Lucent Technologies PortMaster Скачать руководство пользователя страница 262 | Manualshive

Страница: 262 / 364

background image

Providing Network Filtering

16-10

PortMaster Configuration Guide

Providing Network Filtering

Your connection to the Internet can be vulnerable to attack from other Internet users.
Therefore, Lucent recommends that you add an input filter to the location

isp1

for the

continuous dial-out connection. For a hardwired connection, you should attach an
input filter to the hardwired port.

Note –

This section describes an example filter that might not protect your network

from all forms of attack. For more information about filters, refer to “Additional
References” in the preface and Chapter 9, “Configuring Filters.” Refer to the

ChoiceNet

Administrator’s Guide

and the

RADIUS Administrator’s Guide

for more information on

network security.

The filter named

internet.in

contains the following rules:

deny 192.168.200.0/24 0.0.0.0/0 log
permit tcp estab
permit 0.0.0.0/0 mail.edu.com/32 tcp dst eq 25
permit 0.0.0.0/0 ftp.edu.com/32 tcp dst eq 21
permit 0.0.0.0/0 www.edu.com/32 tcp dst eq 80
permit tcp src eq 20 dst gt 1023
permit udp dst eq 53
permit tcp dst eq 53
permit icmp

If you have not configured a name server for the PortMaster, use IP addresses instead of
hostnames when creating filters.

Table 16-6 provides a line by line description the filter.

Table 16-6

Description of Internet Filter

Rule

Description

1.

Denies any incoming packets claiming to be from your own network
(192.168.200.0). This rule blocks IP spoofing attacks and logs the
spoofing attempt.

2.

Permits already established TCP connections.

3.

Permits SMTP connections to the mail server

mail.edu.com

.

4.

Permits FTP connections to the host

ftp.edu.com

.

5.

Permits WWW HTTP connections to the Web server

www.edu.com

.

✍

«
...
260
261
262
263
264
...
»

Содержание PortMaster

Страница 1: ...PortMaster ConfigurationGuide Lucent Technologies RemoteAccessBusinessUnit 4464WillowRoad Pleasanton CA94588 925 737 2100 800 458 9966 May1998 950 1182D...

Страница 2: ...her marks are the property of their respective owners Disclaimer Lucent Technologies Inc makes no express or implied representations or warranties with respect to the contents or use of this manual an...

Страница 3: ...t Remote Access Technical Support xxiii For the EMEA Region xxiv For North America Latin America and the Asia Pacific Region xxiv PortMaster Training Courses xxiv Subscribing to PortMaster Mailing Lis...

Страница 4: ...ult Routing 3 6 Configuring Name Resolution 3 6 Using the Host Table 3 7 Setting the Name Service 3 7 Setting the Name Server 3 8 Setting the Domain Name 3 8 Setting the Telnet Port 3 9 Using the Teln...

Страница 5: ...Table 3 26 Enabling NetBIOS Broadcast Packet Propagation 3 29 Setting Authentication for Dial In Users 3 29 Setting Call Check Authentication 3 30 Setting the ISDN Switch 3 30 4 Configuring the Ether...

Страница 6: ...splaying Extended Port Information 5 5 Setting the Login Prompt 5 5 Setting the Login Message 5 6 Setting an Optional Access Filter 5 6 Setting Port Security 5 6 Allowing Users to Connect Directly to...

Страница 7: ...synchronous Map 5 24 Setting Input and Output Filters 5 25 Connecting without TCP IP Support 5 25 6 Configuring a Synchronous WAN Port Synchronous Port Uses 6 1 Configuring WAN Port Settings 6 4 Gener...

Страница 8: ...Ports 7 8 Setting Compression 7 8 Setting Filters 7 9 Specifying a Callback Location 7 10 Configuring Login Users 7 10 Setting the Login Host 7 10 Applying an Optional Access Filter 7 11 Setting the L...

Страница 9: ...e Maximum Number of Dial Out Ports 8 12 Setting Bandwidth on Demand 8 12 Setting Filters 8 13 Input Filters 8 13 Output Filters 8 13 Testing Your Location Configuration 8 14 9 Configuring Filters Over...

Страница 10: ...dem Cable and Signals 10 1 Modem Functions 10 2 Using Automatic Modem Configuration 10 2 Displaying Modem Settings and Status 10 2 Adding a Modem to the Modem Table 10 3 Associating a Modem with a Por...

Страница 11: ...Service 11 9 Using Channelized T1 11 10 Why Use Channelized T1 11 10 How to Order DS 1 Service from the Telephone Company 11 10 Configuring the PortMaster 3 for Channelized T1 11 11 Example Channeliz...

Страница 12: ...S T Interface 12 8 Port Limits 12 8 Data over Voice 12 8 ISDN Port Configuration Tips 12 9 ISDN BRI Unnumbered IP Configuration Example 12 9 Configuration Steps 12 9 Configuring the PortMaster in Denv...

Страница 13: ...a Frame Relay Subinterface 13 15 14 Using Synchronous V 25bis Connections Overview of Synchronous V 25bis Dial Up Connections 14 1 Configuration Steps for a Synchronous V 25bis Connection 14 3 Config...

Страница 14: ...tup 16 9 Providing Network Filtering 16 10 Using ISDN for Internet Connections 16 11 17 Providing User Dial In Access Overview of Dial In Configuration 17 1 Example Configuration 17 3 Configuration St...

Страница 15: ...outer in Rome 19 4 Configuring the PortMaster Office Router in Florence 19 6 Troubleshooting a Leased Line Connection 19 8 A Networking Concepts Network Addressing A 1 IP Addressing A 1 IP Address Not...

Страница 16: ...Contents xvi Configuration Guide for PortMaster Products...

Страница 17: ...PMVision graphical user interface GUI This guide assumes you are using the command line interface and provides examples of command line usage Audience This guide is designed for qualified system admin...

Страница 18: ...rking and configuration issues related to PortMaster products PortMaster hardware installation guides These guides contain complete hardware installation instructions An installation guide is availabl...

Страница 19: ...rmation Protocol RFC 1112 Host Extensions for IP Multicasting RFC 1144 Compressing TCP IP Headers for Low Speed Serial Links RFC 1157 A Simple Network Management Protocol SNMP RFC 1166 Internet Number...

Страница 20: ...RFC 1828 IP Authentication Using Keyed MD5 RFC 1829 The ESP DES CBC Transform RFC 1877 PPP Internet Protocol Control Protocol Extensions for Name Server Addresses RFC 1878 Variable Length Subnet Tabl...

Страница 21: ...BN 1 56592 124 0 DNS and BIND 2nd ed Paul Albitz and Cricket Liu Sebastopol CA O Reilly Associates Inc 1992 ISBN 1 56592 236 0 Firewalls and Internet Security Repelling the Wily Hacker William R Chesw...

Страница 22: ...icates a user entry a command menu option button or key or the name of a file directory or utility except in code samples Enter version to display the version number Press Enter Open the permit_list f...

Страница 23: ...year hardware warranty For all technical support requests record your PortMaster ComOS version number and report it to the technical support staff or your authorized sales channel partner New release...

Страница 24: ...8 40 By electronic mail email send mail to emea support livingston com For North America Latin America and the Asia Pacific Region Contact Lucent Remote Access Monday through Friday between the hours...

Страница 25: ...digest in the body of the message portmaster radius a discussion of general and specific RADIUS issues including configuration and troubleshooting suggestions To subscribe send email to majordomo liv...

Страница 26: ...Subscribing to PortMaster Mailing Lists xxvi PortMaster Configuration Guide...

Страница 27: ...on also supports command entry you can use a combination of GUI panels and ComOS commands to configure monitor and debug a PortMaster When connected to one or more PortMaster products PMVision allows...

Страница 28: ...Preconfiguration Planning Before the PortMaster can be used to connect wide area networks WANs you must install the hardware using the instructions in the installation guide for your system This confi...

Страница 29: ...vice on analog lines ISDN BRI ISDN PRI channelized T1 or E1 Many other decisions must be made during the configuration process This guide discusses the various configuration options and their implicat...

Страница 30: ...ached to the console port by an administrative Telnet session or by a network connection 3 If you want to use PMVision software to configure your PortMaster install it on a workstation anywhere on you...

Страница 31: ...ion 11 Configure dial out locations in the location table The location table is described in Chapter 8 Configuring Dial Out Connections 12 Configure filters in the filter table Once the filters are cr...

Страница 32: ...Basic Configuration Steps 1 6 PortMaster Configuration Guide...

Страница 33: ...following functions during the booting process 1 Self diagnostics are performed The results are displayed to asynchronous console port C0 or S0 if the console DIP switch first from the left also known...

Страница 34: ...Guide for details 3 The user configuration is loaded from Flash RAM 4 The IP address is located If no address is configured for the Ethernet interface and no address was obtained from netbooting the P...

