tunnel password (the shared secret) to authenticate the tunnel. Following is a sample Tunnel Options profile that specifies a password and local system name for use in tunnel authentication: Ethernet Connections maxprofile Tunnel options...
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients How the system name is selected If tunnel authentication is enabled, when the MAX unit requests a new tunnel, it looks for a system name to send to the LNS as follows: 1 If available, use the Client ID specified in the caller’s Connection profile. If no Client ID value is specified in the Connection profile, go on to the next alternative.
Setting Up Virtual Private Networks Configuring L2TP tunnels for dial-in clients Table 11-5 shows how the system matches the values in the clients’ profiles as it receives incoming calls and whether the system uses an existing tunnel or creates a new one: Table 11-5.Tunnels created based on profile settings for incoming callers Values used to match tunnel: Address Client ID Resulting action Tunnel-ID Pri. Tunnel Server 1.1.1.1 a1 a.example.com Reuse tunnel 102 1.1.1.1 a2 a.example.
Setting Up Virtual Private Networks Using Tunnel Options to support tunneling protocols Using DNS list attempts for L2F and L2TP A MAX unit functioning as an L2F Network Access Server (NAS) or an L2TP Access Concentrator (LAC) can execute a series of connection attempts based on a list of IP addresses. In a configuration requiring the Layer 2 Forwarding (L2F), the MAX unit functions as an L2F Network Access Server (NAS).
Setting Up Virtual Private Networks SNMP MIB for L2TP Added ATMP HA RIP=N/A UDP Port=N/A Home Network Name=N/A Pri. Tunnel Server=199.33. Sec. Tunnel Server= Password=r3 Client ID= Tunnel VRouter= Note: The Route Line N parameter, formerly in the L2 Tunneling Options profile, is no longer applicable. Parameter Specifies Profile type Whether this profile supports no tunneling, the mobile-client end of a tunnel, or a tunneling gateway.
Setting Up Virtual Private Networks SNMP MIB for L2TP Added Table 11-6 describes the portions of the L2TP MIB that are implemented with this release (all of them read-only): Table 11-6.
Setting Up Virtual Private Networks Configuring Virtual Routers Table 11-6.
Setting Up Virtual Private Networks Configuring Virtual Routers operates as the global VRouter. Its group includes any interfaces that are not explicitly grouped with a defined VRouter. Figure 11-11. Typical VRouter implementation MAX unit with VRouter WAN Corporation A Virtual Private Network Before Lucent Technologies introduced VRouters, the MAX unit maintained a single IP routing table that enabled the router to reach any interface.
Setting Up Virtual Private Networks Configuring Virtual Routers • SNTP Server • Stack Options • TCP Modem Options • TServ Options • Trap Creating a Virtual Router profile All parameters in a Virtual Routers profile apply to only one Virtual Private Network (VPN). You can configure up to three Virtual Router profiles. You must activate a Virtual Router profile for each VRouter.
Setting Up Virtual Private Networks Configuring Virtual Routers for the destination address to the specified VRouter, which consults its own routing table to further route the packets. For example: Dest=10.207.23.1 Gateway=0.0.0.0 Virtual Router=vr1 Dest VRouter=vr2 In this previous example, the Dest parameter, specifies the destination IP address, 10.207.23.1.
Setting Up Virtual Private Networks Configuring Virtual Routers • Packet statistics The IPX VRouter feature enables logical grouping of the interfaces for secure IPX networks.
Configuring IPX Routing 12 Introduction to IPX routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1 Enabling IPX routing in the MAX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5 Configuring IPX routing connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8 Configuring static IPX routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring IPX Routing Introduction to IPX routing identify callers. For that reason, use PAP and CHAP, which require password authentication, unless you configure IP routing in the same Connection profile. Note: If you have a MAX unit running Multiband Simulation, disable IPX routing. IPX Service Advertising Protocol (SAP) tables A MAX unit follows standard IPX SAP behavior for routers.
Configuring IPX Routing Introduction to IPX routing packet. If more than one IPX router is advertising the default route, the unit makes a routing decision based on hop and tick count. IPX and PPP link compression NetWare relies on the data-link layer (also called Layer 2) to validate data integrity. STAC link compression, if specified, generates an 8 bit checksum, which is inadequate for NetWare data.
Configuring IPX Routing Introduction to IPX routing IPX SAP filters Many sites do not want the MAX unit’s SAP table to include long lists of all services available at a remote site. IPX SAP filters enable you to exclude services from, or explicitly include certain services in, the SAP table. SAP filters can be applied to inbound or outbound SAP packets. Inbound filters control the services you add to the MAX unit’s SAP table from advertisements on a network link.
Configuring IPX Routing Enabling IPX routing in the MAX Enabling IPX routing in the MAX The Ether Options profile contains system-global parameters that affect all IPX interfaces in the MAX unit. Following are the related parameters (shown with sample settings): Ethernet Mod Config Ether options... IPX Frame=802.2 IPX Enet #=00000000 IPX Pool #=CCCC1234 IPX Routing=Yes Parameter Specifies IPX Frame The type of packet frame the MAX routes and spoofs. The default tis IEEE 802.2.
Configuring IPX Routing Enabling IPX routing in the MAX Examples of IPX routing configuration This section shows the simple configuration in which the MAX uses the default frame type and learns its network number from other IPX routers on the Ethernet network. It also shows a more complex router configuration whose values you enter explicitly. A basic configuration using default values In this example, the MAX routes IPX packets in 802.
Configuring IPX Routing Enabling IPX routing in the MAX Node address:000000000001 Frame type:VIRTUAL_LAN LAN protocol:IPX network 02500000 Note: Every IPX network number on each network segment and internal network within a server on the entire WAN must be unique. So you should know both the external and internal network numbers in use at all sites.
Configuring IPX Routing Configuring IPX routing connections Configuring IPX routing connections You configure IPX routing connections by setting parameters in the Answer profile and in Connection profiles or RADIUS profiles. Answer profile parameters Following are the relevant parameters in the Answer profile (shown with sample settings): Ethernet Answer PPP options... Route IPX=Yes Recv Auth=Either Session options...
Configuring IPX Routing Configuring IPX routing connections Dial Query=No IPX Net#=cfff0003 IPX Alias#=00000000 Handle IPX=None Netware t/o=30 SAP HS Proxy=N/A SAP HS Proxy Net#1=N/A SAP HS Proxy Net#2=N/A SAP HS Proxy Net#3=N/A SAP HS Proxy Net#4=N/A SAP HS Proxy Net#5=N/A SAP HS Proxy Net#6=N/A Sessions options... IPX SAP Filter=1 Parameter Specifies Station Remote client’s login name. If the connection uses Combinet encapsulation, the setting is the MAC address of the far-end Combinet bridge.
Configuring IPX Routing Configuring IPX routing connections Netware t/o The number of minutes the MAX enables clients to remain logged in after losing a connection. SAP HS Proxy Whether or not the MAX performs SAP Home Server Proxy. SAP HS Proxy Net #N An IPX network to which SAP broadcasts should be directed. For detailed information about each parameter, see the MAX Reference.
Configuring IPX Routing Configuring IPX routing connections broadcasts across a WAN connection, specify that the MAX only send or only receive SAP broadcasts on that connection, or use IPX SAP filters. Dial Query for bringing up a connection on the basis of service queries Setting the Dial Query parameter to Yes configures the MAX to bring up a connection when it receives a SAP query for service type 0004 (File Server) and that service type is not present in the MAX SAP table.
Configuring IPX Routing Configuring IPX routing connections If you load your client software from another PC, or use the same PC when traveling, the response to the initial SAP Request could attach you to a different server. With SAP HS Proxy, you can direct SAP Requests to specific networks. The SAP Responses come from servers on these specified networks rather than the server nearest the MAX.
Configuring IPX Routing Configuring IPX routing connections PPP options... Route IPX=Yes Recv Auth=Either 5 Exit the profile and, at the exit prompt, select the exit and accept option. 6 Open the Connection profile you will use to configure the dial-in user’s connection. 7 Set the Station parameter to specify the dial-in client’s login name, and activate the profile by setting Active to Yes.
Configuring IPX Routing Configuring IPX routing connections Figure 12-2. A connection with NetWare servers on both sides Net=11223344 Internal Net=013DE888 Site A SITEAGW SITEBGW WAN MAX MAX Net=9999ABFF Net=1234ABCD Site B Internal net=CFC12345 Net=AABBCC11 Site A and Site B each have Novell LANs that support NetWare 3.12 and NetWare 4 servers, NetWare clients, and a MAX unit.
Configuring IPX Routing Configuring IPX routing connections (If the MAX needs to support multiple IPX frame types, you must also enable bridging in the Answer > PPP Options profile.) 4 Open the Connection profile for Site B. In this example, the Connection profile for Site B is profile #5. A profile’s number is the unique part of the number you assign in the Connections menu. For example, the Connection profile defined as 90-105 is #5.
Configuring IPX Routing Configuring IPX routing connections Server Type=0004 Connection #=5 Following is a comparable RADIUS profile: ipxroute-max-1 Password = “ascend”, Service-Type = Outbound-User Ascend-IPX-Route=“sitebgw 013DE888 000000000001 0451 0004 SERVER-2” Note: The Connection # parameter in the IPX Route profile must match the number of the Connection profile you configured for that site.
Configuring IPX Routing Configuring IPX routing connections 6 Exit the profile and, at the exit prompt, select the exit and accept option. 7 Open an IPX Route profile. Set IPX RIP to None in the Connection profile, and configure a static route to the remote server. 8 Set up a route to the remote NetWare server (SERVER-1).
Configuring IPX Routing Configuring IPX routing connections Site B is a home office that consists of one PC and a Lucent Pipeline unit. It is not an existing Novell LAN, so the Pipeline unit’s configuration creates a new IPX network (1000CFFF, for example). Note: The new IPX network number assigned to Site B in this example cannot be in use anywhere on the entire IPX Wide Area Network. That is, it cannot be in use at Site A or any network that connects to Site A.
Configuring IPX Routing Configuring static IPX routes Ethernet Connections SITEAGW Station=SITEAGW Active=Yes Encaps=MPP PRI # Type=National Dial #=555-1213 Route IPX=Yes Encaps Send Recv Send options... Auth=CHAP PW=*SECURE* PW=*SECURE* IPX options...
Configuring IPX Routing Configuring static IPX routes Active=Yes Network=CC1234FF Node=000000000001 Socket=0000 Server Type=0004 Hop Count=2 Tick Count=12 Connection #=0 Parameter Specifies Server Name Remote server’s name. Each IPX Route profile contains the information needed to reach one NetWare server on a remote network. Active The activation of a profile (making it available for use) or a route (adding it to the routing table). A dash appears before each deactivated profile or route.
Configuring IPX Routing Configuring static IPX routes The name argument is the MAX system name (specified by the Name parameter in the System profile), and N is a number in a sequential series, starting with 1. Make sure there are no missing numbers in the series specified by N. If there is a gap in the sequence of numbers, the MAX stops retrieving the profiles when it encounters the gap in sequence. Note: To specify routes that may be dialed out by more than one system, eliminate the name argument.
Configuring IPX Routing Creating and applying IPX SAP filters Ethernet IPX Routes IPX Routes profile Server Name=SERVER-1 Active=Yes 3 Because this is a route to a server’s internal network, specify the server’s internal network, node, socket, and service type numbers. For example: Network=CC1234FF Node=000000000001 Socket=0451 Server Type=0004 4 Set the Hop Count and Tick Count parameters to specify the distance to the server in hops and IBM PC clock ticks, respectively.
Configuring IPX Routing Creating and applying IPX SAP filters Ethernet Mod Config Ether options... IPX SAP Filter=1 Ethernet Answer Session options... IPX SAP Filter=2 Ethernet Connections Connection profile 1 Session options... IPX SAP Filter=2 Input SAP filters and output SAP filters Each filter contains up to eight input filters and output filters, which you define individually and apply in order (1–8) to the packet stream. Apply the input filters to all SAP packets the MAX unit receives.
Configuring IPX Routing Creating and applying IPX SAP filters Applying IPX SAP filters You can apply an IPX SAP filter to the local Ethernet interface, to WAN interfaces, or to both. When applied in the Ether > Options profile, a SAP filter either includes specific servers or services in the MAX unit’s SAP table or excludes them from the table. If directory services are not supported, servers or services that are not in the MAX unit’s SAP table are inaccessible to clients across the WAN.
Configuring IPX Routing Creating and applying IPX SAP filters Ethernet Answer Session options... IPX SAP Filter=1 3 Repeat the same assignment in Connections > Connection profile > Session Options. Ethernet Connections Connection profile Session options... IPX SAP Filter=1 4 Exit the profile and, at the exit prompt, select the exit and accept option.
AppleTalk Routing 13 Introduction to AppleTalk routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 Configuring AppleTalk routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5 Introduction to AppleTalk routing The MAX functions as an AppleTalk internet router, providing routing functions for AppleTalk nodes (Macintosh workstations or Apple printers) that are connected to the MAX over Ethernet or a WAN.
AppleTalk Routing Introduction to AppleTalk routing packet. A router can significantly reduce AppleTalk traffic over the WAN because it does not forward broadcast traffic from one subnetwork to another, but stops it at the subnetwork port of the router. Zone multicasting is intended to prevent any node not in the destination zone for the lookup from receiving the lookup packet. Any AppleTalk node responds only to NBP lookups for that node’s zone name.
AppleTalk Routing Introduction to AppleTalk routing An extended network is a group of nonextended networks on the same physical data link, and contains a range of network numbers. Each network in the range supports up to 253 devices. EtherTalk and Teutonically are examples of extended networks. At least one router on a network, called the seed router, must have the network-number range specified in its port description.
AppleTalk Routing Introduction to AppleTalk routing MAX units and AppleTalk nodes Figure 13-2 illustrates a connection between a workstation acting as an AppleTalk node connected to a MAX that is connected to another MAX over a synchronous PPP WAN connection. Figure 13-2. Routed connection WAN Local MAX Remote MAX AppleTalk workstations AppleTalk printer Following is a brief description of how a workstation user sees a typical AppleTalk connection.
AppleTalk Routing Configuring AppleTalk routing Configuring AppleTalk routing To configure AppleTalk routing, you must set system-level parameters in the Ethernet > Mod Config profile and, if required for caller authentication, in the Answer profile. In addition, you can configure AppleTalk for specific connections. You can also configure AppleTalk connections in RADIUS.
AppleTalk Routing Configuring AppleTalk routing simplifies potential network configuration changes. Should you need to change the network numbering, only the seed router needs to be reconfigured. The nonseed routers simply need to be rebooted to learn the changes. 5 If the MAX is to be a seed router, set the Net Start and Net End parameters to specify the range for the network to which the unit is attached. (For example, the menu shown in step 4 specifies a range of 300–309.
AppleTalk Routing Configuring AppleTalk routing Per-connection AppleTalk routing parameters To enable AppleTalk routing for a specific connection: 1 Open Ethernet > Connections > Connection profile and set the Route AppleTalk parameter to Yes. You cannot set the Route AppleTalk parameter unless you set Ethernet > Mod Config > AppleTalk Options > AppleTalk to No or Ethernet > Answer profile > Route AppleTalk to No in the Answer profile.
Configuring Packet Bridging 14 Introduction to Lucent bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 Establishing a bridged connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 Enabling bridging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3 How the MAX supports bridging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Packet Bridging Introduction to Lucent bridging Disadvantages of bridging Bridges examine all packets on the LAN (in what is termed promiscuous mode), so they incur greater processor and memory overhead than routers. On heavily loaded networks, this increased overhead can result in slower performance. Routers also have other advantages over bridging.
Configuring Packet Bridging Establishing a bridged connection Address Resolution Protocol (ARP) broadcast packets that contain an IP address specified in the bridge table are a special case. For details, see “Configuring proxy mode on the MAX” on page 14-16. (ARP is a protocol that maps an IP address to a physical hardware address, thus enabling a unit to identify hosts on an Ethernet LAN.
Configuring Packet Bridging How the MAX supports bridging in promiscuous mode incurs greater processor and memory overhead than the standard mode of operation for the Ethernet controller.) You enable packet bridging by opening Ethernet > Mod Config and setting the Bridging parameter to Yes: Ethernet Mod Config Bridging=Yes How the MAX supports bridging To forward bridged packets to the correct destination network, the MAX uses a bridge table that associates end nodes with particular connections.
Configuring Packet Bridging Configuring bridged connections Configuring bridged connections Bridged connections require both Answer and Connection (or Names/Passwords) profiles settings. They also require a method of recognizing when to dial the connection. The method can use either the dial-on-broadcast feature or a Bridge Adrs profile (Ethernet > Bridge Adrs). If a connection has an associated Bridge Adrs profile, it does not need dial-on-broadcast. You can define up to 100 Bridge Adrs profiles.
Configuring Packet Bridging Configuring bridged connections The Bridge parameter enables the MAX to answer incoming bridged connections which allows it to answer a call that contains packets other than the routed protocols (IP or IPX). This parameter does not apply unless the Bridging parameter set to Yes in the Ethernet > Mod Config profile. The Recv Auth parameter specifies the authentication protocol the MAX uses to receive and verify a password for an incoming PPP connection.
Configuring Packet Bridging Configuring bridged connections Bridge Adrs parameters If a Connection profile does not use the dial upon broadcast feature (that is, if Dial Brdcast=No), the connection must have a bridge table entry in order for the MAX to be able to bring up the connection on demand. The Bridge Adrs profile defines a bridge table entry by specifying an Ethernet address, a network address, and a connection number.
Configuring Packet Bridging Configuring bridged connections RADIUS bridging attributes Table 14-1 lists the bridging attributes. Table 14-1. Bridging attributes Attribute Description Possible values Ascend-Bridge (230) Enables or disables protocolindependent bridging for the call. Bridge-No (0) Bridge-Yes (1) Specifies the IP address and associated MAC address of a device on a remote LAN to which the MAX can form a bridging connection.
Configuring Packet Bridging Configuring bridged connections Bridge-unit_name-num Password="Ascend", User-Service= Dialout-Framed-User unit_name is the system name of the MAX—that is, the name specified by the Name parameter in the System profile. num is a number in a sequential series, starting at 1. 2 For each pseudo-user profile, specify one or more bridge entries using the Ascend-Bridge-Address attribute.
Configuring Packet Bridging Configuring bridged connections Example of a bridged connection An AppleTalk connection at the link level requires a bridge at either end of the connection. This is unlike a dial-in connection using AppleTalk Remote Access (ARA) encapsulation, in which the MAX acts as an ARA server negotiating a session with ARA client software on the dial-in Macintosh.
Configuring Packet Bridging Configuring bridged connections Encaps Send Recv Send options... Auth=CHAP PW=localpw PW=remotepw 5 Exit the profile and, at the exit prompt, select the exit and accept option. 6 Open an Ethernet > Bridge Adrs profile. 7 Specify a node’s Ethernet address and the IP address (if known) on the remote network: Ethernet Bridge Adrs Bridge Adrs profile Enet Adrs=0080AD12CF9B Net Adrs=0.0.0.
Configuring Packet Bridging Configuring bridged connections Ethernet Bridge Adrs Bridge Adrs profile Enet Adrs=0CFF1238FFFF Net Adrs=0.0.0.0 8 Specify the number of the Connection profile to bring up a link to the remote network: Ethernet Bridge Adrs Connection#=2 9 Exit the profile and, at the exit prompt, select the exit and accept option.
Configuring Packet Bridging Configuring bridged connections IPX Frame The IPX Frame parameter located in the Ethernet > Mod Config > Ether Options profile, specifies the type of packet frame the MAX routes and spoofs. The setting is based on the type of IPX frame used by the majority of NetWare servers on Ethernet network (IEEE 802.2 by default). If some NetWare software transmits IPX in a frame type other than the type specified, the MAX drops those packets, or if bridging is enabled, it bridges them.
Configuring Packet Bridging Configuring bridged connections possible. In this situation, you should set the Netware t/o timer by setting the Netware t/o parameter to specify the timer in minutes. The timer begins counting down as soon as the link goes down. When the timer expires, the unit stops responding to watchdog packets and the client-server connections can be released by the server. If the WAN session reconnects before the end of the selected time, the timer resets.
Configuring Packet Bridging Configuring bridged connections Encaps=PPP Route IPX=No Bridge=Yes Dial Brdcast=Yes Note: Enable Dial Brdcast to allow service queries to bring up the connection. 5 Configure password authentication. For example: Encaps Send Recv Send 6 options... Auth=CHAP PW=localpw PW=remotepw Specify IPX client bridging: IPX options... Handle IPX=Client 7 Exit the profile and, at the exit prompt, select the exit and accept option.
Configuring Packet Bridging Configuring bridged connections Bridge=Yes Recv Auth=Either 4 Open a Connection profile and set the following parameters: Ethernet Connections Connection profile Station=SITEBGW Active=Yes Encaps=PPP Route IPX=No Bridge=Yes Dial Brdcast=Yes 5 Configure password authentication. For example: Encaps options... Send Auth=CHAP Recv PW=localpw Send PW=remotepw 6 Specify IPX server bridging and configure the timer for watchdog spoofing: IPX options...
Defining Static Filters 15 Filter overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 Defining generic filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7 Defining IP filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11 Defining Type of Service filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Defining Static Filters Filter overview IP filters apply only to IP-related packets. They specify a forwarding action on the basis of higher-level fields in IP packets (for example, the source or destination address, or the protocol number). They operate on logical information, which is relatively easy to obtain. Type of Service (TOS) filters set priority bits in the TOS header of IP packets. Other routers can then use the information to prioritize and select links for particular data streams.
Defining Static Filters Filter overview timer expires, the session is terminated. With the default Idle Timer setting of 120 seconds, the MAX unit terminates a connection that has been inactive for two minutes. How filters work A Filter profile can include up to 12 input-filter and 12 output-filter specifications (filters). Each filter has its own forwarding action—forward or drop. The filters are applied in sequence.
Defining Static Filters Filter overview 5 If the Dst Port Cmp parameter is not set to None, compare the Dest Port # number to the destination port number of the packet. If they do not match as specified by the Dst Port Cmp parameter, the comparison fails. 6 If TCP Estab is set to Yes and the protocol number is 6, the comparison succeeds.
Defining Static Filters Filter overview 6 If the Dst Socket Cmp parameter is not set to None, compare the Dst Socket # to the destination socket number of the packet. If they do not match as specified by the Dst Socket Cmp parameter, the comparison fails. If an IPX filter is applied as a call filter and a comparison succeeds, the forwarding action is either to reset the idle timer or not, depending on how the filter is defined.
Defining Static Filters Filter overview test-user Password="test-pw" Ascend-Data Filter="ip in forward tcp dstport > 1023" Specifying a filter’s forwarding action For generic, IP, or IPX filters, each input or output filter in a local Filter profile specifies a forwarding action for packets that match the filter. Following is the relevant parameter (shown with its default settings): Ethernet Filters Filter profile Name Input Filters... In Filter (1-12) Generic... Forward=No Output Filters...
Defining Static Filters Defining generic filters Defining generic filters Generic filters can match any packet, regardless of its protocol type or header fields. The filter specifications operate together to define a location in a packet and a hexadecimal value to compare to it. Settings in a local Filter profile In a local Filter profile, a generic filter uses the following parameters (shown with their default values): Input filters... In filter NN Generic...
Defining Static Filters Defining generic filters Parameter Specifies More Enable/disable application of the next filter before determining whether the packet matches the specification. If More is set to Yes, the current specification is linked to the one immediately following it, so the filter can examine multiple noncontiguous bytes within a packet before the forwarding decision is made. The match occurs only if both specifications are matched.
Defining Static Filters Defining generic filters Specifying the offset to the bytes to be examined The offset in a generic filter is a byte-offset from the start of a packet to the start of the data in the packet to be tested. For example, with the following filter specification: Input Filters In Filter NN Generic...
Defining Static Filters Defining generic filters Masking the value before comparison A generic filter can include a mask to apply to the value specified by the Value parameter before the MAX compares it to the bytes starting at the specified offset. You can use the mask to specify exactly which bits you want to compare. The mask is assumed to have the same number of octets as the data specified by the Length parameter.
Defining Static Filters Defining IP filters • In the tenth byte, 9 matches the Value parameter’s 9 for that byte. The second 9 in the of the packet’s tenth byte is ignored because the mask has a 0 (zero) in its place. Examples of a generic call filter The following example shows how to define a generic call filter. The filter’s purpose is to prevent inbound packets from resetting the session-timer.
Defining Static Filters Defining IP filters Dst Port #=0 TCP Estab=No The same parameters are also available in the Output Filters subprofile. If you set the parameters in an input filter, only inbound packets are examined. If you set them in an output filter, only outbound packets are examined. 15-12 Parameter Specifies Type Type of filter. Valid values are Generic-Filter (the default), IP-Filter, IPX-Filter, and TOS-Filter. Only the parameters in the corresponding subprofile will be applicable.
Defining Static Filters Defining IP filters Settings in a RADIUS profile In a RADIUS profile, you define an IP filter as a value to the Ascend-Call Filter or Ascend-Data Filter attribute, using the following format: "ip dir action [ dstip n.n.n.n/nn ] [ srcip n.n.n.n/nn ][ proto ] [ destport cmp value ] [ srcport cmp value ] [est]]" Note: A filter specification cannot contain newline indicators. The syntax is shown here on two lines for printing purposes only.
Defining Static Filters Defining IP filters Keyword or Argument Value srcport cmp value If the srcport keyword is followed by a comparison symbol and a number, the number is compared to the source port of a packet. The comparison symbol can be < (less-than), = (equal), > (greater-than), or ! = (not-equal).
Defining Static Filters Defining IP filters Examples of an IP filter to prevent local address spoofing IP address spoofing typically occurs when a remote device illegally acquires a local address and uses it to try to break through a data filter. This section presents an example of a data filter that prevents IP address spoofing. The sample filter first defines two input filters that drop packets whose source address is on the local IP network or is the loopback address (127.0.0.0).
Defining Static Filters Defining IP filters Configure the output filter, setting Type to IP filter and setting Forward to Yes. This filter specifies the source mask and address for the local network. (Packets originating on the local network should be forwarded across the WAN.) Output filters... Out filter=01 Type=IP Valid=Yes IP.... Forward=Yes Src Mask=255.255.255.192 Src Adrs=10.100.50.
Defining Static Filters Defining IP filters Configure the second input filter, setting Type to IP and setting Forward to Yes. This allows inbound TCP packets in response to a local user’s outbound Telnet request, by specifying that TCP packets whose destination port number is greater than that of the source port are forwarded. (Telnet requests go out on port 23, and responses come back on some random port above port 1023.) Input filters... In filter=02 Type=IP Valid=Yes IP....
Defining Static Filters Defining Type of Service filters Defining Type of Service filters To enable proxy-QoS for all packets that match a specific filter specification, you can define a TOS filter locally in a Filter profile, and then apply the filter to any number of Connection profiles or RADIUS profiles. (The Filter-ID attribute can apply a local Filter profile to RADIUS user profiles.) Administrators can also define TOS filters directly in a RADIUS user profile by setting the Ascend-Filter attribute.
Defining Static Filters Defining Type of Service filters Parameter Specifies Src Port # A port number to be compared with the source port of a packet. TCP and UDP port numbers are typically assigned to services. For more details, see “Filtering by port numbers” on page 15-14. Dst Port Cmp Type of comparison to perform when comparing destination port numbers. With a setting of None (the default), no comparison is made.
Defining Static Filters Defining Type of Service filters Settings in a RADIUS profile In RADIUS, a TOS filter entry is a value of the Ascend-Filter attribute. To specify TOS filter value, use the following format: iptos dir [ dstip n.n.n.n/nn ] [ srcip n.n.n.n/nn ][ proto ] [ destport cmp value ] [ srcport cmp value ][ precedence value ] [ type-of-service value ] Note: A filter definition cannot contain newline indicators. The syntax is shown here on multiple lines for printing purposes only.
Defining Static Filters Defining Type of Service filters Keyword or argument Description srcport cmp value If the srcport keyword is followed by a comparison symbol and a port, the port is compared to the source port of a packet. The comparison symbol can be < (less-than), = (equal), > (greater-than), or ! = (not-equal).
Defining Static Filters Defining IPX filters Input filters... In filter NN Valid=No IPTos... Src Mask=0.0.0.0 Src Adrs=0.0.0.0 Dst Mask=255.255.255.255 Dst Adrs=10.168.6.24 Protocol=6 Src Port Comp=Eql Src Port #=23 Dst Port Cmp=None Dst Port #=0 Precendence=010 Type of Service=Latency Following is a RADIUS user profile that contains a comparable filter specification: jfan-pc Password="secret" Service-Type=Framed-User, Framed-Protocol=PPP, Framed-IP-Address=10.168.6.120, Framed-IP-Netmask=255.255.255.
Defining Static Filters Defining IPX filters The same parameters are also available in the Output Filters subprofile. If you set the parameters in an input filter, only inbound packets are examined. If you set them in an output filter, only outbound packets are examined. Parameter Specifies Src Network Adrs Network Number portion of the source IPX address. Dst Network Adrs Network Number portion of the destination IPX address. Src Node Adrs Node Number portion of the source IPX address.
Defining Static Filters Defining IPX filters can change each time they load. A socket number of all 1s (FF:FF) matches any socket on the specified server. When you specify a NetWare socket number, you must also indicate how to compare the socket number in a packet to the specification in the filter. The Src Socket Cmp parameter specifies the method of comparison for the source socket number.
Defining Static Filters Applying a filter to an interface Applying a filter to an interface When you apply a filter to a WAN interface, it takes effect when the connection is brought up. Packets can pass through both a data filter and call filter on a WAN interface. When both a data filter and call filter are applied to the same interface, the data filter is applied first.
Defining Static Filters Applying a filter to an interface Settings in RADIUS profiles The following RADIUS attribute-value pairs are used to apply a filter to a WAN connection: Attribute Value Ascend-Call Filter (243) An abinary-format filter specification using one of the following formats: "generic dir action offset mask value compare [more]" "ip dir action [ dstip n.n.n.n/nn ] [ srcip n.n.n.
Defining Static Filters Applying a filter to an interface Answer As Default parameter is set to Yes, filters applied in the Answer profile are applied to the authenticated connection. Examples of applying a data filter to a WAN interface When you apply a data filter, its forwarding action (forward or drop) affects the actual data stream by preventing certain packets from reaching the Ethernet from the WAN, or vice versa.
Defining Static Filters Applying a filter to an interface Examples of applying a call filter to a WAN interface Call filters prevent unnecessary connection time and help the MAX unit distinguish active traffic from noise. By default, any traffic to a remote site triggers a call, and any traffic across an active connection resets the connection’s idle timer. The following parameters apply a filter to a WAN connection and set the idle timer to 20 seconds.
Defining Static Filters Applying a filter to an interface Following is a RADIUS profile in which the TOS filter is specified within the profile: jfan-pc Password="johnfan" Service-Type=Framed-User, Framed-Protocol=PPP, Framed-IP-Address=10.168.6.120 Framed-IP-Netmask=255.255.255.0 Ascend-Filter="iptos in dstip 10.1.1.1/32 dstport=23 precedence 010 type-of-service latency" Note: Filter specifications cannot contain newline indicators.
Index 12-MOD modem numbering, 3-31 2nd Adrs parameter, 9-7 3rd Prompt parameter, 4-85 56k modem numbering, 3-30 64 switched Frame Relay connections configuring, 5-36 RADIUS profiles, 5-36 7-Even parameter, 4-84 8-MOD modem numbering, 3-30 A ABR (Area Border Router), 8-5 accounting options for sessions, 2-9 Active parameter, 9-57, 12-20, 14-6 Add Pers parameter, 4-49 add-on number, 3-5 address lease renewal, 9-20 address pools, 4-97, 9-20 assignment, 9-20 parameters, 9-12 addresses filtering on, 15-23 IP fi
Index B Apply To parameter, 9-47 ARA (AppleTalk Remote Access) configuring, 4-75 parameters, 4-75 area routing (OSPF), 8-5 AreaType parameter, 8-10 arguments Ascend-Bridge-Address, 14-9 ARP (Address Resolution Protocol), 9-8 broadcasts, 14-3 defined, 14-3 requests, 14-16 AS (Autonomous System), 8-2 exterior protocols, 8-2 interior protocol, 8-2 ASBR (Autonomous System Border Router), 8-2 Ascend-Bridge (230) bridging attribute, 14-8 Ascend-Bridge-Address (168) arguments, 14-9 bridging attribute, 14-8 Ascend-
Index C bridging AppleTalk, 13-2 ARP broadcasts, 14-3 Bridge Adrs profile, 14-5 broadcast addresses, 14-2 defined, 14-1 disadvantages of, 14-2 enabling (Bridging parameter), 14-3 establishing, 14-3 IPX, 14-12 IPX client bridge, 14-14 IPX server bridge, 14-15 learning, 14-4 name, setting, 14-3 promiscuous mode, 14-3 proxy mode, configuring, 14-16 table, managing, 14-4 table, physical (MAC) address, 14-2 transparent, 14-4 bridging connections Answer profile, 14-5 attributes for, 14-8 Connection profile, 14-5
Index D Client parameter, 10-2, 10-5 Client Pri DNS parameter, 9-15 Client Sec DNS connection-specific configuration, 9-15 global configuration, 9-15 Client Sec DNS parameter, 9-15 clients outdated software, and fragmentation, 11-4 clock, maximum acceptable for V.
Index D default preference of connected routes, 9-56 default route (IPX RIP), 12-2 default zone, 13-3 Default Zone parameter, 13-6 Dest parameter, 9-57 Dest Port # parameter, 15-12, 15-19 Dest Socket # parameter, 15-23 destination channel group specifying, 3-77 destination field, 9-4 DHCP (Dynamic Host Configuration Protocol), 4-3, 9-10 BOOTP server, 9-19 DHCP spoofing response, 9-19 NAT, 9-24 Plug and Play, 9-19 pool assignment, 9-20 reserved IP addresses, 9-20 server, setting up, 4-99, 9-22 services, conf
Index E dynamic IP addressing, continued host routes, summarizing, 9-11 dynamic IP routes, 9-55, 9-56 E E1 lines configuring, 3-24, 3-25 diagnostics, 3-28 parameters, 3-20–3-25 E1/PRI model slot and menu correspondence (MAX 3000), 3-4 slot and menu correspondence (MAX 6000), 3-2 EGP (Exterior Gateway Protocol), 8-2 en-bloc receiving procedure, 3-14 Encaps parameter, 4-4, 5-22, 5-25 Encaps Type parameter, 6-8 encapsulation GRE, 11-2 MP+ (PPP encapsulation), 4-4 X.
Index G fragmentation ATMP, preventing between agents, 11-4 forcing clients to perform, 11-4 outdated client software, and, 11-4 prefragmentation in client software, 11-5 tunnels, and, 11-4 Frame Relay 64 switched connections, configuring, 5-36 Ch N parameter, 5-4 Ch N Prt/Grp parameter, 5-4 circuits, 5-26, 5-28, 5-30 concentrator, 5-2 connections, 2-5 defined, 5-1 DLCI (Data Link Connection Identifier), 5-2, 5-3 DLCI, configuring, 5-13 functions of DCE, 2-5 DTE, 2-5 NNI, 2-5 gateway configuration, 5-19, 5-
Index I Host BRI BRI-to-BRI local call, configuring, 3-43 configuring, 3-40, 3-41 inbound calls routing, 3-41 outbound calls, making, 3-42 Host interface configuring, 3-51 Host N Enet parameter, 4-99, 9-22 Host N IP parameter, 4-99, 9-22 host route advertisements suppressing, 9-31 Host#N parameter, 9-30 Host/AIM6 dual-ports, 3-51 parameters, 3-51 ports, configuring, 3-48 Host/Dual dual ports, 3-51 parameters, 3-51 ports, configuring, 3-48 hunt group, 3-6, 3-58, 4-57 configurations for MAX stacks, 4-60 I IC
Index I IP faxes incoming and outgoing, 7-1 IP filters address spoofing, preventing, 15-15 defined, 15-3, 15-4, 15-11 Dest Port # parameter, 15-12 destination address filtering, 15-14 Dst Adrs parameter, 15-12 Dst Mask parameter, 15-12 Dst Port Cmp parameter, 15-12 interfaces, applying, 15-25 port number filtering, 15-14 Protocol parameter, 15-12 RADIUS profile, 15-13 security uses, 15-16 source address filtering, 15-14 Src Adrs parameter, 15-12 Src Mask parameter, 15-12 Src Port # parameter, 15-12 Src Port
Index K IPX Route profiles, 12-3 static routes, 12-3 IPX routes configuring, 12-6 IPX routing, 2-6 connections, configuring, 12-8 enabling, 12-5 NetWare clients, 12-4 network for dial-in clients, defining, 12-5 requirement of authentication, 12-2 Route IPX parameter, 4-18 IPX routing global parameters IPX Frame, 12-5 IPX Pool #, 12-5 IPX Routing, 12-5 IPX SAP (Service Advertising Protocol), 12-2 filters, 12-3, 12-4 SAP packets, broadcast, 12-2 tables, 12-2 IPX SAP broadcasts sending and receiving, 12-10 IPX
Index M LNS (L2TP Network Server), 11-31 MAX functioning as, 11-43 mode, 11-33 local domain name, 9-14 Local Echo parameter, 4-85 logical link X.
Index N multiple-address NAT, 9-24 multipoint mode, 3-35 N N391 parameter, 5-6 nailed connections groups, and, 4-56 RADIUS, 4-56 nailed groups, 4-56 Nailed Grp parameter, 5-5, 6-3 nailed link (connection) bandwidth, assigning, 3-18 setting up, 3-27 nailed/MP+ connection configuring, 4-55 Name Binding Protocol (NBP) AppleTalk, 13-4 name servers DNS, 9-14 WINS, 9-14 Names/Passwords profile bridging, 14-5, 14-6 configuring, 4-42 parameters, 4-42 NAT (Network Address Translation), 9-10, 9-23 DHCP, 9-24 DHCP re
Index P OSPF (Open Shortest Path First), continued overview, 8-1 route convergence, 8-1 routes, default preference, 9-56 security, 8-2 SPF algorithm, 8-3 stub areas, 8-6 topological database, 8-3 Ospf-Cost parameter, 9-57 outgoing fax configuring, 7-7 OutOctets, 3-28 Output Filters (1-12) parameters, 15-5 overlap receiving concept, 3-14 parameter, 3-14, 3-23 P PAC (PPTP Access Controller), 11-27 configuring, 11-28 working as a MAX, 11-27 packet bridging, 2-5 Packet characters parameter, 4-84 Packet Wait Ti
Index Q PPP (Point-to-Point Protocol), continued password authentication protocol, 4-7, 14-6 RADIUS attributes, 4-44 PPTP (Point-to-Point Tunneling Protocol), 11-1 command, 11-30 default route preference, 9-56 tunnels, across multiple POPs, 11-29 tunnels, configuring, 11-27 tunnels, PAC, configuring, 11-28 PPTP Access Controller. See PAC PPTP Enabled parameter, 11-28 PPTP Network Server.
Index S Resume command, 4-90 RetransmitInterval parameter, 8-11 Reuse Addr Timeout parameter, 9-26 Reuse Last Addr parameter, 9-26 Reverse Charge parameter, 6-8 RIP (Routing Information Protocol), 8-10, 9-33, 12-2 hop count limit, 8-1 route convergence, 8-1 static routes, 9-60 RIP packet, 4-33 RIP parameter, 9-8, 9-33, 9-61 RIP Policy parameter, 9-61 Rip Preference parameter, 9-57 RIP Summary parameter, 9-61 RIP updates, broadcasts IPX routers, 12-2 RIP-v1, 9-61 Ethernet interface, enabling, 9-8 recommendat
Index S seed routers, 13-3 network segments, sharing, 13-6 Send PW parameter, 4-92 Serial port corresponding menu item, 3-4 serial WAN port, 3-29 Server Name parameter, 12-20 Server Type parameter, 12-20 Service Advertising Protocol (IPX SAP) filter parameters, 12-22 Answer profile, 12-24 Connection profile, 12-24 Ethernet profile, 12-24 filters, applying, 12-8, 12-24 filters, configuring, 12-24 Session options parameters, 4-35 sessions accounting options, 2-9 settings in Connection profiles, 4-41 Set comma
Index T stub areas, 8-6 cost, 8-6 Sub Pers parameter, 4-49 subaddressing, 3-59 subnet address format for class C, 9-3 zero, 9-3 subnet mask, 9-2 formatting, 9-2 switched channels duration maximum, 3-50 switched Frame Relay connections configuring, 5-33, 5-34 Connection profile, configuring, 5-35 Frame Relay profile, configuring, 5-34 RADIUS profiles, configuring, 5-37 system parameters T302 Timer, 3-23 system startup building IP routing table, 9-4 system-based routing, 9-6 T T1, 3-2 T1 Drop and Insert, 3-8
Index U topological database (OSPF), 8-3 TOS (Type of Service) enabling, 9-46 filters, defining, 9-49 RFC 1349, 9-31, 9-46 TOS filter, 9-46 TOS (Type of Service) filters action (set precedence bits), 15-18 applying to interfaces, 15-28 defined, 15-4, 15-18 Dest Port # parameter, 15-19 Dst Adrs parameter, 15-18 Dst Mask parameter, 15-18 Dst Port Cmp parameter, 15-19 interfaces, applying to, 15-25 Precedence parameter, 15-19 Protocol parameter, 15-18 RADIUS profile, 15-20 Src Adrs parameter, 15-18 Src Mask pa
Index W W WAN (Wide Area Network) ARA, 4-2 Combinet, 4-2 connections between serial hosts, configuring, 3-53 connections, introduction, 4-2 EU-RAW, 4-2 EU-UI, 4-2 IP host connections, requirements for, 9-35 IP routing, 2-6, 9-5, 9-31 IPX routing, 2-6 multicasting, 10-6 non-OSPF, configuring, 8-13 OSPF interfaces, designated router priority, 8-10 OSPF, configuring, 8-12 packet bridging, 2-5 RIP interface, configuring, 9-33 routing and bridging, 2-5 serial port, configuring, 3-29 terminal server connections,
