Lucent Technologies PortMaster 4 Скачать руководство пользователя страница 104 | Manualshive

Страница: 104 / 191

background image

Overview of PortMaster Filtering

8-2

PortMaster 4 Configuration Guide

You use Ethernet filters to constrain the types of packets that can enter the local
Ethernet port, and you can set filters on asynchronous ports configured for hardwired
operation when security with another network is an issue.

The packet filtering process analyzes the header information in each packet sent or
received through a network interface. The header information is evaluated against a set
of rules that either allow the packet to pass through the interface or cause the packet to
be discarded.

A maximum of 256 filter rules per filter is allowed for the PortMaster 4. The PortMaster
generates an error message when the number of filter rules exceeds the limit.

If a packet is discarded by a filter, an appropriate “ICMP unreachable” message is
returned to the source address. This message provides immediate feedback to the user
attempting the unauthorized access. Packets permitted or denied can optionally be
logged to a host.

Filters can also be used for packet selection—for example, you can use a packet trace
filter to do troubleshooting. The packets permitted by the ptrace filter are displayed,
while packets not permitted by the filter are not displayed. For more information about
the ptrace facility, see the PortMaster Troubleshooting Guide.

Filter Options

Table 8-1 shows different filter options.

Table 8-1

Filter Options

Option

Description

Restricting packet traffic

Each user, location entry, and network hardwired port
can be assigned both an input packet filter and an output
packet filter. Having both input and output filters can
decrease the number of rules needed and can provide
better tuning of your security policy.

Restricting access based
on source and
destination address

You can create filters that evaluate both the source and
destination addresses of a packet against a rule list. The
number of significant bits used in IP address comparisons
can be set, allowing filtering by host, subnet, network
number, or group of hosts whose addresses are within a
given bit-aligned boundary.

Restricting access to
particular protocols

Packets of certain protocols can be permitted or denied
by a filter, including IPX, SAP, TCP, UDP, and ICMP
packets.

Restricting access to
network services

You can create filters that use the source and destination
port numbers to control access to certain network
services. The evaluation can be based upon whether the
port number is less than, equal to, or greater than a
specified value.

«
...
102
103
104
105
106
...
»

Содержание PortMaster 4

Страница 1: ...PortMaster 4 Configuration Guide Lucent Technologies RemoteAccessBusinessUnit 4464 WillowRoad Pleasanton CA94588 925 737 2100 800 458 9966 March1999 950 1426A...

Страница 2: ...erty of their respective owners Disclaimer Lucent Technologies Inc makes no express or implied representations or warranties with respect to the contents or use of this manual and specifically disclai...

Страница 3: ...es xviii Subscribing to PortMaster Mailing Lists xviii 1 Introduction PortMaster Software 1 1 Preconfiguration Planning 1 2 Setting the View 1 3 Configuration Tips 1 3 Basic Configuration Steps 1 4 2...

Страница 4: ...ng a Default IP Pool 2 11 Resetting the IP Pool 2 11 Deleting Named IP Pools 2 11 Setting Address Ranges 2 12 Setting a Named IP Pool Gateway 2 13 Setting Named IP Pools in RADIUS 2 13 Setting the Dyn...

Страница 5: ...ing SNMP Settings 3 13 Monitoring SNMP Alarms 3 14 4 Configuring an Ethernet Interface Overview of PortMaster 4 Ethernet Interfaces 4 1 Understanding Ether0 4 1 Understanding Ether1 4 2 Understanding...

Страница 6: ...sers 5 3 Login Users 5 3 Configuring Settings for Network and Login Users 5 3 Setting a Password 5 3 Setting the Idle Timer 5 3 Setting the Session Limit 5 4 Configuring Network Users 5 4 Setting the...

Страница 7: ...lephone Number 7 4 Setting the Username and Password 7 4 Setting the Protocol 7 4 Setting the Destination IP Address 7 5 Setting the Destination Netmask 7 5 Setting the IPX Network Number 7 5 Setting...

Страница 8: ...or FTP Packets 8 9 Rule to Permit DNS into Your Local Network 8 10 Rule to Listen to RIP Information 8 10 Rule to Allow Authentication Queries 8 10 Rule to Allow Networks Full Access 8 10 Restrictive...

Страница 9: ...the ISDN PRI Switch 10 7 Setting the Framing Format 10 8 Setting the Encoding Method 10 8 Setting the Pulse Code Modulation 10 9 Setting the Loopback 10 9 Setting the Directory Number 10 9 Configuring...

Страница 10: ...1 Lines to T3 Channels 11 1 Setting the Clock Source 11 2 Setting the Clock Source for Each Synchronous Serial Line 11 2 Enabling Clocking on the Backplane 11 2 Setting T3 Mux Clocking 11 3 Performing...

Страница 11: ...ection 13 2 Configuring Global Settings 13 2 Configuring Ethernet Interface Settings 13 2 Configuring the Synchronous WAN Port 13 3 Troubleshooting a Leased Line Connection 13 4 A Networking Concepts...

Страница 12: ...Contents xii PortMaster Configuration Guide...