Страница 35: ...and those locations 6 Broadcasting and listening for routing packets are initiated on interfaces configured for routing 7 TCP connections to PortMaster hosts are established 8 TCP connections are esta...

Страница 36: ...corresponds to the user If the password entered by the user does not match the PortMaster denies access with an Invalid Login message If no user table entry exists for the user and port security is o...

Страница 37: ...and the login host for the user is not permitted by the access filter the PortMaster refuses service with an Access Denied message If the access override parameter is set on the port the PortMaster in...

Страница 38: ...indicates that the login prompt has been sent to the port and should be displayed on the terminal The PortMaster is waiting for a login request HOSTNAME The host prompt has been sent to the port The P...

Страница 39: ...iguring Name Resolution on page 3 6 Setting the Telnet Port on page 3 9 Setting the Number of Management Application Connections on page 3 9 Setting System Logging on page 3 9 Setting Administrative L...

Страница 40: ...p to 16 characters used to access the PortMaster administration features Only the administrator can change the password To set the password use the following command Command set password Password Usin...

Страница 41: ...Ethernet nor requests from PortMaster OR U dial up routers How the Cable Modem Telephone Return System Works After you set the IP address of the DHCP server on the PortMaster product the cable modem d...

Страница 42: ...able interface Dynamic configuration Cable modem router Telephone interface 172 16 98 67 192 168 33 10 11820024 P P P c o n n e c t i o n a s y n c h r o n o u s IP Packet DST 192 168 33 10 SRC DHCP R...

Страница 43: ...IP address of the cable interface 172 16 98 67 as the source address Because packets now carry the source address of the cable interface response to these packets travels via the coaxial cable The Com...

Страница 44: ...PortMaster Routing Guide PortMaster products can automatically send and accept route information as part of RIP messages if routing is turned on If default routing is on default routes are sent and ac...

Страница 45: ...ion Service NIS for hostname resolution rather than the local host table The PortMaster always checks the local host table before using DNS or NIS For information on setting the NIS or DNS name servic...

Страница 46: ...name service before you set a name server See Setting the Name Service on page 3 7 If you are not using a name service you do not need a name server To set the name server use the following command C...

Страница 47: ...eful for administrators who log in to a port using Telnet and need to access the console for debugging purposes Note Only one Telnet session can receive console messages at a time To set the current T...

Страница 48: ...g Disabling and Redirecting Syslog Messages By default the PortMaster logs five types of events at the informational info priority level using the authorization auth facility on the log host You can d...

Страница 49: ...ies Lucent recommends that you use the auth facility or the local0 through local7 facilities to receive syslog messages from PortMaster products but all the facilities are provided See your operating...

Страница 50: ...PPP or SLIP dial in users By assigning addresses as needed from a pool the PortMaster requires fewer addresses than if each user is assigned a specific address When a dial in connection is closed the...

Страница 51: ...t a reported address different from the Ether0 address For PPP connections this address is reported to the outside and placed in the PPP startup message during PPP negotiation For SLIP connections thi...

Страница 52: ...his file under Livingston Extensions The livingston mib file can be found in the SNMP directory of the ComOS software or on the World Wide Web at http www livingston com Forms one click dnload cgi To...

Страница 53: ...ettings 3 15 Configuring SNMP Figure 3 2 Management Information Base MIB Hierarchy unnamed 0 CCITT 1 iso 3 org 6 dod 1 internet 2 mgmt 2 joint ISO CCITT 1 mib 307 Livingston 1 directory 3 experi menta...

Страница 54: ...llows 307 refers to the Livingston namespace 3 refers to the MIB 2 refers to interfaces 1 refers to serial interfaces 1 refers to the serial interfaces table 1 refers to an entry in the serial interfa...

Страница 55: ...PortName PortName PortName PortName PortName 307 3 2 1 1 1 3 PhysType PhysType PhysType PhysType PhysType 307 3 2 1 1 1 4 User User User User User 307 3 2 1 1 1 5 SessionId SessionId SessionId Sessio...

Страница 56: ...or login port this value is the IP address of the host to which the user is connected ifDescr Text string containing information about the network interface bound to the serial interface InOctets Tota...

Страница 57: ...figured function of the interface Status Current operational state of the interface Operational states include the following up 1 down 2 loopback 3 Framing Configured line framing Line framing types i...

Страница 58: ...yncErrors Total number of frame synchronization errors detected on the interface Table 3 8 Modem Table Object Type Definition livingstonModemIndex Unique value for each modem interface livingstonModem...

Страница 59: ...e read and write community strings act like passwords to permit access to the SNMP agent information The read community string must be known by any device allowed to access or read the MIB information...

Страница 60: ...to control SNMP security by specifying the IP addresses of the hosts that are allowed to access SNMP information The specification of read and write hosts allows another level of security beyond the...

Страница 61: ...nd associated alarm identification numbers For details about a specific alarm enter the following command Command show alarm alarm id To clear alarms from the SNMP alarm table enter the following comm...

Страница 62: ...run RIP OSPF or BGP Hosts connected to the PortMaster do not support RIP OSPF or BGP Separate static routes tables are maintained for IP and for IPX which you display with the show routes and show ipx...

Страница 63: ...delete route Ipaddress NM Ipaddress gw Command save all You can delete only static routes Adding and Deleting a Static Route for IPX A static route for IPX contains the following items Destination Th...

Страница 64: ...ipxgateway Network Node Metric Note You can delete only static routes Modifying the Static Netmask Table The netmask table is provided to allow routes advertised by RIP to remain uncollapsed on netwo...

Страница 65: ...from PortMaster products with the following two exceptions If you use a netmask table entry of 255 255 255 255 In this case the routes broadcast as host routes really are host routes so non PortMaster...

Страница 66: ...roxy ARP Instead you use your 192 168 206 0 network for the Ethernet and divide your other networks up among the PortMaster routers Each network provides 30 addresses for the assigned pool of each Por...

Страница 67: ...adcast packets propagated to all networks to get and forward information about the named nodes on the network NetBIOS uses a broadcast mechanism to get this information because it does not implement a...

Страница 68: ...ut authenticating the user at the point of entry on PortMaster products that support PRI or in band signaling To enable the call check feature in the ComOS you must first configure call check user ent...

Страница 69: ...ion on making the Ethernet connection See the PortMaster Command Line Reference for more detailed command descriptions and instructions Setting General Ethernet Parameters The commands described in th...

Страница 70: ...Filters applied to the Ethernet interface take effect immediately If you change the filter the change will not take effect until you set the filter on the interface again or you reboot the PortMaster...

Страница 71: ...face use the following command Command set Ether0 ofilter Filtername To remove the output filter omit the filter name when entering the command Setting IP Parameters PortMaster products support both t...

Страница 72: ...s are high where the host part of the address is all 1s such as 192 168 1 255 or low where the host part of the address is all 0s such as 192 168 1 0 The PortMaster default is low The standard for hos...

Страница 73: ...of your local Ethernet segment An IPX network address is a number entered in hexadecimal format described in Appendix A Networking Concepts To set the IPX network address use the following command Com...

Страница 74: ...the frame type set for your network Contact your IPX network administrator for information about the frame type used on your network To set the IPX frame type use the following command entered on one...

Страница 75: ...supports static routing only IPX RIP OSPF packet filtering and route propagation are not supported on subinterfaces You must configure the primary Ethernet interface before adding subinterfaces see S...

Страница 76: ...value The Number metric is a 16 bit number between 1 and 65535 the default is 1 Routers in OSPF networks continually exchange hello packets with their neighbor routers You can set the interval that e...

Страница 77: ...onnection on page 5 20 Connecting without TCP IP Support on page 5 25 See the PortMaster Command Line Reference for more detailed command descriptions and instructions Asynchronous Port Uses The follo...

Страница 78: ...munication servers are most commonly used to allow remote users to dial in to a network location and access a host with their local account This configuration is also used by ISPs that provide many us...

Страница 79: ...settings This feature allows the host running in pmd to alter the active parameters through software control by using operating system I O calls ioctl calls in UNIX The settings that the host can ove...

Страница 80: ...chronous ports simultaneously by using the set all databits command To set databits use the following command Command set S0 all databits 5 6 7 8 Setting Flow Control The PortMaster can use either sof...

Страница 81: ...formation The PortMaster can display port information in brief or extended modes The default setting is off To enable or disable extended information for a port use the following command Command set S...

Страница 82: ...t Security Port security requires that each username be found in the user table or in the RADIUS database If port security is on all users who log in must have their usernames verified before they are...

Страница 83: ...a dial in connection and how long the PortMaster should wait for a response to a login password or host prompt You can set the idle time in seconds or minutes to any value from 0 to 240 The default se...

Страница 84: ...r login In user login mode the user is prompted for his or her login name after the attached modem answers and completes rate negotiation Once the user is identified as a valid user through the user t...

Страница 85: ...et the login host Command set S0 host 1 2 3 4 default prompt Ipaddress 4 Specify the terminal type Command set S0 all termtype String 5 Reset the port and save the settings Command reset S0 Command sa...

Страница 86: ...in is used on mixed UNIX networks where the PortMaster login service is impractical to use telnet Telnet is supported on most TCP IP hosts This login service should be selected when the PortMaster and...

Страница 87: ...of the functions of a communications server is to provide network users access to shared devices such as printers and modems The port connected to the printer or modem can provide shared access if it...

Страница 88: ...PortMaster device service and a pseudo tty connection This configuration is most commonly used to provide access to shared devices such as printers Figure 5 2 Host Device Configuration Figure 5 3 sho...

Страница 89: ...stname must be specified either in the port configuration or as the global default host In addition the PortMaster in pmd daemon must be installed on the specified host To configure a port for access...

Страница 90: ...o through the PortMaster is specified as dev network PortMaster Device Service The PortMaster device service is the most efficient and highest performance service This service can be used with any wor...

Страница 91: ...vice Service The netdata device service provides a TCP clear channel on which 8 bit data is passed without interpretation This service can be used to connect to the selected port from another serial p...

Страница 92: ...he access type Command set S0 network dialin dialout twoway 2 Save the configuration Command save all Note In any of these dial modes dial in dial out and two way you can also configure the port for o...

Страница 93: ...dicated to Internet connections or connections to another office In this configuration the port is used to establish communication from the PortMaster to an outside location SLIP or PPP is used for th...

Страница 94: ...nfigure two way access set the port type for network use and then set the network dial access for two way use The specified port operates in user login mode if DCD is detected on pin 8 of the RS 232 c...

Страница 95: ...PP as described in RFC 1717 on ISDN BRI ports and all ports on the PortMaster 3 Note Be sure to use the set S0 rts cts command to enable hardware flow control RTS CTS for all SLIP and PPP connections...

Страница 96: ...nchronous devices FRADs Hardwired connections can use SLIP or PPP with IP and IPX Note This type of configuration creates a continuous uninterrupted connection on this port If the port is configured f...

Страница 97: ...s Command set S0 destination Ipaddress Ipmask 5 Set the IPX network number if you are using IPX Command set S0 ipxnet Ipxnetwork 6 Enable RIP routing Command set S0 rip on off broadcast listen 7 Set c...

Страница 98: ...bytes SLIP connections can have an MTU set from 100 to 1006 bytes The remote host can negotiate smaller MTUs if necessary The MTU is typically set to the maximum allowed for the protocol being used ei...

Страница 99: ...ns over network hardwired asynchronous lines Lucent implements Van Jacobson TCP IP header compression and Stac LZS data compression Compression is on by default Compression should not be used with mul...

Страница 100: ...wing command Command show S0 Setting the PPP Asynchronous Map The PPP protocol supports the replacement of nonprinting ASCII characters found in the datastream These characters are not sent through th...

Страница 101: ...are sent to the interface For more information about filters see Chapter 9 Configuring Filters Connecting without TCP IP Support You can configure the PortMaster to connect to bulletin board service B...

Страница 102: ...Connecting without TCP IP Support 5 26 PortMaster Configuration Guide Note The PortMaster ignores the Data Set Ready DSR signal Some PCs might require DSR high but they do not tie DSR to DTR...

Страница 103: ...roducts support any of these connection types using one or more synchronous ports All WAN port connections are similar and are represented in Figure 6 1 on page 6 3 For most applications a dedicated l...

Страница 104: ...n Frame Relay in applications where short bursts of connectivity are required but dial up modems do not provide enough bandwidth V 25bis dialing is used to establish a link over a switched network and...

Страница 105: ...type of synchronous connection to use between your remote locations the synchronous port on each end of the connection must be configured IRX Router IRX Router 11820004 Bangkok New York workstation 1...

Страница 106: ...lay synchronous port information in brief or extended modes The default setting is off To enable or disable extended information for a port use the following command Command set W1 extended on off Not...

Страница 107: ...y other purpose A hardwired connection must be used for a leased line or Frame Relay connection dialin Allows the port to accept dial in network connections for use with switched 56Kbps or ISDN connec...

Страница 108: ...ral set modem control on for network dial in or dial out configurations Modem control is usually off for leased line or Frame Relay connections but you can use it if the CSU DSU is configured accordin...

Страница 109: ...ropped for 500 milliseconds causing a hangup on the line To set the hangup control use the following command Command set W1 hangup on off The reset command always drops the DTR signal Setting the Port...

Страница 110: ...port is disabled To set the IP address use the following command Command set W1 address Ipaddress Setting the Destination IP Address The destination IP address or hostname of the machine on the other...

Страница 111: ...Concepts for more information about using subnet masks Setting the IPX Network Address When using IPX you must identify an IPX network number of the serial link that is unique from every other IPX num...

Страница 112: ...e attached filter Only packets permitted by the filter are passed through the PortMaster If an output filter is attached packets going to the interface are evaluated against the rule set in the filter...

Страница 113: ...to take effect For example to remove the output filter from a synchronous port use the following commands Command set W1 ofilter Command reset W1 Command save all Note You must reset the port and re e...

Страница 114: ...Configuring WAN Port Settings 6 12 PortMaster Configuration Guide...

Страница 115: ...e information This chapter discusses the following topics Configuring the User Table on page 7 1 User Types on page 7 3 Configuring Settings for Network and Login Users on page 7 4 Configuring Network...

Страница 116: ...formation for a particular user for example use the following command Command show user elena Username elena Type Dial in Network User Address Assigned Netmask 255 255 255 255 Protocol PPP Options Qui...

Страница 117: ...m another router the router must have an entry in the user table or in RADIUS PortMaster products allow you to configure two types of users network users and login users Network Users Network users di...

Страница 118: ...can set the idle time in seconds or minutes with any value between 2 and 240 The default setting is 0 minutes The idle timer is not reset by RIP keepalive or SAP packets To set the idle timer use the...

Страница 119: ...You must define the IP address or hostname of the remote host or router Table 7 1 describes three different ways that the user IP address can be determined Table 7 1 User IP Address Options IP Address...

Страница 120: ...connection between the remote user device and the PortMaster Each user s connection requires a different IPX network number If you use fffffffe as the IPX network number the PortMaster assigns the use...

Страница 121: ...character map use the following command Command set user Username map Hex Setting the MTU Size The maximum transmission unit MTU defines the largest frame or packet that can be sent without fragmentat...

Страница 122: ...are allowed You can also set the dial in port limit using the RADIUS Port Limit attribute To set the maximum number of dial in ports use the following command Command set user Username maxports Numbe...

Страница 123: ...nly packets allowed by the filter can pass through the PortMaster If an output filter is applied to a user packets going to the user are evaluated against the rule set for the applied filter Only pack...

Страница 124: ...ion table The PortMaster always calls back using the same port on which the user called in Network users have PPP or SLIP sessions started for them as defined in the user table To specify the callback...

Страница 125: ...er Filtername Note You must define a filter in the filter table before you can apply it For more information about filters see Chapter 9 Configuring Filters Table 7 4 Login Host Options Host Option De...

Страница 126: ...host that has the PortMaster in pmd daemon installed This type of login service is preferred because it makes the PortMaster port operate like a serial port attached to the host This service is the m...

Страница 127: ...ing command Command set user Username dialback String none To disable callback connections for the user use the none keyword netdata The netdata login service creates a virtual connection between the...

Страница 128: ...Configuring Login Users 7 14 PortMaster Configuration Guide...

Страница 129: ...onfiguring the Location Table A location defines a dial out destination and the characteristics of the dial out connection Locations control dial out network connections in much the same way the user...

Страница 130: ...d for dialing out with the tip command or UUCP For information on these applications refer to Chapter 18 Accessing Shared Devices To display the location table enter the following command Command show...

Страница 131: ...shown in Table 8 1 If you are changing an existing location s connection type verify that the connection is not active To configure the connection type use the following command Command set location...

Страница 132: ...e PortMaster dials out to that location when it boots to update routing information The PortMaster hangs up when the idle timer expires because RIP traffic does not reset the idle timer To configure a...

Страница 133: ...name and password you enter here must also be resident on the remote host in the user table RADIUS or other authentication mechanism To set the username and password use the following commands Command...

Страница 134: ...ocation Locname destination Ipaddress Setting the Destination Netmask If the host or network on the remote end of the connection requires a netmask you must define it in the location table To set the...

Страница 135: ...owing command Command set location Locname rip on off broadcast listen Table 8 2 describes the results of using each keyword Note ComOS releases prior to 3 5 use routing instead of the rip keyword Tab...

Страница 136: ...cname group Group Setting the MTU Size The maximum transmission unit MTU defines the largest frame or packet that can be sent through this port without fragmentation If an IP packet exceeds the specif...

Страница 137: ...used for SLIP connections To configure compression for a location use the following command Command set location Locname compression on off stac vj Table 8 3 describes the results of using each keywor...

Страница 138: ...nual or on demand connection use the following command Command set location Locname idletime Number minutes seconds Setting Data over Voice The PortMaster supports data over voice for inbound and outb...

Страница 139: ...for a location The high water mark triggers the PortMaster to bring up an additional connection to the location when the amount of data specified by the high water mark is queued The PortMaster exami...

Страница 140: ...and see Setting the Idle Timer on page 8 10 all ports used for that connection are timed out simultaneously To set the maximum number of dial out ports for a location use the following command Command...

Страница 141: ...e by the location must be reset to have the changes take effect Note If a matching filter name is not found in the filter table this command is not effective and all traffic is permitted Input Filters...

Страница 142: ...onnection with the remote location by using the dial command from the command line To display the chat script if you are using one during dialing use the optional x keyword You can watch the connectio...

Страница 143: ...d to accomplish the goal described See the PortMaster Command Line Reference for more detailed command descriptions and instructions Overview of PortMaster Filtering Packet filters can increase securi...

Страница 144: ...mber of filter rules exceeds the limit If a packet is discarded by a filter an appropriate ICMP unreachable message is returned to the source address This message provides immediate feedback to the us...

Страница 145: ...the source and destination addresses of a packet against a rule list The number of significant bits used in IP address comparisons can be set allowing filtering by host subnet network number or group...

Страница 146: ...ntering the PortMaster and an output filter is used on packets exiting the PortMaster Figure 9 1 Input and Output Filters All packets entering a PortMaster through an interface with an input filter ar...

Страница 147: ...ched to the network interface created for that connection Location filters are attached to dial out locations using SLIP or PPP connections When the connection is established to a remote site the desi...

Страница 148: ...der AH protocol See RFC 1826 for more information on this protocol ipip matches packets using the IP Encapsulation within IP IPIP See RFC 2003 for more information on this protocol If you are using Ch...

Страница 149: ...umber Appendix B TCP and UDP Ports and Services lists port numbers commonly used for UDP and TCP port services For a more complete list see RFC 1700 To create a UDP filter rule use the following comma...

Страница 150: ...vertising the service via SAP Name IPX network number IPX node address IPX socket number To create a SAP filter rule use the following command entered on one line Command set sapfilter Filtername Rule...

Страница 151: ...explicitly permitted by a filter is denied except for the special case of a filter with no rules which permits everything Simple Filter A simple filter can consist of the following rules Command set f...

Страница 152: ...cp src eq 20 dst gt 1023 Command set filter internet in 7 permit udp dst eq 53 Command set filter internet in 8 permit tcp dst eq 53 Command set filter internet in 9 permit icmp Table 9 3 describes li...

Страница 153: ...many sites use FTP proxies or passive FTP neither of which is discussed in this guide Consult Firewalls and Internet Security Repelling the Wily Hacker by Cheswick and Bellovin and Building Internet...

Страница 154: ...p src eq 20 dst gt 1023 Command set filter internet out 4 permit 172 16 0 2 32 0 0 0 0 0 tcp src eq 21 dst gt 1023 estab If you allow any internal host to send out packets with FTP replace 192 168 0 1...

Страница 155: ...our network you might unknowingly allow other networks complete access as well Any network that can access a network having complete access privileges to your network also has access to your network F...

Страница 156: ...p dst eq 53 Command set filter restrict in 10 permit 0 0 0 0 0 10 0 0 3 32 icmp Table 9 4 describes line by line each rule in the filter To log all packets that are denied add the following rule to th...

Страница 157: ...nection is established 4 If the address is not permitted the connection is denied unless access override is enabled If you want a user to be able to override a port s access filter enable access overr...

Страница 158: ...Restricting User Access 9 16 PortMaster Configuration Guide...

Страница 159: ...ons and instructions Because the PortMaster is a DTE device a straight through RS 232 cable is used to connect modems to it Straight through cables for modems use pins 2 3 4 5 6 7 8 and 20 Null Modem...

Страница 160: ...set itself when DTR is dropped Lock the DTE speed Use hardware flow control RTS CTS Using Automatic Modem Configuration PortMaster products use a modem table to automate the modem configuration proces...

Страница 161: ...o the modem table use the following command Command add modem ModemName short ModemName long Speed String For example to add a Paradyne 3811 modem to the modem table enter Command add modem para3811 P...

Страница 162: ...00 AT F C1 D3S0 1S10 20 W eiger v34 p Eiger 28 8 PCMCIA 11520 0 AT F C1 D3S0 1S10 20 W gvc 14 4 GVC Maxtech V 32 57600 AT F C1 D3S0 1S10 20 W0 gvc 28 8 GVC Maxtech V 34 11520 0 AT F C1 D3S0 1S10 20 W0...

Страница 163: ...P9600SA 57600 AT F C1 D3S0 1S2 129 W pp v34 Practical Peripherals PM288T II 11520 0 AT F0M0S0 1V1 C1 D3 K3 W0 W1 para3811 Paradyne 3811 11520 0 AT FS0 1 W ppi v34 p PPI ProClass V 34 PCMCIA 11520 0 AT...

Страница 164: ...enter Command set s1 modem usr v34 Command reset s1 usr v32 p USR Courier Sportster V 32bis PCMCIA 57600 AT F1 W usr v34 p USR Courier Sportster V 34 PCMCIA 11520 0 AT F1S0 1 W usr v32 USR Courier Sp...

Страница 165: ...peeds are sequentially matched from the first baud rate through the third baud rate For example when a connection with this port is established the PortMaster uses the first baud rate value to try to...

Страница 166: ...tch the parity setting on the attached modem The parity default value is none and must be used for ports configured for network dial in or dial out operation Table 10 2 describes the parity options To...

Страница 167: ...nd Command set S0 rts cts on off Note Because it is more reliable you should always use hardware flow control if it is available Do not use both hardware and software flow control on the same port Han...

Страница 168: ...Configuring Ports for Modem Use 10 10 PortMaster Configuration Guide...

Страница 169: ...e following topics Configuring General Settings on page 11 1 Setting the Inband Signaling Protocol for T1 on page 11 3 Setting the Inband Signaling Protocol for E1 on page 11 4 Configuring ISDN PRI Se...

Страница 170: ...e fractional keyword in this command to break up a channelized T1 line into groups The isdn fractional keyword refers to PRI only Setting Channel Groups You can divide the channels of a T1 or E1 line...

Страница 171: ...otocol for T1 To set the inband signaling protocol and the inband call options used with channelized T1 use the following command Table 11 3 explains the inband signaling protocol options Command set...

Страница 172: ...caller ID and dial digit tones use the mrf2 option Because some countries implement different variations of multi frequency robbed bit signalling MFR2 you must specify a profile with the mfr2 option...

Страница 173: ...ster ISDN PRI ports use the following command entered on one line Table 11 5 explains the ISDN switch options Command set isdn switch ni 2 dms 100 4ess att 5ess net5 vn2 vn3 1tr6 ntt kdd Setting the F...

Страница 174: ...0 encoding b8zs ami hdb3 Table 11 6 T1 Inband Signaling Protocol Options Option Description Line0 Line0 or Line1 esf Extended superframe This is the default format for T1 lines d4 D4 framing an altern...

Страница 175: ...local network loopback To set the loopback use the following command Table 11 10 explains the loopback options Command set Line0 loopback on off Setting the Directory Number Normally a T1 or E1 line...

Страница 176: ...hange For example an 8 modem card installed in modem slot 0 has modems numbered m0 through m7 Modems on an 8 modem card installed in modem slot 1 are numbered m10 through m17 To make the digital modem...

Страница 177: ...for dial out network connections you can convert the analog service to digital service To set the digital modems to analog modem service for the specified location use the following command Table 11...

Страница 178: ...lus one 64Kbps signaling channel However channelized T1 is available in many service areas that do not yet provide ISDN PRI In areas where PRI is available the cost of channelized T1 may be significan...

Страница 179: ...Set the encoding method for the line Command set Line0 encoding b8zs ami 5 Save the configuration changes and reboot Command save all Command reboot 6 Use the following command to display the line co...

Страница 180: ...card supports only one line group The first line group found numerically is used for the configuration The fractional line group supports any number of time slots It also supports 56Kbps channels In...

Страница 181: ...T1 service 1 Set the line for fractional T1 Command set line2 fractional 2 Set the channel group for fractional T1 Command set line2 group Cgroup channel Channel list 3 Set the channel rate Command s...

Страница 182: ...console displays the following message Card Service Stopping wancard in slot 0 When you correctly reinstall the card the console displays the following message Card Service Starting wancard in slot 0...

Страница 183: ...ommand set endpoint Hex Command save all Command reboot Note You must use the save all and reboot commands after issuing the set endpoint command for the endpoint discriminator to take effect Displayi...

Страница 184: ...nsole with the reset console command Debug information is displayed to the console To set debug flags used for troubleshooting use the following command entered on one line Command set debug mdp statu...

Страница 185: ...tMaster Command Line Reference for more detailed command descriptions and instructions Overview of ISDN BRI Connections ISDN is most commonly used to provide low cost connectivity between sites that c...

Страница 186: ...the same services that an asynchronous port provides except for direct network hardwired connections The PortMaster automatically detects whether the port is providing asynchronous or synchronous 56Kb...

Страница 187: ...uire for your ISDN setup refer to the information in the hardware installation guide and on the Lucent Remote Access website at http www livingston com System Link Network NT1 S1 S2 PortMaster 2e 1182...

Страница 188: ...ues shown in Table 12 1 International ISDN BRI Switch Types The PortMaster ISDN S T interface for use in Japan Europe and other countries using international ISDN standards uses a different set of swi...

Страница 189: ...Profile Identifier SPID for ISDN BRI The service profile identifier SPID is a unique number assigned by the telephone company that identifies your ISDN equipment to the telephone company s switch SPI...

Страница 190: ...and save all Information Elements IEs Number plan and number type are values that relate to attributes associated with the called and calling party information elements IEs used to exchange phone numb...

Страница 191: ...anufacturer setting so that you can for example begin successfully to place outbound calls use the following command Command set isdn numberplan 0 1 2 7 8 The new setting becomes effective immediately...

Страница 192: ...Port Limits You can set port limits on a per user basis for Multilink V 120 Multilink PPP and asynchronous multiline load balancing users If a port limit is set the user is limited to that number of...

Страница 193: ...or network dial out use the set location telephone set location username and set location password commands as described in Chapter 8 Configuring Dial Out Connections ISDN BRI Unnumbered IP Configurat...

Страница 194: ...wing settings for the PortMaster in San Francisco a Configure global settings page 12 16 b Configure Ethernet interface settings page 12 16 c Configure ISDN port settings page 12 17 d Configure dial i...

Страница 195: ...igure the global settings on the PortMaster in Denver to the values shown in Table 12 3 After you configure the global settings shown in Table 12 3 enter the following command to save the configuratio...

Страница 196: ...erface Configuring ISDN Port Settings Configure the ISDN port with the values shown in Table 12 5 for the example in this chapter This example assumes that the BRI used is port S1 S2 on a PortMaster I...

Страница 197: ...A user account must be set up on the PortMaster router in Denver so that PortMaster in San Francisco can dial in when traffic is queued The new user sf should be configured with the values shown in T...

Страница 198: ...The new location sf should be configured with the values shown in Table 12 7 User IP address set user sf address 192 168 100 1 Netmask set user sf netmask 255 255 255 0 IPX network set user sf ipxnet...

Страница 199: ...configuration Command save all For more information about configuring location table parameters refer to Chapter 8 Configuring Dial Out Connections Configuring the PortMaster in San Francisco The Port...

Страница 200: ...Interface Settings Configure the Ethernet settings to the values shown in Table 12 9 Table 12 8 Global Values Setting Command IP gateway set gateway 192 168 1 2 This is the address of the next upstrea...

Страница 201: ...9 on a PortMaster 2E adjust these values accordingly All the other settings should be left at their default values After you configure the synchronous WAN port as shown in Table 12 10 enter the follow...

Страница 202: ...1 enter the following command to save the configuration Command save all For more information about configuring user table parameters refer to Chapter 7 Configuring Dial In Users Table 12 11 User Tabl...

Страница 203: ...e location for manual dialing until after the configuration has been tested Once the configuration is verified change the connection type to on demand Protocol set location denver ppp IP destination s...

Страница 204: ...e dialer to connect between the two offices as instructed in the next section Once everything is working properly you can change the location type from manual to on demand on both routers and reset th...

Страница 205: ...the console enter the following commands Command set console s1 Command set debug isdn on To turn off debugging enter the following commands Command set debug isdn off Command reset console If you are...

Страница 206: ...put of the show S10 command for ISDN BRI ports Table 12 13 ISDN BRI Port Status Port Status Modem Status Description NO SERVICE DCD CTS TELCO NT1 No SPID is set NO SERVICE DCD CTS TELCO NT1 Port has e...

Страница 207: ...nnection on page 13 7 Troubleshooting a Frame Relay Configuration on page 13 11 Frame Relay Subinterfaces on page 13 12 See the PortMaster Command Line Reference for more detailed command descriptions...

Страница 208: ...is speed is the physical maximum bandwidth for your connection to the Frame Relay network Expansion beyond this limit is not possible without a hardware change and a new circuit installation Port Spee...

Страница 209: ...your application and a CIR that is high enough to provide minimally acceptable performance for your application In most cases ordering according to these criteria provides service that is close to yo...

Страница 210: ...nverse ARP if the other routers on your Frame Relay cloud support Inverse ARP as specified in RFC 1490 In this configuration the PortMaster sends an LMI status request every 10 configurable seconds by...

Страница 211: ...10 seconds However if your telephone company chooses another keepalive value change this value as they instruct you Enabling LMI causes the DLCI list to be completed automatically If the attached swi...

Страница 212: ...ds Listing DLCIs for Frame Relay Access If LMI or Annex D is not used you must enter the DLCI list manually The DLCI list is a list of DLCIs that are accessible through the Frame Relay network by this...

Страница 213: ...ed an IP address to the PortMaster continue with the following steps 1 Configure the following settings for the PortMaster in Bangkok a Configure global settings page 13 8 b Configure Ethernet interfa...

Страница 214: ...d to save the configuration Command save all For more information about global parameters refer to Chapter 3 Configuring Global Settings Configuring Ethernet Interface Settings Configure the Ethernet...

Страница 215: ...hapter 6 Configuring a Synchronous WAN Port Configuring the PortMaster in New York Configure the settings for the PortMaster in New York with the values in the following sections You do not need to sp...

Страница 216: ...ce Configuring Synchronous WAN Port Settings Configure the synchronous WAN port W1 to the values shown in Table 13 5 Table 13 4 Ethernet Values Setting Command IP address set ether0 address 92 168 1 1...

Страница 217: ...otherwise the Cisco frame relay map command for your DLCI must have the ietf keyword appended For more information about synchronous ports refer to Chapter 6 Configuring a Synchronous WAN Port Troubl...

Страница 218: ...off Command reset console If you have a Cisco router on the other end of your connection verify that it is set for encapsulation frame relay ietf for the serial interface otherwise the Cisco frame rel...

Страница 219: ...uding setting an IP address routing and filtering for each interface Creating a DLCI Entry The next step in configuring the subinterfaces is to create an entry in the DLCI table Entries can be followe...

Страница 220: ...hown with the ifconfig command Always reset the port after changing the DLCI list Verify that all DLCIs are accounted for by checking the DLCI list for your primary interface If you enter the wrong DL...

Страница 221: ...tion is not shown here The following commands split the Frame Relay port into a primary subinterface for DLCI 18 and a secondary subinterface for DLCIs 16 and 17 Command set s1 group 1 Command add loc...

Страница 222: ...Frame Relay Subinterfaces 13 16 PortMaster Configuration Guide...

Страница 223: ...dapter supports B channel bonding Contact your service provider for specific information about the required terminal adapter Switched 56Kbps connections require an external CSU DSU ISDN and switched 5...

Страница 224: ...unable to buffer the excess data when the incoming data for an ISDN line is 128Kbps Figure 14 1 shows an example of an ISDN or switched 56Kbps connection Figure 14 1 Example of an ISDN or Switched 56K...

Страница 225: ...reflect your network Once you have assigned an IP address to the PortMaster continue with the following steps 1 Configure the following settings for the PortMaster in Boston a Global settings page 14...

Страница 226: ...t Interface Settings Configure the Ethernet interface settings to the values shown in Table 14 2 After you configure the Ethernet interface as shown in Table 14 2 enter the following command to save t...

Страница 227: ...chronous ports refer to Chapter 6 Configuring a Synchronous WAN Port Configuring a Dial In User A user account must be set up on the PortMaster router in Boston so the PortMaster in Miami can dial in...

Страница 228: ...fic is queued The new location miami should be configured on the router in Boston with the values shown in Table 14 5 IPX network set user miami ipxnet F3 RIP routing set user miami rip on MTU set use...

Страница 229: ...own in Table 14 5 enter the following command to save the configuration Command save all For more information about configuring location table settings refer to Chapter 8 Configuring Dial Out Connecti...

Страница 230: ...tings Configuring Ethernet Interface Settings Configure the Ethernet settings to the values shown in Table 14 7 Table 14 6 Global Value Setting Command IP gateway set gateway 192 168 1 2 This is the a...

Страница 231: ...Settings Configure the synchronous WAN port with the values shown in Table 14 8 After you configure the synchronous WAN port as shown in Table 14 8 enter the following commands to reset the port and s...

Страница 232: ...you configure user table settings as shown in Table 14 9 enter the following command to save the configuration Command save all For more information about configuring user table parameters refer to C...

Страница 233: ...Location name add location boston Type set location boston manual Set the location for manual dialing until after the configuration has been tested Once the configuration is verified change the connec...

Страница 234: ...nect sequence between the two locations 3 If everything connects as expected do the following a Turn off debugging on the console Command set debug off Command reset console b Reset the port on the Of...

Страница 235: ...rely to the correct port Not all WAN ports are capable of the same speeds Verify that the DIP switch is set to V 35 for Lucent cables and that you are plugged into the correct V 35 interface on your C...

Страница 236: ...Troubleshooting a Synchronous V 25bis Connection 14 14 PortMaster Configuration Guide...

Страница 237: ...ore detailed command descriptions and instructions Overview of Example Configuration The example described in this chapter connects a PortMaster Office Router located in a branch office in London with...

Страница 238: ...ce to Office Dial On Demand Configuration The PortMaster ISDN Office Router OR U has an ISDN BRI port designated S1 S2 instead of a PCMCIA modem port The ISDN port can be used for ISDN dial on demand...

Страница 239: ...an IP address to the PortMaster continue with the steps The following values shown in this chapter apply only to this example when you are configuring your PortMaster use values appropriate for your n...

Страница 240: ...aster use values appropriate for your network After you configure the global settings shown in Table 15 1 enter the following command to save the configuration Command save all For more information ab...

Страница 241: ...Router is designated S1 Configure the port with the values shown in Table 15 3 You must install the PCMCIA modem to configure port S1 Leave all the other settings at their default values Broadcast add...

Страница 242: ...ffice can dial in when traffic is queued at the main office The new user paris should be configured with the values shown in Table 15 4 After you configure the user table as shown in Table 15 4 enter...

Страница 243: ...ng last you ensure that the PortMaster will not attempt to make a connection with a location until you have configured all the settings for that location Table 15 5 Location Table Values Setting Comma...

Страница 244: ...cations Server in the Paris office Configuring Ethernet Interface Settings Configure the Ethernet settings for the Paris office shown in Table 15 6 After you configure the Ethernet interface as shown...

Страница 245: ...configure the port as shown in Table 15 7 enter the following commands to reset the port and save the configuration Command reset s1 Command save all For more information about asynchronous ports refe...

Страница 246: ...For more information about configuring user table settings refer to Chapter 7 Configuring Dial In Users Table 15 8 User Table Values Setting Command Username add netuser london Password set user londo...

Страница 247: ...P destination set location london destination 192 168 200 1 Netmask set location london netmask 255 255 255 0 IPX network set location london ipxnet F2 When configuring the IPX network number for the...

Страница 248: ...save the configuration Command save all For more information about configuring location table settings refer to Chapter 8 Configuring Dial Out Connections Testing the Setup You should test the config...

Страница 249: ...Paris office Setting the Console Port for Multiline Load Balancing Multiline load balancing is used to add additional lines when network traffic is heavy If more than one line to the same location is...

Страница 250: ...London office use the values shown in Table 15 10 for the maximum number of ports and the high water mark See Dial Out Location Settings for London on page 15 7 for the other values Table 15 10 Locat...

Страница 251: ...to using the PCMCIA port on the OR M except that you must do the following Configure the ISDN switch type as a global setting Set the SPID on the port Do not set the port speed flow control or modem c...

Страница 252: ...Using ISDN for On Demand Connections 15 16 PortMaster Configuration Guide...

Страница 253: ...s on page 16 3 Configuration Steps for an Internet Connection on page 16 3 Providing Network Filtering on page 16 10 Using ISDN for Internet Connections on page 16 11 For information on related topics...

Страница 254: ...16 2 PortMaster Configuration Guide Figure 16 1 Continuous Internet Connection System Link Network PortMaster Office Router 11820010 11820010 PortMaster Internet Internet service provider office...

Страница 255: ...IPX packets are not transmitted to or from the ISP You can also connect to an ISP with a dial on demand configuration as described in Chapter 15 Using Office to Office Connections However dial on dema...

Страница 256: ...tings Configure the global settings to the values shown in Table 16 1 For more information about global settings see Chapter 3 Configuring Global Settings After configuring the global settings enter t...

Страница 257: ...port configure the port with the values shown in Table 16 3 Table 16 2 Ethernet Port Parameter Values Setting Command IP address set ether0 address 192 168 200 1 Netmask set ether0 netmask 255 255 255...

Страница 258: ...al port configure the port with the values shown in Table 16 4 Leave all other settings at their default values After configuring the serial port enter the following commands to reset the port and sav...

Страница 259: ...Table Values Setting Command Location name add location isp1 Type set location isp1 manual Change to continuous after testing the configuration Protocol set location isp1 protocol ppp IP destination s...

Страница 260: ...For more information about configuring locations see Chapter 8 Configuring Dial Out Connections Testing the Continuous Dial Out Setup The configuration should be tested before the location isp1 is set...

Страница 261: ...nds to reset the port and save the configuration Command reset s1 Command save all Testing the Network Hardwired Setup To test a network hardwired connection follow these steps 1 Reset the newly confi...

Страница 262: ...ter named internet in contains the following rules deny 192 168 200 0 24 0 0 0 0 0 log permit tcp estab permit 0 0 0 0 0 mail edu com 32 tcp dst eq 25 permit 0 0 0 0 0 ftp edu com 32 tcp dst eq 21 per...

Страница 263: ...t the port speed flow control or modem control Set the telephone number with the set location telephone command Set the username with the set location username command Set the password with the set lo...

Страница 264: ...Using ISDN for Internet Connections 16 12 PortMaster Configuration Guide...

Страница 265: ...e 17 4 See the PortMaster Command Line Reference for more detailed command descriptions and instructions Overview of Dial In Configuration The PortMaster configuration described in this example allows...

Страница 266: ...they were connected to the corporate network directly Although this example uses seven PortMaster 2E Communications Servers many more can be used With more than seven PortMaster Communications Server...

Страница 267: ...68 1 2 rk2 edu com IP address of RADIUS backup accounting server 192 168 1 3 rk3 edu com Optional IP address of host running backup RADIUS 192 168 1 3 rk3 edu com Optional IP address of host that shel...

Страница 268: ...shows variables in italics Change these values to reflect your network Once you have assigned an IP address to the first PortMaster continue with the following steps 1 Connect modems to the PortMaste...

Страница 269: ...work users 2 Make sure that the modem cables are securely fastened and that you provide enough room for the modems to stay cool Configuring Global Settings Configure the global settings on the first P...

Страница 270: ...17 3 After you configure the Ethernet interface as shown in Table 17 3 enter the following command to save the configuration Command save all For more information on Ethernet settings refer to Chapte...

Страница 271: ...this example has the following features Raises carrier when a call comes in Resets itself when DTR is dropped Locks the DTE rate Uses hardware flow control RTS CTS Automatically answers on the first...

Страница 272: ...of RADIUS If you are not using RADIUS configure dial in and network users in the user table RADIUS Settings Table 17 5 lists the RADIUS setting for the first PortMaster For information about RADIUS pa...

Страница 273: ...r2 and so on with the values shown in Table 17 6 After you configure user table settings as shown in Table 17 6 enter the following command to save the configuration Command save all For more informat...

Страница 274: ...l For more information about configuring user table values refer to Chapter 7 Configuring Dial In Users Testing the User Dial In Setup To test the configuration follow these steps for each PortMaster...

Страница 275: ...ation Command set debug off Command save all 4 If you notice a problem do the following a Reset the port b Check your configuration c Dial the PortMaster again d Repeat this procedure until the connec...

Страница 276: ...Configuration Steps for Dial In Access 17 12 PortMaster Configuration Guide...

Страница 277: ...methods for providing access to shared devices on the PortMaster Host device configuration You use a UNIX host that supports the PortMaster in pmd daemon With this daemon you can configure ports as h...

Страница 278: ...e other side of the country Network Device Configuration This configuration sets the port for host device access but uses the rlogin Telnet or netdata device service to access the attached device In t...

Страница 279: ...er log in to a workstation and access a serial printer attached to port S9 as dev ttyre using the PortMaster device service The workstation user can also access port S2 as dev ttyrf when it is not bei...

Страница 280: ...nter to port S9 with a null modem cable if the printer is a DTE device Pinouts for both cables are given in your hardware installation guide 3 Configure global settings page 18 4 4 Configure Ethernet...

Страница 281: ...the Ethernet interface as shown in Table 18 2 enter the following command to save the configuration Command save all For more information on Ethernet settings refer to Chapter 4 Configuring the Ethern...

Страница 282: ...ports refer to Chapter 5 Configuring an Asynchronous Port Speed 1 set s2 speed 1 115200 Speed 2 set s2 speed 2 115200 Speed 3 set s2 speed 3 115200 Modem control set s2 cd on Hardware flow control set...

Страница 283: ...ed port S9 as shown in Table 18 4 enter the following commands to reset the port and save the configuration Command reset s9 Command save all The workstation printer subsystem should now be able to se...

Страница 284: ...s modems or other devices attached to PortMaster ports via Telnet use the general configuration given earlier in this chapter but use the settings shown in Table 18 6 This example is for port S1 After...

Страница 285: ...f the PortMaster you are accessing and 6001 is the TCP port set for the port you are accessing You can also set several ports to the same TCP port to create a pool of ports available for Telnet access...

Страница 286: ...Configuration Steps for Shared Device Access 18 10 PortMaster Configuration Guide...

Страница 287: ...a permanent connection between two routers Once the connection is established it remains available on a continuous basis whether there is network traffic between the two locations or not Leased line c...

Страница 288: ...numbers and subnetting see Appendix A Networking Concepts In the leased line configuration described in this chapter the Ethernet address of the PortMaster routers is used as the address for the seria...

Страница 289: ...eps for Leased Line Connections This example connects a PortMaster Office Router in Rome with a PortMaster Office Router in Florence using a leased line connection To install your PortMaster follow th...

Страница 290: ...Command save all For more information about global settings refer to Chapter 3 Configuring Global Settings Configuring Ethernet Interface Settings Configure the Ethernet interface on the PortMaster O...

Страница 291: ...If you are not sure of the IP address on the other end of the connection you can set the IP destination to 255 255 255 255 and the PortMaster will attempt to learn the address Leave all other settings...

Страница 292: ...save the configuration Command save all For more information about global settings refer to Chapter 3 Configuring Global Settings Configuring Ethernet Interface Settings Configure the Ethernet settin...

Страница 293: ...address on the other end of the connection you can set the IP destination to 255 255 255 255 and the PortMaster will attempt to learn the address Leave all other settings at their default values After...

Страница 294: ...r counters are nonzero the problem is external to the PortMaster Note CRC errors will occur if the cable is ever unplugged from the PortMaster Verify that you are using the correct cable and that it i...

Страница 295: ...to the PortMaster Troubleshooting Guide If the local loopback shows network connectivity in the local router take the CSU DSU out of loopback and set line loopback on the remote CSU DSU If the remote...

Страница 296: ...Troubleshooting a Leased Line Connection 19 10 PortMaster Configuration Guide...

Страница 297: ...rol information that allows data packets to be routed across networks Novell Internetwork Packet Exchange IPX is another protocol used to exchange data over PC based networks IPX uses Novell s proprie...

Страница 298: ...portions of the address For this discussion consider a network to be a collection of computers hosts that have the same network field values in their IP addresses The concept of classes is being made...

Страница 299: ...work can have almost 17 million hosts No new class A networks can be assigned at this time For example Class B Addresses The class B IP address format allocates the highest 16 bits to the network fiel...

Страница 300: ...D IP address format was designed for multicast groups as discussed in RFC 988 In class D addresses the 4 highest order bits are set to 1 1 1 and 0 providing a range from 224 through 239 inclusive Clas...

Страница 301: ...10 0 0 0 8 192 168 0 0 16 and 172 16 0 0 20 can be used by anyone for setting up their own internal IP networks Table A 2 Reserved and Available IP Addresses Class IP Address Status A 0 0 0 0 1 0 0 0...

Страница 302: ...as broadcast addresses With CIDR networks are specified with an IP prefix and netmask length for example 172 16 0 0 16 192 168 1 0 24 or 192 168 200 240 28 IPX Addressing An IPX address consists of 10...

Страница 303: ...dentifies the subnet field of a network address This mask is a 32 bit number written in dotted decimal notation with all 1s ones in the network and subnet portions of the address and all 0s zeros in t...

Страница 304: ...masks VLSMs therefore the restrictions in earlier ComOS releases no longer apply The subnets of a network need not be physically contiguous and can have subnet masks of different lengths However ComOS...

Страница 305: ...ecurity PortMaster products allow you to maintain network security using a variety of methods Security is a general term that refers to restricting access to network devices and data To enable securit...

Страница 306: ...DIUS consolidates all user authentication and network service access information on the authentication RADIUS server The server can authenticate users against a UNIX password file NIS databases or sep...

Страница 307: ...he equivalent information Table B 1 TCP and UDP Port Services Service Port Protocol Description ftp data 20 TCP File Transfer Protocol FTP default data ftp 21 TCP FTP control telnet 23 TCP Telnet smtp...

Страница 308: ...Simple Network Management Protocol SNMP snmp 161 UDP SNMP snmptrap 162 TCP SNMP system management messages snmptrap 162 UDP SNMP system management messages imap3 220 TCP Interactive Mail Access Protoc...

Страница 309: ...CP Variant of UUCP TCP uucp rlogin 541 UDP Variant of UUCP IP klogin 543 TCP Kerberized login klogin 543 UDP Kerberized login pmd 1642 TCP PortMaster daemon in pmd pmconsole 1643 TCP PortMaster Consol...

Страница 310: ...B 4 PortMaster Configuration Guide...

Страница 311: ...other for example an IP address into a media access control MAC address Address Resolution Protocol See ARP adjacency A relationship between two routers on the same physical network or between the end...

Страница 312: ...other area An area border router runs separate copies of the shortest path first SPF algorithm for each area it attaches to Area border routers condense the topological information of their attached...

Страница 313: ...an autonomous system path list might consist of Sequence 1 2 3 Set 4 5 Sequence 6 7 This list indicates that a packet traverses autonomous systems 1 2 and 3 in order then one or both of autonomous sys...

Страница 314: ...ing CIDR and route aggregation is the predominant routing protocol used to propagate routes between autonomous systems on the Internet BGP uses TCP as its transport protocol BGP 4 Version 4 of BGP See...

Страница 315: ...ng the PortMaster to call back dial in users before providing access Callback provides an extra layer of security and can simplify telephone charges CCITT Consultative Committee for International Tele...

Страница 316: ...can request services from a file server across a network cluster A group of internal BGP peers that share a common set of route reflectors See also cluster ID route reflection route reflector Compare...

Страница 317: ...nly by other confederation members Subdivision of an autonomous system into a confederation changes the peer relationships of confederation members in different CMASs from internal to external Use of...

Страница 318: ...ation hardware receivers retiming modules and or repeaters bridges cabling or transceivers CSU Channel service unit An ancillary device needed to adapt the V 35 or X 21 interface to a port on a teleph...

Страница 319: ...the route For a route learned from an external peer the PortMaster calculates a number based on the autonomous system path length the shortest path is preferred You can use a routing policy rule to ov...

Страница 320: ...he Internet for translating the names of network hosts into IP addresses DRAM Dynamic random access memory A type of semiconductor random access memory RAM that stores information in integrated circui...

Страница 321: ...E1 Digital WAN carrier facility used predominantly in Europe that carries data at a rate of 2 048Mbps E1 lines can be leased for private use from common carriers Compare T1 easy multihome A specializ...

Страница 322: ...MP test packet is sent to elicit a standard response Ethernet A network communications system developed and standardized by Digital Equipment Corporation Intel and Xerox using baseband transmission ca...

Страница 323: ...device A network device that links any non Frame Relay connection to a Frame Relay WAN frame A packaging structure for network data and control information A frame consists of a destination address so...

Страница 324: ...ction between two sites A port on a PortMaster that is configured for hardwired use cannot be simultaneously used for any other type of connection hello Protocol used by OSPF routers to acquire neighb...

Страница 325: ...o IP This protocol is used by the ping function to send an ICMP Echo Request to a network host which replies with an ICMP Echo Reply in band signaling Signaling over the data path injection policy A s...

Страница 326: ...or physical networks belonging to the same area and containing no virtual connections to the backbone area International Organization for Standards See ISO internetwork A network of networks Internet...

Страница 327: ...IP address prefix An IP address number that when paired with a netmask length represents a range of addresses rather than a single IP network For example the prefix and netmask length 128 0 0 0 8 des...

Страница 328: ...between BGP peers to keep their BGP sessions open If a preset amount of time elapses between keepalive messages from a peer the PortMaster identifies the peer as no longer operational and drops the s...

Страница 329: ...e Relay Two types of LMI are available on Frame Relay the original proprietary Cisco Stratacom LMI and the ANSI T1 617 Annex D LMI Although the PortMaster supports both LMI on the PortMaster refers to...

Страница 330: ...utonomous system external links of an OSPF router that it periodically advertises Link states are also advertised when a link state changes M MAC address Media access control address A unique 48 bit b...

Страница 331: ...ccess control address See MAC address message digest algorithm 5 See MD5 MIB Management Information Base A set of variables that a Simple Network Management Protocol SNMP based management station can...

Страница 332: ...same neighboring autonomous system You can use a routing policy rule to override this value and assign your own multiexit discriminator to a route that you learn or advertise multihome routing In BGP...

Страница 333: ...o fall within the range indicated by the prefix For example the prefix and netmask length 128 0 0 0 8 describe all networks whose IP addresses begin with 128 See also IP address prefix network A colle...

Страница 334: ...PC server switching point bridge or gateway connected to a network at a single location A node can also be called a station See host nonvolatile RAM See NVRAM notification message A message sent betw...

Страница 335: ...d and reprogrammed electronically allowing software images to be stored booted and rewritten as necessary O ODI Open Datalink Interface A Novell specification that isolates the protocol stack from the...

Страница 336: ...s allowed access See also CHAP parity check A process for checking the integrity of a character A parity check appends a bit to a character or word to make the total number of binary 1 digits in the c...

Страница 337: ...o the PortMaster during configuration You can use the default policy easy multihome or create and assign your own policies One policy can handle all three functions or you can create separate policies...

Страница 338: ...telephone service provider configures its own switch that connects via an ISDN line to the user s ISDN hardware Because switch configuration varies according to hardware telephone company switch and a...

Страница 339: ...standards RIP Routing Information Protocol A protocol used for the transmission of IP or IPX routing information rlogin Remote login A terminal emulation program similar to Telnet offered in most UNI...

Страница 340: ...s across confederation boundaries See also cluster cluster ID confederation route reflector route reflector A router configured to transmit routes received from internal BGP peers to one or more other...

Страница 341: ...shared network resources such as hard disks and printers Service Advertisement Protocol See SAP service profile identifier See SPID Simple Network Management Protocol See SNMP slave In Multichassis PP...

Страница 342: ...o the area are by default imported into the stub area but might be squelched to further reduce area database size In this case the default route advertisement by the autonomous system border routers h...

Страница 343: ...ous terminal adapter turns an asynchronous bit stream into ISDN and is treated by the PortMaster as if it were a modem A synchronous terminal adapter takes a synchronous bit stream and turns it into I...

Страница 344: ...Protocol A connectionless protocol defined in RFC 768 UDP exchanges datagrams but does not provide guaranteed delivery U interface The ISDN interface defined as the connection between the network term...

Страница 345: ...k further as necessary They fall forward to the next higher speed when line quality improves V 34 An ITU T standard that allows data rates as high as 28 8Kbps V 35 The ITU T standard for data transmis...

Страница 346: ...resses to be assigned more efficiently OSPF and BGP support classless or VLSM routes VPN Virtual private network A restricted network that uses public wires to connect nodes A VPN provides a way to en...

Страница 347: ...21 12 22 13 12 13 14 14 12 14 13 19 8 reset S0 5 9 5 21 5 25 10 6 12 13 12 20 reset V0 11 15 reset W1 6 11 S save all 5 9 5 13 5 16 5 19 5 21 5 25 6 11 11 11 12 5 12 6 13 15 save route 3 26 set accoun...

Страница 348: ...set filter 9 6 set filter icmp 9 6 set filter tcp 9 7 set filter udp 9 7 set gateway 3 6 3 28 12 11 12 16 13 8 14 4 14 8 15 4 16 4 17 5 19 4 19 6 set host 17 5 18 4 set ipxfilter 9 7 set ipxgateway 3...

Страница 349: ...n voice 8 10 12 8 set loghost 3 10 17 5 set M0 11 8 set M0 lastcall 11 9 set maximum pmconsole 3 9 set nameserver 3 8 17 5 set namesvc 3 8 17 5 set netbios 3 29 set P0 device 18 8 set P0 host 18 8 set...

Страница 350: ...5 6 15 10 17 10 set user dialback 7 10 7 13 set user host 7 11 set user idle 7 4 set user ifilter 7 9 7 11 set user ipxnet 7 6 12 14 12 18 14 6 14 10 15 6 15 10 set user map 7 7 set user maxports 7 8...

Страница 351: ...e0 11 2 11 11 show location 13 13 show M0 11 9 show mcppp 11 15 show modem 10 3 show modems 11 10 show P0 2 5 show routes 3 23 show S0 2 5 12 9 show syslog 3 12 show table filter 9 8 show table locati...

Страница 352: ...Command Index Command Index 6 PortMaster Configuration Guide...

Страница 353: ...evice service 5 14 dial groups 5 5 DTR idle 5 25 extended information 5 5 flow control 10 8 input and output filters 5 25 IPX network number 5 22 line hangup 10 9 login host 5 11 login message 5 6 log...

Страница 354: ...s 3 21 ComOS overview 1 1 compression 5 23 6 11 7 8 8 8 configuration basic steps 1 4 planning 1 2 CONNECTING port status 2 6 connection types 8 3 console port 5 7 contact information Europe Middle Ea...

Страница 355: ...ble 3 7 documentation related xvii Domain Name System See DNS DSR value 5 26 DTR idle 5 25 DTR for hangup 6 7 10 9 dynamically setting the IP address 3 12 E E M wink start protocol 11 3 E1 channel gro...

Страница 356: ...6 11 7 10 RIP packets 9 12 SAP filters 9 8 security 9 1 storing 9 3 synchronous ports 6 10 TCP and UDP port services B 1 TCP options 9 6 9 7 UDP packets 4 3 user filters 9 5 flow control 5 4 hardware...

Страница 357: ...stname resolution 3 8 hosts SNMP 3 22 hotswapping modems 11 10 I IDLE port status 2 6 idle timer asynchronous ports 6 7 dial out locations 8 10 disabling 7 4 users 7 4 in pmd 1 1 2 5 5 13 5 14 5 18 in...

Страница 358: ...connections 15 15 16 11 port limits 12 8 provisioning 12 3 pulse code modulation for PRI line 11 8 SPID 12 5 supported PRI switches 11 6 switch type 12 4 TID 12 6 troubleshooting 12 21 ISP provided d...

Страница 359: ...9 modems adding to modem table 10 3 automatic configuration 10 2 configuring for login 17 7 control 6 6 10 8 control signals 10 2 digital 11 9 digital to analog 11 10 DSR value 5 26 DTR idle 5 25 hard...

Страница 360: ...5 1 on demand connections 2 4 8 3 15 1 overriding asynchronous port settings 5 3 P packet filtering 9 2 packet size setting with MTU 8 8 PAP authentication 3 29 5 19 parity checking 5 4 10 8 Password...

Страница 361: ...ons 5 19 using for dial in and dial out 5 19 printer port configuration 18 7 prompt for login host 5 11 protocol asynchronous ports 5 22 location table 8 5 transport protocol 6 8 user 7 5 provisioning...

Страница 362: ...Advertising Protocol 9 8 service profile identifier 12 5 services well known B 1 session limit 7 4 setting call check 3 30 shared device access 5 2 18 1 shared devices 5 11 host device 18 1 Telnet 18...

Страница 363: ...2 internal clocking 11 13 pulse code modulation 11 8 setting use 11 2 TA 12 2 TCP default Telnet port 5 15 packets filtering 9 7 services and ports B 1 TCP IP header compression 5 23 6 11 7 8 8 8 TCP...

Страница 364: ...ing for dial out 8 5 users defining dial in network users 17 10 defining dial in users 14 5 14 10 15 6 defining login users 17 9 deleting 7 3 disconnecting from virtual port 11 16 displaying configura...

Отзывы:

Нет отзывов

Похожие инструкции для PortMaster

Бренд: NEC Страницы: 3

PT-D10000 Series

Бренд: Panasonic Страницы: 37

010-10307-00 - MapSource Fishing Hot Spots

Бренд: Garmin Страницы: 30

Бренд: NAPCO Страницы: 1

ANTI-VIRUS FOR MIMESWEEPER -

Бренд: F-SECURE Страницы: 44

SimNow Simulator 4.4.5

Бренд: AMD Страницы: 269

WiFi-Doc Client for iOS

Бренд: Mitsubishi Страницы: 10

User Access Control (UAC) in Windows® Vista

Бренд: Alarm Lock Страницы: 2

Бренд: HP Страницы: 4

Бренд: Draytek Страницы: 73

STRM 2008-2 - TECHNICAL NOTE CHANGING NETWORK SETTING 6-2008

Бренд: Juniper Страницы: 14

Бренд: Unibrain Страницы: 77

POLICY MANAGER 8.0

Бренд: F-SECURE Страницы: 221

Бренд: FieldServer Страницы: 15

Бренд: Samsung Страницы: 13

ThinkCentre M57

Бренд: Lenovo Страницы: 454

ThinkCentre M55p

Бренд: Lenovo Страницы: 116

G3 Station HX-DU010EC

Бренд: Samsung Страницы: 1

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды