manualshive.com logo in svg

Bay Networks 5390, Administering, Page: 493 / 888

Share
Download
Bay Networks 5390 Administering Download Page 493

893-741-B

A15-73

Using Model 5390 Security

An asterisk (*) can be used as a wild card in place of a host name or the host portion of an IP address. 
Following is an example of two restricted-host entries:

5390_01: hosta,hostb,hostf,132.245.6.23 
5390_02: hostc,132.245.6.15,hostf,132.245.6.23,\

 hosth,5390_01

In the previous example, the first entry prevents users on 5390_01 (connection security is enforced) 
from accessing hosta, hostbhostf, and the IP address 132.245.6.23. The second entry prevents users 
on  5390_02 from accessing hostc, hostfhosth, the IP addresses 132.245.6.15 and 132.245.6.23, 
and 5390_01.

Hosts that are not listed in the file are considered unrestricted. Because ACP searches the 
acp_restrict file sequentially, the order of placement in the file is important. The search stops when 
it finds a host that matches. You can use unrestricted host entries to prevent users on one network 
from accessing hosts on any other network. 

In the following example, the policy finds the unrestricted definition for Model 5390 servers and 
hosts on network 192.17.5 and grants access. It finds the restricted definition for hosts on any other 
network and does not grant access. The first entry unrestricts all IP addresses on network 192.17.5 
from all Model 5390 servers on that network, but restricts access to any IP address off that network.

192.17.5.*~ 192.17.5.* 
192.17.5.*: *

The next example illustrates wild cards. A publichost is defined as accessible from all Model 5390 
servers and a securehost is inaccessible from any Model 5390 server.

*~ publichost
*: securehost

If permission is granted to a connection security request, the user follows the normal login procedure. 
If the request is denied, the message Permission denied is displayed and the session (job) is aborted.

Logging Security Events

Host-based security can generate audit trails of user activity. Each time the security server grants 
or denies a request for user access, the security server logs it. Each event is logged as a message in 
a file defined as acp_logfile, which is located by default in the /usr/annex directory. 

Summary of Contents for 5390

Page 1: ... 893 741 B February 1996 Bay Networks Inc Corporate Headquarters 4401 Great America Parkway Santa Clara CA 95054 8 Federal Street Billerica MA 01821 Administering the Model 5390 Communications Server ...

Page 2: ...that any documentation advertising materials and other materials related to such distribution and use acknowledge that such portions of the software were developed by the University of California Berkeley The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission SUCH PORTIONS OF THE SOFTWARE ARE PR...

Page 3: ...ne Interpreter CLI A1 2 Customizing the User Interface A1 3 Loading Files A1 3 Extensive Security System A1 4 Port Servers and Rotaries A1 5 UNIX Host originated Connections A1 6 Name Server Support A1 6 Network Management A1 7 Full Routing A1 8 Multi protocol Support A1 8 Applications for the Model 5390 Server A1 9 Connecting Terminals A1 9 Connecting X Window Terminals A1 9 Connecting PCs A1 9 C...

Page 4: ...ing A2 13 Using the Trivial File Transfer Protocol A2 14 Using Model 5390 Security A2 14 Using Name Servers A2 15 Defining Name Servers A2 15 Domain Name System A2 16 IEN 116 Name Server A2 16 Setting Configuration Parameters A2 17 Broadcasting for a Name Server A2 17 Using the RWHO Protocol A2 18 Managing the Size of the Host Table A2 18 Minimum Uniqueness A2 19 Using Event Logging A2 19 Using th...

Page 5: ...Telnet and Rlogin A4 2 The Port Server A4 2 Camp on A4 3 Defining TCP Port Numbers A4 5 Virtual CLI Connections A4 6 Security for the Port Server A4 7 Security for Virtual CLI Connections A4 8 Rotaries A4 9 Configuring Rotaries A4 10 Defining Multiple Rotaries with One Entry A4 10 Assigning Auxiliary Rotaries Internet Addresses A4 11 Using the DNS Server to Define Multiple Rotaries A4 12 Assigning...

Page 6: ...Integrating aprint into the lp Spooler A5 7 Using aprint with an Interface File A5 8 Sample System V Interface File for aprint A5 8 Integrating rtelnet with the lp Spooler A5 10 Chapter A6 Modems Modem Configurations A6 1 Modem Signals A6 1 Setting Model 5390 Port Configuration Parameters for Modems A6 3 Outbound Modems A6 3 Inbound Modems A6 4 Bidirectional Modems A6 5 Setting Up Applications A6 ...

Page 7: ...ts A8 5 Configurations for Dial in with Dial up Addresses A8 7 Configurations for Dial in with Fixed Addresses A8 10 Configurations for Dial out A8 12 Protocol Stack A8 12 Negotiating the LCP Options A8 13 Network Control Protocol A8 15 Authentication Type A8 15 Negotiating the IP Address A8 17 Negotiating the Compression Type A8 17 BOOTP Requests A8 18 Chapter A9 Internetwork Packet Exchange IPX ...

Page 8: ...Addresses 9 26 Method 2 Use Local Address of Port Number 9 27 Obtaining IPX Information 9 27 System Logs 9 28 IPXCP Interface Statistics 9 28 IPX Interfaces Memory Buffers Routes and Servers 9 30 IPX in General 9 30 Using the netstat x Command 9 31 IPX Network Interfaces 9 31 IPX Buffer Pools 9 32 IPX Routes 9 32 IPX Servers 9 33 IPX Frame Type and Network Number 9 35 IPX State 9 36 IPX Connection...

Page 9: ... NVE Filtering A10 18 AppleTalk over PPP A10 18 How to use the CCL Converter A10 19 Configuration A10 20 Running the Application A10 22 Chapter A11 Dial up Networking Dynamic Dialing A11 1 Network Inactivity A11 2 Enabling Dynamic Dialing A11 2 Sample Configurations for Dynamic Dialing A11 8 Displaying Dynamic Dialing Routes in the Routing Table A11 11 Chapter A12 Internet Protocol IP Routing Prer...

Page 10: ...ters A12 18 Enabling and Disabling Passive RIP A12 21 Configuring Passive RIP A12 22 Defining Routes A12 22 Entering Routes in the Model 5390 Configuration File A12 23 Entering Routes using the route Command A12 42 Accepting RIP 1 and or RIP 2 Packets A12 45 Authenticating Incoming RIP 2 Updates and Requests A12 46 Enabling and Disabling Active RIP A12 47 Configuring Active RIP A12 50 Defining Rou...

Page 11: ...mmon Configuration Errors A12 73 Depending on Proxy ARP When Routing is More Reliable A12 73 Overlapping Subnet Network Addresses A12 75 Non contiguous Subnets A12 76 What to do if the Model 5390 Server does not Advertise Updates A12 78 What to do if the Model 5390 Server does not Receive Updates A12 79 Other Documentation A12 80 Chapter A13 Filtering Include and Exclude A13 2 Enabling Filtering A...

Page 12: ...4 15 Examples of Aliases and Menus A14 19 Managing macro Entries in the Configuration File A14 24 Creating service Entries in the Configuration File A14 24 Creating modem Entries in the Configuration File A14 26 Managing Modems A14 31 Modem Settings for Dynamic Dialing and Dial back A14 31 Creating rotary Entries in the Configuration File A14 32 Creating dialout Entries in the Configuration File A...

Page 13: ...al Virtual CLI Password Protection A15 2 Administrative Password A15 4 Protecting the Superuser CLI A15 4 Protecting Ports from Unauthorized Access A15 5 Protecting the na Utility from Unauthorized Access A15 5 Overview of Host based Security A15 5 Virtual CLI Security A15 7 CLI Security A15 7 Connection Security A15 8 Serial Link Security A15 9 Port Server Security A15 9 Configuring the Security ...

Page 14: ...orts A15 31 Configuring Password Authentication A15 32 Other ACP Security Mechanisms A15 38 Using PPP Security A15 46 Password Authentication Protocol PAP A15 47 Challenge Handshake Protocol CHAP A15 48 Receiving a CHAP Challenge A15 48 Sending a CHAP Challenge A15 49 Using the PPP Security Parameters A15 49 Using Filters for Security A15 52 Using Kerberos Authentication A15 53 Enabling Kerberos A...

Page 15: ...d File Verification to ACP A15 75 Modifying Message Formats in the acp_logfile File A15 76 Changing the Expected File Names Used by ACP A15 77 Locking the acp_logfile File A15 81 Masking CLI Commands A15 82 Modifying the Code A15 84 Recompiling erpcd A15 84 Restricting telnet Access to Certain Ports A15 84 Chapter B1 Network Administration Monitoring Network Activity B1 1 Displaying Network Statis...

Page 16: ...rts are in Use B1 35 Chapter B2 Simple Network Management Protocol SNMP SNMP Protocol Overview B2 1 SNMP Management Stations B2 2 Message Delivery B2 2 Configuring the Model 5390 Server for SNMP B2 3 Configuring the SNMP Agent B2 3 Defining the Community String B2 4 Defining Trap Hosts and Traps B2 4 Defining the Contact String B2 5 Defining the Location String B2 6 Defining the disabled_modules P...

Page 17: ... versus MIB Objects B2 23 Interface Parameters versus MIB Objects B2 24 Serial Port Parameters versus MIB Objects B2 25 Chapter C1 na Commands Command Notation C1 2 Commands C1 4 annex Command C1 6 boot Command C1 7 broadcast Command C1 9 copy Command C1 10 dumpboot Command C1 11 echo Command C1 12 help Command C1 12 interface Command C1 14 password Command C1 14 port Command C1 15 quit Command C1...

Page 18: ...3 broadcast_direction C2 14 bypass C2 14 chap_auth_name C2 14 char_erase C2 15 circuit_timer C2 16 cli_imask7 C2 16 cli_inactivity C2 16 cli_interface C2 17 cli_prompt C2 17 cli_security C2 18 config_file C2 18 connect_security C2 18 control_lines C2 19 data_bits C2 19 daylight_savings C2 19 dedicated_address C2 19 dedicated_arguments C2 20 dedicated_port C2 20 default_zone_list C2 20 default_sess...

Page 19: ... 27 input_is_activity C2 27 input_start_char C2 27 input_stop_char C2 28 ipencap_type C2 28 ip_forward_broadcast C2 28 ipso_class C2 28 ipx_do_checksum C2 28 ipx_dump_password C2 29 ipx_dump_path C2 29 ipx_dump_username C2 29 ipx_file_server C2 29 ipx_frame_type C2 29 ipx_security C2 29 ixany_flow_control C2 30 keep_alive_timer C2 30 lat_key C2 31 lat_queue_max C2 31 latb_enable C2 31 line_erase C...

Page 20: ... C2 37 mop_password C2 39 motd_file C2 39 multicast_timer C2 40 name_server_1 C2 40 name_server_2 C2 40 nameserver_broadcast C2 40 need_dsr C2 40 net_inactivity C2 41 net_inactivity_units C2 41 network_turnaround C2 42 newline_terminal C2 42 node_id C2 42 option_key C2 42 output_flow_control C2 43 output_is_activity C2 43 output_start_char C2 44 output_stop_char C2 44 output_ttl C2 44 parity C2 44...

Page 21: ...host C2 50 printer_host C2 50 printer_name C2 50 prompt C2 51 ps_history_buffer C2 51 redisplay_line C2 51 remote_address C2 51 reset_idle_time_on C2 51 retrans_limit C2 52 ring C2 52 rip_accept C2 52 rip_advertise C2 53 rip_auth C2 53 rip_default_route C2 53 rip_horizon C2 54 rip_next_hop C2 54 rip_recv_version C2 54 rip_routers C2 54 rip_send_version C2 55 rip_sub_accept C2 55 rip_sub_advertise ...

Page 22: ...facility C2 61 syslog_host C2 61 syslog_mask C2 61 syslog_port C2 62 t1_info C2 62 tcp_keepalive Model 5390 C2 62 tcp_keepalive asynchronous C2 62 tdi_distance C2 63 tdi_framing C2 63 tdi_line_code C2 63 telnet_crlf C2 63 telnet_escape C2 63 term_var C2 63 tftp_dump_name C2 64 tftp_load_dir C2 64 time_broadcast C2 64 time_server C2 64 timezone_minuteswest C2 65 tmux_delay C2 65 tmux_enable C2 65 t...

Page 23: ...ord C2 69 vcli_security C2 69 zone C2 69 Chapter C3 Using the CLI Commands Command Syntax C3 1 Squelch C3 1 CLI Commands C3 1 admin C3 10 arap C3 12 arp C3 12 bg C3 13 boot C3 14 compact C3 16 connect C3 16 control C3 17 cp C3 18 dialout C3 19 edit C3 20 fg C3 20 filter C3 21 hangup C3 22 help C3 23 help m C3 23 hosts C3 24 hosts C3 26 ipx C3 27 jobs C3 27 kill C3 27 lock C3 28 ls C3 29 modem C3 3...

Page 24: ... 50 services C3 52 slip C3 54 stats C3 55 stats c C3 57 stats T C3 58 stty C3 62 su C3 71 t1_loopback C3 71 tap C3 72 telnet C3 74 tn3270 C3 79 ASCII Terminal Requirements and Setup C3 81 Print Screen and Transparent Mode C3 82 Terminal Emulation C3 83 tn3270 Command Mode C3 87 Ending a tn3270 Session C3 89 Configuration Check List C3 89 tstty C3 92 who C3 93 Chapter C4 Utilities aprint C4 1 erpcd...

Page 25: ...5 9 Virtual Circuit Layer C5 9 Slot Layer C5 9 Host Initiated Connections C5 10 LAT and TCP IP Gateway C5 10 Appendix D1 Software Reference Configuration Parameters D1 1 Commands D1 1 Miscellaneous D1 2 Summary of All Parameters D1 3 Model 5390 Parameters D1 31 AppleTalk specific Model 5390 Parameters D1 40 LAT specific Model 5390 Parameters D1 40 RIP specific Model 5390 Parameters D1 42 T1 specif...

Page 26: ...rameters D1 56 VMS specific Asynchronous Port Parameters D1 57 na Commands D1 58 CLI Commands D1 60 CLI Superuser Commands D1 62 ROM Monitor Commands D1 64 Formatting Codes for Model 5390 Prompts D1 65 Variable Arguments D1 66 Model 5390 Processes D1 66 Index ...

Page 27: ...n 9 9 Figure A9 3 Connecting a Single Host Using IPXCP 9 10 Figure A9 4 Dial in Access 9 17 Figure A9 5 Sample Dial out Configuration 9 19 Figure A9 6 Sample Routing Configuration 9 20 Figure A10 1 Connecting a Macintosh Using ARA A10 15 Figure A12 1 Configuration Using Four Class C Node Addresses A12 11 Figure A12 2 Subnetting with Passive RIP A12 14 Figure A12 3 Proxy ARP versus Routing A12 16 F...

Page 28: ...893 741 B Figures xxviii ...

Page 29: ...el 5390 Parameters A12 18 Table A12 3 Interface Parameter Settings A12 20 Table A12 4 Values for Bits Field with Corresponding Subnet Masks A12 28 Table A12 5 Class A Total Available Subnets and Hosts A12 32 Table A12 6 Class B Total Available Subnets and Hosts A12 37 Table A12 7 Class C Total Available Subnets and Hosts with no supernetting A12 37 Table A12 8 Arguments for route Command A12 42 Ta...

Page 30: ...ntries for at_connect_time in the acp_userinfo File A15 22 Table A15 5 Entries for at_nve_filter in the acp_userinfo File A15 22 Table A15 6 Entries for at_passwd in the acp_userinfo File A15 23 Table A15 7 Entries for chap_secret in the acp_userinfo File A15 24 Table A15 8 Arguments for the include File A15 25 Table A15 9 Arguments for the pool Command A15 26 Table A15 10 Arguments for the ports ...

Page 31: ...rameters versus MIB Objects B2 24 Table B2 18 Serial Port Parameters versus MIB Object NamesB2 25 Table B2 19 PPP and SLIP Port Parameters versus IB Objects B2 29 Table C1 1 Arguments for the na Commands C1 2 Table C1 2 The na Commands C1 4 Table C1 3 Supported Arguments for the boot Command C1 7 Table C1 4 Supported Keywords for the broadcast Command C1 9 Table C1 5 Descriptions of the copy Comma...

Page 32: ...Levels for the syslog_mask Parameter C2 61 Table C2 20 IP Addresses for the time_server Parameter C2 64 Table C3 1 CLI Commands C3 2 Table C3 2 Nonprivileged Model 5390 VMS Commands C3 5 Table C3 3 Privileged Model 5390 VMS Commands C3 6 Table C3 4 The Superuser admin Command Set C3 10 Table C3 5 Arguments for the Superuser arp Command C3 13 Table C3 6 Arguments for the bg Command C3 14 Table C3 7...

Page 33: ... 94 Table C4 1 Supported Arguments for aprint C4 1 Table C4 2 Supported Arguments for erpcd C4 5 Table C4 3 Supported Argument for ch_passwd C4 8 Table C4 4 Supported Arguments for rtelnet C4 9 Table C5 1 Network Classes C5 4 Table D1 1 All Parameters D1 3 Table D1 2 Model 5390 Parameters D1 31 Table D1 3 AppleTalk specific Model 5390 Parameters D1 40 Table D1 4 LAT specific Model 5390 Parameters ...

Page 34: ...893 741 B Tables xxxiv Table D1 19 ROM Monitor Commands D1 64 Table D1 20 Formatting Codes for Model 5390 Prompts D1 65 Table D1 21 Variable Arguments D1 66 Table D1 22 Model 5390 Processes D1 66 ...

Page 35: ...390 Servers 3 Configuring Ports 4 The Port Server and Rotaries 5 Printers 6 Modems 7 Serial Line Internet Protocol SLIP 8 Point to Point Protocol PPP 9 AppleTalk 10 Internetwork Packet Exchange IPX Protocol 11 Dial up Networking 12 Routing Information Protocol RIP 13 Filtering 14 Configuring Hosts and Servers and 15 Using Model 5390 Security Part B Network Management describes using the Model 5390...

Page 36: ...ibes the step very briefly but precisely An experienced user may need to read only the first tier to complete the task The second tier describes the step in more detail and includes results of performing the step Use of Enter Type and Press This guide uses enter type and press to describe the following actions When you read enter type the text and press the Enter or Return key When you read type t...

Page 37: ...ue cr In command examples this notation indicates that pressing the Return key enters the default value Ctrl X This notation indicates a two character sequence for control characters To enter the control character hold down the Control key often labeled CTRL and press the character specified by X In command dialog square brackets indicate default values Pressing the Return key selects this value S...

Page 38: ...ommand line interpreter CLI for users with terminals connected to the Model 5390 Communications Server Installing the Model 5390 Interface for VMS Environments Bay Networks part number 893 794 A Includes instructions for installing the Model 5390 Interface forVMS Environments software instructions for configuring the Model 5390 server and host for operation and troubleshooting information Using th...

Page 39: ...rograms for Novell NetWare remote networking servers Using the FastLink II Client Pack Software Bay Networks part number 893 858 B DescribestheFastLinkIIsoftware awindows basedremotenodedial inapplicationandProxy Using the Annex Manager Graphical User Interface Bay Networks part number 893 857 A Provides instructions on using the graphical user interface to quickly and easily configure one or more...

Page 40: ...o our distributors resellers and service contracted customers from two U S and three international support centers If you have purchased your Bay Networks product from a distributor or authorized reseller contact the technical support staff of that distributor or reseller for assistance with installation configuration troubleshooting or integration issues Customers also have the option of purchasi...

Page 41: ...m contains libraries of technical and product documents designed to help you manage and troubleshoot your Bay Networks products Software agents and patches are available and the message boards are monitored by technical staff and can be a source for problem solving and shared experiences Customers and resellers holding Bay Networks service contracts can visit the special libraries to acquire advan...

Page 42: ...d responded to at the same fax machine World Wide Web The World Wide Web is a global information system for distribution of files and document viewing online via the Internet The Customer Support Web Server offers technical documents software agents and an email capability for communicating with our technical support engineers In addition a feature of the Customer Support Web Server allows service...

Page 43: ... To Get Help For additional information or advice contact the Bay Networks Technical Response Center in your area United States 1 800 2LANWAN Valbonne France 33 92 966 968 Sydney Australia 61 2 903 5800 Tokyo Japan 81 3 3288 0331 ...

Page 44: ...893 741 B Preface xliv ...

Page 45: ......

Page 46: ...hapter A3 Configuring Ports Chapter A4 The Port Server and Rotaries Chapter A5 Printers Chapter A6 Modems Chapter A7 Serial Line Internet Protocol SLIP Chapter A8 Point to Point Protocol PPP Chapter A9 Internetwork Packet Exchange IPX Protocol Chapter A10 AppleTalk Part A Configuration Procedures ...

Page 47: ...xlvii 893 741 B Tables Chapter A11 Dial up Networking Chapter A12 Internet Protocol IP Routing Chapter A13 Filtering Chapter A14 Configuring Hosts and Servers Chapter A15 Using Model 5390 Security ...

Page 48: ......

Page 49: ...and provides many applications for connecting users and resources on the network see Figure A1 1 Because the Model 5390 server was designed primarily for use with UNIX systems its user interface looks and feels like UNIX and the networking interface is compatible with UNIX TCP IP BSD 4 2 4 3 and 4 4 Figure A1 1 Sample Local Area Network Console port Modem pool Laser printer SLIP Modem Remote Ether...

Page 50: ...ing operating characteristics of the Model 5390 server and its ports The na commands allow you to boot to produce an up line dump before a boot and to broadcast administrative messages to ports on the Model 5390 server Command Line Interpreter CLI The Command Line Interpreter CLI is the Model 5390 s command interface The CLI commands allow users to connect to hosts to move back and forth between e...

Page 51: ...g either the trivial file transfer protocol tftp the expedited remote procedure call daemon erpcd or the self boot option The erpcd utility runs on a UNIX host it listens for Model 5390 file server host requests download of the operational code and other files The tftp program supplied on most hosts is supported as an alternative to erpcd and as a back up in case a UNIX host is not available to in...

Page 52: ...ack up to host based security You can configure the following security checkpoints CLI security Access to the Model 5390 server by a user at a device attached to a port Port server security Access to a device attached to a port by a user at another host on the network Connection security Access to hosts or networks by a user at the Model 5390 server Virtual CLI security Access to a virtual CLI con...

Page 53: ...vices attached to ports Users and applications on the network can access these devices through rlogin and telnet connections to the port server The port server supports rotaries A rotary is a set of ports grouped together so that users can address them and the Model 5390 server can manage them as one resource You can assign names to rotaries Using rotaries you can assign multiple rotaries to one M...

Page 54: ... and write a pseudo terminal corresponding to the Model 5390 port Using rtelnet protocols such as tip cu ADP and kermit can work with modems and with PCs attached to Model 5390 servers Also rtelnet can be used with printing software for example PostScript that communicates bidirectionally with printers and with printing packages that expect a tty device The aprint utility has only one application ...

Page 55: ...twork Management The Model 5390 server provides network management and host based administration that allows you to manage hundreds of Model 5390 servers remotely from any terminal or SNMP manager located anywhere on the network The Model 5390 server s host based administration provides tools for downloading the Annex software from a file server host In the unlikely event of software problems you ...

Page 56: ...e routing in which the Model 5390 server uses the Routing Information Protocol RIP to learn routes Active routing in which the Model 5390 server uses RIP to advertise learned routes The network administrator enables this feature by setting the option_key parameter to a value obtained from the Model 5390 supplier Hardwired routing for smaller networks Multi protocol Support The Model 5390 server su...

Page 57: ...t currently in use can be put in the background This allows messages and notifications such as the arrival of mail to be displayed on your terminal while you are working in another session Connecting X Window Terminals Generally X Window terminals have a serial interface as well as a network interface The serial interface can be used to connect the X Window terminal to the network Some X Window ve...

Page 58: ... dedicated host The behavior of bidirectional modems is defined by whether the call comes from outside the local network through the modem or is initiated by an application or user on the LAN Modems attached to the Model 5390 server can be grouped into a modem pool which is easier to manage than when modems are attached to several different computers Also the Model 5390 security system adds a leve...

Page 59: ...e of all available services ThesamePowerBookorMacintoshusercanalsorunIPovertheconnectionsimultaneously and use IP or AppleTalk services as needed Connecting Hosts Without a Network Interface The Model 5390 server can act as front end to a host lacking a network interface by providing that host with an interface By attaching the host s serial lines to the Model 5390 serial ports users on the networ...

Page 60: ...A1 12 893 741 B Introduction to the Model 5390 Server ...

Page 61: ...e use of event logging Setting the local time zone for using a time server Customizing the Model 5390 server environment Configuring LAT services Configuring the unit for AppleTalk For more configuration information see Internet Protocol IP Routing starting on page A12 1 For more information on using the na commands see na Commands starting on page C1 1 For more details on AppleTalk see AppleTalk ...

Page 62: ...Communication Server You can set up a pager as follows setenv PAGER more BSD or set PAGER more export pager System V The src na README file describes how to use a pager along with the show command Using the na Utility 1 At a terminal connected to a UNIX host enter na na Annex network administrator R10 1 command 2 Specify one Model 5390 server or specify multiple Model 5390 servers command annex 19...

Page 63: ... 192 9 200 95 command password piano syslog_mask all command syslog_host 192 9 200 95 cli_prompt a c 4 Execute the show annex all command to review your changes Using the example in step 3 the terminal displays command show annex all Annex Generic Parameters inet_addr 132 245 44 187 subnet_mask 255 255 255 0 pref_load_addr 132 245 44 80 pref_dump_addr 132 245 33 8 load_broadcast N broadcast_addr 1...

Page 64: ...word set allow_snmp_sets N lock_enable Y passwd_limit 3 chap_auth_name chap Time Parameters time_broadcast N daylight_savings us timezone_minuteswest 300 time_server 0 0 0 0 SysLog Parameters syslog_mask all syslog_facility log_local4 syslog_host 192 9 200 95 syslog_port 0 MOP and Login user Parameters pref_mop_host 00 00 00 00 00 00 mop_password unset login_password set login_prompt login_timer 3...

Page 65: ...se sequences Define the Model 5390 servers using the annex command Next use the set annex command to change the parameters Define the parameters for one Model 5390 server and use the copy annex command to copy the parameters to the other Model 5390 servers Define the parameters for one Model 5390 server and use the write command to create a script file with all configuration data for that Model 53...

Page 66: ...mmand annex su password 2 At the superuser CLI prompt execute the admin command annex admin Annex administration w LAT Remote Annex R10 1 admin 3 Execute the set annex command to change parameters The following sample command lines Enable the DNS name server Define two name server hosts Enable security on the Model 5390 server admin set annex name_server_1 dns admin pref_name1_addr 192 9 200 95 ad...

Page 67: ...rward_broadcast N tcp_keepalive 120 option_key OHCg0C52T session_limit 1152 output_ttl 64 VCLI Parameters max_vcli unlimited cli_prompt a c vcli_security N vcli_password unset Nameserver Parameters nameserver_broadcast N rwhod Y pref_name1_addr 192 9 200 95 name_server_1 dns pref_name2_addr 192 9 200 85 name_server_2 none host_table_size 64 min_unique_hostnames Y Security Parameters enable_securit...

Page 68: ...imer 8 retrans_limit 8 group_value none vcli_groups nonemulticast_timer 30 AppleTalk Parameters a_router 00 00 00 00 00 00 default_zone_list node_id 0 0 zone Router Parameters rip_auth unset rip_routers all IPX Parameters ipx_file_server ipx_frame_type raw802_3 ipx_dump_username ipx_dump_password unset ipx_dump_path ipx_do_checksum N TMux Parameters tmux_enable N tmux_max_host 64 tmux_delay 20 tmu...

Page 69: ... This address must be set prior to downloading the operational code to the Model 5390 server To do so use the ROM monitor addr command during the Model 5390 initial installation You can reset the address at any time thereafter by changing the inet_addr parameter The Broadcast Address The broadcast address defines the Internet address the Model 5390 server uses to broadcast The Model 5390 server wi...

Page 70: ...390 server from responding by setting the authoritative_agent parameter to N Booting and Dumping The Model 5390 server obtains its operational code by downloading it over the network from a UNIX host that runs Model 5390 file server software a non UNIX host running tftp another Model 5390 server configured as a boot server running the same operational code or the local media self boot The Model 53...

Page 71: ...adcasts its dump request and dumps to the first host that responds The dump creates a file that is between one and three megabytes in size If using erpcd the Model 5390 server assigns the dump file a unique name and places it in a directory named usr spool erpcd bfs If using tftp the file name is defined by the tftp_dump_name parameter and file placement is user defined seeDump Host Services on pa...

Page 72: ...boot the Model 5390 server broadcasts for the configuration image and motd files if they are not available on the preferred load host You can disable broadcasting for these files by setting the load_broadcast parameter to N NOTE If you configure the Model 5390 server to supply only a copy of the operational code the default is for the Model 5390 servers being booted to broadcast for the configurat...

Page 73: ...e Using the CLI Commands starting on page C3 1 Using SLIP for Booting and Dumping You can load and dump the Model 5390 server over the local area network or over a serial line using the Serial Line Internet Protocol SLIP The default is to use the local area network The load_dump_sequence parameter specifies which network interfaces are to be used for a load or a dumpandtheorderinwhichtheyaretobeus...

Page 74: ...true for both erpcd and tftp Once a file is successfully opened the Model 5390 server continues to read it using the protocol with which it was opened The protocol used to transfer one file is independent of the protocol used to transfer another file For environments that support both erpcd and tftp the Model 5390 server may use tftp to transfer one file and erpcd to transfer another file Using Mo...

Page 75: ...ust enter the complete name to access a host Host name to Internet address translation entries can be downloaded to the Model 5390 server from the gateway section of the configuration file The format is the same as in the etc hosts file but aliasing is not permitted To set up the Model 5390 server for use with a name server Specify the name server type Specify the host s using the name server Enab...

Page 76: ...ple aliases for a host Multiple addresses for the same host Address to name translation allows a host to obtain a name for a specific Internet address allowing the Model 5390 server to learn its name from a DNS server The DNS capabilities for assigning multiple aliases or multiple IP addresses to a single host allow you to assign multiple names to a rotary or multiple Model 5390servers to the same...

Page 77: ...e host s Internet address specified in name_server_1 The pref_name2_addr defines the Internet address of the host where the name server specified with the name_server_2 parameter resides If name_server_2 is set to none the address specifies the second choice for name_server_1 This host is queried if the preferred host at pref_name1_addr does not respond Broadcasting for a Name Server By default th...

Page 78: ...sive load on the network Some hosts send RWHO packets with incomplete source addresses in the IP header The Model 5390 server is unable to store an Internet address for these hosts causing the host table to display the host s Internet address as _ _ _ _ If an rwhod forwards packets from one network to another the Internet address in the IP header is that of the forwarding host not of the host whos...

Page 79: ...y a name server because an exactly matching name is not in the host table The minimum uniqueness feature can be turned off entirely by setting the min_unique_hostnames parameter to N Using Event Logging The Model 5390 server can log events to a 4 3BSD system log daemon syslogd or to a serial port on the Model 5390 server The Model 5390 server may be able to log events to a 4 2BSD system using the ...

Page 80: ...is log_local7 If the host to which messages are logged does not support 4 3BSD syslogging this parameter is ignored and messages are logged only by priority level as defined in the syslog_mask parameter The syslog_mask parameter defines the priority levels for logging messages The options are all none or a combination of levels The default none disables logging Table A2 2 describes the levels in p...

Page 81: ...r does not respond the Model 5390 server displays unknown in place of its time By default if a time server is not available on the preferred load host the Model 5390 server does not broadcast for the time However you can enable broadcasting for a time server by setting the time_broadcast parameter to Y Most UNIX systems provide a time server with the inetd daemon The Model 5390 server does not res...

Page 82: ...For example because U S Eastern Standard Time is five hours west of GMT its value is 300 minutes since Paris is one hour east of GMT its value is 60 minutes The daylight_savings parameter defines the daylight savings time to which your geographic area adheres The Model 5390 server uses this parameter to adjust the time display for daylight savings time Valid arguments include us australian british...

Page 83: ...you to customize the Model 5390 prompt You can also customize the prompt for each serial port using the prompt port parameter see cli_prompt on page C2 17 and prompt on page C2 51 The values for this parameter are called prompt strings A prompt string consists of characters and embedded formatting codes that are expanded when the prompt is displayed The formatting codes consist of a percent charac...

Page 84: ...d The current date and time in standard UNIX format such as Mon Mar 14 13 59 42 1989 i The Model 5390 Internet address such as 132 245 6 40 j A new line character skip to the beginning of the next line l The location defined for the port if none the string port nn where nn is the number of the serial line n The Model 5390 name or Internet address such as 132 245 6 40 p The port number or number fo...

Page 85: ...al CLI connections from an unlimited number to none The range of values that you can enter are from 0 to 254 or unlimited The default is unlimited If you define this parameter as zero users cannot create a virtual CLI connection at the Model 5390 server Setting up the Configuration File The configuration file contains all Model 5390 configuration information It resides either on the preferred boot...

Page 86: ...erver does not listen for or transmit RIP routing updates Instead it depends on the routing information in the gateway section of the configuration file If you disable RIP define a default route in the configuration file see Creating gateway Entries in the Configuration File on pageA14 8 for more details Setting the IP Encapsulation Type The Model 5390 server supports two types of LAN encapsulatio...

Page 87: ...e TCP By providing a standard tty interface to the host all standard programs can access the ports through standardserialportdevices andhenceperformallofthefunctionsthatastandard directlyconnected port can perform for more details see Terminal Server TTY TSTTY starting on page A4 18 Using the Transport Multiplexing TMux Protocol The TMux protocol provides an open standards based solution to the CP...

Page 88: ...k administrator must enter the correct option_key parameter value and reboot the Model 5390 server see AppleTalk starting on page A10 1 for more details Configuring IPX Initially all IPX functions in the Model 5390 server are disabled as this feature is optional To enable the IPX functions the network administrator must enter the correct option_key parameter value and reboot the Model 5390 server ...

Page 89: ...The na utility provides the set port command for setting serial line port parameters The na utility provides two commands for displaying the current port settings show port and show printer Table A3 1 describes the keywords for the show port command Table A3 1 Keywords for the show port asynchronous Command Keyword Description all Displays all port parameters appletalk Displays the port s Appletal...

Page 90: ...bes password 3 Specify one port or specify multiple ports command port 1 or port 1 10 command port 1 132 245 6 40 or port 1 10 132 245 6 40 slip Displays the port s SLIP parameters timer Displays the port s timer parameters tn3270 Displays the port s tn3270 parameters vci Displays the port s VCI parameters NOTE You can skip Step 2 by specifying the Model 5390 server with an following the port numb...

Page 91: ...aud N data_bits 8 stop_bits 1 parity none max_session_count 3 allow_broadcast Y broadcast_direction port imask_7bits N cli_imask7 Y ps_history_buffer 0 banner Y tcp_keepalive 0 dedicated_address 0 0 0 0 dedicated_port telnet type_of_modem default_session_mode interactive Flow Control and Signal Parameters control_lines none input_flow_control bell input_start_char Q input_stop_char S output_flow_c...

Page 92: ... ports on multiple Model 5390 servers requires a few simple steps 1 Define a port using the port command 2 Define the parameters for that port 3 Use the copy port command to copy the parameters to other Model 5390 ports The following example copies the parameter settings from port 1 on one Model 5390 server to several ports on another Model 5390 server command annex 132 245 6 40 command port 1 com...

Page 93: ...omatically detects whether packets are incoming or outgoing For incoming packets the port behaves as if it were set to auto_detect mode then determines the incoming protocol and converts to the appropriate mode For outgoing packets the port operates in slave mode Both cli and dedicated mean that the port is opened from the device The difference between these two modes is that cli allows access to ...

Page 94: ...meter dedicated_arguments For more details on using a SLIP link see Serial Line Internet Protocol SLIP starting on pageA7 1 For more details on using a PPP link see Point to Point Protocol PPP starting on page A8 1 For more details on ARAP connections see AppleTalk starting on page A10 1 For more details on Novell Netware connections seeInternetwork Packet Exchange IPX Protocol starting on page A9...

Page 95: ...y to Y see cli_security on page C2 18 Create the acp_passwd file on the security server see Creating User Password Files on page A15 11 To use local password protection as a back up to the host based security define a password using the port_password parameter To use only local password protection for CLI security set the cli_security parameter to N and define a password using port_password CLI co...

Page 96: ...er requests a connection to a host the Model 5390 server verifies the ability to connect to that host or network If the host is listed as restricted access to that host is denied for any port on which connect security is enabled For virtual CLI connections connection security is enforced for all restricted hosts If a host is listed as restricted for the Model 5390 server all virtual CLI connection...

Page 97: ...t allows you to limit the number of sessions a user can activate simultaneously Setting the value to one limits the user to one session at a time The default is three with a maximum of 16 Set the allow_broadcast parameter to N if you want to disable the display of administrative messages generated with the na command broadcast at the port The user_name and location parameters are used for administ...

Page 98: ...trol_lines parameter to flow_control and the input_flow_control and output_flow_control parameters to eia The Model 5390 server asserts RTS when it is ready to receive data and checks the CTS input before transmitting data To use software flow control XON XOFF set control_lines to none and set both input_flow_control and output_flow_control to start stop The Model 5390 server sends XOFF when it do...

Page 99: ...tings If the connection session times out without receiving input from the user the Model 5390 server prompts Press return to restart login and then waits for input or a hang up before retrying the connection If the dedicated port is connected to a modem set type to dial_in The user is registered with the who database as soon as a process CLI or slave attaches to the line regardless of the NOTE In...

Page 100: ...the same manner you can easily test variations of the desired arguments until they work correctly When configuring a dedicated port you may also want to set the following parameters Setting the allow_broadcast parameter permits the display of any administrative messages at the terminal connected to the dedicated port Set both the user_name and location parameters the CLI who command displays these...

Page 101: ...egisters the user with the who database according to the input_is_activity and output_is_activity parameter settings If neither parameter is set any user on this port is invisible to who If input_is_activity is set when the user enters data the line is registered with the who database generally used for hardwired CLI terminals If output_is_activity is set the line is registered when the Model 5390...

Page 102: ...ry_buffer specifies how much data to buffer When enabled incoming data is buffered continuously before during and after the telnet session no data buffering occurs during LAT access to the port After establishing a telnet connection to a port the Model 5390 server prompts Display the history buffer only if buffered data exists You can flush the buffer either by issuing a telnet send ao command or ...

Page 103: ...re A3 1 the terminal is in a lobby and is connected to port 3 on 5390_02 Figure A3 1 Host Applications Accessing a Terminal The steps involved in creating this example for a BSD UNIX host are 1 Create a special file using rtelnet as follows rtelnet bmr 5390_02 3 dev ttyDB You can specify the Model 5390 server by either its Internet address or its name If you use the name make sure that it is liste...

Page 104: ...reated when the system is booted Configuring Ports for Hosts The Model 5390 server provides a front end service to a host that does not have a network interface Attach the host s serial ports to the Model 5390 ports Set the mode parameter to slave Set the speed data_bits stop_bits and parity parameters to match the requirements of the host s serial lines Set the imask_7bits parameter to Y so that ...

Page 105: ...er or both Also set the Model 5390 enable_security parameter to Y To use EIA hardware flow control RTS CTS set the control_lines parameter to flow_control and the input_flow_control and output_flow_control parameters to eia The Model 5390 server asserts RTS when it is ready to receive data and checks the CTS input before transmitting data To use software flow control XON XOFF set control_lines to ...

Page 106: ...A3 18 893 741 B Configuring Ports ...

Page 107: ... 5390 server in several ways Telnet Rlogin Terminal Server TTY TSTTY Figure A4 1 Connecting Devices to the Model 5390 Server NOTE The examples in this chapter use the telnet command The rlogin command can be used in place of the telnet command except where noted 5390_01 HostD without network interface Modem pool 5390_04 5390_03 Host05 Console port 5390_02 Laser printer Laser printers Host01 Serial...

Page 108: ...ote system management on HostE 5390_02 and 5390_03 provide laser printers to which printing applications can be sent and 5390_04 provides access to a host without a network interface The Port Server After connecting to the Model 5390 server by telnet or rlogin the port server provides users with the option of selecting a single port or a rotary connection telnet users can also select a virtual CLI...

Page 109: ...the user chooses to wait the Model 5390 server puts the request in a first come first served queue and notifies the user when a port is free Also the rotary can be configured so that the user either always waits or never waits The Model 5390 server supports ranges of port numbers that when entered with the telnet or rlogin commands are mapped directly to a port or to a defined rotary Camp on Camp ...

Page 110: ...server notifies the user when the connection is complete In the next example the user first presses the attention character to return to the Model 5390 prompt then issues the CLI bg command to place the telnet request using camp on into the background and then issues the fg command to return to the HostB session annex bg 2 telnet anne01 annex jobs 1 rlogin HostB 2 telnet 5390_01 annex fg 1 rlogin ...

Page 111: ... numbers for telnet and rlogin connections 5000 6000 and 7000 The Model 5390 server recognizes TCP port numbers in the 9000 range for TSTTY connections for more details see Configuring the Model 5390 Server for TSTTY starting on page A4 21 The port numbers in both the 5000 and 7000 range map directly to serial ports TCP port 5001 maps to serial port 1 TCP port 5002 maps to serial port 2 TCP port 7...

Page 112: ...rt Virtual CLI Connections The Model 5390 server can access the CLI from anywhere on the network through the port server It creates a virtual CLI connection for the user when either a CLI is requested at the port server prompt or the TCP port number 5000 is included in the telnet command Using a virtual CLI you can access any CLI command However of all the port characteristics only the attention c...

Page 113: ... servers are not available With port server security the port server invokes the security mechanism when the user requests access to a specific port or rotary at the port server prompt User validation occurs before the user is connected to the port to ensure that the user is authorized to connect to the selected port If the user is not authorized the port server notifies the user and prompts for a...

Page 114: ...validates the user name and user password The virtual CLI security mechanism is similar to the port server security mechanism in that user validation is invoked after the user has requested access to the VCLI at the port server prompt This ensures that the user is authorized to access the VCLI To set up host based security on virtual CLI connections Set the Model 5390 enable_security parameter to ...

Page 115: ...sing the Model 5390 parameter vcli_password Virtual CLI connections must adhere to any connect security defined for the Model 5390 server Rotaries A rotary is a group of serial ports that the Model 5390 server manages as a single entity The network administrator can customize the behavior and use of rotaries by defining rotary entries in the Model 5390 configuration file The Model 5390 server extr...

Page 116: ...figuring visibility Configuring camp on Configuring the protocol Configuring port selection Defining Multiple Rotaries with One Entry You can include more than one Model 5390 server in a single file entry in the rotary section of the Model 5390 server configuration file by separating the ports locations field with semicolons The following entry defines a rotary named modems that resides on two dif...

Page 117: ...otary The user can access the rotary by entering the unique auxiliary address using the telnet or rlogin commands The auxiliary address must adhere to the standard network addressing conventions of your network Using auxiliary addresses to access a rotary changes the behavior of the port server The port server does not display rotary names instead the port server attaches to the first available po...

Page 118: ... assign Internet addresses to these rotaries and create entries in the name servers database for the names of the rotaries This allows users to request a rotary name using the telnet command With the DNS server the Telnet request attempts to connect to the first IP address returned by the nameserver If that connection is unsuccessful it moves on to the next connection and so on until a connection ...

Page 119: ... the telnet or rlogin commands they are attached to the first available port in the rotary Defining TCP ports for rotaries allows the users to avoid having to select a particular serial port especially if auxiliary Internet addresses cannot be used The following example is an entry in which a TCP port number is defined for the rotary modems 1 4 6 9 5390_01 6080 Users can issue the following comman...

Page 120: ... invisible Rotaries without auxiliary Internet addresses or TCP ports in the 6000 range are always visible Following is an example of an entry that makes the HostC rotary invisible HostC ps invisible 1 4 6 9 5390_01 132 245 6 80 Users that use telnet or rlogin to connect to 5390_01 do not see the name users that use telnet or rlogin to connect to HostC see the sequence illustrated in Assigning Aux...

Page 121: ...col tstty The setting protocol tstty configures tstty as the protocol between the port and the device for more details see Configuring Rotaries for TSTTY on page A4 22 protocol raw The setting protocol raw configures a raw rotary A raw rotary passes data directly to and from the serial device no data processing occurs Raw rotaries are invisible Generally raw rotaries are accessed by programs that ...

Page 122: ...r 1 3 12 132 245 6 30 Configuring Port Selection The keyword select defines the order in which the rotary selects ports If select first the rotary selects the first available port in the port_set select next directs the rotary to keep track of the last port that was selected and to start itssearchfromthatpoint In the following example the user connects to the rotary modems and is attached to port ...

Page 123: ... Server and Rotaries modems select next 1 5 5390_01 telnet modems Trying Connected to 5390_01 Escape character is Attached to port 1 telnet quit telnet modems Trying Connected to 5390_01 Escape character is Attached to port 2 ...

Page 124: ...n while some actions such as dealing with a Break character are executed by the host system This design optimizes performance by allowing functions to be executed wherever it is best to do so Consequently since all standard system programs can be run on TSTTY ports these ports can be used for login sessions via getty or ttymon as line printer ports using the standard spooler connections for uucp c...

Page 125: ...to be used for starting data in START STOP flow control mode c_iflag IGNBRK When set the Model 5390 server ignores breaks PARMRK When set characters with parity errors are returned as a multi byte sequence IXOFF When set input flow control is set to START STOP or both depending on the default setup IXON When set output flow control is set to START STOP or both depending on the default setup IXANY ...

Page 126: ...pported If this value is read from the Model 5390 server and the Model 5390 server is set to 1 5 stop bits this value is returned as 1 stop bit CREAD Fully implemented PARENB PARODD Odd even and no parity are implemented If the settings are read from the Model 5390 server and there is no equivalent POSIX setting the setting is returned as no parity HUPCL When set the DTR line is dropped on close C...

Page 127: ...different requirements the names of TSTTY devices vary from system to system All systems have a device that is used only by the tsttyd program to set up the device to port mappings this device is always called dev tstty daemon The names of the devices used to communicate with the Model 5390 ports are all numbered starting from 0 and incrementing up to the total number of configured devices Table A...

Page 128: ...TSTTY ports appear to the host system in exactly the same way as do directly connected ports you can configure them in the same manner Consult your system documentation for details Many operating systems provide a set up command for example sysadm or admintool that configures the ports in a way that is easy to use Configuring Rotaries for TSTTY Rotaries for use with TSTTY are defined in the rotary...

Page 129: ... Works Each TMux packet is sent as a single IP datagram containing multiple transport segments each preceded by a short TMux mini header see Figure A4 3 Each of these mini headers contains all the information required to recreate the transport segment when received by the remote end Figure A4 3 TMux Packet Header The TMux software suite consists of two independent software modules One module runs ...

Page 130: ...A4 24 893 741 B The Port Server and Rotaries Figure A4 4 TMux Block Diagram Shell Shell Shell Shell Shell Host User User Shell Shell Shell Model 5390 Ethernet 6586 ...

Page 131: ...uire a special cable This cable should have the transmit data and ground leads connected from the printer to the Model 5390 port as normal The flow control signal generated by the printer the location is printer specific should be connected to the CTS signal on the Model 5390 server this is pin 4 on a terminal cable and pin 5 on a modem cable For serial cable wiring diagrams refer to Installing th...

Page 132: ... a banner page create a shell script that calls aprint and place it in a publicly executable area users can execute the shell instead of calling aprint The following sample shell script called laser1 takes the file s to be printed as an argument adds a banner page and calls aprint using the A and L arguments bin sh for file in do makebanner file cat file done usr annex aprint A5390_01 L15 Users ca...

Page 133: ...ersion change the definition of FILTER to define FILTER usr bin awk printf s r n 0 usr ucb expand After defining a filter compile and link the filt c program to a name that specifies the Model 5390 port to which the output should go For example to send output to port 15 on the Model 5390 server called 5390_01 filt c should be linked to annex01 15 The filt c program looks like this NOTE The utility...

Page 134: ...ar NULL basename argv 0 else basename p char strrchr basename SEPARATOR if p char NULL fprintf stderr Error name not of form annex cport n SEPARATOR exit 1 length int p basename strncpy annex basename length annex length 0 strcpy port p 1 sprintf line s s f A s L s FILTER APRINT annex port system line Always return OK to the spooler daemon exit 0 Running a Shell Script Filter If you are running on...

Page 135: ... lf usr adm lpd errs of usr annex annex01 15 If you are using more than one printer some versions of BSD prevent more than one printer from running at once because dev null is used as the device name for all printers In this case each printer must use a unique name create a unique copy of dev null for each printer using the mknod program mknod dev null0s c 3 2 NOTE The line bin sh is critical beca...

Page 136: ...host boots after which rtelnet provides a link from a dev file on the host to the Model 5390 port To set up an rtelnet daemon to be used by the BSD LPD spooling system 1 Create a special file using rtelnet This example creates a device that allows a printer on port 16 of the Model 5390 server called 5390_02 The b argument is included because the printer uses binary data which may be scrambled by T...

Page 137: ...e Model 5390 servers Model 5390 printers use the following format lpadmin pprinter vdevice eprinter iinterface mmodel Table A5 1 lists the arguments for the lpadmin command Table A5 1 Arguments for the lpadmin Command Argument Description pprinter Specifies a new printer vdevice Associates a device with the printer device is the path name of a file that is writable by lp eprinter Copies the interf...

Page 138: ...age A5 8 provides a sample file 1 Shut down the lp scheduler this disables all printers usr lib lpshut 2 Define a new printer using the usr lib lpadmin command lpadmin pp_annex v dev null i usr spool lp annex_printer 3 Enable the printer enable p_annex 4 Allow the queue to accept jobs usr lib accept p_annex 5 Restart the lp scheduler usr lib lpsched 6 Test the printer lp dp_annex etc group Sample ...

Page 139: ...port PATH TEMPFILE usr spool TMP This will be executed when a request is cancelled trap echo n n n nRequest Cancelled echo 14 c sleep 30 exit 0 15 The following three lines are added for aprint while true loop until aprint is successful do x XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX echo 014 c echo x x n x x n x x n banner 2 echo n user grep 2 etc passwd line cut d f51 if n user then echo Use...

Page 140: ...leep 30 bad wait a while and try again done exit 0 Integrating rtelnet with the lp Spooler A host can access a printer attached to the Model 5390 server through a character special file created using the rtelnet utility The following example is for a DQP 10 printer using the dqp10 model interface in this example the printer is called s_printer 1 Create a printer interface script for the type of pr...

Page 141: ...es an rtelnet connection between the associated pty device and port 12 on the Model 5390 server called 5390_01 4 Define a new printer using the lpadmin command lpadmin ps_printer v dev s_pdev mdqp10 5 Enable the printer enable s_printer 6 Allow the queue to accept jobs usr lib accept s_printer 7 Restart the lp scheduler usr lib lpsched 8 Test the printer lp ds_printer etc group ...

Page 142: ...A5 12 893 741 B Printers ...

Page 143: ... is determined by the port parameters control_lines input_flow_control output_flow_control and need_dsr To use EIA hardware flow control RTS CTS set the control_lines parameter to flow_control and theinput_flow_controlandoutput_flow_controlparameterstoeia TheModel5390serverasserts RTS when it is ready to receive data and checks the CTS input before transmitting data NOTE To successfully use US Rob...

Page 144: ... data When the Model 5390 server receives XOFF it stops sending data to the port when it receives XON it resumes sending data to the port To use both EIA hardware flow control RTS CTS and modem control DTR DCD DSR set control_lines to both and input_flow_control and output_flow_control to eia The Model 5390 server uses these signals as described in the previous paragraphs To use both software flow...

Page 145: ... stop XON XOFF This setting may not be suitable for file transfer applications such as uucp kermit and xmodem When using a modem connected to a slave port if the need_dsr parameter is enabled the connection fails if no DSR signal is present if need_dsr is disabled the Model 5390 server accepts the connection Set the data_bits stop_bits and parity parameters to match the requirements of the modem S...

Page 146: ...n is made using the dedicated_arguments parameter Set the dedicated_port parameter to either telnet or rlogin the default is telnet Define the type of modem that is connected to the port via the type_of_modem parameter This 16 byte string should match the definition of the type_of_modem field in the modem section of the Model 5390 configuration file Setting the type parameter to dial_in registers ...

Page 147: ...e term_var parameter is dialup To enable CLI security set the cli_security and connect_security parameters To enable port access via a password set the port_password parameter Set the attn_string parameter to define a control character or character string Setting this parameter when using a modem is helpful because modems do not always respond to the Break key by signaling the Model 5390 server to...

Page 148: ...s configured for use with SLIP PPP can use start stop if the ppp_acm parameter is set to escape the start and stop characters When using a modem connected to a bidirectional port if the need_dsr parameter is enabled the connection fails if no DSR signal is present if need_dsr is disabled the Model 5390 server accepts the connection Set the data_bits stop_bits and parity to match the modem s requir...

Page 149: ...lowing procedure sets up applications such as tip and uucp to access a modem 1 Use the rtelnet utility to create a special file that references the Model 5390 port Using rtelnet allows setting up the application as if dev modem is directly connected The following example ties dev modem to port 13 on 5390_02 rtelnet mr 5390_02 13 dev modem In the previous example the m argument instructs the Model ...

Page 150: ...y drop the network connection to the Model 5390 port when the pseudo device is closed it also causes the modem to hang up when the application exits The r argument directs rtelnet to remove the device name if it already exists without r rtelnet exits with an error message if the device name already exists 2 Add rtelnet to etc rc or the appropriate file so that the special file is created when the ...

Page 151: ...e and start a getty for that port kill HUP 1 Add rtelnet to etc rc or the appropriate file so that the special file is created when the system boots NOTE If the system uses a name server to translate host names to Inter net addresses and you use the Model 5390 name in the rtelnet command make sure that the Model 5390 server is listed in the name server data base and that the name server is started...

Page 152: ...A6 10 893 741 B Modems ...

Page 153: ... and convert the port from an incoming modem to a SLIP link using the CLI slip command After converting the port to a SLIP link the remote PC becomes a host directly attached to the network You can use a SLIP link to boot and optionally dump the Model 5390 server You can define a list of SLIP links and the local network interface over which a download is to occur During a load the Model 5390 serve...

Page 154: ...pressed SLIP Discard ICMP requests over the SLIP link Give interactive traffic priority over other traffic SLIP Configurations When using SLIP to connect two networks together or to connect a single host to the network you must assign IP addresses to both ends of the SLIP link Connecting Two Networks Together When connecting two networks together you can Assign a separate IP network or subnet addr...

Page 155: ...ned a separate network address of 132 254 99 0 and a subnet mask of 255 2555 255 0 the link is then treated like any other physical network Figure A7 1 SLIP Link with Separate Network Address Network 132 254 5 0 Network 132 254 10 0 Network 132 254 99 0 132 254 5 9 132 254 5 2 132 254 5 7 132 254 99 2 132 254 10 8 132 254 10 7 132 254 10 9 132 254 99 1 host01 host02 5390_03 5390_02 5390_01 host03 ...

Page 156: ... option the IP addresses assigned to the end points of the SLIP link are the hosts primary network IP addresses Figure A7 2 SLIP Link with Two IP Addresses 132 254 5 9 Network 132 254 5 0 Network 132 254 10 0 132 254 5 2 host02 5390_03 5390_02 5390_01 host03 132 254 10 7 132 254 10 7 132 254 5 7 132 254 10 8 132 254 10 9 4550 5390_04 132 254 5 9 SLIP link ...

Page 157: ...e A7 3 a single PC connected to the Model 5390 server through a SLIP link appears to the network as an attached host Assign that PC a unique network host address Figure A7 3 Connecting a Single Host Using SLIP Network 132 254 5 0 5390_01 132 254 5 17 PC 132 254 5 18 132 254 5 10 host03 SLIP link 4551 ...

Page 158: ...er a unique network host address Figure A7 4 Connecting a Remote Model 5390 Server Configuring Ports for a SLIP Interface This section describes how to set port parameters for different SLIP configurations After setting the parameters issue the slip command at the CLI connection Network 132 245 5 0 5390_01 5390_02 132 245 5 17 Remote 132 245 5 18 132 245 5 10 SLIP link Laser printer 132 245 5 20 1...

Page 159: ...f using other Model 5390 interfaces This is referred to as the hop count You may want to increase this number if the Model 5390 server has a preferred for example faster route to the remote host If you do set the metric to a value greater than 1 remember that you may be decreasing the usable network diameter since 15 is the highest valid metric value The allow_compression parameter enables the Mod...

Page 160: ... port 2 first then the SLIP link on port 6 and finally the local network enter command set annex load_dump_sequence asy2 asy16 net You can select up to four interfaces The preference of the boot and or dump request would be performed in the order you specified Each interface must be separated by a comma The preferred load host is defined by the network interface through which the Model 5390 server...

Page 161: ...ase generally used for hardwired CLI terminals If the output_is_activity parameter is set the line is registered when the Model 5390 server first sends data generally used for hardwired printers or other slave devices This entry is removed on a hang up or when the slave line is released regardless of the input_is_activity and output_is_activity parameter settings Set the speed parameter to the rat...

Page 162: ...ers the user with the who database as soon as the CLI process attaches to the line Set the end point addresses One way to do this is to set the local_address and remote_address parameters Another method is to set the dialup_addresses parameter to Y so that the Model 5390 server requests the end point addresses based on the user s login from ACP The dialup_addresses parameter overrides the local_ad...

Page 163: ...ommand line for configuring ports 1 through 4 with the minimum required parametersforthissetup looks like this admin port 1 4 admin set port mode slip speed 38400 control_lines both admin input_flow_controleia output_flow_control eia admin type dial_in NOTE SLIP is an 8 bit protocol If data_bits is set to 7 and parity is not set to none the Model 5390 server forces the data_bits setting to 8 and t...

Page 164: ...the virtual route Dial on demand network routing by having the Model 5390 dial out routes configured with the proper static network routes thus the Model 5390 server can route traffic to a particular network through a dial out route s destination The use of chat scripts a sequence of commands that are used to log into the remote system after the phone connection is established and before the IP fr...

Page 165: ...teway section of the config annex file or in the gateway entry in etc gateways uses a particular SLIP interface the next hop in the route must match the remote address of the SLIP link in the as a port s SLIP route the must match that port s remote address For example the following gateway entry uses the same interface as port 7 if port 7 s remote address is 132 245 99 60 route add 132 245 99 0 25...

Page 166: ...a metric of 2 Route Cache The route cache is a list of routing entries stored by the Model 5390 server When the Model 5390 server boots the route cache is created from the annex end and subnet end blocks in the gateway section of the configuration file see Creating gateway Entries in the Configuration File on page A14 8 for more details When routed starts entries in the route cache are added to th...

Page 167: ...diskless client to determine its Internet address the Internet address of the server and the name of the file to be loaded into memory The Model 5390 ROMs use BOOTP to obtain boot information without requiring any manual setup on the Model 5390 server If a diskless client sends a BOOTP request to the Model 5390 server over a SLIP line the Model 5390 server responds with its current local address r...

Page 168: ...A7 16 893 741 B Serial Line Internet Protocol SLIP ...

Page 169: ...tting up a PPP link You can attach a PC to the Model 5390 serial port Using PPP as the network interface the PC becomes a host on the network For a remote PC with a PPP client that supports scripting you can configure a port in CLI mode Then a user at a remote PC can dial into the Model 5390 server using a modem and convert the port from a CLI to a PPP link using the CLI ppp command After converti...

Page 170: ...nals When the port is reset it reverts to its original mode cli adaptive auto_detect or auto_adapt After you enter the command the Model 5390 server displays switching to PPP starting LCP negotiations Although the ppp command is a user level command it is not displayed by the help command The superuser help command displays ppp NOTE If you start a PPP connection by issuing the ppp command the PPP ...

Page 171: ...ch the corresponding dial up addresses are returned to the caller on the Model 5390 server PPP link If no match is found the request is denied You can specify the Model 5390 server by name Internet address or wild card The wild card means that any incoming address request with that user name will match Also you can specify a range of ports The file format allows one entry per line the Model 5390 s...

Page 172: ...For complete information on both passive and active RIP see Internet Protocol IP Routing starting on page A12 1 The Model 5390 server bases its routing table on the information you specify in the gateway section of the configuration file As a passive gateway the Model 5390 server updates the table according to RIP information it receives from other routers but does not broadcast routing informatio...

Page 173: ...guration parameters see Configuration Parameters starting on page C2 1 Configurations for Connecting Two Subnets Figure A8 1 illustrates a LAN with two networks that are connected directly using subnets Both ends of the PPP link have security enabled Following the figure are the parameter settings required for this configuration Figure A8 1 PPP Link Connecting Two Subnets Set the mode parameter to...

Page 174: ... 9 Set the local_address parameter to 132 254 10 7 Set the subnet_mask parameter to 255 255 255 0 Set the metric parameter to one Set the ppp_username_remote parameter to the string castle Set the ppp_password_remote parameter to the string sand Set the ppp_security_protocol parameter to pap password authentication protocol Set the allow_compression parameter to Y if you want the Model 5390 server...

Page 175: ...ou configure the port for both an inbound modem and a PPP link see Modems starting on page A6 1 for more details on inbound modems Using a central security server for dial in access allows users to have their own addresses Routes that cannot be reached until the dial in PPP connection is activated are saved in the Model 5390 server at boot time and activated when the PPP line is activated When the...

Page 176: ...ers Set the speed parameter to the DTE speed of the modem on the serial port To configure the port for hardware EIA flow control set the control_lines parameter to both and the input_flow_control and the output_flow_control parameters to eia To configure the port for software XON XOFF flow control set the control_lines parameter to none and the input_flow_control and output_flow_control parameters...

Page 177: ...0 server negotiates with green s PC for this address and opens the link Configurations for Dial in with Fixed Addresses Figure A8 3 illustrates a configuration in which a single host connected to the Model 5390 server through a PPP link appears to the network as an attached host Following the figure are the parameter settings required for this configuration NOTE Setting up a port for dial in PPP r...

Page 178: ...rity are enabled access to the PPP command is restricted via ACP and port access is logged in the acp_logfile Set the ppp_security_protocol parameter to pap pap chap or none Set the allow_compression parameter to Y if you want the Model 5390 server to accept compressed packets Use the supplied defaults for the data_bits 8 stop_bits 1 and parity none parameters NOTE PPP is an 8 bit protocol If data...

Page 179: ...or Dial out Dial out PPP allows system administrators to define a database of information about a modem pool and a set of virtual dial out routes The Model 5390 server assigns each virtual dial out route dynamically to ports in that pool Each virtual dial out route must be configured within the Model 5390 configuration file to start the PPP line for more details see Dial out Routes on page A14 42 ...

Page 180: ... provide dial out PPP requires that you configure the port for both an outgoing modem and a PPP link Protocol Stack Bringing up a PPP link includes three stages link control protocol LCP negotiation security and NCP negotiation The LCP establishes and negotiates the data link with the peer system Next an optional security phase authenticates the peer Finally NCP establishes and negotiates the netw...

Page 181: ... 5390 server accepts the hint if it is a superset of the Model 5390 mask otherwise it uses the PPP default of 0xFFFFFFFF The Model 5390 server accepts any mask from the peer Values range from0x00000000 to0xffffffff The Model 5390 server default is0x00000000 unless either of the port parameters input_flow_control or ouput_flow_control are set to start stop Setting the ppp_acm mask avoids sending ch...

Page 182: ...utput_stop_char is 0 31 decimal the bit indexed by this parameter is set in theACCM For example the initial ACCM sent to the peer is 0x000A0001 if ppp_acm is set to 0x00000001 that is theASCII NUL character will not be sent and the following parameters are set as indicated input_flow_control start stop input_start_char S input_stop_char Q output_flow_controlstart stop output_start_char f output_st...

Page 183: ...Compression AACFC AACFC deletes non ambiguous constant address and control fields in the Asynchronous HDLC headers The Model 5390 server always requests and accepts AACFC If rejected it accepts the PPP default of off If the peer requests AACFC off the Model 5390 server hints for AACFC on If the peer rejects this hint the Model 5390 server accepts AACFC off Network Control Protocol The Model 5390 s...

Page 184: ...ing NCP The Model 5390 server negotiates for the security specified by the ppp_security_protocol parameter Valid arguments for this parameter are pap password authentication protocol PAP chap challenge handsha ke protocol CHAP pap chap first negotiate for CHAP if peer NACKs negotiate for PAP none do not negotiate the default ...

Page 185: ...ws the other side of the link to select addresses only if these addresses are zero The Model 5390 server uses two methods to negotiate the IP addresses The preferred technique is to use the NCP type 3 IP Address option If the peer rejects this style of address negotiation the Model 5390 server falls back to using the deprecated NCP type 1 IP Addresses option In either case the Model 5390 server re...

Page 186: ...e to be loaded into memory The Model 5390 ROMs use BOOTP to obtain boot information without requiring any manual setup on the Model 5390 server If a diskless client sends a BOOTP request to the Model 5390 server over a PPP line the Model 5390 server responds with its current local address remote address and boot host For detailed instructions about BOOTP refer to Installing the Model 5390 Communic...

Page 187: ...tions connect to the server s via a network interface Ethernet Token Ring or Arcnet to access files and services The most common client and server hardware platforms are PCs The Novell environment is unlike that of UNIX in which users connected by terminals execute programs on a UNIX host In the Novell environment users generally execute programs on the client not on the file server The programs a...

Page 188: ...ink The Model 5390 server provides this type of routing by default the Model 5390 server configured for IPXCP automatically sends and accepts RIP and SAP packets provided that you set a network number for the link see Configuring IPXCP Routing on page A9 15 However a client can choose whether or not to receive RIPs and SAPs if the client software allows this choice Figure A9 1 shows a sample confi...

Page 189: ...5390 implementation of IPXCP does not support dial out call back or charge back except for ACP dial back on a CLI port However these features are available with proprietary IPX as described in the following section LAN to LAN link 5390_01 5390_02 Server1 PC1 PC2 Server2 Server3 Server5 Server4 5390_01 s UNIX boot host 5390_02 s UNIX boot host Central Office network Remote Office network PPP ports ...

Page 190: ...del 5390 server can be configured as a temporary or permanent router Only network administrators can configure a permanent router while both users or administrators can configure a temporary router Availability of the preceding features depends on the value to which you set a port s mode parameter Valid port modes for proprietary IPX are ipx cli ndp auto_detect or auto_adapt Only ndp ports provide...

Page 191: ... time to avoid having to reboot twice The procedure that follows explains setting both of these configuration parameters 1 Obtain a valid IPX value for the Model 5390 option_key parameter Each Model 5390 server requires a unique option key Some option key values are physically attached to the bottom of the Model 5390 server Check there and enter that value as described in Step 2 If there is no opt...

Page 192: ...ate IPX packets on the Ethernet To specify the frame type set the Model 5390 ipx_frame_type parameter Valid values are ethernetII raw802_3 the default 802_2 or 802_2snap The following command sets the type to 802_2 admin set annex ipx_frame_type 802_2 To determine the frame type the network is using check the AUTOEXEC NCF file on your Novell server or use the Novell file server console command cal...

Page 193: ...Configuring IPXCP dial in Configuring IPXCP routing Configuring IPXCP Dial in YoucanconfigureIPXCPdial inforspecificusersand orforspecificModel5390ports Configuring for specific users allows you to deny or permit Model 5390 IPXCP dial in access to a subset of clients Configuring on a per port basis limits the Model 5390 ports that can accept dial in IPXCP packets NOTE To disable IPX set the Model ...

Page 194: ...n Figure A9 2 and also assuming that you have not changed any configuration parameter defaults you can establish an IPXCP link between the PC and port 4 on the Model 5390 server by using the following procedure 1 Enable IPXCP as described in Enabling IPX on page A9 5 2 Set the mode parameter to ppp for port 4 3 Set the speed parameter for port 4 to the highest rate at which the modem connected to ...

Page 195: ...hed node Following the figure are the parameter settings required for this configuration These include security settings However for complete information on configuring security for IPXCP see Using PPP Security on page A15 46 IPXCP uses PPP security Setting up the Model 5390 port for dial in IPXCP requires that you configure the port for both an inbound modem and a IPXCP link see Modems starting o...

Page 196: ... detect any of the following protocols IP over PPP IPX over PPP AppleTalk over PPP or IPX This mode also allows the port to detect PPP ARAP proprietary IPX and the CLI SLIP is not detected CAUTION If you set a port to auto_detect or auto_adapt and you want the Model 5390 server to be secure configure the port to use native protocol security for every protocol type the port could detect This means ...

Page 197: ...o 132 254 5 10 6 The slip_ppp_security parameter controls dial in PPP access If enable_security and slip_ppp_security are set to Y access to the ppp command is controlled via ACP and port access is logged in the acp_logfile 7 Set the port parameter ppp_security_protocol to pap or pap chap or none 8 To enable CLI and or connection security set the port security parameters cli_security connect_secur...

Page 198: ...ocal address blank the Model 5390 server uses its own Ethernet address for the node portion of the local address For the Remote address enter the unique Novell address of the remote PC Use the form network node where network is a string of eight hexadecimal digits representing the four byte nonzero Novell network number of the remote PC Valid values are 00000001 to FFFFFFFF Include leading zeroes ...

Page 199: ...own Ethernet address plus one 1 Sets network to a unique randomly generated value 16 Set the Model 5390 parameter enable_security to Y so that the Model 5390 server uses the acp_dialup file and any other security features you configure 17 Set the dialup_addresses parameter to Y so that the Model 5390 server requests the end point addresses from the acp_dialup file If dialup_addresses is set to N o...

Page 200: ... FFFFFFFF or 0 Include leading zeros if any The network number must be unique on the network and on the Model 5390 server itself When the IPXCP connection is established the Model 5390 server and the client negotiate each suggesting a value for the network number The peer suggesting the highest number wins the negotiation and the network number is set to that value If both ends of the link set the...

Page 201: ...lid network numbers see IPXCP Configuration for Specific Ports on page A9 14 4 Issue the CLI command reset annex all Configuring Proprietary IPX The first step in configuring proprietary IPX is to choose the port types most suited to your needs Choosing IPX Port Types On a multiprotocol Model 5390 server you can configure one or more ports to support different types of proprietary IPX use dependin...

Page 202: ...l 5390 server is connected to and thereby becomes part of the Novell network shown inside dotted lines This network supports two PCs and a file server in addition to theModel5390server IfModel5390ports4and11aresettoipxmode thetworemoteworkstations PC3 and PC4 can use FastLink II to log into the Novell network and access its file server just as if the PCs were attached to the network directly The c...

Page 203: ... no meaning in a Novell context An auto_detect port defaults to cli mode if the Model 5390 server does not detect a particular protocol within 30 seconds Pressing the Return key immediately upon connecting to an auto_detect port also puts the port in cli mode From cli mode the user can then set the port to ipx mode by issuing the ipx command In Figure A9 4 if the modes for ports 4 and 11 are auto_...

Page 204: ...bed in the following two sections To configure this type of port see Configuring ndp mode Ports on page A9 21 Dial out Using the Model 5390 ndp port Novell client PCs such as the ones shown in Figure A9 5 can access remote services such as a Bulletin Board System BBS In Figure A9 5 PC1 and PC2 can dial out to the host BBS via the modem on 5390_02 s ndp port The PC user will load theAnnex dial out ...

Page 205: ...B A9 19 Internetwork Packet Exchange IPX Protocol Figure A9 5 Sample Dial out Configuration PC2 File server1 PC1 Novell network Modems on ndp ports 5390_02 5390_01 5173 Host BBS System 5000 hub System 5000 hub ...

Page 206: ...e routing for an ndp port refer to Administering the Annex DOS Dial out Software Figure A9 6 Sample Routing Configuration NOTE Model 5390 servers used for proprietary IPX routing can con nect to each other via direct null modem or leased lines as well as via regular phone lines Model 5390 IPX routing uses a proprietary proto col and is not compatible with third party routers Router filtering is li...

Page 207: ...se sections use the superuser CLI admin command you can also use the na utility the default superuser password for the Model 5390 server is its IP address Configuring ndp mode Ports Although configuration and management of an ndp port is accomplished primarily through Annex DOS Dial out software you asaUNIXadministrator must 1 Set the port mode to ndp For example to set port 4 to ndp mode ...

Page 208: ...es any na or admin port parameters you set other than mode 2 Reset the port admin reset 4 3 Manage the Model 5390 server itself and any non ndp Model 5390 ports The Novell administrator cannot reset the Model 5390 a function that managers of multiprotocol Model 5390 servers are allowed to perform 4 Set the port speed parameter to the highest rate supported by the modem attached to the port ...

Page 209: ...etting the control_lines parameter to both and setting the input_flow_control and output_flow_control parameters to eia The Model 5390 server asserts RTS when it is ready to receive data and checks the CTS input before transmitting data 6 For each port set the type_of_modem parameter to the type of modem attached to the port If you do not know the name of your modem type do as follows Set type_of_...

Page 210: ... set the speed parameter to the highest rate supported by the modem attached to the port Do not set speed to autobaud 5 Set EIA hardware flow control RTS CTS by setting the control_lines parameter to both and setting the input_flow_control and output_flow_control parameters to eia The Model 5390 server asserts RTS when it is ready to receive data and checks the CTS input before transmitting data 6...

Page 211: ...you want such as ping telnet and rlogin You have configured an IP address for the PC client For more information on using third party TCP IP packages with FastLink II refer to the FastLink II Client Pack document and the README TXT file on the FastLink II Distribution Disk NOTE Because an auto_detect or auto_adapt can also detect PPP AppleTalk and CLI connections you must configure the port for th...

Page 212: ...a UNIX machine Be sure to define both the remote and local addresses When the PC client tries to make an IP connection to the Model 5390 IPX port the Model 5390 server sends a dial in request to ACP That request contains the user name and IP address of the PC client which ACP checks against user names and IP addresses defined in the acp_userinfo file Depending upon what ACP finds it permits or den...

Page 213: ...390 server s en0 interface and the PC s address is within the range of the Model 5390 server s subnet the PC has access to the Model 5390 server Obtaining IPX Information IPX information is available from several sources including log messages the Model 5390 server creates automatically and output that various commands display System Logs The Model 5390 server automatically logs ipx auto_detect au...

Page 214: ... for port 6 annex netstat ip 6 NOTE The Annex DOS Dial out software also logs ndp port activity For more information refer to Administering the Annex DOS Dial out Software LCP Status State Current Open Prior Ack sent Options Local Remote MRU 1500 1500 Auth type None None LQM None None ACFC On On ACCM 0x00000000 0x000a0000 Magic 0xbb1ee499 0x0047501b PFC On On NCP IPXCP Status State Current Open Pr...

Page 215: ...eceived a configure ACK and is waiting for a configure request ACK sent The Model 5390 server received and answered a configure request Open IPXCP negotiation has completed successfully Closing The link is in the process of closing The Model 5390 server has sent a terminate request and is waiting for a terminate ACK Options Shows the current values of the negotiated options The Local column displa...

Page 216: ... network_number S server_name m IPX in General Issuing the netstat x command displays the number of NICs RIPs and of Service Advertising Protocol SAP services on the Model 5390 server NICs indicates the number of active IPX interfaces including en0 on the Model 5390 server and RIPs indicates the number of Novell networks the Model 5390 server can reach Routing Proto The routing protocol used by th...

Page 217: ...display indicate the following Name is the interface name of the corresponding IPX port over which IPX dial in or routing is currently occurring Network is the number of the network to which interface Name connects Tics indicate the amount of time associated with the cost of using interface Name A tic is approximately 55 milliseconds The CO field is not used NB indicates whether or not this interf...

Page 218: ...e amount of memory for the number of ipx auto_detect auto_adapt ppp and ndp ports configured If you change these port modes reboot the Model 5390 server so that it can allot the proper amount of buffer memory annex netstat xm Large IPX Buffer Pool Free 0125 Total 0125 Min 0109 Small IPX Buffer Pool Free 0125 Total 0125 Min 0117 IPX Routes Issuing the netstat xr command displays the routes defined ...

Page 219: ...lays the Model 5390 server route for that network The following example shows how to display the route for network 42 you can omit the leading zeros when specifying the network number annex netstat xr 42 Network Gateway Tics Hops Interface 00000042 0000a2816349 24 5 en0 IPX Servers Issuing the netstat xs command displays server names types and addresses annex netstat xs OSCAR File Server 2e80703c ...

Page 220: ... Annex NAS Advert ised Print Btrieve 5 0 VAP SQL VAP TES NetW are VMS NetW are Access Named Pipes NetW are UNIX Netware 386 NETW are manage ment type 0x6601 NETW are manage ment type 0x6a02 Unknown type The third field is the server s hexadecimal address displayed in the format network address socket NOTE In the list above text in parentheses is provided for clarity netstat xs does not display it ...

Page 221: ...t after the s or S option netstat sx or netstat Sx displays information for that specified server only IPX Frame Type and Network Number Issued with no arguments the CLI stats command displays various Model 5390 statistics including the IPX frame type of the Ethernet port and the Model 5390 Netware network number The following is a sample stats display IPX information is highlighted annex stats S ...

Page 222: ...ll IPX ports except ndp ports the CLI who command displays specific information about an IPX connection including what protocol the connection is using the user name associated with the connection where the connection is located when the connection was created how long the connection has been idle and the address from which the connection was made The who command displays only limited information ...

Page 223: ...85 744 0 en0 1500 10000 20000 18062 79 1626 0 823 0 0 lo0 1536 127 127 0 0 1 0 0 0 0 0 asy2 604 18358 18062 79 0 0 0 0 0 asy16 1006 132 245 6 annex01 14770 0 7468 0 0 asy3 1500 192 9 200 zipwad 3453 0 3002 0 0 Ethernet Address 00 80 2d 00 00 9b Frames Received 39861 Frames Transmitted 45239 Bytes Received 33965470 Bytes Transmitted 29453 CRC Errors 2 Alignment Errors 10 Bad Type Length Fields 6 Bu...

Page 224: ...A9 38 893 741 B Internetwork Packet Exchange IPX Protocol ...

Page 225: ...Model 5390 server supports ARAP V1 and V2 Configuring the Model 5390 Server for AppleTalk Initially all AppleTalk functions in the Model 5390 server are disabled To enable the AppleTalk functions the network administrator must obtain and enter the correct option_key parameter value and then reboot the Model 5390 server The way to obtain a key depends on the configuration you purchased Some option ...

Page 226: ...otherwise The Model 5390 server obtains an available address within the startup range The Model 5390 server also installs a net range route and an AppleTalk default route from the A_Router If another router broadcasts an RTMP message and its Ethernet address matches the address defined in the Model 5390 parameter a_router the Model 5390 server discards the current router information and tracks to ...

Page 227: ...ge C2 1 For more details on using the Annex Manager refer to Using the Annex Manager Graphical User Interface AppleTalk specific Model 5390 Parameters The AppleTalk specific Model 5390 parameters are visible only when the option_key parameter contains the correct key value for the Model 5390 server These parameters provide some AppleTalk protocol control limits and identification Table A10 1 lists...

Page 228: ..._zone_list This zone list is sent to ARA clients as the local backup to ACP The parameter is a 100 character string with spaces separating the zones for example marketing engineering sales When this parameter is not set the Model 5390 server provides the network zone list The default is a null string node_id This is the address the Model 5390 server tries to acquire at startup If this address is i...

Page 229: ...zoneparameterprovidestheAppleTalkzoneforuseatstartup Itisa32 bytestringvariable This is the zone in which ARA clients are located unless overridden by security The default is a null string AppleTalk specific Serial Line Port Parameters The set port command modifies the AppleTalk specific serial line port parameters the show port command displays them Table A10 1 lists these per port parameters the...

Page 230: ...s are 0 to 65534 The valid node values are 0 to 254 The default is 0 0 at_security The at_security parameter enables disables ACP service for this port When both at_security and enable_security are set the Model 5390 server usesACP to get per user security information about Table A10 1 Per port AppleTalk Parameters Parameter Default Purpose arap_v42bis Y Enables disablesV 42bis compression during ...

Page 231: ...ides a port that automatically determines the protocol of an incoming packet and converts to arap ipx ppp slip or cli mode accordingly A port set to auto_adapt mode automatically detects whether packets are incoming or outgoing For incoming packets the port behaves as if it were set to auto_detect mode then determines the incoming protocol and converts to the appropriate mode as described For outg...

Page 232: ...ombination of both The Model 5390 server performs any necessary case conversion arap The arap command converts a CLI line into an ARA connection Resetting the port returns the CLI to its original mode The syntax is arap Table A10 2 CLI AppleTalk Commands Command Description arap Converts a CLI line into an ARA connection When the port is reset it reverts to its original mode After entering the com...

Page 233: ...place of the host name the Internet and Ethernet addresses and the time to live TTL field for each entry For example 5390_01 arp a xenna 192 9 200 95 at 08 00 4C 00 2a c0 tt1 20 2356 189 at 08 00 4e 34 22 39 tt1 16 NOTE Although the arp command shows AppleTalk information you cannot manipulate it Because arp interprets all address as IP addresses if you try to delete an AppleTalk address such as 1...

Page 234: ...s s Creates an entry for the host specified using either host or an Internet address at the hardware address specified using addr If you do not include temp or pub the entry is permanent and not published temp The created entry is temporary and is to be deleted after 20 minutes Temporary entries are not published pub The created entry is to be published The Model 5390 server responds to requests f...

Page 235: ... Sense Losses 0 Clear to Send Losses 0 Collisions Detected 5 Max Collision Retries 0 IEEE 802 2 Data Link Layer Statistics 802 2 packets received 1 802 2 packets sent 0 ATALK packets sent 0 AARP packets sent 0 ATALK packets received 0 AARP packets received 0 Unknown 802 2 types 0 Unknown 802 2 SAP s 0 Unknown SNAP org codes 0 Unknown SNAP ether types 0 The netstat ia 2 command display looks like t...

Page 236: ...unt allows you to send a limited number of requests When ping stops it displays a brief summary For more details on the ping command see ping on page C3 35 The ping display for an AppleTalk node looks like this ARAP Statistics ATALK sent 52 ATALK sent dropped 0 ATALK received 0 ATALK received dropped 0 ARAP Version 1 MNP received 17683 MNP fcs errors 0 MNP internal errors 0 MNP sent 3590 MNP retra...

Page 237: ...mm eth aui twi 64asy 1par Mem 5mDRM 64kEEPRM 16kSL1 16kSL2 Boot from 132 245 88 5 Date Thu Sep 21 13 27 50 1995 EDT Image oper 46 enet Uptime 15 hours 48 mins Inet addr 132 245 88 170 Subnet mask 255 255 255 0 Ethernet addr 00 80 2d 00 b4 42 Broadcast addr 132 245 88 255 Default domain xylogics com Apple Node 20801 233 A_Router 20844 132 Zone XyloEng Loading CPU current average 1 0 procs active ma...

Page 238: ...accepts one or more arguments see who on page C3 93 for more details The syntax is who h host u user p port host user host l host AppleTalk over ARA AppleTalk overARA allowsApple PowerBook and Macintosh computers to communicate with one another or with an AppleTalk network over standard telephone lines An ARA user can dial into a remote AppleTalk network and use all the available services as if th...

Page 239: ... Model 5390 Port Configuration Parameters for Modems on page A6 3 for more details Using a central security server for dial up access allows users to have their own addresses Set the mode parameter to auto_adapt or auto_detect Setting the type parameter to dial_in registers the user with the who database as soon as the ARA process attaches to the line Enable ARA security by setting at_security to ...

Page 240: ...security The Model 5390 server provides protection through the use of an administrative password that controls access to the superuser CLI commands This password can also protect access to the Model 5390 server through na The security system provides audit trails that monitor users and their activities The Model 5390 server also provides the source code for the Access Control Protocol ACP security...

Page 241: ...DES encryption algorithm To define a user name and password for a registered as opposed to guest user see Creating the acp_userinfo File on page A15 16 guest access The Model 5390 server allows anonymous access to the network Restrictions can be applied to guests by setting up an ACP guest profile with limitations For more details see at_zone on page A15 20 connection timer The connection timer is...

Page 242: ...e administrator will be visible The administrator can specify the NVE filter on a per user basis This feature complements the existing zone list described above by offering a higher level of control The administrator uses the nve_filter entry in the acp_userinfo file to specify a list of filters on a per user basis See at_nve_filter starting on page A15 22 for detailed information on creating nve_...

Page 243: ...and becomes a generic interface for the Model 5390 server An AppleTalk point to point link is configured enabled and disabled using AppleTalk Control Protocol ATCP Howtousethe CCL Converter The Macintosh CCL Converter application converts the CCL modem configuration file to allow access to the Model 5390 server via ARAP Versions 1 and 2 Typically the CCL file sets up the modem and issues the dial ...

Page 244: ...istrator configure the CCL Converter on the Macintosh as follows 1 Using a Macintosh based ftp program such as Fetch that is set to MacBinary copy the CCL Converter from the following directory on your UNIX load host usr annex src examples ccl_scripts The file name is CCL Converter 2 From the Macintosh Settings menu select ARAP V1 Autodetect Delay CLI Security or both depending on the type of Mode...

Page 245: ... box now appears In the dialog box enter the Model 5390 name portion of the Model 5390 prompt but not the CLI Security mode cli or auto_detect at_security N Normal non ARAP ACP security including port password and SecurID if configured ARAP V1 Autodetect Delay and CLI Security mode cli or auto_detect at_security N Normal non ARAP ACP security including port password and SecurID if configured CLI S...

Page 246: ... a single file or Open Folder to convert a whole directory of files 3 Quit the CCL Converter 4 Select the converted CCL file from the remote access client refer to your Apple Remote Access Client documentation NOTE When you select a file the application creates a new file con taining the conversion and appends ANNEX to the filename For exam ple if the selected file is named AE Datalink PB the appl...

Page 247: ... system administrators to define a database of information about a modem pool and a set of virtual dial out routes The Model 5390 server assigns each virtual dial out route dynamically to ports in that pool Each virtual dial out route must be configured within the Model 5390 configuration file to start the dial out connection for more details see Dial out Routes on page A14 42 Dynamic dialing also...

Page 248: ...cess detects this traffic establishes the phone connection by dialing into a modem and then continues normal operation Network Inactivity Dynamic dialing resets the dial out line when no traffic occurs on the line for a certain length of time Resetting the line terminates the phone connection saving costs by stopping inactive users from keeping phone connections open Enabling Dynamic Dialing To en...

Page 249: ...e as described in Step 2 If the option_key value is not attached to your Model 5390 server contact your supplier to obtain a key You will need to specify the Ethernet address of your Model 5390 server it is taped to the back of the unit The option_key parameter enables a variety of Model 5390 server features including tn3270 AppleTalk and IPX depending upon what you specified when you ordered your...

Page 250: ...e CLI stats o command to make sure dialout is keyed on 5 Configure the modem section of the Model 5390 configuration file Table A14 6 on page A14 28 lists the field definitions for modem entries for more details see Creating modem Entries in the Configuration File starting on page A14 26 LAT keyed off Atalk keyed off tn3270 keyed off dialout RIP filtering keyed off IPX keyed off NOTE The MODULES D...

Page 251: ...I0 K1 R2S0 1 dial_cmd ATDT timeout 60 retry 3 end 6 Reset the modem NOTE Several standard entries for the modem section of the Model 5390 configuration file are supplied with the software distribution These entries defined for use with the configuration file are located in the file usr annex bfs modems annex If the modem you are using is contained within this file using the include filename comman...

Page 252: ... comment line begin_route route id local local address remote remote address mode slip or ppp ports port set rotary phone phone number chat chat script list filter filter command disabled time interval advertise Y or N set parameter_name setting set parameter_name setting end_route The mandatory fields for a dialout entry are begin_route remote mode slip or ppp ports phone and end_route Using sepa...

Page 253: ...e terminal connected to each Model 5390 server issue the CLI superuser modem a command to verify the modem type and each of the strings defined for the modem b On each Model 5390 server issue a CLI netstat r command to verify that there is a route for example do2 c When outbound traffic is detected the Model 5390 server initiates a dial out connection based on the information in the dialout sectio...

Page 254: ...ates a final configuration for two Model 5390 servers configured for dynamic dial out routing Router A s dialout configuration dialout annex 132 245 1 1 begin_route 1 mode ppp local 132 245 1 1 remote 132 245 2 1 set net_inactivity 20 phone 16175551234 set do_compression Y set allow_compression Y set net_inactivity_units minutes set subnet_mask 255 255 255 0 set rip_sub_advertise Y set rip_sub_acc...

Page 255: ...op_char S output_flow_control eia output_start_char Q output_stop_char S input_buffer_size 1 ixany_flow_control N need_dsr N forward_key backward_key Router B s dialout configuration dialout annex 132 245 2 1 begin_route 1 mode ppp local 132 245 2 1 remote 132 245 1 1 set net_inactivity 20 phone 16175554321 set do_compression Y set allow_compression Y set net_inactivity_units minutes set subnet_ma...

Page 256: ...ask_7bits N cli_imask7 Y ps_history_buffer 0 banner Y tcp_keepalive 0 dedicated_address 0 0 0 0 dedicated_port telnet type_of_modem zoom_28 8 default_session_mode interactive dedicated_arguments Flow Control and Signal Parameters control_lines both input_flow_control eia input_start_char Q input_stop_char S output_flow_control eia output_start_char Q output_stop_char S input_buffer_size 1 ixany_fl...

Page 257: ...ables Destination NextHop Flags Usage UseCount Mtr Interface 127 0 0 0 8 UI fixed 0 2 lo0 132 245 1 0 24 132 245 44 22 UR 114 0 3 en0 132 245 33 0 24 QI fixed 147 1 do14 132 245 34 0 24 QI fixed 0 2 do16 132 245 44 0 24 UHF fixed 838 2 asy10 slip In the following example dynamic dialing route do14 has been dialed and used annex netstat r Routing tables Destination NextHop Flags Usage UseCount Mtr ...

Page 258: ...A11 12 893 741 B Dial up Networking ...

Page 259: ...ctions on RIP versions Routing tables The difference between passive and active RIP Routing interfaces IP addressing Proxy ARP Knowing how the Model 5390 server implements these features is crucial to using the Model 5390 server effectively as a full router Overview of routing configuration parameters Enabling disabling and configuring passive RIP Enabling disabling and configuring active RIP Refe...

Page 260: ...a contained in an IP datagram to its destination on a TCP IP network Only a simple network in which all systems directly attach to a single LAN does not require routing But a simple network can easily grow into an internet a collection of multiple interconnected networks where routing is required to reach hosts on distant networks Special machines called routers connect two or more networks to eac...

Page 261: ... prevents other routers from keeping the route in their routing tables and advertising it as viable If RouterA s table contains a route learned from Router B and three minutes elapse between Router A hearing from Router B Router A marks the route in question as invalid by setting its metric to 16 this value is referred to as infinity Router A advertises the route with a metric of 16 for two more m...

Page 262: ...IP configure static routes where needed and define the gateway to other networks as the default route The Model 5390 server will use the default route if it knows no other route to a given destination In most other situations active RIP is more useful than passive RIP Initially only passive RIP is running on the Model 5390 server while active RIP is an added option Two Model 5390 configuration par...

Page 263: ...ser route command see Entering Routes using the route Command on page A12 42 Routes in the cache include those whose next hops are directly reachable that is up and running on a network directly connected to the Model 5390 server and those that are not yet reachable Routes with reachable next hops are immediately copied to the RIP routing table Routes whose next hops are not yet directly reachable...

Page 264: ...unt reaches 16 or the interface to its next hop goes down it is kept for two minutes in the routing table so that the route s invalidity is advertised to other routers when active RIP is enabled RIP uses the routing table for the updates it advertises when active RIP is enabled How Hosts Learn Routing Information Unlike routers hosts do not run routing applications and do not maintain extensive ro...

Page 265: ...ted on the LAN If a host does not seem to be learning about Model 5390 routers on directly connected networks make sure RD is implemented on that host Better First Hops Redirect Messages If the Model 5390 server determines that there is a better first hop than itself for a datagram it has received it forwards the datagram and sends an ICMP redirect message to the host that originated the datagram ...

Page 266: ... source to its destination The Model 5390 server fragments datagrams when necessary but also implements Path MTU discovery for datagrams that call for it If the Don t Fragment DF bit in a datagram s header indicates the datagram can be fragmented and the datagram s size exceeds the MTU of the next hop in the datagram s route the Model 5390 server fragments the datagram If the next hop s MTU is exc...

Page 267: ...ote destination with the Model 5390 server as the next hop The Model 5390 server stores interface routes in the routing table These routes are never replaced by routes RIP learns and you cannot delete them yourself For information on subnetting see Subnetting Using Subnet Masks on page A12 13 Non Operational Interfaces Except in the case of dial out interfaces when an interface goes down the route...

Page 268: ...leftmost byte of an address indicates its class Table A12 1 lists the network classes the decimal number that appears in the first octet and thesectionsoftheInternetaddressthatareassignedtothenetworkandtothehost Thennnrepresents all or part of the network number and the hhh represents all or part of the host address The following values for the first octet are illegal do not use them 0 127 reserve...

Page 269: ... Configuration Figure A12 1 shows a configuration using four Class C node addresses 194 254 230 1 host01 194 254 230 2 the Model 5390 server 192 254 230 1 host02 and 191 250 230 55 the PC Figure A12 1 Configuration Using Four Class C Node Addresses host01 194 254 230 1 194 254 230 0 PPP link Class C network 194 254 230 0 5390_01 SLIP link 5299 host02 194 254 230 1 System 5000 hub PC 191 250 238 55...

Page 270: ...dr There are the following special cases Turning off IP Services Setting addr or inet_addr to 255 255 255 255 turns off all IP services including SLIP PPP and IP routing The Model 5390 server will continue to support non IP services such as ARAP and LAT provided that they are configured properly If IP is not being used turning it off saves overhead and can enhance security Enabling IP without an E...

Page 271: ...ortion of an IP address as the subnet The mask Contains ones in every position that corresponds to the network and subnet part of the address Contains zeros in every position that corresponds to the host address For example used with a Class C address a subnet mask containing the following bits identifies the first eight bits of the host portion third octet as a subnet 11111111 11111111 11111111 0...

Page 272: ... the host portions are 1 2 3 and 4 For more information on configuring SLIP and PPP ports see Serial Line Internet Protocol SLIP starting on page A7 1 and Point to Point Protocol PPP starting on page A8 1 Figure A12 2 Subnetting with Passive RIP CAUTION Misconfiguring or not setting subnet masks can cause unrecoverable corruption of the routing table To detect potential prob lems RIP generates a s...

Page 273: ... when directly attached nodes are on the same or subnet as the Model 5390 server see Figure A12 2 the Model 5390 server behaves differently It ignores the interface routes in its tables and uses the Proxy ARP mechanism to forward packets across those links Proxy ARP is a variation of the Address Resolution Protocol ARP which dynamically maps IP addresses to their physical Ethernet addresses When a...

Page 274: ...P versus Routing NOTE Do not attempt to configure a static route whose next hop address is a Proxy ARP interface Doing so causes packets to be routed improperly or not routed at all host01 132 254 1 1 Subnet_mask 255 255 255 0 132 254 1 2 Subnet_mask 255 255 255 0 PPP link Port8 Subnetwork 132 254 1 0 Port1 SLIP link 5301 host02 132 254 1 3 System 5000 hub 5390_01 PC 132 254 9 7 Proxy ARP Routing ...

Page 275: ...t broadcast address If your network is subnetted this is the recommended broadcast address To specify this address set the subnet portion of the broadcast address to match the Model 5390 subnet address as determined by the Model 5390 subnet mask and set the host portion of the broadcast address to all one bits For example if the Model 5390 subnet address is 132 254 9 0 and the Model 5390 subnet ma...

Page 276: ...wo groups those that apply to the Model 5390 server as a whole and those that apply to particular Model 5390 interfaces see Table A12 2 and Table A12 3 Within these two groups some parameters apply to updates the Model 5390 server accepts and others apply to updates the Model 5390 server generates If only passive RIP is enabled the parameters you can view and set are limited to the ones controllin...

Page 277: ...interface parameter use the na or admin command set interface see set Command on page C1 21 To define several interfaces for subsequent show interface use the na or admin command interface see set Command on page C1 21 Activating Interface Parameter Settings To activate interface settings issue the na or admin reset command unless you set a parameter for the Ethernet interface en0 In the Ethernet ...

Page 278: ... and poison reverse mechanisms Available with active RIP only rip_next_hop Specifies whether or not the next hop value is included in RIP version 2 advertisements Available with active RIP only rip_accept Controls the networks for which RIP accepts routes and queries rip_advertise Controls the networks for which RIP advertises routes Available with active RIP only rip_default_route Controls whethe...

Page 279: ...the following example uses admin annex su Password annex admin Annex administration Remote Annex 10 1 24 ports admin show annex routed routed N admin set annex routed Y You may need to reset the appropriate port Annex subsystem or reboot the Annex for changes to take effect admin q annex boot rip_sub_accept Controls whether or not subnet routes are accepted in updates rip_sub_advertise Controls wh...

Page 280: ...rn The Model 5390 server provides two ways to do this By entering routes in the Model 5390 configuration file This method allows you to specify routes that remain defined across Model 5390 boots CAUTION Read this section even if you are using active RIP because active RIP performs passive RIP as well The configuration parameters and commands discussed in this section are a subset of those availabl...

Page 281: ... immediately but SLIP and PPP interfaces may be slower to come up You may also want to set a default route and or static routes in the configuration file of one or more hosts on your network On a Berkeley style UNIX host define these routes in the etc gateways file Purpose of a Default Route The Model 5390 server uses its default route when it cannot find a route in the routing table for a particu...

Page 282: ... Routes with Passive RIP NOTE For convenience on the PPP link connecting 5390_01 and 5390_02 the local address for each Model 5390 server is the same as its en0 address You can change this if you want Remember that the local address for each Model 5390 server is the remote address for the other for example 132 254 1 2 is the remote address of the PPP link from the standpoint of 5390_02 host02 Subn...

Page 283: ...tric of one 1 gateway annex 132 254 2 2 route add default 132 254 1 21 end Reboot 5390_02 so that it copies the default route into the routing table 3 On each host and Model 5390 server and on the PC define a subnet mask of 255 255 255 0 For a host or PC the command you use depends on the operating system For the Model 5390 server use the Model 5390 parameter subnet_mask The following is an exampl...

Page 284: ...arns from routing updates For mostnetworkconfigurations youtypicallywanttoconfigureatleastafewstaticroutes Forexample if a device to which your Model 5390 server will be routing does not itself advertise routes you will want to define a static route to that device To ensure that the Model 5390 server uses defined static routes specify them in an annex end or subnet end block in the gateway section...

Page 285: ...asthe following format gateway annex annex_IP_addr route add h dest_IP_addrsubnet_mask gateway_address metric end In the format above annex_IP_addr is the address of the Model 5390 server that will use the route dest_IP_addr is the destination IP address Do not attempt to give a Proxy ARP host address here it will not work ...

Page 286: ...e values you can supply for the bits field along with the resultant subnet mask and its hexadecimal value CAUTION Misconfiguring or not setting subnet masks can cause unrecoverable corruption of the routing table To detect potential prob lems RIP generates a syslog LOG_WARN message if the Model 5390 subnet mask or a port subnet mask is left unset Table A12 4 Values for Bits Field with Correspondin...

Page 287: ...3 741 B A12 29 Internet Protocol IP Routing 19 255 255 224 0 FFFFE000 30 255 255 255 252 FFFFFFFC Table A12 4 Values for Bits Field with Corresponding Subnet Masks Bits Mask Hex Value Bits Mask Hex Value ...

Page 288: ...A12 30 893 741 B Internet Protocol IP Routing For each of the valid network classes and subnet bit counts Table A12 5 Table A12 6 and Table A12 7 show the total number of subnets and hosts per subnet ...

Page 289: ...893 741 B A12 31 Internet Protocol IP Routing that are possible ...

Page 290: ...b n e t s a n d H o s t s Bits Subnets Hosts Bits Subnets Hosts 8 1 16 777 214 20 4 094 4 094 10 2 4 194 302 21 8 190 2 046 11 6 2 097 150 22 16 382 1 022 12 14 1 048 574 23 32 766 510 Table A12 5 C l a s s A T o t a l A v a il a b l e S u b n e t s a n d H o s t s Bits Subnets Hosts Bits Subnets Hosts ...

Page 291: ...T o t a l A v a il a b l e S u b n e t s a n d H o s t s Bits Subnets Hosts Bits Subnets Hosts 14 62 262 142 25 131 070 126 15 126 131 070 26 262 142 62 16 254 65 534 27 524 286 30 Table A12 5 C l a s s A T o t a l A v a il a b l e S u b n e t s a n d H o s t s Bits Subnets Hosts Bits Subnets Hosts ...

Page 292: ...A12 34 893 741 B Internet Protocol IP Routing 17 510 32 766 28 1 048 574 14 Table A12 5 C l a s s A T o t a l A v a il a b l e S u b n e t s a n d H o s t s Bits Subnets Hosts Bits Subnets Hosts ...

Page 293: ...893 741 B A12 35 Internet Protocol IP Routing 18 1 022 16 382 29 2 097 150 6 Table A12 5 C l a s s A T o t a l A v a il a b l e S u b n e t s a n d H o s t s Bits Subnets Hosts Bits Subnets Hosts ...

Page 294: ...A12 36 893 741 B Internet Protocol IP Routing 19 2 046 8 190 30 4 194 302 2 Table A12 5 C l a s s A T o t a l A v a il a b l e S u b n e t s a n d H o s t s Bits Subnets Hosts Bits Subnets Hosts ...

Page 295: ... Hosts 16 1 65 534 24 254 254 18 2 16 382 25 510 126 19 6 8 190 26 1 022 62 20 14 4 094 27 2 046 30 21 30 2 046 28 4 094 14 22 62 1 022 29 8 190 6 23 126 510 30 16 382 2 Table A12 7 Class C Total Available Subnets and Hosts with no supernetting Bits Subnets Hosts Bits Subnets Hosts 24 1 254 28 14 14 26 2 62 29 30 6 27 6 30 30 62 2 ...

Page 296: ...ple note the following For convenience on the PPP link connecting 5390_01 and 5390_02 the local address for each Model 5390 server is the same as its en0 address You can change this if you want The local address for each Model 5390 server is the remote address for the other for example 132 254 1 2 is the remote address of the PPP link from the standpoint of 5390_02 ...

Page 297: ...gure A12 5 Sample Network for Static and Default Routes Passive RIP 132 254 2 102 132 254 2 101 host02 host03 host01 132 254 1 2 132 254 2 2 132 254 1 101 PPP link Subnetwork 132 254 1 0 Subnetwork 132 254 2 0 Subnet mask set to 255 255 255 0 for all nodes 132 254 1 1 132 254 1 8 5408 5390_02 SLIP PPP interfaces to remote networks System 5000 hubs 5390_01 5390_03 Internet Border router ...

Page 298: ...etworks attached to the 5390_03 s SLIP and PPP interfaces and configure 5390_01 as the next hop for network 132 254 2 0 5 On 5390_03 define border router as the default route and define a static route to subnetwork 132 254 2 0 via 5390_01 132 254 1 2 6 On border router configure five static routes defining 5390_03 132 254 1 1 as the next hop for each of the remote networks attached to the 5390_03 ...

Page 299: ...ations use 132 254 1 8 border router as the hardwired default route add h default 132 254 1 8 1 end Routes are automatically added to 5390_01 for the 132 254 2 0 network based on the PPP remote_address and subnet_mask parameters so no static route needs to be defined for that subnet Entering Subnet Routes You can create subnet end in the gateway section of config annex This allows you to define a ...

Page 300: ...to define a default route but this is not recommended see Risks WhenAdding or Deleting Default Routes on page A12 45 The arguments for route are shown in Table A12 8 The syntax is route fF add h dest mask gateway metric route fF add h default gateway metric route fF delete default dest route fF expire h default dest route fF replace h default dest gateway metric Specify routes as hardwired by usin...

Page 301: ... continues to advertise the route This allows other routers to learn that the route is invalid Cannot be used for interface routes replace Replaces the gateway in the route for dest with the new gateway you specify Cannot be used to replace interface routes h Specifies a hardwired static or default route that RIP cannot replace default Specifies the default route See Risks When Adding or Deleting ...

Page 302: ... A12 13 The next hop is 131 254 33 2 and the metric hop count for the route is 2 The examples are annex route add h 131 108 3 0 255 255 255 0 131 254 33 2 2 and annex route add h 131 108 3 0 24 131 254 33 2 2 Both of the preceding examples configure the Model 5390 server to use the gateway at 131 254 33 2 as the next hop for any host destination whose address is within the range 131 108 3 1 throug...

Page 303: ... In this case using route to define a default route is more convenient than adding the route to the configuration file since the latter requires rebooting the Model 5390 server Later you can delete the default route using the route command Accepting RIP 1 and or RIP 2 Packets The Model 5390 server s default RIP configuration accepts both version 1 and version 2 packets making no distinction betwee...

Page 304: ... to ps44D6 admin set annex rip_auth ps44D6 admin set interface all rip_recv_version 2 You may need to reset the appropriate port Annex subsystem or reboot the Annex for changes to take effect admin quit annex boot After you have set rip_auth to a password an incoming RIP 2 message is authenticated if both of the following conditions are met NOTE The boot command is required in the preceding exampl...

Page 305: ...t the Model 5390 server and or the message are configured for authentication and whether or not the password in the message matches the rip_auth password Although RIP 2 authentication cannot protect your system against a user who has the physical means or access to diagnostic tools to tap the network it nevertheless prevents SLIP or PPP users from injecting routes into the system Enabling and Disa...

Page 306: ...odel 5390 server is located on a label that is taped to the unit The option_key parameter enables a variety of Model 5390 features including tn3270 AppleTalk and IPX depending on what you specified when you ordered your Model 5390 server The RIP option_key also enables dial out and filtering To determine which options are enabled issue the CLI stats o command annex stats o KEYED OPTIONS MODULES DI...

Page 307: ...t annex option_key RaqbDwv8e Note that the option_key value is case sensitive 3 Use na admin or SNMP to make sure the Model 5390 parameter routed is set to Y If it is not set it to Y For example at the CLI superuser level invoke admin issue the show annex command including the routed parameter and if routed is set to N issue the set annex command admin show annex routed routed N admin set annex ro...

Page 308: ...both passive and active RIP are running on all operational interfaces Defining Routes After you have enabled active RIP you do not need to define the default and static routes described for the configurations shown in Figure A12 4 and Figure A12 5 The Model 5390 servers will learn about the routes to each other and to other networks through RIP updates they exchange provided that for subnetted net...

Page 309: ... also assumes that the routers on your network accept both RIP 1 and RIP 2 updates Although discarding RIP 2 updates violates the RIP 1 RFC 1058 some RIP implementations written before the RFC still do so If you have both RIP 1 and RIP 2 nodes on your network make sure that there are no RIP 1 implementations that discard RIP 2 packets If there are use na or admin to set the rip_send_version parame...

Page 310: ...odel 5390 server has the rip_sub_advertise parameter set to Y and 2 all nodes have a subnet mask set correctly to 255 255 255 0 Figure A12 6 Advertising Subnet Routes Subnets are explained in Subnetting Using Subnet Masks on page A12 13 The rip_sub_advertise parameter is described in more detail on page A 61 NOTE For convenience the local addresses of the links to the PC and host14 in Figure A12 6...

Page 311: ...l it reached 16 and the route s destination was determined unreachable This process could be lengthy and the information conveyed by the hop count although eventually correct might no longer be useful Poison reverse optimizes the split horizon mechanism It re advertises a route over the interface on which it was learned but does so with a hop count of 16 unreachable In general split horizon with p...

Page 312: ...user configured default route If you want the Model 5390 server to advertise itself as a default router over one or more interfaces set the rip_default_route parameter to an integer between 1 and 15 for the specific interfaces This integer specifies the metric the Model 5390 server advertises for itself as a route Routers on the directly connected network will use the Model 5390 server when they h...

Page 313: ...etworks Youcanspecifyuptoeightroutersusingtherip_routersparameter Thefollowingexamplespecifies two routers annex su password annex admin Annex administration Remote Annex R10 1 24 ports admin set annex rip_routers 132 254 54 2 132 254 54 33 You may need to reset the appropriate port Annex subsystem or reboot the Annex for changes to take effect admin quit annex boot CAUTION Sending updates to a se...

Page 314: ...which routes are accepted from RIP updates and requests The syntax is rip_accept access_spec none all Specify access_spec as include exclude network_list Use include to accept RIP updates only for routes whose destination addresses are on the networks in network_list Use exclude to accept all RIP updates except those whose destination addresses are on networks in network_list Do not use include an...

Page 315: ... RIP does not accept routes to destinations on networks 132 254 0 0 and 192 200 0 0 Routes to all other networks are accepted on asy3 admin set interface asy3 rip_accept exclude 132 254 0 0 192 200 0 0 You may need to reset the appropriate port Annex subsystem or reboot the Annex for changes to take effect admin reset interface asy3 rip_advertise The interface parameter rip_advertise controls the ...

Page 316: ...eexampleappliestoroutesadvertisedoverinterfaces asy3 through asy5 annex su password annex admin Annex administration Remote Annex 10 1 24 ports admin interface asy3 5 admin set interface rip_advertise exclude 10 0 0 0 190 9 0 0 You may need to reset the appropriate port Annex subsystem or reboot the Annex for changes to take effect admin reset interface If the above example contained the keyword i...

Page 317: ...er to put this parameter setting into effect For details on the Model 5390 implementation of authentication see Authenticating Incoming RIP 2 Updates and Requests on page A12 46 and Authenticating Outgoing Updates and Requests on page A12 54 rip_default_route Theinterfaceparameterrip_default_routecontrolswhetherornottheModel5390serveradvertises itself as the default route The argument metric is an...

Page 318: ...ta fields are ignored for example version 2 packets are interpreted as version 1 packets 2 indicates only version 2 or higher packets are accepted and both indicates both versions are accepted The default is both For more information see Advertising RIP 1 and or RIP 2 Updates on pageA12 51 rip_routers The Model 5390 parameter rip_routers directs periodic RIP updates to a list of routers rather tha...

Page 319: ...ddress 2 indicates version 2 packets are sent to the multicast address and compatibility indicates version 2 packets are sent to the IP broadcast address The default is compatibility For more information see Advertising RIP 1 and or RIP 2 Updates on page A12 51 rip_sub_accept The interface parameter rip_sub_accept controls whether or not subnet routes are accepted A Y accepts subnet routes an N re...

Page 320: ...nnex boot routed The Model 5390 routed parameter enables and disables RIP The syntax is routed Y N Y enables RIP N disables it Setting routed to Y activates both passive and active RIP if the option_key parameter is set for active RIP otherwise only passive routing is enabled The default is Y Reboot the Model 5390 server to put this parameter setting into effect Displaying Routing Information This...

Page 321: ...f Bad Pkts Bad Rtes Trigg Recv d Sent Disc d Update Queries en0 0 0 0 19942 0 0 22 4 Table A12 10 Field Definitions for the netstat g Command Field Definition Intf Displays the interface Bad Pkts Displays the number of packets the interface dropped due to invalid format or data Bad Rtes Displays the number of routes the interface dropped due to invalid format or data Trigg Displays the number of t...

Page 322: ...ghest number Sent Displays the number of output packets the Model 5390 server tried to send over the interface This number includes packets that were dropped because the Model 5390 server ran out of buffers or the link s output queue was full Disc d Displays the number of input packets discarded due to protocol errors or restrictions set by configuration parameters for example rip_accept Update Di...

Page 323: ...n0 Table A12 11 IP Fields in netstat r Display Field Explanation Destination The IP address of the route s destination followed by a slash followed by the number of 1 bits counting from left to right in the Destination s subnet mask For example the 24 following the IP address 132 254 1 0 indicates a subnet mask of 24 bits eight octets or 255 255 255 0 For more information see Defining Routes on pa...

Page 324: ...ute learned from a route you defined in the gateway section of the config annex file or a route you entered via the CLI superuser route command Third flag H The route is a hardwired static route Usage A positive or negative integer indicating a route s usage When RIP adds a route to the routing table it sets its usage value to 0 Every time the route is used RIP adds 1 to this value And every thirt...

Page 325: ...he netstat C Command Flag Definition intf x An interface route where x is the interface name and number for example asy8 This can be a backup route for an interface that has a duplicate definition in the routing table For example if you define a subnet mask for a Proxy ARP serial interface and that mask is the same as the Model 5390 server s en0 subnet mask the routes to that interface will be con...

Page 326: ...nd packet that crosses two routers This message indicates whether or not the packet was forwarded If so the message contains the incremented hop count and information about the outbound interface over which the packet was forwarded If the packet could not be forwarded the router discards it ping t terminates and the traceroute message contains zeros in place of interface information If an outbound...

Page 327: ...nterfaces along the way and back And if a packet cannot be forwarded ping t locates the failure Table A12 13 describes the fields displayed by ping t Table A12 13 Fields Displayed by the ping t Option Field Definition Dir The direction in which the ICMP packet is heading The symbols indicate an outbound packet heading towards the ping t destination The symbols indicate a return packet heading back...

Page 328: ... which the outbound or return packet was forwarded If the packet could not be forwarded ping t displays a zero in this field MTU The maximum transmission unit in bytes of the interface over which the outbound or return packet was forwarded The MTU is the largest packet size the interface can forward without fragmenting the packet If the packet cannot be forwarded because its size exceeds the MTU a...

Page 329: ...op on the path to the ping t destination The interface over which Router 1 forwarded the outbound packet has an IP address of 132 254 33 3 a speed of 10000000 bits per second and can transmit packets of up to 1500 bytes in length without fragmenting them line 5 Indicates that Router 2 was the return packet s first hop on the way back to the ping t source The interface over which Router 2 forwarded...

Page 330: ... packet crossed only one router annex ping t 132 254 33 4 PING hobbes 56 data bytes Troubleshooting This section describes CLI commands for displaying routing information Common configuration errors What to do if the Model 5390 server is not advertising updates as expected What to do if the Model 5390 server is not receiving updates as expected Dir Router Hops Speed B s MTU 132 254 99 2 1 19200 10...

Page 331: ...ing non contiguous subnets The following sections describe in detail the final three of these four mistakes Depending on Proxy ARP When Routing is More Reliable Figure A12 9 shows a subnet configuration in which a PC can dial into one of two Model 5390 servers Because all nodes are on the same subnet it is tempting to assume that host01could reach the PC via ProxyARP However hosts and Model 5390 s...

Page 332: ...et Protocol IP Routing Figure A12 9 Configuration in Which Proxy ARP Can Fail 132 254 5 18 5390_02 132 254 5 17 5390_01 Network 132 254 5 0 132 254 5 10 5302 PC 132 254 5 13 Series 5000 hub Series 5000 hub SLIP dial in links ...

Page 333: ...132 254 7 20 which is the address of host02 As far as 5390_01 is concerned host 7 20 could be on either of the two networks shown 132 254 0 0 or 132 254 7 0 Nodes on 132 254 0 0 such as host01 cannot reach nodes on subnet 132 254 7 0 such as host02 If host01 wants to send a packet to host02 host01 will try to use ARP to determine the Ethernet address to which it should deliver the packet because h...

Page 334: ...th PCs with 132 254 7 x addresses to use the same Model 5390 server reserving the other Model 5390 server for PCs and or hosts on a different subnet The second solution is to configure the ports on the Model 5390 servers to use a subnet mask of 0 0 0 0 the default which is interpreted as 255 255 255 255 a host subnet mask This causes the Model 5390 servers to advertise host routes rather than subn...

Page 335: ...ng Figure A12 11 Non contiguous Subnets 5390_02 132 254 5 19 5390_01 132 254 5 18 Subnetwork 132 254 0 0 host01 132 254 5 17 5304 PC 132 254 7 21 PC 132 254 7 22 System 5000 hub System 5000 hub Modem pools Subnet mask 255 255 255 0 for all nodes ...

Page 336: ...ing else is preventing the Model 5390 server from sending updates annex stats o KEYED OPTIONS MODULES DISABLED None 4 Is the Model 5390 broadcast address set correctly See Setting the Broadcast Address on page A12 17 5 Are at least two interfaces up and running 6 If your network is divided into subnets are the IP subnet addresses and subnet masks set correctly for the Model 5390 server and the SLI...

Page 337: ... hosts ignoring RIP version 2 updates If so set the interface parameter rip_send_version to 1 see Advertising RIP 1 and or RIP 2 Updates on page A12 51 What to do if the Model 5390 Server does not Receive Updates If the kernel routing table does not contain the expected learned routes check the following 1 Are the routes really being advertised Check to see if updates are being received by other r...

Page 338: ... set correctly for the version s of RIP running on your network See Authenticating Incoming RIP 2 Updates and Requests on page A12 46 and rip_auth on page A12 59 Other Documentation For outside sources of information on TCP IP routing and RIP see Comer Douglas E 1991 Internetworking with TCP IP Volume I Principles Protocols and Architecture 3rd ed Englewood Cliffs N J Prentice Hall Hedrick C L 198...

Page 339: ...ets see add Subcommand Examples on page A13 13 You can also use filtering to log in the syslog file traffic for security or network management purposes see add Subcommand Examples on pageA13 13 Finally you can use filters to determine what constitutes traffic on a dial out serial port Filters can apply to one particular physical interface on the Model 5390 server or to all Model 5390 interfaces an...

Page 340: ...s for the same interface that specify the same actions are logically ANDed For example if one exclude filter for asy2 specifies IP address 132 254 45 1 and discard and another exclude filter for asy2 specifies IP address 132 254 55 2 and discard then any packet whose destination address does not match 132 254 45 1 and does not match 132 254 45 2 is discarded that is only packets addressed to eithe...

Page 341: ...l 5390 features including tn3270 AppleTalk and IPX depending on what you specified when you ordered your Model 5390 server The filtering option_key also enables dial out and RIP To determine which options are enabled issue the CLI stats o command annex stats o KEYED OPTIONS MODULES DISABLED None For filtering to be enabled dialout RIP filtering must be displayed as keyed on and dialout must not be...

Page 342: ...ssue any of the eight subcommands summarized in Table The following example shows entering the filtering subsystem and issuing the list subcommand to display the current filters annex filter filter list NOTE The default superuser password for the Model 5390 server is its IP address NOTE The add and delete subcommands affect both the currently run ning Model 5390 configuration and the configuration...

Page 343: ...nex filter list Num Stat Ifname Dir Scope Family Actions Parameters 1 ena en0 in incl ip disc icmp port_pair nfs 2 ena en0 in incl ip disc port_pair tftp annex Table A13 1 Summary of filter Subcommands Subcommand Description add Adds filters and automatically enables them delete Deletes filters disable Disables filters but does not delete them enable Enables filters help Displays a one line descri...

Page 344: ... numbered filter Specifying an asterisk the word all or a dash by itself for a filter list indicates all filters Table A13 2 shows sample subcommands using filter lists When you delete filters their numbers remain unused until you add another filter the added filter is then assigned the lowest unused number If you invoke a subcommand with a range that includes unused numbers the subcommand operate...

Page 345: ...essage is displayed for that number the other filters in the range are disabled disable 5 Disables filters 1 2 3 4 and 5 disable 3 Disables all filters from filter 3 through the end of the list of all filters enable Enables all filters enable Enables all filters enable all Enables all filters enable 5 Enables all filters from filter 5 through the end of the list of all filters Table A13 2 Sample C...

Page 346: ...ter to all interfaces direction Specifying input applies the filter to incoming packets Specifying output applies the filter to outgoing packets Two filter definitions are required to apply a filter to both incoming and outgoing packets scope Specifying include means the filter matches only those packets that meet all of the specified criteria Specifying exclude means the filter matches only those...

Page 347: ...that traffic defined as activity on the specified interface will not activate a dynamic dial out line However the filter action will keep the line up if it is already up that is if it is not quiescent In the process the action resets the net_inactivity timer to 0 See Dial up Networking starting on page A11 1 for information on dynamic dialing syslog Logs the event in the system log file NOTE Filte...

Page 348: ...fs rlogin smtp telnet or tftp Specifying 1 or matches all port numbers For a list of service names and their corresponding port numbers see Table A13 5 src_port pnum sname 1 Matches the TCP or UDP source port number Specify the port as a decimal number pnum from 1 65535 or as a standard service name sname such as finger ftp nfs rlogin smtp telnet or tftp Specifying 1 or matches all port numbers Fo...

Page 349: ...ort_pair p1 p2 s1 s2 1 Matches packets passing in either direction between the two specified TCP or UDP port numbers p1 and p2 or standard service names s1 and s2 such as finger ftp nfs rlogin smtp telnet or tftp Use a space to separate the port numbers or names To match all packets to or from a given port number enter one port number or service name and specify 1 or for the other For a list of se...

Page 350: ...vice Name Port Number domain 53 finger 79 ftp 21 name 42 nfs 2049 nntp 119 rlogin 221 route routed router 520 rtelnet 107 sftp 115 smtp mail 25 snmp 161 telnet 23 tftp 69 time 37 who login 513 NOTE Multiple service names shown on the same line in Table A13 5 are synonyms Using any one of them in a filter implies using the other However when you list the filter using the list subcommand you will se...

Page 351: ... only to packets arriving on Model 5390 interface asy8 which could attach to either a PPP or SLIP line To apply a filter to an another interface specify a second filter for that interface or specify instead of asy8 thereby blocking the protocol on all interfaces Both filters match packets whose network protocol family is IP Since the family argument is optional IP is assumed the examples omit it B...

Page 352: ...nterface asy1 all other packets are discarded filter add asy1 input exclude address_pair 132 254 100 2 protocol icmp discard filter add asy1 input exclude address_pair 132 254 100 3 protocol icmp discard filter add asy1 input exclude address_pair 132 254 100 2 protocol udp discard filter add asy1 input exclude address_pair 132 254 100 3 protocol udp discard delete The delete subcommand deletes fil...

Page 353: ...ilter 3 disabled filter 4 disabled See Filter Lists on page A13 6 for an explanation of the filter_list argument enable The enable subcommand immediately enables disabled filters in the currently running system Otherwise disabled filters are not enabled until the Model 5390 server reboots or until the port resets A filter can be disabled only by the disable command The syntax is enable filter_list...

Page 354: ...s along with their status enabled or disabled and assigned number used by enable disable and delete Table A13 6 describes the arguments for list The syntax is list eia Table A13 6 Arguments for the list Command Argument Description e Lists the filters stored in non volatile memory instead of the filters in the currently running system Using list e eliminates the status column from the display beca...

Page 355: ... packet Sends an ICMP destination unreachable message to the packet s originator The second filter Is disabled Applies to all outbound interfaces Includes all IP packets coming from or destined for the host with an IP address of 132 254 31 2 Generates a syslog message quit The quit subcommand exits the filtering subsystem and returns control to the CLI Num Stat Ifname Dir Scope Family Actions Para...

Page 356: ... for one or more filter subcommands Entering usage with no arguments prints syntaxes for all the subcommands Entering usage and the name of a subcommand prints the syntax for that subcommand For more detailed information about one or more subcommands see help on page A13 16 ...

Page 357: ...host services Setting up name servers Setting up a host for 4 3BSD syslogging Configuring LAT services Accessing 4 2BSD Hosts The 4 2BSD version of the rlogin protocol allows logins only from hosts whose names and IP addresses are listed in the host s etc hosts file The 4 3BSD version of the protocol does not impose this restriction Add the Model 5390 server to the etc hosts file on each 4 2BSD ho...

Page 358: ...ng bfs Setting up a file server for abfs installation involves loading compiling and installing Annex source code on the host This process has four stages for more details refer to Installation Notes for Annex 10 1 UNIX Loading the software from the media into a directory Running the install annex script Editing the etc services file Starting erpcd When the installation is complete by default the ...

Page 359: ...cedure on each host that will be a file and or a security server If you are defining multiple security servers the contents of the acp_passwd acp_keys and acp_restrict files must be identical on all security servers for more details refer to Installation Notes for Annex 10 1 UNIX Parsing the Configuration File The configuration file contains Model 5390 configuration information It resides on the p...

Page 360: ...he include statement tells the parser that entries in the file specified in the filename field are part of the configuration file The syntax is keyword include filename NOTE In earlier software releases gateways rotaries and macros are separate files Beginning with Release 7 0 the keywords gateway macro and rotary are entries in the configuration file The file syntax has not changed You can use in...

Page 361: ...2 245 1 1 metric 1 hardwired net 129 122 0 0 gateway 132 245 1 1 metric 1 hardwired annex 192 9 200 228 net 129 123 0 0 gateway 132 245 2 1 metric 1 hardwired snmp contact crow xenna snmp location Room without a view end the file test route is also part of configuration include test route Configure SNMP snmp community public snmp traphost 192 9 200 95 The followings are definitions of the macro en...

Page 362: ...ctions enabled queue enabled end rotary entries rotary include test rotary All consoles from rack annexes titanic_co 2 192 9 200 232 brazil_co 5 192 9 200 232 botswana_co 6 192 9 200 232 Table top annex consoles zinc_co 25 192 9 200 230 total_recall_co 26 192 9 200 230 conan_co 27 192 9 200 230 Remote Annex 192 9 200 247 titanic titanic_1 17 192 9 200 232 titanic_2 18 192 9 200 232 Remote Annex jd...

Page 363: ...all slip_tos Y set rip_horizon split end_route begin_script chat3 send Slip r end_script Another sample configuration file containing four include statements follows The followings are definitions of the gateways entries gateway include gateways The followings are definitions of the macro entries macro include macros The followings are definitions of the rotary entries rotary include rotaries The ...

Page 364: ...d by the end of line Non delimited white space that is spaces tabs etc is treated as a single space All keywords and port information are case sensitive A gateway entry for a route in the configuration file can have one of the two equivalent formats shown below The first format is preferred The second is allowed for backward compatibility with Annex software releases prior to R9 3 Format 1 route a...

Page 365: ...ss of the next gateway the Model 5390 server uses to get to the destination address metric The cost of using this route typically this is the number of hops from the Model 5390 server to addr2 Table A14 2 Supported Keywords for gateway Entries Format 2 Keyword Definition net host The destination specified by addr1 is a network or a host addr1 The IP address of the destination use either 0 or defau...

Page 366: ... updated hardwired The gateway has a fixed route to the destination This route cannot be changed or deleted even if a routing update is received domain search Adds a network domain to the DNS search path The given paths are decomposed into higher level names and all of the forms are added domain default Sets the default search path This path should be set after all other search paths are added The...

Page 367: ... else keyword can also be used alone on a line to list configuration information for all Model 5390 servers except the one identfiied on the annex line You cannot nest annex end blocks The following sample extension to a gateway entry in the configuration file shows how to configure a SLIP interface see Figure A7 2 on page A7 4 gateway SLIP link to the 132 245 5 net annex 132 245 5 9 132 245 10 7 ...

Page 368: ... you change it because it is specified as hardwired h The Model 5390 server logs errors in gateway entries if syslogging is enabled For more details on event logging see Creating User Password Files on page A15 11 The syslog_mask parameter determines the priority levels for logging these event messages see syslog_mask on page C2 61 For information on SLIP links see Serial Line Internet Protocol SL...

Page 369: ...2 42 for more details Otherwise theModel5390serverperformsonlypassiveRIProutingwhenthedaemonisenabled Ifthedaemon is disabled no RIP routing occurs for more information on RIP see Internet Protocol IP Routing starting on page A12 1 Routing tables maintain information on gateways that provide routes to hosts on different networks IftheroutedparameterissettoY theModel 5390serverbuildsthistabledynami...

Page 370: ... immediately copied to the RIP and kernel routing tables Routes whose next hops are not yet directly reachable are copied to the RIP and kernel routing tables as soon as their next hops become reachable The latter technique saves the Model 5390 server the trouble of consulting the configuration file which is typically not stored on the Model 5390 server each time a route s status changes A copy of...

Page 371: ...by adding macro entries to the Model 5390 configuration file Using macro entries you can set up site specific prompts commands and menus Aliases can make the Model 5390 CLI invisible to the user Menus hide the Model 5390 s command interface and at the same time provide user options Aliases and menus can be bound to specific ports on the Model 5390 server Also aliases can be created for slave ports...

Page 372: ... line End a macro with a closing brace character on a new line The entries in the macro section of the configuration file follow one of these forms alias description menu description keyword arguments or keyword arguments alias expansion menu expansion The alias begins an alias definition the menu begins a menu definition The description is a string that may contain spaces The string is the inform...

Page 373: ...lias it contains an alias expansion for a menu the expansion text contains a menu expansion Table A14 3 describes the statements permitted in an alias expansion on a CLI line NOTE The Model 5390 server does not support subsets of virtual con nections Table A14 3 Supported Keywords for macro Entries Keyword Description keyin name port_set Binds name to current macro on the ports defined in port_set...

Page 374: ...ias Expansion Statement Description string Indicates that the string should be transmitted to the serial port for a virtual CLI it directs the string to the connected device This can be used to display messages to the CLI but not jobs string Simulates the string being input from the serial port for a virtual CLI it simulates input to the CLI for example CLI commands pause Indicates a pseudo CLI co...

Page 375: ...l 5390 server at a given address macro Set up a macro for annex at annex address This macro sets up a menu for port 3 and all virtual ports on the specified annex Other examples of setups are keyin 1 1 24 annex address 1 24 address ports 1 through 24 for annex address keyin 2 v annex address v address all virtual ports for annex address keyin 3 v v all virtual ports for any annex that boots from t...

Page 376: ... Annex s IP address e g 192 9 200 1 Replace system address with your system s name or IP address e g fred or 192 9 200 2 Rlogin to system1 alias Connect to System1 keyin 1 3 v annex address rlogin system1 address Rlogin to system2 alias Connect to System2 keyin 2 3 v annex address rlogin system2 address Issue a who command to determine who is running on the Annex wait for a Return before returning...

Page 377: ...L followed by 9 15H go to line 9 space over 15 spaces 2J 5 27HGeneric Menu Header 9 15H1 Connect to System1 11 15H2 Connect to System2 13 15H3 Who 15 15H4 Exit 17 15H 1mEnter Number m The last entry creates the display for the menu and includes the above aliases in the menu s cmd_list This entry also includes an init_cli keyword which causes the menu to be initialized each time the port or the vir...

Page 378: ...creates the following menu Annex Menu 1 Connect to System1 2 Connect to System2 3 Who 4 Exit The following sample macro inserts carriage returns along with the line feeds alias Connecting to host Where the M is a carriage return 0xb character Menus for logins to various locations alias Aqua keyin 1 1 24 annex address rlogin aqua alias Peach keyin 2 1 24 annex address rlogin peach alias Node 7 keyi...

Page 379: ...ntries automatically connect any user logging in on ports 1 24 of the defined Model 5390 server to the given system address without requiring a keystroke the virtual ports have normal connection options This macro is both Model 5390 server and host specific alias Connecting to host init_cli 1 24 annex address Please wait while you are connected rlogin system address NOTE Set the cli_inactivity par...

Page 380: ...ed port macro init_psr 2 4 6 10 Port 10 information 5390_01 If you issue the name defined with the keyword keyin along with help m the command displays the definition defined with that entry 5390_01 help m 2 Macro Name 2 Description Read EMAIL Assigned Ports 1 16 v Functional Text rlogin maildrop mail 5390_01 The reset annex macros command instructs the Model 5390 server to reload macro Thus you c...

Page 381: ...Theidentificationfieldprovides additional information about the service This service is attached to Model 5390 port 5 it is password protected and it is enabled for connection requests Request queueing is disabled The last sample service entry prevents the Model 5390 server from advertising VCLI service Table A14 5 Supported Arguments for service Entries Argument Description name A 16 byte ASCII s...

Page 382: ...em port port_number exit set terminal lta901 perm device la36 width 80 pages 66 lowercase nobroadcast set protection s rwlp o g w rwlp device lta901 set device lta901 spooled queue_name sys sysdevice initialize queue start processor latsym retain error on lta901 default noburst flag one notrailer record_blocking queue_name To print a file from a VMS host use the print command print queue queue_nam...

Page 383: ...ndard entries for the modem section of the Model 5390 configuration file are supplied with the software distribution These entries defined for use with the configuration file are located in the file usr annex bfs modems annex If the modem you are using is con tained within this file using the include filename command tells the parser that entries in the specified file are part of the configuration...

Page 384: ...odem type This string should match the type_of_modem port parameter This field which should always appear as the first entry is required ready_status Defines the ok numeric status string the modem returns when a command is successfully executed and the modem is in a ready state See your modem manual for the applicable ok numeric status string This field is required connect_status This string is us...

Page 385: ... message the Model 5390 server exits the dialer resets the modem and retries the dial The retry field defines the number of retries connect_ignore This string contains a list of all possible ignore these codes messages separated by commas that the modem can return for example a no dialtone response This field is optional If the modem sends a connect_ignore message the Model 5390 server behaves as ...

Page 386: ...d dialout_setup_cmd Sends a setup command to all slave ports before a port is opened via telnet callback dynamic dial etc This string should contain all of the configuration information required for the Model 5390 server to initiate an outbound call for example it should disable auto answer enable modem connect messages etc If a ready_status is not received from the modem the dialout is aborted Yo...

Page 387: ...set annex modem_table command quit root host annex admin Annex administration w LAT Remote Annex R10 1 24 ports admin reset annex modem_table admin quit annex Modem Settings for Dynamic Dialing and Dial back The Model 5390 server expects the modem to have the following setup for dynamic dialing or dial back retry Defines the number of dial out retries the default is 3 This field is optional dtr_do...

Page 388: ...answering a call Automatically answer on ring Use the highest possible modem to modem data rates with compression Remember all of these settings by saving them to the modem s non volatile memory Typically the Model 5390 port parameters are set as follows control_lines both need_dsr Y the modem must force DSR true S0 type dial_in input_flow_control eia output_flow_control eia Creating rotary Entrie...

Page 389: ... database Table A14 7 describes the options for the location argument Table A14 8 describes the supported keywords Table A14 7 Valid Options for the location Argument Option Description annex_inet_addr alternate_inet_addr Defines an auxiliary IP address that can also be used to access the rotary annex_inet_addr alternate_inet_addr 513 Defines an auxiliary IP address that can also be used to access...

Page 390: ...s to the rotary The keyword binary causes the Model 5390 server to negotiate with the host to operate in telnet binary mode in both directions direct_camp_on never ask always Determines how port camp on is handled for rotaries with an auxiliary IP address or auxiliary TCP port Camp on is the process of waiting for the next free port in the rotary if all of its ports are busy when a connection is a...

Page 391: ... 4 and ports 18 through 24 on 5390_04 Defines the order in which the rotary selects ports The default keyword first directs the rotary to select the first available port in the port_set The keyword next directs the rotary to keep track of the last available port that was selected and to start its search from that point Table A14 8 Supported Keywords for the location Argument Keyword Description ...

Page 392: ...se to telnet to port 5 of 132 245 33 238 you would enter telnet 132 245 33 238 4005 You can also specify a direct port range like this HostD proto raw 132 245 33 238 8000 In this case to get the raw port 5 of 132 245 33 238 you would enter telnet 132 245 33 238 8005 Notspecifyingaportrangeindicatesthattheentryisforadirectportrange Ifproto rawisspecified the direct port range starts at 7001 if prot...

Page 393: ...he dialout section of the configuration file defines a dial out route Table A14 9 lists the field definitions for dialout entries The format for a dialout entry looks like this dialout global_timeout time out value this is a comment line begin_route route id local local address remote remote address mode SLIP or PPP ports port set rotary phone phone number chat chat script list filter filter comma...

Page 394: ...n level and the last entry has the lowest level If a port re appears on another ports line the selection level is determined by the port s initial appearance phone A string of up to 32 characters that defines the phone number for the modem to dial chat This string of up to 32 characters defines the name of the script that coordinates communications with the remote side immediately after the phone ...

Page 395: ...aling into the Model 5390 server with a disabled route can activate the route if the remote address is within the dial out s subnet For this reason disabling the route is effective for saving telephone costs but not for providing security disabled continued Sample entries for the disabled field are 8 00am Friday 6 35pm Friday Wednesday 10 30 Nov 30 21 30 Dec 1 Friday Sunday In the first example th...

Page 396: ...eter_value Any parameters not specified in the set field are determined by the actual nonvolatile memory settings the Model 5390 server disregards any duplicate valid parameter settings Table A14 10 on page A14 40 lists the configuration parameters that can be set within this field end_route Marks the end of a dial out entry Table A14 10 Parameters that can be Set Within the set Field of the dialo...

Page 397: ...y SLIP Parameters slip_allow_dump slip_no_icmp slip_load_dump_host slip_tos slip_mtu_size subent_mask PPP Parameters ppp_acm ppp_ncp ppp_ipx_network ppp_password_remote ppp_ipx_node ppp_security_protocol ppp_mru ppp_username_remote Interface Routing Parameters rip_accept rip_recv_version rip_advertise rip_send_version rip_default_route rip_sub_accept rip_horizon rip_sub_advertise rip_next_hop Tabl...

Page 398: ...er loads each dial out route belonging to it and assigns each route an interface name Each dial out interface name is in the form do route_id the route_id is specified in the begin_route entry in the dialout section of the configuration file You can configure the Model 5390 server for any number of dial out routes and the route_ids do not have to be contiguous The dial out route interface names ca...

Page 399: ...the call is running SLIP or PPP and waiting to be dialed It is applicable and mandatory for a dial out route when the dialed port is a dial in CLI or is running some shell native to the dialed system Chat scripts such as dial out routes are configured in the dialout section of the configuration file Each chat entry begins with the field called begin_script Table A14 11 defines the field definition...

Page 400: ...closed in double quotes Multiple strings can be entered on one line or on multiple lines expect expect_case Sends control to another script upon reception of a string the first match is used When string is received script name is called the default is continue The expect field is not case sensitive The expect_case field is for use with case sensitive matches You can block together multiple expect ...

Page 401: ... keywords Table A14 12 Reserved Keywords Used in Place of a Script Name Keyword Definition success Stop all chat activity and return successfully Go to next chat in dial out if any error Stop all chat activity and return unsuccessfully Abort dial out In the timeout statement if script name is omitted error is assumed continue Continue executing current script In the expect statement if script name...

Page 402: ...lue for the script and the script name used is error Chat Script Examples The following sample chat script illustrates the Model 5390 chat script language This script first calls the chat script called chat2 If chat2 is successful chat1 continues that is it sleeps for five seconds If chat2 is unsuccessful chat1 returns as unsuccessful The chat script then sends the string called String1 If String2...

Page 403: ...ll return as unsuccessful If the expect_case field receives the expected string it returns successfully begin_scriptchat_slip send slip r expect_case Switching to SLIP success timeout 5 error end_script Thefollowingsamplescriptwaitstensecondsforthestringusername becausethis defaulttime out value is specified in the begin_script statement The default time out value is used only if a time out value ...

Page 404: ...onal images usually usr spool erpcd bfs The default file name is motd If you use another name for this file you must specify this name using the Model 5390 motd_file parameter The Model 5390 server reads the motd file from the file server host each time it boots and when the reset annex motd command is issued Initially the Model 5390 server requests the file from the preferred load host If that ho...

Page 405: ...odel 5390 server Using the Model 5390 FTP Daemon Using the Model 5390 FTP daemon you can upload or download files those visible through the superuser CLI ls and edit commands in the Model 5390 server s nonvolatile memory EEPROM from a remote host Table A14 14 Arguments for the server_capability Parameter Argument Definition all The Model 5390 server is a file server for the configuration operation...

Page 406: ...a time server use the UNIX netstat command with either the a option or the a n option A time server displays as listening on UDP port time or 37 If a host time server is not present use the supplied timserver program 1 Add the following line to etc services if not already included time 37 udp timserver 2 Start the server etc timserver 3 Edit the appropriate rc file so that the time server starts a...

Page 407: ...erpcd bfs for bfs dumping in the tftp directory for tftp dumping and assigns a unique dump file name to each Model 5390 server The assigned name depends on whether the dump host can support file names longer than 14 characters On hosts that support file names longer than 14 characters for example BSD UNIX hosts dump files are named dump xxx xxx xxx xxx The file extensions xxx xxx xxx xxx are the M...

Page 408: ...n IP address Model 5390 parameters allow you to configure the Model 5390 server to listen only for RWHO broadcasts or to query one or both types of name servers or use both means of building a host table see Using Name Servers on page A2 15 By default the Model 5390 server builds the host table exclusively from RWHO broadcasts Depending on what is available for your network you can use a name serv...

Page 409: ...ame FQDN so that the Model 5390 server can use part of the full domain name to expand host names to full domain names The FQDN must always be supplied with a query to a DNS server otherwise the Model 5390 server adds one The following example shows a PTR resource record in a BIND name server for the Model 5390 server 5390_01 with an IP address of 132 245 6 34 and a full domain name of 5390_01 eng ...

Page 410: ...hosts command force the Model 5390 server to query the name server see hosts on page C3 24 Setting Up a Host for 4 3BSD Syslogging The Model 5390 server provides a 4 3BSD system daemon for logging events to a host If you log Model 5390 events set up the logging capabilities on the host This host should be the one you specified using the Model 5390 syslog_host parameter for more information on even...

Page 411: ...390 parameters To enable the LAT functions 1 Enter the correct lat_key parameter value 2 Configure the disabled_modules parameter not to include the lat option 3 Reboot the Model 5390 server The lat_key value is unique for each Model 5390 server Because this value varies by port count if the administrator changes the number of ports on the Model 5390 server the lat_key must change and the Model 53...

Page 412: ...esents the allowable groups for users of that machine To store a service announcement there must be at least one group code common between the advertising machine and the receiving machine Group Codes Service providers can be assigned a LAT group code Group codes partition the LAT network logically into subsets The Model 5390 server restricts clients to the assigned group code s Group codes can en...

Page 413: ...e 0 10 15 20 240 enable enables group codes 0 through 10 and group codes 15 20 and 240 For convenience specifying all indicates all group codes Thus set annex group_value all enable enables group codes 0 through 255 The administrator can disable group codes in the same way using disable instead of enable After LAT is enabled the appropriate group codes are enabled and the LAT parameters have been ...

Page 414: ...e total number of vclis allowed in the Model 5390 server When a LAT user connects to the Model 5390 vcli service it is the same as a telnet vcli If all vclis are in use by Telnet and LAT users the connection request is rejected Telnet to LAT Gateway The Telnet to LAT gateway enables the system administrator to associate a unique IP address with a specific LAT service This gateway allows a user to ...

Page 415: ...d in the syslog file Each time a translation entry in gateway changes the Model 5390 server specified in the annex selector line must be rebooted For example annex 192 9 200 245 translate telnet 192 9 200 100 to lat modems node a translate telnet 192 9 200 101 to lat modems translate telnet 192 9 200 102 to lat accting end The previous translations are defined only for the Model 5390 server with I...

Page 416: ...ss port_number end For example a translation entry for a UNIX system named frodo running TCP IP with the IP address 132 0 0 50 and a VMS host running LAT would look like this annex 132 0 0 35 translate lat frodo identification Login service for TCP IP host frodo to telnet 132 0 0 50 end After making the above translation entry in gateway the system administrator must make sure that the Model 5390 ...

Page 417: ...f the Model 5390 server receives a set data b slot message from a connected LAT host it responds by configuring the port as commanded by the set data b slot message Parameters changed via data b slot messages are parity baud rate bits per character and inband flow control Status via data b slot messages supports the break signal at the local port To get the Model 5390 server to forward this status...

Page 418: ...A14 62 893 741 B Configuring Hosts and Servers request or offers to place it in a queue After the server accepts the print request it connects to the host and transfers the data ...

Page 419: ... set device lta901 spooled queue_name sys sysdevice initialize queue start processor latsym retain error on lta901 default noburst flag one notrailer record_blocking queue_name To print a file from a VMS host use the print command print queue queue_name file_name Table A14 16 defines the variables used in the previous examples NOTE Define the mode parameter for the Model 5390 port used for HIC Tab...

Page 420: ...lues affect performance take care when adjusting them For convenience the administrator may want to change the server_name as this is the name by which otherLAThostswillrefertotheModel5390server AfterchangingtheappropriateLATparameters the administrator must issue the na command reset annex lat to activate the new parameters For more details on using na commands see na Commands starting on page C1...

Page 421: ...tered The Model 5390 s Access Control Protocol ACP provides host based security in which a UNIX host on the network is defined as a security server You can modify ACP to implement a security policy that fits the needs of your environment To use any security feature you must enable security for the Model 5390 server by setting the enable_security parameter to Y This parameter is mandatory if you in...

Page 422: ...ote vcli_password The following subsections describe local security on the Model 5390 server provided that the enable_security parameter is set to Y and a host based security server is not available Implementing Local Virtual CLI Password Protection Local password protection can be implemented for the Model 5390 server in one of two ways Upon virtual CLI VCLI connection Upon access through adminis...

Page 423: ...l VCLI password The user can enter either the VCLI password or the Model 5390 administrative password To set up the local VCLI password for back up security Enable security by setting the enable_security parameter to Y Enable VCLI security by setting the vcli_security parameter to Y Define a password using the vcli_password parameter Define a security server host using the pref_secure1_host pref_s...

Page 424: ...ed with the CLI lock command Protecting the Superuser CLI The Model 5390 administrative password is required for access to the superuser CLI The default password is the Model 5390 IP address There are two ways to change the password Using the superuser CLI passwd command Changing the password parameter using na or admin Using either method the new password takes effect immediately for access to th...

Page 425: ...ck command if they do not want to log out when leaving the terminal unattended Protecting the na Utility from Unauthorized Access When using the na utility users can access Model 5390 parameters and obtain useful information or reconfigure and reboot Model 5390 servers Protecting na involves UNIX superuser protection and the Model 5390 administrative password Upon installation na is owned by root ...

Page 426: ...d logging security for AppleTalk users Dial back security PPP security via CHAP and PAP Kerberos authentication SecurID authentication SafeWord security Validation for access to the Model 5390 FTP daemon Connection security Security event logging The following subsections describe the basic ACP actions when the enable_security parameter is set to Y Virtual CLI Security You can set up security for ...

Page 427: ... parameter is not set unset the Model 5390 server does not perform a security check for VCLIs If the vcli_security parameter is set toY the vcli_password parameter is not set unset and the password parameter is not set unset the Model 5390 server denies access to the VCLI if the security server is unreachable CLI Security You can set up security for CLI connections in which users must provide a va...

Page 428: ...allows unrestricted access to the CLI Connection Security You can authorize or deny access to specific hosts or networks from the Model 5390 server If the connect_security parameter is set to Y the Model 5390 server uses ACP on a connection telnet rlogin etc from the CLI The access authorization is checked in the acp_restrict file on the security server before executing the telnet or rlogin comman...

Page 429: ...ity for port servers in which users must provide a valid user name and password before they are granted access to an outgoing port If the port_server_security parameter is set to Y the Model 5390 server tries to use ACP before granting access to the port If ACP is down the Model 5390 server prompts for the password specified in the port_password parameter If the port_password parameter is not set ...

Page 430: ... specify the preferred security hosts The Model 5390 server first queries the pref_secure1_host for user validation If a response is not received within the time defined in the network_turnaround parameter the Model 5390 server repeats the query several times If the Model 5390 server still does not receive a response it queries the host defined in the pref_secure2_host parameter If a response is n...

Page 431: ... The security_broadcast parameter is set to Y The pref_secure1_host and pref_secure2_host parameter do not respond Setting the security_broadcast parameter to N disables Model 5390 broadcasting If the hosts defined in the pref_secure1_host and pref_secure2_host parameters do not respond the Model 5390 server refuses the connection request Creating User Password Files By default ACP prompts the use...

Page 432: ...l 5390 server on port 1 called Ollie with the IP address of 132 245 33 11 is 132 245 33 11 1 0 0 Ollie Dialin modem port password After creating this entry use the ch_passwd command to enter the port password ch_passwd 132 245 33 11 1 New password password The ACP prompts appear as follows Annex username Annex password Port password NOTE If you are using a System V 4 host use the etc shadow file r...

Page 433: ... host valid Without the appropriate key the Model 5390 server denies the user s request even if the host is defined as a preferred security host Creating the acp_keys File The security server maintains the encryption key for each Model 5390 server in the acp_keys file Each entry in this file contains a list of Model 5390 names or IP addresses separated by commas and an encryption key for those Mod...

Page 434: ...hree entries specify insomniac 1 as the key for the Model 5390 server whose IP address is 132 245 6 15 no encryption for the Model 5390 server whose IP address in 132 245 6 75 and Piano as the key for all other Model 5390 servers on the 132 245 6 subnet The last entry specifies gl12ch as the key for 5390_01 5390_02 and 5390_03 Each acp_key parameter for the Model 5390 servers listed in the example...

Page 435: ...390 server uses the port s remote_address and local_address You can specify the Model 5390 server by name IP address or wild card the wild card means that any incoming address request with that user name will match Also you can specify a range of ports The file format allows one entry per line the Model 5390 server ignores any data following the comment character a newline character terminates an ...

Page 436: ... the local address is jupiter s address User harris can make a dial up address request from any port on the Model 5390 server mars The remote address is 100 30 200 55 the local address 100 30 200 40 Creating the acp_userinfo File The acp_userinfo file resides in the install directory and is maintained by the network administrator Each user has an entry in this file and each entry is comprised of s...

Page 437: ... should occur Each dial back security user can have zero one or several accesscode entries in the acp_userinfo file Each accesscode entry can define the phone number inbound and outbound modem pools and the job name see Table A15 1 The syntax is accesscode code accesscode_entry end Table A15 1 Entries for accesscode in the acp_userinfo File Entry Description code The user is prompted for this code...

Page 438: ...aged to specify this entry to avoid compromising system security Any characters accepted by the modem can be used here Notice that the escape character must precede each special character in_pool_name Specifies the name of the inbound modem pool with the format in_pool_name pool_name pool_name is the name of an inbound modem pool For the dial back request to be initiated the designated port must b...

Page 439: ... rlogin calvin 1 cobb end end accesscode direct in_pool_nameinbound end accesscodepromptphone in_pool_nameinbound out_pool_nameoutbound end end pool inbound ports 10 19 24 hobbes ports 1 3 simon end pool outbound ports 11 15 hobbes ports 1 3 briggs end climask Each user can have a CLI command mask in the acp_userinfo file that limits which CLI commands the user can execute see Masking CLI Commands...

Page 440: ...e syntax is at_zone zone end Table A15 2 Entries for climask in the acp_userinfo File Entry Description command_list A list of user level CLI commands separated by commas that are not available to the user The list of restricted command names is sent to the Model 5390 server and the user is prevented from executing those CLI commands Do not specify both a job and a climask for a given acp_userinfo...

Page 441: ...t_time entries in the acp_userinfo file The syntax is at_connect_time time_value Table A15 3 Entries for at_zone in the acp_userinfo File Entry Description zone A list of one or more ASCII character strings You can have any number of zones specified in a zone list subject to the following constraints A zone identifier cannot contain non printable characters An individual zone identifier cannot exc...

Page 442: ...d Table A15 4 Entries for at_connect_time in the acp_userinfo File Entry Description time_value The format for this argument is minutes For example at_connect_time 120 Table A15 5 Entries for at_nve_filter in the acp_userinfo File Entry Description include exclude The include or exclude qualifier controls how filters are used include filters allow only matching answers exclude filters discard matc...

Page 443: ...e entire filter to be discarded and an error message is generated at_passwd Each registered AppleTalk user as opposed to a guest must have a password defined in the acp_userinfo file Table A15 6 defines the argument for at_passwd entries in the acp_userinfo file The syntax is at_passwd string CAUTION This method of limiting NBP traffic is not secure and can be circumvented by a person willing to w...

Page 444: ...end chap_secret A secret token that enables CHAP authentication for PPP is defined in chap_secret entries in the acp_userinfo file Table A15 7 defines the argument for chap_secret entries The syntax is chap_secret secret_token NOTE The Guest entry is case sensitive If it is entered incorrectly guests can log on with no restrictions because the at_guest parameter for this port is set to Y Table A15...

Page 445: ...nly profile commands allowed in the include file are job and climask The syntax is include filename Specifying Modem Pools Within the acp_userinfo File A modem pool is a logical grouping of serial ports on one or more Model 5390 servers A minimum configuration includes at least one modem pool for dial in and one modem pool for dial out You can create a bidirectional modem pool but this will compro...

Page 446: ...1 16 and 18 19 on the Model 5390 server called titon and port 20 on the Model 5390 server with the IP address 132 245 3 86 Model 5390 entries are shown using symbolic and dotted quad notation Table A15 9 Arguments for the pool Command Argument Description poolname The name of the modem pool ports Each ports line defines a portion of the modem pool Using multiple ports entries allows you to specify...

Page 447: ...re not required to have an entry defined in the acp_userinfo file In this case users are prompted for the user name and password only no access code After the authentication a direct connection is established without dial back When the user does have an entry in the acp_userinfo file the access code will be used to start the dial back This policy is useful in environments where security is not an ...

Page 448: ...ng on page A8 1 Configuring the Model 5390 Server for Dial back Security The Model 5390 type_of_modem port parameter is a 16 byte string that specifies the modem type connected to the port s used for dial back The type_of_modem parameter indexes the modem description table in the modem section of the configuration file For more details on creating and using the configuration file see Parsing the C...

Page 449: ...r more details on using the configuration parameters see Configuration Parameters starting on page C2 1 Using AppleTalk Security The Model 5390 implementation of ARA provides three areas of security ARA security Zone security NVE filtering Logging ...

Page 450: ...the Model 5390 server provides all the zones it has learned from the network If local security is used use the per Model 5390 default_zone_list parameter For more details see at_zone on page A15 20 NVE Filtering NVE filtering controls a remote accessApple user s view of network resources when using Chooser to select resources only the resource set defined for the user by the administrator will be ...

Page 451: ...ollowing security features Authentication via passwords Dial back or charge back services Security logging The following sections describe how to configure security for the different IPX port types Security for ndp Ports Configure security for ndp ports using the AMANAGER program for specific instructions refer toAdministering theAnnex DOS Dial out Software The status of Model 5390 security has no...

Page 452: ...user name and password authentication but also dial back charge back services see Dial back on page A15 38 and Charge back on page A15 42 and security logging see Security Logging on page A15 44 CAUTION If you set the port mode to auto_detect or auto_adapt you must configure native security for all protocols in addition to configur ing the security features described in the sections that follow If...

Page 453: ...d to reset the appropriate port Annex subsystem or reboot the Annex for the changes to take effect admin reset 3 10 admin show port port_password port asy3 port_password set port asy10 port_password set UNIX based Passwords Instead of using Model 5390 based authentication you can use a UNIX host as the Model 5390 Access Control Protocol ACP server and store user names and passwords on it To do thi...

Page 454: ...el 5390 security_broadcast parameter to Y 4 Set the ipx_security port parameter to Y for the ipx or auto_detect auto_adapt ports you want to secure The following example sets ports 3 4 and 5 using admin port 3 5 admin set port ipx_security Y You may need to reset the appropriate port Annex subsystem or reboot the Annex for the changes to take effect admin reset 3 5 ...

Page 455: ...respond and broadcast_security is set to Y the Model 5390 server broadcasts to the network for a security server If the user name and password the PC user specifies match a username password entry in the acp_passwd file FastLink II software connects the PC to the Model 5390 server and displays the DOS prompt If no security server responds or if the acp_passwd file does not contain the user name an...

Page 456: ... see Using the SecurID Card on page A15 55 NOTE SecurID provides password authentication only Use ACP for dial back security or charge back privileges The FastLink II software auto reconnect feature does not work with SecurID Normally by sav ing a disrupted session s state including the user name and password FastLink II software can dial the Model 5390 server back and reestab lish the user s sess...

Page 457: ...thenticating IPX users 1 Make sure the Model 5390 enable_security parameter is set to Y 2 Set the Model 5390 port to cli mode 3 Have the user dial into this port from FastLink II terminal mode 4 Have the user press Return The Model 5390 servernowprompts for the SafeWord authentication information you have configured ...

Page 458: ...onenumber You can assign up to nine dial back numbers for each user FastLink II software provides a field in which the user specifies a number from the set of numbers you assign The Model 5390 server connects the user to one of a set of ports that you reserve for dial in and then calls the user back on one of a set of ports that you reserve for dial back By reserving different ports for dial in an...

Page 459: ...ort type_of_modem parameter to the modem type attached to the port for example USR_144 This value must match the type_of_modem field in the Model 5390 configuration file which resides on the host from which your Model 5390 server boots and is named by default config annex c Set the appropriate port configuration parameters for the outgoing modem for example set control_lines to both ...

Page 460: ...of the number e g to separate the 1 for long distance and the area code You can also use one or more commas to specify a modem pause provided that you precede each comma with a backslash When using FLSETUP to specify the dial back number the user must enter exactly what you specify in acp_userinfo except for the backslash preceding a comma Alternatively the user can specify an integer from 01 to 0...

Page 461: ...0 or she can enter 02 see the documentation for the FastLink II Client Pack If zelda dials into port 19 20 21 or 24 on stratplan zelda is dialed back from port 3 or 4 on stratplan or port 5 or 6 on marcom If zelda dials into port 8 9 or 10 on marcom she is dialed back from port 3 or 4 on stratplan or port 5 or 6 on marcom If zelda dials into any other port on any other Model 5390 server she is con...

Page 462: ...A15 84 Charge back Charge back allows a user to dial into one or more Model 5390 servers from any phone and be dialed back at any number This is convenient for users such as sales representatives who want to dial in from more locations than can easily be configured for dial back but who do not want sessions charged to the numbers from which they are dialing Dial back would limit the user to nine c...

Page 463: ...ng occurs If jeremiah dials into port 19 20 21 or 22 on george he is dialed back from port 3 or 4 on george or port 5 or 6 on pogo If jeremiah dials into port 8 9 or 10 on pogo he is dialed back from port 3 or 4 on george or port 5 or 6 on pogo If jeremiah dials into any other port on any other Model 5390 server he is immediately connected rather than dialed back Other possible outcomes are If jer...

Page 464: ...ils of IPX user activity if you do the following 1 Make sure the Model 5390 enable_security parameter is set to Y 2 Install ACP security software on one or more hosts see Setting Up a Security Server on page A15 10 3 Designate one of the hosts running ACP as a security host and if you wish designate another as a back up security host 4 Set the pref_secure1_host and pref_secure2_host parameters to ...

Page 465: ...see UNIX based Passwords on page A15 33 If the Model 5390 server cannot reach the security host it calls the back up host if one is defined and stores the message in the acp_logfile on that host If you examine this file on the primary security host and notice a gap in security entries check the acp_logfile on the back up server The primary server may have gone down temporarily in this case the eve...

Page 466: ...59 ipx dial CNA_FIXED srpc timed out error from modem reset string received 132 245 88 110 61060002 05 940721 085212 ipx login CNA_FIXED dialback request 132 245 88 110 61060002 05 940721 085219 ipx dial CNA_FIXED failed To change the name and or format of the acp_logfile see Modifying the Supplied Security Application on page A15 74 Using PPP Security The Model 5390 server supports two authentica...

Page 467: ...security parameter is set to N the Model 5390 server uses local security that is it compares the remote end s user name password against the port parameters user_name and port_password If the user name password combination is valid the Model 5390 server sends a PAP Authenticate ACK message If the combination is not valid the Model 5390 server sends a PAP Authenticate NAK message When the Model 539...

Page 468: ...vailable and the port_password parameter is set local security ignores the user name and checks the response against port_password If the port_password parameter is not set the link fails Receiving a CHAP Challenge When the Model 5390 server receives a challenge it acquires the secret token the ppp_password_remote parameter value and generates a response message The name field is set to the ppp_us...

Page 469: ...sends a challenge only if the enable_security parameter is set to Y the ppp_security_protocol parameter is set to chap and CHAP is ACKed during LCP If the Model 5390 server is ACKed for CHAP it will seek only one valid response After the Model 5390 server receives a valid response it sends challenges at irregular intervals while the link is up ACP logging for CHAP includes good responses received ...

Page 470: ...on fails Log accesses in acp_logfile enable_security Y ppp_security_protocol none slip_ppp_security N Request no PPP security incoming Use ppp_username_remote and ppp_password_remote for outgoing if not set and remote side of link demands PAP or CHAP connection fails Do not log accesses in acp_logfile enable_security Y ppp_security_protocol pap slip_ppp_security Y Use ACP for incoming user name an...

Page 471: ...ap pap slip_ppp_security Y Request CHAP in negotiation if it is NAKed by peer request PAP If using CHAP use ACP for incoming user name and password if using PAP use ACP for user name and secret token Use ppp_username_remote and ppp_password_remote for outgoing if not set and remote side of link demands PAP or CHAP connection fails Log accesses in acp_logfile enable_security Y ppp_security_protocol...

Page 472: ...ght want to use filtering to prevent users on your internal network from accessing external hosts and services An effective way to provide this kind of protection is to select one Model 5390 server on the internal network to be the network s chokepoint or firewall through which all traffic to and from external networks must pass Then configure filters on that Model 5390 server to block undesirable...

Page 473: ...Kerberos library routine libkrb a is linked with theACP code ACP prompts the user for a user name and password However instead of validating the user name and password via the acp_passwd file ACP opens a connection to the Kerberos server and passes the user name and password to the Kerberos library routine for authentication The Kerberos library routine returns a ticket to ACP indicating whether o...

Page 474: ...n case of problems 5 Terminate the executing erpcd and start up the new version If both the primary and secondary ACP servers are defined it is important to configure both the primary and secondary ACP servers to use Kerberos authentication for consistency Configuring the Model 5390 Server for Use with Kerberos Authentication To configure the Model 5390 server for use with Kerberos authentication ...

Page 475: ...igned UNIX login name as found in the first field of the password file entry for that user In the ACE Server system the login shell field in the password file is set to sdshell by default With the sdshell setting the login shell displayed to the cardholder after authentication must be stored in the ACE Server database Do not set the login shell field to sdshell You can disable a card as necessary ...

Page 476: ...ents must be added to the ACE Server database and all the network addresses must be known to the server via the etc hosts file or your NIS name server The SecurID Card User Interface When a user tries to log into your system theACE Server prompts for the user name and passcode The user enters the PIN number followed by the current SecurID card code displayed on the SecurID card The ACE Server util...

Page 477: ... can assign the PIN displayed by ACP to the user The user can select a PIN within certain guidelines Before installing the ACE Server software you must determine which of the above options your site will use See the ACE Server Manual for more information New PIN Mode If the site allows a user to select a PIN ACP displays the following text Enter your new PIN containing 4 to 8 digits or Press Retur...

Page 478: ...li_security slip_ppp_security port_server_security 3 Set the Model 5390 port parameter ppp_security_protocol to none on each port If ppp_security_protocol is set to pap the user will be prompted again for the user name and passcode when using the CLI ppp command The user must enter the PIN and SecurID card code for the passcode 4 Set the Model 5390 parameters password and vcli_password and the por...

Page 479: ...cation by calling the ACE Server 7 Set the Model 5390 parameter acp_key to its assigned value and enter this value into the Model 5390 server s host file acp_keys Then ACP and the Model 5390 server exchange user names and passcodes encrypted with the key 8 Register valid Model 5390 users in the ACE Server database with permissions individual or group to access the ACP servers If two ACP servers ar...

Page 480: ...irectories If you have ACE Server Release 1 1 cp usr ace sdclient a sdclient cp usr ace sdconf o sdclient cp usr ace your_host_type h sdclient If you have ACE Server Release 1 2 cp usr ace sdiclient a sdiclient cp usr ace your_host_type h sdiclient 4 Edit the erpcd Makefile file NOTE These instructions assume that the software is installed on a UNIX system and that the host tools have been compile...

Page 481: ...will vary ps ax grep erpcd 25493 IW 0 00 erpcd 25797 p1 S 0 00 grep erpcd kill 25493 7 Rebuild erpcd See Recompiling erpcd on page A15 84 8 If you experience link errors run the ranlib utility on the sdclient a library ranlib sdclient sdclient a Then rebuild erpcd See Recompiling erpcd on page A15 84 9 Make sure that ACP is enabled in the eservices file the default is ACP disabled The default file...

Page 482: ...d 12 Follow the procedures in the ACE Server documentation for registering clients and users The hosts that have erpcd running must be registered as clients and all users with SecurID cards that will log into the Model 5390 server s must be allowed to access the host clients 13 On the Model 5390 server enable security configure the preferred security server and enable CLI security on the ports to ...

Page 483: ...ition will enable SecurID on ports 2 and 3 and normal ACP security on the other ports define USE_SECURID_CHECK port 2 port 3 As defined below just a 1 all ports get SecurID define USE_SECURID_CHECK 1 else SECURID_CARD enable currently unsupported Port Password feature definePORT_PASSWORD 1 endif You can alter the USE_SECURID_CHECK reference s to test for the ports on which you want to use SecurID ...

Page 484: ... the user name listed in the acp_user_info file The Model 5390 server supports SafeWord for user authentication only Therefore when you dial in to the network through the Model 5390 server or dial out from the Model 5390 server for example if you telnet to a port in slave mode the Model 5390 server does not display the SafeWord Failed Access Report In addition the Model 5390 server does not run th...

Page 485: ...igma custpb h cp safelog custfail h enigma custfail h 4 Edit the erpcd Makefile file vi erpcd Makefile 5 Remove the pound symbols in the following two lines ENIGMAFLAG DENIGMA_SAFEWORD ENIGMAFILES enigma libidpb a 6 If erpcd is running on the host kill the existing erpcd process Your process number will vary ps ax grep erpcd 25493 IW 0 00 erpcd 25797 p1 S 0 00 grep erpcd kill 9 25493 NOTE SafeWord...

Page 486: ...he pref_secure2_host parameter SafeWord Passwords SafeWord provides fixed and dynamic passwords to verify user access to protected systems NOTE While SafeWord s IDUTIL program allows administrators to create up to three levels of authentication for each user Model 5390 server access allows you to combine one dynamic and one fixed pass word you cannot use two dynamic or two fixed passwords for a si...

Page 487: ...ps correctly the Permission Granted message appears If you did not SafeWord displays an error message Dynamic Passwords SafeWord generates dynamic passwords using a hand held password generator called a token The token generates new passwords each time a user wants to access protected systems Network administrators can configure SafeWord s dynamic passwords in Synchronous Semi synchronous and Asyn...

Page 488: ...e changed to select the ports on which the Enigma system is used For example using this definition will enable Enigma on ports 2 and 3 and normal ACP security on the other ports define USE_ENIGMA_CHECK port 2 port 3 As defined below just a 1 all ports get Enigma security define USE_ENIGMA_CHECK 1 else ENIGMA_SAFEWORD enable currently unsupported Port Password feature define PORT_PASSWORD 1 endif N...

Page 489: ... enter specific port numbers for SafeWord remaining Model 5390 ports will use ACP security You can also alter the USE_ENIGMA_CHECK reference s in the annex_root src erpcd acp_policy c file For more details on altering the acp_policy h and acp_policy c files see Modifying the Code on page A15 84 SafeWord Backup Security The Model 5390 server uses the following procedures if the server running SafeW...

Page 490: ...y server is configured the Model 5390 server calls the ppp_security function in the acp_policy c file with the user s name and password as entered and the service set to SERVICE_FTP If ACP grants access the ftp daemon will prompt for an account The Model 5390 server compares the text entered at this prompt against its administrative password for an added level of security If the enable_security pa...

Page 491: ...n To set the IPSO for packets generated on a port 1 Use the na utility the superuser CLI admin command or SNMP to set the Model 5390 parameter enable_security to Y the default is N 2 Use na admin or SNMP to set the serial line port parameter ipso_class to one of the following values topsecret secret confidential unclassified or none If you specify none the default the Model 5390 server does not ad...

Page 492: ...r all virtual CLI connections When a user issues a connection command the Model 5390 server using erpcd checks a restrict file for permission to connect to that host The supplied policy expects the restrict file to be acp_restrict located in the installation directory which is an ASCII file that you create with any text editor Table A15 13 describes the arguments in each entry The entry format is ...

Page 493: ...r network In the following example the policy finds the unrestricted definition for Model 5390 servers and hosts on network 192 17 5 and grants access It finds the restricted definition for hosts on any other network and does not grant access The first entry unrestricts all IP addresses on network 192 17 5 from all Model 5390 servers on that network but restricts access to any IP address off that ...

Page 494: ...d by colons and are encoded for use by UNIX utilities that sort merge select or filter streams Host based Security Logging on page B1 22 provides a sample log file The parser of the acp_userinfo file generates log messages if an error is detected when processing a user s profile Modifying the Supplied Security Application You can modify the supplied security policy to create a security scheme that...

Page 495: ... a user name To disable the port password requirement remove the line define PORT_PASSWORD 1 Linking NIS Password File Verification to ACP You can enable several options in the acp_policy h file by removing the slash and asterisk at the beginning and the end of the definition line To use the NIS password file for verification throughACP change uncomment the following lines define NATIVEPASSWD 1 to...

Page 496: ...logfile File The USE_SECONDS option in the acp_policy h file enables messages in the acp_logfile to use a seconds since 1970 ten decimal digits format This format is most useful for automaticacp_logfile parsing programs as these programs frequently need to do comparisons and arithmetic on dates This option is disabled by default You can enable USE_SECONDS by changing uncommenting the following lin...

Page 497: ...hanging the Expected File Names Used by ACP The supplied policy uses names for various files For example acp_passwd acp_keys acp_restrict and acp_logfile You can change the names of any of these files in the annex_root src erpcd acp_policy h file ...

Page 498: ...e The new_filename is the name of the new password file and the new_tempfile is a temporary file used by the ch_passwd command Because you do not need the temporary file if you are using an existing system file comment out the line for the temporary file The install_dir is defined in the file annex_root src make config with the leading quote supplied by the makefile Because the trailing quote is r...

Page 499: ...fine pathname for restrictions file define ACP_RESTRICT str sprintf str s acp_restrict install_dir define pathanme for annex acp_keys file define ACP_KEYS str sprintf str s acp_keys install_dir define pathanme for annex dialup addresses file define ACP_DIALUP str sprintf str s acp_dialup install_dir define pathname for user profile file define ACP_USERINFO str sprintf str s acp_userinfo install_di...

Page 500: ...n define ACP_WARNING 007 nYour password will expire in ld days unless changed n define ACP_WARNINGM 007 nYour password expires after tomorrow unless changed n define ACP_WARNINGT 007 nYour password expires after today unless changed n define ACP_AWARNING 007 nYour account will expire in ld days n define ACP_AWARNINGM 007 nYour account expires after tomorrow n define ACP_AWARNINGT 007 nYour account...

Page 501: ...cp_passwd define ACP_PORTPROMPT Port password endif miscellaneous defines for default application define INPUT_TIMEOUT 30 define INPUT_POLL_TIMEOUT 3 define RETRIES_MAX 3 Locking the acp_logfile File To prevent two or more hosts processes from logging a record simultaneously the Model 5390 erpcd code uses the lockf system call from the host to lock the acp_logfile This locking action prevents othe...

Page 502: ...mined to be faulty on many hosts Failures can not be narrowed down to any particular hardware manufacturer or UNIX system There are to many OS revs and variables to sense the correct lockf method to use at installation time The default T_LOCK was chosen simply because it has been proven reliable SEE log_message define USE_F_LOCK 1 Masking CLI Commands When the security subsystem is enabled you can...

Page 503: ...MASK_JOBS0x00000040 define MASK_KILL0x00000080 define MASK_NETSTAT0x00000100 define MASK_RLOGIN0x00000200 define MASK_STATS0x00000400 define MASK_STTY0x00000800 define MASK_TELNET0x00001000 define MASK_WHO0x00002000 define MASK_LOCK0x00004000 define MASK_SU0x00008000 define MASK_SLIP0x00010000 define MASK_CONNECT0x00020000 define MASK_SERVICES0x00040000 define MASK_PPP0x00080000 define MASK_ARAP0x...

Page 504: ...n policy file acp_policy c is documented in the form of C programming language comments The file policy doc provides a complete description of the available library functions Recompiling erpcd You must recompile erpcd if you modify the supplied policy and the ch_passwd utility if you changed the name of the ACP password file from acp_passwd The source files are in annex_root src erpcd where annex_...

Page 505: ...rtain Ports The Model 5390 operational code passes the TCP port number to ACP when doing a telnet on a port with connect_security enabled This feature allows restrictions on connections to certain TCP ports The port number is available in annex_to_net in the acp_policy c file ...

Page 506: ...A15 86 893 741 B Using Model 5390 Security ...

Page 507: ......

Page 508: ... Chapter B1 Network Administration Chapter B2 Simple Network Management Protocol SNMP Part B Network Administration ...

Page 509: ...Monitoring Network Activity The Model 5390 server provides three CLI commands netstat ping and arp to monitor network activity for more details see Using the CLI Commands starting on page C3 1 Using the CLI commands you can Display network statistics Test the network Manage the ARP table Displaying Network Statistics The CLI netstat command displays information that the Model 5390 server has obtai...

Page 510: ...s Entering the netstat command without arguments displays the local and remote addresses send and receive queue sizes in bytes protocol and the internal state of the protocol for all active connections Table B1 1 lists the arguments for this command Table B1 1 Arguments for the netstat Command Argument Description A Adds the protocol control block PCB addresses a Includes sockets used by server pr...

Page 511: ...et ESTABLISHED tcp 0 0 annex1 1081 opus telnet ESTABLISHED tcp 0 0 annex1 1022 test1 login ESTABLISHED tcp 211 0 annex1 953 xzyx login ESTABLISHED tcp 0 0 annex1 1021 test1 login ESTABLISHED tcp 0 0 finger ESTABLISHED tcp 0 0 printer ESTABLISHED tcp 0 0 telnet LISTEN udp 0 0 bootp udp 0 0 snmp udp 0 0 who udp 0 0 erpc udp 0 0 route Table B1 2 Hardware Interface Statistics for Ethernet Statistic De...

Page 512: ...ets The number of times the network interface has been initialized from reset typically one TX DMA Underruns The number of times a frame transmission is terminated due to lack of data RX DMA Overruns The number of times a frame reception is terminated due to lack of system bus bandwidth Carrier Sense Losses The number of times a frame transmission is terminated due to loss of the Carrier Sense sig...

Page 513: ...6563 0 15085 744 0 en0 1500 10000 20000 18062 79 1626 0 823 0 0 lo0 1536 127 127 0 0 1 0 0 0 0 0 asy2 604 18358 18062 79 0 0 0 0 0 asy16 1006 132 245 6 5390_01 14770 0 7468 0 0 asy3 1500 192 9 200 zipwad 3453 0 3002 0 0 Ethernet Address 00 80 2d 00 00 9b Frames Received 39861 Frames Transmitted 45239 Bytes Received 33965470 Bytes Transmitted 29453 CRC Errors 2 Alignment Errors 10 Bad Type Length F...

Page 514: ...P AACK Sent CHAP AACK Rcvd NCP IPCP Open Table B1 3 Field Definitions for the netstat ip Command Field Definition local Refers to the Model 5390 server remote Refers to the peer xxx The origin of the value for ip addresses ANX param REM peer defined and ACP from security server ACP dial up addresses LCP and NCP IPCP Options Shows the current and the prior state of the connection Any current settin...

Page 515: ...ticate Request message and currently is processing it ANAK sent The Model 5390 server has rejected the peer s Authenticate Request the link will be coming down AACK sent The Model 5390 server has authenticated the peer Possible remote states for PAP security Initial No PAP security has been initiated AREQ sent The Model 5390 server has sent the Authenticate Request message and is waiting for the r...

Page 516: ...AP CHAL Rcvd CHAP Challenge Received CHAP CHAL Sent CHAP Challenge Sent CHAP RESP Rcvd CHAP Response Received CHAP RESP Sent CHAP Response Sent Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Collis en0 1500 192 9 200 annex1 648918 0 352845 0 0 lo0 1536 127 127 0 0 1 0 0 0 0 0 asy6 1006 192 9 200 annex1 0 0 0 0 0 asy13 256 192 9 200 annex1 0 0 0 0 0 Ethernet Address 00 80 2d 00 14 3d Frames Recei...

Page 517: ...s The netstat i command display looks like this 5390_01 netstat i Table B1 4 Displaying AppleTalk Statistics using the netstat Command Argument Description i Displays interface statistics ip port number Displays a specific Model 5390 PPP interface see PPP Statistics on page B1 5 z Displays the network zone list Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Collis en0 1500 132 245 66 0 worm 2656...

Page 518: ...ffer Drops 0 FIFO Drops 1 Interface Resets 1 TX DMA Underruns 241 RX DMA Overruns 0 Carrier Sense Losses 451 Clear to Send Losses 0 Collisions Detected 17526 Max Collision Retries 125 802 2 packets received 1 802 2 packets sent 0 ATALK packets sent 0 AARP packets sent 0 ATALK packets received 0 AARP packets received 0 Unknown 802 2 types 0 Unknown 802 2 SAP s 0 Unknown SNAP org codes 0 Unknown SNA...

Page 519: ...5390 server sends triggered updates whenever it changes the hop count of a route It transmits them immediately even if it is not yet time for one of the regular update messages to be transmitted Recv d Displays the number of packets with or without errors received over the interface Sent Displays the number of output packets the Model 5390 server tried to send over the interface This number includ...

Page 520: ...2 245 44 22 UR 114 0 2 en0 132 245 33 0 24 132 245 44 22 UR 33 147 2 en0 132 245 34 0 24 132 245 44 22 UR 114 0 2 en0 132 245 44 0 24 UI fixed 8382 1 en0 bermuda 132 245 44 22 USH 114 0 2 en0 132 245 66 0 24 132 245 44 22 UR 114 0 2 en0 132 245 77 0 24 132 245 44 22 UR 114 0 2 en0 Table B1 6 Displaying Routing Table Information using the netstat Command Field Definition r Displays statistics and i...

Page 521: ...NextHop The next router to which packets with the given Destination are sent If the Destination is a local interface this field displays an asterisk interface routes have no next hop Flags The following three flags First flag Status U Q D The route is valid up and in use The route is valid but the interface is quiescent i e the interface is not up yet or was brought down by expiration of the timer...

Page 522: ...le reaches its maximum size of 256 entries RIP removes the route with the lowest usage value If two routes have the same usage value RIP removes the first route listed The values range from 9999999 for a route that has not been used in 9 5 years to 9999999 for a very frequently used route Interface hardwired and extremely frequently used routes contain the word fixed in this field instead of a num...

Page 523: ...x is the interface name and number for example asy8 This can be a backup route for an interface that has a duplicate definition in the routing table For example if you define a subnet mask for a Proxy ARP serial interface and that mask is the same as the Model 5390 en0 subnet mask the routes to that interface will be considered duplicates As a result the Model 5390 server will store the en0 interf...

Page 524: ... 0 16 0 0 lo0 1536 127 127 0 0 1 0 0 0 0 0 do1 1500 1 132 245 33 90 4 0 4 0 0 Rotary name Address Proto Camp Flags Annex ports oemandy1 telnet telnet ask 11 conan_33 telnet telnet ask 16 borneo1 192 9 200 250 telnet telnet ask 1 brazil7 192 9 200 253 6003 telnet ask 7 annex3 6103 telnet ask 8 13 15 Table B1 9 Field Definitions for the netstat R Command Field Definition Rotary name Displays the nam...

Page 525: ...f command display looks like this 5390_01 netstat f Int In hits Out hits Drop ICMP Syslog en0 0 0 0 0 0 asy1 0 0 0 0 0 asy2 0 0 0 0 Table B1 10 Field Definitions for the netstat f Command Field Definition Int Displays the interface In hits Displays the number of packets that matched an input filter Out hits Displays the number of packets that matched an output filter Drop Displays the number of di...

Page 526: ...requests for memory denied Protocol Statistics The netstat s command displays statistics for the following protocols ICMP UDP TCP IP TMux LAT and DDP The LAT statistics display only if the correct lat_key value is set TMux statistics display only if the tmux_enable parameter is set to Y DDP statistics display only if the correct option_key value is set A truncated view looks something like this 53...

Page 527: ...her fails 1 TMUX ENQ packets sent lat 241 Total run messages received 228 Total run messages transmit 56382 Total service messages recv 3796 Total service messages used ddp 0 short header packets received 13838 long header packets received 12120 no checksum 1 packet too short 5 not enough data 13671 packets forwarded 0 packets encapsulated Testing the Network The superuser CLI ping command tests a...

Page 528: ...work t Traces the path of a packet from the local host to the destination host and back displaying information about each router in the path This option allows you to see whether a packet arrived at and or returned from its remote destination and if not where it stopped The option is based on the Traceroute facility described in RFC 1393 see Using the t traceroute Option on page C3 39 for more det...

Page 529: ...s in this translation table Because the Model 5390 server automatically builds the ARP table dynamically you rarely need to modify the table You can use arp to modify the table for hosts that do not implement ARP enabling communications between the host and the Model 5390 server Using arp you can delete a specified entry and or create an entry for a host A created entry is permanent unless it is d...

Page 530: ...des logging capabilities that maintain audit trails of user activity The security server logs each event as a message to its file acp_logfile Security logging is enabled automatically when host based security is enabled for the Model 5390 server using the Model 5390 parameter enable_security Events are logged to the security server that responded to the security request either granting or denying ...

Page 531: ... 132 245 77 1 23 moseley 132 245 11 11 420b02bd 02 950626 010620 ipx login djones 132 245 11 11 420b02be 02 950626 010900 ipx logout djones 132 245 11 11 420b02be 02 950626 010900 ipx acct 191 190 29486 12577 djones 132 245 11 11 420b02bf 01 950626 011456 telnet logout 132 245 77 1 moseley 132 245 11 11 420b02c0 01 950626 011502 cli hook logout moseley 132 245 11 11 420b02c0 01 950626 011502 cli h...

Page 532: ...ll 132 245 11 11 420b02d2 01 950626 071048 telnet logout 132 245 77 1 pearson Events are written continuously to the file acp_logfile To prevent this file from overwhelming the file system on the hosts and still obtain the record information for generating reports move and compress the file at regular intervals The size of your network the number of Model 5390 servers andtheamountofactivitygenerat...

Page 533: ... code include debug level syslog information that provides progress status and failure information This information appears in the following format Apr 2 1 53 42 annex site com ppp 323 asy15 configuring dynamic dial interface Apr 2 1 54 06 annex site com ppp 323 asy15 type_of_modem is Optima96 Apr 2 1 54 06 annex site com ppp 323 asy15 use cli modem command to verify modem information for Optima96...

Page 534: ...mand to host galago May 5 9 19 03 5390_01 cli 598 Job Begin 8 rlogin galago Worth The information display differs depending on the event In the following example of a typical message a time server updates the Model 5390 time The time server host s address displays in hexadecimallongword Timesareexpressedinhexadecimalasthenumberofsecondssince00 00 00 January 1 1970 Jan 5 9 56 5 annex timed 38 adjus...

Page 535: ...e finger command executed at the host Using the who command you can obtain a significant amount of information on users and their activities in the network For example All users connecting to or from a specific host s A single user or a group of users connected to the Model 5390 server All users connected to specific port or virtual CLI A specific user who user host or all users who host logged in...

Page 536: ... addr 132 245 88 255 Default domain unknown CPU current average 1 0 procs active max limit 87 88 800 rescheds 0 32 switches 48 109401 activates 49 109722 Loading CPU current average 1 0 procs active max limit 87 88 800 rescheds 0 32 switches 48 109401 activates 49 109722 Mbufs total 5400 free 3273 minimum free 3200 denied 0 Serial Ports Total bytes rcv d 24982 xmt d 5934 Errors parity 0 framing 0 ...

Page 537: ...m your terminal as output to the port you are tapping as if they had been entered on the port Find out exactly what users are seeing on their terminals from a remote location Provide online advice and instructions to users at their terminals Monitor traffic in both directions on the port especially incoming special conditions such as line breaks and special characters Under certain circumstances t...

Page 538: ...s and from responses to DNS and or IEN 116 queries Entries are updated according to information received Information for a host will be updated if new information received is different from what is currently in the host table The Model 5390 server considers information from a DNS server the most reliable source it considers an IEN 116 as the next reliable source and it considers RWHO broadcasts as...

Page 539: ...mall it frequently changes Increasing the size of the host table using the Model 5390 parameter host_table_size reduces these changes Other tools for managing the host table are The CLI hosts command with the n or f arguments The hosts n command displays name server information hosts f flushes all or specified entries in the host table The na or CLI admin command reset annex nameserver The reset a...

Page 540: ...Model 5390 server or a host The following subsections describe the symptoms of several common configuration problems CAUTION You should exercise extreme caution when disabling mod ules If disabled_modules is set to a value other than none and server_capability includes the operational image no modules are disabled a syslog message announces this override The vci option disables the Model 5390 inte...

Page 541: ...s autobaud may retain the baud rate of the previous session The port server session may not be terminated if you try to use an outgoing Model 5390 port as a front end to another host or to connect to a modem or switch and the interface at the other end drops DCD see Modems starting on page A6 1 for more information on using modems If any of these situations occur Make sure the Model 5390 port para...

Page 542: ...ter rwhod is set to Y If you expect to see a host in the hosts display and it does not appear wait several minutes and then reissue the hosts command before assuming there is a problem the time between broadcasts can vary Before proceeding verify that the host not appearing in the hosts display is sending RWHO packets correctly by entering ruptime on another host on the network or by checking that...

Page 543: ... Network Logins to BSD Hosts are Invisible The Model 5390 server user can rlogin or telnet to a host but the pseudo terminal does not show up in a who command display This problem is caused by a mismatch between pseudo terminals configured in the dev directory and pseudo terminal entries in etc ttys Update the etc ttys file to contain the proper number of pseudo terminals as indicated by the actua...

Page 544: ...B1 36 893 741 B Network Administration ...

Page 545: ...ent protocol It operates over the User Datagram Protocol UDP which is part of the TCP IP protocol suite SNMP provides an easier and more efficient means of managing the Model 5390 server The SNMP protocol can send queries to the SNMP agents located in each Model 5390 server Each SNMP agent collects information about its Model 5390 server and provides that information to the Network Management Stat...

Page 546: ...urns a response indicating the command s success or failure and returns the requested data for the get and get next commands SNMP Commands on page B2 7 describes these commands in greater detail Message Delivery SNMP messages are encapsulated in UDP datagrams The UDP layer does not guarantee delivery The Model 5390 server uses a timeout and retry mechanism to guarantee the SNMP command s delivery ...

Page 547: ...ls the SNMP agent for more details on creating and using the configuration file see Parsing the Configuration File on page A14 3 The gateway section of the configuration file contains four optional keywords for configuring the Model 5390 SNMP agent community traphost contact location The following subsections detail each of these keywords as well as the Model 5390 parameters required for use with ...

Page 548: ... or read write communities You can specify up to four SNMP community names in the gateway section of the configuration file but each community requires a separate line The Model 5390 server adds these communities to the SNMP agent s community table The syntax is snmp community name Defining Trap Hosts and Traps The Model 5390 server employs two methods for defining the host addresses it uses when ...

Page 549: ...y up to ten static trap hosts in the configuration file but each host requires a separate line Specify the trap host using its IP address RFC 1157 provides more details on communities and traps Table B2 1 describes the supported SNMP traps The syntax is snmp traphost ipaddr Defining the Contact String The keyword contact defines the object that identifies the person responsible for managing the Mo...

Page 550: ...SNMP the Model 5390 server will discard all SNMP messages it receives By default the SNMP agent on the Model 5390 server is enabled for more details see disabled_modules on page C2 21 Defining the allow_snmp_sets Parameter The Model 5390 server s default setting for the allow_snmp_sets parameter does not permit parameter value changes because the SNMP set command s header transmits the community s...

Page 551: ...nnex_root src snmp must be compiled and included in your management station database before you can manage the Model 5390 server Using SNMP set to Send Commands to the Model 5390 Server The private enterprise MIB objects allow you to change the configuration of the Model 5390 server or its ports These configuration changes do not take effect until the Model 5390 server is rebooted or the port is r...

Page 552: ... charPortReset defined in RFC 1316 that corresponds to the serial port to reset ToreboottheModel5390server setthedesiredimagenametotheMIBobjectanxcBootImage and set any boot warning message to the MIB object anxcBootMsg For a delayed boot set the boot time to the MIB object anxcBootTime Then set the boot type to the MIB object anxcBoot Standard MIB Support The Model 5390 server supports the follow...

Page 553: ... data that the Model 5390 server can retrieve or configuration information that it can modify Describing and Naming Objects RFC 1155 Structure and Identification of Management Information for TCP IP based internets describes the layout and encoding of exchanged data objects The SMI Structure of Management Information uses the ISO standard ASN 1 Abstract Syntax Notation One to define a method for d...

Page 554: ...lists the supported standard MIBs and outlines the differences between the Model 5390 server parameters and specific standard MIB objects Table B2 3 lists the supported standard MIBs Table B2 3 Standard MIBs Supported by the Model 5390 Server MIB Name RFC Number MIB II RFC 1213 Character MIB RFC 1316 RS 232 MIB RFC 1317 AppleTalk MIB RFC 1243 RIP version 2 MIB RFC 1389 Ethernet MIB RFC 1398 ...

Page 555: ...213 MIB II Objects Object Name get set Restrictions Read Object Limitations ifAdminStatus read only Returns only up 1 and down 2 ifOperStatus none Returns only up 1 and down 2 atEntry Cannot create new rows none ipRouteEntry Cannot create new rows none ipRouteProto none Returns only local 2 icmp 4 and rip 8 ipRouteType none Returns only invalid 2 direct 3 indirect 4 ipNetToMediaEntry Cannot create...

Page 556: ...alk Object Name Restrictions Read Object Limitations atportType Read only None atportNetStart Not supported None atportNetEnd Not supported None atportNetAddress Not supported None atportStatus Read only None atportZone Read only None atportIfIndex Read only None ddpOutRequests Not supported None ddpInLocalDatagrams Not supported None ddpNoProtocolHandlers Not supported None ddpBroadcastErrors Not...

Page 557: ...r supports RFC 1398 s dot3StatsTable and dot3CollTable with the restrictions outlined in Table B2 7 Table B2 6 RFC 1389 RIPv2 MIB Objects Object Name Restrictions Read Object Limitations rip2IfStatStatus Read only None rip2IfConfDomain Not supported None RipIfConfAuthKey Not supported None ripIfConfStatus Read only None Table B2 7 RFC 1398 Ethernet MIB Objects Object Name Restrictions Read Object ...

Page 558: ...ed 2 off 3 charPortOperStatus None Returns only up 1 down 2 active 5 charPortInFlowType Supports only none 1 xonXoff 2 and hardware 3 None charPortOutFlowType Supports only none 1 xonXoff 2 and hardware 3 None charPortAdminOrigin Read only None charPortName Read only None charPortSessionMaximum Maximum value is 16 None charSessKill Read only None charSessState None Returns only connected 2 charSes...

Page 559: ...d you must first set the port speed to a non zero value and then set rs232AsyncPortAutobaud to disabled 2 This ensures that the port is not left in a state without a declared speed For example you can set a port to 9600 autobaud by setting 9600 in rs232PortInSpeed or rs232PortOutSpeed and then setting rs232AsyncPortAutobaud to enabled 1 Table B2 9 RFC 1317 RS 232 MIB Objects Object Name Restrictio...

Page 560: ...e enterprise MIB are preceded by the string iso org dod internet private enterprises xylogics annex One of the many exceptions is the object corresponding to the image_name parameter The MIB object name for image_name is preceded by the string iso org dod internet private enterprises xylogics annex annexcmds MIB Prefixes All MIB object names have a prefix that indicates the MIB in which it is defi...

Page 561: ...er authoritative_agent anxAuthAgent broadcast_addr anxBcastAddr cli_prompt anxCliPrompt config_file anxConfigFile daylight_savings anxDaylightSavings default_zone_list anxAppleTalkDefZones disabled_modules anxDisabledModules enable_security anxEnableSecurity host_table_size anxHostTableSize image_name anxDefaultImageName inet_addr anxInetAddr ipencap_type anxIpEncapType ip_forward_broadcast anxIpF...

Page 562: ...key anxOptionKey password anxPassword pref_dump_addr anxPrefDumpAddr pref_load_addr anxPrefLoadAddr pref_name1_addr anxNameServer1Addr pref_name2_addr anxNameServer2Addr pref_secure1_host anxSecurServer1Addr pref_secure2_host anxSecurServer2Addr rip_auth anxRipAuth rip_routers anxRipRouteList routed anxRouted rwhod anxRwhod security_broadcast anxSecurBcast server_capability anxServerCap subnet_mas...

Page 563: ...rt anxSysLogPort tcp_keepalive anxTcpKeepAlive tftp_dump_name anxTftpDumpName tfpt_load_dir anxTftpDirName time_broadcast anxTimeBcast timezone_minuteswest anxTimeZone vcli_password anxVcliPassword vcli_security anxVcliSecurity zone anxAppleTalkZone Table B2 11 Configuration Parameter versus MIB Object Name continued Configuration Parameter MIB Object ...

Page 564: ...terprises xylogics annex precedes the MIB object name Table B2 12 LAT specific Configuration Parameters versus MIB Object Name LAT specific na Parameter MIB Object circuit_timer anxCircuitTimer facility_num anxFacilityNum group_value anxLatGroupVal keep_alive_timer anxKeepAliveTimer lat_queue_max anxLatQueueMax retrans_limit anxReXmitLimit server_name anxServerName service_limit anxServiceLimit sy...

Page 565: ...ansmitted slots anxLatRecvBytes total received bytes anxLatXmitBytes total transmitted bytes anxLatDupMsgs total duplicate messages anxLatRexmitMsgs total retransmitted messages anxLatBadCircuitMsgs total bad circuit messages anxLatBadSlotMsgs total bad circuit slots anxLatAcceptHostInits total accepted host initiates anxLatRejectHostInits total rejected host initiates anxLatMultipleNodes total mu...

Page 566: ...ponding MIB object names The following string precedes the MIB object names iso org dod internet private enterprises xylogics annex anxLatRecvSvcMsgs total received service messages anxLatUsedSvcMsgs total used service messages Table B2 14 TMux specific Parameters versus MIB Objects TMux Parameter MIB Object Name tmux_delay anxTmuxDelay tmux_enable anxTmuxEnable tmux_max_host anxTmuxMaxHost tmux_m...

Page 567: ...xDumpUsername ipx_file_server anxIpxFileServer ipx_frame_type anxIpxFrameType Table B2 16 T1 specific Parameters versus MIB Objects T1 Parameter MIB Object Name alarmsyslog anxt1AlarmSyslog bypass anxt1EngineBypass map anxt1ChanMap ring anxt1ChanRing sigproto anxt1ChanSigProto t1_info anxt1Info tdi_distance anxt1DiiDistance tdi_framing anxt1DiiFraming tdi_line_code anxt1DiiLineCode tni_line_buildo...

Page 568: ...interfaces precedes the MIB object names Table B2 17 Interface Parameters versus MIB Objects Interface Parameter MIB Object rip_accept interfaceRipAccept rip_advertise interfaceRipAdvertise rip_default_route interfaceRipDefRoute rip_horizon interfaceRipHorizon rip_recv_version interfaceRipRecvVersion rip_send_version interfaceRipSendVersion rip_sub_accept interfaceRipSubAccept rip_sub_advertise in...

Page 569: ...nstance number The following string precedes the object names that are in the rs232 MIB iso org dod internet mgmt mib 2 transmission rs232 The string iso org dod internet mgmt mib 2 char precedes the MIB object names that are in the charlikeMIB Table B2 18 Serial Port Parameters versus MIB Object Names Serial Port Parameter MIB Object allow_broadcast anxpAllowBcast arap_v42bis anxpArapV42bis at_gu...

Page 570: ...xpDedicatedAddr dedicated_arguments anxpDedicatedArgs dedicated_port anxpDedicatedPort echo anxpEcho erase_char anxpEraseChar erase_line anxpEraseLine erase_word anxpEraseWord forwarding_count anxpForwardCount forwarding_timer anxpForwardTimer hardware_tabs anxpHardwareTabs imask_7bits anxpImask7Bits inactivity_timer anxpInactivityTimer input_buffer_size anxpInputBufSize input_flow_control charPor...

Page 571: ... modem_var anxpModemVar need_dsr anxpNeedDsr newline_terminal anxpNewLineTerm net_inactivity anxpNetInactivity net_inactivity_units anxpNetInactivityUnits output_flow_control charPortTable charPortEntry charPortOutFlowType output_is_activity anxpOutputIsActivity output_start_char anxpOutputStartChar output_stop_char anxpOutputStopChar parity rs232AsyncPortTable rs232AsyncPortEntry rs232AsyncPortPa...

Page 572: ...ve speed rs232PortTable rs232PortEntry rs232PortInSpeed rs232PortTable rs232PortEntry rs232PortOutSpeed stop_bits rs232AsyncPortTable rs232AsyncPortEntry rs232AsyncPortStopBits tcp_keepalive anxpTcpKeepAlive telnet_crlf anxpTelnetCRLF telnet_escape anxpTelnetEscape term_var anxpTermVar tn3270_printer_host anxpTn3270PrinterHost tn3270_printer_name anxpTn3270PrinterName toggle_output anxpToggleOutpu...

Page 573: ...ss anxpNetLocalAddr metric anxpNetMetric ppp_acm anxpPppAcm ppp_mru anxpPppMru ppp_ncp anxpPppNcp ppp_password_remote anxpPppPasswdRemote ppp_security_protocol anxpPppSecurityProto ppp_username_remote anxpPppUserRemote remote_address anxpNetRemoteAddr slip_allow_dump anxpSlipAllowDump slip_load_dump_host anxpSlipLoadDumpHost slip_mtu_size anxpSlipMtuSize slip_no_icmp anxpSlipNoIcmp slip_ppp_securi...

Page 574: ...B2 30 893 741 B Simple Network Management Protocol SNMP ...

Page 575: ......

Page 576: ... Chapter C1 na Commands Chapter C2 Configuration Parameters Chapter C3 Using the CLI Commands Chapter C4 Utilities Chapter C5 Network Protocols Part C Reference ...

Page 577: ...is running its operational code All na commands are taken from the na standard input you can run na interactively or provide it with input through a file or pipeline You can create a script file containing na commands to configuretheModel5390server Thisscriptfilecansavetheconfigurationinformationforaspecific Model 5390 server and when required restore the configuration This chapter illustrates com...

Page 578: ...sh character immediately preceding the new line character To enter a space as an argument enclose it in double quotes otherwise the space is assumed to be a delimiter The UNIX interrupt character usually CTRL C returns you to the command prompt Additionally na permits comments when the character is present at the beginning of a comment line All characters between the and the next new line are igno...

Page 579: ...end of the range e g asy1 4 When followed by an and an annex_identifier interface_identifier specifies an interface on a specific Model 5390 server asy1 132 245 254 42 or asy1 5 lab interface_set A list of one or more interface_identifiers separated by semicolons An interface_set can include interfaces on different Model 5390 servers en0 132 245 254 42 asy1 asy2 lab interface_parameters A list of ...

Page 580: ...ist of one or more serial port parameters with or without values separated by white space input_flow_control eia Table C1 2 The na Commands Command Description annex Defines a default annex_list used with subsequent commands boot Boots the Model 5390 server broadcast Sends a broadcast message to one or more ports copy Copies configuration parameters dumpboot Boots the Model 5390 server and produce...

Page 581: ...ead reset and set password Defines a default administrative password used to communicate with the Model 5390 server port Defines a default port_set used with subsequent commands printer Defines a default printer_set used with subsequent commands quit Terminates na read Reads and executes a script file reset Resets a port interface or subsystem set Defines or modifies the value of a parameter show ...

Page 582: ...specified by its name command annex 132 245 6 40 frontlobby The following example shows how na prompts for missing arguments command annex enter default annex list 132 245 6 40 frontlobby The following annex command displays a message identifying the specified Model 5390 server its Internet address the number of serial lines it has and its software version command annex 132 245 6 1 132 245 6 1 Rem...

Page 583: ...ll Model 5390 servers in the annex_list and optionally produces a dump of the Model 5390 server s memory including the operational code You can set a time at which the boot is to take place The boot command can send a warning message to users attached to the Model 5390 server Table C1 3 lists the supported arguments for the boot command The syntax is boot adhlq HH MM annex_list filename warning NO...

Page 584: ...fifteen minutes annex_list Specifies the Model 5390 servers to be booted If you do not include an annex_list the command prompts for it Pressing the Return key accepts the default annex_list filename Identifies the name of the file in which the Model 5390 image is maintained If you do not enter a filename the Model 5390 server prompts for one Pressing the Return key at the prompt directs the Model...

Page 585: ...mmand The broadcast command sends a message to specified ports at the identified Model 5390 servers The syntax is broadcast port_set keyword annex_identifier message The port_set argument indicates the port s to which the message is to be broadcast If the message requires more than one line using the character at the end of each line inserts a new line Table C1 4 lists the available keywords Table...

Page 586: ... 40 2 16 132 245 6 40 To copy port 1 parameters from one Model 5390 server to port 5 on another Model 5390 server command copy port 1 frontlobby 5 132 245 6 55 NOTE The copy command requires superuser privileges Table C1 5 Descriptions of the copy Command Command Description copy annex Copies all Model 5390 parameters except the IP address the administrative password the access control protocol ke...

Page 587: ...defined or does not respond the Model 5390 server broadcasts its dump request and dumps to the first host that responds NOTE The dumpboot command requires superuser privileges When the Model 5390 server executes the dumpboot command it terminates all active connections Table C1 6 Arguments for the dumpboot Command Argument Description a Aborts any delayed dump boots that are pending q Performs a b...

Page 588: ...ch the Model 5390 server s image is maintained If you do not enter a file name the Model 5390 server prompts for one Pressing the Return key at the prompt directs the Model 5390 server to boot the default file name The Model 5390 server requests the boot file from a preferred load host if it is defined and available otherwise it broadcasts a boot request warning Allows you to enter an additional 2...

Page 589: ...th the string The following example represents an abbreviated display command help t telnet_escape serial port parameter escape character to use with the telnet command a character term_var serial port parameter Terminal variable a string maximum sixteen characters time_broadcast annex parameter broadcast for time server to use if none found Y or y to enable N or n to disable timezone_minuteswest ...

Page 590: ...ist is updated if a new annex command is issued Specifying all sets the default interface_ set to all SLIP and PPP interfaces plus en0 This example defines the default interface_set as interface asy1 on the Model 5390 server whose Internet address is 132 254 6 34 command interface asy1 132 254 6 34 The next example defines the default interface_set as interfaces asy1 through asy3 on the same Model...

Page 591: ...other port or a list of ports is specified Grouping ports using a port_set allows you to issue one na command to examine or change the parameter values for multiple ports The syntax is port asynchronous port_set keyword If you do not identify a specific Model 5390 server using the symbol and a name or Internet address when entering the port_set all Model 5390 servers in the current annex_list are ...

Page 592: ...1 5 132 245 6 34 This example defines all but port 6 on every Model 5390 server in the default annex_ list command port 1 5 7 16 quit Command The quit command terminates the na program from a script file na quits when it receives an end of file character usually CTRL D or when it reaches the end of an input file The syntax is quit ...

Page 593: ...or admin and reboot the Model 5390 server before issuingthereadcommand Thelat_keyandoption_keyparametersarenotenableduntilyoureboot and any LAT or option_key related parameters in the script file are not recognized until lat_key or option_key is enabled Also make sure the script file does not contain a different option_key setting if it does delete the setting before issuing a read If a script fil...

Page 594: ...syslog_mask all set annex syslog_host 132 245 6 9 Use this script as follows command annex thirdfloor frontlobby backhall command read testscript reset Command The reset command available from na or admin changes some of the current attributes of all the Model 5390 servers in the default annex_list without rebooting them Unless you use the reset command changes to configuration parameters for a sp...

Page 595: ... int_modem command available from na or admin resets the specified T1 modem_set There is no physical reset button A modem reset forces the port to be reset In addition if the signal protocol is set to wink start or immediate start a specialAT command is sent to the modem to select the dialtone detection mechanism The syntax is reset int_modem modem_set The modem_set parameter specifies the individ...

Page 596: ...e existing LAT circuits annex macros Resets the customized user interface macros annex modem Resets attached modem s annex motd Resets the message of the day annex nameserver Resets the name server parameters and flushes the Model 5390 s host table annex security Resets the security parameters annex syslog Resets the syslog subsystem The syslog subsystem does not use any changes made to the syslog...

Page 597: ...ters and will only disrupt the service on the DS0 channels that are changed hard This setting resets the T1 engine causing the T1 Drop Insert interface and modem sessions to terminate If modem sessions and or equipment are attached to the Drop and Insert Interface their service will be interrupted for a short period of time usually a few seconds esf This setting resets all the statistics in the T1...

Page 598: ... command lines for setting port parameters are command set port speed 9600 data_bits 7 stop_bits 1 command parity odd control_lines none type hardwired command mode cli inactivity_timer 120 show Command The show command displays current Model 5390 server interface printer or port parameters The syntax is show annex annex_list keyword annex_parameters show interface interface_list keyword interface...

Page 599: ...mask pref_load_addr pref_dump_addr load_broadcast broadcast_addr load_dump_gateway load_dump_sequence image_name motd_file config_file authoritative_agent routed server_capability disabled_modules tftp_load_dir tftp_dump_name ipencap_type ip_forward_broadcast tcp_keepalive option_key output_ttl session_limit ipx ipx_frame_type ipx_file_server ipx_dump_username ipx_dump_passwd ipx_dump_path ipx_do_...

Page 600: ...ax_vcli cli_prompt vcli_security vcli_password Table C1 12 Keywords for the show interface Command Keyword Description all Displays all interface routing parameters rip_send_version rip_horizon rip_next_hop rip_sub_accept rip_accept rep_recv_version rip_default_route rip_sub_advertise rip_advertise asyn Displays all interface routing parameters for this asynchronous port asyn n Displays all interf...

Page 601: ... speed data_bits stop_bits parity type_of_modem max_session_count allow_broadcast broadcast_direction imask_7bits cli_imask7 ps_history_buffer banner dedicated_address dedicated_port tcp_keepalive cli_interface autobaud default_session_mode dedicated_arguments lat authorized_groups latb_enable ppp local_address remote_address dialup_addresses metric slip_ppp_security demand_dial net_inactivity pho...

Page 602: ... no These values enable or disable the alarm event syslogs bypass Displays parameter setting as yes or no A setting of yes removes the T1 engine from the network map Displays mappings for the DS0 channels ring Displays parameter setting as yes or no A setting of yes means that an audible ring is sent to the service provider for incoming calls sigproto Displays the inbound and outbound signaling pr...

Page 603: ...ce for the T1 clock tni_esf_fdl Displays parameter setting as ansi or att These values represent the Facilities Data Link standard tni_framing Displays parameter setting as d4 or esf These values represent the superframe format setting on the T1 Network Interface tni_line_buildout Displays parameter setting as 0 7 5 15 or 22 5 These values represent the cable loss measurement between the last line...

Page 604: ...sing thereadcommand theargumentstotheechocommandarewrittentothestandardoutput indicating the progress of the read The following is an example of the write command command write 132 245 6 101 fronthall script NOTE For security reasons the following basic Model 5390 port parameters are written to the script file as comments acp_key lat_key option_key password port_password ppp_password_remote rip_au...

Page 605: ...and annex 132 245 6 40 command read thirdfloor prm Following is an excerpt from the script file fronthall script annex 132 245 6 101 echo setting annex parameters set annex pref_load_addr 132 245 6 75 set annex pref_dump_addr 132 245 6 75 set annex load_broadcast Y set annex image_name set annex subnet_mask 255 255 255 0 set annex authoritative_agent Y echo setting serial port parameters for port ...

Page 606: ...C1 30 893 741 B na Commands ...

Page 607: ...Protocol SNMP starting on page B2 1 for more details This chapter includes the following sections Parameter Conventions Parameter Descriptions Parameter Conventions This section describes the conventions for entering parameter values and returning those values to the supplied defaults Entering Parameter Values The conventions for entering parameter values depend on the type of information the para...

Page 608: ... page C1 21 Depending on the parameter type the syntax options are Setting Model 5390 Parameters 1 set annex annex_parameter 0 The set annex annex_parameter 0 command sets parameters that require a numeric value For example to set pref_dump_addr to its default 0 0 0 0 enter command set annex pref_dump_addr 0 2 set annex annex_parameter The set annex annex_parameter command sets all parameters that...

Page 609: ...rs Setting Asynchronous Port Parameters To set an asynchronous port parameter to its default value use the set port asynchronous command 1 set port asynchronous port_set port_parameter 2 set port asynchronous port_set port_parameter 3 set port asynchronous port_set port_parameter default The set port asynchronous port_set port_parameter command sets parameters that have single character default va...

Page 610: ...After issuing erase you must reenter the Model 5390 server s IP address and reconfigure the Model 5390 server Parameter Descriptions The Model 5390 configuration parameters are grouped by type for example Model 5390 server interface etc Parameters within these groups are further divided by relative function Each function has an associated keyword for example nameserver security time etc The set an...

Page 611: ...bnet_mask pref_load_addr pref_dump_addr load_broadcast broadcast_addr load_dump_gateway load_dump_sequence image_name motd_file config_file authoritative_agent routed server_capability disabled_modules tftp_load_dir tftp_dump_name ipencap_type ip_forward_broadcast tcp_keepalive option_key session_limit output_ttl vcli max_vcli cli_prompt vcli_security vcli_password nameserver nameserver_broadcast ...

Page 612: ... tmux_max_host tmux_delay tmux_max_mpx Table C2 2 Keywords for the show interface Command Keyword Description all Displays all interface routing parameters rip_send_version rip_horizon rip_next_hop rip_sub_accept rip_accept rep_recv_version rip_default_route rip_sub_advertise rip_advertise en0 Displays all interface routing parameters for this Ethernet interface asyn Displays all interface routing...

Page 613: ...imer forwarding_count cli_inactivity inactivity_timer input_is_activity output_is_activity reset_idle_time_on long_break short_break security user_name cli_security connect_security port_server_security port_password ipso_class ipx_security vci login_port_password login_timeout editing attn_string echo telnet_escape telnet_crlf map_to_lower map_to_upper char_erase line_erase hardware_tabs erase_ch...

Page 614: ...e the alarm event syslogs bypass Displays parameter setting as yes or no A setting of yes removes the T1 engine from the network map Displays mappings for the DS0 channels ring Displays parameter setting as yes or no A setting of yes means that an audible ring is sent to the service provider for incoming calls sigproto Displays the inbound and outbound signaling protocol settings for each DS0 chan...

Page 615: ...calls tni_clock Displays parameter setting as loop local or external These values represent the source for the T1 clock tni_esf_fdl Displays parameter setting as ansi or att These values represent the Facilities Data Link standard tni_framing Displays parameter setting as d4 or esf These values represent the superframe format setting on the T1 Network Interface tni_line_buildout Displays parameter...

Page 616: ...rver maintains the encryption key for each Model 5390 server in the acp_keys file The default for this string is unset alarmsyslog This T1 parameter enables or disables the T1 alarm event syslogs A Y enables alarm syslogs an N disables it The default is Y allow_broadcast This asynchronous port parameter allows an asynchronous port to receive administrative broadcast messagesgeneratedbythebootandbr...

Page 617: ...vileges A Y enables this parameter an N disables it The default is N at_nodeid This asynchronous port parameter defines the node ID hint used for anARA client during connection establishment This parameter value is an AppleTalk address in the form net node The valid net values are 0 to 65534 The valid node values are 0 to 254 The default is 0 0 at_security This asynchronous port parameter turns on...

Page 618: ...d autobaud This asynchronous port parameter determines whether or not the Model 5390 server automatically detects line speed when a connection is opened and whether or not it sets matching terminal port characteristics on the next login This parameter works only when the Model 5390 server is configured as a VMS interface that is when the cli_interface parameter is set to vci For more information r...

Page 619: ...ss if possible In this case you set the subnet portion of the broadcast address to match the Model 5390 subnet address as determined by the Model 5390 subnet mask and you set the host portion of the broadcast address to all one bits For example if the Model 5390 subnet address is 132 254 9 0 and the Model 5390 subnet mask is 255 255 255 252 you should set the broadcast address to 132 254 9 3 To ca...

Page 620: ... the Model 5390 server sends broadcast messages out the port side of the connection bypass This T1 parameter is used to remove the T1 engine from the network When bypass is set to Y the T1 engine is off line and the T1 Network Interface T1NI and the T1 Drop and Insert Interface T1DII are physically isolated from the T1 engine When bypass is set to Y the T1 engine has no effect on the T1 circuit Wh...

Page 621: ...hronous port parameter is enabled the Model 5390 server echoes both the character erase and the word erase characters for a video terminal that is the previous character or word looks as if it has been erased A Y enables this parameter an N disables it The default is Y ...

Page 622: ..._imask7 When this asynchronous port parameter is enabled the Model 5390 server masks CLI input to seven bits The Model 5390 server masks input only at the CLI When cli_imask7 is disabled the Model 5390 server expects eight bit ASCII input AY enables this parameter an N disables it The default is Y cli_inactivity This asynchronous port parameter specifies the amount of time in minutes that the Mode...

Page 623: ...des for example a c You can also enter text that will appear in the prompt as long as the entry as a whole does not exceed 32 characters The default prompt is a c the string annex Table C2 5 lists the formatting codes Table C2 5 Formatting Codes for Model 5390 Prompts Code Expansion a The string annex c A colon followed by a space d The current date and time in the following format Mon Mar 14 13 5...

Page 624: ... default file name is config annex connect_security This asynchronous port parameter enables the host based security policy for access from the CLI to the network using telnet and rlogin only If connect_security is enabled the user must receive authorization to connect to a host on the network The supplied security policy scans the file install directory acp_restrict to authorize a connection to a...

Page 625: ...ish canadian east_european mid_european west_european and none the default is us dedicated_address This asynchronous port parameter along with the dedicated_port parameter defines one host and one TCP port to which this port can connect To use this parameter set the mode parameter to dedicated The dedicated_address is the host s IP address The default is 0 0 0 0 Table C2 6 Valid Options for the co...

Page 626: ...details on configuring the Model 5390 server for use with dedicated ports see Dedicated Ports on page A3 11 default_zone_list This Model 5390 parameter contains the zone list that is sent to AppleTalk clients if an ACP failure occurs The string size ranges from 1 to 100 characters You must use spaces to separate zone names for example general engineering lab To escape embedded spaces within a zone...

Page 627: ...nd point address from the host based security server based on a user s login and or port number This parameter works only when the mode parameter is set to slip or ppp AY enables this parameter an N disables it The default is N disabled_modules This Model 5390 parameter allows you to disable individual software modules to free memory space If you enter more than one module separate module names us...

Page 628: ...null string sets parameter to default value If disabled_modules is set to a value other than none and server_capability includes the operational image no modules are disabled a syslog message announces this override The vci option disables the Model 5390 interface for VMS environmentsalongwiththefollowingcommands backwards change clear crash define disconnect forwardlis forward list logout resume ...

Page 629: ... line erase character The default is CTRL U U erase_word This asynchronous port parameter defines a control character sequence for the CLI word erase character The default is CTRL W W facility_num This Model 5390 parameter identifies a LAT host by number Allowable values range from 0 to 32767 The default value is 0 forward_key This asynchronous port parameter specifies a character or string that r...

Page 630: ...racters When set to zero the port uses the value in the forwarding_timer parameter Allowable values range from 0 to 255 The default is 0 forwarding_timer This asynchronous port parameter sets the amount of time in ten millisecond ms intervals that can elapse before the Model 5390 server forwards received data If new data arrives before the timer expires the Model 5390 server resets the timer Allow...

Page 631: ...he Model 5390 server to convertASCII tab characters to the correct number of spaces when a terminal does not support hardware tabs This occurs only at the CLI level A Y enables this parameter an N disables it The default is Y host_table_size This Model 5390 parameter defines the number of entries allowed in the host table Allowable values range from 0 to 255 Entering 255 allows an unlimited number...

Page 632: ... to N causes the timer to run independent of activity Allowable values range from 0 to 255 The default is 0 timer disabled If you want a port to reset after a given number of minutes regardless of any activity you must also set the following parameters inactivity_timer x input_is_activity N output_is_activity N type dial_in These setting are required because the timer does not start until one of t...

Page 633: ...an N disables it The default is Y input_start_char This asynchronous port parameter defines the control character sequence that restarts input if the input_flow_control parameter is set to start stop The default is CTRL Q Q Table C2 7 Valid Options for the input_flow_control Parameter Option Description bell The Model 5390 server rings the terminal bell sends G when its input buffer is full eia Fl...

Page 634: ... remote address using a subnet or net mask If these addresses match the Model 5390 server copies the packet to that interface When disabled the Model 5390 server does not scan the interface list and does not copy broadcast packets A Y enables this parameter an N disables it The default is N ipso_class ThisasynchronousportparameterspecifiestheU S DepartmentofDefensebasicIPSecurityOption IPSO classi...

Page 635: ...a user name for logging on to the Novell file server before the Model 5390 server sends a dump file to the server The string size ranges from 0 to 48 characters This parameter has no default value ipx_file_server This Model 5390 parameter contains the name of the Novell file server from which the Model 5390 server boots The string size ranges from 0 to 48 characters This parameter has no default v...

Page 636: ...bles this parameter an N disables it The default is N keep_alive_timer ThisModel5390parameterdefinesthenumberofsecondsbetweenthetransmissionofidentification packets during times of network inactivity This parameter works only for the LAT protocol The packets serve only as notices to remote nodes that the host s services are available Allowable values range from 10 to 255 seconds The default is 20 ...

Page 637: ... after changing the parameter s value and setting LAT Allowable values range from 1 to 255 or none entering none sets the value to 255 The default value is 4 latb_enable This asynchronous port parameter enables the Model 5390 server to decode a LAT hosts s data b packet Data b packets change certain asynchronous port parameters see your LAT host s documentation for more details A Y enables this pa...

Page 638: ...iles from other hosts on the network if any or all of the files are not available on the preferred load host A Y enables this parameter an N disables it The default is Y load_dump_gateway This Model 5390 parameter specifies the gateway s IP address A gateway is required if the preferred load or dump host is on a different network or subnet than the Model 5390 server The default is 0 0 0 0 no gatew...

Page 639: ...o command The string size ranges from 0 to 16 characters The default is a null string lock_enable This Model 5390 parameter enables any port to use the Model 5390 Interface for VMS Environment s lock command A Y enables this parameter an N disables it The default is N self Instructs the Model 5390 server to boot its image from the Flash ROMs Because the Model 5390 server cannot dump back to itself...

Page 640: ...is parameter an N disables it The default is N login_prompt This Model 5390 parameter defines the prompt that appears for all ports using a VMS interface The string size ranges from 0 to 16 characters The default is the symbol login_timer This Model 5390 parameter specifies the number of minutes a port using aVMS interface can remain inactive Valid values are 0 through 60 minutes Entering 0 sets t...

Page 641: ...rver forwards all IP packets that have the Strict Source Routing and Record option set only if the next routing address is directly reachable by the Model 5390 server Otherwise the Model 5390 server drops these packets and sends an ICMP type Destination Unreachable message with a code of Source Route Failed When disabled the Model 5390 server will not forward any IP packets that have the Strict So...

Page 642: ...parameter for older terminals that do not support lower case characters A Y enables this parameter an N disables it The default is N Table C2 9 Options for the map Parameter Option Description map_val modem_number These options map an interface channel to a modem The map_val option defines the interface as ds1_modem for the T1 Network Interface the DS0 channel di_modem for the Drop Insert Interfac...

Page 643: ...ble values are the string unlimited or a decimal number from 0 to 254 A value of 0 prevents any virtual CLI connections The default is unlimited metric This asynchronous port parameter defines the hop count to the remote end of the asynchronous line when the mode parameter is set to slip or ppp Modify this parameter only if you want the Model 5390 server to use a route other than the SLIP or PPP i...

Page 644: ... identify an incoming packet s protocol and to convert to IPX PPP ARAP or CLI cli Allows a port connected to a terminal or incoming modem access to the CLI The CLI provides access to the network and connections to other hosts via the telnet connect rlogin and tn3270 commands The tn3270 command is available only if the option_key parameter is set to the correct value for the Model 5390 server conne...

Page 645: ...uments slave Allows port access through the port server This mode provides Model 5390 login lines for hosts that have no Ethernet interface and or that require access to modems and serial line printers attached to the Model 5390 server It does not provide access to the CLI slip Allows a port to perform as a network interface using SLIP IP packets are encapsulated by SLIP telnet Allows a port to co...

Page 646: ...ame server The service type specified with this parameter is queried if the type specified with name_server_1 is not available When using this parameter you must specify a host using pref_name2_addr The options are dns ien_116 or none The default is none nameserver_broadcast This Model 5390 parameter defines whether or not the Model 5390 server broadcasts a name server request if the preferred nam...

Page 647: ...is 0 off Use this parameter in conjunction with net_inactivity_units net_inactivity_units This asynchronous port parameter defines the units of time used for the port s inactivity timer Valid options are minutes or seconds The default is minutes Use this parameter in conjunction with net_inactivity To set an inactivity timer of two minutes set net_inactivity_units minutes net_inactivity 2 To set a...

Page 648: ...g for a slow host s response to a security request newline_terminal This asynchronous port parameter interprets carriage returns and line feeds at the CLI level When enabled a line feed terminates both the input and the output lines When disabled a carriage return or a line feed terminates the input line and a carriage return followed by a line feed terminates output lines A Y enables this paramet...

Page 649: ...n bell Comparable to setting the parameter to none eia Selects hardware flow control eia works only if the control_lines parameter is set to flow control or both and the device is wired properly start stop Specifies XON XOFF flow control independent of the control_lines parameter Upon receiving XOFF output_stop_char the Model 5390 server stops sending output to the device After receiving XON outpu...

Page 650: ...ive TTL for packets the Model 5390 server generates for RIP updates TTL is a field in IP packets that limits their lifetime on the network Each time a packet crosses a router the router decrements the packet s TTL by 1 When the value reaches 0 the packet is discarded Allowable values range from 1 to 255 The default is 64 parity This asynchronous port parameter defines the type of parity that the a...

Page 651: ...f security after entering a user name password NOTE If the Model 5390 server is configured with an IP address the default administrative password is the Model 5390 server s IP address in dotted decimal notation If the Model 5390 server is not yet config ured with an IP address and the administrative password has not been modified either via this parameter or via the CLI passwd command the default ...

Page 652: ...0x00000000 The ppp_acm parameter is a bit mask that is set as follows ppp_acm for ASCII NUL decimal 0 is 2 to the power of 0 0x00000001 ppp_acm for ASCII SOH decimal 1 is 2 to the power of 1 0x00000002 ppp_acm for ASCII DC1 decimal 17 is 2 to the power of 17 0x00020000 ppp_acm for ASCII DC3 decimal 19 is 2 to the power of 19 0x00080000 Thus the mask for XON XOFF DC1 and DC3 equals the OR function ...

Page 653: ... for the remote PC client on an IPXCP IPX over PPP link Valid values are 00000001 to FFFFFFFF or 0 Leading zeroes if any should be included The network number must be unique on the network and on the Model 5390 server itself When the IPXCP connection is established the Model 5390 server and the client negotiate the network number each suggesting a value The peer suggesting the highest number wins ...

Page 654: ...del 5390 server requests the PPP default 1500 Values range from 64 to 1500 The default is 1500 ppp_ncp This asynchronous port parameter specifies the protocols that run on the interface The Model 5390 server negotiates only for those protocols that are specified here Valid options are ipcp Internet Protocol Control Protocol atcp AppleTalk Control Protocol ipxcp Internet Packet Exchange Control Pro...

Page 655: ...oad_addr This Model 5390 parameter specifies the IP address for the preferred load host This is the host to which the Model 5390 server first requests a load of its operational code The default is 0 0 0 0 pref_mop_host This Model 5390 parameter specifies the Ethernet address of the preferred MOP load or dump host This address consists of six parts separated by dashes Each part contains a hexadecim...

Page 656: ... Y The default is 0 0 0 0 pref_secure2_host This Model 5390 parameter specifies the IP address of the host that is the backup server if the host specified in pref_secure1_host is not available This parameter works only if the enable_security parameter is set to Y The default is 0 0 0 0 printer_host This asynchronous port parameter specifies the IP address or fully qualified domain name of a machin...

Page 657: ...y_buffer This asynchronous port parameter is used with the telnet command to indicate how much incoming data to buffer on a slave port Incoming data is buffered continuously before during and after the Telnet session no data buffering occurs during LAT access to the port The port must be reset after setting or changing this value Values range from 0 to 32767 The default is 0 disabled redisplay_lin...

Page 658: ...ith wink_start and immediate_start protocols only rip_accept This interface parameter defines the networks for which the Model 5390 server accepts advertised routes Table C2 12 lists the valid options the default is all Table C2 12 Valid Options for the rip_accept Parameter Option Description access_spec Uses the form include exclude network_list where include means accept RIP updates only for the...

Page 659: ...s are accepted The default is a null string rip_default_route This interface parameter allows the Model 5390 server to advertise that it is the default router Valid values are 0 through 15 or off A value of 1 through 15 indicates the hop count that will be advertised A value of 0 or off turns off the advertisement The default is 0 Table C2 13 Valid Options for the rip_advertise Parameter Option De...

Page 660: ...he default is both rip_routers This Model 5390 parameter lets you force RIP to direct periodic RIP updates to a router list rather than broadcasting updates Valid values are the IP addresses of up to eight directly reachable routers The Model 5390 server ignores any address that is not on an attached subnet Specifying the default all restores broadcasting Table C2 14 Valid Options for the rip_hori...

Page 661: ...and Ethernet interfaces When enabled subnet routes are advertised when disabled subnet routes are not advertised A Y enables this parameter an N disables it The default is Y routed This Model 5390 parameter determines whether or not the RIP routing daemon is enabled When enabled the Model 5390 server performs active RIP routing only if the option_key parameter is set to the correct value If option...

Page 662: ...as a file server host The Model 5390 server can provide operational code only for another Model 5390 server Table C2 17 describes the valid options the default is none server_name This Model 5390 parameter names the Model 5390 server in the LAT protocol The name should match the NMS host s node name used in the HIC configuration file The string size ranges from 1 to 16 characters The default value...

Page 663: ...llows the Model 5390 server to return a user to the CLI prompt after receiving a break of less than two seconds This occurs only at the CLI level A Y enables this parameter an N disables it The default is Y sigproto This T1 parameter is used to specify the inbound and outbound signaling protocols supported by each T1 channel DS0 Each channel supports an inbound protocol and an outbound protocol Bo...

Page 664: ... B Configuration Parameters slip_allow_dump This asynchronous port parameter enables the Model 5390 server to dump its operational code across a SLIP link A Y enables this parameter an N disables it The default is Y ...

Page 665: ...ckets directed to the SLIP link When enabled the Model 5390 server reduces unnecessary traffic and messages over the SLIP link A Y enables this parameter an N disables it The default is N slip_ppp_security This asynchronous port parameter controls dial up SLIP PPP access When this parameter and the enable_securityparameterareenabled portsconfiguredforSLIPandPPPwillusetheACPsecurity server A Y enab...

Page 666: ...or an asynchronous SLIP or PPP interface Typically you use this parameter to divide a network into subnets Specifying 0 0 0 0 which is the default sets the subnet mask to 255 255 255 255 which denotes a nonsubnetted host address sys_location This Model 5390 parameter supplies LAT host location or identification information The string size ranges from 0 to 32 characters The default is a null string...

Page 667: ... levels that the Model 5390 server logs The options are all none or a combination of levels separated by commas The default none disables logging Table C2 19 lists the levels in priority order see Event Logging Using syslog on page B1 26 for more details on using syslog for event logging Table C2 19 Priority Levels for the syslog_mask Parameter Priority Level Description emergency Hardware failure...

Page 668: ...ut solicits an acknowledgment from the other end of a connection to determine whether the connection is still active If the recipient does not acknowledge the message after eight retries the Model 5390 server drops the connection Valid values are 0 through 255 minutes A value of 0 sets the keep alive time to 120 minutes which is the default a value of 255 disables the keep alive mechanism The tcp_...

Page 669: ...termines which line code to use The parameter settings are ami and b8zs The default setting is b8zs telnet_crlf This asynchronous port parameter converts a carriage return in a Telnet session to a carriage return followed by a line feed When disabled a carriage return translates to a carriage return followed by a null string A Y enables this parameter an N disables it The default is N telnet_escap...

Page 670: ...g the tftp requests This string does not precede the tftp_dump_name time_broadcast This Model 5390 parameter defines whether the Model 5390 server broadcasts for the time if the preferred load host is not available or does not provide a time server A Y enables this parameter an N disables it The default is N time_server This Model 5390 parameter determines whether or not the Model 5390 server quer...

Page 671: ...0 tmux_enable This Model 5390 parameter controls whether or not the Model 5390 server uses TMux to multiplex small TCP packets into a single IP packet This parameter works only if the host supports TMux When enabled and the host does not support TMux the Model 5390 server will not support multiplexing A Y enables this parameter an N disables it The default is N tmux_max_host This Model 5390 parame...

Page 672: ...efault setting is loop tni_esf_fdl This T1 parameter sets the T1 facilities data link FDL format The FDL format is used in conjunction with the ESF format and determined by the service provider The parameter settings include ANSI ANSI T1 403 and AT T AT T TR54016 standard formats tni_framing This T1 parameter controls which super frame format is used on the T1 Network Interface Parameter settings ...

Page 673: ...ing AMI coding The default is off toggle_output This asynchronous port parameter defines the character that flushes the output buffer for CLI users The flush character must be a CTRL X X where X represents an alphanumeric value not case sensitive Pressing this character flushes the output buffer The default is CTRL O O type asynchronous This asynchronous port parameter affects the operation of two...

Page 674: ... that is loaded into the Model 5390 server at boot time This string must match the type_of_modem field in the modem section of the last read configuration file otherwise the Model 5390 server logs a warning message The Model 5390 server also logs warnings when connecting to a port with an unrecognized value in type_of_modem For more details on using the configuration file and modem management see ...

Page 675: ...del 5390 parameter enables user validation on virtual CLI connections to and from the Model 5390 server for the duration of the connection When enabled the Model 5390 server enables connection security for all virtual CLI connections and executes the same user validation including user name and password that it uses with CLI security on asynchronous ports This parameter works with host based secur...

Page 676: ...C2 70 893 741 B Configuration Parameters ...

Page 677: ...es between hosts newark and new You can enter commands and host names in lowercase uppercase or a combination of the two The Model 5390 server performs any necessary case conversion Squelch If six consecutive CLI errors occur within six seconds for example an invalid command noise on the line etc the Model 5390 server triggers a squelch that is stops all I O for approximately four seconds after re...

Page 678: ...lation tables bg user Puts a job in the background boot superuser Reboots the Model 5390 server compact superuser Compresses non volatile memory space connect user Uses LAT to connect to an advertised LAT service control superuser Changes the state of DTR and RTS or outputs a test message cp superuser Copies a file in the local file system dialout superuser Displays the current dial out database e...

Page 679: ...nistrative password ping superuser Sends ICMP Echo Request packets to a host ppp user Converts a CLI port to a PPP interface port procs superuser Displays processes at the Model 5390 server queue user Displays information about queued HIC requests or removes a particular HIC request from the queue rlogin user Connects to a host using the rlogin protocol rm superuser Deletes a file in the local fil...

Page 680: ...n loopback mode tap superuser Displays input and output for a serial port telnet user Connects to a host using the Telnet protocol tn3270 user Connects to an IBM VM CMS or MVS host using the tn3270 variation of the Telnet protocol This command is available only if the network administrator has set the option_key parameter to the correct value tstty superuser Connects to the specified host using th...

Page 681: ... your port is connected close Closes sessions connect Uses LAT to connect to an advertised LAT service disconnect Disconnects sessions forwards Selects next available higher numbered session to which your port is connected list port Displays information about communications server ports from the permanent database list server Displays information from the permanent database about the communication...

Page 682: ...ce nodes be available to the port define port autobaud Sets automatic detection of the speed parity and character size of the port device on login and sets the Model 5390 port characteristics to match define set change port break Specifies handling of the Break key during a session define set change port character size Specifies the number of bits in data characters exchanged between the port and ...

Page 683: ...the server will log out of an inactive port define server keepalive timer Defines or changes the time interval at which the server will transmit a keepalive message over a LAT virtual circuit when there is no other traffic originating at the server define server LAT key Enables and disables the LAT protocol and is used as a security mechanism to restrict access to LAT within the Model 5390 server ...

Page 684: ...flow control Specifies output flow control define set change port parity Specifies whether or not the port will provide a parity bit with each character for error checking define set change port password Specifies whether or not a user requires a password to log in to the Model 5390 server define port session limit Limits the number of connected sessions on the port define set change port speed Sp...

Page 685: ...e node when the Model 5390 server receives no messages of acknowledgment define server security Determines whether or not the Model 5390 server performs any security checking define server session limit Specifies the maximum number of active sessions that the Model 5390 server allows at one time define server software Specifies the file name of the Annex software image initialize server Reboots th...

Page 686: ...ceptions CLI admin commands work only on the local Model 5390 server When issuing admin with command line arguments not as a subsystem you must include the port_set The help command provides a help summary only for the CLI admin command set Entering help command_name indicates the command s syntax The reset command does not reset the connection from which the reset is issued To reset your port or ...

Page 687: ...ponds with an error or usage message the commands do not prompt for missing arguments The show command displays the Model 5390 port or printer parameter values for the local Model 5390 server If there are more than 24 lines of information to display a more prompt appears after the 24th line Pressing q for quit returns to the admin prompt the attention character terminates the admin session and any...

Page 688: ...5390 server builds the ARP table dynamically you rarely need to modify it Table C3 5 defines the arguments for this command The syntax is arp ads host addr temp pub Using either the host or the a argument arp displays a host name if known or a in place of the host name the Internet and Ethernet addresses and the time to live TTL field for each entry For example annex arp a thirdfloor 132 245 6 65 ...

Page 689: ...try for that host addr Displays the current ARP table entry for that address a Displays all entries in the table d Deletes the entry specified with host s Creates an entry for host specified using either a name or Internet address at the hardware address specified by addr If you do not include temp or pub the entry is permanent and not published temp The created entry is temporary and is to be del...

Page 690: ...o sends a warning message to users attached to the Model 5390 server Table C3 7 describes the arguments for boot The syntax is boot adhlqr time filename warning Table C3 6 Arguments for the bg Command Argument Description d Discards output from the background job to the terminal screen until the job is terminated or brought to the foreground Puts the most recent job into the background Puts the pr...

Page 691: ...st loaded image name for rebooting time Defines the time for a shut down as either an offset MM or HH MM or a clock time HH MM filename Identifies the name of the file in which the Model 5390 image is maintained If you do not enter a file name the Model 5390 server prompts for one If you enter a blank line the Model 5390 server boots the image defined in the image_name parameter Pressing the Retur...

Page 692: ...ree space is determined by the amount of unused space at the end of the non volatile memory Compacting can take as long as three minutes for an 8K EEPROM and 20 minutes for a 32K EEPROM During this time no process can access the non volatile memory including all admin commands and many CLI commands You must wait for the CLI to issue its prompt before continuing connect The connect command uses the...

Page 693: ...that host Entering connect with the service hostname and port causes the Model 5390 server to attempt to connect to that service on that port on that host control The superuser control command is a diagnostic tool that allows you to reset DTR and RTS or to output a short test message for a specified port Table C3 8 describes the arguments for control The syntax is control port dtr dtr rts rts port...

Page 694: ...e asserts DTR dtr Asserts DTR rts De asserts RTS rts Asserts RTS testmsg Outputs a message to a CLI port or to a port that has been opened as a slave from a host After the message prompt appears pressing the Return key displays the default message The quick brown fox jumped over the lazy dogs times Specifies the number of times the message is output forever The message is output until a break is e...

Page 695: ...roto icmp disc advertisey set slip_mtu small slip_tos Y do_compression N Route do2 local 132 245 33 90 remote 132 245 33 91 mode ppp ports 6 12 phone 2720931 chat chat_ppp filter add out incl proto icmp disc advertise y set ppp_security_protocol pap set ppp_acm 0x0 ppp_mru 1000 script chat_slip send slip r expect Switching to SLIP success timeout error Issuing the dialout l command displays an ind...

Page 696: ...ntax is edit filename The editor supports quit write and exit page up page down and arrow keys A menu bar at the top of the screen describes how to perform these functions fg The fg foreground command resumes a job that has been suspended or placed in the background If the Model 5390 server saved any output from the host while the job was interrupted the output appears on the terminal immediately ...

Page 697: ...l 5390 server It affects both the currently running configuration and the configuration stored in non volatile memory The filter command has eight subcommands add list enable disable delete help usage and quit The syntax can be either one of the following filter filter subcommand Table C3 9 Arguments for the fg Command Argument Description q Prevents a one line message from appearing on the termin...

Page 698: ... The filter command display looks like this annex filter filter The filter list command display looks like this annex filter list For more details see Filtering starting on page A13 1 hangup The hangup command terminates all of your jobs resets the CLI for the port and drops the modem control signal DTR it restores the default terminal characteristics defined for the port Also entering the hangup ...

Page 699: ...mand provides online help The syntax is help command command Entering help or with a CLI command as the argument for example help hosts displays a short description of that command and its syntax Entering help or without an argument displays a summary of all CLI commands and macros available on the current port help m The superuser help m command displays a list of all macros and their assigned po...

Page 700: ...12 Functional Text No available data In the previous sample display the Command List field applies only to menus it lists the commands available from the menu The following conditions may restrict command access Superuser commands are not available from a nonsuperuser CLI The aliases listed may not be available from a given port Command masks may apply Other restrictions may apply hosts The hosts ...

Page 701: ...r hosts rather than the list of all hosts as well as the default domain and domain search list contents host Displays information for host Specify host as a name or an IP address IEN 116 name servers cannot perform reverse address queries Specifying an IP address succeeds only if the address is in the local host table Table C3 11 Status Field Definitions Field Definition The host does not broadcas...

Page 702: ...y time out_retry base multiplier All omitted values are set to defaults time out_retry is measured in minutes base is in milliseconds and multiplier is in tenths f host Flushes that host from the host table Entering the command without host flushes all entries except the Model 5390 server s own entry ff host Deletes permanent entries loaded from the gateway section of the configuration file fn Flu...

Page 703: ...meters jobs The jobs command displays information for all current jobs or sessions The syntax is jobs The jobs command displays the CLI command used to create the job A plus sign displayed with the job indicates the most recently active job a minus sign indicates the previously active annex jobs 1 telnet firsthost 2 rlogin secondhost 3 telnet thirdhost kill The kill command terminates a connection...

Page 704: ...r operation The lock command blanks the screen and prompts the user to enter a password when any attempt is made to access the Model 5390 server Access to the port is denied until the user enters the correct password required to unlock the port The syntax is lock time out A Key prompt appears after the port is locked and remains until you enter the correct password For example annex lock Key Again...

Page 705: ... port ls The superuser ls command displays the image name along with revision information for the operational image stored in the self boot ROM The syntax is ls The ls command displays three fields from each file The size in bytes The last modified date The file name The self boot image file name is a special case the image s revision information is also displayed Because the directory is part of ...

Page 706: ...em types that are used and each of the strings specified for the modem s Entering modem l lists the names of all of the modems defined in the configuration file but not used on this system Sample displays for the modem modem a and modem l commands look like this annex modem type_of_modemS1200 type_of_modemUSR_144 annex modem a type_of_modemS1200 ready_status0 connect status1 10 5 11 12 13 14 15 48...

Page 707: ... from the beginning to the end This command pauses after every 23 newline characters and prompts the user to press a key Pressing q or the attention key cancels the command pressing any other key displays the next page of the file mv The superuser mv command renames a file in the local file system The syntax is mv source_filename destination_filename The source_filename is the existing file the de...

Page 708: ...r see Displaying Network Statistics on page B1 1 for sample display formats Entering netstat without arguments displays the local and remote addresses the send and receive queue sizes in bytes the protocol and the internal state of the protocol for all active connections Addresses display as either host port or network port The latter displays if a socket s address does not include a specific host...

Page 709: ...s for a specific Model 5390 ARA interface ip port Displays the current state of a PPP interface iQ Displays interface queues iS Displays the state of the hardware interfaces plus additional information about the SLIP interfaces f Displays filtering statistics g Displays RIP statistics m Displays statistics for memory buffer allocation n Displays all network addresses as numbers rather than names o...

Page 710: ...t using the netstat x command xm Displays information about the amount of memory available in the large and small IPX buffer pools xr Displays the routes defined in the Model 5390 IPX routing table xr network_number Displays the Model 5390 route for that network xs Displays server names types and addresses xs server_name Displays information for the specified server the server_name argument is cas...

Page 711: ... The ping command sends an Internet Control Message Protocol ICMP Echo Request message to elicit an ICMP Echo Response from the specified host router or Model 5390 server The command prints output for each response returned Table C3 15 describes the arguments for ping NOTE If the Model 5390 server is configured with an IP address the default administrative password is the IP address If the Model 5...

Page 712: ... back displaying information about each router in the path This option allows you to see whether a packet arrived at and or returned from its remote destination and if not where it stopped The option is based on the Traceroute facility described in RFC 1393 For more information see Using the t traceroute Option on page C3 39 Table C3 16 on page C3 40 describes the fields displayed by this option Y...

Page 713: ...ppear after the character is entered annex ping caddy PING caddy 56 data bytes 64 bytes from 132 245 6 25 icmp_seq 0 time 37 ms 64 bytes from 132 245 6 25 icmp_seq 1 time 12 ms 64 bytes from 132 245 6 25 icmp_seq 2 time 12 ms 64 bytes from 132 245 6 25 icmp_seq 3 time 12 ms caddy PING Statistics 4 packets transmitted 4 packets received 0 packet loss round trip ms min avg max 12 20 37 The following...

Page 714: ...x00400045 x04 x00000f8b x08 x000001ff x0c xde37f584 x10 xdf37f584 x14 x6de10000 x18 x00000171 x1c x2d458f5d x20 x0001d11e x24 x0b0a0908 x28 x0f0e0d0c x2c x13121110 icmp_code 0 64 bytes from 132 245 55 222 icmp_seq 0 time 5 ms 132 245 55 222 PING Statistics 1 packets transmitted 1 packets received 0 packet loss round trip ms min avg max 5 5 5 annex In the preceding display the 4 byte hexadecimal nu...

Page 715: ...on the destination node sends an ICMP Echo Response called the return packet to the router from which it received the outbound packet The destination node copies the traceroute option from the outbound packet to the return packet and sets the return packet s hop count to zero If the return packet passes through the routers in the path back to the ping t source each router increments the hop count ...

Page 716: ...ymbols indicate that a router could not forward the packet In this case the router discards the packet and ping t terminates Router The IP address of the router interface over which the outbound or return packet was forwarded Hops The number of routers that the outbound or return packet has crossed If the count skips a hop for example goes from 4 to 6 a traceroute message was lost probably due to ...

Page 717: ... the following when a traceroute packet passes successfully to the ping t destination and back see Table C3 17 NOTE The line numbers at the right of this example are for reference only they are not part of the actual display Router 1 ping t source ping t destination Router 2 132 254 66 1 132 254 66 2 132 254 99 2 132 254 33 3 132 254 33 4 132 254 99 3 6580 ...

Page 718: ...d the outbound packet has an IP address of 132 254 99 2 a speed of 19200 bits per second and can transmit packets of up to 1024 bytes in length without fragmenting them line 4 Indicates that Router 2 was the packet s second hop on the path to the ping t destination The interface over which Router 1 forwarded the outbound packet has an IP address of 132 254 33 3 a speed of 10000000 bits per second ...

Page 719: ...I mode The syntax is ppp The command display looks like this annex ppp Switching to PPP and starting LCP and ATCP negotiations line 6 Indicates that Router 1was the return packet s second hop on the way back to the ping t source The interface over which Router 2 forwarded the packet has an IP address of 132 254 66 2 s a speed of 10000000 bits per second and can transmit packets of up to 1500 bytes...

Page 720: ...ser level command only the superuser help command displays information about it You cannot apply the minimum uniqueness feature to ppp Table C3 18 Arguments for the Superuser procs Command Argument Description i Displays statistics on time spent in interrupt routines r Displays only processes that are currently running on the Model 5390 server ppid Displays only processes for the specified pid dde...

Page 721: ...xit 0x08 go to zombie on exit STACK System stack pointer in hexadecimal SSIZ Stack size in hexadecimal USPTR User stack pointer in hexadecimal IP Initial priority at process creation in decimal CP Current priority in decimal SIG Pending signals for process in hexadecimal CTIME Creation time of the process Calculated as the number of seconds since January 1 1970 and expressed as the last six hexade...

Page 722: ...formation for listener line_adm Port and virtual line administrator arap An ARAP line client atalkd AppleTalk daemon lpd Listens for aprint commands netdattimer Ages the host table ping The ping command ppp A PPP line client p_srvr_conv Prompts for CLI and rotary access reset_mach Listens for the reset all command rlogin_rdr rlogin_wtr One pair for each active rlogin command root The initial proce...

Page 723: ...or incoming Telnet requests telnetd_rdr telnetd_wri One pair per active incoming Telnet session timed Maintains the Model 5390 time of day clock watcher Maintains the watchdog timer Table C3 20 Model 5390 Processes continued Process Purpose Table C3 21 Arguments for the queue Command Argument Description h Displays only the entries originating from the hostname s Displays only the entries requesti...

Page 724: ...ach queued request Time in minutes that the request has been waiting in the queue Request s position in the queue The queue command display looks like this annex queue position in queue host from service to port to time min entry id 1 vax_marketing lab_printer 10 17 538 3 vax_sales laser_printer 8 11 384 4 vax_marketing modem_pool 8 82 7 annex_lab modem_test 2 2 611 NOTE Queue positions 2 5 and 6 ...

Page 725: ...in command connects to the specified host using the rlogin protocol The syntax is rlogin host l user_name The l user_name argument logs you into the remote host under that user_name otherwise it sends port s user_name or prompts for user_name The rlogin command display looks like this annex rlogin slowpo login position in queue host from service to port to time min entry id 1 vax_marketing lab_pri...

Page 726: ... fF add s dest mask gateway metric route fF add default gateway metric route fF delete default dest Added routes are either temporary or hardwired A temporary route does not age but a RIP route can replace it A hardwired route does not age and a RIP route cannot replace it NOTE Only ROM revisions 0600 and greater with the self boot option installed support this command NOTE The gateway address spe...

Page 727: ...that is directly reachable on an active interface s Specifies a hardwired route that RIP cannot replace default Specifies the default route In general using route to add or delete a default route can have unpredictable results The only time you can safely use route to add a default route is when a default route is not defined in the configuration file and the Model 5390 server is not receiving RIP...

Page 728: ...plays the expanded view of LAT services on the network The expanded view includes the service name rating service identification host name host identification host status and facility number of the advertising host If multiple services have the same name the summary includes only the service of the highest rating service_name Displays a summary of all services having that service name regardless o...

Page 729: ...ample displays services v annex services v terminal Local Server Name ALPHA Service Name TERMINAL Service Id LAT server Rating 9 Host Name WPVAX Host Id 3f Host Status Reachable Facility 0 The following example displays services h annex services h wpvax Local Server Name ALPHA Host Name WPVAX Service Name Host Status Service Id TERMINAL Reachable LAT server The following example displays services ...

Page 730: ...ng indicating the name of the service being offered Service Identification A string indicating the service s use or purpose Rating An integer typically indicating the number of resources ports available for the service on the indicated host Host Name A string indicating the name of the host offering the service Host Identification A string typically indicating the host s location or other special ...

Page 731: ...statistics for all serial ports You can enter a single port s5 or a range of ports s5 10 or s5 7 9 12 This argument also displays control line status in which an asserted signal appears in upper case letters and a de asserted signal appears in lower case letters s time Displays serial line statistics pausing between each display the number of seconds specified by time Entering the attention charac...

Page 732: ...x limit 87 88 800 rescheds 0 32 switches 48 109401 activates 49 109722 Loading CPU current average 1 0 procs active max limit 87 88 800 rescheds 0 32 switches 48 109401 activates 49 109722 Mbufs total 5400 free 3273 minimum free 3200 denied 0 Serial Ports Total bytes rcv d 24982 xmt d 5934 Errors parity 0 framing 0 fifo overruns 0 Memory total 5242880 avail 3894424 free 2073480 min free 1782488 fa...

Page 733: ... c command clears the serial line statistics to zero You can enter a single port c5 or a range of ports c5 7 P Control Lines Speed CharTx CharRx Parity Overrun Framing 1 CTS RTS DTR DCD DSR 9600 0 0 0 0 0 2 CTS TRS DTR DCD DSR 9600 0 0 0 0 0 64 cts RTS DTR dcd dsr 9600 0 0 0 0 0 LAT keyed on but disabled by disabled_modules Atalk keyed off tn3270 keyed off dialout RIP filtering keyed off IPX keyed...

Page 734: ...has been online for at least 15 minutes Table C3 26 Arguments for the stats T Command Argument Description current Displays current T1 statistics information for the current 15 minute interval total Displays the summary of T1 statistics information for the last 24 hours all Displays the T1 statistics for each valid interval There are up to 95 intervals 15 minutes per interval for a 24 hour period ...

Page 735: ... T1 network interface is receiving pulses The loss of signal condition causes the T1 engine to transmit AIS all ones unframed on the T1 network interface annex stats T current alarm history no blue no red no yellow Fri July 28 16 48 37 19 Alarms no blue no red no yellow engine offline no sync no D I sync no loss of signal serial number 0811 circuit ID T1 info unit ID XYLOGICS T1 ENGINE 085234 Rev ...

Page 736: ...t receiving a Yellow alarm from the network The Yellow Alarm event saved in the history buffer is also displayed Loopback The loopback status has the following possible states None There is no loopback in progress The test LED on the front panel is not illuminated Local The T1 network interface is in local loopback the test LED on the front panel is illuminated Line The T1 network interface is in ...

Page 737: ...ll ones unframed Interval The 15 minute interval being displayed This is an integer from 1 to 96 current or total Number of Valid Seconds Part of the current report which indicates the number of seconds for which the statistics data has been collected Number of 15 minute Periods Part of the total report which indicates the number of valid 15 minute periods This could also be derived from the uptim...

Page 738: ...work interface are incorrect An OOF state ends when a reframe occurs BiPolar Violations A BiPolar Violation BPV error event for an AMI coded signal is the occurrence of a pulse of the same polarity as the previous pulse A BPV error event for a B8ZS coded signal is the occurrence of a pulse of the same polarity as the previous pulse without being a part of the zero substitution code CRC Errors A CR...

Page 739: ...s to their original values There are several ways to enter a new parameter value As either on or off A minus sign before the parameter name indicates off For example entering break defines the Break key as an attention signal entering break indicates the key is not defined as an attention signal As one value from a list of available values For example the baud parameter requires a numeric value As...

Page 740: ...ned and you do not define an attention character or string you must log off the host to return to the CLI prompt The default for a serial connection is a null string the default for a virtual CLI connection is CTRL A back string Defines a control character sequence as a backward switch character or string Entering this character or string reopens the next lower numbered session already established...

Page 741: ... erase wera are echoed Setting crtcera echoes the erase characters in an appropriate way for a video terminal the previous character or word appears as if it has been erased The default is crtcera Setting crtcera echoes the erase characters in a way appropriate for a hard copy terminal The first erase character is echoed as a followed by the deleted character Each additional use of the erase chara...

Page 742: ...0 server uses to stop input from the terminal if the Model 5390 input buffer is about to overflow The default is bell Possible values are none Specifies no flow control characters are lost if the buffers overflow eia Selects hardware flow control and works only if the control_lines parameter is enabled for hardware flow control and the terminal is wired appropriately xonoff Specifies XON XOFF flow...

Page 743: ...which sends a carriage return followed by a line feed when Return is pressed and displays a carriage return followed by a line feed when a line feed character is received The default is newlin oflow argument Specifies the terminal s method for stopping output from the Model 5390 server The default is xonoff Possible values are none No flow control characters are lost if the buffers overflow eia Se...

Page 744: ...p output character The default is CTRL S parity argument Type of parity checked on input and generated on output Possible values are none even or odd The default is none prompt code Changes the CLI prompt The prompt is specified as alphanumeric characters and embedded formatting codes that are expanded when the prompt is displayed The formatting codes consist of a percent character followed by a s...

Page 745: ...haracter Sets the Telnet escape character This character returns you to the telnet prompt when you are in a Telnet session with the remote host The default is CTRL fwdtimer time Defines the time in hundredths of a second for the forwarding timer This timer causes data read from a serial port and stored in a buffer to be forwarded to a host when it expires user name Sets the user name for the conne...

Page 746: ...trol see need_dsr on page C2 40 both Configures CTS RTS DTR DCD and DSR for both flow control and modem control idletimer time Displays the number of minutes in which the port can be inactive before all sessions are terminated isize value Displays the input buffer size in 240 byte blocks signal value Displays the current state of the control lines specified in the control_lines parameter in which ...

Page 747: ...ss in dotted deci mal notation If the Model 5390 server is not yet configured with an IP address and the administrative password has not been modified via the Model 5390 password parameter or via the CLI passwd command the password is a null string If the Model 5390 server is not configured with an IP address and boots via MOP IPX or from FLASH ROM the default password is a null string and enterin...

Page 748: ...he same way as the telnet and rlogin commands You can break back to the CLI prompt and execute other CLI commands However when tap is not the active job all activity on the tapped port is suspended Flow control on the tapping port affects the tapped port Suspending output on the tapping port also stops output on the tapped port The k and v arguments allow you to use tap as a limited software line ...

Page 749: ... of the events Special characters and control line changes are stored in a limited buffer if they occur too rapidly some may be lost Angle brackets distinguish input from output Additional information also appears in angle brackets Control characters J for line feed I for tab etc Special characters the characters defined as special for the tapped port such as flow control or attention characters d...

Page 750: ...terminal for each CR received Do not issue a telnet l if stty echo is turned on r Requests raw mode In raw mode telnet passes data between the terminal and a TCP connection in line by line mode s Requests silent mode Prevents the Model 5390 server connection from sending progress or termination messages unless an unexpected error occurs Use s in combination with r and t or alone it is most useful ...

Page 751: ...ode character echoing and line editing are performed locally at the Model 5390 server Using the telnet mode command you can change both the mode and where echoing occurs You can send a Break to the remote host by using either the regular break or the long break key This allows you to send a Break sequence using a local break rather than using the Telnet send brk command To do this you must turn of...

Page 752: ...lts for echo are remote_echo for character mode and local_echo for line mode open rt host port Opens a connection to the specified host You can enter either the host s name or its Internet address If a port is not specified telnet connects to the default Telnet port 23 The r argument turns off all Telnet protocol interpretation t opens a transparent TCP connection to the specified port you must sp...

Page 753: ...ignments Special characters include eof Sets the eof character to be sent to the host if Telnet is operating in line by line mode erase Sets the erase character that when entered sends the send ec command if the telnet session is in localchars mode and in character at a time mode The initial value is taken from the stty cera character escape Sets the Telnet escape character used to enter command m...

Page 754: ...lf Toggles carriage return line feed mode When enabled a carriage return received from the serial port is encoded as a Telnet protocol carriage return line feed end of line sequence When disabled a carriage return received is encoded as a Telnet protocol carriage return null carriage return sequence Additionally when using the r flag enabling this mode causes the Telnet encoder to send a carriage ...

Page 755: ...recognized by the Model 5390 server and are mapped into appropriate Telnet control sequences The initial setting is will map when the mode is line by line and won t map when the mode is character at a time You can toggle the localchars between will map for both modes won t map for both modes and the initial setting of will won t translate based on mode options Toggles displaying internal Telnet pr...

Page 756: ...previous example note the line that displays the escape character Use this character to enter tn3270 command mode from within a logon session see tn3270 on page C3 79 To change this Table C3 34 Arguments for the tn3270 Command Argument Description host Opens a connection to host Specify host as either an IP address in dotted decimal notation or a host name If you use a host name it must be defined...

Page 757: ...nies access to the IBM host and displays the error message Terminal must have at least 24 lines and 80 columns NOTE A second escape character is defined in the map3270 file You can use this escape character instead of the one that displays when a connection is opened NOTE The tn3270 command is available only if the option_key parameter is set to the correct value Each Model 5390 server requires a ...

Page 758: ...feature requires no special configuration The print screen feature lets you dump a screen from the IBM host session to a printer To do this enter the Model 5390 key sequence that is mapped to the IBM LPRT key Thenetworkadministratormustconfiguretheprint screenfeature ThisincludesmappingtheModel 5390keysequencetotheIBMLPRTkey seeTerminalEmulationonpageC3 83andConfiguration Check List on page C3 89 ...

Page 759: ...del 5390 operational image see Configuration Check List on page C3 89 Each entry in a map3270 file begins with the name s of the terminal type s to which it applies A vertical bar separates one type from another Following the terminal type s are the key sequence definitions grouped by function The following example shows part of a map3270 entry that applies to six terminal types avt vt100 etc Each...

Page 760: ...that is a character preceded by in map3270 hold down the CTRL key while you enter the character For example to enter z hold down the CTRL key while typing z If there is a second character in the key sequence hold down the CTRL key type the first character release the CTRL key and then type the second character For example to enter the sequence pp hold down the CTRL key while typing p then release ...

Page 761: ...es key sequence choices with the word or Uses CRTL and ESC instead of and E Does not enclose key sequences in single quotes For more information see the map3270 man pages included with your Berkeley UNIX documentation Table C3 36 Default Key Mappings for tn3270 IBM 3270 Key Name ASCII Key Sequence Description Command Keys ENTER CTRL m Enter CLEAR CTRL z Clear screen LPRT CTRL p p or CTRL p P Print...

Page 762: ...or ESC or ESC O PF13 key PFK14 ESC or ESC or ESC O PF14 key PFK15 ESC or ESC or ESC O PF15 key PFK16 ESC or ESC or ESC O PF16 key PFK17 ESC or ESC or ESC O PF17 key PFK18 ESC or ESC or ESC O PF18 key PFK19 ESC or ESC or ESC O PF19 key PFK20 ESC or ESC or ESC O PF20 key PFK21 ESC or ESC or ESC O PF21 key PFK22 ESC or ESC or ESC O PF22 key PFK23 ESC _ or ESC _ or ESC O _ PF23 key PFK24 ESC or ESC or...

Page 763: ... Control Keys ESCAPE CTRL c Telnet escape FLINP CTRL x Flush input MASTER_RESET CTRL g Unlock and redisplay RESHOW CTRL v Redraw screen RESET CTRL t Unlock keyboard DP ESC d or ESC d or ESC O d Duplication character FM ESC f or ESC f or ESC O f Field mark character FERASE CTRL u Field erase SYNCH CTRL r Synch with user TREQ CTRL a Test request XOFF CTRL s Suspend output to screen XON CTRL q Resume...

Page 764: ...lt Telnet port 23 Note If your Model 5390 server is already connected to a host via tn3270 you cannot use open to make a tn3270 connection to another host To do that enter the CLI attention string defined via the CLI stty command and then invoke tn3270 again from the CLI quit Closes the connection to the remote host and returns you to the CLI prompt On the Model 5390 server quit is equivalent to c...

Page 765: ... the IBM host s to be accessed 2 Verify that the IBM hosts allow telnet tn3270 access 3 Use na admin or an SNMP directive to set the Model 5390 port parameter term_var to the appropriate terminal type for each Model 5390 port on which tn3270 is to run 4 If your Model 5390 server boots from a load host that has the standard UNIX files etc termcap and etc map3270 copy those files into the directory ...

Page 766: ... access the setup utility press the appropriate key typically labeled Setup Then choose the option that lets you select a value for the emulation mode parameter On VT200s VT300s and VT400s the option is labeled General and the parameter you select is Mode For Mode select the value VT400 7bit VT300 7 bit or VT200 7 bit Instead of using the setup utility you can set the emulation mode by editing the...

Page 767: ...invokes tn3270 This allows the user to enter escape sequences by pressing the single keypad keys listed in map3270 NOTE Do not confuse control sequence length with data bits which can also be set to 7 or 8 via the setup utility The latter is a hardware parameter that specifies the number of bits per character the terminal transmits The emulation of one ASCII terminal by another should not be confu...

Page 768: ...IXhostspecifiedbyprinter_hosttoallowprintrequestsfromtheModel 5390 server See the man pages included with the host s line printer daemon lpd If your Model 5390 server obtains map3270 from a host that is running Berkeley UNIX modifymap3270toincludetheASCIIkeysequencefortheIBMprint screenkey LPRT Because the print screen function is not supported by Berkeley tn3270 LPRT is not included in Berkeley m...

Page 769: ...3 39 describes the information that the who command displays Port What User Location When Idle Address 1 CLI bob Ext 528 9 59am 43 local 2 CLI 9 59am 43 local 6 ARAP cobb P 01 03 con 9 59am 43 local 16 PSVR cody lpq port 10 00am 43 support v1 CLI ellis Ext 632 10 00am 41 192 9 200 133 v2 CLI carey 10 43am 192 9 200 60 annex Table C3 38 Arguments for the who Command Argument Description h host A si...

Page 770: ...c user at the specified host If host is a 4 3BSD system the display is the same as the finger user command If host is a Model 5390 server the display is the same as the who user command l host All users at the specified host If host is a 4 3BSD system the display is the same as the finger l command If host is a Model 5390 server the display is the same as the who command Table C3 39 The who Comman...

Page 771: ...ame is defined Location Displays a location defined for the port When Displays the time that the port was opened from the Model 5390 time of day clock Idle Displays the amount of time hours and minutes since the last activity on the port Address Displays the source of the connection The name or network address indicates the host or Model 5390 server originating the connection local indicates a ser...

Page 772: ...C3 96 893 741 B Using the CLI Commands ...

Page 773: ...and greater of the aprint utility do not support any Model 5390 operational code before Rev 3 0 In general applications written for use with the Model 5390 server should not use aprint to connect to serial ports Instead the ports should be configured as slave or adaptive and appli cations should use TCP to connect to them directly see The Port Server and Rotaries starting on page A4 1 Table C4 1 S...

Page 774: ...ould have an entry like printer 515 tcp Initialization errors Aannex not found on network can t find host address for Annex annexname L port is in use or disabled Annex can t access requested printer Fstring The string used to produce a form feed instead of the default L If the printer does not recognize the string as a form feed it prints the string does not supply a form feed and aprint does not...

Page 775: ...me aborted while sending data to Annex Network error occurred while sending form feed after last file error sending final formfeed to Annex Network errors occurred while establishing contact with Model 5390 server error during Annex port select error during wait for ACK after port select Network error occurred while waiting for acknowledgment of print job completion from the Model 5390 server erro...

Page 776: ... responds to all Model 5390 boot dump and ACP security requests This daemon contains two programs bfs the block file server used to access host files and dump Model 5390 images acp the Access Control Protocol program for host based security requests Table C4 2 lists the arguments for erpcd The syntax is etc erpcd D level c maxnumber d udpport f directory p s directory u filename When operational c...

Page 777: ... Code on page A15 84 Table C4 2 Supported Arguments for erpcd Argument Description D Restarts erpcd in test mode on the load server host it does not detach from the tty and it prints out extensive debugging information Entering a debugging level increases the amount of debugging information Note that there is no space between the D and the level number c Specifies the maximum number of child proce...

Page 778: ...OW for both native and proprietary routines Using the native routines allows erpcd to query NIS for user logins enabling nicely distributed databases using the proprietary routines separates this query from the host code enabling tighter security control u Invokes the acp_userinfo file syntax checker on the file designated by filename If filename is omitted stdin is used Running this option does n...

Page 779: ...d shadow form allows password aging forcing users to change their passwords periodically The convert program located in the erpcd directory can change the integrated passwd form to passwd shadow form and vice versa ch_passwd The ch_passwd utility enables users to change their password when accessing the Model 5390 server through the Access Control Protocol ACP security system This utility affects ...

Page 780: ...ices a master side and a slave side The slave side presents an interface resembling a tty device it is driven by the rtelnet process operating on the master side Generally applications written for use with the Model 5390 server should not use rtelnet to connect to serial ports Instead the ports should be configured as slave or adaptive and applications should use TCP to connect to them directly se...

Page 781: ...ive lfile Appends log output to given file name m Drops the network connection when the slave pseudo device is closed This argument frequently is used for dial out modems causing them to hang up when a program like tip exits n Never open the slave side of the pseudo device o Holds the slave side of the pseudo device open at all times p Provides the process ID of the child on standard output r Over...

Page 782: ...de to mode given in octal O Disables out of band telnet data for pre R7 0 Model 5390 servers P Interprets the port number as a TCP port 1 65535 or name R Renames the slave pseudo device to given name rather than linking T Truncates rather than breaks lines that would choke the pseudo device V Displays the version information on standard output and exits annex_id The Model 5390 host name or IP addr...

Page 783: ...s provided via Carrier Sense Multiple Access with Collision Detection CSMA CD At the network level Ethernet and IEEE 802 3 specifications handle IP encapsulation differently Although the differences are minor these methods are not compatible hosts using one encapsulation method cannot communicate with hosts using the other The Model 5390 server can be configured to use either method it is compatib...

Page 784: ...ther the ROM Monitor or the CLI stats command Sometimes Ethernet addresses are used for testing the local area network TCP IP Protocols TCP IP is a set of protocols that are part of the Internet Protocol suite These protocols define the network and transport layer The Model 5390 server also implements some protocols at the applicationlayer TheInternetProtocolsuiteevolvedfromworksponsoredbytheDefen...

Page 785: ...me servers A name server is a host on the network that supplies Internet addresses for host names and names for addresses TheModel5390serversupportstwowidely usednameservers IEN 116andDomainNameSystem DNS You can implement one or both of these name servers for the Model 5390 server The Model 5390 server also monitors RWHO broadcasts The Model 5390 server stores information in the host table from t...

Page 786: ...l address This allows 2 097 152 Class C networks The fourth and fifth address types are Class D and Class E These cannot be used for normal host applications Table C5 1 lists the three network classes the decimal number that appears in the first octet and what sections of the Internet address are assigned to the network and to the host The nnn represents all or part of the network number and the h...

Page 787: ...twork Information Center NIC Subnet Addressing Another provision of Internet addressing is the subnet A subnet allows several interconnected local networks to share a single network number The local network could include multiple physical networks such as Ethernet or point to point links but appears to the external network as a single entity Addressing for a subnet is implemented with the host add...

Page 788: ...ss Mask Request and receiving a reply from an authoritative agent The Model 5390 server can be configured as an authoritative agent on the network and reply to ICMP Address Mask Requests Broadcast Addresses The Model 5390 server can configure the broadcast address The standard broadcast address uses a host address of all ones for example 129 91 0 255 assuming a subnet mask defined as 255 255 255 0...

Page 789: ...ude entries for Internet gateways to hosts on other networks and to those other networks In addition to RIP messages the Model 5390 server can send ICMP redirects Redirects are messages sent via ICMP to announce that the expected route to a destination is not correct and to supply the correct route Internet Trailer Packets The Model 5390 server on an Ethernet supports the trailer packets used in 4...

Page 790: ...cast service announcements periodically typically once per minute A host can provide multiple services When a user broadcasts a service request and there are multiple providers of that service the Model 5390 server logs the user onto the host with the highest service rating Learned Services Learned services are the services that a LAT machine hears and stores from the network All services received...

Page 791: ...a virtual circuit Thecircuit_timerparameterdeterminesthetimeintervalbetweenthetransmissionofLATpackets If there is no data to send the virtual circuit goes into a balanced mode either side can re initiate transmission if it has data to send By default a keepalive message is sent every 20 seconds Slot Layer The slot layer is built on top of the virtual circuit layer and has three functions Establis...

Page 792: ...ther accepts the print request or offers to place it in a queue After the server accepts the print request it starts a connection to the host and begins the data transfer Using HIC it is possible to print to a port that does not have an associated advertised service All configurations required for standard HIC printing apply but the user does not have to edit the service portion of the configurati...

Page 793: ...ols In the Telnet to LAT direction the destination service in the translation entry must be in the Model 5390 learned service database In the LAT to Telnet direction the translation name is made an advertised service on the network ...

Page 794: ...C5 12 893 741 B Network Protocols ...

Page 795: ......

Page 796: ... Appendix D1 Software Reference Part D Appendixes ...

Page 797: ...parameters Table D1 8 on page D1 43 is a list of VMS specific Model 5390 parameters Table D1 9 on page D1 44 is a list of RIP specific Interface parameters Table D1 10 on page D1 45 is a list of asynchronous port parameters Table D1 11 on page D1 54 is a list of AppleTalk specific asynchronous port parameters Table D1 12 on page D1 54 is a list of LAT specific asynchronous port parameters Table D1...

Page 798: ...odes for Model 5390 prompts Table D1 21 on page D1 66 is a list of variable arguments Table D1 22 on page D1 66 is a list of Model 5390 processes NOTE All table entries are listed in alphabetical order Parameters that require a string input allow a maximum of 16 characters unless otherwise specified ...

Page 799: ...ceive Model 5390 administrative broadcasts allow_compression Y or N N The Model 5390 server uses TCP IP header compression if the SLIP PPP link s end point also uses compression allow_snmp_sets Y or N N Enables disables SNMP sets to the Model 5390 server arap_v42bis Y or N Y Enables V 42bis compression during an ARAP session at_guest Y or N N Allows guests to log into an ARAP service at_nodeid 0 2...

Page 800: ... 0 0 0 Defines the Internet address for use when broadcasting broadcast_direction network or port port Defines the direction of administrative broadcasts for slave ports bypass Y or N Y T1 parameter used to take the T1 engine off the network chap_auth_name A string of 1 16 characters chap Defines the entry used for the Name field of a CHAP challenge char_erase Y or N Y Enables disables echoing cha...

Page 801: ...l_lines modem_ control flow_control both none none Specifies the type of hardware control lines used on the port data_bits 5 6 7 or 8 8 Defines the number of data bits in a character does not include start stop or parity bits daylight_savings us australian british canadian east_european mid_european west_european none us Defines the daylight savings type dedicated_address Internet address 0 0 0 0 ...

Page 802: ...l up address from ACP disabled_modules admin atalk dialout edit fingerd ftpd ipx lat nameserver ppp slip snmp tn3270 tstty vci all none none Selectively disables modules and frees space to the memory pool do_compression Y or N N Starts TCP IP header compression on the SLIP or link echo Y or N Y Enables disables local character echoing enable_security Y or N N Enables disables security subsystem er...

Page 803: ...ll users on the Model 5390 server hardware_tabs serial port Y or N Y Allows the terminal to expand ASCII tab characters if the terminal does not support hardware tabs host_table_size 1 255 unlimited none 64 Sets the maximum number of entries in the host table image_name host file name up to 100 characters Specifies the name of the file containing the Model 5390 operational code imask_7bits Y or N ...

Page 804: ...ies the U S Department of Defense basic IP Security Option IPSO classification level included in TCP packets generated locally on Model 5390 CLI dedicated or adaptive asynchronous ports ipx_do_checksum Y or N N Controls whether or not the Model 5390 server enables an IPX check sum ipx_dump_password 0 16 chars unset Controls whether or not the Model 5390 server enables an IPX check sum ipx_dump_pat...

Page 805: ...ax 1 255 or none 4 Limits the number of HIC requests that the Model 5390 server can queue latb_enable Y or N N Enables the Model 5390 server to decode a LAT host s data b packet line_erase Y or N Y Enables disables echoing line erase for a CRT load_broadcast Y or N Y Enables disables broadcasting for files other than the image if one or all are not available load_dump_gateway Internet address 0 0 ...

Page 806: ...in_timeout Y or N N Enables a login timer when the VMS command interface is configured that is when cli_interface is set to vci long_break Y or N Y When enabled the Model 5390 server returns the user to the CLI prompt after receiving a break greater than two seconds loose_source_route Y or N Y Allows the Internet protocol to use loose source routing map map_val modem_number Unset T1 parameter that...

Page 807: ...cess to an asynchronous port mop_password string unset Contains the MOP maintenance password In this 8 byte password each byte consists of two hexadecimal digits motd_file file name motd Defines the name for the message of the day file multicast_timer 10 180 seconds 30 Defines the number of seconds that can elapse between service announcement transmissions for the LAT protocol name_server_1 dns ie...

Page 808: ...rriage returns and line feeds at the CLI level node_id 0 65534 255 0 0 Contains the address the Model 5390 server tries to acquire at the start of an AppleTalk session If this address is in use the Model 5390 server must acquire a new node ID This new ID is stored in non volatile RAM option_key unique value no default EnablesARA tn3270 active RIP filtering and dial out routing output_flow_control ...

Page 809: ... Enables disables a host based security policy for access to a port via the port server ppp_acm 0x00000000 to 0xffffffff 0x 00000000 Specifies which of the first 32 characters in a TCP IP packet will be escaped before being sent to the network ppp_ipx_network 00000001 to ffffffff or 0 randomly generated number Specifies a 4 byte Novell network number the Model 5390 server suggests for the remote P...

Page 810: ...s 0 0 0 0 Defines the address for the first preference name server host pref_name2_addr Internet address 0 0 0 0 Defines the address for the second preference name server host pref_secure1_host Internet address 0 0 0 0 Defines the address for the first preference security server host pref_secure2_host Internet address 0 0 0 0 Defines the address for the second preference security server host print...

Page 811: ...otifying the user of a network failure ring Y or N Y T1 parameter that specifies if the T1 engine should provide the audible ring to the central office for incoming calls rip_accept access_spec none all all Controls which routes are accepted from RIP updates rip_advertise access_spec none all all Controls which routes are advertised rip_auth set or unset Enables disables RIP authentication rip_def...

Page 812: ...isables broadcasting for a security server host in case preferred hosts are not available server_capability all image motd none none Allows the Model 5390 server to act as a load host server_name string physical Ethernet address appended to string LAT_ A string of characters used to name the Model 5390 server in the LAT protocol service_limit 16 2048 256 The upper bound on the number of services t...

Page 813: ...nits slip_no_icmp Y or N N Discards any ICMP packets directed to the SLIP link slip_ppp_security Y or N N Enables disables dialup SLIP PPP access via ACP slip_tos Y or N N When enabled the Model 5390 server sends interactive traffic before any other traffic speed autobaud 50 75 110 134 5 150 200 300 600 1200 1800 2000 2400 3600 4800 7200 9600 19200 38400 57600 115200 9600 Defines the speed of the ...

Page 814: ...ll none none Determines the priority levels that are to be logged syslog_port 0 Model 5390 port count 0 Routes syslog messages to a serial port Zero indicates syslogging over the network t1_info a string of up to 128 ASCII characters Unset T1 parameter that stores installation information from the service provider tcp_keepalive Model 5390 0 255 0 120 minutes Specifies whether or not the Model 5390...

Page 815: ...ring telnet_escape control char sequence Defines the character that returns the user to the telnet prompt term_var string Identifies the type of terminal using the CLI connection tftp_dump_name string host dependent Provides the name of the file to use when dumping the core image using tftp if the Model 5390 operational image and erpcd fail tftp_load_dir string host dependent The string prepended ...

Page 816: ...ring of up to 128 characters null string T1 parameter used to store the T1 circuit identifier string from the service provider tni_clock loop local or external Unset T1 parameter that controls from where the T1 clock is set tni_esf_fdl ansi or att att T1 parameter used to define the Facilities Data Link tni_framing d4 or esf esf T1 parameter that controls which super frame format is used on the T1...

Page 817: ...g Defines a string that represents the user of the port vcli_groups Remote group codes for virtual CLI users none enabled Specifies which remote group codes are accessible to virtual CLI users vcli_password unset or a string unset Defines the virtual CLI password for local password protection vcli_security Y or N N Enables disables security on virtual CLI connections zone 32 byte string Provides t...

Page 818: ...ty server allow_snmp_sets Y or N N Enables disables SNMP sets to the Model 5390 server authoritative_agent Y or N Y Enables the Model 5390 server to reply to an ICMP Address Mask Request broadcast_addr all zeros network 0 or all ones network 1 0 0 0 0 Defines the Internet address for use when broadcasting chap_auth_name A string of 1 16 characters chap Defines the entry used for the Name field of ...

Page 819: ...space to the memory pool enable_security Y or N N Enables disables security subsystem facility_num 0 32767 0 Identifies a LAT host by number group_value enabled or disabled all disabled Security mechanism that restricts access to LAT services for all users on the Model 5390 server host_table_size 1 255 unlimited none 64 Sets the maximum number of entries in the host table image_name host file name...

Page 820: ...rver ipx_dump_username 0 48 chars No default Provides a user name for logging on to the Novell file server before the Model 5390 server sends a dump file to the server ipx_file_server 0 48 chars No default Contains the name of the Novell file server from which the Model 5390 server boots ipx_frame_type ethernetII raw802_3 802_2 802_2snap raw802_3 Defines the framing used for IPX packets on the Eth...

Page 821: ... interface s for use when loading and dumping lock_enable Y or N N Enables any port to use the Model 5390 Interface for VMS Environment s lock command login_password unset or a string unset Specifies the password for all ports using a VMS interface login_prompt string Defines the prompt that appears for all ports using a VMS interface login_timer 0 60 30 Specifies the number of minutes a port usin...

Page 822: ...ference name server name_server_2 dns ien_116 none none Defines the second preference name server nameserver_broadcast Y or N N Enables disables broadcasting for a name server host in case preferred hosts are not available network_turnaround 1 10 2 Sets the number of seconds to wait for an answer from a security host node_id 0 65534 255 0 0 Contains the address the Model 5390 server tries to acqui...

Page 823: ...ernet address 0 0 0 0 Specifies the Ethernet address of the preferred MOP load or dump host pref_name1_addr Internet address 0 0 0 0 Defines the Internet address for the first preference name server host pref_name2_addr Internet address 0 0 0 0 Defines the Internet address for the second preference name server host pref_secure1_host Internet address 0 0 0 0 Defines the Internet address for the fir...

Page 824: ... string physical ethernet address appended to string LAT_ A string of characters used to name the Model 5390 server in the LAT protocol service_limit 16 2048 256 The upper bound on the number of services that the Model 5390 server can maintain in its local service table session_limit 1 1152 1152 none Specifies the maximum number of active sessions the Model 5390 server allows at one time subnet_ma...

Page 825: ...name string host dependent Provides the name of the file to use when dumping the core image using tftp if the Model 5390 operational image and erpcd fail tftp_load_dir string host dependent The string prepended to the image motd and configuration file names for tftp transfers time_broadcast Y or N N Enables disables broadcasting for a time server host in case the preferred load host is not availab...

Page 826: ...ost 10 255 64 Specifies the maximum number of host addresses allowed in the TMux address table tmux_max_mpx 5 65535 700 Specifies the largest user packet that can be placed in a TMux packet vcli_groups Remote group codes for VCLI users none enabled Specifies which remote group codes are accessible to virtual CLI users vcli_password unset or a string unset Defines the virtual CLI password for local...

Page 827: ...p option_key unique Enables disables AppleTalk zone 32 byte string The AppleTalk zone for use at start up Table D1 4 LAT specific Model 5390 Parameters Parameter Values Default Description circuit_timer 1 25 8 80 ms The time interval in tens of milliseconds between the transmission of LAT packets facility_num 0 32767 42 Also known as the host number group_value enabled or disabled all disabled Sec...

Page 828: ...er_name string physical Ethernet address appended to string LAT_ A string of characters used to name the Model 5390 server in the LAT protocol service_limit 16 2048 256 The upper bound on the number of services that the Model 5390 server can maintain in its local service table sys_location a string up to 32 chars Supplies host location or identification information vcli_groups remote group codes f...

Page 829: ...r_list all all Forces RIP to direct periodic RIP updates to a list of routers routed Y or N Y Enables disables the RIP routing daemon Table D1 6 T1 specific Model 5390 Parameters Parameter Values Default Description t1_info a string of up to 128 ASCII characters unset T1 parameter that stores installation information from the service provider tdi_distance an integer from 0 to 655 0 T1 parameter th...

Page 830: ... TMux to multiplex small TCP packets into a single IP packet tmux_max_host 10 255 64 Specifies the maximum number of host addresses allowed in the TMux address table tmux_max_mpx 5 65535 700 Specifies the largest user packet that can be placed in a TMux packet Table D1 8 VMS specific Model 5390 Parameters Parameter Values Default Description lock_enable Y or N N Enables any port to use the Model 5...

Page 831: ...off Advertises that the Model 5390 server is the default router and indicates the hop count rip_horizon off split poison poison Controls the split horizon algorithm rip_next_hop never needed always needed Specifies whether or not the next hop value is included in RIP version 2 advertisements rip_recv_version 1 2 both both Controls which RIP versions the Model 5390 server accepts rip_send_version 1...

Page 832: ...nes the node ID given to an ARA client during connection establishment at_security Y or N N Enables ACP service for the port attn_string control char sequence virtual CLI A Defines a control character sequence as an attention character or string authorized_groups enabled or disabled all disabled Specifies which remote group codes are accessible to users on a particular Model 5390 port autobaud Y o...

Page 833: ...s for VMS or UNIX environments cli_security Y or N N Enables disables CLI security for the Model 5390 server connect_security Y or N N Enables disables the host based security policy for access from the CLI to the network control_lines modem_ control flow_ control both none none Specifies the type of hardware control lines used on the port data_bits 5 6 7 or 8 8 Defines the number of data bits in ...

Page 834: ...aracter erase_line control char sequence U Defines the line erase character erase_word control char sequence W Defines the word erase character forward_key control char sequence Reopens the next available higher numbered session already established at your port forwarding_count 0 255 0 When set the port will not forward received characters until it receives the specified number of characters forwa...

Page 835: ...n IPSO classification level included in TCP packets generated locally on Model 5390 CLI dedicated or adaptive asynchronous ports ipx_security Y or N N Controls whether or not IPX security is enabled on the port ixany_flow_control Y or N N Treats any input character as a start XON character if output has been suspended by a stop XOFF character latb_enable Y or N N Enables the Model 5390 server to d...

Page 836: ...odel 5390 server metric 1 15 1 Defines the hop count to the remote end of the serial line max_session_count 1 16 3 Specifies the number of active sessions jobs allowed per port mode adaptive arap auto detect cli connect dedicated ipx ndp ppp rlogin slave slip telnet tn3270 unused cli Sets the mode for access to an asynchronous port need_dsr Y or N N For use with a modem connected to a slave port W...

Page 837: ...char sequence S Defines the control character sequence that stops output parity even odd none none Defines the type of parity that the device uses phone_number 32 char string The phone number for use with dynamic dialing port_password unset or a string unset Defines a password for the port for use with local password protection port_server_security Y or N N Enables disables a host based security p...

Page 838: ...s ppp_username_remote unset or a string unset Defines a PPP port user s name as a string printer_host Internet address 0 0 0 0 Specifies the IP address or fully qualified domain name of a machine running a Berkeley style lpd server printer_name valid name no default Specifies the name of the printer to which dumps are sent prompt coded string Defines a port specific CLI prompt ps_history_buffer 0 ...

Page 839: ... slip_no_icmp Y or N N Discards any ICMP packets directed to the SLIP link slip_ppp_security Y or N N Enables disables dialup SLIP PPP access via ACP slip_tos Y or N N When enabled the Model 5390 server sends interactive traffic before any other traffic speed autobaud 50 75 110 134 5 150 200 300 600 1200 1800 2000 2400 3600 4800 7200 9600 19200 38400 57600 115200 9600 Defines the speed of the asyn...

Page 840: ...rol char sequence Defines the character that returns the user to the telnet prompt term_var string Identifies the type of terminal using the CLI connection toggle_output control char sequence O Defines the flush character type hard wired or dial_in hard wire d Defines the type of device connected to the serial port type_of_modem 16 byte string no default Specifies the modem type connected to the p...

Page 841: ...g an ARA session at_guest Y or N N Allows ARA guest login service at_nodeid 0 254 0 0 The node ID given to an ARA client during connection establishment at_security Y or N N Enables disables ACP service for this port ppp_ncp ipcp atcp all all Specifies which protocol to run on the interface Table D1 12 LAT specific Asynchronous Port Parameters Parameter Values Default Description authorized_groups...

Page 842: ...m 0x00000000t o 0xffffffff 0x00000000 Specifies which of the first 32 characters in a TCP IP packet will be escaped before being sent to the network ppp_mru 64 1500 1500 Defines the maximum receive unit used with PPP ppp_ncp lpcp atcp all all Specifies which protocol to run on the interface ppp_password_remote unset or a string unset Defines a PPP port user s password as a string ppp_security_prot...

Page 843: ...op count to the remote end of the serial line remote_address Internet address 0 0 0 0 Defines the Internet address for the host at the other end of the serial line slip_allow_dump Y or N Y Enables disables dumping across a SLIP link slip_load_dump_host Internet address 0 0 0 0 Defines the host from which the Model 5390 server receives a load or to which the Model 5390 server dumps over the SLIP li...

Page 844: ...e current session without returning to local mode cli_interface vci or uci uci Allows you to control the prompt that appears for VMS or UNIX environments forward_key string Reopens the next available higher numbered session already established at your port default_session_mode interactive passthru passall transparent inter active Defines the default session mode when the VMS interface is configure...

Page 845: ...nnex_identifier port_set Copies all interface parameters from the specified interface to the interface_set copy port asynchronous port_number annex_identifier port_set Copies port parameters except the port password from the specified asynchronous port to the port_set copy printer annex_identifier annex_list Copies printer parameters to multiple printer ports dumpboot aq HH MM annex_list filename ...

Page 846: ...parameter s without rebooting the Model 5390 server reset t1 soft hard esf T1 command used to reset the T1 engine and ESF statistics set annex annex_list annex_parameters Modifies the value of the Model 5390 parameter s set interface interface_list interface_parameters Modifies the value of an interface parameter s set port asynchronous port_list port_parameters Modifies the value of an asynchrono...

Page 847: ...nt session without returning to local mode bg d number hostname Puts a job into the background connect service hostname port Uses the LAT protocol to connect to an advertised LAT service fg q number hostname Brings a job to the foreground forward switch string none Reopens the next available higher numbered session already established at your port hangup Disconnects all jobs and resets all CLI con...

Page 848: ...stname Displays LAT services that have been advertised by LAT hosts slip Converts a CLI port to a SLIP port stats smp ports time op Displays Model 5390 statistics stats T current total all interval_set clear_alarm Displays the status and statistics of the T1 Network Interface stty parameter value Displays and modifies CLI port parameters su Enters and exits superuser administrative mode telnet rst...

Page 849: ...ecords to the beginning of the EEPROM control port dtr dtr rts rts port testmsg times forever Resets DTR and RTS or outputs a test message cp src_filename dst_filename Copies a file in the local file system dialout l route_name Displays the current dial out database edit filename Edits local files filter Enters the filtering subsystem of the CLI user interface help m macro Displays help informatio...

Page 850: ...ame Deletes a file in the local file system route fF add s dest mask gateway metric fF add default gateway metric fF delete default dest Adds or deletes a route from the routing table set Modifies the value of a configuration parameter show Displays the current value of a configuration parameter stats c Clears all serial line statistics to zero su Returns you to the CLI t1_loopback none line paylo...

Page 851: ...hanges the console port s baud rate so that it can interface with any modem to which it is connected erase Erases non volatile memory help or Displays ROM Monitor commands image d filename Sets the default image file name ipx d Sets several parameters associated with IPX booting and dumping lat d Allows you to set the LAT key from the ROM monitor mop d Sets the MOP load dump address net Executes a...

Page 852: ...me in this format Mon Jan 6 13 59 42 1992 i The Model 5390 Internet address j A new line character skip to the beginning of the next line l The location defined for the port if none the string port nn where nn is the number of the serial line n The Model 5390 name if known or the Internet address p The port number or the virtual CLI connection number in vn form where n is the virtual CLI connectio...

Page 853: ...port_parameter value port_parameter value port_set async port_identifiers async port_identifiers port_identifier port_number port_number port_number port_number port_number 1 64 broadcast_keyword all serial virtual port_keyword all serial reset_keyword all annex lat macros security nameserver serial virtual show_keyword all lat interface device editing time HH MM Table D1 22 Model 5390 Processes P...

Page 854: ...gin_rdr rlogin_wtr One pair for each active rlogin command root The initial process routed Listens for RIP messages rwhod Listens for rwho requests snmpd Listens for snmp commands and requests syslog_port Logs messages to the port specified in the syslog_port parameter telnet_cmd telnet_rdr One pair per active telnet command telnetd_lis Listens for incoming telnet requests telnetd_rdr telnetd_wri ...

Page 855: ... IPXCP dial in configuration 9 8 using to configure local and remote IP addresses 9 26 acp_key parameter A15 14 C2 10 acp_keys file creating A15 13 syntax rules A15 14 acp_logfile A8 8 A8 11 9 11 B1 22 description of A15 73 locking A15 81 acp_passwd file A15 7 A15 84 C2 45 C4 6 creating A4 8 A15 11 A15 12 for use with Kerberos A15 53 acp_policy c file C4 5 acp_policy doc file C4 5 acp_policy h fil...

Page 856: ...nex end blocks A8 4 A14 11 route cache and A7 14 using to configure active RIP A12 51 AppleTalk A10 1 to A10 22 See also AppleTalk security CCL Converter and A10 19 configuring Model 5390 server for A2 28 A10 1 over ARA A10 14 setting port parameters for A10 15 over PPP A10 18 statistics B1 9 AppleTalk Control Protocol A10 19 See also ACP security AppleTalk Remote Access Protocol See ARAP AppleTal...

Page 857: ...und modems A6 5 audit trail A15 74 authoritative_agent parameter A2 10 C2 12 authorized_groups parameter A14 57 C2 12 auto_adapt mode A8 9 9 10 using for IPX protocol 9 17 using for port configuration A3 5 using for PPP A8 1 auto_detect mode A8 9 9 10 using for IPX protocol 9 17 using for port configuration A3 5 using for PPP A8 1 autobaud parameter C2 12 B backward_key parameter C2 12 banner para...

Page 858: ...15 49 chap_auth_name parameter A15 49 C2 14 chap_secret A15 24 A15 48 char_erase parameter C2 15 chat script A14 43 to A14 48 default global timeout values and A14 46 default timeout values and A14 46 examples A14 46 to A14 48 field definitions A14 43 reserved keywords A14 45 string formatting extensions and A14 44 circuit_timer parameter C2 16 C5 9 CLI See also CLI commands CLI port parameters co...

Page 859: ... C3 54 stats c superuser command C3 57 stats o command A13 3 stats user command A10 13 C3 55 to C3 62 stty user command C3 62 to C3 70 su superuser command C3 71 tap superuser command C3 72 to C3 74 telnet user command C3 74 to C3 79 tn3270 user command C3 79 to C3 92 tstty superuser command C3 92 who user command A10 14 C3 93 cli mode A8 9 9 10 CLI port parameters A3 9 to A3 10 allow_broadcast A3...

Page 860: ...erase C2 15 cli_imask7 C2 16 cli_inactivity C2 16 cli_interface C2 17 cli_security C2 18 connect_security C2 18 control_lines C2 19 data_bits C2 19 dedicated_address C2 19 dedicated_arguments C2 20 dedicated_port C2 20 default_session_mode C2 21 demand_dial C2 21 do_compression C2 22 echo C2 22 erase_char C2 23 erase_line C2 23 erase_word C2 23 forward_key C2 23 forwarding_count C2 24 forwarding_t...

Page 861: ...2 63 telnet_escape C2 63 term_var C2 63 toggle_output C2 67 type C2 67 type_of_modem C2 68 user_name C2 68 list of all D1 3 to D1 21 Model 5390 server a_router A10 4 C2 10 acp_key C2 10 allow_snmp_sets B2 7 C2 11 AppleTalk specific A10 3 to A10 7 authoritative agent C2 12 broadcast_addr C2 13 chap_auth_name C2 14 circuit_timer C2 16 cli_prompt C2 17 config_file C2 18 daylight_savings C2 19 default...

Page 862: ... C2 57 subnet_mask C2 60 sys_location C2 60 syslog_facility C2 61 syslog_host C2 61 syslog_mask C2 61 syslog_port C2 62 tcp_keepalive C2 62 tftp_dump_name C2 64 tftp_load_dir C2 64 time_broadcast C2 64 time_server C2 64 timezone_minuteswest C2 65 tmux_delay C2 65 tmux_enable C2 65 tmux_max_host C2 65 tmux_max_mpx C2 66 vcli_groups C2 68 vcli_password C2 69 vcli_security C2 69 zone A10 5 C2 69 para...

Page 863: ...9 25 auto_detect auto_adapt mode 9 24 ipx mode 9 23 ndp mode 9 21 IPX standards based A2 28 dial in 9 7 to 9 15 for ports 9 8 for specific ports 9 14 for specific users 9 9 to 9 14 routing 9 15 LAT services A2 28 Model 5390 parameters A2 1 using Annex Manager GUI A2 1 using CLI admin command A2 6 to A2 8 using na A2 2 to A2 5 using SNMP based manager A2 1 Model 5390 server A2 1 to A2 28 as boot se...

Page 864: ...mmand C1 10 cp command C3 18 CSLIP introduction to A7 1 cu setting up to access modem A1 10 customer support xli customizing Model 5390 environment A2 23 to A2 28 D data buffering on slave port A3 14 data_bits parameter 9 11 C2 19 configuring for bidirectional modems A6 6 configuring for dial in PPP A8 11 configuring for dial in SLIP A7 11 configuring for dial up PPP A8 9 configuring for inbound m...

Page 865: ..._addresses parameter A8 6 9 14 configuring for dial in PPP A8 11 configuring for dial in SLIP A7 10 configuring for dial up PPP A8 9 configuring for SLIP link A7 7 disable subcommand A13 15 disabled_modules parameter 9 6 A11 4 A12 48 A14 42 B1 32 B2 6 B2 8 C2 21 setting to disable IPX protocol 9 7 disabling CLI commands A15 82 modules B1 32 C2 22 displaying data for asynchronous PPP ports A8 3 Mod...

Page 866: ...9 35 protocols C5 1 statistics from netstat B1 17 event logging B1 22 to B1 26 priority levels A2 20 using 4 3BSD style syslog daemon A14 54 using for Model 5390 configuration A2 19 to A2 21 using host based security A15 73 using syslog B1 26 exclude filters A13 2 F facility_num parameter C2 23 FastLink II accessing IP nodes via 9 25 to 9 27 PC client requirements and 9 25 configuring Model 5390 p...

Page 867: ...and B1 27 Flash ROM booting Model 5390 server from A14 49 forward_key parameter C2 23 forwarding_count parameter C2 24 forwarding_timer parameter C2 24 FTP daemon Model 5390 server configuring security for A15 70 using A14 49 G gateway defining for preferred load host A2 11 entries creating in configuration file A14 8 to A14 10 for SLIP link A7 14 for SNMP community B2 4 for SNMP trap hosts B2 5 r...

Page 868: ... Model 5390 configuration A2 16 image file A2 12 location of A2 11 image_name parameter A2 11 B2 16 C2 25 imask_7bits parameter C2 26 inactivity_timer parameter C2 26 configuring for bidirectional modems A6 6 configuring for inbound modems A6 5 configuring for outbound modems A6 3 inbound modems configuring for ports A6 4 include filters A13 2 include statement A14 4 inet_addr parameter A2 9 C2 26...

Page 869: ...0 server A2 28 configuring proprietary 9 15 to 9 25 choosing port types 9 15 to 9 20 using auto_adapt mode 9 17 using auto_detect mode 9 17 using ipx mode 9 16 modems auto_detect auto_adapt mode 9 24 ipx mode 9 23 ports 9 21 to 9 25 auto_detect auto_adapt mode 9 24 ipx mode 9 23 ndp mode 9 21 configuring standards based 9 7 to 9 15 dial in 9 7 to 9 15 dial in configuration for specific users 9 9 t...

Page 870: ...t layer C5 9 group codes C5 8 host initiated connections HIC C5 10 services A2 28 A14 55 to A14 64 accessing A14 56 from Model 5390 port A14 57 from VCLI A14 57 advertised A14 55 data b slot support A14 61 group codes A14 56 host initiated connections HIC A14 61 LAT to Telnet gateway A14 60 learned A14 56 C5 8 miscellaneous LAT parameters A14 64 restricting access to A14 57 reverse LAT A14 58 reve...

Page 871: ... 34 login_prompt parameter C2 34 login_timeout parameter C2 35 long_break parameter C2 35 configuring for CLI terminals A3 10 loose_source_route parameter C2 35 lp spooler integrating aprint into A5 7 integrating rtelnet with A5 10 lpadmin command arguments for A5 7 lpd spooler integrating aprint with A5 3 integrating rtelnet with A5 6 lpr command using to test printer A5 6 ls command A2 13 A14 49...

Page 872: ...10 configuring for dial out SLIP A7 12 configuring for dial up PPP A8 8 configuring for outbound modems A6 3 configuring for port mode A3 5 configuring for PPP link A8 5 configuring for serial printer A5 1 configuring for SLIP link A7 9 setting for dynamic dialing A11 7 setting for IPXCP port configuration 9 8 mode slave configuring ports A3 13 modem a command A11 7 modem command A14 31 reference ...

Page 873: ...command C1 18 to C1 19 C3 92 set command C1 21 show command C1 22 to C1 26 using for AppleTalk specific configuration parameters A10 3 using for Model 5390 configuration A2 2 to A2 5 using for port configuration A3 1 to A3 4 write command C1 28 name servers See also Domain Name System server IEN 116 name server broadcasting for A2 17 configuring A14 52 to A14 54 introduction to A1 6 setting config...

Page 874: ...d A12 64 netstat s command using to display statistics for protocols B1 18 netstat x command 9 30 using to obtain information for IPX protocol interfaces memory buffers routes RIPs and servers 9 30 to 9 35 netstat xi command 9 31 netstat xm command 9 32 netstat xr command 9 32 using to display Model 5390 route for network 9 33 netstat xS command using to display additional line of information for ...

Page 875: ..._char parameter C2 44 output_ttl parameter C2 44 P PAP A8 6 A15 47 parameter conventions C2 1 to C2 4 descriptions C2 4 to C2 69 entering values C2 1 setting to supplied defaults C2 2 to C2 4 all parameters C2 4 asynchronous port parameters C2 3 interface parameters C2 3 Model 5390 parameters C2 2 parity parameter 9 11 C2 44 configuring for bidirectional modems A6 6 configuring for dial in PPP A8 ...

Page 876: ...connections and A1 6 configuring security for A4 7 A15 9 introduction to A1 5 port_password parameter 9 11 A14 42 A15 2 A15 7 A15 9 asynchronous port C2 45 setting when using SecurID C2 45 configuring for dial in PPP A8 11 configuring for dialup PPP A8 8 configuring for inbound modems A6 5 configuring for outbound modems A6 3 configuring for port server A4 8 using for CLI security A3 7 port_server...

Page 877: ... A2 11 A14 51 C2 49 pref_load_addr parameter A2 10 C2 49 pref_mop_host parameter C2 49 pref_name1_addr parameter A2 17 C2 50 pref_name2_addr parameter A2 17 C2 50 pref_secure1_host parameter A15 7 A15 10 C2 50 pref_secure2_host parameter A15 10 C2 50 preferred dump host setting for Model 5390 configuration A2 11 preferred load host setting for Model 5390 configuration A2 10 printer_host parameter ...

Page 878: ...ation A3 4 redirect messages A12 7 redisplay_line parameter C2 51 remote system management A1 11 remote_address parameter A8 6 9 26 configuring for dial in PPP A8 11 configuring for dial up PPP A8 9 configuring for SLIP link A7 7 synchronous port C2 51 reset annex all command 9 15 reset annex dialout command A11 7 A14 42 reset annex macros command A14 15 A14 24 reset annex motd command A14 48 rese...

Page 879: ... parameter A12 59 rip_horizon parameter A12 59 rip_next_hop parameter A12 60 rip_recv_version parameter A12 60 rip_routers parameter A12 60 rip_send_version parameter A12 61 rip_sub_accept parameter A12 61 rip_sub_advertise parameter A12 61 routed parameter A12 62 routing interfaces A12 9 routing table displaying A12 64 statistics B1 10 supernetting A12 15 troubleshooting A12 72 to A12 80 using fo...

Page 880: ...tion B1 15 route command A12 67 A14 14 arguments C3 51 reference C3 50 to C3 51 routed parameter A2 26 A12 62 A14 13 C2 55 disabling RIP A14 15 router discovery A12 7 routes default to gateways A14 15 defining gateways A14 11 definition of A12 2 dial out A14 42 IPX 9 32 routing See also RIP across PPP link basic passive RIP A8 4 full A1 8 sample configuration for IPX protocol 9 20 services C5 6 ga...

Page 881: ...files and A15 11 customizing policy A15 74 dial back A15 27 to A15 29 disabling user name and password validation A15 75 event logging A15 73 for dial in PPP A8 11 for dialup PPP A8 8 for port server A4 7 for ports A15 5 for VCLI connections A4 8 host based A15 5 to A15 9 logging B1 22 hosts specifying A15 10 introduction to types of A1 4 IP Basic Security Option IPSO A15 71 local password protect...

Page 882: ...meter C2 57 services command A14 57 A14 58 arguments C3 52 command display C3 54 examples C3 53 reference C3 52 to C3 54 session_limit parameter C2 57 set annex command for configuring Model 5390 parameters A2 2 set command C1 21 C2 4 set port command A10 5 shadow file C4 6 shell script filter A5 4 short_break parameter C2 57 configuring for CLI terminals A3 10 show annex command for configuring M...

Page 883: ...n A3 6 slip_allow_dump parameter C2 58 configuring for SLIP link A7 8 slip_load_dump_host parameter C2 59 configuring for SLIP link A7 8 slip_mtu_size parameter C2 59 configuring for SLIP link A7 7 slip_no_icmp parameter C2 59 configuring for SLIP link A7 7 slip_ppp_security parameter 9 11 A15 9 A15 48 C2 59 configuring for a PPP link A8 8 configuring for a SLIP link A7 7 configuring for dial in P...

Page 884: ...8 9 configuring for inbound modems A6 4 configuring for outbound modems A6 3 configuring for PPP link A8 6 configuring for serial printer A5 1 configuring for SLIP link A7 9 setting for dynamic dialing A11 7 squelch C3 1 statistics filtering B1 17 for AppleTalk B1 9 for interfaces and 802 2 data link layer 9 37 for Model 5390 server C3 56 displaying B1 28 to B1 29 for serial line C3 56 interface B...

Page 885: ...2 61 syslog_port parameter A2 19 B1 26 C2 62 using to send log messages to ports 9 28 syslogging 9 28 4 3BSD setting up host for A14 54 configuring for Model 5390 server A2 19 to A2 21 using 4 3BSD style syslog daemon B1 26 System V host A3 16 printing from A5 7 T t1_info parameter C2 62 T1 specific parameters vs MIB objects B2 23 tap command B1 29 arguments C3 73 reference C3 72 to C3 74 TCP port...

Page 886: ...ux_max_mpx parameter C2 66 TMux specific parameters vs MIB objects B2 22 tn3270 command and terminal emulation C3 83 arguments C3 80 ASCII terminal requirements and setup C3 81 command mode C3 87 configuration checklist C3 89 configuring C3 89 to C3 92 default key mappings to C3 87 ending a session C3 89 print screen and transparent mode features C3 82 reference C3 79 to C3 92 tn3270 port mode usi...

Page 887: ...r inbound modems A6 4 configuring for outbound modems A6 3 setting for dynamic dialing A11 7 U UDP time servers and A14 50 usage subcommand A13 18 User Datagram Protocol See UDP user interface customizing CLI A1 3 user validation disabling A15 75 for port servers A4 7 on VCLI connections A4 8 user_name parameter A3 12 A15 49 C2 68 C3 92 utilities C4 1 to C4 10 ch_passwd C4 7 erpcd daemon C4 4 rtel...

Page 888: ...C3 93 using to obtain information for IPX protocol connections 9 36 World Wide Web xliii write command C1 28 C2 2 using for port configuration A3 4 X XON XOFF flow control for bidirectional modems A6 6 for inbound modems A6 4 for outbound modems A6 3 for printers A5 2 Z zone parameter A10 2 A10 5 C2 69 zone security A10 18 A15 30 ...

Reviews:

No comments