Страница 13: ...This guide is designed to be used by qualified system administrators and network managers Knowledge of basic networking concepts is required PortMaster Documentation The following manuals are availab...

Страница 14: ...twork Management Protocol SNMP RFC 1166 Internet Numbers RFC 1212 Concise MIB Definitions RFC 1213 Management Information Base for Network Management of TCP IP based Internets MIB II RFC 1256 ICMP Rou...

Страница 15: ...ontrol Protocol BACP RFC 2138 Remote Authentication Dial In User Service RADIUS RFC 2139 RADIUS Accounting RFC 2153 PPP Vendor Extensions RFC 2328 OSPF Version 2 RFC 2400 Internet Official Protocol St...

Страница 16: ...u option button or key or the name of a file directory or utility except in code samples Enter version to display the version number Press Enter Open the permit_list file Italic font Identifies a comm...

Страница 17: ...ndia or Pakistan contact your local Lucent Remote Access sales channel partner For a list of authorized sales channel partners see the World Wide Web at http www livingston com International EMEA dist...

Страница 18: ...ailing list is also available in a daily digest format To receive the digest send email to majordomo livingston com with subscribe portmaster users digest in the body of the message portmaster radius...

Страница 19: ...nfigurations PMVision replaces the PMconsole interface to ComOS This application and other Java based configuration tools for the PortMaster are available via anonymous FTP at ftp ftp livingston com p...

Страница 20: ...ur high speed lines use Frame Relay ISDN switched 56Kbps or PPP If you want dial on demand routing do you want multiline load balancing Do you want Multilink Point to Point Protocol PPP RFC 1717 Do yo...

Страница 21: ...lot for the other Ethernet interfaces to activate configuration settings Except for the manager module for which the command line prompt displays no number the prompt indicates the view you are in For...

Страница 22: ...ston com pub livingston software java See the PMVision online help for information on using PMVision 4 Configure the global settings PortMaster global settings are described in Chapter 2 Configuring G...

Страница 23: ...tting up an L2TP tunnel to an L2TP compatible router See the PortMaster 4 Command Line Reference for information on the L2TP commands 13 Configure OSPF if you are using this protocol OSPF is described...

Страница 24: ...Basic Configuration Steps 1 6 PortMaster 4 Configuration Guide...

Страница 25: ...ress Pool on page 2 8 Setting the Reported IP Address on page 2 9 Configuring Named IP Pools on page 2 9 Setting the Dynamic Host Control Protocol DHCP Server on page 2 13 Displaying the Routing Table...

Страница 26: ...mends using the Domain Name System DNS or Network Information Service NIS for hostname resolution rather than the local host table The PortMaster always checks the local host table before using DNS or...

Страница 27: ...used for hostname resolution If you are using DNS or NIS you must set a domain name for your network To set the domain name of your network use the following command Command set domain String Setting...

Страница 28: ...oses Setting the Loghost To set the IP address of the loghost the host to which the PortMaster sends syslog messages use the following command Command set loghost Ipaddress Note Do not set a loghost a...

Страница 29: ...or the local0 through local7 facilities to receive syslog messages from PortMaster products but all the facilities are provided See your operating system documentation for information on configuring s...

Страница 30: ...msm rac Use the save all command to save changes to nonvolatile RAM The chassis is identified as a PortMaster 4 by default Configuring Local IP Addresses The PortMaster 4 supports up to four internal...

Страница 31: ...e second global local IP address if set 5 The third global local IP address if set 6 The fourth global local IP address if set 7 The IP address of Ether1 8 The IP address of Ether0 Main IP Address Whe...

Страница 32: ...8 54 6 Use the show global command to view local IP addresses Configuring an IP Address Pool You can dynamically assign IP addresses to PPP or SLIP dial in users By assigning addresses as needed from...

Страница 33: ...ely identifies an IP pool By identifying an IP pool by name instead of by base IP address you can use a single name for an entire network system but assign different base IP addresses for each network...

Страница 34: ...ed in the RADUS user profile and the Quad T1 or Tri E1 board s assigned range is set to 0 0 0 0 and a default IP pool is configured in the pool table the PortMaster assigns the user an address from th...

Страница 35: ...Whenever you make changes to the IP pool table you must reset the pool for the changes to take effect Command reset ippool Resetting the IP pool causes the PortMaster to convert address ranges into s...

Страница 36: ...ay 0 0 0 0 add to livermore Although the output to this command indicates a range size of 256 address as specified by the 24 netmask only 254 of these addresses are available to be assigned to users T...

Страница 37: ...assigned a default gateway address no crossbar IP address is used and the PortMaster consults the forwarding table The default gateway functions as a crossbar IP address See the PortMaster 4 Command...

Страница 38: ...P server Command set dhcp server address Note ComOS does not support DHCP requests over Ethernet nor requests from a PortMaster 2Ei or a PortMaster ISDN Office Router OR U used for dial up How the Cab...

Страница 39: ...the source is 192 168 33 10 3 The PortMaster 4 forwards the request to the DHCP server by substituting the IP address of the DHCP server 10 66 98 96 for the broadcast destination address Internet 10...

Страница 40: ...llowed by the set debug 0x81 command See the PortMaster Troubleshooting Guide for debugging information To disable DHCP reply information enter the following command Command set dhcp server 0 0 0 0 Th...

Страница 41: ...ic Route for IP A static route for IP contains the following items Destination The IP address prefix of the host or the number of the IPX network to which the PortMaster will be routing Netmask The st...

Страница 42: ...g the packet through the gateway to the specified destination Ticks The time required to send the packet to its destination Ticks are measured in 50ms increments The ticks metric is used in addition t...

Страница 43: ...s because it has no provision to include a netmask Therefore if you set a static netmask in the netmask table the PortMaster collapses the route to that boundary instead and broadcasts a host route wi...

Страница 44: ...routers Command set Ether0 address 192 168 206 X for some value of X Command set gateway 192 168 206 Y where Y points at your gateway Command add netmask 192 168 207 0 255 255 255 224 Command add net...

Страница 45: ...heck feature in ComOS you must first configure call check user entries on the RADIUS 2 1 server Otherwise the PortMaster issues a busy signal to every call See the RADIUS for UNIX Administrator s Guid...

Страница 46: ...ter denies access with an Invalid Login message If no user table entry exists for the user and port security is off the PortMaster passes the user on to the host defined for that port using the select...

Страница 47: ...filter the PortMaster refuses service with an Access Denied message If the access override parameter is set on the port the PortMaster instructs the user to authenticate himself even though the defau...

Страница 48: ...PortMaster Security Management 2 24 PortMaster 4 Configuration Guide...

Страница 49: ...anging information between the SNMP manager and an SNMP agent The SNMP agent returns values for Management Information Base MIB variables that can be changed or queried by the SNMP manager The agent g...

Страница 50: ...protocol data units PDUs The master agent processes the PDUs and forwards them to appropriate subagents The subgents are responsible for processing the data The master agent and the subagents can oper...

Страница 51: ...chy As shown in Figure 3 1 the OID for the Livingston MIB is 1 3 6 1 4 1 307 Figure 3 1 Management Information Base MIB Hierarchy Figure 3 2 shows the tree structure of the private Livingston portion...

Страница 52: ...ger queries the agents by means of OIDs Each OID uniquely identifies a single MIB variable For example the OID 307 3 2 1 1 1 2 0 returns the port name for port C0 and the OID 307 3 2 1 1 1 2 1 returns...

Страница 53: ...ble 3 2 PortMaster Serial Interfaces MIB Table Object Definition livingstonSerialIndex Unique value for each serial interface livingstonSerialPortName Text string containing the name of the serial int...

Страница 54: ...nSerialifDescr Text string containing information about the network interface bound to the serial interface livingstonSerialInOctets Total number of octets received on the serial interface livingstonS...

Страница 55: ...ing Configured line framing Line framing types include the following Extended superframe ESF 1 D4 2 Cyclic redundancy check CRC4 3 Frame Alignment Signal FAS 4 livingstonT1E1Encoding Configured line s...

Страница 56: ...mProtocol Error correcting protocol being used in the modem livingstonModemCompression Compression being used in the modem interface livingstonModemInSpeed Estimate of the modem interface s current in...

Страница 57: ...ents In all other cases this object must return none 1 livingstonAMCEUName Username of the dial in user This object returns the valid username when the event type is servicechanged 4 or namechanged 5...

Страница 58: ...status of the call on a given modem port This table can also be used to take appropriate action to terminate the session livingstonAMPortVTSModemBoard Specifies the modem board number for the given s...

Страница 59: ...ary MIB Table Object Definition livingstonPMBrdCallSumBrdId Board ID used as an index into the call summary table The valid board IDs are the numbers of the physical slots that hold T1 or E1 boards 0...

Страница 60: ...ing commands Command set snmp on off Command save all Command reboot Setting SNMP Read and Write Community Strings Community strings allow you to control access to the MIB information on selected SNMP...

Страница 61: ...specification of read and write hosts allows another level of security beyond the community strings If SNMP hosts are specified each host attempting to access SNMP information must not only possess th...

Страница 62: ...interfaces from the command line interface enter the following command Command show alarms The output of this command lists alarm messages and associated alarm identification numbers For details about...

Страница 63: ...nd descriptions and instructions You can also configure the PortMaster 4 using the PMVision application for Microsoft Windows UNIX and other platforms supporting the Java Virtual Machine JVM PMVision...

Страница 64: ...e IP Control Protocol IPCP the PortMaster 4 uses the following order of precedence when choosing an IP address to identify itself 1 The Local IP address configured in the user profile if set 2 The glo...

Страница 65: ...st listen v2 broadcast multicast on v1 compatibility Refer to the PortMaster 4 Command Line Reference for a description of the keywords in this command Refer to the PortMaster Routing Guide for a disc...

Страница 66: ...you must configure an IP address and netmask and set broadcast on the Ethernet interfaces on those boards as well See Configuring Standalone Ethernet Boards on page 4 8 To set or change the IP address...

Страница 67: ...PortMaster Ethernet ports If the setting has been changed you must enable IP on the Ethernet interface of all PortMaster products attached directly to a local Ethernet Disable IP traffic on Ethernet p...

Страница 68: ...four commonly used IPX encapsulation and frame types shown in Table 4 1 The encapsulation method and frame type were selected when your IPX network servers were installed The IPX frame type you set o...

Страница 69: ...configure the primary Ethernet interface before adding subinterfaces See Setting General Ethernet Parameters on page 4 3 for details After you configure the primary Ethernet interface follow this proc...

Страница 70: ...Ether1 Before You Begin Before a standalone Ethernet board can function you must configure an Ethernet interface on the manager module Configure Ether1 or Ether0 see Overview of PortMaster 4 Ethernet...

Страница 71: ...set 7 The IP address of Ether1 8 The IP address of Ether0 Main IP Address When the PortMaster creates an IP packet it must identify itself by placing a source address in the IP header To do so the Por...

Страница 72: ...nk state metric by using the cost Number keyword and value The Number metric is a 16 bit number between 1 and 65535 the default is 1 Refer to the PortMaster Routing Guide for more information about OS...

Страница 73: ...guring Network Users on page 5 4 Configuring Login Users on page 5 8 Note Only 100 to 200 users can be configured in the user table and stored in the nonvolatile memory of the PortMaster Therefore use...

Страница 74: ...hem The username is a string of from 1 to 8 printable nonspace ASCII characters The optional user password is a string of from 0 to 16 printable ASCII characters You cannot add users with blank userna...

Страница 75: ...er in pmd rlogin Telnet or netdata TCP clear connections through an asynchronous serial or ISDN port A connection is established to the specified host as soon as the user logs in This type of connecti...

Страница 76: ...command Command set user Username protocol slip ppp x75 sync If you set a nonzero IP address for the user IP is automatically routed If you set a nonzero IPX network number for the user IPX is automat...

Страница 77: ...etween the remote user device and the PortMaster Each user s connection requires a different IPX network number If you use fffffffe as the IPX network number the PortMaster assigns the user an IPX net...

Страница 78: ...ission unit MTU defines the largest frame or packet that can be sent without fragmentation A packet that exceeds this value is fragmented if IP or discarded if IPX PPP connections can have a maximum M...

Страница 79: ...me compression on off Table 5 2 describes the results of using each keyword To find out what type of compression was negotiated for the user enter the following command Command show S0 Setting Filters...

Страница 80: ...ined in the user table To specify the callback location for a network user use the following command Command set user Username dialback Locname none To disable callback connections for the user use th...

Страница 81: ...rmines the nature of their connection with the host The login service specifies how login sessions are established Four types of login service are available as described in Table 5 4 Table 5 4 Types o...

Страница 82: ...to establish a login session to the specified host Generally rlogin is used on mixed UNIX networks where the PortMaster login service is impractical to use telnet Telnet is supported on most TCP IP ho...

Страница 83: ...upports any of these connection types using one or more synchronous ports For most applications a dedicated line connects two PortMaster routers each located on a separate remote network The following...

Страница 84: ...ing the View To configure a synchronous serial line as a WAN port you must first set the view to the slot containing the board for the line that you want to configure To set the view enter the show bo...

Страница 85: ...modem dialing or authentication In this mode the port immediately begins running the specified protocol If the port is set for a hardwired connection it cannot be used for any other purpose A hardwir...

Страница 86: ...ys asserted Table 6 2 describes the effects of DCD condition on port behavior Set modem control on only if you want to use the DCD signal from the attached device In general set modem control on for n...

Страница 87: ...l Setting the Port Idle Timer The idle timer indicates how long the PortMaster waits after activity stops on a synchronous port before disconnecting a dial in or dial out connection You can set the id...

Страница 88: ...destination IP address for Frame Relay connections Instead use the data link connection identifier DLCI list to link IP addresses to DLCIs or use LMI or Annex D and Inverse ARP to discover Frame Relay...

Страница 89: ...eased lines or Frame Relay Routing is set in the user table for dial in connections and in the location table for dial out connections To configure RIP routing use the following command Command set W1...

Страница 90: ...mand set W1 ofilter Command reset W1 Command save all Note You must reset the port and re establish the connection for the new settings to take effect Setting Compression You can set Van Jacobson TCP...

Страница 91: ...onsole interface to ComOS Configuring the Location Table A location defines a dial out destination and the characteristics of the dial out connection Locations control dial out network connections in...

Страница 92: ...ial out location for each remote host or router you want to access Location table entries are identified by this unique location name which can contain up to 12 characters To create a location use the...

Страница 93: ...adcast the PortMaster dials out to that location when it boots to update routing information The PortMaster hangs up when the idle timer expires because RIP traffic does not reset the idle timer To co...

Страница 94: ...nd set location Locname telephone String Setting the Username and Password The username and password are what the PortMaster uses to authenticate itself to the remote host Note that the username and p...

Страница 95: ...ng the Destination Netmask If the host or network on the remote end of the connection requires a netmask you must define it in the location table To set the destination netmask for a location use the...

Страница 96: ...ed from 0 to 99 Dial group numbers can be used to reserve ports for dial out to specific locations or to differentiate among different types of modems that are compatible with the remote location The...

Страница 97: ...S data compression only for PPP connections with bidirectional compression Stac LZS data compression cannot be used for SLIP connections To configure compression for a location use the following comma...

Страница 98: ...more information on ISDN connections see Chapter 10 Configuring T1 E1 and ISDN PRI Setting CHAP When you enter a username and password into the location table they are used as the system identifier a...

Страница 99: ...t with the least amount of traffic in the queue Ports with very different speeds must not be combined for load balancing purposes The overall throughput for a given number of ports is approximately eq...

Страница 100: ...To set the high water mark in bytes for a location use the following command Command set location Locname high_water Number Setting Filters You can attach input and output filters to each location Fi...

Страница 101: ...connection with the remote location by using the dial command from the command line To display the chat script if you are using one during dialing use the optional x keyword You can watch the connecti...

Страница 102: ...Testing Your Location Configuration 7 12 PortMaster 4 Configuration Guide...

Страница 103: ...ava Virtual Machine JVM PMVision replaces the PMconsole interface to ComOS The FilterEditor application provides a graphical interface to construct and edit filters for both PortMaster 4 Remote Access...

Страница 104: ...ace filter are displayed while packets not permitted by the filter are not displayed For more information about the ptrace facility see the PortMaster Troubleshooting Guide Filter Options Table 8 1 sh...

Страница 105: ...network hardwired ports as either input or output filters SAP filters are attached as output filters only The Ethernet interface filter is enabled as soon as the name of the input or output filter is...

Страница 106: ...he volume of traffic User filters are attached to users configured for dial in SLIP or PPP access When a user makes a PPP or SLIP connection the designated filters are attached to the network interfac...

Страница 107: ...as ping packets report errors and provide other information about IP packet processing You can filter ICMP packets by source and destination IP address or by ICMP packet type Packet types are identifi...

Страница 108: ...ays Source and or destination IPX network number Source and or destination IPX node address Source and or destination IPX socket number To create an IPX filter rule use the following command entered o...

Страница 109: ...ning IP filters Some of the following examples use the 192 168 1 0 network as the public network Substitute the number of your network or subnetwork if you use these examples Note Any packet that is n...

Страница 110: ...8 permit tcp dst eq 53 Command set filter internet in 9 permit icmp Table 8 3 describes line by line each rule in the filter 5 Permits FTP data to return to the requesting host This rule is required t...

Страница 111: ...ng connections from TCP port 20 of your FTP server In the following examples 172 16 0 2 is the address of your FTP server and 192 168 0 1 is the address of the host from which you allow outgoing FTP C...

Страница 112: ...p dst eq 113 For more information about these types of queries refer to RFC 1413 Rule to Allow Networks Full Access To allow some other network to have complete access to your network add the followin...

Страница 113: ...ter restrict in 8 permit 0 0 0 0 0 10 0 0 3 32 udp dst eq 53 Command set filter restrict in 9 permit 0 0 0 0 0 10 0 0 3 32 tcp dst eq 53 Command set filter restrict in 10 permit 0 0 0 0 0 10 0 0 3 32...

Страница 114: ...ter the connection is established 4 If the address is not permitted the connection is denied unless access override is enabled If you want a user to be able to override a port s access filter enable a...

Страница 115: ...and descriptions and instructions Because the PortMaster is a DTE device a straight through RS 232 cable is used to connect modems to it Straight through cables for modems use pins 2 3 4 5 6 7 8 and 2...

Страница 116: ...se hardware flow control RTS CTS Using Automatic Modem Configuration PortMaster products use a modem table to automate the external modem configuration process The modem table is user configurable and...

Страница 117: ...a caret to separate the send and expect characters in the string In the example above the PortMaster expects OK Never use on or off for a modem short name Table 9 1 shows the current factory default...

Страница 118: ...C1 D2 Q3 T5 W OK multizdx MultiTech Z DX fax data v 32 115200 AT F ATM0 E1 C1 D3 SB115200S0 1S10 20 E0 W0 multi v34 MultiTech MT2834 28 8k 115200 AT F AT C1 D3S0 1 W0 multi v34 MultiTech MT2834 28 8k...

Страница 119: ...escribed in Configuring Ports for Modem Use on page 9 5 To configure the modem not to answer when users dial in set C0 0 in the initialization string Configuring Ports for Modem Use The modem settings...

Страница 120: ...speed use the following command entered on one line Command set C0 all speed 1 2 3 Speed You can substitute any of the following for Speed You can set the speed for all the asynchronous ports simulta...

Страница 121: ...for a modem use the following command Command set C0 rts cts on off Note Because it is more reliable you should always use hardware flow control if it is available Do not use both hardware and softwar...

Страница 122: ...Configuring Ports for Modem Use 9 8 PortMaster 4 Configuration Guide...

Страница 123: ...10 5 Configuring Fractional Settings on page 10 6 Configuring ISDN PRI Settings on page 10 7 Configuring True Digital Modems on page 10 10 Configuring Channelized T1 or E1 on page 10 11 Using NFAS for...

Страница 124: ...page 10 3 Configuring the Quad T1 Boards on page 10 4 Configuring the Ethernet Interface Use the console port to log in to the PortMaster or log in as root and press the Return key twice to get to the...

Страница 125: ...PMVision to continue the configuration process You can perform the following command line configuration via the console or by using Telnet Substitute your own information for variables 1 If you are n...

Страница 126: ...emory Command save all Configuring the Quad T1 Boards To configure a Quad T1 board you set the view to the slot where the Quad T1 board is installed Substitute your own information for variables 1 Set...

Страница 127: ...The board identification number is the same as the number of the slot in which the T1 or E1 board is installed Command show boards Use the following command to set the view to a slot with an installed...

Страница 128: ...st also set the channel rate for a fractional T1 or E1 line Setting Channel Groups You can divide the channels of a T1 E1 or ISDN PRI line into numbered groups after the line type has been set to frac...

Страница 129: ...set isdn switch ni 2 dms 100 4ess att 5ess net5 vn2 vn3 1tr6 ntt kdd ts014 Cgroup Group number from 1 to 63 that designates a port number on each T1 E1 or ISDN PRI line or none to unassign channels C...

Страница 130: ...set the port type to network hardwired set the directory number for the port appropriately and reset the port Table 10 6 T1 and E1 Framing Format Options Option Description Line0 Line0 through Line3...

Страница 131: ...following command Command set Line0 loopback on off Setting the Directory Number Normally a T1 or E1 line has a single telephone number However when the line is set up as ISDN B channels you can set a...

Страница 132: ...require no configuration or initialization string Use the show M0 and show modems commands to display modem status Setting Digital Modems to Analog Service When analog modem service is required for d...

Страница 133: ...vice on the Quad T1 board and channelized E1 service on the Tri E1 board Channelized T1 Service Channelized T1 service provides 24 channels of 56Kbps capacity each In contrast an ISDN PRI line provide...

Страница 134: ...and call options used with channelized T1 use the following command Table 10 12 explains the in band signaling protocol options Command set Line0 signaling wink immediate fxs Configuring the PortMaste...

Страница 135: ...or each line Command Slotnumber show Line0 Example Channelized T1 Configuration This example configures Line1 on a Quad T1 board for channelized T1 service using E M wink start extended superframe for...

Страница 136: ...band see Configuring Line Use on page 10 5 To accept caller ID and dial digit tones use the mrf2 option Because some countries implement different variations of multifrequency robbed bit signaling MF...

Страница 137: ...r show Line0 Using NFAS for ISDN PRI Non facility associated signaling NFAS is an ISDN PRI protocol that allows you to define one or two D channels to carry signaling messages for up to 20 T1 lines or...

Страница 138: ...ndary interface in standby mode As call traffic commences on the T1 interfaces the primary D channel handles signaling messages for all channels in the interface group which typically include the prim...

Страница 139: ...y one interface group and one type of signaling The four T1 interfaces on any Quad T1 line board cannot belong to different groups When you configure NFAS on one T1 interface the other T1 interfaces c...

Страница 140: ...Save the configuration and reset the slot to make the changes take effect Command 0 save all Command 0 reset slot0 5 Change the view to the slot containing the line board you want to set as the secon...

Страница 141: ...S Use the set debug nfas command to diagnose problems or errors during testing For example to receive debug information from the line board in slot 3 enter the following commands Command 2 set console...

Страница 142: ...mmand 1 set line3 nfas slave 7 5 Command 1 save all Command 1 reset slot1 To take full advantage of NFAS you can configure three more Quad T1 boards as slave interfaces for a maximum of 20 interfaces...

Страница 143: ...ype Using a Default Switch Type To configure the PortMaster 4 to communicate with an SS7 gateway using the default IMT switch type you set only the IP address and port number of the gateway and the Po...

Страница 144: ...P port 7000 using a 1A switch enter the following commands Command set view 0 Command 0 set imt 192 168 10 10 10000 7000 1a Changed gateway IP address from 0 0 0 0 to 192 168 10 10 Changed gateway por...

Страница 145: ...nes To view SS7 debug information for a Quad T1 or Tri E1 board set the view to the slot and enter the following commands Command 1 set console Command 1 set debug imt on For example the following sam...

Страница 146: ...teway is active and a session is established use the show netconns command to display session information The following output to the show netconns command shows that slot 1 and slot 2 handles S2 and...

Страница 147: ...8 10 10 and is listening for SS7 signaling on port 10000 Port 7000 on the PortMaster 4 is the IMT base port for both slot 0 and slot 1 Default Configuration Configure slot 0 set view 0 set imt 192 168...

Страница 148: ...Configuring SS7 10 26 PortMaster 4 Configuration Guide Set line signaling on all lines you want to use for SS7 in slot 1 set line0 imt set line0 signaling rbs save all reset slot1...

Страница 149: ...o zero NRZ DS 3 signaling A T3 Mux board can provide internal clocking or can receive clocking externally at a rate of 44 736Mbps The DS 1 clocking rate is 1 544Mbps You can install a T3 Mux board in...

Страница 150: ...the installed Quad T1 board Command set view Slotnumber You can now use the set Line0 clock command to set the clock source You use the backplane keyword of this command to derive clocking from a T3 M...

Страница 151: ...ock external internal Performing Diagnostics This section describes how to enable a PortMaster 4 to conduct loopback tests on a single DS 1 channel and on a T3 line Looping an Individual DS 1 Channel...

Страница 152: ...Performing Diagnostics 11 4 PortMaster 4 Configuration Guide...

Страница 153: ...interface to ComOS Overview of Frame Relay Frame Relay is a switched digital service that supports multiple virtual circuits simultaneously connected to a site by a single physical circuit Each site...

Страница 154: ...bandwidth available to the particular PVC under all conditions In some implementations an additional property can be assigned to a PVC known as burst speed or maximum burst This speed represents the...

Страница 155: ...port and specifying the DLCIs during the synchronous port configuration Alternatively the PortMaster can discover DLCIs dynamically with LMI or Annex D and learn the IP addresses of the other routers...

Страница 156: ...routers attached to the PVCs represented by the specified DLCIs if those routers support Inverse ARP Alternatively you can specify single IP addresses or IPX network numbers by appending a colon and...

Страница 157: ...th you must connect them to separate Ethernet segments Ether0 operates at 10Mbps and is physically on the manager board Use Ether1 for netboots SNMP RADIUS and syslog Follow this proceduG8e to configu...

Страница 158: ...t view Slotnumber Command Slotnumber The slot number appears in the prompt to identify the board you are configuring 3 Set the network type Command Slotnumber set W1 network hardwired 4 Set the protoc...

Страница 159: ...ery little trouble if you have configured the PortMaster using information from your carrier If you are having problems use the information in this section to debug your configuration If you are havin...

Страница 160: ...e it with a dial group Then associate a synchronous port with the same dial group For example to create a location called sub1 enter the following commands Command add location sub1 Command set locati...

Страница 161: ...ing Interface with the name of the interface A list of interfaces can be shown with the ifconfig command Always reset the port after changing the DLCI list Verify that all DLCIs are accounted for by c...

Страница 162: ...Frame Relay Subinterfaces 12 10 PortMaster 4 Configuration Guide...

Страница 163: ...s also require a carrier that provides an external clock signal PortMaster routers support leased line connections using synchronous ports and the PPP protocol In this configuration one PortMaster is...

Страница 164: ...Ipaddress 2 Set the name of the PortMaster on the other end of the connection Command set sysname String 3 Save the configuration Command save all Configuring Ethernet Interface Settings Note Lucent...

Страница 165: ...ard Setting the view for a specific board gives you administrative access to that board Command set view Slotnumber Command Slotnumber The slot number appears in the prompt to identify the board you a...

Страница 166: ...r configuration If you have trouble with a leased line connection verify the following Enter the following commands to view the PPP negotiation on port W1 if this is the port you are using Command set...

Страница 167: ...back Command set Line0 loopback on You should see the following message LCP_APPARENT_LOOP For more information about the interpreting the results of the debug command refer to the PortMaster Troublesh...

Страница 168: ...Troubleshooting a Leased Line Connection 13 6 PortMaster 4 Configuration Guide...

Страница 169: ...networks Novell Internetwork Packet Exchange IPX is another protocol used to exchange data over PC based networks IPX uses Novell s proprietary Service Advertising Protocol SAP to advertise special se...

Страница 170: ...ng made obsolete by classless interdomain routing CIDR Instead of dividing networks by class CIDR groups them into address ranges A network range consists of an IP address prefix and a netmask length...

Страница 171: ...ng a range from 192 through 223 inclusive The remaining 8 bits form the host field More than two million class C networks can exist and each class C network can have up to 254 hosts For example Class...

Страница 172: ...can be used by anyone for setting up their own internal IP networks IP Address Conventions If the bits in the host portion of an address are all 0 that address refers to the network specified in the n...

Страница 173: ...which network segment the node resides Node address expressed as dotted triplets of 4 digit hexadecimal numbers These 6 bytes 48 bits provide the media access control MAC address of the node The two e...

Страница 174: ...5 255 255 255 for the user s Framed IP Netmask regardless of the value of the attribute ComOS 3 5 and Later Releases ComOS 3 5 and subsequent releases support variable length subnet masks VLSMs theref...

Страница 175: ...maintenance required Managing Network Security PortMaster products allow you to maintain network security using a variety of methods Security is a general term that refers to restricting access to net...

Страница 176: ...authentication requests to the RADIUS server and acts on responses sent back by the server For more information about RADIUS refer to the RADIUS for Windows NT Administrator s Guide and RADIUS for UN...

Страница 177: ...1 TCP FTP control telnet 23 TCP Telnet smtp 25 TCP Simple Mail Transfer Protocol SMTP email nicname 43 TCP whois Internet directory service nicname 43 UDP whois Internet directory service domain 53 TC...

Страница 178: ...ity printer 515 TCP Line printer daemon LPD spooler talk 517 TCP Terminal to terminal chat talk 517 UDP Terminal to terminal chat ntalk 518 TCP Newer version of Terminal to terminal chat router 520 UD...

Страница 179: ...S save all 6 8 10 13 10 15 save route 2 18 set 2 2 set accounting 10 4 set all modem 9 5 set all speed 9 6 set assigned_address 2 8 10 4 set authentic 10 3 set C0 modem 9 5 set C0 rip v2 4 3 6 7 7 6 s...

Страница 180: ...signaling 10 12 10 13 10 14 10 15 set line0 source 11 2 set Line0 t1 10 6 set Line0 t1 e1 13 3 set line1 isdn 10 4 set line1 nfas slave 10 18 set line2 group 10 7 set location analog 10 10 set locati...

Страница 181: ...user session limit 5 4 set view 1 3 10 3 10 5 11 2 set W1 address 6 6 12 6 set W1 annex d 12 4 12 6 set W1 cd 6 4 12 6 13 4 set W1 destination 6 6 13 3 set W1 extended 6 2 set W1 group 6 5 set W1 han...

Страница 182: ...Command Index Command Index 4 PortMaster 4 Configuration Guide...

Страница 183: ...g Information table MIB 3 9 Board Call Summary table MIB 3 11 board identification number 6 2 10 5 12 6 13 3 boundaries of networks 2 19 of routes 2 20 broadcast high and low 4 4 broadcast address set...

Страница 184: ...2 11 DHCP server cable modem telephone interface 2 13 setting 2 16 dial 6 5 dialback See callback dial groups 6 5 7 6 dial in configuration tip 1 3 dial in users maximum ports 5 6 dial on demand conne...

Страница 185: ...out 7 10 FTP 8 9 hardwired port 8 8 ICMP packets 4 4 input 4 3 5 8 6 7 7 10 8 3 Internet 8 8 IP 8 4 IPX rules 8 6 location filters 8 4 logging results 8 11 maximum number 8 2 network access 8 10 outpu...

Страница 186: ...ype 10 22 using default switch type 10 21 in pmd 1 1 2 22 in band signaling E1 10 12 T1 10 12 See channelized T1 and channelized E1 initialization strings 9 3 intermachine trunk See IMT Internet input...

Страница 187: ...P IP header compression 7 7 testing 7 11 username 7 4 loghost setting 2 4 login host 5 8 login users adding to the user table 5 2 description of 5 3 See also user table loopback enabling on T1 or E1 l...

Страница 188: ...description 5 3 protocol 5 4 See user table NFAS configuring 10 17 D channel backup 10 17 debugging 10 19 described 10 15 displaying 10 19 examples 10 19 fault tolerance 10 17 limitations 10 17 multi...

Страница 189: ...7 7 1166 A 1 A 2 1213 3 1 1490 12 3 1597 A 4 1700 8 5 8 6 1826 8 5 1827 8 5 1877 2 3 2003 8 5 2139 A 8 988 A 3 RIP network users 5 6 on Ethernet 4 3 routing setting 7 6 synchronous ports 6 7 rlogin l...

Страница 190: ...12 5 13 2 syslog messages 2 4 system logging disabling 2 4 messages 2 4 setting 2 4 T T1 and E1 Interfaces table MIB 3 7 T1 channel groups 10 6 T1 lines channel groups 10 6 channel rates 10 7 encodin...

Страница 191: ...5 5 login host 5 8 login service 5 9 login users 5 2 maximum ports 5 6 MTU 5 6 packet filters 5 7 session limit 5 4 setting the protocol 5 4 TCP IP header compression 5 7 user types 5 2 utilities for...

Отзывы:

Нет отзывов

Похожие инструкции для PortMaster 4

Бренд: Unisys Страницы: 20

Бренд: Xerox Страницы: 2

Бренд: TANDBERG Страницы: 276

Бренд: Xerox Страницы: 24

DocuColor 7000AP

Бренд: Xerox Страницы: 36

digitalSTROM-Server

Бренд: aizo Страницы: 2

Бренд: KYLAND Страницы: 30

Бренд: Ubiquiti Страницы: 28

Бренд: CNET Страницы: 2

Crestron 908012

Бренд: SIERRA VIDEO SYSTEMS Страницы: 32

Бренд: Olive Страницы: 24

BizNAS D400 Series

Бренд: Tandberg Data Страницы: 2

Бренд: Doremi Страницы: 11

Бренд: Supero Страницы: 108

Бренд: Supero Страницы: 114

Бренд: Supero Страницы: 102

Бренд: Supero Страницы: 116

2U Twin3 SuperServer 2015TA-HTRF

Бренд: Supero Страницы: 94

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды