3Com 3C421600A Management Manual Download Page 236 | Manualshive

Page: 236 / 300

background image

234

C

HAPTER

14: H

ANDLING

P

ACKET

F

ILTERS

Filter Examples

This section provides specific filter examples.

IP Packet Filter Rule

Examples

This section briefly describes IP packet filtering options and provides rule
examples for each IP packet filtering capability. It includes the following
topics:

■

Source and Destination Address Filtering

■

Masks

■

TCP and UDP Parameter Filtering

■

IP/IPX-RIP Packet Filtering

■

IPX-SAP Filtering

■

ICMP Packet Filtering

■

IP/IPX-Call Filtering

■

Login-Access Filtering

Source and Destination Address Filtering

Source and destination address filtering is generally used to limit
permitted access to trusted hosts and networks only, to explicitly deny
access to hosts and networks that are not trusted, or to limit external
access to a given host (for example, a Web server or a firewall).

Only the part of the IP address specified by the mask field is used in the
comparison. If a match is found, the packet is forwarded (rules containing
accept) or discarded (rules containing reject).

The following rule example rejects forwarding of IP packets with a source
address of 192.77.100.32:

#filter

IP:

010 REJECT src-addr = 192.77.100.32;

The following rule example prevents forwarding of IP packets with
destination addresses that match the

first 24 bits of the given IP address

(that is, addresses beginning with 188.039.150):

#filter

IP:

010 REJECT dst-addr = 188.039.150.000/24;

«
...
234
235
236
237
238
...
»

Summary of Contents for 3C421600A

Page 1: ...http www 3com com SuperStack II Remote Access System 1500 System Management Guide Release 2 0 Part No 1 024 1797 Rev 2 00 December 1999...

Page 2: ...ly at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in FAR 2 101 a and as such is provided with on...

Page 3: ...18 Shared ISP 19 LAN to LAN 19 Individual Dial Out 19 Comprehensive Security Options 20 Configuration Options 20 Web Configuration Interface 20 Command Line Interface 20 2 USING THE COMMAND LINE INTER...

Page 4: ...the Primary Access Unit 33 Configuring Expansion Units 34 Reconfiguring the Private IP Network 34 Replacing I O Modules in the Port Expansion Unit 35 Disconnecting Expansion Units 35 Expansion Unit Co...

Page 5: ...fore You Begin 59 Required Information 59 Optional Information 60 RAS 1500 Configuration 60 Computers on the Network 60 Configuring the RAS 1500 61 Step One Add a System Name 61 Step Two Add an IP Net...

Page 6: ...figuring Callback Users 79 Calling Line Identification Callback 80 Overview 80 Call Handling 82 Configuring CLID Callback 84 Step One Add a CLID User 84 Step Two Configure the User CLID callback Setti...

Page 7: ...r Configure the User Routing Parameters 102 Step Five Configure the User PPP Parameters 103 Step Six Configure Phone Numbers 104 Step Seven Configure Authentication 105 Step Eight Save Your Work 105 L...

Page 8: ...e 130 AT Commands 130 Sending AT Command 130 Obtaining AT Command Help 131 Commonly Used AT Commands 131 Disconnecting with AT Commands 133 Configuring Data Compression Settings 134 Configuring Error...

Page 9: ...Setting the Originate Call Type 154 11 CONFIGURING THE RAS 1500 ROUTER Reconfiguring Your System 157 Customizing CLI Parameters 157 Discarding and Renaming Files 161 Communicating with Remote and Loca...

Page 10: ...g NOS Authentication on the RAS 1500 192 Troubleshooting NOS Authentication 195 RADIUS Accounting 195 Configuring RADIUS Accounting 196 Enabling and Disabling RADIUS Accounting 198 13 USING FRAME RELA...

Page 11: ...c Filters 220 Creating Filters 220 Filter File Components 220 Creating Filter Files 224 Configuring Filters 226 Setting Filter Access 226 Interface Filters 227 User Filters 228 Assigning a Filter to a...

Page 12: ...ram Protocol Broadcast Forwarding 251 Configuring UDP Broadcast Forwarding 252 Displaying UDP Broadcast Forwarding Parameters 252 16 USING NETWORK ADDRESS TRANSLATION AND PORT ADDRESS TRANSLATION Over...

Page 13: ...rmation 280 Analog V 34 Model FCC Part 68 Compliance Statement 280 Canadian Installations 280 Physical Dimensions 281 Interfaces 281 Power Requirements 283 C TECHNICAL SUPPORT Online Technical Service...

Page 14: ......

Page 15: ...formation Required Reference Command Line Interface basics Using the Command Line Interface Web based Configuration Web based Configuration of the RAS 1500 Configuring NOS or RADIUS security Using Sec...

Page 16: ...primary dial back number Set user name phone_number number In this example you must supply the user s name for name and phone number for number Commands The word command means you must enter the comm...

Page 17: ...Module or Port Expansion Module Release Notes SuperStack II Remote Access System 1500 This document provides information about the system software release including new features and bug fixes It also...

Page 18: ...his guide describes the installation and initial configuration of the RAS 1500 system SuperStack II Remote Access System 1500 System Reference Guide This guide describes how to configure the software...

Page 19: ...1 OVERVIEW This chapter contains the following information Overview Applications Configuration Options This guide provides the most commonly used command line interface CLI parameters...

Page 20: ...rimary Access Unit The RAS 1500 maybe be configured with a Router Unit and a Primary Access Unit as follows T1 North America Primary Access Unit with 23 Primary Rate Interface PRI ISDN channels E1 Eur...

Page 21: ...and a remote LAN Routing occurs when one device dials up another device and logs in as a user There are several types of LAN to LAN connections Manual On demand Timed Continuous The RAS 1500 supports...

Page 22: ...configuration options Web Configuration Interface Command Line Interface Web Configuration Interface You can configure the RAS 1500 by accessing the RAS 1500 Web Configuration Interface The Web Config...

Page 23: ...ing information CLI Overview Obtaining Registered IP Addresses Accessing the CLI Using CLI Quick Setup Configuration with the CLI Configuring a Manage User Configuration with the CLI Configuring Expan...

Page 24: ...sible options Navigating the Command Line Interface In addition to CLI commands required to configure the RAS 1500 the CLI has several additional commands to help make navigation through the CLI easie...

Page 25: ...nal Use the following steps to access the CLI from the Windows 95 or Windows NT desktop 1 Connect the provided serial cable to the RAS 1500 console port and your computer serial port 2 Click Start the...

Page 26: ...munications package or your program does not support VT100 emulation use ZTerm UNIX based Computers Kermit minicom and tip are typical terminal emulation programs for UNIX based computers Depending on...

Page 27: ...additional system information The name you enter serves as the RAS 1500 DNS name and SNMP system name The name is also the name that the RAS 1500 advertises in SAP broadcasts The name must be unique...

Page 28: ...table range is 8 30 32 if a host The network address is considered invalid if the portion of the station address not covered by the mask is 0 or if the station address plus the mask is 1 all 1s Defini...

Page 29: ...202 40 metric 1 Check the default route setting with the list ip routes command Step Four Configure IPX To configure the RAS 1500 LAN interface on an IPX network you must Determine the IPX network num...

Page 30: ...h Interrupt Ah Node address 0000C0488D28 Frame type ETHERNET_802 2 Board name TENBASE_802 2 LAN protocol RPL LAN protocol IPX network 00000684 This is an example of the information returned for one ve...

Page 31: ...S 1500 LAN port The same physical network segment has a different network number for each frame type used Be sure to enter the network number associated with the chosen frame type Use the following co...

Page 32: ...error message For instance in the case of three offline servers A B and C the RAS 1500 admits failure only after trying to reach them one after the other three times Use the following command add dns...

Page 33: ...your generic SNMP software You must set the following SNMP community values name community name address IP address of the Windows SNMP manager access either read only read write or administrator read...

Page 34: ...nage privileges to establish a secure centrally administered router through the CLI You can configure a remote login user or if you prefer to dial in you can create a manage user locally through the c...

Page 35: ...Router Unit use the following command set imodem interface rm0 slot1 mod 1 at_command ati12 Configuring Modems in the Port Expansion Unit To configure specific modems on your Port Expansion Unit use...

Page 36: ...private it may possibly conflict with other private IP networks defined in an office or enterprise If there is a conflict unpredictable problems with routing those private IP addresses through the RA...

Page 37: ...module if the Port Expansion Unit does not correctly recognize it complete the following steps 1 Disconnect the FireWire cable to the Router Unit 2 Delete the Port Expansion Unit delete pem pem name 3...

Page 38: ...ands set the destination IP IPX address the gateway used to access the remote destination and a metric value or distance in hops to reach the destination from the RAS 1500 The RAS 1500 also allows you...

Page 39: ...the remote destination is written in the hexadecimal format xxxxxxxx where addresses ffffffff or fffffffe are invalid The gateway is expressed in the hex format xxxxxxxx xx xx xx xx xx xx where xxxxxx...

Page 40: ......

Page 41: ...RAS 1500 by accessing the RAS 1500 Web Configuration Interface The Web Configuration Interface consists of a series of Web pages that are embedded on the RAS 1500 and viewed through a remote Internet...

Page 42: ...tion NAT and port address translation PAT settings Authentication Remote Authentication Dial In User Service RADIUS and network operating system NOS and accounting settings Login host Simple Network M...

Page 43: ...an IP address to a device Before you start this procedure confirm the RAS 1500 is connected to the same LAN segment as the workstation on which you are running the IP Wizard 1 Insert the SuperStack I...

Page 44: ...t as the IP Wizard workstation but do not have an IP address The RAS 1500 MAC address is printed on a sticker on the rear of the unit 4 In the IP Address text box type the IP address in dotted decimal...

Page 45: ...ater Java script supported and enabled Style sheets supported and enabled Frames supported 800 x 600 resolution on a 15 monitor 2 In the location or address field at the top of the browser type the RA...

Page 46: ...44 CHAPTER 3 WEB BASED CONFIGURATION OF THE RAS 1500 Figure 3 Web Configuration Interface Initial Screen B C A D E...

Page 47: ...able 4 Web Configuration Interface Initial Screen Callout Description A Uniform resource locator URL of the RAS 1500 B Available views Each of these views displays a different tree of folders and Web...

Page 48: ...you are prompted to setup a manager user as shown in Figure 5 Once this is done you may setup the RAS 1500 Figure 5 Setting Manager User Username and Password Configuration Pages Figure 6 shows a con...

Page 49: ...d Management of the RAS 1500 47 Figure 6 Web Configuration Interface Configuration Page Table 5 Web Management Interface Configuration Page Callout Description A Configuration fields B Navigation butt...

Page 50: ...field label A new window appears and displays help text for the selected field Page specific help In a configuration page click the Help button at the bottom of the page or in the Help view click the...

Page 51: ...hat you could access with a modem directly connected to the computer Dialout IP Verses Telnet Network computers communicate with the RAS 1500 over the LAN using either DialOut IP or Telnet A differenc...

Page 52: ...e name Optional Information The following information is optional Modem group name Modems to include in the modem group Configuring Your System For DialOut IP Software The RAS 1500 includes DialOut IP...

Page 53: ...em group for example dialout_modems The list of modems is a comma separated list of modem device names It cannot contain spaces Example rm0 slot 1 mod 1 rm0 slot 1 mod 2 The RAS 1500 includes a defaul...

Page 54: ...t DialOut IP does not support authentication through the RAS 1500 therefore a login prompt must not appear when the network service is first contacted To ensure security is off issue the following com...

Page 55: ...eadability Use the all modem group only if every modem port on the 1500 is connected to a telephone switch central office or PBX set modem_group all access two_way add network service dialout_service...

Page 56: ...Select Ports dialog box appears Step 2 Create DialOut IP COM Ports 1 In the Select Ports dialog box select the COM ports you want DialOut IP to create The list does not include COM ports that are in u...

Page 57: ...CP port number of the RAS 1500 8 Click Start DialOut IP determines the correct settings for the COM port If the process finishes with no errors click Use Settings to configure the selected COM port If...

Page 58: ......

Page 59: ...GURING TELNET NETWORK DIAL OUT This chapter contains the following information Overview Before You Begin Configuring the RAS 1500 Configuring Network Computers Dialing Out From a Network Computer Case...

Page 60: ...he local area network LAN to access modems on the RAS 1500 as though the modems were directly connected to the computers Once connected to a modem a network user can dial out to the Internet electroni...

Page 61: ...et up This chapter details Telnet network dial out For details about DialOut IP refer to Chapter 4 Configuring DialOut IP Configuring and Using Telnet Network Dial out Complete the following steps to...

Page 62: ...eout Login banner Login prompt RAS 1500 Configuration Before you begin confirm the following steps are complete as detailed in the Getting Started Guide The RAS 1500 hardware is successfully installed...

Page 63: ...d in the RAS 1500 command line interface CLI If you need assistance with accessing the CLI refer to the Getting Started Guide You must press Enter to issue a command in the CLI This step is not includ...

Page 64: ...0 sends a message to alert the user Users can either re submit the request for a modem or select another modem group Configure modem groups by specifying the interfaces that you want to belong to the...

Page 65: ...em group you create in this step Step Four Add the Dial out Service 1 Add the Telnet dial out service Use the following command add network service service name server_type server type socket socket n...

Page 66: ...s This parameter is optional For example modem_group telnet_users If you do not enter this command the network service uses the default modem group all which includes all of the modems on the RAS 1500...

Page 67: ...k dial out service enable network service service_name Example enable network service telnet_lab You cannot change the service name using the set network service command To change the service name you...

Page 68: ...each of the network computers as noted in Before You Begin on page 59 Table 10 User Parameters Parameter Description username Name of user up to 64 ASCII characters user password Password of the user...

Page 69: ...ovides a step by step example of configuring the RAS 1500 and network computers for Telnet dial out A user on the network Eddie wants to dial out through the RAS 1500 using Telnet This example assumes...

Page 70: ...s Use the following command add network service telnet server_type telnetd socket 6666 data service_type dialout modem_group telnet_users 7 Save your work Use the following command save all 8 On the n...

Page 71: ...contains the following information Overview Before You Begin Configuring the Remote Computer Configuring RAS 1500 Using Callback and Roaming Callback Calling Line Identification Callback Network Callb...

Page 72: ...connect to the local network via Novell IPX Internet Protocol IP or AppleTalk Using Network Dial In Use network dial in Figure 8 if you want to configure a RAS 1500 to allow dial in users to do the fo...

Page 73: ...equirements Provide the remote RAS 1500 dial in user with the following Username and password Telephone number to access RAS 1500 Communications Software Provide the remote computers with the correct...

Page 74: ...PPP parameters for network users 4 Configure additional dial up parameters IP Address Pool Overview RAS 1500 has an option to dynamically assign IP addresses to dial in network users from a pool each...

Page 75: ...ample set ip pool kurtspool size 24 3 Configure the state of the IP address pool Use the following command set ip pool name public private Example set ip pool kurtspool public 4 Configure the IP addre...

Page 76: ...ollowing command add user name password password type network login callback dialout manage network_service slip ppp fcp arap fr_1490 Example add user kurt password chicago type network login network_...

Page 77: ...upported for network users employing this method Use the following command set network user name address_selection assign negotiate specified Example set network user gina address_selection negotiate...

Page 78: ...mpression algorithm type Use the following command set network user name ppp compression_algorithm ascend auto microsoft none stac Example set network user tom ppp compression_algorithm stac 2 Configu...

Page 79: ...ptimum compression algorithm Use the following command set network user name ppp reset_mode_co auto every_packet every_error Example set network user tom ppp reset_mode_co auto 7 Configure the ML PPP...

Page 80: ...to use either the Password Authentication Protocol PAP or Challenge Handshake Authentication Protocol CHAP for PPP connections The default setting is either When a user dials in RAS 1500 first tries...

Page 81: ...S 1500 call you back at a preconfigured phone number Dynamic callback Dynamic callback or Roaming callback allows your users to dial into your SuperStack II Remote Access 1500 prompts for the callback...

Page 82: ...dial in user based on the user s Automatic Number Identification ANI Benefits of callback over dial in Cheaper in certain cases Provides lower cost connections when the calling party s tariffs are hig...

Page 83: ...e RAS 1500 supports only CLID callback for ISDN users not analog users The RAS 1500 supports only CLID callback for local users not Network Operating System NOS and Remote Authentication Dial In User...

Page 84: ...hes the incoming ANI The RAS 1500 queries the user s record for its type A remote user dials into the RAS 1500 Does the ANI of the incoming call match the CLID of a user The RAS 1500 places a dial out...

Page 85: ...If the ANI of the incoming call matches the CLID of the user the user is called back If the ANI of the incoming call does not match the CLID of the user the call is rejected Option 2 CLID callback and...

Page 86: ...se the following command add user name type clid_callback network and or login For example add user schmidt type clid_callback network When issuing the add command for a clid_callback user the type pa...

Page 87: ...RAS 1500 calls back the remote user The RAS 1500 attempts the alternate number if the primary number is unavailable Use the following command set user name phone_number primary phone number set user...

Page 88: ...tting to modems or modem groups To set CLID security for a modem You can only configure modems one at a time To configure multiple modems at the same time use modem groups below set switched interface...

Page 89: ...er fred type manage clid_callback ras1500 set user fred phone_number 384010 modem_group onest ras1500 set user fred callback_delay 5 ras1500 set fac Call Initiation Process log verb ras1500 set switch...

Page 90: ...umptions This case study assumes the following A Windows 95 Dial Up Networking connection was created and Network settings were configured for the client RAS 1500 uses the correct IP address and netma...

Page 91: ...etects the authentication method the remote computer is using CHAP or PAP RAS 1500 first attempts CHAP then PAP authentication If the remote computer does not support one of these methods RAS 1500 dro...

Page 92: ...t IP addresses are not broadcast aggregate IP addresses are broadcast 4 Add idle and session timeouts to limit Bridgett s time on the line set user bridgett idle_timeout 90 session_timeout 1800 5 Save...

Page 93: ...nformation Overview Before you Begin Configuring LAN to LAN Routing LAN to LAN Routing Case Study Configuring IP on Demand This chapter assumes that all routing devices have been installed and that bo...

Page 94: ...et arrives at a bridge or a router the device uses tables to determine where the packet belongs A major difference between routing and bridging is the layer at which each works Bridges use hardware ad...

Page 95: ...1500 connects to another router periodic router updates called RIP messages allow routers to identify which networks are accessible You can configure the RAS 1500 to send and receive these RIP messag...

Page 96: ...the expansion value you specify the RAS 1500 brings up an additional B channel If on a second sample line usage drops below the decrement value you set the RAS 1500 drops the additional B channel The...

Page 97: ...ve defined a static route to a given location the RAS 1500 assumes you want to use that route and ignores dynamic routing broadcasts pointing to the same location Static routes remain in the table unt...

Page 98: ...y to reach a remote network your RAS 1500 is not aware of by manually specifying it Spoofing The RAS 1500 supports spoofing between another RAS 1500 or Total Control products Spoofing is an inexpensiv...

Page 99: ...tring the challenged system replies with a packet containing both the response value and a username The authenticating host looks up the correct password for the username received and then performs th...

Page 100: ...ee Configure the user dial_out parameters Step Four Configure the user routing parameters Step Five Configure the user PPP parameters Step Six Configure phone numbers Step Seven Configure authenticati...

Page 101: ...s for a numbered link is the IP address of the dial up port on the remote device The remote_ip_address for an unnumbered link is the IP address associated with the unnumbered interface on the remote d...

Page 102: ...upplied by the RAS1500 when it is prompted for a password by a remote router that is authenticating it It should match the password defined on the remote router for that identity When the default rout...

Page 103: ...sion These settings are only necessary if the connection type is timed set dial_out user username site start_time hh mm ss end_time hh mm ss Example set dial_out user main_office site start_time 13 00...

Page 104: ...ute is added to the routing table after the user connection is active Until then it is not visible in the routing table add framed_route user username ip_route ip hostname ip network address gateway h...

Page 105: ...cm 1 Configure basic PPP parameters set network user username ppp compression_algorithm algorithm max_channels maximum number of channels channel_expansion at x percent load on current link channel_de...

Page 106: ...hannels 2 channel_expansion 60 channel_decrement 20 2 Configure optional PPP parameters set network user username ppp expansion_algorithm linear or constant min_size_compression 0 2047 bytes reset_mod...

Page 107: ...ial up LAN to LAN connection Example set ppp receive_authentications chap set system transmit_authentication_name main_office Step Eight Save Your Work Save your work save all LAN to LAN Routing Case...

Page 108: ...C interface rm0 eth 1 2 Add a user add user branch_office password chicago type network dial_out set user branch_office idle_timeout 300 Idle_timeout must be a minimum of 180 3 Configure the user net...

Page 109: ...ss 192 112 227 1 C interface rm0 eth 1 2 Add a user add user main_office password boston type network dial_out set user main_office idle_timeout 300 3 Configure the user network parameters set network...

Page 110: ...twork add ip network ipnet 1 address 192 112 226 1 C interface rm0 eth 1 2 Add a user add user branch_office password chicago type network dial_out set user branch_office idle_timeout 300 3 Configure...

Page 111: ...ipnet 2 address 192 112 227 1 C interface rm0 eth 1 2 Add a user add user main_office password chicago type network dial_out set user main_office idle_timeout 300 3 Configure the user network paramet...

Page 112: ...enabled no set network user username ip_routing both set user username phone_number phone number set user username alternate_phone_number phone number set system transmit_authentication_name authenti...

Page 113: ...8 BRIDGING WITH THE RAS 1500 This chapter contains the following information Overview Enabling Bridging Over the LAN Using FCP to Bridge with OfficeConnect Routers...

Page 114: ...mines where the frame belongs by analyzing address information When to Use Bridging When a frame arrives at a bridge the bridge analyzes the frame for the hardware address Figure 12 shows an example o...

Page 115: ...ng Over the LAN Use the following steps to enable bridging over the local area network LAN 1 Create a user Use the following command add user name password password type network dial_out Example add u...

Page 116: ...mber alternate_phone_number second number set network user name ppp channel_decrement percent ppp channel_expansion percent 5 Save your work save all Using FCP to Bridge with OfficeConnect Routers The...

Page 117: ...P works 1 The RAS 1500 established the LAPB link as a part of the FCP negotiation 2 Both sides of the link exchange Names and MAC addresses negotiate compression STAC and reset the sequence numbers 3...

Page 118: ...a user with the modem group set user username modem_group 12 b Set the user phone number set user username phone phone number c Set the user alternate phone number set user username alternate phone n...

Page 119: ...e to send the frame Maybe a dial up link is still available where that can be forwarded If it does not know where to send it it will cycle through the configured dialout bridging users bringing up the...

Page 120: ......

Page 121: ...the local network using a login service such as Telnet Rlogin or ClearTCP Before You Begin Before you begin configuring the RAS 1500 as an IP terminal server follow all the configuration steps in the...

Page 122: ...user to access a login host using a host name you must first configure a DNS server using the add dns server command Example add dns server 7 7 7 7 name boston preference 1 To set up login host table...

Page 123: ...number specified in their user profile You can setup the user for a specific login service to access a specific login host or you can let the user determine the login service and login host You can a...

Page 124: ...a phone number at which the user is called back using the following command set user name phone_number number At this point it may be helpful to use the show user command to display the user s defaul...

Page 125: ...tting Login Host IP Address If login user s host type is specified you must enter the IP address for the host to be connected to Login Service Specifies the default login service See step 1 for detail...

Page 126: ...e user has set up a terminal emulation session such as the Windows HyperTerminal with a phone number and standard communications parameters The IP network is configured All other settings remain at fa...

Page 127: ...enter the following command to connect to either host connect quartz or connect granite Jack is connected to the host and prompted for a username password Trying 195 112 133 2 Connected to 195 112 13...

Page 128: ...gin_service rlogin 2 Add a login host for Jill to access Use the following command add login_host granite address 195 112 133 10 pref 1 3 Configure Jill to specifically access Granite Use the followin...

Page 129: ...m authentication Jill is up and running on the host When Jill logs out of her host session she exits from the RAS 1500 as well Example Granite logout NO CARRIER Microsoft R Windows 95 C Copyright Micr...

Page 130: ......

Page 131: ...Information Working with Modem Memory Configuring Modem Call Control Settings Configuring 56 Kbps Technology Configuring ISDN 3Com recommends using the Web configuration interface to configure the mod...

Page 132: ...from your management station or computer You are now ready to use the Console Interface to configure the RAS 1500 AT Commands AT commands are used to communicate directly with the ports within the RAS...

Page 133: ...others used in modem initialization strings Basic AT Dial Commands The basic commands needed to dial using an RAS 1500 are listed in the Table 26 Refer to the Issuing AT commands section earlier in th...

Page 134: ...codes X3 or higher W AT9W5551234 Wait for an answer After the modem detects at least one ring it waits for five seconds of silence at the other end of the call and then continues executing the Dial st...

Page 135: ...ls go on hook issue the command below H Example ATH hangs up the modem Action Command Example View stored telephone numbers I5 ATI5 Write the following Dial string s to NVRAM at position n n 0 3 Zn s...

Page 136: ...d as a default setting V 42 bis versus MNP 5 Data Compression Of the two data compression protocols V 42 bis is considered to be the better of the two in most cases because it dynamically deletes entr...

Page 137: ...re in Table 30 Table 30 Dictionary Sizes The RAS 1500 uses an 11 bit or 2048 entry dictionary but can reduce its size to accommodate a remote modem that uses a 9 or 10 bit dictionary As the dictionary...

Page 138: ...peed but without error control and if you are not using an error control protocol for your call you may lose data Error Control The RAS 1500 is set at the factory to M4 causing it to try for an error...

Page 139: ...receiving device If errors are encountered retransmission activity can cause a steady stream of data from the computer to overflow the buffer Error control is required for data compression and recomm...

Page 140: ...during the handshaking process allowing for a faster connection The commands used are ATS27 4 and ATS 27 5 See the Table 32 for setting information Table 32 V 42 MNP Negotiation Method The defaults a...

Page 141: ...allows the modem to distinguish between a momentary lapse due to line quality and a true disconnect by the remote modem If this value is set to 255 the modem does not hang up on loss of carrier It han...

Page 142: ...em connects to an RAS 1500 it limits the maximum speed of the connection based on the value specified with N If the U argument is zero the connection is limited to the single speed implied by the N ar...

Page 143: ...the U argument is zero the connection is limited to the single speed implied by the N argument For asymmetrical links N and U are used to constrain the speed of the higher speed direction of the link...

Page 144: ...imum rate implied by the U value Controlling the Minimum Low speed Direction Low speed direction speed is the send receive baud rate of the slowest end of a connection Use the following S74 settings i...

Page 145: ...in Table 37 to control the maximum low speed direction speed Table 37 S75 Upper Limit Link Speeds Upper Limit Link Speed Setting Example No upper limit 0 ATS75 0 2400 1 ATS75 1 4800 2 ATS75 2 7200 3...

Page 146: ...ble 38 lists each command available Table 38 Modem Query Commands ATI8 ATI0 ATI2 and ATI18 are reserved Display Command Product name ATI3 Current modem settings ATI4 Settings stored in the modem s NVR...

Page 147: ...o data was transferred but the protocol was able to recover Link NAKs Negative acknowledgments one or more blocks Data Compression The type of data compression negotiated for the call V 42 bis or MNP5...

Page 148: ...ta frame without error LD received The remote modem sent an MNP error control Link Disconnect request DISC The remote modem sent a V 42 Disconnect frame Loop loss disconnect The modem detected a loss...

Page 149: ...ate Viewing Settings When you issue an AT configuration command the modem stores the command RAM as a current setting Any setting s that you change and do not save to the modem are active until you re...

Page 150: ...interface rm0 slot1 mod 4 at_ command AT F08W Configuration templates cannot be customized since they are a part of the modem ROM However you may load a template into active memory modify it and save...

Page 151: ...then save them to Flash with the W command as in the following example AT K3 X3 S10 40 A2 T W Configuring Modem Call Control Settings You can use AT commands to configure how modems operate You can co...

Page 152: ...tion in seconds that the local modem waits to detect a carrier signal from the remote modem ATS7 n n 0 255 60 Setting Command Parameters Default Idle time before disconnect If set in minutes to greate...

Page 153: ...n tenths of a second of the EIA specified Multimode Training sequence for V 32 modems which includes 3Com Dual Standard modems set to answer V 32 calls set to B0 The delay gives V 32 modems additional...

Page 154: ...system The larger the window the more frames that can be transferred without an acknowledgment However the more frames that are transferred without an acknowledgment the more the receiver is required...

Page 155: ...Every time a call comes in the RAS 1500 goes through a link negotiation process called handshaking with the remote device The way the RAS 1500 handles outgoing and incoming calls depends on the call t...

Page 156: ...ific type V2 1 6 and the desired connection cannot be made the RAS 1500 does not negotiate for other types of connections Default configuration to V 120 with X 75 turned off Setting the Originate Call...

Page 157: ...ls Originating Non HDLC Protocols Use the commands in Table 48 to control the originating non HDLC 64 protocols Table 48 Non HDLC 64 Protocols Originating Analog Modem Mode Use the commands in to cont...

Page 158: ......

Page 159: ...ing CLI Parameters Local Prompt Use set command if you have more than one SuperStack II Remote Access System RAS 1500 and want to differentiate between them or you just want to customize your prompt f...

Page 160: ...lobal prompt value is useful if you are running a number of processes and want to differentiate between the global and session prompts Or if you are Telnetting to the system for instance and want to c...

Page 161: ...M INFO set system name marauder set system contact Henry Stimson set system location 3Com Lab SETTING THE LOCAL COMMAND PROMPT set command prompt RAS 1500 SETTING THE SYSTEM COMMAND HISTORY set comman...

Page 162: ...t accounting primary_server 157 172 248 54 secondary_server 157 172 248 40 enable accounting enable ip rip enable ip routing enable security_option remote_user_administration dialin or telnet ADDING U...

Page 163: ...es Dial Disconnect and Hangup Commands You can dial up a remote or local site with the dial command and log in to hosts with the rlogin and telnet commands You can use the hangup and logout commands t...

Page 164: ...the message as it was configured The options are date current date according to system uptime callid user call number according to system uptime port port occupied by user rm0 mod y hostname user hos...

Page 165: ...ommand shown below add network service service_name close_active_connections false true data ancillary entry enabled no yes socket socket number server_type cleartcpd dialout snmpd telnetd tftpd Examp...

Page 166: ...es and forward slashes and auth must be on Default login service_type manage dialout Indicates whether the service is offering modem sharing service or manage service Modem sharing service connects th...

Page 167: ...it is enabled by default When changing any parameter you must first disable the service then re enable it Example abbr set network service telnet user server_type telnetd data auth off enabled yes se...

Page 168: ...as sent to RAS 1500 If you want to obtain a file from another network host add that host as a TFTP client and from within the system use Telnet to access that host and use the following command to obt...

Page 169: ...o and the value of the Telnet escape character Typing status at the telnet prompt will produce something like this Connected to 172 144 122 144 Escape character is Telnet Control Characters Console po...

Page 170: ...the console port Although messages are sent to the Console port by default you can configure a SYSLOG host to receive messages This would free up the Console since sending messages uses system resour...

Page 171: ...llege hu com address 133 114 121 15 resolve name hahvahd Remotely add dns server 133 114 121 45 preference 1 name Our DNS server Screen output example Network Name hahvahd college hu com is resolved t...

Page 172: ...out 1 60 verbose yes no Example ping 199 55 55 55 count 3 verbose yes The command would display the following PING Request 1 Time ms 10 PING Request 2 Time ms 0 PING Request 3 Time ms 0 PING Destinati...

Page 173: ...ing maximum_rows command sets the maximum number of rows permissible in the Remote Ping Table Setting this parameter to a number smaller than the current number of rows will not cause any row deletion...

Page 174: ...t Larry Johnson System Name RAS 1500 System Location westboro System Services Internet EndToEnd Applications System Transmit Authentication Name RAS 1500 System Version V1 5 Viewing Interface Status S...

Page 175: ...use show commands to view the current configuration and its routing activity A few of the show commands used for troubleshooting are covered in this section including show memory show connection setti...

Page 176: ...erface of current connections Username name of users currently connected Type current type of connections established on modems They include On demand user connection established for on demand purpose...

Page 177: ...ate of a connection established on the specified interface Start Time start time of a connection established on the specified interface Example CONNECTIONS IfName User Name Type DLL Date Time Start St...

Page 178: ......

Page 179: ...e RAS 1500 grants or denies access based on information in the local user table only RADIUS authentication only The RAS 1500 sends a request to the RADIUS server and grants or denies access based on t...

Page 180: ...configuration RADIUS Authentication Overview Use the RADIUS authentication for centralized authentication services on your network RADIUS authentication is enabled by default The RADIUS authenticatio...

Page 181: ...f local authentication is enabled 2 The RAS 1500 encrypts the user s password using an encryption key shared by both the RAS 1500 and the RADIUS server and passes the username and encrypted password t...

Page 182: ...cret string primary_server name_or_ip_address secondary_port port_number secondary_secret string secondary_server name_or_ip_address retransmissions number timeout seconds type nos radius Each of the...

Page 183: ...etransmits an authentication request to both primary and secondary RADIUS servers Use the following command set authentication retransmissions count 7 Set the UDP port to match the UDP port setting on...

Page 184: ...e of the following commands show authentication settings or show configuration NOS Authentication Overview NOS authentication is an alternative to RADIUS authentication for local and dial in users usi...

Page 185: ...500 server and indicates to the user that the authentication has failed or passed 5 The RAS 1500 assigns the default user profile to the dial in user Installation Overview For NOS authentication to op...

Page 186: ...You MUST load the software application on an Novell Server The time on the RAS 1500 and the Novell NetWare server must be within 15 minutes of each other 1 Copy the appropriate security NLM see below...

Page 187: ...25 tcp mail time 37 udp timeserver name 42 udp nameserver whois 43 tcp nicname domain 53 tcp hostnames 101 tcp hostname sunrpc 111 udp Host specific functions tftp 69 udp finger 79 udp link 87 udp tt...

Page 188: ...for Bindery sbindery nlm or for Novell Directory Services NDS snds nlm depending upon your NetWare Server version and which service is used load sbindery 3Com where sbindery is NLM name for the RAS 1...

Page 189: ...y client starts each time the system is rebooted add the above commands in autoexec ncf file For NDS add the command after TCP IP binding IP to an interface and LOAD DSAPI For bindery add the command...

Page 190: ...3c5x9 slot 5 frame ETHERNET_II name 3c5x9_2 bind ipx to 3c5x9_2 net cc100001 load 3C5X9 slot 5 frame ETHERNET_802 3 NAME 3C5X9_3 bind IPX to 3C5X9_3 net AA330000 load 3c5x9 slot 5 frame ETHERNET_SNAP...

Page 191: ...ount database with NT User Account Manager This application software is a NT service that processes authentication requests from the RAS 1500 The NT Security Client uses a 3Com proprietary communicati...

Page 192: ...500 and the Windows NT server must be within 15 minutes of each other If you change the time on a Windows NT Server you must reboot the server for the change to take effect 1 Insert the RAS 1500 Resou...

Page 193: ...t are encrypted with an Encryption Key The default Encryption Key is 3com The Encryption Key is stored in the NT Registry database in the entry of EncryptionKey under the subkey HKEY_LOCAL_MACHINE sys...

Page 194: ...hentication server may differ If you want to change the primary_secret refer to the readme file provided with the Security application 3 Configure the secondary NOS authentication server set authentic...

Page 195: ...GMT offset of the RAS 1500 This setting is between 12 00 and 14 00 inclusive set timezone hh mm See Appendix A GMT Time Zones to find the GMT offset for your location Eastern United States example se...

Page 196: ...t day_of_week sunday month october time_to_correct 02 00 00 amount_to_correct 01 00 00 Use the following command to enable DST on the RAS 1500 enable dst Setting the Date Use the following command to...

Page 197: ...dministrator The RAS 1500 sends frames to the RADIUS accounting server that enables RADIUS to perform accounting functions The RADIUS accounting server uses the same basic protocol as the RADIUS authe...

Page 198: ...r An example is shown after the final step 1 Select the primary RADIUS accounting server Use the following command set accounting primary_server ip_address 2 Optional Select the secondary RADIUS accou...

Page 199: ...begins accounting either at the point of authentication or the point of connection Use the following command set accounting start_time authentication connection 7 Set the interval in seconds between r...

Page 200: ...s of RADIUS accounting output The first describes a login user who has just begun a session Thurs Jan 16 22 00 55 1999 Acct Session ID 06000003 User Name cindyg Acct Status Type Start Acct Authentic R...

Page 201: ...ervice Type Framed User Framed Protocol PPP Framed Address 122 132 124 152 Framed Netmask 255 255 124 0 When the framed user ends the session a record similar to the one below is sent to the accountin...

Page 202: ......

Page 203: ...e Relay Configuration Using the Command Line Interface Frame Relay Data Link Configuration Frame Relay PVC Configuration Monitoring and Troubleshooting Case Study The Frame Relay Stack complies with t...

Page 204: ...lay supports congestion management which attempts to notify endpoints that the network is experiencing congestion and that the volume of traffic should be reduced to stop Frame Relay nodes from discar...

Page 205: ...LMI provides a polling mechanism that allow switches and routers to request the status of all PVCs on a given interface Supporting Frame Relay The RAS 1500 provides a synchronous serial interface cap...

Page 206: ...ts the Excess Burst Size Be is reached Any data in excess of Be is discarded All data is discarded until a new Tc begins Abbreviation Term Description Bc Committed Burst Size The number of bits above...

Page 207: ...24k Bc Max 40k Be 48k Access 64k 56k 32k Bc Tc All Data between Bc and Be is sent with the DE bit set All data in excess of Be is discarded Bc is variable between Bc_Max and Bc_Min depending on conge...

Page 208: ...uired system level parameters you are ready to begin configuring the RAS 1500 to use Frame Relay There are three basic components to a Frame Relay configuration Frame Relay user Frame Relay data link...

Page 209: ...the IP address of the remote router WAN port The local_ip_address is the IP address of the local router WAN port 4 Set the user routing options as follows For a command description see Table 54 set n...

Page 210: ...ing_interval 5 30 The parameters in Table 55 do not usually need modification They are based on the management type configured in Step 2 Table 55 Frame Relay Parameters Parameter Description access_ra...

Page 211: ...to the associated user profile There is one PVC per user You must create a user for each PVC that you configure Use the following steps to configure the Frame Relay PVC 1 Add the Frame Relay PVC and...

Page 212: ...burst All data above Bc is marked DE Any data in excess of Be is discarded becn_cmp Backward Explicit Congestion Notification Congestion Monitoring Period The number of seconds in each BECN Monitoring...

Page 213: ...s show frame_relay pvc pvc name counters List the Status of all Frame Relay PVCs Use the following command to list the status of all Frame Relay PVCs list frame_relay Case Study Goal Use a Frame Relay...

Page 214: ...ocol ripv1 3 Enable the IP network enable ip network sitea 4 Add a Frame Relay user add user siteb type network network_service fr_1490 enabled no 5 Set the user protocol settings set network user sit...

Page 215: ...Enable the IP network enable ip network siteb 4 Add a user add user sitea type network network_service fr_1490 enabled no 5 Set the user protocol settings set network user sitea ip enable ipx disable...

Page 216: ...ol set ip network sitea routing_protocol ripv1 3 Enable the IP network enable ip network sitea 4 Add a Frame Relay user add user siteb type network dialout network_service fr_1490 enabled no 5 Set the...

Page 217: ...the RAS 1500 steps 1 through 3 are not necessary 1 Add an IP network add ip network siteb interface rm0 eth 1 address 172 17 253 254 b 2 Set the IP network routing protocol set ip network siteb routin...

Page 218: ...sitea 9 Configure the Frame Relay datalink add datalink frame_relay interface rm0 wan 1 enabled yes 10 Configure a Frame Relay PVC and associate a user with it add frame_relay pvc btoa dlci 102 interf...

Page 219: ...ed Filtering Overview Filter Types Creating Filters Configuring Filters Managing Filters General Filter Setup Filter Examples This chapter describes how to use a text editor and the command line inter...

Page 220: ...e following filtering capabilities Input output filtering Packet filters can be used to control inbound or outbound data packets Source destination address filtering A packet filter can accept or deny...

Page 221: ...ering on source network destination network protocol type source socket destination socket source node and destination node of the IPX packet Advertisement Filters Advertisement filters act on network...

Page 222: ...d use generic filters and strictly in cases where data and advertising filters cannot provide necessary filtering capabilities Creating Filters The RAS 1500 performs packet filtering based on rules yo...

Page 223: ...ol Sections Protocol Rules You define protocol rules within each protocol section in the filter file These rules set which packets may and may not access the network The following is the rule syntax l...

Page 224: ...tination address is yyy the following rules are used IP 010 ACCEPT src addr xxx 020 ACCEPT dst addr yyy Field Description line Each rule must have a unique line number 1 999 You must arrange rules in...

Page 225: ...increasing order verb This field can be one of the following ACCEPT allow packet access if the condition is met REJECT do not allow packet access if the condition is met AND logically use the AND con...

Page 226: ...ter Files To create a filter use a text editor on your computer to create or edit a filter file Use the Trivial File Transfer Protocol TFTP to load the file in the RAS 1500 FLASH memory If you TFTP an...

Page 227: ...ion if different from the default value of PERMIT Example 030 DENY 5 Continue to define protocol rules for each protocol section you want to filter Then check the file to ensure it meets the RAS 1500...

Page 228: ...ires the original filter files to be deleted using delete filters Reverify and reapply using set interface Use show filter filter name to view your file If you are applying a filter to a RADIUS user u...

Page 229: ...to determine whether the interface accepts or rejects the packet Interface filters can be applied dynamically without having to disable and re enable each network on that interface If you prefer to c...

Page 230: ...does not waste time processing a packet that is going to be discarded anyway Most importantly the RAS 1500 does not know which interface an outgoing packet came in through If a potential intruder for...

Page 231: ...lot1 mod 3 output_filter outfilter fil filter_access off If you want to set slot 4 mod 8 input and output filters at the same time enter the following set interface rm0 slot1 mod 3 input_filter infilt...

Page 232: ...ollowing command list filters The resulting display might look like the following example Adding Filters to the Managed List The add filter command verifies filter syntax before adding a filter to the...

Page 233: ...set interface rm0 eth 1 output_filter ENTER Now be sure to reapply the filter with the set interface command Enter the following set interface rm0 eth 1 output_filter filter_name Removing a Filter fro...

Page 234: ...er you issue the set interface command So remember to remove and reapply the filter to ensure new filter rules apply to all affected interfaces To verify a filter file use the following command verify...

Page 235: ...t filter is named ras1500 fil 2 If you are configuring a user filter not an interface filter enable filter_access off by default with the following command Filter access should remain off for an inter...

Page 236: ...to limit permitted access to trusted hosts and networks only to explicitly deny access to hosts and networks that are not trusted or to limit external access to a given host for example a Web server...

Page 237: ...e unimportant 8 Compare the first byte octet in the IP addresses 16 Compare only the first two bytes of the IP addresses 24 Compare only the first three bytes of the IP Addresses 32 Match the entire I...

Page 238: ...IP 010 AND tcp dst port 23 020 ACCEPT tcp dst port 40 030 DENY The following rule example accepts only UDP packets that have a destination port number that is in the range of 24 to 39 filter IP 010 AN...

Page 239: ...111 Sun Remote Procedure Call 113 113 Authentication Service 119 Network News Transfer Protocol 123 123 Network Time Protocol 161 161 Simple Network Management Protocol 162 162 Simple Network Managem...

Page 240: ...ilter all but the following IPX networks enter the following filter IPX RIP 010 REJECT network 00 00 99 ff 020 REJECT network 99 88 0 45 030 REJECT network 0 8 7 5 To filter an IP route based on a sub...

Page 241: ...are error messages necessary for the correct operation of TCP IP Table 61 ICMP Message Types If you are concerned about security filter out incoming type 5 messages Sending ICMP redirects is an easy...

Page 242: ...ork addresses hosts and socket numbers Call filtering occurs after output filters are processed and are used for ondemand calls only For example to allow outgoing calls from the user of IP address 192...

Page 243: ...of 1 Some routers used on the same network RAS 1500 may be configured to filter out specific traffic In some cases these routers may not apply the filter correctly Should this happen those packets wil...

Page 244: ...tion as specified in the sender packet IP header Using this command you can discard packets of this type although this is a lower level of security than All Header Options The following commands are a...

Page 245: ...n form 0Xxxxx Keyword Description Operators Value network network address or xx xx xx xx node node address or xx xx xx xx xx xx server server name or character string max 32 service type service type...

Page 246: ...65536 src node source node address or 0 255 dst node destination node address or 0 255 src socket source socket number all 1 254 dst socket destination socket number all 1 254 generic field based on...

Page 247: ...eded basis A user receives IP information when it is required and returns the IP information when finished with it This is useful when IP addresses are limited or used temporarily DHCP allows centrali...

Page 248: ...DHCP server in behalf of the DHCP dial in clients The DHCP server receives and processes the request and sends the IP information back to the dial in server via the RAS 1500 Acting as a DHCP relay th...

Page 249: ...sts IP information the DHCP server not the RAS 1500 sends it to the user When a dial in user requests IP information the RAS 1500 acting as a proxy server relays the request to the DHCP server The DHC...

Page 250: ...tion to the local LAN 1 user When a local LAN 2 user requests IP information the DHCP server sends it to the user When a dial in user to the RAS 1500 requests IP information the RAS 1500 acting as a p...

Page 251: ...ends it to the user When a dial in user to the RAS 1500 A requests IP information the RAS 1500 A acting as a proxy server relays the request through the PSTN to the RAS 1500 B The RAS 1500 B relays th...

Page 252: ...ode dhcp_proxy 2 Set the DHCP mode set dhcp mode server 3 Set parameters for DHCP users These are the settings the DHCP server sends to users a Set the subnet mask and start and end addresses of the D...

Page 253: ...gnment mode set ip address_assign_mode dhcp_proxy 2 Set the DHCP mode set dhcp mode disabled or relay 3 Specify the IP addresses of the primary and alternate DHCP servers set dhcp proxy server1 addres...

Page 254: ...ng By default UDP broadcast forwarding is disabled To add or delete a UDP broadcast forwarding port use the following command add delete ip udp_bcast_forwarding_port port number For example to add por...

Page 255: ...our ISP assigns you a public subnetwork 200 1 1 0 28 from which you set aside a pool of public addresses from 200 1 1 1 to 200 1 1 10 When a user on 192 168 111 to 200 1 1 15 and a user on your privat...

Page 256: ...mic NAT Public Private 200 1 1 1 200 1 1 3 200 1 1 2 Public 192 168 111 1 Private 200 1 1 1 200 1 1 3 200 1 1 2 Public 192 168 111 1 Private 200 1 1 1 192 168 111 3 200 1 1 3 200 1 1 2 Public Private...

Page 257: ...address 200 1 1 1 port 5001 The RAS 1500 maintains a dynamic PAT mapping for this translation Then when an inbound packet addressed to 200 1 1 1 port 5001 arrives at the RAS 1500 from the public netwo...

Page 258: ...n the public IP address pool When another user attempts to access the public network the private address and port of the user are assigned the next available IP address and port in the public IP addre...

Page 259: ...t network user nat_user nat_option nat To disable NAT for a user use the following command set network user username nat_option disable Example set network user nat_user nat_option disable Adding Dyna...

Page 260: ...ettings show user username Example show user nat_user To list active NAT address mappings use the following command list nat user username address To list active NAT port mappings use the following co...

Page 261: ...ample add pat tcp user pat_user private_address 192 168 111 1 private_port 80 public_port 80 Incoming packets from the public network whose destination port mappings do not exist in the dynamic PAT tr...

Page 262: ...must match the password ras The public subnet allocated by the ISP for use by this private network is 202 55 55 40 29 The RAS 1500 is assigned the address 202 55 55 41 29 The private network has two...

Page 263: ...p named 78 add modem_group 78 interface rm0 slot 2 mod 3 4 5 Add and configure a user named nat_user add user nat_user password ras type network dial_out enable no set user nat_user modem_group 78 pho...

Page 264: ...lready configured the ISDN modems for proper operation However adding more than 4 Multi Link Point to Point Protocol MLPPP links diminishes the gain of adding the channels because of the MLPPP overhea...

Page 265: ...ng listen set network user pat_user nat_option pat set network user pat_user pat_default_address 192 168 1 2 set dial user pat_user data async set dial user pat_user local_ip_address 255 255 255 255 s...

Page 266: ......

Page 267: ...ed line on its serial port A leased line is a dedicated line between two sites and is permanently installed rather than a dialed up connection PPP over the WAN port can connect to another RAS 1500 or...

Page 268: ...449 V 11 V 10 EIA 530 V 11 V 10 EIA 530A V 11 V 10 Case Study Before You Begin Before you configure the RAS 1500 for PPP over leased line do the following 1 Work with the phone company to acquire a l...

Page 269: ...seconds Assumptions Each office has a functioning RAS 1500 Each office has a separate IP network The main office has 192 112 226 0 C the branch office has 192 112 227 0 C Use Routing Information Proto...

Page 270: ...3 Configure the user network parameters a Numbered link set network user branch_office address_selection specified remote_ip_address 78 0 0 2 A set network user branch_office ipx disable appletalk di...

Page 271: ...S 1500 steps 1 through 3 are not necessary 1 Add an IP network add ip network ipnet 2 address 192 112 227 1 C interface rm0 eth 1 2 Add a user add user main_office password boston type network dial_ou...

Page 272: ...ction issue the following command disable datalink ppp interface rm0 wan 1 Viewing the Status of the Connection To view the status of the link use the list ppp command Troubleshooting For debugging pu...

Page 273: ...12 0 Kwajalein 11 0 American Samoa Canton Enderbury Islands Midway Island Niue Island Samoa 10 0 Christmas Islands Cook Islands French Polynesia Johnston Island Society Island Tahiti Tuamotu Island T...

Page 274: ...ca El Salvador Guatemala Honduras Mexico 6 5 1 Canada Central Easter Island Nicaragua USA Central 5 0 Cayman Islands Colombia Ecuador Galapagos Islands Jamaica Panama Peru USA Indiana East 5 4 1 Baham...

Page 275: ...Montserrat Puerto Rico Saba St Christopher St Croix St John St Kitts Nevis St Lucia St Maarten St Thomas St Vincent Trinidad and Tobago Venezuela Virgin Islands Windward Islands 4 3 1 Bermuda Brazil...

Page 276: ...and Liberia Mali Mauritania Morocco Principe Island Sao Tome e Principe Senegal Sierra Leone St Helena Togo 0 1 1 Canary Islands Channel Islands England Faroe Island Ireland Republic of Madeira Northe...

Page 277: ...ary Italy Luxembourg Macedonia Mallorca Islands Malta Melilla Monaco Namibia Netherlands Norway Poland Portugal San Marino Slovakia Slovenia Spain Sweden Switzerland Vatican City Yugoslavia 2 0 Botswa...

Page 278: ...omania Russian Federation zone one Syria Turkey Ukraine 3 0 Azerbajian Bahrain Djibouti Eritrea Ethiopia Kenya Kuwait Madagascar Mayotte Qatar Saudi Arabia Somalia Tanzania Uganda Yemen 3 4 1 Iraq 3 5...

Page 279: ...and Vietnam 7 8 1 Russian Federation zone six 8 0 Australia Western Brunei China People s Rep Hong kong Indonesia Central Malaysia Mongolia Philippines Singapore Taiwan 8 9 1 Russian Federation zone s...

Page 280: ...5 Australia Lord Howe Island 11 0 Caroline Island New Caledonia New Hebrides Ponape Island Solomon Islands 11 12 1 Russian Federation zone ten Vanuatu 11 5 0 Norfolk Island 12 0 Fiji Kiribati Kusaie...

Page 281: ...d and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If thi...

Page 282: ...the equipment will operate to the user s satisfaction Before installing this equipment users should ensure that it is permissible to be connected to the facilities of the local telecommunications com...

Page 283: ...00 has the following physical dimensions Interfaces Console Interface Electrical specification RS 232 C EIA TIA 232 E standard Connector DB 9 male Configuration DTE Transmission method Unbalanced RS 2...

Page 284: ...Ohms for frequency range of 5 10 MHz Propagation Delay 5 7 nanseconds meter Cabling RJ 45 plug to RJ 45 plug straight through for multiport repeater applications transmit to receiver crossover cable f...

Page 285: ...f the 12 VDC supply is 30 W the remaining 40 W is shared between the 3 3 and 5 VDC supplies If no load in 3 3 V and 12 V limited to 0 6 A then 5 V can deliver 12 A Input Voltage 90 264 VAC 47 63 Hz Ma...

Page 286: ......

Page 287: ...ld Wide Web site 3Com FTP site 3Com Bulletin Board Service 3Com BBS 3ComFactsSM automated fax service World Wide Web Site Access the latest networking information on the 3Com Corporation World Wide We...

Page 288: ...modem to 8 data bits no parity and 1 stop bit Call the telephone number nearest you Access by Digital Modem ISDN users can dial in to the 3Com BBS using a digital modem for fast access up to 64 Kbps T...

Page 289: ...dy Product model name part number and serial number A list of system hardware and software including revision levels Diagnostic error messages Details about recent configuration changes if applicable...

Page 290: ...pe From anywhere in Europe call 31 0 30 6029900 phone 31 0 30 6029999 fax From the following European countries you may use the toll free numbers Austria Belgium Denmark Finland France Germany Hungary...

Page 291: ...iddle East 44 1442 435860 44 1442 435718 From the following European countries you may call the toll free numbers select option 2 and then option 2 Austria Belgium Denmark Finland France Germany Hunga...

Page 292: ......

Page 293: ...sing Rlogin 166 using Telnet 166 using Telnet control characters 167 using TFTP 166 viewing facility errors 168 viewing interface status and settings 172 viewing system settings 172 viewing Telnet sta...

Page 294: ...ion 137 using 137 escape code 146 exit commands 162 F fax service 3ComFacts 287 FECN 203 files deleting 161 renaming 161 filters adding filters to the managed list 230 advertisement filters 219 assign...

Page 295: ...n 94 case study 105 267 configuring network parameters 98 connection types 93 connections to remote gateways 96 dialout scripts 94 PAP and CHAP authentication 96 setting internal networks for unnumber...

Page 296: ...59 software configuration configuring a manage user 32 finding IPX network number 27 IP configuration 26 IPX configuration 27 setting default domain 30 setting IPX parameters 29 spoofing 96 standard p...

Page 297: ...INDEX 295 V 90 151 W Windows 95 Dial Up Networking 89 World Wide Web WWW 285 X X 75 152...

Page 298: ...296 INDEX...

Page 299: ...sed to Customer on and after January 1 1998 that is date sensitive will continue performing properly with regard to such date data on and after January 1 2000 provided that all other products used by...

Page 300: ...TING UNAUTHORIZED ATTEMPTS TO OPEN REPAIR OR MODIFY THE PRODUCT OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE OR BY ACCIDENT FIRE LIGHTNING OTHER HAZARDS OR ACTS OF GOD LIMITATION OF LIABILI...

Reviews:

No comments

Related manuals for 3C421600A

Brand: Octavo Pages: 28

Brand: Obihai Pages: 2

Brand: Baldor Pages: 34

Emulator MCU Board for 38D5 Group M38D59T-RLFS

Brand: Renesas Pages: 4

Brand: E-Lins Pages: 113

Fan Tray 8820-S2-900

Brand: Paradyne Pages: 6

Brand: Xmart Pages: 8

dspstak 21262sx

Brand: Danville Signal Processing Pages: 35

Brand: StarTech.com Pages: 9

Brand: AirTies Pages: 28

RocketCache 3240X8

Brand: HighPoint Pages: 17

DL-DVI-Vision-IP Series

Brand: G&D Pages: 228

CY62136EV30 MoBL

Brand: Cypress Semiconductor Pages: 12

Brand: NBase Pages: 18

Brand: Gearlinx Pages: 23

CyberSWITCH CSX101

Brand: Cabletron Systems Pages: 72

Brand: B+B SmartWorx Pages: 50

Brand: Cradlepoint Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands