background image

USER’S GUIDE

126      CyberSWITCH

D

EVICE

 

AND

 U

SER

 L

EVEL

 B

ACKGROUND

 I

NFORMATION

Multi-level security (device and user level) provides you with increased security options for your 
network. This feature supports device level security for all remote devices. User-level 
authentication can be performed on top of device level authentication for IP, IPX, AppleTalk and 
bridge users. Only users configured for user level authentication will be required to do so. Refer to 
the following illustration of a sample IP network configured for multilevel security.

The network security level has been configured for both device level and user level security. 
Certain remote devices, such as Ollie, are able to dial-in and are only authenticated at the device 
level. However, remote devices, such as Sparky, are configured in the device level database to be 
authenticated at the user level as well as at the device level.

For example, Scally is using the PC on the LAN attached to Sparky, a CSX150. Scally needs to 
download some files off of the Service Server, which is on the LAN connecting to Zoe, a CSX150. 
Upon initiation of Scally’s call, device level authentication begins. Zoe checks its on-node device 
database to see if Sparky is a valid device, and whether its IP address and password are also valid. 
If valid, Zoe allows the connection, however a data filter is placed on the connection. This filter only 
allows Telnet session traffic to flow over the connection between Zoe and Sparky. User level 
authentication begins when Scally telnets to the IP address 1.1.1.1, port 7003, which is the port 
assigned to the ACE server. Zoe sends the user level login prompt to Scally’s PC. Once Scally 
completes the login and password information, Zoe relays this data to the ACE Server. If Scally is 
a valid user in the ACE database and provides the correct login and password, Zoe removes the 
restrictive filter so he may access the Service Server, or any other system on that LAN. Now that 
Scally has been properly authenticated, any users on his LAN may access the systems attached to 
Zoe. For example, while Scally is downloading files, Simon could boot up his PC and access the 
Internet without going through the authentication process

ISDN

Ace Server

Internet

Service

Server

CSX150

1.1.1.1

sys name: Zoe

1.1.1.2

Device Table
name: Sparky
name: Ollie

CSX150

sys name: Sparky

Device Table
name: Zoe

CSX150

sys name: Ollie

Device Table
name: Zoe

Scally

PC

PC

Simon

PC

Содержание CyberSWITCH CSX150

Страница 1: ...SMALL OFFICE REMOTE ACCESS SWITCH USER S GUIDE Release 7 2 Cabletron Systems 603 332 9400 phone 603 337 3075 fax support ctron com...

Страница 2: ...TED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT EVEN IF CABLETRON SYSTEMS HAS BEEN ADVISED OF KNOWN OR SHOULD HAVE KNOWN THE POSSIBILITY OF SUCH DAMAGES Copyright 1998 by Cabletron Systems Inc A...

Страница 3: ...ics 1993 including one or more U S Patents No 4701745 5016009 5126739 and 5146221 and other pending patents Telenetworks Copyright 1991 92 93 by Telenetworks All rights reserved FCC NOTICE This device...

Страница 4: ...ontrol Council for Interference by Information Technology Equipment VCCI If this equipment is used in a domestic environment radio disturbance may arise When such trouble occurs the user may be requir...

Страница 5: ...2 Switches Supported 33 Hardware Overview 34 Safety Considerations 34 System Platforms 35 CyberSWITCH Characteristics 35 CyberSWITCH Series 36 CyberSWITCH Front Panel 36 CyberSWITCH Back Panel 37 Soft...

Страница 6: ...ion 53 Powering On 53 Accessing the Release Notes 54 Upgrading System Software 56 Overview 56 Upgrading Software 56 Local Software Upgrade 57 Local Upgrade of the Second Stage Boot SSB 57 Local Upgrad...

Страница 7: ...ion Elements 81 MAC Layer Bridging Background Information 82 Configuring Basic IP Routing 83 Overview 83 Internet Protocol IP Option 83 Enabling IP 83 IP Option Configuration Elements 84 IP Background...

Страница 8: ...1 Authentication Using a Security Token Card 122 System Requirements 123 Authentication Process with User Level Security 124 Device and User Level Security 125 Configuring Device and User Level Securi...

Страница 9: ...tion 156 Configuring Off node Device Database Location 156 Off node Device Database Location Configuration Elements 156 Off node Device Database Location Background Information 156 Configuring User Le...

Страница 10: ...Information 175 ADVANCED CONFIGURATION 176 Configuring Alternate Accesses 177 Dedicated Accesses 177 Configuring a Dedicated Access 177 Dedicated Access Configuration Elements 177 Dedicated Access Bac...

Страница 11: ...Bridge Filter Configuration Elements 207 Protocol Definition Configuration Elements 207 Bridge Filter Configuration Elements 207 Hardware Filter Configuration Elements 208 Bridge Filters Background In...

Страница 12: ...Filters in the IP Processing Flow 235 Packet Types 236 Limitations 237 Example of an IP Filter Configuration 238 DHCP Relay Agent 240 Configuring a DHCP Relay Agent 240 DHCP Configuration Elements 24...

Страница 13: ...nfiguration Elements 266 IPX NetWare Static Services Background Information 267 IPX Spoofing 267 Configuring IPX Spoofing 267 IPX Spoofing Configuration Elements 268 IPX Spoofing Background Informatio...

Страница 14: ...293 AppleTalk Capacities Configuration Elements 293 AppleTalk Capacities Background Information 294 AppleTalk Isolated Mode 294 Configuring the AppleTalk Isolated Mode 294 AppleTalk Isolated Mode Con...

Страница 15: ...315 PPP Configuration Elements 316 PPP Background Information 317 PPP Link Failure Detection 317 PPP Reference Documents 318 Default Line Protocol 319 Configuring Default Line Protocol 319 Default Li...

Страница 16: ...348 Verifying IP RIP 348 Verifying IP RIP is Initialized 348 Verifying IP RIP Output Processing on a LAN Interface 349 Verifying IP RIP Input Processing on a LAN Interface 350 Verifying IP RIP Output...

Страница 17: ...ns 374 IP Routing Over the LAN Interface Connection 374 IP Routing Over a WAN Interface Connection 375 IP Routing Over a WAN Direct Host Interface Connection 376 IP Routing Over a WAN RLAN Interface C...

Страница 18: ...stem Messages 403 Overview 403 Informational Messages 403 Boot Messages 404 Initialization Messages 404 Normal Operation Messages 404 Status Messages 404 Spanning Tree Messages 405 Warning Messages 40...

Страница 19: ...aring Operational Information 499 Configuration Related Commands 500 Restarting the CyberSWITCH 500 Setting the Date and Time 501 File Utility Commands 501 Terminating Administration Sessions 502 Appl...

Страница 20: ...ed Statistics 545 DHCP Statistics 546 Common DHCP Statistics 546 DHCP Relay Agent Statistics 547 DHCP Proxy Client Statistics 548 Frame Relay Statistics 549 Access Related Statistics 549 PVC Related S...

Страница 21: ...and Restore 573 Obtaining System Custom Information 573 APPENDICES 574 System Worksheets 575 Network Topology 576 System Details 577 Resources 577 Lines 577 Accesses 578 Device Information 579 Bridgi...

Страница 22: ...ecurity information may be stored on several different types of databases either locally or on a variety of remote databases System security also allows the configuration of administrative session Tel...

Страница 23: ...codes may appear in call trace messages DOCUMENTATION SET This guide the User s Guide provides information to install and configure your system It also provides information you may need to refer to k...

Страница 24: ...the documentation System Commands All system commands Administration and Manage Mode commands are italicized and in a different font than the general text For example if you are instructed to enter t...

Страница 25: ...a CyberSWITCH network We include an overview of unique system features interoperability security interfaces system components remote devices and switches supported Hardware Overview A description of s...

Страница 26: ...ive for individual users New forms of networking are now possible and affordable using the Integrated Services Digital Network ISDN ISDN is being deployed by major telecommunications companies world w...

Страница 27: ...The system dynamically controls the bandwidth in use between itself and other PPP devices This is accomplished by establishing and disconnecting calls The number of calls is limited only by the types...

Страница 28: ...em over the switched digital network The system monitors the connection for utilization and will remove the connection when it becomes idle Dynamic Management Provides a real time management mechanism...

Страница 29: ...eatures that help prevent unauthorized or inadvertent access to critical data and resources The modules support extensive security levels including PPP PAP and CHAP User name and password Calling Line...

Страница 30: ...Routers AppleTalk Routers MAC layer bridges connect to the system using the HDLC bridge encapsulation line protocol These devices send transparently bridged Ethernet frames to the system MAC layer br...

Страница 31: ...grammed in conjunction with the authentication server generates random passwords These passwords must be supplied correctly at system login time or access to the network will be denied The security to...

Страница 32: ...wing section describes remote ISDN devices REMOTE ISDN DEVICES The CyberSWITCH provides a centralized concentrator function for remote ISDN devices The devices can be separated into the following cate...

Страница 33: ...S NA Yes AT T 5ESS Yes Yes AT T Definity Yes Yes AT T Legend Yes NA NET3 Yes NA NET5 NA Yes NT DMS 100 Yes Yes NT DMS 250 NA Yes NT SL 100 Yes Yes NTT Yes Yes NI 1 Yes NA TS013 Yes NA TS014 NA Yes 1TR...

Страница 34: ...Service POTS interface which supports up to two telephone type devices including standard phones modems fax machines and answering machines The System s POTS service supports tone dialing only System...

Страница 35: ...b Environmental Characteristics Operating Temp 0 to 40 C 32 to 104 F Operating Humidity 5 95 non condensing Operating Altitude 3000 m maximum 10 000 ft maximum Non operating Shock 30 G 11 ms 1 2 sinew...

Страница 36: ...RX and 10BaseT These light to indicate transmissions receptions or good link integrity on the 10Base T port The WAN indicators CH 1 CH 2 D Chan and Sync When Sync is lit it indicates the line is conne...

Страница 37: ...he BRI line Conversely when the switches are off the resistors for the connector are not providing termination for the BRI line On an S T interface it is important to have the termination switches set...

Страница 38: ...0Base T LAN connector Note The 10Base T connector and the WAN connector are both RJ45 connectors However they do have different electrical interfaces Take care to keep these separate Pin Signal Functi...

Страница 39: ...default are combined in this file SYSTEM FILES The CyberSWITCH uses a flash file system instead of a hard disk and a two stage boot device to initialize the platform and download the system software T...

Страница 40: ...ns which contained filter information in the lan nei and or ip nei files With Release 7 2 configuration changes and configuration file updates this filter information will be moved to filter nei atalk...

Страница 41: ...time a new file is written USER LEVEL SECURITY FILES As administrator you may create a welcome banner file as well as a message of the day file to display at login with user level security Neither fil...

Страница 42: ...ering ISDN service in the United States Hardware Installation Step by step instructions for installing hardware components Accessing the CyberSWITCH Provides a description of the possible ways to acce...

Страница 43: ...guration information and to POTS configuration elements definitions ORDERING NI 1 LINES USING NI 1 ISDN ORDERING CODES If you are using a NI 1 switch type and your service provider supports ordering c...

Страница 44: ...orthern Telecom s DMS100 NI 1 are among the most popular When ordering an ISDN line there are general steps to follow that apply to all types and there are steps specific to your line type The general...

Страница 45: ...nt The sections below provide the settings for each 5ESS service type Note that your service provider may not be able to offer all of the features listed AT T 5ESS NI 1 SERVICE Note that some of the e...

Страница 46: ...COM DMS 100 SWITCHES The ISDN services supported by Northern Telecom DMS 100 switches are as follows in order of preference of usage 1 NI 1 2 Custom Service The sections below provide the settings for...

Страница 47: ...set both of them to yes Northern Telecom DMS100 NI 1 Service Provisioning Element Setting signaling functional PVC 2 TEI assignment dynamic maxkeys 3 is preferable 1 64 is acceptable release key no r...

Страница 48: ...r ACO to yes You may not set both of them to yes Northern Telecom DMS100 Custom Service Provisioning Element Setting signaling functional PVC 1 TEI assignment dynamic maxkeys 3 is preferable 1 64 is a...

Страница 49: ...t This cable is a 9 pin female to 9 pin female null modem cable Jack screws are included Note The BRI PRI LAN cables are straight through CAT5 patch cables The quantity shipped varies based on device...

Страница 50: ...n you merely connect up an ASCII terminal to the Console port How ever this method can only be used to configure or manage the system To install or upgrade system software you must use the null modem...

Страница 51: ...WITCH and the other end to the communication port on the PC On the PC you must then execute a communication package to emulate a terminal VT100 Your communication package should support file transfer...

Страница 52: ...device s IP address to be on the same subnet as the CyberSWITCH We recommend that you use 1 1 1 2 and do this on a LAN that is not connected to the internet Then place the CyberSWITCH on the LAN and T...

Страница 53: ...elow admin 3 It is recommended that the preconfigured password be changed to a user defined password To do this enter the following command at the system prompt pswd Follow the prompts to change the c...

Страница 54: ...and valid system software is detected the Second Stage Boot begins to load the system software Dots are displayed to indicate progress The display will look like the following 5 Log in and password pr...

Страница 55: ...atform directory ISDN standard directory option directory type REL_NOTE TXT more For example if your CD ROM is designated as drive D the platform you are installing is a CSX150 you are using US ISDN s...

Страница 56: ...d remote To perform a local upgrade refer to the section titled Local Software Upgrade A local upgrade is performed via the administration console attached to the system s RS232 port To perform a remo...

Страница 57: ...follow with the update of the OSW LOCAL UPGRADE OF THE SECOND STAGE BOOT SSB 1 Restart the CyberSWITCH 2 When Waiting for Commands appears on the system screen enter the following command recover 3 W...

Страница 58: ...nd until the download has started 7 After the file has been downloaded the system will reboot automatically and load using the new software REMOTE SOFTWARE UPGRADE Note For security purposes we recomm...

Страница 59: ...ng to install the OSW package each time REMOTE UPGRADE OF THE SECOND STAGE BOOT SSB WARNING If power is lost on the remote CyberSWITCH during this process a local upgrade of the SSB may be necessary b...

Страница 60: ...sfer varies depending upon your TFTP client Note If you experience a transmission timeout check the retransmission setting on the TFTP package A retransmission rate of 10 seconds is usually sufficient...

Страница 61: ...ts Use Dynamic Management s manage mode to carry out either of these functions To enter the manage mode type manage at the system prompt If you have no need for these types of devices PPP devices simp...

Страница 62: ...Local or Remote Upgrade except download the file DEFLTCFG OSW instead of the UPGRADE OSW file ACCESSING THE RELEASE NOTES The Release Notes provide release highlights and important information relate...

Страница 63: ...ent of the User s Guide Configuration Tools A description of the configuration tools provided for configuring the CyberSWITCH Configuring Lines and Resources Instructions for configuring your system s...

Страница 64: ...ode does have its limitations So when making configuration changes you usually need to use a combination of both of these two tools You may only have one CFGEDIT or Dynamic Management session active a...

Страница 65: ...yet but return to the Main Menu for further configuration RET To save changes at this point answer Y for yes The save process also includes all unsaved Manage Mode changes which were made prior to th...

Страница 66: ...ode help command lists the available Dynamic Management commands and instructs the user to enter the command followed by a question mark to see help information for that specific command readme Displa...

Страница 67: ...ult Configuration Summary Bridging Disabled IP Routing Enabled IP LAN Interface with IP address 1 1 1 1 Device Level Security CHAP enabled USER1 configured as PPP device USER1 as secret UnNumbered IP...

Страница 68: ...format is 1 A brief outline of the configuration procedure using CFGEDIT if applicable Note In this guide we have included a map of the configuration utility CFGEDIT 2 A brief outline of the configura...

Страница 69: ...of operation The WAN resource Ethernet resource and Serial resource COMMPORT are preinstalled and preconfigured on all systems However switch type selection is country dependent Refer to the country...

Страница 70: ...riate region Based upon the region you select a list of countries will be displayed 4 Select the country of operation 5 If you cannot find your country on any list return to the Region Menu and select...

Страница 71: ...ON The basic rate BRI resource directly terminates a standard USOC RJ45 connector It is supplied with a standard S T interface A U interface option is not available for this adapter The BRI resource s...

Страница 72: ...e named ASYNDMPORT This line may not be deleted from the CyberSWITCH configuration but its values including mode of operation are changeable A single WAN line and resource are also preconfigured To ch...

Страница 73: ...s supplied by your carrier c Number of digits to verify CONFIGURING CHANGES FOR A COMMPORT RESOURCE 1 Select Change from the Data Lines menu of Physical Resources 2 Select ASYNCDMPORT 3 You will be pr...

Страница 74: ...The point to point interface type is the type most often used in the U S point multipoint is most often used in Japan AUTO TEI The default setting for automatic TEI negotiation is yes For 5ESS and DMS...

Страница 75: ...ink to the telephone switch Your Carrier Service can provide you with the data link values you need to configure All switch types except the DMS100 and the NI 1 require a single data link per line The...

Страница 76: ...de of the BRI line The SPID format for Northern Telecom DMS 100 NI 1 Service is aaannnnnnnss where aaa is the 3 digit area code of the BRI line nnnnnnn is the 7 digit phone number of the BRI line ss i...

Страница 77: ...ems using the asynchronous management port COMMPORT for out of band management These elements control how the port will function Elements include modem name baud rate data bits stop bits parity value...

Страница 78: ...e dual line Plain Old Telephone Service POTS feature allows one or both of the ISDN B channels to alternatively be used with traditional phone equipment including faxes and answering machines There ar...

Страница 79: ...is busy If you disable this option the system will reject the incoming call c Select the Type of Device Connected to this Jack Select telephone or other Configuring POTS Information Per Device To conf...

Страница 80: ...he system can use both B channels for data until a call is initiated or received When a call comes up it may then drop back to a single B channel for data and reserve the other B channel for POTS use...

Страница 81: ...bridging filters known connect lists MAC LAYER BRIDGING OPTION ENABLING DISABLING BRIDGING USING CFGEDIT 1 Select Bridging from the Options Menu The following menu will then be displayed 2 Select Enab...

Страница 82: ...ging is enabled the system bridges data packets to the proper destination regardless of the network protocols being used The default configuration is bridging enabled Note If the bridge and the IP opt...

Страница 83: ...etwork that support IP RIP will not need static routes IP RIP will maintain those routes However static routes must be configured to identify remote networks connected across the WAN and for routers t...

Страница 84: ...mode which allows you to use IP applications such as Telnet and SNMP on a bridged network is a selectable option The Simple Remote Bridging chapter of the Examples Guide provides an example of a simpl...

Страница 85: ...subnet number assigned to it The IP host operating mode allows the management of a device using IP applications such as Telnet and SNMP while operating as a bridge IP host mode is useful in situations...

Страница 86: ...se routes IP NETWORK INTERFACES CONFIGURING INTERFACES USING CFGEDIT Note IP RIP v1 refers to IP RIP Version 1 and IP RIP v2 refers to IP RIP Version 2 IP RIP v1 supports broadcasting and IP RIP v2 su...

Страница 87: ...transmit broadcast address You will then enter one address This is because the system can only exchange RIP packets with one device over this type of connection Refer to IP RIP over Dedicated Connect...

Страница 88: ...rol h IP RIP v2 authentication key required only if the IP RIP v2 authentication control has been configured with a value other than No Authentication USING MANAGE MODE COMMANDS ipnetif This command d...

Страница 89: ...can be transmitted on the network interface Some devices on the network may not be able to receive large data packets This parameter allows you to maintain compatibility with these devices by setting...

Страница 90: ...BROADCAST IP ADDRESS Requested only if you selected Specify Explicitly for the transmit broadcast address The IP address of the device with whom the CyberSWITCH will be exchanging RIP packets For mul...

Страница 91: ...specific interface then designation of this element is required This element controls how the system responds to IP RIP requests on the interface The default value is automatically preconfigured when...

Страница 92: ...default value is automatically preconfigured when IP RIP is enabled Switch Meaning Do Not Respond This switch indicates responding to no IP RIP requests at all IP RIP v1 Only This switch indicates re...

Страница 93: ...ACKGROUND INFORMATION Network Interface is a term used to represent the physical connection of the system to a data network For example the Ethernet resource provides a network interface to an Etherne...

Страница 94: ...ct to the system Even MAC layer bridge devices can connect to the system and use IP protocols through a IP RLAN Network Interface With the LAN WAN and WAN RLAN IP interfaces you may enable the Routing...

Страница 95: ...umbers can be saved Note that if a WAN UnNumbered Interface is configured you must first add any devices that will be used as next hop devices for static routes before you can configure the static rou...

Страница 96: ...on the same subnet as one of the configured LAN interfaces Since only one LAN interface is configured that IP address must correspond to the one config ured LAN IP address See Secondary IP Addressing...

Страница 97: ...RIP determines the shortest path between two points on a network in terms of the number of hops between those points LAN type interfaces LAN and RLAN Interfaces and WAN interfaces are used by devices...

Страница 98: ...are updated Basically RLAN IP RIP interfaces function in the same manner For both LAN type interfaces to function properly with IP RIP additional LAN interface information is configured The additional...

Страница 99: ...ways advertise the remote IP devices IP RIP information Suppose there is a second CyberSWITCH that belongs to the logical Network 3 as shown in Example 2 It is better for SITE1 and SITE2 to advertise...

Страница 100: ...propagation needed for Example 1 or enabling host routes propagation needed for Example 2 The definition of this configuration element is included in the section Network Interface Configuration Eleme...

Страница 101: ...LAN Remote LAN and numbered WAN interfaces When devices are connected over WAN links in which cost is not a major concern such as dedicated links and semi permanent connections RIP can be used to prov...

Страница 102: ...ITE1 should exchange RIP packets If it is necessary to run the RIP between SITE1 and SITE3 as well as between SITE1 and SITE2 then another WAN network interface for example 2 1 1 1 on SITE1 and 2 1 1...

Страница 103: ...s on the same LAN Should the VRA manager notice some condition which prevents one of the CyberSWITCH nodes from properly performing its function for example link down it will order the other CyberSWIT...

Страница 104: ...traffic from hosts on different subnets attached to the LAN port would be dropped With the secondary IP addressing feature multiple IP network interfaces may be configured for each LAN port All existi...

Страница 105: ...t C is considered a log ical extension of network 1 x x x The CyberSWITCH generates an ARP response containing its own MAC address Host B then communicates with Host C by sending packets to the Cyber...

Страница 106: ...be taken when specifying a default route All IP datagrams that specify a destination IP address that do not have an explicit routing table entry will be sent to the default route If this destination...

Страница 107: ...the device name for the next hop gateway that provides access to the target sub network or host The IP address or the device name of the Next Hop must be on the sub network connected to a defined inte...

Страница 108: ...l charges in case there is a local route that could be used IP RIP PROPAGATION CONTROL This controls how a static route is propagated via IP RIP The following table provides an explanation of how a IP...

Страница 109: ...tes that access to IP Network 156 1 0 0 is available through the external router at 192 1 1 2 A static route is not needed for the CyberSWITCH to access WAN Direct Host 128 1 1 3 Because these two dev...

Страница 110: ...routes The same Manage Mode commands are used to configure both type of routes DEFAULT ROUTE CONFIGURATION ELEMENTS NEXT HOP ADDRESS IP address using dotted decimal notation or if an unnumbered WAN in...

Страница 111: ...ou are installing new system software the IP RIP processing is enabled by default if IP routing has been enabled Therefore if you have already enabled IP routing you do not need to enable IP RIP If yo...

Страница 112: ...nes the shortest path between two points on a network in terms of the number of hops between those points If routing is enabled and IP RIP is enabled there will be default IP RIP information configure...

Страница 113: ...vel security Configuring System Options and Information Instructions for enabling system options such as PPP Link security for configuring system information such as a system password and for configur...

Страница 114: ...r security configuration is required No database is needed for this option Device level security is an authentication process between internetworking devices Authentication happens automatically witho...

Страница 115: ...ol through the configuration of certain options such as Selecting an authentication database for administration sessions You may select an on node database a RADIUS server a TACAS Server or an ACE Ser...

Страница 116: ...sers A TCP connection allows the CyberSWITCH to communicate with the VRA Manager The Remote Authentication Dial In User Service RADIUS is a central database supported by the CyberSWITCH RADIUS operate...

Страница 117: ...user level security supports user authentication on top of device level authentication Often referred to as multilevel security this option increases the security on your network First authentication...

Страница 118: ...igure and to administration sessions The table below identifies the types of authentication databases that are applicable specified by yes for each type of network security and for administration sess...

Страница 119: ...gured on node device database all entries will be lost USING MANAGE MODE seclevel Displays the current security level configuration data Main Menu 1 Physical Resources 2 Options 3 Security 4 Save Chan...

Страница 120: ...the On node Device Database or remotely through the VRA Manager or RADIUS Server Device level security is the default configuration Through device level security you have several options for validatin...

Страница 121: ...s with a large number of devices or several systems Only one device database would need to be configured and maintained The Remote Authentication Dial In User Service RADIUS and the SecureFast Virtual...

Страница 122: ...emote user is being authenticated a data filter is placed on the connection This filter only allows the Telnet session traffic to flow over the connection between the user and the CyberSWITCH During t...

Страница 123: ...sfer IP datagrams over ISDN without MAC headers such as an IP PPP host device Bridging connectivity refers to the connectivity between the CyberSWITCH and a remote user computer that is connected to t...

Страница 124: ...mpt order you have configured Responses to prompts may vary depending upon whether or not you have a security token card and the type of security token card you have The ACE and TACACS servers support...

Страница 125: ...machine prompt with non PINPAD SecureID Card 1 Enter login Id remote machine 2 At the passcode prompt enter your 4 digit PIN followed by the 6 digit dynamic password on your SecurID card This makes u...

Страница 126: ...device level authentication begins Zoe checks its on node device database to see if Sparky is a valid device and whether its IP address and password are also valid If valid Zoe allows the connection...

Страница 127: ...istration security enhancements include selecting a database server for administration sessions and specifying an inactivity time out In addition you can restrict Telnet access by setting the number o...

Страница 128: ...Calling Line Id with the value configured if any in the Device List If the numbers are identical the connection will be established Otherwise the system will reject the incoming call When the Calling...

Страница 129: ...gins with sending a CHAP challenge request to the remote device The CHAP request contains a string of bytes known as the challenge value which is changed on each challenge Using the hash algorithm ass...

Страница 130: ...ecurity option allows you to configure specific Bridge Ethernet Addresses and an optional password on a per device basis When Bridge Ethernet Address security is enabled the System will look up the re...

Страница 131: ...etwork that require this information for system validation SYSTEM INFORMATION CONFIGURATION ELEMENTS SYSTEM NAME The System Name is a user defined name for the CyberSWITCH This name is preconfigured b...

Страница 132: ...information for system validation The System Name is passed during both PAP and CHAP negotiation The System Password is passed during PAP negotiation The System Secret is the CHAP Secret used during C...

Страница 133: ...e the value of the port number select 4 Telnet Server TCP Port Number from the from the Administrative Session menu 10 Follow the onscreen instructions for entering the port number 11 Select option 5...

Страница 134: ...PCs and files on those platforms could be changed while the database server can be physically more secure As an alternative to the local password file the user can now use security token cards along w...

Страница 135: ...is available to clean up dead Telnet sessions This Telnet server needs a unique port number in order to function The following example screen illustrates a successful emergency Telnet session The foll...

Страница 136: ...CONFIGURING AN ON NODE DEVICE DATABASE Before configuring an on node device database you must first configure network interfaces For further information regarding network interfaces and their corresp...

Страница 137: ...l be displayed Follow the onscreen instructions to add a device 3 Enter the device name The example screen below shows device DAN being added Device Level Databases Menu 1 On node Device Database Enab...

Страница 138: ...PPP as your line protocol select 1 ISDN Line Protocol and select the type you will be using b Check to see if the default base data rate initial data rate and maximum data rate are acceptable If not c...

Страница 139: ...sage ensure that the PVC Name matches the device name No pvc configured for Device DAN In order to associate a device to a specific PVC you must also provide authentication information see step 9 7 Fo...

Страница 140: ...tails For example for a PPP device specify a CHAP secret Or for an HDLC device enter a Bridge Ethernet Address Select the type of the Virtual Circuit 1 Permanent Virtual Circuit PVC 2 Switched Virtual...

Страница 141: ...ard i e do not select the IP Host RFC 1294 menu option on the Device Authentication Menu 9 To enter any needed IP information for your device select IP from the Device Table Menu The following screen...

Страница 142: ...tions to configure whether or not dial out to this device is allowed for this device d Press 4 at the above menu to specify an AppleTalk routing protocol the system should use with this device The opt...

Страница 143: ...and follow the onscreen instructions to change the configuration to enabled b If the remote device does not use 1 as the starting PPP STAC LZS sequence number press 2 to enter a new value for the star...

Страница 144: ...s to the system ISDN CONFIGURATION ELEMENTS Note These elements are configured for ISDN devices and devices over dedicated connections only ISDN LINE PROTOCOL The available line protocols for ISDN acc...

Страница 145: ...additional connection and yet the remote device may initiate another call to the system This inbound call causes the maximum data rate to be exceeded and the system will drop a connection If the remot...

Страница 146: ...ses for both local and remote devices are provided by your X 25 provider AUTHENTICATION CONFIGURATION ELEMENTS PAP PASSWORD This password is used by PPP line protocol for PAP authentication This is an...

Страница 147: ...ntical to the identifier configured on the device s IP Host system This field is only required when the IP routing operating mode is enabled The identifier entered here must be identical to the config...

Страница 148: ...in an error message being logged and the call being rejected IP INFORMATION CONFIGURATION ELEMENTS IP ADDRESS The device s IP address if any on the WAN link connecting it to the CyberSWITCH Options a...

Страница 149: ...ed port must be configured and the address must be 0 0 If the device is over a MAC dial in port no AppleTalk address needs to be entered The device is assigned a random AppleTalk address within the sp...

Страница 150: ...UMBER If the CyberSWITCH uses an IPX RLAN interface to connect to a remote bridge you may choose to change this information This parameter associates the bridge with the IPX network to which it connec...

Страница 151: ...vices which connect using the PPP protocol STARTING PPP STAC LZS SEQUENCE NUMBER When using the PPP compression with the STAC LZS protocol certain devices may not adhere to the protocol specification...

Страница 152: ...ge devices Conditionally Required means you must specify at least one of either the Calling Line Id or the Ethernet Address You may specify both IP Routing with HDLC Bridge Devices To allow devices to...

Страница 153: ...evice to connect to the CyberSWITCH you must have IP routing enabled For each PPP IP Device using this type of connection you may need to enter the device s IP address a PAP Password or a CHAP Secret...

Страница 154: ...rd or a CHAP Secret and a Calling Line Id The following table identifies the configuration requirements for possible security options for PPP Bridge Devices Note If CHAP Security is enabled and Outbou...

Страница 155: ...for IP Routing with PPP Bridge Devices Note If CHAP Security is enabled and Outbound Authentication has not been disabled a CHAP Secret must be entered for both the remote device and for the CyberSWI...

Страница 156: ...node central database allows a network with more than one CyberSWITCH to access one database for device authentication The CyberSWITCH will access the off node database to locate authentication infor...

Страница 157: ...from the main menu 2 Select option 4 User Level Databases Enable Disable from the Security Menu The following screen be displayed 3 Select the option you wish to configure and press RET This prompt ac...

Страница 158: ...te For user level security the CyberSWITCH s default Telnet port number is 7000 not the normal default 23 The Telnet port number used for remote administration sessions is the 23 If you wish you can r...

Страница 159: ...ISTRATION LOGIN NAMES When configuring the off node server itself you may configure up to 101 different names for system administration login You may assign administration capabilities to specific per...

Страница 160: ...wide Call Restrictions System wide Call Restrictions will override Call Restrictions configured on the VRA Manager on a per device basis USING CFGEDIT 1 Select Security from the main menu 2 Select op...

Страница 161: ...TION SERVER Note In order for the CyberSWITCH to reference a RADIUS Server for device authentication the following configuration steps must first be completed IP Routing must be enabled If you try to...

Страница 162: ...ondary RADIUS Server must not be the same as the Primary RADIUS Server 4 Select Miscellaneous Information to finish the configuration Specify the number of access request retries that the system will...

Страница 163: ...er and also required if a Secondary RADIUS Server is configured The default value of 1645 is almost always used NUMBER OF ACCESS REQUEST RETRIES The number of Access Request Retries that the system wi...

Страница 164: ...CH to reference the TACACS server basic IP information must be configured If the IP Host mode is not in use you must also configure the following a LAN Network interface must be configured appropriate...

Страница 165: ...TACACS Server UDP PORT NUMBER The UDP port number used by the TACACS Server The default value of 49 is almost always used NUMBER OF ACCESS REQUEST RETRIES The number of Access Request Retries that the...

Страница 166: ...CFGEDIT 1 Select option 4 ACE from the Off node Server Information menu If you need guidance to find this menu refer to the instructions provided in the VRA Manager Authentication Server configuration...

Страница 167: ...c file ace reinit Allows you to reinitialize the system ACE client This is required only if the server s IP address or encryption method has been changed A reinitialization removes the user named serv...

Страница 168: ...also configured to use SDI encryption then any authentication attempts via the system will fail SOURCE IP ADDRESS The source IP address for the ACE client should be a valid address in dotted decimal...

Страница 169: ...8 allow you to change the number of attempts for login or password change Item 9 allows you to specify the amount of time before an authentication timeout Enabling Item 10 allows BOOTP DHCP to transm...

Страница 170: ...splay user level security general configuration login banners login configuration specific to RADIUS and login configuration specific to TACACS netlogin change Allows you to change the current network...

Страница 171: ...gin configuration specific to RADIUS and login configuration specific to TACACS netlogin change Allows you to change the current network login configuration data After entering the netlogin change com...

Страница 172: ...ticularly important because the order of prompts must be the same as the order expected by the RADIUS server Selection 2 displays the following RADIUS Specific Device Login Menu 1 Change Password Cont...

Страница 173: ...ORMATION Login configuration parameters specific to RADIUS include the specification of prompt order and a password control character The prompt order specified on the system must match the prompt ord...

Страница 174: ...screen in which this information was originally configured You may display user level security general configuration login banners login configuration specific to RADIUS and login configuration specif...

Страница 175: ...ion of messages for TACACS return codes The prompt order specified on the system must match the prompt order specified on the TACACS server The default order is First prompt LOGIN ID PROMPT fixed Seco...

Страница 176: ...following advanced bridging options bridge dial out Spanning Tree Protocol mode of operation and bridging filters Configuring Advanced IP Routing Instructions for configuring the following advanced IP...

Страница 177: ...Select the line protocol In almost all cases select PPP Select HDLC only if you are connecting to a device that uses HDLC over a dedicated access 5 Enter the device name tied to this access optional...

Страница 178: ...evice based on the data rate configured for that device When the link utilization causes an underload condition the switched connections will be released with the dedicated connection remaining active...

Страница 179: ...scribed below You can then select to edit individual categories without paging through all of the parameters It is important to note that the line used for an existing X 25 access cannot be changed In...

Страница 180: ...range for this parameter will be 1 7 if the Modulo 8 sequence numbers are being used for LAPB or 1 127 if Modulo 128 sequence numbers are being used X 25 CONFIGURATION INFORMATION 1 Configure the X 2...

Страница 181: ...Control Negotiation is to be supported for SVCs negotiation is not performed on PVCs c Choose whether Throughput Class Negotiation is to be supported for SVCs negotiation is not performed on PVCs The...

Страница 182: ...tandard default transmit throughput class 8 Select the nonstandard default receive throughput class 9 After all of the above information has been entered for your PVC repeat the above steps to add the...

Страница 183: ...value is modulo 8 TIMER T1 This timer defines the maximum time to wait for responses to pending commands The range for the T1 timer is 1 to 10 seconds The default value is 1 second TIMER T3 This time...

Страница 184: ...SVCs supported for this X 25 access X 25 TIMERS Your PPSN provider should be able to provide you with the optimum values for the X 25 timers If you are unable to obtain these values select the default...

Страница 185: ...configuration elements are for SVCs that support negotiation MAXIMUM THROUGHPUT CLASS This value is used to determine the maximum throughput class that the system will support for X 25 connections Th...

Страница 186: ...achines that process the packet Larger packet sizes reduce the opportunity for other devices to share the channel On the other hand a larger packet reduces the ratio of overhead fields to user data Th...

Страница 187: ...on of the X 25 access itself have been completed You may now configure the virtual circuits associated with the X 25 access PVC CONFIGURATION ELEMENTS Once the above X 25 configuration elements have b...

Страница 188: ...aximum amount of data that can be received through the network when the network is operating at saturation Factors influencing throughput are line speeds window sizes and the number of active sessions...

Страница 189: ...ta to be sent to that destination is simply sent in data packets using the assigned logical channel A SVC is similar to a dial up connection A call origination packet called a Call Request packet cont...

Страница 190: ...over an X 25 VC FRAME RELAY ACCESSES CONFIGURING A FRAME RELAY ACCESS Notes You may configure up to 32 frame relay accesses per CyberSWITCH and a total of 48 PVCs The number of PVCs you can assign per...

Страница 191: ...arrier service 12 Enter the Link Integrity Verification Timer duration in seconds 13 Enter the following counts Full Status Enquiry Polling Count the Error Threshold Count and the Monitored Events Cou...

Страница 192: ...numeric characters DATA RATE The data rate that applies to the line being used for this frame relay access BEARER CHANNELS A list of bearers a channel map that will be used on the line associated with...

Страница 193: ...erval is equal to the value of the configured Link Integrity Verification Timer This parameter is a component of the LMI ERROR THRESHOLD COUNT The number of errors in the last n events required to dec...

Страница 194: ...o pay extra for a CIR from your carrier we recommend configuring CIR where the following is true physical speed number of PVCs CIR This configuration allows quick alleviation of congestion For a more...

Страница 195: ...ly connected routes the packet to the intended destination based upon the DLCI therein Hence each packet is routed independently through the network based on the addressing information provided by thi...

Страница 196: ...ts plays in the function of frame relay access THE LOCAL MANAGEMENT INTERFACE OVERVIEW Besides the steady state data transfer portion of the frame relay module the standards have provided for a frame...

Страница 197: ...er equipment exceeds that node s capacity Congestion notification in the device plane is used to inform the equipment at the ingress point to the network of the congestion and allows the user equipmen...

Страница 198: ...frame relay access only after that frame relay access had failed Switched and packet mode services will not be allowed to connect any given two nodes simultaneously The following diagram is provided a...

Страница 199: ...he Bridge Filters section and the Known Connect List section for further information The bridge determines if a connection already exists or whether a connection should be initiated The MAC frame is s...

Страница 200: ...ct Add Provide the device name as prompted and continue with device configuration as described in Configuring Device Level Databases 6 Under ISDN select Dial Out Phone Number 7 Provide device s dial o...

Страница 201: ...router has been disabled USING MANAGE MODE COMMANDS hwfilt Displays the current hardware filter configuration data hwfilt enable Enables the hardware filter hwfilt disable Disables the hardware filter...

Страница 202: ...lue is unrestricted bridging BRIDGE MODE OF OPERATION BACKGROUND INFORMATION Selecting the bridge mode of operation allows you to determine the forwarding method that the bridge will use to distribute...

Страница 203: ...packet matches a discard filter packet filter only it is discarded If the packet matches a forward filter it is forwarded to the distribution list If the packet matches a connect filter it is connect...

Страница 204: ...out remote MAC addresses they are added to the MAC address list for hardware filtering Once either the time limit or the limit of number of addresses is reached the hardware filtering feature will be...

Страница 205: ...earn Time Out USING MANAGE MODE COMMANDS Manage Mode can be used to complete all of the bridge filter configuration This section provides you with the commands available for each bridge filter type Pr...

Страница 206: ...ed from the current configuration Protocol Filter Commands protfilt Displays the current protocol filter configuration data protfilt add Allows a protocol filter to be added to the current configurati...

Страница 207: ...mber from 0000 to FFFF that checks the protocol Id of a MAC frame BRIDGE FILTER CONFIGURATION ELEMENTS FILTER ACTION For each filter category there are three filtering actions that the system can perf...

Страница 208: ...trol address as defined by IEEE 802 3 specifications MAC addresses are specified as 12 character hexadecimal numbers Up to 63 MAC addresses can be configured The mode of hardware filtering be in manua...

Страница 209: ...OTOCOL DEFINITIONS If you configure any protocol filters you must first configure any needed protocol definitions After you define a protocol filter it will automatically be assigned a protocol Id The...

Страница 210: ...given device When the specified unicast address appears in the source address field of a MAC frame the frame will NOT be forwarded as specified in the distribution list If no distribution list is spec...

Страница 211: ...format The Ethernet type or LSAP field will be checked based on packet format See the section titled Protocol Definitions for more information 7 PACKET OFFSET dd MASK xxxxxxxxxxxx VALUE xxxxxxxxxxxx D...

Страница 212: ...o the normal learning bridge methods DISCARD WAN A packet matching this filter will not be forwarded to any remote sites connected on the WAN The packet will be sent to the LAN ports according to the...

Страница 213: ...s specified in the distribution list In this manner you can specify remote sites and LANs for connection 3 DESTINATION MAC address FORWARD distribution list This filter allows you to forward MAC frame...

Страница 214: ...s within the frame data are significant and will be compared to the value The frame data is logically anded with the mask and then compared to the specified value The value field must be a subset of t...

Страница 215: ...this filter will only be forward ed to remote sites connected on the WAN The packet will not be sent to the LAN ports FORWARD ALL A packet matching this filter will be forwarded on the LAN ports and f...

Страница 216: ...etween filters and their forwarding actions refer to the discussion beginning on page 210 Preliminaries Be sure your system s resources are properly configured This includes resources lines and datali...

Страница 217: ...ol Filter 5 Packet Data Filter 6 Hardware Filters Select function from above or RET for previous menu 3 Current Destination Address Filter id DEST ADDRESS ACTION DISTRIBUTION LIST There are currently...

Страница 218: ...abase section found in the Configuring Device Level Databases chapter The dial out call must be made within a configured amount of time from its last connection This time is configurable through the B...

Страница 219: ...s the CyberSWITCH builds its bridge table and associates each MAC address it sees with an interface When a remote bridge establishes a connection and begins sending traffic to the CyberSWITCH the Cybe...

Страница 220: ...on allows you to either enable or disable maintaining static routes for devices on the RADIUS Server This option is only applicable when a RADIUS Server is in use IP Address Pool The IP Address Pool a...

Страница 221: ...TIC ROUTE LOOKUP VIA RADIUS USING CFGEDIT 1 Select Static Route Lookup via RADIUS Enable Disable from the IP menu 2 Follow the onscreen instructions to either enable or disable this feature USING MANA...

Страница 222: ...e IP address contained in a configured range a Select to delete an IP address b Select the Id of the range you want to delete the address from c Select to delete a single IP address contained in the r...

Страница 223: ...uld not be configured for the device either in the on node device database or in a remote authentication database if an IP address is to be assigned to the device from the IP address pool IP FILTERS T...

Страница 224: ...The system will then display the new packet with wild card values similar to the following IP Routing Menu 1 IP Routing Enable Disable 2 IP Operating Mode 3 IP Interfaces 4 IP Static Routes 5 RIP Ena...

Страница 225: ...lue with wild card valid only with an EQUAL operator or an arbitrary numeric value The upper level protocols include TCP UDP ICPM CONFIGURING THE COMMON IP PORTION USING CFGEDIT 1 To change the source...

Страница 226: ...operator other than RANGE you will be prompted for a specific TCP port number 7 Select TCP Control 8 Specify a control value any established or not established CONFIGURING UDP If you have selected UDP...

Страница 227: ...you have selected ICMP as your IP protocol a screen similar to the following is displayed Note that the following ICMP defaults constitute a wild card match for any ICMP packet 1 Select ICMP Type 2 S...

Страница 228: ...to take when an IP packet matches that type forward or discard A screen similar to the following will then be displayed 6 If the filter already has a forwarding condition other than the final conditi...

Страница 229: ...6 If the filter already has a forwarding condition other than the final condition an additional prompt is presented concerning the condition s position within the filter Enter the location within the...

Страница 230: ...rning the condition s position within the filter Enter the location within the filter where the condition is to be added at the beginning at the end after the existing condition with id number n Note...

Страница 231: ...hange 4 Select the interface on which the filter is to be applied 5 Press RET until you reach the prompt which asks for Input Filter Name 6 If you want to apply an Input filter provide the filter name...

Страница 232: ...OT EQUAL comparison Symbolic mnemonics are supplied for the most popular upper level protocols TCP UDP ICMP when using an EQUAL comparison on these values the corresponding protocol specific compariso...

Страница 233: ...ared against the target values These values may be a numeric quantity between 0 and 255 or the mnemonic ANY can be used with an EQUAL comparison as the wild card value IP FILTERS BACKGROUND INFORMATIO...

Страница 234: ...pass is made through the individual conditions The first complete match of a Packet Type dictates the action which is applied to the datagram When the action is DISCARD the datagram is dropped The fil...

Страница 235: ...r this purpose The Exception Filter is a built in filter which is selectively enabled and disabled When enabled it is logically appended before each Forwarding Filter which an IP packet encounters The...

Страница 236: ...Interfaces are created dynamically at run time with the name of the remote WAN device providing the unique identifier for the Interface Consequently when a filter is applied to the externally visible...

Страница 237: ...this applies even if the packet is not used in a condition and the filter is not enabled IP Source Address AND mmm mmm mmm mmm EQ NEQ ttt ttt ttt ttt IP Destination Address AND mmm mmm mmm mmm EQ NEQ...

Страница 238: ...here Corporate hosts including dial in devices may initiate TCP based sessions with the Internet but not vice versa This covers the main IP applications such as TELNET FTP SMTP server and HTTP An assu...

Страница 239: ...ilter When traffic arrives from the Internet the Exception filter will be executed first thereby allowing an override of the existing conditions of the Input filter The Exception filter would be set u...

Страница 240: ...you have entered 255 255 255 255 for the IP address you will need to select the network interface to which DHCP BOOTP request messages should be relayed 5 Press 3 to configure the hop count threshold...

Страница 241: ...ral LAN through ISDN remote bridges are now able to obtain their IP addresses from a DHCP server located on a central LAN The Dynamic Host Configuration Protocol DHCP provides configuration parameters...

Страница 242: ...ge is a broadcast storm Since all remote LANs are connected through bridge devices all broadcast traffic will be forwarded from one remote LAN to all the other LANs and from a central LAN to all other...

Страница 243: ...p to the DHCP Server is another DHCP BOOTP Relay Agent In this configuration the DHCP Client is able to obtain its IP address from the DHCP Server and any other information that the server provides us...

Страница 244: ...de Device Database PAP security Bridging disabled Bridging disabled IP enabled router mode I F LAN 192 168 1 168 I F WAN 192 168 10 168 Static Route dest 204 157 42 0 next hop 192 168 10 1 IP enabled...

Страница 245: ...vice should work In this configuration the DHCP Client is able to obtain its IP address from the DHCP Server and any other information that the server provides using the Relay Agent contained in the D...

Страница 246: ...Level Device Level On node Device Database PAP security Bridging disabled Bridging enabled Bridge Packet Data Filter offset 1 mask 00 value 00 action CONNECT dist list Alex IP enabled router mode I F...

Страница 247: ...onfiguration submenu 6 Select 1 Enter the maximum number of IP addresses that may be obtained from a DHCP server for this interface 7 Select 2 Enter the number of IP addresses obtained from DHCP serve...

Страница 248: ...configured LAN ports The default for this value is 1 DHCP BACKGROUND INFORMATION The DHCP Proxy Client feature enables the CyberSWITCH to dynamically obtain IP addresses from a DHCP server for IP hos...

Страница 249: ...pical use of the DHCP Proxy Client This configuration has the DHCP server and the CyberSWITCH located on the same LAN In this configuration the remote IPCP device Summer is able to negotiate and obtai...

Страница 250: ...Bridging disabled IP enabled router mode I F LAN 192 168 1 168 LAN port 1 I F WAN explicit 192 168 10 168 DHCP related max addrs to obtain 10 num addrs to pre fetch 5 LAN port to reach server 1 DHCP...

Страница 251: ...g is enabled the full IPX feature is available for configuration The IPX configuration process includes configuring the IPX internal network number configuring IPX interface information enabling disab...

Страница 252: ...nd it helpful to refer to the graphic and to the sample screens for clarification while completing your IPX configuration CSX5500 Remote Router CSX1200 External Network Number 11111111 33333333 555555...

Страница 253: ...eing the default If the option is set to enable the system will process and forward IPX data packets at the IPX network layer If the option is set to disable the system will process and forward IPX da...

Страница 254: ...unnumbered WAN network interface in their latest versions of their IPX router When two routers communicate they will try to use the unnumbered network interface type If both routers support this type...

Страница 255: ...connect to remote bridge devices over the WAN In other words when incorporating a Remote LAN interface along with traditional WAN interfaces the CyberSWITCH can connect to routers or bridges or a mix...

Страница 256: ...tered a summary screen will be displayed similar to the sample screen below 12 As shown above enter Y to save the interface configuration 13 Repeat this procedure to add additional interfaces USING MA...

Страница 257: ...same network must be assigned the same external network number in order to communicate MAXIMUM TRANSMISSION UNIT MTU Specifies the maximum number of bytes that can be transmitted on the network interf...

Страница 258: ...es how the system will send SAP information on this network interface If this parameter is set to send the system will transmit IPX SAP packets on this network interface If this parameter is set to do...

Страница 259: ...on Protocol RIP to transmit its routing information on the network This protocol periodically broadcasts routing table updates on the network A dynamically learned entry is aged out of the system s ro...

Страница 260: ...lows you to disable enable IPX SAP IPX ROUTING PROTOCOL CONFIGURATION ELEMENTS IPX RIP PROCESSING OPTION Specifies whether the system should process the NetWare Routing Information Protocol RIP If thi...

Страница 261: ...ICE TABLES The system stores IPX routing information in a table Each time a packet is received the routing table is referenced to determine to which network interface to forward the packet There are t...

Страница 262: ...hed for long periods of time For more efficient operation consider the following when using a remote LAN interface Link utilization parameters Most bridges and routers allow you to configure link util...

Страница 263: ...mber of hops for this route 6 Enter the number of ticks for this route 7 Select a RIP propagation scheme from the displayed list Note that the third option propagate only when the Next Hop is connecte...

Страница 264: ...number is used to calculate the best route to the destination IPX network when multiple routes exists This parameter is a decimal value from 1 to 15 NUMBER OF TICKS Indicates the time in ticks that a...

Страница 265: ...for this service 6 Enter the hexadecimal IPX node number for this service 7 Enter the hexadecimal IPX socket number for this service 8 Enter the number of hops to this service 9 Select the SAP propaga...

Страница 266: ...ated This parameter is a hexadecimal value 2 bytes in length Some common IPX Socket numbers are 0x0451 NetWare Core Protocol File Server 0x0452 Service Advertising protocol 0x0453 Routing Information...

Страница 267: ...o all devices regardless of their individual spoofing configurations b Press 2 to select the system IPX watchdog spoofing level The default values for all parameters will be displayed Enter the Id of...

Страница 268: ...the following IPX elements IPX watchdog spoofing SPX watchdog spoofing serial packet handling message packet handling PACKET HANDLING METHOD Available for Serial Packet Handling and Message Packet Han...

Страница 269: ...The implementation of watchdog spoofing eliminates unnecessary connections while allowing clients to be aged out and does not require any client side spoofing or end to end protocol The parameters fo...

Страница 270: ...led By default the option is enabled When disabled the SPX keep alives are routed without any special handling If the option is enabled the SPX spoofing duration time T is specified in minutes The def...

Страница 271: ...ATION In order for certain protocol implementations such as NetBIOS to function in the NetWare environment routes must allow a broadcast packet to be propagated throughout an IPX internet The IPX type...

Страница 272: ...e costs of periodic broadcasts over WAN links Triggered RIP and triggered SAP are user configurable items which you enable in the on node device database page 275 Under the Options Menu IPX Routing Tr...

Страница 273: ...When this timer expires and the unreachability information is communicated to all the reachable WAN routers this route is deleted Valid range for timer 1 to 10 000 seconds default 120 seconds RETRANS...

Страница 274: ...P and SAP updates are only transmitted on the WAN when a specific request for a routing service update has been received when the routing or service databases are modified by new information from anot...

Страница 275: ...the WAN peer type as either active or passive An active peer receives broadcasts at all times a passive peer receives broadcasts only when a connection is up 12 Select Spoofing Options Make changes t...

Страница 276: ...X Watchdog Spoofing Menu 1 Default Handling is Discard 2 Handling while the connection is up is Forward 3 Handling for the special period after disconnecting is Spoof 4 Special period of time after di...

Страница 277: ...or bridge data 8 Select IPX Remote LAN Network Number Provide the external network number for the Remote LAN interface if desired The default value NONE means the remote IPX external number will be th...

Страница 278: ...utes and service tables NONE Specifies no RIP and SAP protocols neither periodic nor triggered You must configure static routes and static services Use the NONE option when the remote device such as a...

Страница 279: ...G OPTIONS For IPX routing IPX spoofing options are configurable by device and correspond to the system level spoofing options For IPX Remote LAN devices IPX spoofing options are currently not availabl...

Страница 280: ...rSWITCH must be running the latest software release to take advantage of the available SNMP features If you are using Cabletron s SPECTRUM Element Manager as NMS the enterprise MIB is already built in...

Страница 281: ...unity Name 5 Enter the SNMP trap information optional a Configure IP address es and Community Name used in SNMP Trap PDUs Enter the IP address of the NMS s that should receive the traps The NMS is a d...

Страница 282: ...he level of access available to the associated Community Name The following is a chart of the three possible access levels and their access privileges MANAGE SNMP The SNMP feature is enabled Current S...

Страница 283: ...formation to aid in monitoring the B channel usage Refer to the System Commands chapter s ISDN Usage Related Commands section for information regarding this command The generated B Channel Usage Traps...

Страница 284: ...s valid the corresponding MIB access level is then checked to determine if the Community Name has the access rights needed to perform the desired PDU action If either the Community Name or the MIB acc...

Страница 285: ...hange data the SNMP Agent will also generate SNMP Trap PDUs to inform the Network Management Station of important system events Whenever such an event occurs the appropriate SNMP Trap PDU will be sent...

Страница 286: ...off node server times out clidDisconnect Trap An SNMP Agent will generate an clidDisconnect Trap PDU anytime there is a configuration problem with a device s Calling Line Id cdrOutOfBuffer The number...

Страница 287: ...eTalk capacities enable disable the AppleTalk isolated mode optional APPLETALK ROUTING OPTION ENABLING APPLETALK ROUTING USING CFGEDIT 1 AppleTalk routing is disabled by default To perform any AppleTa...

Страница 288: ...n increases the CyberSWITCH will make additional connections as required to provide a consistent level of performance to the device As link utilization decreases connections will be released APPLETALK...

Страница 289: ...AppleTalk networks over WAN It creates a logical Apple Talk network that comprises of multiple numbered point to point links with the same Apple Talk network range The WAN UnNumbered port type also cr...

Страница 290: ...ION THE APPLETALK NETWORK TYPE An AppleTalk network consists of four basic pieces the nodes networks network numbers and routers All these pieces together form an AppleTalk internet Initial implementa...

Страница 291: ...head associated with dynamic naming APPLETALK REMOTE LAN Overview An AppleTalk WAN Remote LAN port connects remote bridge devices to other AppleTalk router ports The AppleTalk router treats all bridge...

Страница 292: ...oofing is not currently supported for this feature Off node route lookup is not currently supported for this feature APPLETALK STATIC ROUTES CONFIGURING APPLETALK STATIC ROUTES USING CFGEDIT 1 Select...

Страница 293: ...emote AppleTalk network APPLETALK ROUTING STATIC ROUTES BACKGROUND INFORMATION You only need to configure static routing entries if you need to access a WAN network that is not directly connected to t...

Страница 294: ...w the onscreen instructions to either enable or disable the isolated mode APPLETALK ISOLATED MODE CONFIGURATION ELEMENTS ISOLATED MODE STATUS You may enable or disable the AppleTalk Isolated Mode When...

Страница 295: ...control options using CFGEDIT follow the steps outlined below 1 Select Options from the main menu 2 Select Call Control Options from the options menu This will display the following call control menu...

Страница 296: ...FGEDIT section for specific parameters THROUGHPUT MONITOR CONFIGURATION ELEMENTS SAMPLE RATE A Sample Rate identifies the number of seconds for each sample period The default setting for the sample ra...

Страница 297: ...lls depending on the amount of WAN traffic If no information is being sent the call will be terminated The system will also make additional calls to a site if it is determined that extra bandwidth is...

Страница 298: ...dwidth can be increased it will add a new channel into the connection group At this time the system adjusts its upper threshold for the new aggregate capacity and resets its counters If the new capaci...

Страница 299: ...peak loads and backup THROUGHPUT MONITOR CONFIGURATION EXAMPLE In the above example the sample rate is 5 seconds the number of samples to examine per sample rate the window is 3 the configured percent...

Страница 300: ...ocess will be reset CALL INTERVAL PARAMETERS CONFIGURING THE CALL INTERVAL PARAMETERS USING CFGEDIT 1 Select Call Intervals from the Call Control Options menu 2 Enter the minimum time interval between...

Страница 301: ...ONTHLY CALL CHARGE CONFIGURATION ELEMENTS STATUS Allows you to enable or disable the monthly call charge option MAXIMUM MONTHLY CHARGE The maximum monthly charge value The legal values are from 1 to 1...

Страница 302: ...lays the current Call Restriction configuration data callrest off Disables the Call Restriction feature callrest on Enables the Call Restriction feature CALL RESTRICTION CONFIGURATION ELEMENTS STATUS...

Страница 303: ...ll be allowed however a warning will be written to the report log MAXIMUM CALLS PER MONTH The maximum number allowed per month The default value is 6900 calls per month Statistics will be logged to tr...

Страница 304: ...and available through the ds command The current value of this statistic will be displayed on the monitor when the cr stats command is used Two actions are available if this limit is exceeded These a...

Страница 305: ...connection time If desired the system can be configured to issue a warning when the limit is exceeded instead of stopping the calls BANDWIDTH RESERVATION The bandwidth reservation feature allows a po...

Страница 306: ...You may want to consider deleting the lines you are reserving for your profile from the default profile To delete the reserved lines from the default profile press 2 at the Device Profile screen to c...

Страница 307: ...TION CONFIGURATION ELEMENTS DEFAULT PROFILE The Default Profile is the available profile for all valid devices not identified with a specific device profile The Default Profile initially contains all...

Страница 308: ...ured for use by all devices that are not configured to use an alternate profile in the reserved list This default profile list may be configured to remove lines from general use SEMIPERMANENT CONNECTI...

Страница 309: ...d into the semipermanent device list and appears as shown below USING MANAGE MODE COMMANDS semiperm Displays the semipermanent connection menu The configuration screens are identical to those displaye...

Страница 310: ...rSWITCH attempts to connect to the device The default is 60 minutes N A appears when the CyberSWITCH will not attempt a call again after a rejection Note When the Session Interval is configured a devi...

Страница 311: ...o systems together with semipermanent connections For each system configure a semipermanent connection to the other and enable Throughput Monitoring on both However you may occasionally see a glare co...

Страница 312: ...ou are using User Level Security you may wish to adjust the Authentication Time out and or change the Call Control Failure banner Continue with the following steps 6 Select Security and then Network L...

Страница 313: ...re This feature provides call control management with any authentication agent e g RADIUS ACE TACACS To use VRA for call control management only you must enable the feature The call will be authentica...

Страница 314: ...sconnect the device s call Call restrictions reached for this device Maximum bandwidth reached for this device Device and CyberSWITCH to which it is connected are not part of the same group Device on...

Страница 315: ...rate with devices that do not provide a standard PPP implementation Changing these parameters can result in PPP option negotiation failure and the inability to communicate with remote devices The defa...

Страница 316: ...elds RECEIVE SETTINGS The receive settings for PFC and ACFC control whether and how the system receives PPP Packets with PFC or ACFC Receive setting options include mandatory requested repeated indefi...

Страница 317: ...ily transmitted over point to point links 2 A Link Control Protocol LCP for establishing configuring and testing the data link connection 3 A family of Network Control Protocols NCPs for establishing...

Страница 318: ...ce data transfer is allowed Echo Requests will be sent at a configured frequency As long as Echo Replies are received the link is deemed to be functional A second parameter specifies the maximum numbe...

Страница 319: ...ENTS ACTION ON FRAME TIMEOUT The action to be taken if no frame is received before the configured frame timeout value has expired The default value is to disconnect the call The complete list of choic...

Страница 320: ...server to which the CDR log reports will be sent Enter the ID of the log file you wish to use If a preconfigured Syslog Server is selected enter the decimal UNIX priority value USING MANAGE MODE COMM...

Страница 321: ...that each system be assigned a system name that is unique within its environment LOCAL LOG FILE OVERVIEW The CDR local log file is a circular file stored in RAM It contains a fixed number of records A...

Страница 322: ...n result priority of authentication info is encoded as 26 hex Note Because the values for both the facilities and the severity levels may vary from one version of UNIX to the next the system allows yo...

Страница 323: ...ction describes CDR events for switched ISDN services There are five ISDN CDR events connect disconnect reject system up and verify A connect event occurs when the system authenticates the remote devi...

Страница 324: ...e that happen to coincide The record format of all CDR reports is consistent so that all reports have a first record with identical fields all reports which have a second record have identical fields...

Страница 325: ...The field contains the time and date The meaning of this field varies depending upon the report Connect Event Report Contents On a connect event records 1 through 3 are used The event type is CONNECT...

Страница 326: ...vided by the telephone switch Not all switches provide calling line identification A phone number is always displayed for outbound calls The duration is calculated by subtracting the ISDN connection t...

Страница 327: ...no value is delivered by the off node database 4 Option 3 is only applicable when using PPP compression with the STAC LZS protocol This allows you to change the starting PPP STAC LZS sequence number f...

Страница 328: ...his configuration item the device will be given its starting sequence number from the value on this menu As its name implies this option only applies to connections which utilize the PPP protocol with...

Страница 329: ...so encapsulated will be considered to be uncompressed data and will be forwarded on in the order they were received Transmitted packets whose compressed size increases to the point of exceeding the li...

Страница 330: ...links and packets will be compressed before they are fragmented for transmission across the multiple links The following documents provide additional information about PPP Compression The PPP Compres...

Страница 331: ...types to or from target remote systems through a console invoked TFTP Client function Access to files on an system will be controlled by configuration through Manage Mode File access attributes are a...

Страница 332: ...ION ELEMENTS FILE ATTRIBUTE The access right for each access level assigned to each file type Access rights include read only access R write only access W read and write access RW no access rights N F...

Страница 333: ...or no access rights for the corresponding file type The file types that fall under the headings shown above are as follows File category File types included in the category REPORT RPRT_LOG 1 STATISTIC...

Страница 334: ...ems encountered in the verification process LED Indicators Provides an explanation of the LED indicators These indicators can provide valuable information for troubleshooting System Messages Provides...

Страница 335: ...CyberSWITCH Note At least one remote device is required to proceed with many of the verification procedures VERIFYING HARDWARE RESOURCES ARE OPERATIONAL To verify the operation of the WAN and LAN hard...

Страница 336: ...sage should be displayed among the system messages Data Link up slot port ces Depending on the resource switch type the system will delay up to 2 minutes before attempting to bring up the data links N...

Страница 337: ...displayed with these LAN messages If you see these bridge initialization messages then bridging is operational If these bridge initialization messages are NOT displayed refer to Bridge Initialization...

Страница 338: ...ection is functioning If the following message appears the dedicated connection is not functioning Dedicated connection down Slot slot Port port Refer to Remote Device Connectivity in the Problem Diag...

Страница 339: ...e device connectivity 1 In a controlled manner initiate an ISDN connection from each remote device 2 When each remote device connects to the system it will appear as either a REMOTE site or as the con...

Страница 340: ...hapter 2 Reconfigure the definition of the remote device in the device database to enable User Level Authentication Attempt to ping the Service Server again On the client PC type ping 100 0 0 2 return...

Страница 341: ...s then the IP host is operational If these IP host initialization messages are NOT displayed refer to IP Host Initialization of the Problem Diagnosis chapter VERIFYING IP HOST MODE IS OPERATIONAL The...

Страница 342: ...e ping 100 0 0 1 2 If a message similar to the following is displayed the IP host mode feature over the specified WAN connection is operational 100 0 0 1 is alive 3 If this message is not displayed th...

Страница 343: ...gnosis chapter 2 Once IP routing is operational on each LAN port on your Ethernet resource then IP routing over the LAN Connection is operational VERIFYING IP ROUTING OVER A WAN INTERFACE To verify th...

Страница 344: ...0 0 1 return If the remote IP host successfully pings to the CyberSWITCH then continue with the next step If the remote IP host CANNOT ping to the CyberSWITCH refer to IP Routing Over a WAN Interface...

Страница 345: ...AN Direct Host interface are 1 Determine if a remote IP host can access the CyberSWITCH over the WAN connection On the remote IP host type ping 100 0 0 1 return If the remote IP host successfully ping...

Страница 346: ...N Remote LAN interface are 1 Determine if a remote IP host can access the WAN Remote LAN interface of the CyberSWITCH over the WAN connection On the remote IP host type ping 192 100 1 1 return If the...

Страница 347: ...esses specific to the example Substitute the IP addresses of your network when you perform the IP routing verification steps It also uses the ping command The ping command sends a packet to a specifie...

Страница 348: ...1 0 7 Pr 17 9A00 UDP Src 5001 Dst 69 If no packets have been discarded refer to IP Filters in the Problem Diagnosis chapter 5 When test completed turn off the trace Issue the administrative console co...

Страница 349: ...n console command The netstat command displays the IP routing table of the system Substitute the equivalent command on your IP host To verify the operation of IP RIP output processing on a LAN interfa...

Страница 350: ...oute to 131 1 0 0 from Router 1 On the administration console type ip route return If the following route entry is displayed among other route entries the IP RIP input processing is operational The P...

Страница 351: ...P RIP INPUT PROCESSING OPERATIONAL ON A WAN INTERFACE To verify that IP RIP Input Processing routes learning is properly operational on a WAN interface the IP RIP processing must be successfully initi...

Страница 352: ...alization messages the IPX router is initialized If these IPX router initialization messages are NOT displayed refer to IPX Routing Initialization in the Problem Diagnosis chapter VERIFYING IPX ROUTIN...

Страница 353: ...e operational and connected to the Remote LAN The remote bridge device in our example this is SITE2 must be operational and available to initiate connections 1 From the router SITE1 verify that the IP...

Страница 354: ...le command dr RET 2 Look for following message among the system messages Starting Triggered RIP SAP for WAN Peer 3 If this message is displayed continue check to see if Triggered RIP SAP is operationa...

Страница 355: ...alization in the Problem Diagnosis chapter VERIFYING APPLETALK ROUTING IS OPERATIONAL To verify that AppleTalk routing is properly operational a remote Macintosh must be operational and available to i...

Страница 356: ...bove then the AppleTalk Routing over a LAN connection is operational Continue with the next step 3 If all zones are NOT displayed then AppleTalk Routing over the LAN connection is not operational Refe...

Страница 357: ...NMP feature operational 2 To verify that the MIB objects can be retrieved via the SNMP get command begin by making sure that the latest version of the enterprise MIB the ih_mib asn file has been compi...

Страница 358: ...the call was made successfully Refer to Dial Out in the Problem Diagnosis chapter if the call was not made successfully VERIFYING CALL DETAIL RECORDING The cdr verify console command is used to verif...

Страница 359: ...guration of the profiles and how they are assigned to each device refer to the Bandwidth Reservation in the Configuring Call Control chapter VERIFYING PPP LINK FAILURE DETECTION IS OPERATIONAL To veri...

Страница 360: ...6 Check the log for the message which indicates that a link failure has been detected 7 If there is a failure refer to WAN Line Availability for corrective actions VERIFYING DHCP RELAY AGENT The follo...

Страница 361: ...og DHCP R Failed to open UDP port 67 erc error return code If this error message is found in the report log refer to Enabling the Relay Agent in the Problem Diagnosis chapter VERIFYING THE RELAY AGENT...

Страница 362: ...ke the following the client was not able to obtain its IP address from the DHCP Server C ping 204 157 42 168 Pinging 204 157 42 168 with 32 bytes of data Destination host unreachable Destination host...

Страница 363: ...g to enable the Proxy Client the following message will be present in the report log DHCP P Failed to register with the IP Address Pool Manager erc error code If this error message is found in the rep...

Страница 364: ...the instructions actions in the dial out verification section VERIFYING PROXY ARP IS OPERATIONAL Use the following graphic to help you in verifying that Proxy ARP is operational When following the ste...

Страница 365: ...IP host devices to see what MAC addresses are mapped to the target IP address On many operating systems the arp a command displays the ARP cache If the target IP addresses are mapped into the nearest...

Страница 366: ...u will need to use the system s configuration editor To use CFGEDIT enter the cfgedit command at the system prompt Although this utility allows you to make changes to the configuration while the Cyber...

Страница 367: ...he failure to see the following IP message for each IP interface IP Network initialized successfully on ddd ddd ddd ddd indicates that you may have either not configured a needed interface or have inc...

Страница 368: ...heck the status of the line If it is determined that there is no problem with the line contact Customer Support Problem The system does not display the WAN line availability messages Instead the syste...

Страница 369: ...ill be using the dedicated connection and make any necessary corrections FRAME RELAY CONNECTIONS Problem The system displays the following message in the report log Unexpected error during transmissio...

Страница 370: ...cket access and the LAPB addressing format modulo 8 or 128 is consistent with the line provisioning 5 If the log contains a sequence similar to the following I 17 33 32 32 1067 IN LAPB SABM I 17 33 42...

Страница 371: ...ports these messages then continue with the next step If the system does not report these messages the remote device is not correctly connecting to the system Check and verify the configuration of the...

Страница 372: ...s and the appropriate actions to be taken MULTI LEVEL SECURITY Problem A remote device is not able to receive a ping response from a local device when the remote device is authenticated on both the de...

Страница 373: ...ng the iproute add Manage Mode command 3 Check that the CyberSWITCH and the specified Host both have the same Subnet mask and Sub network number for that ip address using the ipnetif Manage Mode comma...

Страница 374: ...message No response from ip address Action 1 Verify that the routing entry for the destination network exists by entering the following administrative console command iproute ip address If the comman...

Страница 375: ...e with the next step If the proper WAN interface does not exist make corrections to the system configuration using CFGEDIT 3 Check that the IP address configured in the Device list for the IP Host dev...

Страница 376: ...hapter If the local IP Host does not have the proper route entry make corrections to the local IP Host configuration IP ROUTING OVER A WAN DIRECT HOST INTERFACE CONNECTION Problem The remote IP Host c...

Страница 377: ...y initialized Use the ipnetif command a Manage Mode command to check for the proper WAN RLAN interface If the proper WAN RLAN interface exists then continue with the next step If the proper interface...

Страница 378: ...te entry for the remote network with the CyberSWITCH as the next hop If it does refer to Verify IP Routing Over a LAN Connection in the System Verification chapter If the local IP Host does not have t...

Страница 379: ...Filter using Manage Mode ipfilt command The Exception Filter overrides all other filters If the Exception Filter is enabled this could be the problem 2 With per device and network interface filters it...

Страница 380: ...r is still 0 there is an unexpected condition present within the CyberSWITCH software Contact Customer Support 4 If the RIP Send Control is set to RIP Version 1 or RIP Version 1 Compatibility use Mana...

Страница 381: ...e address is not the correct address for the Router correct the transmit broadcast address for the interface using CFGEDIT Refer to page 380 for instructions regarding checking the address 3 Enter the...

Страница 382: ...X routing over the WAN connection IPX routing service tables triggered RIP SAP start up triggered RIP SAP operation IPX ROUTING INITIALIZATION Problem The CyberSWITCH does not display the correct IPX...

Страница 383: ...n use the ipxnetif Manage Mode command If they are not using the same encapsulation then correct it either on the CyberSWITCH or the NetWare server 5 Verify that the CyberSWITCH and the NetWare server...

Страница 384: ...elated to the Remote LAN verify the IPX Network Number for the remote bridge in the router s configuration under bridging properties Refer to Remote LAN Devices for details IPX ROUTING OVER THE WAN CO...

Страница 385: ...network interfaces plug this data into previously described formula 2 Run CFGEDIT From Options select IPX Routing 3 Select IPX RIP Table maximum number 4 Increase the size of the table based upon you...

Страница 386: ...console command and look for the starting message in the log 2 Generate a triggered RIP SAP update request to the devices in question Issue the following console command for each device ipx trigreq d...

Страница 387: ...ng the following console command atalk port If the command shows the port is not in up state wait for a couple of minutes and repeat this step 2 Check to see if the LAN connection of the port is opera...

Страница 388: ...s is not within that range then try to close the AppleTalk control panel once and then reopen it If the AppleTalk address is still invalid then try to assign a valid address manually by marking User d...

Страница 389: ...sing CFGEDIT 2 If the static route is not configured correctly make the appropriate corrections 3 If the static route is properly configured then contact your Distributor or Customer Support APPLETALK...

Страница 390: ...one of the following messages appears there is an unexpected condition present within the CyberSWITCH software Contact Customer Support SNMP SNMP initialization failure unable to allocate necessary m...

Страница 391: ...pOutTraps counter is not increasing while these reports are being logged there is an unexpected condition present within the CyberSWITCH System software Contact Customer Support SNMP Unable to obtain...

Страница 392: ...CALL RQST ACK Call Id call Id Rate data rate Slot slot Port port Chans bearer channel map TN telephone number di aled Ces communication endpoint suffix ConnId connect Id In CALL RQST ACK CallId call...

Страница 393: ...at the syslogd daemon is running on the syslog server This can be done with your UNIX system s process status ps command This command should result in a display of the syslogd process If none is displ...

Страница 394: ...e indicate the CCP protocol 0x80FD The CyberSWITCH does not have Compression ENABLED In this case the CyberSWITCH will respond to all attempts by the peer to open CCP with a TERM ACK frame The connect...

Страница 395: ...le trying to open a UDP port for use by the DHCP BOOTP Relay Agent Therefore the relay agent will not operate correctly Contact your Distributor or Customer Support Problem The following message is NO...

Страница 396: ...r you should be able to ping the DHCP Relay Agent closest to the DHCP Client If you cannot you need to add static routes that allow you to do so 6 From the DHCP Relay Agent closest to the DHCP Client...

Страница 397: ...not take effect until the system is restarted 4 When Manage Mode is exited an attempt will be made to enable the Proxy Client 5 Re examine the report log for the Proxy Client Enabled message 6 Remembe...

Страница 398: ...yberSWITCH and the DHCP server These static routes are required for smooth operation of the DHCP protocol 6 If the DHCP server is not on a directly connected LAN another test may be performed If at al...

Страница 399: ...e the system transmits data across the LAN Note that at least 128 bytes of data must be transmitted to trigger the TX indicator The RX indicator flashes while the system is receiving data from another...

Страница 400: ...vice indicator s activity Also you may access your administrative console for further information issue the dr console command to view system messages D CHAN LED status One Data Link Multiple Data Lin...

Страница 401: ...ble below provides an error description corresponding to the number of consecutive LED blinks FSB First Stage Boot SSB Second Stage Boot SERVICE INDICATOR BLINKS If the Service indicator blinks at any...

Страница 402: ...ink if semipermanent devices are configured and a connection to one of these devices is faulty Use the sp command to check the status of the semipermanent connection Once you correct the problem the S...

Страница 403: ...essage text describes the actual message being reported This chapter describes the types of system messages available for example informational and error It also lists each message individually with s...

Страница 404: ...essages Bridge is operating in UNRESTRICTED mode Data link up Slot slot Port port Ces comm endpoint suffix SNMP SNMP initialized successfully NORMAL OPERATION MESSAGES The system normal operation mess...

Страница 405: ...Y The following pages list all the informational warning and error messages alphabetically The text describes the messages and includes suggestions for problem resolution if applicable Note that the t...

Страница 406: ...ond adapter x The WAN card initialization subsystem encountered an error on the indicated adapter Restart the system If the problem persists the indicated adapter card may be faulty and you should con...

Страница 407: ...e system is attempting to initialize the Digital Modem card again after a failed attempt Check the subsequent log messages for the status of the card Attempt to initialize unconfigured DM card in slot...

Страница 408: ...server has been configured or an error occurred when parsing the ACE server configuration AUTH RADIUS CHAP rejected for device device name The remote Authentication server rejected the CHAP mode auth...

Страница 409: ...rectly in the remote Authentication server s database AUTH RADIUS PAP rejected device device name The remote Authentication server rejected the PAP mode authentication request for the indicated device...

Страница 410: ...Warning code 0003 No UDP buffer available Internal resources were not available to send receive an authentication message Contact your Distributor or Customer Support AUTH Warning code 0004 No authen...

Страница 411: ...allocation of SCC controllers is not in a consistent state Restart the system Bad FR Frame Size frame size Indicates that a frame was received with an invalid length size Contact your Distributor or C...

Страница 412: ...contained within the database Calling Line ID Security Failure off node authentication server not supported The system authentication type is configured to obtain device information off node for examp...

Страница 413: ...ay month year Calls Day x Calls Mth x Mins Day x Mins Mth x Call Restriction device information Displays daily monthly call totals at the end of a day or a month Cannot make Bridge Dial Out call No de...

Страница 414: ...ection and one Frame Relay virtual connection Contact your Distributor or Customer Support Note Duplicating serial numbers on all systems is a license violation Capability upgrade processing error cap...

Страница 415: ...lementation and is thus considered a unrecoverable error The system will close the CCP protocol meaning that the connection continues to operate but in an uncompressed mode CCP Option Negotiation Fail...

Страница 416: ...not received a challenge response from the peer The cycle is attempted the configured number of times after which a failure is declared Check your remote device CHAP Authentication Failure unable to i...

Страница 417: ...fcr packet buffer AppleTalk related Contact your distributor or Customer Support Couldn t find speech service slot port An incoming call was received which specified Speech Bearer Service capability S...

Страница 418: ...UDP ports used by the DHCP Proxy Client should open Contact your Distributor or Customer Support DHCP P Failed to open UDP port x erc y This message appears when the DHCP Proxy Client is being enable...

Страница 419: ...y Client has been enabled from Manage Mode If the DHCP Relay Agent is also enabled it may not be necessary for the Proxy Client to open this UDP port DHCP P UDP port 68 closed The DHCP Proxy Client is...

Страница 420: ...d under Device Table Menu Bridging Discrepancy in dynamically obtained device data The System authentication type is configured to obtain device information off node In an outbound call scenario with...

Страница 421: ...t the Digital Modem is now ready for use DM card type configured in slot slot does not exist Using the resource database the system has tried to initialize a Digital Modem card that doesn t exist Chec...

Страница 422: ...after the Bootstrap came alive message for a given adapter DSL test failed to establish Layer 1 port port During power up all WAN lines undergo a test to see if Layer 1 can be established This messag...

Страница 423: ...n for the adapter If the problem persists the indicated adapter card may be faulty and you should contact your Distributor or Customer Support Error during channel initialization Access access index A...

Страница 424: ...y display after upgrading software which contains secondary IP addressing and an old style WAN Direct Host interface To correct use CFGEDIT to delete the problematic WAN Direct Host interface Afterwar...

Страница 425: ...ed Access The event is given in both textual event and numeric code forms Facility not subscribed Slot slot Port port This probably indicates a SPID configuration error on the indicated line The confi...

Страница 426: ...repeatedly the above message indicates a problem with your hard drive Contact your Distributor or Customer Support Failure during read of file s The WAN card initialization subsystem encountered an er...

Страница 427: ...ssible error codes and their corresponding definitions based on Table 11 1 from CCITT Q 921 specification A The Network sent a RNR Receiver not Read or REJ Reject B D The Network sent a DM F 1 or a UA...

Страница 428: ...pening file file name Failure on file closure file name Failure on write of file file name If you see any of these log messages repeatedly there may be a problem with the file system Contact your Dist...

Страница 429: ...sconnected If you see this message often check the remote device s configuration to prevent wasted calls Initial TDM Clock Master slot line The external line indicated has been selected as the master...

Страница 430: ...name An IP packet could not be forwarded to a remote network because the next hop device for that network is not configured as IP Callable The CyberSWITCH returns a network unreachable message to the...

Страница 431: ...Distributor or Customer Support IP Datagram with destination address of destination address cannot be forwarded IP Reason Invalid Device Info Device device name is not IP callable These two message a...

Страница 432: ...rt already exists There is another network interface that is configured for the LAN port indicated and it was already initialized successfully This means that there are multiple network interfaces con...

Страница 433: ...tails of protocol Refer to the specific documentation for the device in question to determine if it is configured correctly Then contact your Distributor or Customer Support IPCP Remote device does no...

Страница 434: ...of the routing table configuration will not be reflected in the RIP packets sent to other routes contact your Distributor or Customer Support IP RIP Send queue full The RIP transmission queue has bec...

Страница 435: ...t indicated was not initialized because there is no Ethernet resource configured or the Ethernet resource that is configured does not have the corresponding port You should correct the system configur...

Страница 436: ...e increased Note This message will not recur in the log until space becomes available in the service table IPXCP Add Network Address to Pool with value above network address This message informs the a...

Страница 437: ...oper LAN adapter configuration and hardware installation LAN Adapter FIFO not empty status status value The LAN adapter did not enter the proper state after it was restarted Check for proper LAN adapt...

Страница 438: ...ssor If the versions do not match this message is posted The upgrade did not work properly contact your Distributor or Customer Support LAN Adapter System resource error LAN Adapter hardware failure d...

Страница 439: ...ocol is terminated because the CyberSWITCH and the device cannot agree on a common way of communicating The device may not be configured properly Refer to the specific documentation for device set up...

Страница 440: ...The next log message will indicate whether calls will still be allowed or not Maximum calls per month limit x has been reached The described limit has been exceeded The next log message will indicate...

Страница 441: ...stently appears for the same modem number contact your distributor or Customer Support Modem revision on modem modem of slot slot failed Individual modems on a Digital Modem card are failing Check the...

Страница 442: ...o a 12Mb system minimum If you are still encountering problems disable unused protocols and or contact your Distributor or Customer Support to reduce your number of available connections NO FR LMI tra...

Страница 443: ...nal message identifies that there is not enough memory available to accommodate the system s total capacity load for required connections Offnode server lookup of Dial Out User failed Off node authent...

Страница 444: ...call charges exceeded Monthly call charge tracking is enabled and the configured maximum has been exceeded PAP Identification timeout on remote device The remote device did not send the PAP Authentica...

Страница 445: ...icated HDLC controller 80532 Device failed an internal register test The boot process should continue however make note of the error message in the event of a future problem Post number HDLC number Te...

Страница 446: ...ntinued the outgoing call in order to allow the incoming call to be established RBS Encountered unknown source ID RBS_out_SM channel NO Dial Digits supplied RBS Received unknown primitive from CC RBS...

Страница 447: ...ch causes the entire system to reboot Received charge amount charge amount The system has received an advice of charge from the network for the call just disconnected The charge for this call is indic...

Страница 448: ...led or been powered off without an indication of the failure from the network If the event continues contact your Distributor or Customer Support Security Rejection Bridge Address Security cannot use...

Страница 449: ...anent connection will be disabled Compare the authentication device information configured on the system with the actual configuration of the remote device Make corrections as needed Then issue the ca...

Страница 450: ...st was discarded SNMP Authentication failure unknown community name The SNMP Agent received a request PDU whose community name is not configured in the Community Names Table The request was discarded...

Страница 451: ...e shared memory area I O memory and the peripheral buffer memory an error was detected The boot process should continue however make note of the error message in the event of a future problem SSB i960...

Страница 452: ...Post 34 i960hdlc_3 FAILURE The i960 failed its 80532 test using the third HDLC controller The boot process should continue however make note of the error message in the event of a future problem SSB...

Страница 453: ...ected TACACS authentication is not available You must first ENABLE TACACS user level authentication An attempt was made to configure the Terminal Server Security for TACACS and TACACS was not configur...

Страница 454: ...If this message appears consistently contact your Distributor or Customer Support TFTP Local error 7 Received packet with size zero The TFTP protocol received a packet with no data TFTP Local error 8...

Страница 455: ...replacing it If this message appears consistently contact your Distributor or Customer Support TFTP Local error 20 Error while writing file filename An error occurred while writing to a file The file...

Страница 456: ...r 6 Text from Remote Host The REMOTE HOST is unable to overwrite the specified file No file transfer will be attempted TFTP Remote error 7 Text from Remote Host This message indicates that the specifi...

Страница 457: ...esponse from the network Verify that the remote site is active and that the network is operational Timeout detected on receiving caller s number The incoming call security feature is enabled and the c...

Страница 458: ...leTalk Address Contact your Distributor or Customer Support Unable to allocate unnumbered wan port for device device name Contact your Distributor or Customer Support Unable to complete Bridge Dial Ou...

Страница 459: ...curity prompt was not found in the on node database and SFVRA Connection Manager was not configured Unable to open config devdb nei file Disregard this message if you have not yet added at least one d...

Страница 460: ...net version attempted to connect to the system Contact your Distributor You may need to upgrade software to support this Updating CyberSWITCH from FileName The specified file received during a Reliabl...

Страница 461: ...X25 facilities error fast select with restriction on response was required The fast select with restriction on response is required Verify that fast select is enabled by both DTE s and the service pr...

Страница 462: ...on No action required X25 facilities error facility not available A facility was requested which is not enabled Verify that the specific facility is enabled by both DTE s and the service provider X25...

Страница 463: ...rational XMODEM DATA FAILED CRC CHECKS A file contained in the X Modem file set has failed the CRC check The system will automatically reset and attempt a reboot in an effort to correct the problem If...

Страница 464: ...them in the following locations Directory log File Name rprt_log nn where nn is an integer that is incremented each time a new file is written The system reports messages using the following format W...

Страница 465: ...ssages have a cause field This is the value in hex that was in the message It explains why either a call was disconnected or why a call attempt was not able to be completed There are also parameters s...

Страница 466: ...to the ISDN Informational call trace message Call is not end to end ISDN One or more of the WAN phone networks used to connect the call is not an ISDN network The call must be at 56 Kbps Call waiting...

Страница 467: ...ation acknowledgment message for the indicated adapter It is in response to a configure message In CALL RQST ACK Call Id call Id Slot slot Port port Ces communication endpoint suffix ConnId connect Id...

Страница 468: ...n message from the network The Call Id and Ces values are included for your Distributor or Cabletron Customer Support The remaining parameters are used to report line details Refer to the Cause Codes...

Страница 469: ...ess is non ISDN Informational call trace message Out ALERTING Call Id call Id Slot slot Port port Chans bearer channel map The system is sending a connection to the network This is sent in response to...

Страница 470: ...ted The charge for this call is indicated in the charge amount parameter Received unknown abnormal report value Slot slot Port port Ces communication endpoint suffix Informational call trace message R...

Страница 471: ...aused a discard action the point at which the filter was applied or a designation of global For an IP network interface this will be the configured name of the interface For a device based filter this...

Страница 472: ...the format of a PPP trace line as it is displayed by dr connection Id packet direction protocol type packet type where connection Id Identifies the connection The Id is a numerical value allowing you...

Страница 473: ...re Reject The Configure Reject is transmitted in response to a Configure Request It indicates that the sending device does not understand the options specified in the option list of the Configure Reje...

Страница 474: ...or IPX to be traced The following is the format of a FR_IETF trace line as it is displayed by dr packet direction device name or fr_accessname_dlci protocol size NN where packet direction Indicates th...

Страница 475: ...s bytes The DCE has detected a packet sequence error In X25 DCE Restart Conf LCN logical channel number number of bytes bytes The DCE is confirming that all virtual circuits have been reset In X25 DCE...

Страница 476: ...index Cause cause for disconnect The system is sending a disconnect to the network to terminate a call Out X25 DISCONNECT RESPONSE ConnId connection Id Access access index The system has received a d...

Страница 477: ...g up or going down defining the state it is in and the event that is occurring X 25 LAPB TRACE MESSAGES You can trace X 25 Link Access Procedure Balanced LAPB incoming and outgoing packets This LAPB t...

Страница 478: ...sequence Id Rx Sequence sequence Id The DTE has sent a data frame from the DCE Out LAPB REJ Rx Sequence sequence Id The DTE has detected a sequence error in the link layer Out LAPB RNR Rx Sequence se...

Страница 479: ...ance segment of the User s Guide Remote Management Once the CyberSWITCH is initially configured you may use methods to remotely manage the CyberSWITCH This chapter provides information for using each...

Страница 480: ...d Management SNMP Simple Network Management Protocol Telnet TFTP Trivial File Transfer Protocol This chapter also describes a method of remotely configuring an CyberSWITCH through another CyberSWITCH...

Страница 481: ...using AMP out of band management your PC must have a communications package to connect the PC s modem to the modem connected to the CyberSWITCH After you have connected to the CyberSWITCH via modem y...

Страница 482: ...you purchase and then set up a Network Management Station such as SPECTRUM or SPECTRUM Element Manager for your environment This Network Management Station NMS is then used to monitor your network Fr...

Страница 483: ...figure SNMP trap information if desired change MIB 2 system group objects if desired For the NMS follow its specific installation instructions Note that the NMS you are using must also have the latest...

Страница 484: ...stration see previous page the Telnet client is not an CyberSWITCH It is also possible to use the CyberSWITCH as the Telnet client This allows you to remotely manage an CyberSWITCH with an CyberSWITCH...

Страница 485: ...he CyberSWITCH using Telnet you must have a Telnet client software package A Telnet client software package is built into the CyberSWITCH With the CyberSWITCH acting as the Telnet client simply enter...

Страница 486: ...with the CyberSWITCH Terminate the Telnet session by typing logout This will ensure that the Telnet session has been terminated regardless of the specific Telnet client used Notes If you need to quit...

Страница 487: ...ion INSTALLATION AND CONFIGURATION TFTP is available to the user by default No installation or configuration steps are required You can limit the access to files by using the fileattr and tftp command...

Страница 488: ...s files to the remote host the tftp get command retrieves files from the remote host For either command you will then be prompted for the IP address of the remote host the complete path of local file...

Страница 489: ...LAN connection we recommend an CyberSWITCH a simple two node LAN and a computer with a TCP IP stack with a Telnet client which you can reconfigure After you have your setup complete you must 1 Minimal...

Страница 490: ...h your local ISDN line 2 Configure your TCP IP stack on your PC or similar LAN based TCP IP device with the following information IP Address an unused IP address on your local LAN Default Gateway the...

Страница 491: ...ition for each command ACCESSING ADMINISTRATION SERVICES The following commands are available for system login admin Logs you into the system and provides access to all system commands The system will...

Страница 492: ...one After responding to the prompts the system will ask you if you wish to restart the system in order to put into effect these changes BOOT DEVICE COMMANDS System software consists of three distinct...

Страница 493: ...tem parameters without interrupting the current execution state of the system software This feature consists of a series of console commands that allow you to display current system parameters change...

Страница 494: ...escape The system will automatically return to the normal system prompt after the entire file has been displayed If you are viewing the Release Notes press the escape key to exit the release notes an...

Страница 495: ...rmanent interface A Basic Rate Permanent interface is up if the serial layer 1 is up for the line The dedicated access does not have to be up for the interface to be considered up A Basic Rate Permane...

Страница 496: ...rrently running on the system II III etc In addition it displays all other custom information for this copy of the system software such as the platform the installed resources and the hardware resourc...

Страница 497: ...VIEWING THROUGHPUT INFORMATION The Throughput Monitor screen displays the system throughput monitoring feature in action To enter this screen 1 Issue the mc command to display the connection monitor s...

Страница 498: ...ion Monitor screen 2 Indicates the current bandwidth in place to the connected site This number will be updated as calls are added or released 3 Example of three samples where actual bandwidth utiliza...

Страница 499: ...0 utilization of current bandwidth In this example neither overload nor underload is occurring From the Throughput Monitor screen press f To freeze the current throughput monitor display r To resume t...

Страница 500: ...nfiguration Y or N If you indeed want to restore the old configuration type Y If not type N default Note that you must have saved configuration changes at least one time before the restore command wil...

Страница 501: ...ty commands include the flash commands and the simple file utilities The flash commands give you the ability to update format and reclaim unused space in the embedded system s resident flash array It...

Страница 502: ...h the session Possible access levels include admin administrator access guest guest access nobody someone has initiated a Telnet session with the CyberSWITCH but did not login Note If you have configu...

Страница 503: ...state value can be either valid or pending If the state is valid an address will have been logged as shown If the state is pending the address would not yet be logged and would appear as 00 00 00 00 0...

Страница 504: ...nother router on the network if another router is present up The port is ready for use down The port is not ready for use unnum_wait_addr This state will exist with the following scenario When an UnNu...

Страница 505: ...work and a response comes back indicating that the address is already in use and cannot be used by this port soft seed This flag is triggered if the port is not configured in the discovery mode it is...

Страница 506: ...ssociated zones When a device has learned the complete list of zones for that route the zones valid field will display TRUE atalk stats AppleTalk statistics are comprised of six subgroups of statistic...

Страница 507: ...It displays the Destination MAC Address Source MAC Address and Ethernet type field for each LAN frame In the above example the DEST field is the destination MAC address field of the LAN frame The SOU...

Страница 508: ...name to distinguish it from any other configured device name For example you could enter call device sm if there are no other devices whose names begin with sm The call device command can be used to t...

Страница 509: ...P device in the device database can have one or two phone numbers at which they can be called This message is displayed if the device has no phone number specified Re enter the name or RET to cancel T...

Страница 510: ...you are testing In response to the call peer command you will see the following message echoed back for informational purposes Calling phone number at data rate device PPP The phone number will show...

Страница 511: ...tered and there is a device configured with the name Schultz and a device configured with the name Schmidt this message would be displayed You would then need to enter at least call device Schu to suc...

Страница 512: ...ections that are using a compression protocol The following commands are used to display current compression information cmp stats Displays the compression statistics for all active connections Refer...

Страница 513: ...uent frame relay system console commands entered DLCI m will remain the default DLCI until the default is changed through reissuing the fr d DLCI m command The DLCI value is provided by the service pr...

Страница 514: ...mes received on the LMI link Good LMI Frames Received The number of valid LMI frames received during the last N391 period This count is reset after each N391 events The N391 parameter is the configure...

Страница 515: ...and the corresponding interface name are displayed ip filter trace discard off Controls the tracing of packets which are discarded as a result of IP filters Issuing the command without an optional par...

Страница 516: ...ings ddd ddd ddd ddd is alive The valid ICMP Echo Reply was received from host ddd ddd ddd ddd No response from ddd ddd ddd ddd No response was received from the host within the timeout value number o...

Страница 517: ...ion flag where A Always propagate N Do not propagate H Propagate when Next Hop Device Connected 1 2 RIP Version 1 Version 2 visibility flags determine whether or not this route is visible when send th...

Страница 518: ...ork or host A value of 255 255 255 255 indicates that this entry is for a specific IP host Next Hop IP address or device name for the next hop router that provides access to the destination network or...

Страница 519: ...d connected ipx diag host ipx address timeout Tests device connectivity to specified IPX host by sending out a diag packet If connection is up host sends a message in response to this packet to confir...

Страница 520: ...d the ipx diag commands both test device connectivity although both send back different types of responses However due to the variety of vendors and equipment available to networks one command may wor...

Страница 521: ...s in use The value which the number of ISDN B channels in use must meet or exceed in order to cause an isdnUsageHigh SNMP trap to be generated by the system The enabled status for the generation of th...

Страница 522: ...isplay Displays the local call detail recording report log log cdr erase Erases the local call detail recording log report log cdr write Writes the local CDR log to disk The file is written to the LOG...

Страница 523: ...s could be caused by the destination site not being in the Initiate Connection List or by the route not being in the IP Routing Table The pkt capture command allows multiple connection modes to be spe...

Страница 524: ...0000001980 0064 00AA00302D25 02608C4C0EAD 8137 PEND 0008 0000001980 0064 00AA00302D25 02608C4C0EAD 8137 PEND 0009 0000003190 0028 001 001 001 001 001 001 001 001 IP ACTV 0010 0000003190 0028 001 001...

Страница 525: ...that marked packet will have progressively higher positive time values Packet Number Received at Time Packet Length 0021 0000022190 mSEC 0060 Destination Address Source Address FFFFFFFFFFFF 02608C9BE...

Страница 526: ...cret RET to abort secret123 Send Radius Authentication Request Please wait Authentication Successful Device Name doe Framed Address 150 001 001 001 Phone Number 1 800 555 1212 Phone Subaddress 3456 Ca...

Страница 527: ...Please wait AUTH Warning code 0001 Timeout System Name radius macres MAC Address of the Host logging in RET to abort 0ab34252d546 Enter password password123 Send Radius Authentication Request Please...

Страница 528: ...dows for the local and remote ends of this TCP connection tstate The current state of this TCP connection outq s u The number of bytes that has been sent but not acknowledged yet and the number of byt...

Страница 529: ...can enter the IP address of the target host and optionally the remote port number to connect to If no remote port number is specified the default Telnet port is used 23 The valid range for port numbe...

Страница 530: ...Telnet connections send synch The send synch command sends the Telnet SYNCH signal the DM control function as TCP urgent data to the target host This command may be useful when trying correct a situa...

Страница 531: ...debug mode is turned on messages beginning with TELNET C may appear in the system log file Most users will not find these messages helpful If you have difficulty with the system Telnet client feature...

Страница 532: ...he TFTP Client function The following is an example display of a TFTP PUT screen tftp session Displays the TFTP session information of active TFTP sessions To get detailed information on a specific se...

Страница 533: ...bles the LAPB data link information packet tracing option This feature displays up to 15 octets of the packet To display the log file issue the dr console command This option is initially disabled tra...

Страница 534: ...of available statistics and their definitions USER LEVEL SECURITY COMMANDS The following console commands are available to provide information on the authentication servers for user level security Th...

Страница 535: ...t tracing option This feature displays up to 15 octets of the packet To display the log file issue the dr console command This option is initially disabled trace x25 on off Enables or disables the X 2...

Страница 536: ...cuit information for the X 25 access named acc1 x25 stats Displays the statistics associated with the X 25 access Refer to X 25 Statistics for a list of available statistics and their definitions x25...

Страница 537: ...nged by function These are connectivity statistics call restriction statistics call statistics throughput monitoring statistics The rest of the statistics are arranged in alphabetical order These stat...

Страница 538: ...e been made for the month CALL STATISTICS You can access these statistics by issuing the ds console command Initiated The number of switched calls initiated Completed The number of switched call attem...

Страница 539: ...lude a section of available statistics and their definitions for each subgroup APPLETALK DATA DELIVERY PROTOCOL DDP STATISTICS You can display this subgroup of AppleTalk statistics by issuing the atal...

Страница 540: ...e but failed due to overflow ddpForwRequests The number of input datagrams for which this system was not their final DDP destination as a result of which an attempt was made to find a route to forward...

Страница 541: ...e was equal to the current hop count for a particular network rtmpNextIRLesChanges A count of the number of times RTMP changes the Next Internet Router in a routing entry because the hop count adverti...

Страница 542: ...received nbpInBroadcastReqs The number of NBP Broadcast Requests received nbpInforwardRequests The number of NBP Broadcast Requests received nbpOutLookUpReplies The number of NBP LookUp Replies sent n...

Страница 543: ...t this port by this system zipInGetNetInfoReplies The number of ZIP GetNetInfo Reply packets received on this port by this system zipOutGetNetInfoReplies The number of ZIP GetNetInfo Reply packets sen...

Страница 544: ...on any port LAN or WAN and forwarded to any other port unless it is discarded A forwarded frame is one which is not deliberately discarded for example via filters by the CyberSWITCH Once the frame get...

Страница 545: ...atios and counters for the direction s without an actual compression algorithm negotiated will not indicate any effective compression or decompression COMPRESSION RELATED STATISTICS cmp ratio The numb...

Страница 546: ...been through the initial DHCP packet consistency checks yet If packets pass these checks they will be dispatched to the DHCP Proxy Client BOOTPS msgs sent to Relay Number of datagrams received on the...

Страница 547: ...ed interfaces It will not be possible to return a reply to the client since we have not determined on which network interface the client is located BOOTREQUEST bad rly dest Number of DHCP BOOTP BOOTRE...

Страница 548: ...P Proxy Client was trying to broadcast a DHCPDISCOVER message DHCPREQUESTS sent Incremented whenever the DHCP Proxy Client has successfully sent a DHCPREQUEST message DHCPREQUEST xmit fail Incremented...

Страница 549: ...pool This can happen whenever we are trying to send BOOTREQUEST messages to a DHCP server FRAME RELAY STATISTICS You can access these statistics by issuing the fr stats console command The statistics...

Страница 550: ...0 is received from the network Reset Tx Seq The number of times the transmit sequence variable had to be reset This event occurs when a transmit sequence number of 0 is received from the network Lost...

Страница 551: ...which the LMI encapsulation header was errored PVC RELATED STATISTICS PVC State The condition of the Frame Relay Permanent Virtual Circuit Possible values are TERMINATED INIT NOT READY and NETWORK OU...

Страница 552: ...ongestion LAN STATISTICS You can access LAN statistics by issuing the lan stats console command pkts rcvd The total number of packets received on the LAN port rcv overruns The number of frames known t...

Страница 553: ...datagrams discarded because the IP address in their IP header s destination field was not a valid address to be received at this system This count includes invalid addresses e g 0 0 0 0 and addresses...

Страница 554: ...qds The number of IP fragments received which needed to be reassembled at this system ipReasmOKs The number of IP datagrams successfully reassembled ipReasmFails The number of failures detected by the...

Страница 555: ...s received icmpInAddrMasks The number of ICMP Address Mask Request messages received icmpInAddrMaskReps The number of ICMP Address Mask Reply messages received icmpOutMsgs The total number of ICMP mes...

Страница 556: ...STATISTICS You can access the following types of IPX statistics general RIP and triggered RIP SAP and triggered SAP and IPX spoofing The sections below provide information for each category IPX GENERA...

Страница 557: ...times no route to a destination was found ipxBasicSysOutRequests The number of IPX packets supplied locally for transmission not including any packets counted in ipxAdvForwPackets ipxBasicSysOutMalfo...

Страница 558: ...sDiscards The number of outgoing IPX packets discarded due to compression errors ipxAdvSysCircCount The number of circuits known to this instance of IPX ipxAdvSysDestCount The number of currently reac...

Страница 559: ...triggered RIP update acknowledgments received trigRipInputErrors Number of Triggered RIP input message errors IPX ROUTE STATISTICS You can access IPX Route statistics by using the ipx route stats cons...

Страница 560: ...update requests sent trigSapUpdateRequestsRcvd Number of triggered SAP update requests received trigSapUpdateResponsesSent Number of triggered SAP update responses sent trigSapUpdateResponsesRcvd Numb...

Страница 561: ...terface statistics are displayed for each configured RIP interface IfStatAddress The IP address of this system on the indicated RIP interface For unnumbered interfaces the value 0 0 0 N where the last...

Страница 562: ...ered to the SNMP Agent and were for an unsupported SNMP version snmpInBadCommunityNames The total number of SNMP messages delivered to the SNMP Agent that used an SNMP community name not known to said...

Страница 563: ...tRequests The total number of SNMP Get Request PDUs that have been accepted and processed by the SNMP Agent snmpInGetNexts The total number of SNMP Get Next PDUs that have been accepted and processed...

Страница 564: ...xample it provides a means whereby all authentication failure traps may be disabled TCP STATISTICS You can access these statistics by issuing the tcp stats console command tcpRtoAlgorithm The algorith...

Страница 565: ...established connections tcpOutSegs The total number of segments sent including those on current connections but excluding those containing only retransmitted octets tcpRetransSegs The total number of...

Страница 566: ...system Files downloaded from remote hosts to the local system Failed file puts Displays the count of failed puts Local system failed to upload a file to a remote host Failed file gets Displays the co...

Страница 567: ...Sessions that have been opened TFTP Sessions Closed Displays the total number of TFTP Sessions that have been closed TFTP Sessions still open Displays the total number of TFTP Sessions that are still...

Страница 568: ...l Receive Errors The number of errored frames received for the indicated protocol WAN STATISTICS You can access WAN statistics by issuing the wan stats console command data link up A counter that is i...

Страница 569: ...ed for the month calls day The total number of calls that have been made for the day calls month The total number of calls that have been made for the month X 25 STATISTICS There are two sets of stati...

Страница 570: ...ive ready packets received RNR Sent count The number of receive not ready packets sent RNR Received The number of receive not ready packets received REJ Sent count The number of remote connection requ...

Страница 571: ...ss The local DTE X 121 address Remote Address The remote DTE X 121 address Packets Sent count The number of X 25 data packets sent Packets Received The number of X 25 data packets received Resets Sent...

Страница 572: ...sections briefly describe these tools For a detailed explanation of the configuration process refer to Configuration Tools For information on configuration elements refer to the configuration chapters...

Страница 573: ...ting in this mode only Dynamic Management commands are available All other system commands are ignored until you exit Manage Mode and return to the normal system command mode To return to the system c...

Страница 574: ...h the configuration process this map can help you understand where you are in the CFGEDIT structure Getting Assistance Includes a System Problem Report you can use to inform us of any difficulties you...

Страница 575: ...ote Sites in your network Password information related to the Users or Remote Sites in your network 2 System Details Worksheet This worksheet identifies the following information for each CyberSWITCH...

Страница 576: ...USER S GUIDE 576 CyberSWITCH NETWORK TOPOLOGY...

Страница 577: ...System Details System Name _____________________ PAP Password _______________ CHAP Secret ___________________ RESOURCES LINES BRI Lines Type Slot Switch type Synchronization type Name Slot Port Line t...

Страница 578: ...64 Kbps Line name Clocking Data rate Line protocol Device tied to this access Internal External Internal External Internal External Internal External Line name Access name X 121 address of local DTE...

Страница 579: ...hernet Address Bridge Password CLID s Bridging enabled enabled disabled IP enabled enabled disabled Make calls for bridged data enabled disabled IP Address on WAN link For IP RLAN IP Sub network numbe...

Страница 580: ...ed disabled Mode of Operation router IP host LAN Name IP address Mask Unnumbered WAN need don t need Input filters Output filters Remote LAN Name IP address Mask Input filters Output filters Tradition...

Страница 581: ...atic Routes NetWare Static Services Destination network address Mask Next hop default default default default IPX routing enabled disabled Internal network number LAN Name External network number Remo...

Страница 582: ...extended Netwk range number AppleTalk address Zone name s Unnumbered WAN need don t need MAC Dial In WAN Network type extended nonextended extended nonextended extended nonextended Netwk range number...

Страница 583: ...icular system The availability of these options depends upon the platform and software you have ordered as well as your configuration choices Physical Resources Resources Lines Accesses ISDN SubAddres...

Страница 584: ...Name Slot Port Framing Line coding Signalling Line build out Datalinks PPP TEI negotiation PMP Call Screen Method name subaddress telephone number ACCESSES Dedicated Data rate Bearers list Line proto...

Страница 585: ...t router Interfaces LAN WAN WAN Direct Host WAN RLAN WAN unnumbered IP Host Static Routes RIP enable disable Static ARP table Isolated Mode enable disable Static Route via RADIUS IP Address Pool IP Fi...

Страница 586: ...service type service name IPX Spoofing IPX SPX watchdog serial packet handling message packet handling Type 20 Protocol change devices enable WAN forwarding Isolated Mode enable disable Triggered RIP...

Страница 587: ...vice Profile Bandwidth Reservation Semipermanent Connection VRA Manager for Call Control enable disable TCP port number DEFAULT LINE PROTOCOL Action Timeout Timeout Value LOG OPTIONS Log Server Defini...

Страница 588: ...Information system name system password system secret Administrative Session Database Location On node VRA Manager RADIUS TACACS ACE Inactivity time outs Telnet admin sessions TCP port number Emergen...

Страница 589: ...data IPXWAN IPX routing none RIP SAP trig RIP SAP IPX spoofing AppleTalk information AppleTalk address enable disable make calls for AppleTalk data AppleTalk routing protocol Bridge information IP sub...

Страница 590: ...Server Miscellaneous info number of retries time between retries packet format ACE Primary Server Secondary Server Miscellaneous info number of retries time between retries encryption method SDI or D...

Страница 591: ...ng sections Release Issue and Version From the VERsion command Hardware Select the Platform and resources that you are using Problem Please fill in the following sections Type Software Hardware Unknow...

Страница 592: ..._________ CABLETRON SYSTEMS SYSTEM PROBLEM REPORT SOFTWARE HARDWARE PROBLEM DESCRIPTION including sequence of events prior to problem occurrence CABLETRON SYSTEMS USE ONLY Release __________ Issue ___...

Страница 593: ...plays all six groups of current AppleTalk statistics the commands below display individual group statistics atalk stats atp displays current AppleTalk ATP statistics atalk stats ddp displays current A...

Страница 594: ...displays DHCP statistics dhcp stats clear clears DHCP statistics diags pots device number parameter for the POTS option runs interactive diagnostics including ringing tone generation and DTMF detecti...

Страница 595: ...ame relay access and DLCI fr cong displays congestion control information for the selected frame relay access and DLCI fr d DLCI m sets DLCI value to m as default DLCI for the selected frame relay acc...

Страница 596: ...PX routing table ipx route stats displays IPX routing table statistics ipx sap stats displays IPX SAP statistics ipx service displays routes to IPX services ipx service stats displays current service...

Страница 597: ...pkt mac enables the MAC address monitor display pkt on off enables or disables the Packet Capture feature pkt display displays captured packets pkt load filename loads previously saved Packet Capture...

Страница 598: ...ommands close exit open target host port send send parameter set name value status toggle closes the current Telnet connection to a target host closes the current Telnet session establishes a Telnet s...

Страница 599: ...essname_dlci prot enables or disables the tracing for WAN FR_IETF packets wan stats displays current WAN connection information wr writes current system messages to disk ws writes current system stati...

Страница 600: ...USER S GUIDE 600 CyberSWITCH...

Страница 601: ...isable bandwidth reservation callrest displays the current call restriction configuration data callrest off on disables enables the call restriction feature cls clears the display screen commit writes...

Страница 602: ...pradius off disables lookup of IP routes via RADIUS ipradius on enables lookup of IP routes via RADIUS iprip displays selected type of RIP information iprip off on disables enables RIP iproute display...

Страница 603: ...ode security options and system parameters options change allows the current system parameters to be changed pktfilt displays the current packet filter configuration data pktfilt add change delete add...

Страница 604: ...TACACS off node server configuration tacacs change allows changes to the TACACS off node server configuration tftp displays the current TFTP configuration tftp change allows the current TFTP configur...

Страница 605: ...channel unacceptable Indicates that the quality of service provided by the specified channel was insufficient to accept the connection 7 7 call awarded and being delivered in an established channel I...

Страница 606: ...ll because it was not awarded to the device 27 1B destination out of order Indicates that the destination could not be reached because the interface was not functioning correctly and a signaling messa...

Страница 607: ...he destination could not be reached because the network switching equipment was temporarily overloaded 43 2B access information discarded Indicates that the network could not provide the requested acc...

Страница 608: ...de the requested service option for an unspecified reason This may be a subscription problem 65 41 bearer service or capability not implemented Indicates that the network is not capable of providing t...

Страница 609: ...st The call resume request contained a Call Identity information element which once indicated a suspended call however that suspended call was cleared either by time out or by the remote device 88 58...

Страница 610: ...rt the occurrence to your authorized service provider 100 64 invalid information element contents Indicates that a message was received by the remote equipment that included invalid information in the...

Страница 611: ...N Indicates that an event occurrent but that the network does not provide causes for the actions that it takes therefore the precise nature of the event cannot be ascertained This may or may not indic...

Страница 612: ...AUD 72 authentication 140 authentication databases 115 autobaud 493 automatic TEI negotiation 74 autosense mode 29 B backup redundant configurations 103 bandwidth 27 bandwidth reservation 305 308 359...

Страница 613: ...359 problem diagnosis 393 statistics 545 configuration default 64 67 files 39 572 packet types 224 restoring 573 tools CFGEDIT 64 dynamic management 65 congestion control 194 connection filters 229 23...

Страница 614: ...F factory defaults 62 FCC notice 3 features 27 file attributes 332 file utility commands 501 fileattr 332 filters 28 See also bridging dialout IP filters final condition 231 flash commands 501 flatte...

Страница 615: ...rface connection problem diagnosis 378 verification 347 problem diagnosis 367 static ARP table entries 220 static route lookup via RADIUS 221 statistics 553 verifying interfaces 342 ipconfig 492 IPCP...

Страница 616: ...commands 491 logout 492 M maintenance 572 make calls option 148 278 manage 65 493 Manage Mode 64 66 493 573 601 maximum data rate 145 maximum retransmissions 273 mc 494 497 messages boot 404 system me...

Страница 617: ...er 151 329 verify link detection failure 359 PPP packet trace messages 472 pre emption feature 143 prefetching IP addresses 248 problem diagnosis AppleTalk routing 386 bridge initialization 367 CDR 39...

Страница 618: ...IPX description 261 entry aging time 258 network interface configuration elements 258 propagation 266 seclevel 119 120 121 125 157 secondary IP addressing 87 103 104 SecurID card 114 122 security aut...

Страница 619: ...39 T table size IPX RIP and IPX SAP 260 tacacs 165 TACACS Authentication Server 164 configuration elements 165 packet format 165 TCP 226 232 237 statistics 564 tcp commands 528 Telnet 52 484 remote ma...

Страница 620: ...ectivity 339 reserved bandwidth 359 RIP 348 semipermanent connections 364 SNMP 357 triggered RIP SAP 354 verifying an X 25 connection 339 WAN lines 336 virtual circuits 146 188 Virtual Remote Access V...

Отзывы: