manualshive.com logo in svg

Lucent Technologies PortMaster, Configuration Manual

The Lucent Technologies PortMaster Configuration Manual is a free downloadable manual for users to easily configure their PortMaster device. Find step-by-step instructions and all the information you need to set up your device efficiently. Download the manual from manualshive.com to get started.

Share
Download
background image

Configuring Filters

9-11

Example Filters

Input and Output Filters for FTP Packets

Filters can be used to either permit or deny File Transfer Protocol (FTP) packets. You 
must understand how this protocol works before you develop FTP filters.

FTP uses TCP port 21 as a control channel, but it transfers data on another channel 
initiated by the FTP server from TCP port 20 (FTP-data). Therefore, if you want to allow 
your internal hosts to send out packets with FTP, you must allow external hosts to open 
an incoming connection from TCP port 20 to a destination port above 1023. Allowing 
this type of access to your network can be very risky if you are running Remote 
Procedure Call (RPC) or X Windows on the host from which you are transmitting FTP 
packets. As a result, many sites use FTP proxies or passive FTP, neither of which is 
discussed in this guide. 

Consult 

Firewalls and Internet Security: Repelling the Wily Hacker

 by Cheswick and Bellovin 

and 

Building Internet Firewalls

 by Chapman and Zwicky for information on FTP proxies 

and passive FTP.

Likewise, if you want to allow external hosts to connect to your FTP server and transfer 
files, you must allow incoming connections to TCP port 21 on your FTP server and allow 
outgoing connections from TCP port 20 of your FTP server.

In the following examples, 172.16.0.2 is the address of your FTP server and 192.168.0.1 
is the address of the host from which you allow outgoing FTP.

Caution – 

This configuration is not recommended if you run any of the following 

protocols on any of the hosts from which you allow FTP access: NFS, X, RPC, or any 
other service that listens on ports above 1023.

9.

Permits ICMP packets.

Table 9-3

Description of Internet Filter 

(Continued)

Rule

Description

!

Summary of Contents for PortMaster

Page 1: ...PortMaster ConfigurationGuide Lucent Technologies RemoteAccessBusinessUnit 4464WillowRoad Pleasanton CA94588 925 737 2100 800 458 9966 May1998 950 1182D...

Page 2: ...her marks are the property of their respective owners Disclaimer Lucent Technologies Inc makes no express or implied representations or warranties with respect to the contents or use of this manual an...

Page 3: ...t Remote Access Technical Support xxiii For the EMEA Region xxiv For North America Latin America and the Asia Pacific Region xxiv PortMaster Training Courses xxiv Subscribing to PortMaster Mailing Lis...

Page 4: ...ult Routing 3 6 Configuring Name Resolution 3 6 Using the Host Table 3 7 Setting the Name Service 3 7 Setting the Name Server 3 8 Setting the Domain Name 3 8 Setting the Telnet Port 3 9 Using the Teln...

Page 5: ...Table 3 26 Enabling NetBIOS Broadcast Packet Propagation 3 29 Setting Authentication for Dial In Users 3 29 Setting Call Check Authentication 3 30 Setting the ISDN Switch 3 30 4 Configuring the Ether...

Page 6: ...splaying Extended Port Information 5 5 Setting the Login Prompt 5 5 Setting the Login Message 5 6 Setting an Optional Access Filter 5 6 Setting Port Security 5 6 Allowing Users to Connect Directly to...

Page 7: ...synchronous Map 5 24 Setting Input and Output Filters 5 25 Connecting without TCP IP Support 5 25 6 Configuring a Synchronous WAN Port Synchronous Port Uses 6 1 Configuring WAN Port Settings 6 4 Gener...

Page 8: ...Ports 7 8 Setting Compression 7 8 Setting Filters 7 9 Specifying a Callback Location 7 10 Configuring Login Users 7 10 Setting the Login Host 7 10 Applying an Optional Access Filter 7 11 Setting the L...

Page 9: ...e Maximum Number of Dial Out Ports 8 12 Setting Bandwidth on Demand 8 12 Setting Filters 8 13 Input Filters 8 13 Output Filters 8 13 Testing Your Location Configuration 8 14 9 Configuring Filters Over...

Page 10: ...dem Cable and Signals 10 1 Modem Functions 10 2 Using Automatic Modem Configuration 10 2 Displaying Modem Settings and Status 10 2 Adding a Modem to the Modem Table 10 3 Associating a Modem with a Por...

Page 11: ...Service 11 9 Using Channelized T1 11 10 Why Use Channelized T1 11 10 How to Order DS 1 Service from the Telephone Company 11 10 Configuring the PortMaster 3 for Channelized T1 11 11 Example Channeliz...

Page 12: ...S T Interface 12 8 Port Limits 12 8 Data over Voice 12 8 ISDN Port Configuration Tips 12 9 ISDN BRI Unnumbered IP Configuration Example 12 9 Configuration Steps 12 9 Configuring the PortMaster in Denv...

Page 13: ...a Frame Relay Subinterface 13 15 14 Using Synchronous V 25bis Connections Overview of Synchronous V 25bis Dial Up Connections 14 1 Configuration Steps for a Synchronous V 25bis Connection 14 3 Config...

Page 14: ...tup 16 9 Providing Network Filtering 16 10 Using ISDN for Internet Connections 16 11 17 Providing User Dial In Access Overview of Dial In Configuration 17 1 Example Configuration 17 3 Configuration St...

Page 15: ...outer in Rome 19 4 Configuring the PortMaster Office Router in Florence 19 6 Troubleshooting a Leased Line Connection 19 8 A Networking Concepts Network Addressing A 1 IP Addressing A 1 IP Address Not...

Page 16: ...Contents xvi Configuration Guide for PortMaster Products...

Page 17: ...PMVision graphical user interface GUI This guide assumes you are using the command line interface and provides examples of command line usage Audience This guide is designed for qualified system admin...

Page 18: ...rking and configuration issues related to PortMaster products PortMaster hardware installation guides These guides contain complete hardware installation instructions An installation guide is availabl...

Page 19: ...rmation Protocol RFC 1112 Host Extensions for IP Multicasting RFC 1144 Compressing TCP IP Headers for Low Speed Serial Links RFC 1157 A Simple Network Management Protocol SNMP RFC 1166 Internet Number...

Page 20: ...RFC 1828 IP Authentication Using Keyed MD5 RFC 1829 The ESP DES CBC Transform RFC 1877 PPP Internet Protocol Control Protocol Extensions for Name Server Addresses RFC 1878 Variable Length Subnet Tabl...

Page 21: ...BN 1 56592 124 0 DNS and BIND 2nd ed Paul Albitz and Cricket Liu Sebastopol CA O Reilly Associates Inc 1992 ISBN 1 56592 236 0 Firewalls and Internet Security Repelling the Wily Hacker William R Chesw...

Page 22: ...icates a user entry a command menu option button or key or the name of a file directory or utility except in code samples Enter version to display the version number Press Enter Open the permit_list f...

Page 23: ...year hardware warranty For all technical support requests record your PortMaster ComOS version number and report it to the technical support staff or your authorized sales channel partner New release...

Page 24: ...8 40 By electronic mail email send mail to emea support livingston com For North America Latin America and the Asia Pacific Region Contact Lucent Remote Access Monday through Friday between the hours...

Page 25: ...digest in the body of the message portmaster radius a discussion of general and specific RADIUS issues including configuration and troubleshooting suggestions To subscribe send email to majordomo liv...

Page 26: ...Subscribing to PortMaster Mailing Lists xxvi PortMaster Configuration Guide...

Page 27: ...on also supports command entry you can use a combination of GUI panels and ComOS commands to configure monitor and debug a PortMaster When connected to one or more PortMaster products PMVision allows...

Page 28: ...Preconfiguration Planning Before the PortMaster can be used to connect wide area networks WANs you must install the hardware using the instructions in the installation guide for your system This confi...

Page 29: ...vice on analog lines ISDN BRI ISDN PRI channelized T1 or E1 Many other decisions must be made during the configuration process This guide discusses the various configuration options and their implicat...

Page 30: ...ached to the console port by an administrative Telnet session or by a network connection 3 If you want to use PMVision software to configure your PortMaster install it on a workstation anywhere on you...

Page 31: ...ion 11 Configure dial out locations in the location table The location table is described in Chapter 8 Configuring Dial Out Connections 12 Configure filters in the filter table Once the filters are cr...

Page 32: ...Basic Configuration Steps 1 6 PortMaster Configuration Guide...

Page 33: ...following functions during the booting process 1 Self diagnostics are performed The results are displayed to asynchronous console port C0 or S0 if the console DIP switch first from the left also known...

Page 34: ...Guide for details 3 The user configuration is loaded from Flash RAM 4 The IP address is located If no address is configured for the Ethernet interface and no address was obtained from netbooting the P...

Page 35: ...and those locations 6 Broadcasting and listening for routing packets are initiated on interfaces configured for routing 7 TCP connections to PortMaster hosts are established 8 TCP connections are esta...

Page 36: ...corresponds to the user If the password entered by the user does not match the PortMaster denies access with an Invalid Login message If no user table entry exists for the user and port security is o...

Page 37: ...and the login host for the user is not permitted by the access filter the PortMaster refuses service with an Access Denied message If the access override parameter is set on the port the PortMaster in...

Page 38: ...indicates that the login prompt has been sent to the port and should be displayed on the terminal The PortMaster is waiting for a login request HOSTNAME The host prompt has been sent to the port The P...

Page 39: ...iguring Name Resolution on page 3 6 Setting the Telnet Port on page 3 9 Setting the Number of Management Application Connections on page 3 9 Setting System Logging on page 3 9 Setting Administrative L...

Page 40: ...p to 16 characters used to access the PortMaster administration features Only the administrator can change the password To set the password use the following command Command set password Password Usin...

Page 41: ...Ethernet nor requests from PortMaster OR U dial up routers How the Cable Modem Telephone Return System Works After you set the IP address of the DHCP server on the PortMaster product the cable modem d...

Page 42: ...able interface Dynamic configuration Cable modem router Telephone interface 172 16 98 67 192 168 33 10 11820024 P P P c o n n e c t i o n a s y n c h r o n o u s IP Packet DST 192 168 33 10 SRC DHCP R...

Page 43: ...IP address of the cable interface 172 16 98 67 as the source address Because packets now carry the source address of the cable interface response to these packets travels via the coaxial cable The Com...

Page 44: ...PortMaster Routing Guide PortMaster products can automatically send and accept route information as part of RIP messages if routing is turned on If default routing is on default routes are sent and ac...

Page 45: ...ion Service NIS for hostname resolution rather than the local host table The PortMaster always checks the local host table before using DNS or NIS For information on setting the NIS or DNS name servic...

Page 46: ...name service before you set a name server See Setting the Name Service on page 3 7 If you are not using a name service you do not need a name server To set the name server use the following command C...

Page 47: ...eful for administrators who log in to a port using Telnet and need to access the console for debugging purposes Note Only one Telnet session can receive console messages at a time To set the current T...

Page 48: ...g Disabling and Redirecting Syslog Messages By default the PortMaster logs five types of events at the informational info priority level using the authorization auth facility on the log host You can d...

Page 49: ...ies Lucent recommends that you use the auth facility or the local0 through local7 facilities to receive syslog messages from PortMaster products but all the facilities are provided See your operating...

Page 50: ...PPP or SLIP dial in users By assigning addresses as needed from a pool the PortMaster requires fewer addresses than if each user is assigned a specific address When a dial in connection is closed the...

Page 51: ...t a reported address different from the Ether0 address For PPP connections this address is reported to the outside and placed in the PPP startup message during PPP negotiation For SLIP connections thi...

Page 52: ...his file under Livingston Extensions The livingston mib file can be found in the SNMP directory of the ComOS software or on the World Wide Web at http www livingston com Forms one click dnload cgi To...

Page 53: ...ettings 3 15 Configuring SNMP Figure 3 2 Management Information Base MIB Hierarchy unnamed 0 CCITT 1 iso 3 org 6 dod 1 internet 2 mgmt 2 joint ISO CCITT 1 mib 307 Livingston 1 directory 3 experi menta...

Page 54: ...llows 307 refers to the Livingston namespace 3 refers to the MIB 2 refers to interfaces 1 refers to serial interfaces 1 refers to the serial interfaces table 1 refers to an entry in the serial interfa...

Page 55: ...PortName PortName PortName PortName PortName 307 3 2 1 1 1 3 PhysType PhysType PhysType PhysType PhysType 307 3 2 1 1 1 4 User User User User User 307 3 2 1 1 1 5 SessionId SessionId SessionId Sessio...

Page 56: ...or login port this value is the IP address of the host to which the user is connected ifDescr Text string containing information about the network interface bound to the serial interface InOctets Tota...

Page 57: ...figured function of the interface Status Current operational state of the interface Operational states include the following up 1 down 2 loopback 3 Framing Configured line framing Line framing types i...

Page 58: ...yncErrors Total number of frame synchronization errors detected on the interface Table 3 8 Modem Table Object Type Definition livingstonModemIndex Unique value for each modem interface livingstonModem...

Page 59: ...e read and write community strings act like passwords to permit access to the SNMP agent information The read community string must be known by any device allowed to access or read the MIB information...

Page 60: ...to control SNMP security by specifying the IP addresses of the hosts that are allowed to access SNMP information The specification of read and write hosts allows another level of security beyond the...

Page 61: ...nd associated alarm identification numbers For details about a specific alarm enter the following command Command show alarm alarm id To clear alarms from the SNMP alarm table enter the following comm...

Page 62: ...run RIP OSPF or BGP Hosts connected to the PortMaster do not support RIP OSPF or BGP Separate static routes tables are maintained for IP and for IPX which you display with the show routes and show ipx...

Page 63: ...delete route Ipaddress NM Ipaddress gw Command save all You can delete only static routes Adding and Deleting a Static Route for IPX A static route for IPX contains the following items Destination Th...

Page 64: ...ipxgateway Network Node Metric Note You can delete only static routes Modifying the Static Netmask Table The netmask table is provided to allow routes advertised by RIP to remain uncollapsed on netwo...

Page 65: ...from PortMaster products with the following two exceptions If you use a netmask table entry of 255 255 255 255 In this case the routes broadcast as host routes really are host routes so non PortMaster...

Page 66: ...roxy ARP Instead you use your 192 168 206 0 network for the Ethernet and divide your other networks up among the PortMaster routers Each network provides 30 addresses for the assigned pool of each Por...

Page 67: ...adcast packets propagated to all networks to get and forward information about the named nodes on the network NetBIOS uses a broadcast mechanism to get this information because it does not implement a...

Page 68: ...ut authenticating the user at the point of entry on PortMaster products that support PRI or in band signaling To enable the call check feature in the ComOS you must first configure call check user ent...

Page 69: ...ion on making the Ethernet connection See the PortMaster Command Line Reference for more detailed command descriptions and instructions Setting General Ethernet Parameters The commands described in th...

Page 70: ...Filters applied to the Ethernet interface take effect immediately If you change the filter the change will not take effect until you set the filter on the interface again or you reboot the PortMaster...

Page 71: ...face use the following command Command set Ether0 ofilter Filtername To remove the output filter omit the filter name when entering the command Setting IP Parameters PortMaster products support both t...

Page 72: ...s are high where the host part of the address is all 1s such as 192 168 1 255 or low where the host part of the address is all 0s such as 192 168 1 0 The PortMaster default is low The standard for hos...

Page 73: ...of your local Ethernet segment An IPX network address is a number entered in hexadecimal format described in Appendix A Networking Concepts To set the IPX network address use the following command Com...

Page 74: ...the frame type set for your network Contact your IPX network administrator for information about the frame type used on your network To set the IPX frame type use the following command entered on one...

Page 75: ...supports static routing only IPX RIP OSPF packet filtering and route propagation are not supported on subinterfaces You must configure the primary Ethernet interface before adding subinterfaces see S...

Page 76: ...value The Number metric is a 16 bit number between 1 and 65535 the default is 1 Routers in OSPF networks continually exchange hello packets with their neighbor routers You can set the interval that e...

Page 77: ...onnection on page 5 20 Connecting without TCP IP Support on page 5 25 See the PortMaster Command Line Reference for more detailed command descriptions and instructions Asynchronous Port Uses The follo...

Page 78: ...munication servers are most commonly used to allow remote users to dial in to a network location and access a host with their local account This configuration is also used by ISPs that provide many us...

Page 79: ...settings This feature allows the host running in pmd to alter the active parameters through software control by using operating system I O calls ioctl calls in UNIX The settings that the host can ove...

Page 80: ...chronous ports simultaneously by using the set all databits command To set databits use the following command Command set S0 all databits 5 6 7 8 Setting Flow Control The PortMaster can use either sof...

Page 81: ...formation The PortMaster can display port information in brief or extended modes The default setting is off To enable or disable extended information for a port use the following command Command set S...

Page 82: ...t Security Port security requires that each username be found in the user table or in the RADIUS database If port security is on all users who log in must have their usernames verified before they are...

Page 83: ...a dial in connection and how long the PortMaster should wait for a response to a login password or host prompt You can set the idle time in seconds or minutes to any value from 0 to 240 The default se...

Page 84: ...r login In user login mode the user is prompted for his or her login name after the attached modem answers and completes rate negotiation Once the user is identified as a valid user through the user t...

Page 85: ...et the login host Command set S0 host 1 2 3 4 default prompt Ipaddress 4 Specify the terminal type Command set S0 all termtype String 5 Reset the port and save the settings Command reset S0 Command sa...

Page 86: ...in is used on mixed UNIX networks where the PortMaster login service is impractical to use telnet Telnet is supported on most TCP IP hosts This login service should be selected when the PortMaster and...

Page 87: ...of the functions of a communications server is to provide network users access to shared devices such as printers and modems The port connected to the printer or modem can provide shared access if it...

Page 88: ...PortMaster device service and a pseudo tty connection This configuration is most commonly used to provide access to shared devices such as printers Figure 5 2 Host Device Configuration Figure 5 3 sho...

Page 89: ...stname must be specified either in the port configuration or as the global default host In addition the PortMaster in pmd daemon must be installed on the specified host To configure a port for access...

Page 90: ...o through the PortMaster is specified as dev network PortMaster Device Service The PortMaster device service is the most efficient and highest performance service This service can be used with any wor...

Page 91: ...vice Service The netdata device service provides a TCP clear channel on which 8 bit data is passed without interpretation This service can be used to connect to the selected port from another serial p...

Page 92: ...he access type Command set S0 network dialin dialout twoway 2 Save the configuration Command save all Note In any of these dial modes dial in dial out and two way you can also configure the port for o...

Page 93: ...dicated to Internet connections or connections to another office In this configuration the port is used to establish communication from the PortMaster to an outside location SLIP or PPP is used for th...

Page 94: ...nfigure two way access set the port type for network use and then set the network dial access for two way use The specified port operates in user login mode if DCD is detected on pin 8 of the RS 232 c...

Page 95: ...PP as described in RFC 1717 on ISDN BRI ports and all ports on the PortMaster 3 Note Be sure to use the set S0 rts cts command to enable hardware flow control RTS CTS for all SLIP and PPP connections...

Page 96: ...nchronous devices FRADs Hardwired connections can use SLIP or PPP with IP and IPX Note This type of configuration creates a continuous uninterrupted connection on this port If the port is configured f...

Page 97: ...s Command set S0 destination Ipaddress Ipmask 5 Set the IPX network number if you are using IPX Command set S0 ipxnet Ipxnetwork 6 Enable RIP routing Command set S0 rip on off broadcast listen 7 Set c...

Page 98: ...bytes SLIP connections can have an MTU set from 100 to 1006 bytes The remote host can negotiate smaller MTUs if necessary The MTU is typically set to the maximum allowed for the protocol being used ei...

Page 99: ...ns over network hardwired asynchronous lines Lucent implements Van Jacobson TCP IP header compression and Stac LZS data compression Compression is on by default Compression should not be used with mul...

Page 100: ...wing command Command show S0 Setting the PPP Asynchronous Map The PPP protocol supports the replacement of nonprinting ASCII characters found in the datastream These characters are not sent through th...

Page 101: ...are sent to the interface For more information about filters see Chapter 9 Configuring Filters Connecting without TCP IP Support You can configure the PortMaster to connect to bulletin board service B...

Page 102: ...Connecting without TCP IP Support 5 26 PortMaster Configuration Guide Note The PortMaster ignores the Data Set Ready DSR signal Some PCs might require DSR high but they do not tie DSR to DTR...

Page 103: ...roducts support any of these connection types using one or more synchronous ports All WAN port connections are similar and are represented in Figure 6 1 on page 6 3 For most applications a dedicated l...

Page 104: ...n Frame Relay in applications where short bursts of connectivity are required but dial up modems do not provide enough bandwidth V 25bis dialing is used to establish a link over a switched network and...

Page 105: ...type of synchronous connection to use between your remote locations the synchronous port on each end of the connection must be configured IRX Router IRX Router 11820004 Bangkok New York workstation 1...

Page 106: ...lay synchronous port information in brief or extended modes The default setting is off To enable or disable extended information for a port use the following command Command set W1 extended on off Not...

Page 107: ...y other purpose A hardwired connection must be used for a leased line or Frame Relay connection dialin Allows the port to accept dial in network connections for use with switched 56Kbps or ISDN connec...

Page 108: ...ral set modem control on for network dial in or dial out configurations Modem control is usually off for leased line or Frame Relay connections but you can use it if the CSU DSU is configured accordin...

Page 109: ...ropped for 500 milliseconds causing a hangup on the line To set the hangup control use the following command Command set W1 hangup on off The reset command always drops the DTR signal Setting the Port...

Page 110: ...port is disabled To set the IP address use the following command Command set W1 address Ipaddress Setting the Destination IP Address The destination IP address or hostname of the machine on the other...

Page 111: ...Concepts for more information about using subnet masks Setting the IPX Network Address When using IPX you must identify an IPX network number of the serial link that is unique from every other IPX num...

Page 112: ...e attached filter Only packets permitted by the filter are passed through the PortMaster If an output filter is attached packets going to the interface are evaluated against the rule set in the filter...

Page 113: ...to take effect For example to remove the output filter from a synchronous port use the following commands Command set W1 ofilter Command reset W1 Command save all Note You must reset the port and re e...

Page 114: ...Configuring WAN Port Settings 6 12 PortMaster Configuration Guide...

Page 115: ...e information This chapter discusses the following topics Configuring the User Table on page 7 1 User Types on page 7 3 Configuring Settings for Network and Login Users on page 7 4 Configuring Network...

Page 116: ...formation for a particular user for example use the following command Command show user elena Username elena Type Dial in Network User Address Assigned Netmask 255 255 255 255 Protocol PPP Options Qui...

Page 117: ...m another router the router must have an entry in the user table or in RADIUS PortMaster products allow you to configure two types of users network users and login users Network Users Network users di...

Page 118: ...can set the idle time in seconds or minutes with any value between 2 and 240 The default setting is 0 minutes The idle timer is not reset by RIP keepalive or SAP packets To set the idle timer use the...

Page 119: ...You must define the IP address or hostname of the remote host or router Table 7 1 describes three different ways that the user IP address can be determined Table 7 1 User IP Address Options IP Address...

Page 120: ...connection between the remote user device and the PortMaster Each user s connection requires a different IPX network number If you use fffffffe as the IPX network number the PortMaster assigns the use...

Page 121: ...character map use the following command Command set user Username map Hex Setting the MTU Size The maximum transmission unit MTU defines the largest frame or packet that can be sent without fragmentat...

Page 122: ...are allowed You can also set the dial in port limit using the RADIUS Port Limit attribute To set the maximum number of dial in ports use the following command Command set user Username maxports Numbe...

Page 123: ...nly packets allowed by the filter can pass through the PortMaster If an output filter is applied to a user packets going to the user are evaluated against the rule set for the applied filter Only pack...

Page 124: ...ion table The PortMaster always calls back using the same port on which the user called in Network users have PPP or SLIP sessions started for them as defined in the user table To specify the callback...

Page 125: ...er Filtername Note You must define a filter in the filter table before you can apply it For more information about filters see Chapter 9 Configuring Filters Table 7 4 Login Host Options Host Option De...

Page 126: ...host that has the PortMaster in pmd daemon installed This type of login service is preferred because it makes the PortMaster port operate like a serial port attached to the host This service is the m...

Page 127: ...ing command Command set user Username dialback String none To disable callback connections for the user use the none keyword netdata The netdata login service creates a virtual connection between the...

Page 128: ...Configuring Login Users 7 14 PortMaster Configuration Guide...

Page 129: ...onfiguring the Location Table A location defines a dial out destination and the characteristics of the dial out connection Locations control dial out network connections in much the same way the user...

Page 130: ...d for dialing out with the tip command or UUCP For information on these applications refer to Chapter 18 Accessing Shared Devices To display the location table enter the following command Command show...

Page 131: ...shown in Table 8 1 If you are changing an existing location s connection type verify that the connection is not active To configure the connection type use the following command Command set location...

Page 132: ...e PortMaster dials out to that location when it boots to update routing information The PortMaster hangs up when the idle timer expires because RIP traffic does not reset the idle timer To configure a...

Page 133: ...name and password you enter here must also be resident on the remote host in the user table RADIUS or other authentication mechanism To set the username and password use the following commands Command...

Page 134: ...ocation Locname destination Ipaddress Setting the Destination Netmask If the host or network on the remote end of the connection requires a netmask you must define it in the location table To set the...

Page 135: ...owing command Command set location Locname rip on off broadcast listen Table 8 2 describes the results of using each keyword Note ComOS releases prior to 3 5 use routing instead of the rip keyword Tab...

Page 136: ...cname group Group Setting the MTU Size The maximum transmission unit MTU defines the largest frame or packet that can be sent through this port without fragmentation If an IP packet exceeds the specif...

Page 137: ...used for SLIP connections To configure compression for a location use the following command Command set location Locname compression on off stac vj Table 8 3 describes the results of using each keywor...

Page 138: ...nual or on demand connection use the following command Command set location Locname idletime Number minutes seconds Setting Data over Voice The PortMaster supports data over voice for inbound and outb...

Page 139: ...for a location The high water mark triggers the PortMaster to bring up an additional connection to the location when the amount of data specified by the high water mark is queued The PortMaster exami...

Page 140: ...and see Setting the Idle Timer on page 8 10 all ports used for that connection are timed out simultaneously To set the maximum number of dial out ports for a location use the following command Command...

Page 141: ...e by the location must be reset to have the changes take effect Note If a matching filter name is not found in the filter table this command is not effective and all traffic is permitted Input Filters...

Page 142: ...onnection with the remote location by using the dial command from the command line To display the chat script if you are using one during dialing use the optional x keyword You can watch the connectio...

Page 143: ...d to accomplish the goal described See the PortMaster Command Line Reference for more detailed command descriptions and instructions Overview of PortMaster Filtering Packet filters can increase securi...

Page 144: ...mber of filter rules exceeds the limit If a packet is discarded by a filter an appropriate ICMP unreachable message is returned to the source address This message provides immediate feedback to the us...

Page 145: ...the source and destination addresses of a packet against a rule list The number of significant bits used in IP address comparisons can be set allowing filtering by host subnet network number or group...

Page 146: ...ntering the PortMaster and an output filter is used on packets exiting the PortMaster Figure 9 1 Input and Output Filters All packets entering a PortMaster through an interface with an input filter ar...

Page 147: ...ched to the network interface created for that connection Location filters are attached to dial out locations using SLIP or PPP connections When the connection is established to a remote site the desi...

Page 148: ...der AH protocol See RFC 1826 for more information on this protocol ipip matches packets using the IP Encapsulation within IP IPIP See RFC 2003 for more information on this protocol If you are using Ch...

Page 149: ...umber Appendix B TCP and UDP Ports and Services lists port numbers commonly used for UDP and TCP port services For a more complete list see RFC 1700 To create a UDP filter rule use the following comma...

Page 150: ...vertising the service via SAP Name IPX network number IPX node address IPX socket number To create a SAP filter rule use the following command entered on one line Command set sapfilter Filtername Rule...

Page 151: ...explicitly permitted by a filter is denied except for the special case of a filter with no rules which permits everything Simple Filter A simple filter can consist of the following rules Command set f...

Page 152: ...cp src eq 20 dst gt 1023 Command set filter internet in 7 permit udp dst eq 53 Command set filter internet in 8 permit tcp dst eq 53 Command set filter internet in 9 permit icmp Table 9 3 describes li...

Page 153: ...many sites use FTP proxies or passive FTP neither of which is discussed in this guide Consult Firewalls and Internet Security Repelling the Wily Hacker by Cheswick and Bellovin and Building Internet...

Page 154: ...p src eq 20 dst gt 1023 Command set filter internet out 4 permit 172 16 0 2 32 0 0 0 0 0 tcp src eq 21 dst gt 1023 estab If you allow any internal host to send out packets with FTP replace 192 168 0 1...

Page 155: ...our network you might unknowingly allow other networks complete access as well Any network that can access a network having complete access privileges to your network also has access to your network F...

Page 156: ...p dst eq 53 Command set filter restrict in 10 permit 0 0 0 0 0 10 0 0 3 32 icmp Table 9 4 describes line by line each rule in the filter To log all packets that are denied add the following rule to th...

Page 157: ...nection is established 4 If the address is not permitted the connection is denied unless access override is enabled If you want a user to be able to override a port s access filter enable access overr...

Page 158: ...Restricting User Access 9 16 PortMaster Configuration Guide...

Page 159: ...ons and instructions Because the PortMaster is a DTE device a straight through RS 232 cable is used to connect modems to it Straight through cables for modems use pins 2 3 4 5 6 7 8 and 20 Null Modem...

Page 160: ...set itself when DTR is dropped Lock the DTE speed Use hardware flow control RTS CTS Using Automatic Modem Configuration PortMaster products use a modem table to automate the modem configuration proces...

Page 161: ...o the modem table use the following command Command add modem ModemName short ModemName long Speed String For example to add a Paradyne 3811 modem to the modem table enter Command add modem para3811 P...

Page 162: ...00 AT F C1 D3S0 1S10 20 W eiger v34 p Eiger 28 8 PCMCIA 11520 0 AT F C1 D3S0 1S10 20 W gvc 14 4 GVC Maxtech V 32 57600 AT F C1 D3S0 1S10 20 W0 gvc 28 8 GVC Maxtech V 34 11520 0 AT F C1 D3S0 1S10 20 W0...

Page 163: ...P9600SA 57600 AT F C1 D3S0 1S2 129 W pp v34 Practical Peripherals PM288T II 11520 0 AT F0M0S0 1V1 C1 D3 K3 W0 W1 para3811 Paradyne 3811 11520 0 AT FS0 1 W ppi v34 p PPI ProClass V 34 PCMCIA 11520 0 AT...

Page 164: ...enter Command set s1 modem usr v34 Command reset s1 usr v32 p USR Courier Sportster V 32bis PCMCIA 57600 AT F1 W usr v34 p USR Courier Sportster V 34 PCMCIA 11520 0 AT F1S0 1 W usr v32 USR Courier Sp...

Page 165: ...peeds are sequentially matched from the first baud rate through the third baud rate For example when a connection with this port is established the PortMaster uses the first baud rate value to try to...

Page 166: ...tch the parity setting on the attached modem The parity default value is none and must be used for ports configured for network dial in or dial out operation Table 10 2 describes the parity options To...

Page 167: ...nd Command set S0 rts cts on off Note Because it is more reliable you should always use hardware flow control if it is available Do not use both hardware and software flow control on the same port Han...

Page 168: ...Configuring Ports for Modem Use 10 10 PortMaster Configuration Guide...

Page 169: ...e following topics Configuring General Settings on page 11 1 Setting the Inband Signaling Protocol for T1 on page 11 3 Setting the Inband Signaling Protocol for E1 on page 11 4 Configuring ISDN PRI Se...

Page 170: ...e fractional keyword in this command to break up a channelized T1 line into groups The isdn fractional keyword refers to PRI only Setting Channel Groups You can divide the channels of a T1 or E1 line...

Page 171: ...otocol for T1 To set the inband signaling protocol and the inband call options used with channelized T1 use the following command Table 11 3 explains the inband signaling protocol options Command set...

Page 172: ...caller ID and dial digit tones use the mrf2 option Because some countries implement different variations of multi frequency robbed bit signalling MFR2 you must specify a profile with the mfr2 option...

Page 173: ...ster ISDN PRI ports use the following command entered on one line Table 11 5 explains the ISDN switch options Command set isdn switch ni 2 dms 100 4ess att 5ess net5 vn2 vn3 1tr6 ntt kdd Setting the F...

Page 174: ...0 encoding b8zs ami hdb3 Table 11 6 T1 Inband Signaling Protocol Options Option Description Line0 Line0 or Line1 esf Extended superframe This is the default format for T1 lines d4 D4 framing an altern...

Page 175: ...local network loopback To set the loopback use the following command Table 11 10 explains the loopback options Command set Line0 loopback on off Setting the Directory Number Normally a T1 or E1 line...

Page 176: ...hange For example an 8 modem card installed in modem slot 0 has modems numbered m0 through m7 Modems on an 8 modem card installed in modem slot 1 are numbered m10 through m17 To make the digital modem...

Page 177: ...for dial out network connections you can convert the analog service to digital service To set the digital modems to analog modem service for the specified location use the following command Table 11...

Page 178: ...lus one 64Kbps signaling channel However channelized T1 is available in many service areas that do not yet provide ISDN PRI In areas where PRI is available the cost of channelized T1 may be significan...

Page 179: ...Set the encoding method for the line Command set Line0 encoding b8zs ami 5 Save the configuration changes and reboot Command save all Command reboot 6 Use the following command to display the line co...

Page 180: ...card supports only one line group The first line group found numerically is used for the configuration The fractional line group supports any number of time slots It also supports 56Kbps channels In...

Page 181: ...T1 service 1 Set the line for fractional T1 Command set line2 fractional 2 Set the channel group for fractional T1 Command set line2 group Cgroup channel Channel list 3 Set the channel rate Command s...

Page 182: ...console displays the following message Card Service Stopping wancard in slot 0 When you correctly reinstall the card the console displays the following message Card Service Starting wancard in slot 0...

Page 183: ...ommand set endpoint Hex Command save all Command reboot Note You must use the save all and reboot commands after issuing the set endpoint command for the endpoint discriminator to take effect Displayi...

Page 184: ...nsole with the reset console command Debug information is displayed to the console To set debug flags used for troubleshooting use the following command entered on one line Command set debug mdp statu...

Page 185: ...tMaster Command Line Reference for more detailed command descriptions and instructions Overview of ISDN BRI Connections ISDN is most commonly used to provide low cost connectivity between sites that c...

Page 186: ...the same services that an asynchronous port provides except for direct network hardwired connections The PortMaster automatically detects whether the port is providing asynchronous or synchronous 56Kb...

Page 187: ...uire for your ISDN setup refer to the information in the hardware installation guide and on the Lucent Remote Access website at http www livingston com System Link Network NT1 S1 S2 PortMaster 2e 1182...

Page 188: ...ues shown in Table 12 1 International ISDN BRI Switch Types The PortMaster ISDN S T interface for use in Japan Europe and other countries using international ISDN standards uses a different set of swi...

Page 189: ...Profile Identifier SPID for ISDN BRI The service profile identifier SPID is a unique number assigned by the telephone company that identifies your ISDN equipment to the telephone company s switch SPI...

Page 190: ...and save all Information Elements IEs Number plan and number type are values that relate to attributes associated with the called and calling party information elements IEs used to exchange phone numb...

Page 191: ...anufacturer setting so that you can for example begin successfully to place outbound calls use the following command Command set isdn numberplan 0 1 2 7 8 The new setting becomes effective immediately...

Page 192: ...Port Limits You can set port limits on a per user basis for Multilink V 120 Multilink PPP and asynchronous multiline load balancing users If a port limit is set the user is limited to that number of...

Page 193: ...or network dial out use the set location telephone set location username and set location password commands as described in Chapter 8 Configuring Dial Out Connections ISDN BRI Unnumbered IP Configurat...

Page 194: ...wing settings for the PortMaster in San Francisco a Configure global settings page 12 16 b Configure Ethernet interface settings page 12 16 c Configure ISDN port settings page 12 17 d Configure dial i...

Page 195: ...igure the global settings on the PortMaster in Denver to the values shown in Table 12 3 After you configure the global settings shown in Table 12 3 enter the following command to save the configuratio...

Page 196: ...erface Configuring ISDN Port Settings Configure the ISDN port with the values shown in Table 12 5 for the example in this chapter This example assumes that the BRI used is port S1 S2 on a PortMaster I...

Page 197: ...A user account must be set up on the PortMaster router in Denver so that PortMaster in San Francisco can dial in when traffic is queued The new user sf should be configured with the values shown in T...

Page 198: ...The new location sf should be configured with the values shown in Table 12 7 User IP address set user sf address 192 168 100 1 Netmask set user sf netmask 255 255 255 0 IPX network set user sf ipxnet...

Page 199: ...configuration Command save all For more information about configuring location table parameters refer to Chapter 8 Configuring Dial Out Connections Configuring the PortMaster in San Francisco The Port...

Page 200: ...Interface Settings Configure the Ethernet settings to the values shown in Table 12 9 Table 12 8 Global Values Setting Command IP gateway set gateway 192 168 1 2 This is the address of the next upstrea...

Page 201: ...9 on a PortMaster 2E adjust these values accordingly All the other settings should be left at their default values After you configure the synchronous WAN port as shown in Table 12 10 enter the follow...

Page 202: ...1 enter the following command to save the configuration Command save all For more information about configuring user table parameters refer to Chapter 7 Configuring Dial In Users Table 12 11 User Tabl...

Page 203: ...e location for manual dialing until after the configuration has been tested Once the configuration is verified change the connection type to on demand Protocol set location denver ppp IP destination s...

Page 204: ...e dialer to connect between the two offices as instructed in the next section Once everything is working properly you can change the location type from manual to on demand on both routers and reset th...

Page 205: ...the console enter the following commands Command set console s1 Command set debug isdn on To turn off debugging enter the following commands Command set debug isdn off Command reset console If you are...

Page 206: ...put of the show S10 command for ISDN BRI ports Table 12 13 ISDN BRI Port Status Port Status Modem Status Description NO SERVICE DCD CTS TELCO NT1 No SPID is set NO SERVICE DCD CTS TELCO NT1 Port has e...

Page 207: ...nnection on page 13 7 Troubleshooting a Frame Relay Configuration on page 13 11 Frame Relay Subinterfaces on page 13 12 See the PortMaster Command Line Reference for more detailed command descriptions...

Page 208: ...is speed is the physical maximum bandwidth for your connection to the Frame Relay network Expansion beyond this limit is not possible without a hardware change and a new circuit installation Port Spee...

Page 209: ...your application and a CIR that is high enough to provide minimally acceptable performance for your application In most cases ordering according to these criteria provides service that is close to yo...

Page 210: ...nverse ARP if the other routers on your Frame Relay cloud support Inverse ARP as specified in RFC 1490 In this configuration the PortMaster sends an LMI status request every 10 configurable seconds by...

Page 211: ...10 seconds However if your telephone company chooses another keepalive value change this value as they instruct you Enabling LMI causes the DLCI list to be completed automatically If the attached swi...

Page 212: ...ds Listing DLCIs for Frame Relay Access If LMI or Annex D is not used you must enter the DLCI list manually The DLCI list is a list of DLCIs that are accessible through the Frame Relay network by this...

Page 213: ...ed an IP address to the PortMaster continue with the following steps 1 Configure the following settings for the PortMaster in Bangkok a Configure global settings page 13 8 b Configure Ethernet interfa...

Page 214: ...d to save the configuration Command save all For more information about global parameters refer to Chapter 3 Configuring Global Settings Configuring Ethernet Interface Settings Configure the Ethernet...

Page 215: ...hapter 6 Configuring a Synchronous WAN Port Configuring the PortMaster in New York Configure the settings for the PortMaster in New York with the values in the following sections You do not need to sp...

Page 216: ...ce Configuring Synchronous WAN Port Settings Configure the synchronous WAN port W1 to the values shown in Table 13 5 Table 13 4 Ethernet Values Setting Command IP address set ether0 address 92 168 1 1...

Page 217: ...otherwise the Cisco frame relay map command for your DLCI must have the ietf keyword appended For more information about synchronous ports refer to Chapter 6 Configuring a Synchronous WAN Port Troubl...

Page 218: ...off Command reset console If you have a Cisco router on the other end of your connection verify that it is set for encapsulation frame relay ietf for the serial interface otherwise the Cisco frame rel...

Page 219: ...uding setting an IP address routing and filtering for each interface Creating a DLCI Entry The next step in configuring the subinterfaces is to create an entry in the DLCI table Entries can be followe...

Page 220: ...hown with the ifconfig command Always reset the port after changing the DLCI list Verify that all DLCIs are accounted for by checking the DLCI list for your primary interface If you enter the wrong DL...

Page 221: ...tion is not shown here The following commands split the Frame Relay port into a primary subinterface for DLCI 18 and a secondary subinterface for DLCIs 16 and 17 Command set s1 group 1 Command add loc...

Page 222: ...Frame Relay Subinterfaces 13 16 PortMaster Configuration Guide...

Page 223: ...dapter supports B channel bonding Contact your service provider for specific information about the required terminal adapter Switched 56Kbps connections require an external CSU DSU ISDN and switched 5...

Page 224: ...unable to buffer the excess data when the incoming data for an ISDN line is 128Kbps Figure 14 1 shows an example of an ISDN or switched 56Kbps connection Figure 14 1 Example of an ISDN or Switched 56K...

Page 225: ...reflect your network Once you have assigned an IP address to the PortMaster continue with the following steps 1 Configure the following settings for the PortMaster in Boston a Global settings page 14...

Page 226: ...t Interface Settings Configure the Ethernet interface settings to the values shown in Table 14 2 After you configure the Ethernet interface as shown in Table 14 2 enter the following command to save t...

Page 227: ...chronous ports refer to Chapter 6 Configuring a Synchronous WAN Port Configuring a Dial In User A user account must be set up on the PortMaster router in Boston so the PortMaster in Miami can dial in...

Page 228: ...fic is queued The new location miami should be configured on the router in Boston with the values shown in Table 14 5 IPX network set user miami ipxnet F3 RIP routing set user miami rip on MTU set use...

Page 229: ...own in Table 14 5 enter the following command to save the configuration Command save all For more information about configuring location table settings refer to Chapter 8 Configuring Dial Out Connecti...

Page 230: ...tings Configuring Ethernet Interface Settings Configure the Ethernet settings to the values shown in Table 14 7 Table 14 6 Global Value Setting Command IP gateway set gateway 192 168 1 2 This is the a...

Page 231: ...Settings Configure the synchronous WAN port with the values shown in Table 14 8 After you configure the synchronous WAN port as shown in Table 14 8 enter the following commands to reset the port and s...

Page 232: ...you configure user table settings as shown in Table 14 9 enter the following command to save the configuration Command save all For more information about configuring user table parameters refer to C...

Page 233: ...Location name add location boston Type set location boston manual Set the location for manual dialing until after the configuration has been tested Once the configuration is verified change the connec...

Page 234: ...nect sequence between the two locations 3 If everything connects as expected do the following a Turn off debugging on the console Command set debug off Command reset console b Reset the port on the Of...

Page 235: ...rely to the correct port Not all WAN ports are capable of the same speeds Verify that the DIP switch is set to V 35 for Lucent cables and that you are plugged into the correct V 35 interface on your C...

Page 236: ...Troubleshooting a Synchronous V 25bis Connection 14 14 PortMaster Configuration Guide...

Page 237: ...ore detailed command descriptions and instructions Overview of Example Configuration The example described in this chapter connects a PortMaster Office Router located in a branch office in London with...

Page 238: ...ce to Office Dial On Demand Configuration The PortMaster ISDN Office Router OR U has an ISDN BRI port designated S1 S2 instead of a PCMCIA modem port The ISDN port can be used for ISDN dial on demand...

Page 239: ...an IP address to the PortMaster continue with the steps The following values shown in this chapter apply only to this example when you are configuring your PortMaster use values appropriate for your n...

Page 240: ...aster use values appropriate for your network After you configure the global settings shown in Table 15 1 enter the following command to save the configuration Command save all For more information ab...

Page 241: ...Router is designated S1 Configure the port with the values shown in Table 15 3 You must install the PCMCIA modem to configure port S1 Leave all the other settings at their default values Broadcast add...

Page 242: ...ffice can dial in when traffic is queued at the main office The new user paris should be configured with the values shown in Table 15 4 After you configure the user table as shown in Table 15 4 enter...

Page 243: ...ng last you ensure that the PortMaster will not attempt to make a connection with a location until you have configured all the settings for that location Table 15 5 Location Table Values Setting Comma...

Page 244: ...cations Server in the Paris office Configuring Ethernet Interface Settings Configure the Ethernet settings for the Paris office shown in Table 15 6 After you configure the Ethernet interface as shown...

Page 245: ...configure the port as shown in Table 15 7 enter the following commands to reset the port and save the configuration Command reset s1 Command save all For more information about asynchronous ports refe...

Page 246: ...For more information about configuring user table settings refer to Chapter 7 Configuring Dial In Users Table 15 8 User Table Values Setting Command Username add netuser london Password set user londo...

Page 247: ...P destination set location london destination 192 168 200 1 Netmask set location london netmask 255 255 255 0 IPX network set location london ipxnet F2 When configuring the IPX network number for the...

Page 248: ...save the configuration Command save all For more information about configuring location table settings refer to Chapter 8 Configuring Dial Out Connections Testing the Setup You should test the config...

Page 249: ...Paris office Setting the Console Port for Multiline Load Balancing Multiline load balancing is used to add additional lines when network traffic is heavy If more than one line to the same location is...

Page 250: ...London office use the values shown in Table 15 10 for the maximum number of ports and the high water mark See Dial Out Location Settings for London on page 15 7 for the other values Table 15 10 Locat...

Page 251: ...to using the PCMCIA port on the OR M except that you must do the following Configure the ISDN switch type as a global setting Set the SPID on the port Do not set the port speed flow control or modem c...

Page 252: ...Using ISDN for On Demand Connections 15 16 PortMaster Configuration Guide...

Page 253: ...s on page 16 3 Configuration Steps for an Internet Connection on page 16 3 Providing Network Filtering on page 16 10 Using ISDN for Internet Connections on page 16 11 For information on related topics...

Page 254: ...16 2 PortMaster Configuration Guide Figure 16 1 Continuous Internet Connection System Link Network PortMaster Office Router 11820010 11820010 PortMaster Internet Internet service provider office...

Page 255: ...IPX packets are not transmitted to or from the ISP You can also connect to an ISP with a dial on demand configuration as described in Chapter 15 Using Office to Office Connections However dial on dema...

Page 256: ...tings Configure the global settings to the values shown in Table 16 1 For more information about global settings see Chapter 3 Configuring Global Settings After configuring the global settings enter t...

Page 257: ...port configure the port with the values shown in Table 16 3 Table 16 2 Ethernet Port Parameter Values Setting Command IP address set ether0 address 192 168 200 1 Netmask set ether0 netmask 255 255 255...

Page 258: ...al port configure the port with the values shown in Table 16 4 Leave all other settings at their default values After configuring the serial port enter the following commands to reset the port and sav...

Page 259: ...Table Values Setting Command Location name add location isp1 Type set location isp1 manual Change to continuous after testing the configuration Protocol set location isp1 protocol ppp IP destination s...

Page 260: ...For more information about configuring locations see Chapter 8 Configuring Dial Out Connections Testing the Continuous Dial Out Setup The configuration should be tested before the location isp1 is set...

Page 261: ...nds to reset the port and save the configuration Command reset s1 Command save all Testing the Network Hardwired Setup To test a network hardwired connection follow these steps 1 Reset the newly confi...

Page 262: ...ter named internet in contains the following rules deny 192 168 200 0 24 0 0 0 0 0 log permit tcp estab permit 0 0 0 0 0 mail edu com 32 tcp dst eq 25 permit 0 0 0 0 0 ftp edu com 32 tcp dst eq 21 per...

Page 263: ...t the port speed flow control or modem control Set the telephone number with the set location telephone command Set the username with the set location username command Set the password with the set lo...

Page 264: ...Using ISDN for Internet Connections 16 12 PortMaster Configuration Guide...

Page 265: ...e 17 4 See the PortMaster Command Line Reference for more detailed command descriptions and instructions Overview of Dial In Configuration The PortMaster configuration described in this example allows...

Page 266: ...they were connected to the corporate network directly Although this example uses seven PortMaster 2E Communications Servers many more can be used With more than seven PortMaster Communications Server...

Page 267: ...68 1 2 rk2 edu com IP address of RADIUS backup accounting server 192 168 1 3 rk3 edu com Optional IP address of host running backup RADIUS 192 168 1 3 rk3 edu com Optional IP address of host that shel...

Page 268: ...shows variables in italics Change these values to reflect your network Once you have assigned an IP address to the first PortMaster continue with the following steps 1 Connect modems to the PortMaste...

Page 269: ...work users 2 Make sure that the modem cables are securely fastened and that you provide enough room for the modems to stay cool Configuring Global Settings Configure the global settings on the first P...

Page 270: ...17 3 After you configure the Ethernet interface as shown in Table 17 3 enter the following command to save the configuration Command save all For more information on Ethernet settings refer to Chapte...

Page 271: ...this example has the following features Raises carrier when a call comes in Resets itself when DTR is dropped Locks the DTE rate Uses hardware flow control RTS CTS Automatically answers on the first...

Page 272: ...of RADIUS If you are not using RADIUS configure dial in and network users in the user table RADIUS Settings Table 17 5 lists the RADIUS setting for the first PortMaster For information about RADIUS pa...

Page 273: ...r2 and so on with the values shown in Table 17 6 After you configure user table settings as shown in Table 17 6 enter the following command to save the configuration Command save all For more informat...

Page 274: ...l For more information about configuring user table values refer to Chapter 7 Configuring Dial In Users Testing the User Dial In Setup To test the configuration follow these steps for each PortMaster...

Page 275: ...ation Command set debug off Command save all 4 If you notice a problem do the following a Reset the port b Check your configuration c Dial the PortMaster again d Repeat this procedure until the connec...

Page 276: ...Configuration Steps for Dial In Access 17 12 PortMaster Configuration Guide...

Page 277: ...methods for providing access to shared devices on the PortMaster Host device configuration You use a UNIX host that supports the PortMaster in pmd daemon With this daemon you can configure ports as h...

Page 278: ...e other side of the country Network Device Configuration This configuration sets the port for host device access but uses the rlogin Telnet or netdata device service to access the attached device In t...

Page 279: ...er log in to a workstation and access a serial printer attached to port S9 as dev ttyre using the PortMaster device service The workstation user can also access port S2 as dev ttyrf when it is not bei...

Page 280: ...nter to port S9 with a null modem cable if the printer is a DTE device Pinouts for both cables are given in your hardware installation guide 3 Configure global settings page 18 4 4 Configure Ethernet...

Page 281: ...the Ethernet interface as shown in Table 18 2 enter the following command to save the configuration Command save all For more information on Ethernet settings refer to Chapter 4 Configuring the Ethern...

Page 282: ...ports refer to Chapter 5 Configuring an Asynchronous Port Speed 1 set s2 speed 1 115200 Speed 2 set s2 speed 2 115200 Speed 3 set s2 speed 3 115200 Modem control set s2 cd on Hardware flow control set...

Page 283: ...ed port S9 as shown in Table 18 4 enter the following commands to reset the port and save the configuration Command reset s9 Command save all The workstation printer subsystem should now be able to se...

Page 284: ...s modems or other devices attached to PortMaster ports via Telnet use the general configuration given earlier in this chapter but use the settings shown in Table 18 6 This example is for port S1 After...

Page 285: ...f the PortMaster you are accessing and 6001 is the TCP port set for the port you are accessing You can also set several ports to the same TCP port to create a pool of ports available for Telnet access...

Page 286: ...Configuration Steps for Shared Device Access 18 10 PortMaster Configuration Guide...

Page 287: ...a permanent connection between two routers Once the connection is established it remains available on a continuous basis whether there is network traffic between the two locations or not Leased line c...

Page 288: ...numbers and subnetting see Appendix A Networking Concepts In the leased line configuration described in this chapter the Ethernet address of the PortMaster routers is used as the address for the seria...

Page 289: ...eps for Leased Line Connections This example connects a PortMaster Office Router in Rome with a PortMaster Office Router in Florence using a leased line connection To install your PortMaster follow th...

Page 290: ...Command save all For more information about global settings refer to Chapter 3 Configuring Global Settings Configuring Ethernet Interface Settings Configure the Ethernet interface on the PortMaster O...

Page 291: ...If you are not sure of the IP address on the other end of the connection you can set the IP destination to 255 255 255 255 and the PortMaster will attempt to learn the address Leave all other settings...

Page 292: ...save the configuration Command save all For more information about global settings refer to Chapter 3 Configuring Global Settings Configuring Ethernet Interface Settings Configure the Ethernet settin...

Page 293: ...address on the other end of the connection you can set the IP destination to 255 255 255 255 and the PortMaster will attempt to learn the address Leave all other settings at their default values After...

Page 294: ...r counters are nonzero the problem is external to the PortMaster Note CRC errors will occur if the cable is ever unplugged from the PortMaster Verify that you are using the correct cable and that it i...

Page 295: ...to the PortMaster Troubleshooting Guide If the local loopback shows network connectivity in the local router take the CSU DSU out of loopback and set line loopback on the remote CSU DSU If the remote...

Page 296: ...Troubleshooting a Leased Line Connection 19 10 PortMaster Configuration Guide...

Page 297: ...rol information that allows data packets to be routed across networks Novell Internetwork Packet Exchange IPX is another protocol used to exchange data over PC based networks IPX uses Novell s proprie...

Page 298: ...portions of the address For this discussion consider a network to be a collection of computers hosts that have the same network field values in their IP addresses The concept of classes is being made...

Page 299: ...work can have almost 17 million hosts No new class A networks can be assigned at this time For example Class B Addresses The class B IP address format allocates the highest 16 bits to the network fiel...

Page 300: ...D IP address format was designed for multicast groups as discussed in RFC 988 In class D addresses the 4 highest order bits are set to 1 1 1 and 0 providing a range from 224 through 239 inclusive Clas...

Page 301: ...10 0 0 0 8 192 168 0 0 16 and 172 16 0 0 20 can be used by anyone for setting up their own internal IP networks Table A 2 Reserved and Available IP Addresses Class IP Address Status A 0 0 0 0 1 0 0 0...

Page 302: ...as broadcast addresses With CIDR networks are specified with an IP prefix and netmask length for example 172 16 0 0 16 192 168 1 0 24 or 192 168 200 240 28 IPX Addressing An IPX address consists of 10...

Page 303: ...dentifies the subnet field of a network address This mask is a 32 bit number written in dotted decimal notation with all 1s ones in the network and subnet portions of the address and all 0s zeros in t...

Page 304: ...masks VLSMs therefore the restrictions in earlier ComOS releases no longer apply The subnets of a network need not be physically contiguous and can have subnet masks of different lengths However ComOS...

Page 305: ...ecurity PortMaster products allow you to maintain network security using a variety of methods Security is a general term that refers to restricting access to network devices and data To enable securit...

Page 306: ...DIUS consolidates all user authentication and network service access information on the authentication RADIUS server The server can authenticate users against a UNIX password file NIS databases or sep...

Page 307: ...he equivalent information Table B 1 TCP and UDP Port Services Service Port Protocol Description ftp data 20 TCP File Transfer Protocol FTP default data ftp 21 TCP FTP control telnet 23 TCP Telnet smtp...

Page 308: ...Simple Network Management Protocol SNMP snmp 161 UDP SNMP snmptrap 162 TCP SNMP system management messages snmptrap 162 UDP SNMP system management messages imap3 220 TCP Interactive Mail Access Protoc...

Page 309: ...CP Variant of UUCP TCP uucp rlogin 541 UDP Variant of UUCP IP klogin 543 TCP Kerberized login klogin 543 UDP Kerberized login pmd 1642 TCP PortMaster daemon in pmd pmconsole 1643 TCP PortMaster Consol...

Page 310: ...B 4 PortMaster Configuration Guide...

Page 311: ...other for example an IP address into a media access control MAC address Address Resolution Protocol See ARP adjacency A relationship between two routers on the same physical network or between the end...

Page 312: ...other area An area border router runs separate copies of the shortest path first SPF algorithm for each area it attaches to Area border routers condense the topological information of their attached...

Page 313: ...an autonomous system path list might consist of Sequence 1 2 3 Set 4 5 Sequence 6 7 This list indicates that a packet traverses autonomous systems 1 2 and 3 in order then one or both of autonomous sys...

Page 314: ...ing CIDR and route aggregation is the predominant routing protocol used to propagate routes between autonomous systems on the Internet BGP uses TCP as its transport protocol BGP 4 Version 4 of BGP See...

Page 315: ...ng the PortMaster to call back dial in users before providing access Callback provides an extra layer of security and can simplify telephone charges CCITT Consultative Committee for International Tele...

Page 316: ...can request services from a file server across a network cluster A group of internal BGP peers that share a common set of route reflectors See also cluster ID route reflection route reflector Compare...

Page 317: ...nly by other confederation members Subdivision of an autonomous system into a confederation changes the peer relationships of confederation members in different CMASs from internal to external Use of...

Page 318: ...ation hardware receivers retiming modules and or repeaters bridges cabling or transceivers CSU Channel service unit An ancillary device needed to adapt the V 35 or X 21 interface to a port on a teleph...

Page 319: ...the route For a route learned from an external peer the PortMaster calculates a number based on the autonomous system path length the shortest path is preferred You can use a routing policy rule to ov...

Page 320: ...he Internet for translating the names of network hosts into IP addresses DRAM Dynamic random access memory A type of semiconductor random access memory RAM that stores information in integrated circui...

Page 321: ...E1 Digital WAN carrier facility used predominantly in Europe that carries data at a rate of 2 048Mbps E1 lines can be leased for private use from common carriers Compare T1 easy multihome A specializ...

Page 322: ...MP test packet is sent to elicit a standard response Ethernet A network communications system developed and standardized by Digital Equipment Corporation Intel and Xerox using baseband transmission ca...

Page 323: ...device A network device that links any non Frame Relay connection to a Frame Relay WAN frame A packaging structure for network data and control information A frame consists of a destination address so...

Page 324: ...ction between two sites A port on a PortMaster that is configured for hardwired use cannot be simultaneously used for any other type of connection hello Protocol used by OSPF routers to acquire neighb...

Page 325: ...o IP This protocol is used by the ping function to send an ICMP Echo Request to a network host which replies with an ICMP Echo Reply in band signaling Signaling over the data path injection policy A s...

Page 326: ...or physical networks belonging to the same area and containing no virtual connections to the backbone area International Organization for Standards See ISO internetwork A network of networks Internet...

Page 327: ...IP address prefix An IP address number that when paired with a netmask length represents a range of addresses rather than a single IP network For example the prefix and netmask length 128 0 0 0 8 des...

Page 328: ...between BGP peers to keep their BGP sessions open If a preset amount of time elapses between keepalive messages from a peer the PortMaster identifies the peer as no longer operational and drops the s...

Page 329: ...e Relay Two types of LMI are available on Frame Relay the original proprietary Cisco Stratacom LMI and the ANSI T1 617 Annex D LMI Although the PortMaster supports both LMI on the PortMaster refers to...

Page 330: ...utonomous system external links of an OSPF router that it periodically advertises Link states are also advertised when a link state changes M MAC address Media access control address A unique 48 bit b...

Page 331: ...ccess control address See MAC address message digest algorithm 5 See MD5 MIB Management Information Base A set of variables that a Simple Network Management Protocol SNMP based management station can...

Page 332: ...same neighboring autonomous system You can use a routing policy rule to override this value and assign your own multiexit discriminator to a route that you learn or advertise multihome routing In BGP...

Page 333: ...o fall within the range indicated by the prefix For example the prefix and netmask length 128 0 0 0 8 describe all networks whose IP addresses begin with 128 See also IP address prefix network A colle...

Page 334: ...PC server switching point bridge or gateway connected to a network at a single location A node can also be called a station See host nonvolatile RAM See NVRAM notification message A message sent betw...

Page 335: ...d and reprogrammed electronically allowing software images to be stored booted and rewritten as necessary O ODI Open Datalink Interface A Novell specification that isolates the protocol stack from the...

Page 336: ...s allowed access See also CHAP parity check A process for checking the integrity of a character A parity check appends a bit to a character or word to make the total number of binary 1 digits in the c...

Page 337: ...o the PortMaster during configuration You can use the default policy easy multihome or create and assign your own policies One policy can handle all three functions or you can create separate policies...

Page 338: ...telephone service provider configures its own switch that connects via an ISDN line to the user s ISDN hardware Because switch configuration varies according to hardware telephone company switch and a...

Page 339: ...standards RIP Routing Information Protocol A protocol used for the transmission of IP or IPX routing information rlogin Remote login A terminal emulation program similar to Telnet offered in most UNI...

Page 340: ...s across confederation boundaries See also cluster cluster ID confederation route reflector route reflector A router configured to transmit routes received from internal BGP peers to one or more other...

Page 341: ...shared network resources such as hard disks and printers Service Advertisement Protocol See SAP service profile identifier See SPID Simple Network Management Protocol See SNMP slave In Multichassis PP...

Page 342: ...o the area are by default imported into the stub area but might be squelched to further reduce area database size In this case the default route advertisement by the autonomous system border routers h...

Page 343: ...ous terminal adapter turns an asynchronous bit stream into ISDN and is treated by the PortMaster as if it were a modem A synchronous terminal adapter takes a synchronous bit stream and turns it into I...

Page 344: ...Protocol A connectionless protocol defined in RFC 768 UDP exchanges datagrams but does not provide guaranteed delivery U interface The ISDN interface defined as the connection between the network term...

Page 345: ...k further as necessary They fall forward to the next higher speed when line quality improves V 34 An ITU T standard that allows data rates as high as 28 8Kbps V 35 The ITU T standard for data transmis...

Page 346: ...resses to be assigned more efficiently OSPF and BGP support classless or VLSM routes VPN Virtual private network A restricted network that uses public wires to connect nodes A VPN provides a way to en...

Page 347: ...21 12 22 13 12 13 14 14 12 14 13 19 8 reset S0 5 9 5 21 5 25 10 6 12 13 12 20 reset V0 11 15 reset W1 6 11 S save all 5 9 5 13 5 16 5 19 5 21 5 25 6 11 11 11 12 5 12 6 13 15 save route 3 26 set accoun...

Page 348: ...set filter 9 6 set filter icmp 9 6 set filter tcp 9 7 set filter udp 9 7 set gateway 3 6 3 28 12 11 12 16 13 8 14 4 14 8 15 4 16 4 17 5 19 4 19 6 set host 17 5 18 4 set ipxfilter 9 7 set ipxgateway 3...

Page 349: ...n voice 8 10 12 8 set loghost 3 10 17 5 set M0 11 8 set M0 lastcall 11 9 set maximum pmconsole 3 9 set nameserver 3 8 17 5 set namesvc 3 8 17 5 set netbios 3 29 set P0 device 18 8 set P0 host 18 8 set...

Page 350: ...5 6 15 10 17 10 set user dialback 7 10 7 13 set user host 7 11 set user idle 7 4 set user ifilter 7 9 7 11 set user ipxnet 7 6 12 14 12 18 14 6 14 10 15 6 15 10 set user map 7 7 set user maxports 7 8...

Page 351: ...e0 11 2 11 11 show location 13 13 show M0 11 9 show mcppp 11 15 show modem 10 3 show modems 11 10 show P0 2 5 show routes 3 23 show S0 2 5 12 9 show syslog 3 12 show table filter 9 8 show table locati...

Page 352: ...Command Index Command Index 6 PortMaster Configuration Guide...

Page 353: ...evice service 5 14 dial groups 5 5 DTR idle 5 25 extended information 5 5 flow control 10 8 input and output filters 5 25 IPX network number 5 22 line hangup 10 9 login host 5 11 login message 5 6 log...

Page 354: ...s 3 21 ComOS overview 1 1 compression 5 23 6 11 7 8 8 8 configuration basic steps 1 4 planning 1 2 CONNECTING port status 2 6 connection types 8 3 console port 5 7 contact information Europe Middle Ea...

Page 355: ...ble 3 7 documentation related xvii Domain Name System See DNS DSR value 5 26 DTR idle 5 25 DTR for hangup 6 7 10 9 dynamically setting the IP address 3 12 E E M wink start protocol 11 3 E1 channel gro...

Page 356: ...6 11 7 10 RIP packets 9 12 SAP filters 9 8 security 9 1 storing 9 3 synchronous ports 6 10 TCP and UDP port services B 1 TCP options 9 6 9 7 UDP packets 4 3 user filters 9 5 flow control 5 4 hardware...

Page 357: ...stname resolution 3 8 hosts SNMP 3 22 hotswapping modems 11 10 I IDLE port status 2 6 idle timer asynchronous ports 6 7 dial out locations 8 10 disabling 7 4 users 7 4 in pmd 1 1 2 5 5 13 5 14 5 18 in...

Page 358: ...connections 15 15 16 11 port limits 12 8 provisioning 12 3 pulse code modulation for PRI line 11 8 SPID 12 5 supported PRI switches 11 6 switch type 12 4 TID 12 6 troubleshooting 12 21 ISP provided d...

Page 359: ...9 modems adding to modem table 10 3 automatic configuration 10 2 configuring for login 17 7 control 6 6 10 8 control signals 10 2 digital 11 9 digital to analog 11 10 DSR value 5 26 DTR idle 5 25 hard...

Page 360: ...5 1 on demand connections 2 4 8 3 15 1 overriding asynchronous port settings 5 3 P packet filtering 9 2 packet size setting with MTU 8 8 PAP authentication 3 29 5 19 parity checking 5 4 10 8 Password...

Page 361: ...ons 5 19 using for dial in and dial out 5 19 printer port configuration 18 7 prompt for login host 5 11 protocol asynchronous ports 5 22 location table 8 5 transport protocol 6 8 user 7 5 provisioning...

Page 362: ...Advertising Protocol 9 8 service profile identifier 12 5 services well known B 1 session limit 7 4 setting call check 3 30 shared device access 5 2 18 1 shared devices 5 11 host device 18 1 Telnet 18...

Page 363: ...2 internal clocking 11 13 pulse code modulation 11 8 setting use 11 2 TA 12 2 TCP default Telnet port 5 15 packets filtering 9 7 services and ports B 1 TCP IP header compression 5 23 6 11 7 8 8 8 TCP...

Page 364: ...ing for dial out 8 5 users defining dial in network users 17 10 defining dial in users 14 5 14 10 15 6 defining login users 17 9 deleting 7 3 disconnecting from virtual port 11 16 displaying configura...

Reviews:

No comments

Related manuals for PortMaster

3M 740 Software preview
740
Brand: 3M Pages: 3
Panasonic WJ-ND300 Administrator Console Operating Instructions Manual preview
WJ-ND300 Administrator Console
Brand: Panasonic Pages: 27
Adobe ACROBAT 3D Manual preview
ACROBAT 3D
Brand: Adobe Pages: 822
KIP KUWPD Operation Manual preview
KUWPD
Brand: KIP Pages: 22
KAPERSKY ANTI-VIRUS BUSINESS OPTIMAL Manual preview
ANTI-VIRUS BUSINESS OPTIMAL
Brand: KAPERSKY Pages: 31
Olympus Master 4.1 Operating Instructions Manual preview
Master 4.1
Brand: Olympus Pages: 149
I-Data ReRouter Installation & Operator’S Manual preview
ReRouter
Brand: I-Data Pages: 79
Xerox 701P40211 System Manual preview
701P40211
Brand: Xerox Pages: 110
ICP GDT monitor Manual preview
GDT monitor
Brand: ICP Pages: 60
Cycos Cycos ERGO mrs 5.0 Administrator'S Manual preview
Cycos ERGO mrs 5.0
Brand: Cycos Pages: 46
Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE Manual preview
CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
Brand: Red Hat Pages: 73
DeLorme XMap 7 GIS Getting Started Manual preview
XMap 7 GIS
Brand: DeLorme Pages: 29
GRASS VALLEY MEDIAEDGE-SVS4 Datasheet preview
MEDIAEDGE-SVS4
Brand: GRASS VALLEY Pages: 2
GRASS VALLEY EDIUS 6 Application Note preview
EDIUS 6
Brand: GRASS VALLEY Pages: 24
GRASS VALLEY AURORA INGEST - S AND UPGRADE INSTRUCTIONS V7.1 Upgrade Instructions preview
AURORA INGEST - S AND UPGRADE INSTRUCTIONS V7.1
Brand: GRASS VALLEY Pages: 66
FieldServer FS-8700-54 Driver Manual preview
FS-8700-54
Brand: FieldServer Pages: 8
MACROMEDIA FLASH 8-DEVELOPING FLASH LITE 2.X Develop Manual preview
FLASH 8-DEVELOPING FLASH LITE 2.X
Brand: MACROMEDIA Pages: 94
National Instruments IMAQ Vision for Measurement Studio User Manual preview
IMAQ Vision for Measurement Studio
Brand: National Instruments Pages: 114

Brands by name

Popular brands

Load more brands