advertisement
DIGITAL NetRider
Network Access Server
Management
Part Number: AA-PW5VE-TE
June 1997
Revision/Update Information:
Software and Version:
This is a revised document.
DECserver Network Access
Software, Version 2.2
© Digital Equipment Corporation 1997. All rights reserved.
Digital Equipment Corporation makes no representations that the use of its products in the manner described in this document will not infringe on existing or future patent rights, nor do the descriptions contained in this document imply the granting of licenses to make, use, or sell equipment or software in accordance with the description.
Possession, use, or copying of this software and media is authorized only pursuant to a valid written license from
DIGITAL or an authorized sublicensor.
The following are trademarks of Digital Equipment Corporation: DDCMP, DEC, DECmcc, DECnet, DECserver,
DECsystem, DECwindows, DIGITAL, DNA, LAT, NetRider, OpenVMS, ThinWire, ULTRIX, VAX, VAXstation,
VMS, VMScluster, VT100, VT220,VT320, VT330, and the DIGITAL logo.
The following are third-party trademarks:
AppleTalk and Macintosh are registered trademarks of Apple Computer, Inc.
HP and Hewlett-Packard are registered trademarks of Hewlett Packard Company.
IBM is a registered trademark of International Business Machines Corporation.
Kerberos is a trademark of the Massachusetts Institute of Technology.
Microsoft, MS-DOS, and Windows 95 are registered trademarks, and Windows NT is a trademark of
Microsoft Corporation.
NetBIOS is a trademark of Micro Computer Systems, Inc.
Novell and NetWare are registered trademarks of Novell, Inc.
OS/2 is a registered trademark of International Business Machines Corporation.
OSF/1 is a registered trademark of Open Software Foundation, Inc.
PostScript is a registered trademark of Adobe Systems, Inc.
SecurID is a registered trademark of Security Dynamics Technologies, Inc.
SCO is a trademark of Santa Cruz Operations, Inc.
Sun is a registered trademark of Sun Microsystems, Inc.
UNIX is a registered trademark in the United States and other countries, licensed exclusively through
X/Open Company, Ltd.
Vitalink is a registered trademark of Vitalink Communications Corporation
The following copyright applies to the CMU BOOTP implementation:
© Carnegie Mellon 1988
Permission to use, copy, modify, and distribute this program for any purpose and without fee is hereby granted, provided that this copyright and permission notice appear on all copies and supporting documentation, the name of
Carnegie Mellon not be used in advertising or publicity pertaining to the distribution of the program without specific prior permission, and notice be given in supporting documentation that copying and distribution is by permission of
Carnegie Mellon and Stanford University. Carnegie Mellon makes no representation about the suitability of this software for any purpose. It is provided “as is” without express or implied warranty.
© Regents of the University of California 1986, 1987. All rights reserved.
Redistribution and use in source and binary forms are permitted, provided that this notice is preserved by Berkley.
The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. The software is provided “as is” without express or implied warranty.
Contents
Preface
1 DNAS Management
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Configuration Tasks for System Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Management Tasks for System Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
System Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
User Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Accessing Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Storage of Configuration Settings and Changes in Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Memory Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Power Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Commands to Display and Change Configuration Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Types of Commands That Operate on Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . 1-6
2 Management Tools
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Access Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Levels of Access Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Command Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Privileged Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
iii
Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
HELP TUTORIAL Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
HELP Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Displaying Port Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Example: SHOW SERVER Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Remote Console Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Features of the Remote Console Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Communications Utilities for Remote Console Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Network Control Program (NCP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
Use of SET HOST/MOP from a DECnet/OSI OpenVMS Node. . . . . . . . . . . . . . . . . . . . . . 2-9
Use of CCR from an ULTRIX DECnet Node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
Telnet Remote Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Characteristics of the Telnet Remote Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
Access Server Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
Related Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
3 User Interface
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Command Groups and Menus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Using Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Creating a Command Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Executing a Command Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Displaying a Command Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Purging a Command Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Using Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Displaying a List of Enabled Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Entering Menu Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Assigning a Default Menu to a Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Menu Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Defining Menus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8
Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8
Main Menu Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
Defining Menu Choices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
Displaying a Selected Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10 iv
Exiting from a Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11
Using Menus to Set Up a Captive Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11
Displaying a Menu Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11
Purging Menu Lines and Entire Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
4 Managing Load Hosts
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Load Host Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
DSV$CONFIGURE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Backward Compatibility of DSV$CONFIGURE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Executing DSV$CONFIGURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
ADD Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
MODIFY and SET Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
DELETE Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
LIST and SHOW Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
CONNECT and USE Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
DSVCONFIG. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
DECserver Configuration Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
DSVCONFIG Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
Using a BOOTP/TFTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
IP Address Configuration Via BOOTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Remote Connection Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Upline Dumping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Upline Dumps with MOP Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Upline Dumps with BOOTP/TFTP Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
Terminal Server Manager (TSM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13
5 Initializing the Access Server
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Preparing LAT Services for Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Do This . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
v
Preparing Telnet Listeners for Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Do This. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Initializing the Access Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Using the INITIALIZE Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Default Mode for the INITIALIZE Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Specifying Initialization from a Load Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Specifying an Image Name When Initializing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Updating Flash RAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Specifying a Delay Value with INITIALIZE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Using the DIAGNOSE Option with INITIALIZE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
INITIALIZE DIAGNOSE Option Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Specifying the DISABLE OPTION with INITIALIZE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
Using NCP to Initialize the Access Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
NCP Initialization Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
NCP Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Booting from the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Loading the Software Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Determining Boot Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Booting Using Console Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Boot Command Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
6 Configuring LAT Characteristics
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
LAT Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Preparing to Change LAT Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
LAT Characteristic Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Displaying LAT Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4
Command To Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4
LAT Characteristics Display Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4
ANNOUNCEMENTS Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
Configure Announcements Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
CIRCUIT TIMER Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6
Changing the CIRCUIT TIMER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6
IDENTIFICATION Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
Changing the Server Identification String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
Removing an Identification String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7 vi
Identification String in a Login Procedure Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
KEEPALIVE TIMER Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8
Keepalive Timer Default Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8
Keepalive Timer Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8
MULTICAST TIMER Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Multicast Timer Default Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Changing Multicast Timer Values Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
ACCESS SERVER NAME Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10
Default Access Server Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10
Changing the ACCESS SERVER NAME. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10
NODE LIMIT Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
Changing the Access Server NODE LIMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
Access SERVER NUMBER Characteristic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12
Access SERVER NUMBER Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12
Changing the Access SERVER NUMBER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12
PASSCHECK Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13
Changing the PASSCHECK Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13
PASSCHECK Characteristic Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13
QUEUE LIMIT Characteristic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14
Special QUEUE LIMIT Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14
Changing the QUEUE LIMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-14
RETRANSMIT LIMIT Characteristic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
RETRANSMIT LIMIT Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
Changing the RETRANSMIT LIMIT Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15
RESPONDER Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Access Server Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Datagram Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16
Changing the RESPONDER Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Service Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Viewing Service Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Changing Access Server Service Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
Changing Service Groups Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18
vii
7 TCP/IP Network Characteristics
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Configuring the Internet Address and Subnet Mask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Alternative: Learning IP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Setting the Internet Address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Setting an Internet Subnet Mask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Displaying the Internet Address and Subnet Mask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6
Configuring Domain Name System (DNS) Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
Displaying DNS Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
Displaying the DNS Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9
Configuring the Default Name Resolution Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10
Changing the Time Limit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12
Changing the Retry Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12
Changing the Name Resolution Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-12
Configuring a List of Commonly Used Internet Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13
Configuring a List of Internet Name Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-13
Assigning DNS Server Addresses Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-15
Configuring a List of Internet Gateway Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16
Displaying a List of Gateway Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16
Configuring a Default Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-16
Defining Networks Available Through a Specific Gateway . . . . . . . . . . . . . . . . . . . . . . . . 7-17
Defining Subnets Available Through a Specific Gateway . . . . . . . . . . . . . . . . . . . . . . . . . 7-17
Defining Hosts Available Through a Specific Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17
Configuring a List of Internet ARP Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-18
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-18
Displaying the List of Internet ARP Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-18
Defining an ARP Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-18
Setting the TCP Keepalive Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-19
What the Timer Does . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-19
Setting the Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-19
Disabling the Timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-19
Setting Timer Retries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-19
Displaying Timer Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20
Displaying the Internet Counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-21
Using the SHOW Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-21
Internet Counters Display Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-21
Internet Counter Display Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-22
Learning IP Information From a BOOTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25 viii
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25
BOOTP Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25
Learning Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-25
Setting Up IP Configuration Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-26
Learning IP Information From a DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-27
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-27
BOOTP and DHCP Differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-27
DHCP Client Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-28
DHCP Proxy Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-29
Enabling and Disabling DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-30
Displaying the DHCP Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-30
Configuring Default Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-30
Overriding DHCP-Learned Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-30
Assigning WINS Server Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-31
What Does WINS Do? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-31
What Is WINS Autoconfigure?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-31
Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-31
Assigning WINS Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32
Displaying WINS Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32
8 Managing AppleTalk
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Configuring AppleTalk on an Access Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
AppleTalk Address Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Enabling AppleTalk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Disabling AppleTalk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
Setting AppleTalk Address Cache Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
Displaying AppleTalk Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Displaying AppleTalk Characteristics Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Fields in the AppleTalk Characteristics Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Displaying AppleTalk Counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6
Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6
Displaying AppleTalk Counters Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6
Fields in the AppleTalk Counters Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6
AARP Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9
Displaying AppleTalk Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
Displaying AppleTalk Status Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
Fields in the AppleTalk Status Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
ix
Displaying AppleTalk Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12
Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12
Displaying AppleTalk Routes Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12
Fields in the AppleTalk Routes Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12
Displaying AppleTalk ARP Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
Displaying AppleTalk ARP Entries Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
Fields in the AppleTalk ARP Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
9 Configuring Basic Device Characteristics
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Configuring Basic Device Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Basic Device Characteristic Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Displaying Basic Device Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
Displaying Port Characteristics Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
Configuring the ACCESS Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5
Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5
Defining the ACCESS Characteristic Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5
Matching the Port and Device Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6
AUTOBAUD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6
CHARACTER SIZE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7
PARITY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7
SPEED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8
STOP BITS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8
TYPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-9
Configuring the FLOW CONTROL Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10
Flow Control Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10
XON/XOFF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-10
DSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11
CTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11
FLOW CONTROL Direction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12
Specifying the Automatic Logout Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13
Specifying DSRLOGOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13 x
Specifying LONGBREAK LOGOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13
Specifying INACTIVITY LOGOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-14
Specifying the INACTIVITY TIMER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-14
10 Configuring Modem Signals
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
DTE/DCE Device Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2
Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2
Determining the Supported Modem Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3
Access Servers and MODEM CONTROL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3
Access Server Types and Supported Modem Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3
Modem Signals Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5
Types of Modem Signal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5
Specifying MODEM CONTROL and SIGNAL CONTROL . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7
Logging Out the Port with DSRLOGOUT or LONGBREAK LOGOUT . . . . . . . . . . . . . . 10-7
Computer Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-7
Specifying SIGNAL SELECT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9
Determining When to Use a Signal Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-9
Specifying SIGNAL CHECK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-10
Specifying DTRWAIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11
Enabling DTRWAIT Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-11
Specifying RING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-12
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-12
Specifying ALTERNATE SPEED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-13
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-13
Specifying DIALUP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-14
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-14
Sample Modem Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-15
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-15
Configuring a Dial-In Modem on a Full MODEM CONTROL Server . . . . . . . . . . . . . . . 10-15
Configuring a Dial-In Modem on a MODEM CONTROL Server. . . . . . . . . . . . . . . . . . . 10-15
Configuring a Dial-Out Modem on a Full MODEM CONTROL Server. . . . . . . . . . . . . . 10-16
Configuring a Dial-In and Dial-Out Modem on a Full MODEM CONTROL Server . . . . 10-16
Configuring a Dial-Out Modem on a MODEM CONTROL Server . . . . . . . . . . . . . . . . . 10-17
Configuring a Dial-In and Dial-Out Modem on a MODEM CONTROL Server. . . . . . . . 10-17
MODEM CONTROL Sequences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-18
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-18
xi
Establishing a Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-18
Response to Momentary Loss of CTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-19
Disconnecting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-19
Configuring DTR and DSR Signals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-20
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-20
Port Characteristic Effects on the DTR and DSR Signals . . . . . . . . . . . . . . . . . . . . . . . . . 10-20
11 Configuring and Managing Interactive Devices
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
Configuring an Interactive Device for LAT Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3
Configuring an Interactive Device for LAT Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3
Sample Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4
Configuring LAT Group Codes for Interactive Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4
Specifying AUTOCONNECT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5
Specifying AUTOPROMPT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6
Specifying the Default Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6
Specifying Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7
Configuring Port Queuing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7
Displaying Access Server Queue Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8
SHOW QUEUE ALL Display Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9
Removing Entries from the Access Server Queue. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9
Configuring Port Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-10
Configuring an Interactive Device for Telnet Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11
Configuring a Device on Port 6 for Internet Hosts Example . . . . . . . . . . . . . . . . . . . . . . . 11-11
Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-12
Configuring a Session Management (TD/SMP) Terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13
How to Configure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13
Benefits and Restrictions Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13
Local Mode Command Restrictions During Session Management . . . . . . . . . . . . . . . . . . 11-14
Logging In with Multisessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15
Configuring On-Demand Loading for Asian Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-16
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-16
On-Demand Loading Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-16
Disable Switch Character. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-16
Configuring for Block-Mode Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-17
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-17
Buffer Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-17
Specifying the Telnet Client Session Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-18
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-18 xii
Profiles Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-18
Profile Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-18
Telnet Client Session Characteristics Predefined for Each Profile. . . . . . . . . . . . . . . . . . . 11-19
Configuring Individual Telnet Client Session Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . 11-21
Modifying Telnet Session Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-21
Specifying ECHO Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-21
Specifying the BINARY Characteristic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-21
Specifying CHARACTER SIZE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-22
Mapping Keyboard Characters to Telnet Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-22
Telnet Keymapping Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-23
Specifying AUTOFLUSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-24
Specifying AUTOSYNCH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-24
Specifying Telnet Client Newline. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-24
Specifying FLOW CONTROL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-25
Specifying MESSAGE VERIFICATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-26
Specifying the SWITCH CHARACTER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-26
Specifying a Preferred Terminal Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-27
Managing Access Server User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-28
Minimal Setup for Local User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-28
Optional Setup for Local User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-28
SHOW/LIST/MONITOR USERACCOUNT Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-29
Service Permissions Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-30
User Account Command Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-31
Access Command Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-32
Managing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-33
Providing a Contact Name and Access Server Location . . . . . . . . . . . . . . . . . . . . . . . . . . 11-33
Specifying Preferred Service for LAT or Telnet Resources. . . . . . . . . . . . . . . . . . . . . . . . 11-33
Specifying the Port USERNAME. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-34
Specifying Keys to Switch Between Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-35
Defining the Break Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-36
Specifying a Key to Switch to Local Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-36
Specifying BROADCAST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-37
Specifying LOSS NOTIFICATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-38
Specifying Message Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-39
Specifying VERIFICATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-39
Specifying Lock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-39
Displaying Information About the Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-40
Specifying User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-41
Managing Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-43
Initiating a Session to a LAT Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-43
Initiating a Session to an Internet Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-43
Sending Telnet Functions to a Remote Telnet Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-44
Controlling the Number of Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-45
Displaying Session Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-46
Displaying Session Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-48
xiii
Displaying Session Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-48
Terminating Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-51
12 Configuring and Managing LAT Services
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
Configuring a Port to Offer a LAT Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
Configuring Access to a LAT Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3
Assigning a Service Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3
Enabling Announcements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3
Assigning an Identification String . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4
Assigning a Port Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4
Specifying the Service Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5
Configuration of Specific Types of Devices As LAT Services . . . . . . . . . . . . . . . . . . . . . . . . . 12-6
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6
Configuring a Personal Computer As a Terminal and LAT Service . . . . . . . . . . . . . . . . . . 12-6
Configuring a Computer As a LAT Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7
Configuring a Modem As a LAT Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8
Configuring a Printer As a LAT Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9
Setting Up a LAT Remote Print Queue on an OpenVMS Host. . . . . . . . . . . . . . . . . . . . . . 12-9
Setting Up a LAT Remote Print Queue on an ULTRIX System . . . . . . . . . . . . . . . . . . . . 12-11
Configuring a Printer with Unannounced Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-13
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-13
Configuring a Printer with Unannounced Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-13
Verifying the LAT Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-15
Do This. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-15
Problem Solving. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-15
Managing Your Access Server As a LAT Node Offering a Service . . . . . . . . . . . . . . . . . . . . 12-16
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-16
Displaying Information About a Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-16
Displaying Services Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-16
Displaying Services Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-18
Displaying Services Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-20
13 Configuring and Managing Telnet Servers
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Sample Device Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2 xiv
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2
Configuring a Printer for Access Through a Telnet Listener . . . . . . . . . . . . . . . . . . . . . . . . 13-2
Configuring a Computer for Access Through a Telnet Listener . . . . . . . . . . . . . . . . . . . . . 13-3
Configuring a Modem for Access Through a Telnet Listener . . . . . . . . . . . . . . . . . . . . . . . 13-3
Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener . . . 13-5
Sample Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5
Configuring Personal Computer Access to a Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-5
Setting User Priority for Devices Using Dynamic Access . . . . . . . . . . . . . . . . . . . . . . . . . . 13-6
Configuring a File Transfer Partner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-7
Configuring a Remote Print Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8
Configuring a TCP/IP Remote Print Queue on an ULTRIX System . . . . . . . . . . . . . . . . . . 13-8
Printer Port Telnet Server Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8
Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-9
Configuring a TCP/IP Remote Print Queue on a UNIX System . . . . . . . . . . . . . . . . . . . . 13-10
Configuring a Telnet Listener . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-11
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-11
Configuring Telnet Server Session Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-12
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-12
Mapping Event Indications to Keyboard Characters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-12
Specifying Newline Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-13
Specifying Character Size. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-13
Managing Your Access Server As a Telnet Listener Node . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-15
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-15
Displaying Telnet Listeners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-15
Displaying Telnet Server Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-15
Removing a Telnet Listener . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-16
Removing One of Many Devices Assigned to a Telnet Listener . . . . . . . . . . . . . . . . . . . . 13-16
Reassigning a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-17
Supplying User Location Data to Telnet Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-18
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-18
Configuring a Raw TCP Listener. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-19
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-19
When To Use Raw TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-19
Configuring Raw TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-19
Displaying Raw TCP Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-20
14 Configuring LPD Printers
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
LPD Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2
Supported File Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2
xv
Control and Data Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2
Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-4
Configuring LPD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5
Configuring Remote Hosts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5
Associating a Printer With a Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5
Setting Port Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6
Printer Configuration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7
Displaying Printer Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7
15 Configuring and Managing SLIP Ports
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1
In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1
Packet Forwarding to and from SLIP Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3
Network Configuration Containing SLIP Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3
Displaying SLIP Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4
Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4
Displaying SLIP Characteristics Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4
Managing Internet Addresses for SLIP Hosts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-5
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-5
How an Access Server Port Obtains the SLIP Host Internet Address. . . . . . . . . . . . . . . . . 15-5
Managing the Maximum Transmission Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7
Changing the MTU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7
Relationship of the TCP Maximum Segment Size and the MTU . . . . . . . . . . . . . . . . . . . . 15-7
Fragmentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7
Configuring a Port So That a PC Can Function as a Terminal or SLIP Host . . . . . . . . . . . . . . . 15-8
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-8
Configuring a Dedicated SLIP Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-9
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-9
Configuring a Device As a Dedicated SLIP Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-9
Configuring a Dial-In Modem for Use with a SLIP Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-10
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-10
Configuring a Dial-In Modem on Port 6 for Use with a SLIP Host . . . . . . . . . . . . . . . . . 15-10
Establishing Terminal Sessions with a PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11
Establishing a SLIP Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-12
Enabling a SLIP Session from the PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-12
After Making a Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-12
Compressed SLIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13 xvi
Enabling CSLIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13
Disabling CSLIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13
Automatic CSLIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13
Compression States. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13
Displaying SLIP Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-14
Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-14
SHOW PORT SLIP COUNTERS Display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-14
SLIP COUNTERS Display Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-14
Disabling SLIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-15
Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-15
Disable SLIP Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-15
16 Configuring for SNMP Access
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1
In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1
Supported SNMP Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-2
Supported Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-2
SNMP Community Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-2
Supported SNMP Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-2
Supported MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-3
Supported MIB Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-3
Configuring the Access Server for SNMP Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5
Enabling and Disabling SNMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5
Displaying Information About SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5
Default Community Name PUBLIC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5
Configuring a Community Name for Access by Any NMS. . . . . . . . . . . . . . . . . . . . . . . . . 16-6
Configuring a Community Name with an Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-6
Configuring Community Names to Send TRAP Messages . . . . . . . . . . . . . . . . . . . . . . . . . 16-7
Sample SNMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-8
Disabling TRAP Messages for a Community Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-8
Removing Community Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-8
Removing an Address from a Community Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-9
Configuring the NMS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-10
Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-10
17 Managing the Access Server
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1
In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1
Managing Your Access Server As Part of the LAT Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2
xvii
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2
Distributing Devices on Access Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2
Controlling the Number of Known Service Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2
Checking LAT Service Accessibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-2
Reducing Memory Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-3
Viewing LAT Node Status Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-3
Viewing LAT Node Counters Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-5
Viewing LAT Node Summary Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-8
Displaying Information About the Access Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-10
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-10
Specifying the Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-10
Displaying Access Server Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-10
Displaying Access Server Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-16
Displaying Access Server Summary Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-22
Checking Port Status and Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-24
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-24
Displaying Port Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-24
Displaying Port Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-25
Displaying Port Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-27
Displaying Port Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-29
SHOW/LIST/MONITOR PORT SUMMARY Display Fields . . . . . . . . . . . . . . . . . . . . . 17-30
18 Configuring and Managing 3270 Terminal Emulation
(TN3270)
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1
Supported ASCII Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-2
Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-2
Definition and Description of a Keyboard Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-3
3278 Keyboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-3
Server-Specific Keyboard Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-3
Configuring Basic 3270 Terminal Emulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-4
Setting Up an ASCII Terminal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-4
Terminal Setup Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-5
Indicating the 3270 Model Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-5
Specifying the Type of ASCII Terminal Used for Emulation . . . . . . . . . . . . . . . . . . . . . . . 18-5
IBM Host Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-6
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-6
Connecting to an IBM Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-6
Entering and Editing Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-6
Status Line Indicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-6
Status Line Indicator Display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-8 xviii
Displaying and Customizing Keyboard Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-9
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-9
Server-Wide Keyboard Maps Customization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-9
Default Server-Wide Terminal Types and Keyboard Maps . . . . . . . . . . . . . . . . . . . . . . . . . 18-9
Defining New Server-Wide Terminal Types and Keyboard Maps . . . . . . . . . . . . . . . . . . 18-10
Customizing Server-Wide Keyboard Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-11
Selecting and Customizing Keyboard Maps for a Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-13
Keyboard Map and Terminal Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-13
Customizing a Default Keyboard Map for a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-14
ASCII-to-EBCDIC and EBCDIC-to-ASCII Translation Tables . . . . . . . . . . . . . . . . . . . . . . . . 18-16
Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-16
Guidelines for Managing the Use of NVRAM for TN3270 . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-17
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-17
Storage Requirements for TN3270 Definitions in NVRAM . . . . . . . . . . . . . . . . . . . . . . . 18-17
TN3270 Commands That Free NVRAM Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-17
Limiting NVRAM Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-18
Commands to Manage TN3270 Terminal Emulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-19
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-19
TN3270 Access Server Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-19
TN3270 Port Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-20
SHOW Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-21
19 Configuring and Managing Point-to-Point Protocol (PPP)
Ports
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1
In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1
Enabling PPP on an Access Server Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-2
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-2
Enabling PPP for Mixed Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-2
Enabling Dedicated PPP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-3
Enabling Ports with Modems for PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-3
Establishing and Ending a PPP Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-4
Using the CONNECT PPP Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-4
Displaying PPP Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-5
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-5
Displaying LCP Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-5
Displaying IPCP Characteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-7
ATCP Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-10
Displaying PPP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-12
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-12
xix
Displaying LCP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-12
Displaying IPCP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-14
Displaying ATCP Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-16
Displaying PPP Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-18
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-18
Displaying LCP Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-18
Displaying IPCP Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-20
Displaying ATCP Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-22
20 Managing IPX
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-1
In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-1
IPX Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-2
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-2
Access Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-2
Getting Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-4
Checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-4
Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-5
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-5
Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-5
Hardware Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-5
Setting Up Your PC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-6
PC Remote Access Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-6
Novell Workstation Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-6
Novell Utilities for Local Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-6
Setting Up the Network Access Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-7
Enabling IPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-7
Configuring the Port for an Attached Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-7
Configuring the Port for the Login Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-8
Configuring the Port for Login to the Local Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-8
Configuring the Port Dedicated to PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-9
Configuring the Port for PPP/IPXCP Data Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-9
Summary of DECserver IPX Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-11
Port PPP IPX Commands for LCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-11
Port PPP IPX Commands for IPXCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-12
Port PPP Commands for PPP Negotiation Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-12
Server IPX Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-13
Modem Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-15
Dial-In Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-15
Dial-Out PC Modems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-15
Novell Client/Server Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-17
Establishing Remote Node Access Connection to Novell Network . . . . . . . . . . . . . . . . . 20-17 xx
Novell Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-17
Operational Checkout and Diagnosis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-19
Verifying Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-19
Disabling IPX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-20
Using the DEFINE Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-20
Frame Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-21
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-21
Standard Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-21
RAW802 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-21
SAP802 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-21
SNAP802 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-21
Displaying IPX Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-22
Using the SHOW command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-22
IPX Characteristics Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-22
IPX Characteristics Display Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-22
Displaying IPX Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-24
Using the SHOW IPX Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-24
IPX Status Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-24
Fields in the IPX Status Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-24
Displaying IPX Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-25
Use the SHOW IPX COUNTERS command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-25
IPX Counters Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-25
IPX Counters Display Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-25
Displaying IPX Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-28
Using the SHOW IPX ROUTES Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-28
IPX Routes Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-28
IPX Routes Display Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-28
Resetting Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-29
Using the ZERO Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-29
ZERO Command Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-29
21 Managing Dial Services
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-1
In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-1
Dial Services Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-2
Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-2
Entering the SET PRIVILEGED command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-2
Checking the Current Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-3
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-3
Server Configuration Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-3
Defining a Dialer Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-4
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-4
xxi
Defining Dialer Script Strings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-4
Assigning the Dialer Script to a Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-6
Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-6
Determining the Current Dialer Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-6
Assigning a Dialer Script to a Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-7
Verifying Dialer Script Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-8
Defining the Dialer Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-9
Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-9
Showing the Current Dialer Service Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-9
Showing Dialer Service Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-10
Displaying Dialer Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-12
Modifying the Dialer Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-12
Configuring Interactive Dial Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-15
Configuring for Interactive Dial-Back . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-15
Interactive Dial-Back (Dial Service) Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-15
Framed Dial Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-16
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-16
Changing PPP Characteristics Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-16
Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21-16
22 Managing Access Server Security
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-1
In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-1
Security Type Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-2
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-2
Kerberos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-2
RADIUS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-2
SecurID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-3
User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-3
Common Terminology Across Security Realms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-4
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-4
Accounting Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-4
Authentication Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-4
Default Realm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-4
Login Retries and Timeouts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-4
Secrets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-4
Security Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5
UDP Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-5
Managing Kerberos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-6
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-6
Configuration Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-6
Configuration of User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-7 xxii
User Authentication Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-10
Changing a User Name and Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-11
User Authentication Counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-11
Managing RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-13
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-13
Minimal Setup for RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-13
Optional Setup for RADIUS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-14
RADIUS User Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-15
User Access to the Access Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-16
Setting User Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-16
Additional RADIUS Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-17
Optional RADIUS User Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-22
Managing SecurID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-23
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-23
Minimal Setup for SecurID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-24
Optional Setup for SecurID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-24
SecurID User Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-25
Setting User Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-26
Managing Local Access Server Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-27
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-27
Defining the Realm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-27
Determining Security Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-28
Displaying RADIUS, SECURID, and KERBEROS Characteristics . . . . . . . . . . . . . . . . . 22-28
Displaying Security Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-30
Showing the Authentication Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-31
Showing the User Port Authorization Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-31
Showing Security Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-31
Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication . . . . 22-32
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-32
Activating AUTOLINK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-32
Enabling AUTOLINK Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-33
Specifying an Authentication Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-33
Setting AUTOLINK Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-34
Timeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-35
Using a Login Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-35
Specifying Other Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-36
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-36
Specifying Dedicated Service for LAT or Telnet Resources . . . . . . . . . . . . . . . . . . . . . . . 22-36
Specifying Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-37
Specifying PASSWORD LIMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22-38
xxiii
23 Accounting
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-1
In This Chapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-1
Accounting Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-2
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-2
Accounting Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-2
What Events Are Logged? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-3
Contents of Log Entry Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-3
Event Field Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-4
When Events Are Logged . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-9
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-9
Login Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-9
Logout Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-9
Session Connect Attempt Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-9
Session Disconnect Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-9
Password Fail Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-9
SNMP Community Fail Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-9
Password Modified Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-10
User Privilege Level Modified Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-10
SNMP Community Modified Events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-10
Managing Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-11
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-11
Defining the Accounting Log Size. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-11
Changing the Accounting Threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-12
Changing the Accounting Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-12
Displaying Accounting Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-13
Displaying the Accounting Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-14
Using the Accounting Console Logging Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-15
Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-15
LAT Remote View of the Accounting Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23-15 xxiv
A Cable and Adapter Recommendations
Cable and Adapter Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-1
Cable and Adapter Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-1
Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-2
Glossary
Index
xxv
Preface
Overview
Purpose
Network Access Server Management is written for the person who sets up, maintains, and manages any one of the Digital Equipment Corporation family of network access servers. To use this manual, you must be familiar with using a terminal on a Digital
Equipment Corporation access server.
TSM Users
If you have the optional network management product, Terminal Server Manager
(TSM) software, review the documentation for the product before you read this manual and other access server documents. This product affects the way you install and manage access servers. Note that TSM software is available only for OpenVMS load hosts.
Using This Manual
This manual details the tasks you perform to manage your access server, and should be used with the Network Access Server Command Reference.
xxvii
Conventions
This manual uses the following conventions:
•
The Return key, which you must press to execute all commands, is not shown in command line displays.
•
The Local> prompt, which appears in most examples, is the default access server prompt. You can change this prompt to something other than Local> with the
SET/DEFINE/CHANGE SERVER PROMPT command.
•
All numbers are expressed in decimal notation unless otherwise noted.
•
All Ethernet addresses are shown in hexadecimal notation.
Convention
Monospaced
UPPERCASE
TEXT lowercase italics
{ }
[ ]
UPPERCASE
BOLD lowercase bold
Ctrl/n
/
Meaning
Monospaced type in command examples indicates system output or user input. User input is in boldfaced text.
Uppercase text in command lines indicates keywords that must be entered. You can enter them in either uppercase or lowercase. You can abbreviate command keywords to the first three characters or to the minimum unique abbreviation.
Lowercase italics in command syntax indicates variables for which either the user or the network access server supplies a value.
Braces in the command syntax indicate that you must choose one of the enclosed options. (Do not type the braces.)
Brackets in the command syntax indicate that the enclosed values are optional. You can enter one or none. (Do not type the brackets.)
Uppercase boldface text in summaries of characteristics indicates default values.
Terms in bold face type are defined in the glossary.
This syntax indicates a keying sequence for which you must hold down the Ctrl key while pressing the key specified by the variable n.
A slash indicates related alternate commands or options. For example, SET/DEFINE/CHANGE PORT refers to the SET
PORT, DEFINE PORT, and CHANGE PORT commands.
The slash (/) is not part of the command syntax.
xxviii
Associated Documents
Refer to the following documentation for additional information:
•
LAT Network Concepts — Provides an overview of the LAT protocol.
•
Terminal Server Manager Installation and Use — Provides the procedures to install and use TSM.
•
DECserver 700 Site Preparation and Maintenance — Provides the procedures to prepare the site before installing the DECserver 700 hardware.
•
DECserver 90TL/DECserver 90M Owner’s Manual — Provides the procedures to install and operate the DECserver 90TL/DECserver 90M hardware.
•
DECserver 900TM Installation — Provides the procedures to install and operate the DECserver 900TM hardware.
•
VMS VAXcluster Manual — Provides the procedures to configure a VAXcluster system, including the procedure to configure the system for remote printing.
•
ULTRIX Guide to System Environment Setup — Provides the procedure to configure the ULTRIX system environment, including the procedure to configure print systems.
•
DECserver Network Access Software Installation — Describes how to install the network access software on Microsoft Windows 95 or Windows NT, OpenVMS,
DIGITAL UNIX, ULTRIX, or UNIX operating systems.
•
Release Notes — Provide the latest information about the access server. The release notes are available with the software distribution kit and are stored in the load host directory with the other software distribution files.
•
Network Access Server Command Reference — Provides the commands to operate and manage the access server.
•
Network Access Server Problem Solving — Describes problem-solving tools and procedures for the various access servers.
xxix
How to Order Additional Documentation
To order additional documentation, use the following information:
To Order:
By Telephone
Electronically
(USA only)
By Mail
(USA and
Puerto Rico)
By Mail
(Canada)
Internationally
Internally
Contact:
USA (except Alaska, New Hampshire, and Hawaii):
1-800-DIGITAL (1-800-344-4825)
Alaska, New Hampshire, and Hawaii: 1-603-884-6660
Canada: 1-800-267-6215
Dial 1-800-DEC-DEMO
(For assistance, call 1-800-DIGITAL)
DIGITAL EQUIPMENT CORPORATION
P.O. Box CS2008
Nashua, New Hampshire 03061
(Place prepaid orders from Puerto Rico with the local
DIGITAL subsidiary: 809-754-7575)
DIGITAL EQUIPMENT of CANADA LTD.
940 Belfast Road
Ottawa, Ontario, Canada K1G 4C2
Attn.: A&SG Business Manager
DIGITAL EQUIPMENT CORPORATION
Attn.: A&SG Business Manager c/o local DIGITAL subsidiary or approved distributor
U.S. Software Supply Business (SSB)
DIGITAL EQUIPMENT CORPORATION
8 Cotton Road
Nashua, New Hampshire 03063 xxx
Correspondence
Documentation Comments
If you have comments or suggestions about this document, send them to the DIGITAL documentation organization.
Attn.: Documentation Project Manager
E-mail: [email protected]
Online Services
To locate product-specific information, refer to the following online services:
BBS
To read the Bulletin Board System, set your modem to 8 bits, no parity, 1 stop bit, and dial 508-486-5777 (U.S.). Outside of the U.S., dial (access code) 1-508-486-5777.
WWW
The Digital Equipment Corporation Network Products Business Home Page on the
World Wide Web is at the following addresses:
North America:
Europe:
Australia: http://www.networks.digital.com
http://www.networks.europe.digital.com
http://www.digital.com.au/networks
xxxi
Chapter 1
DNAS Management
Overview
Introduction
This chapter describes the tasks that the following types of users perform when managing the access server:
•
System administrators who configure and manage the access server
•
End users of network services and applications
In This Chapter
This chapter includes the following topics:
•
Configuration Tasks for System Administrators
•
Management Tasks for System Administrators
•
User Tasks
•
Storage of Configuration Settings and Changes in Memory
•
Commands to Display and Change Configuration Settings
DNAS Management 1-1
Configuration Tasks for System Administrators
Configuration Tasks for System Administrators
Configuration Tasks
The following table lists the tasks that system administrators can perform when configuring an access server and the chapter of this manual that describes each task:
To Configure:
User interface
Network access server on the network
Devices on a port
Interactive devices
LAT services
Telnet listeners
SLIP ports
3270 emulation
PPP
User authentication
Refer to:
Chapter 3
Chapter 6
Chapter 9
Chapter 11
Chapter 12
Chapter 13
Chapter 15
Chapter 18
Chapter 19
Chapter 22
Default Settings
Although a new access server is configured and operational with factory-set defaults, you may need to customize the configuration for your use. For a list of defaults associated with each category of configuration settings, refer to the chapters listed in the previous table.
1-2 DNAS Management
Management Tasks for System Administrators
Management Tasks for System Administrators
System Management Tasks
The following table lists the tasks that system administrators can perform to manage the access server. This table also lists the chapter that describes each task.
To Manage:
LAT network communications
TCP/IP network communications
SLIP port reconfiguration
SNMP communities
Network access server maintenance
Management of load hosts
Configuring the user interface
Configuring LPD printers
Managing point-to-point protocol hosts
Managing IPX
Managing dial services
Managing network access server security
Refer to:
Chapter 12
Chapter 7
Chapter 15
Chapter 16
Chapter 17
Chapter 4
Chapter 3
Chapter 14
Chapter 19
Chapter 20
Chapter 21
Chapter 22
DNAS Management 1-3
User Tasks
User Tasks
Introduction
The access server enables end users to perform tasks such as connecting to network resources and managing sessions. For a description of these tasks, refer to the
Specifying the Telnet Client Session Profile section in Chapter 11.
Accessing Online Help
The tutorial for online help also describes user tasks. To start the tutorial, enter the following command on your access server:
Local> HELP TUTORIAL
1-4 DNAS Management
Storage of Configuration Settings and Changes in Memory
Storage of Configuration Settings and Changes in Memory
Memory Types
The access server stores configuration settings in two types of memory:
•
Permanent data is stored in nonvolatile random access memory (NVRAM).
•
Operational data is stored in volatile random access memory (VRAM).
Power Loss
An initialization or power loss has no effect on NVRAM. When an initialization or power loss occurs, the access server overwrites the current settings in VRAM with those from NVRAM.
DNAS Management 1-5
Commands to Display and Change Configuration Settings
Commands to Display and Change Configuration Settings
Introduction
This section lists the type of commands that operate on the configuration settings stored in VRAM and NVRAM.
The CHANGE and SET commands listed in the following chapters have an immediate effect when you enter them. When you use the DEFINE command, however, the changes are delayed:
•
If you use the DEFINE command to make changes to a given port, these changes take place the next time that a user logs in to the port.
•
If you use the DEFINE command to make changes to access server settings, these changes take effect the next time you initialize or plug in the server.
Reference
The Network Access Server Command Reference describes the syntax, range of values, and defaults for all these types of commands. Use the Command Reference as a source of supplementary information as you go through the examples and procedures in this manual.
Types of Commands That Operate on Configuration Settings
The following illustration shows the types of commands stored in VRAM and
NVRAM:
1-6 DNAS Management
Chapter 2
Management Tools
Overview
Introduction
This chapter describes the tools for managing the access server. These tools are:
•
Access server commands
•
Help
•
Console port
•
Remote console port
•
Access Server Manager, a PC-based management tool
In This Chapter
This chapter contains the following topics:
•
Access Server Commands
•
Help
•
Console Port
•
Remote Console Port
•
Access Server Manager
Management Tools 2-1
Access Server Commands
Access Server Commands
Introduction
The access server has a command line interface. You enter commands at a prompt on a terminal attached to an access server port. The default for the prompt is:
Local>
Reference
For a complete description of command syntax and use, refer to the Network Access
Server Command Reference.
Levels of Access Server Commands
The access server has four levels of commands as listed in the following table:
Command
Level
Privileged
Nonprivileged
Limited view
Secure
Provides Access to
All access server commands.
A subset of privileged commands.
All nonprivileged commands except those that show or list LAT nodes, LAT services, and various Internet databases.
A subset of nonprivileged commands that apply to the current port only.
Commands to Enable and Disable
SET PRIVILEGED
Default
SET/DEFINE/CHANGE
PORT n LIMITED VIEW
ENABLED
SET/DEFINE/CHANGE
PORT n SECURITY
ENABLED
2-2 Management Tools
Access Server Commands
User Groups
For practical purposes, the access server command set syntax is divided into command groups. These groups are:
•
Command descriptions
•
CLEAR/PURGE commands
•
SET/DEFINE/CHANGE commands
•
SHOW/LIST/MONITOR commands
In the above list, the command descriptions group includes any command that does not functionally fit into the CLEAR/PURGE, SET/DEFINE/CHANGE or SHOW/LIST
MONITOR groups (for example, DIAL, CONNECT, SEND, and LOOP).
Command Definitions
The following table describes the commands for the CLEAR/PURGE, SET/DEFINE/
CHANGE and SHOW/LIST/MONITOR groups:
Command
DEFINE
SET
CHANGE
SHOW
MONITOR
LIST
Result
Changes NVRAM (nonvolatile random access memory). The system must be reinitialized for the changes to take effect.
Changes VRAM.
1
Changes both NVRAM and VRAM.
Displays current status or information about various options from the access server operational database.
Displays continuously updated access server information on various options. Type any character to stop a monitor display.
The MONITOR command displays have the same format as the corresponding SHOW command displays, but requires the user to be privileged.
Displays information about various options from the server’s permanent database.
Changes VRAM.
CLEAR
PURGE Changes NVRAM.
1.
VRAM is the server’s volatile operational database.
Management Tools 2-3
Access Server Commands
Reference
For more information about this command group and its qualifiers, please refer to the
Network Access Server Command Reference.
Privileged Commands
To manage and configure the network, you use privileged commands. To enable privileged commands, use the SET PRIVILEGED command. The command line interface prompts you to enter the privileged password (which does not appear on the screen). If you forget the privileged password, you can reset the access server to its defaults by plugging the unit in while holding the reset button.
More than one port at a time can be privileged. Therefore, you should not reveal the privileged password.
Example: Enabling Privileged Commands
This example shows how to use the SET PRIVILEGED command to enable privileged commands on a port after accessing the access server.
Local> SET PRIVILEGED
Password> (not echoed)
Local>
Example: Changing the Privileged Password
To change the password, use the SET SERVER PRIVILEGED PASSWORD command. The following example shows how to use the SET SERVER PRIVILEGED
PASSWORD command to change the privileged password.
Local> SET SERVER PRIVILEGED PASSWORD
Password> (not echoed)
Verification> (not echoed)
Local>
2-4 Management Tools
Help
Help
Introduction
The access server provides online help about access server commands. This section describes two types of online help that are available on the access server.
HELP TUTORIAL Command
The command HELP TUTORIAL provides a brief introduction to the access server.
You enter this command as follows:
Local> HELP TUTORIAL
The access server then displays a screen that explains how to use the tutorial.
HELP Command
The HELP command provides reference information for the level of commands enabled on the port that you are using.
Example: Accessing Online Help Information
The following example shows how to display the online help for the SET command and the PORT characteristic.
Local> HELP
[A list of topics displays here.]
Topic? SET
SET
SET changes characteristics and options stored in the server's operational database.
Additional HELP available for:
INTERNET PORT NOPRIVILEGED PRIVILEGED
SERVICE SESSION TELNET
SET Subtopic? PORT
Management Tools 2-5
Console Port
Console Port
Displaying Port Parameters
The console port receives the access server system messages. An access server can have only one console port at a time. The default console port number is 1. To change the console port, use the SET/DEFINE/CHANGE CONSOLE PORT command.
To find out the current port number for the console port, use the SHOW SERVER command.
Reference
The console port helps with troubleshooting as described in the Network Access Server
Problem Solving manual.
Example: SHOW SERVER Command
The following example shows how to display the current port number for the console port. The value in for the Console Port characteristic in the display is the current port number.
Local> SHOW SERVER
Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.x-x Uptime: 0 00:16:18
Address: 08-00-2B-26-AA-99 Name: WWDOCMC Number: 0
Identification:
Circuit Timer: 80 Password Limit: 3
Console Port: 1 Prompt: Local>
Inactivity Timer: 30 Queue Limit: 100
Keepalive Timer: 20 Retransmit Limit: 8
Multicast Timer: 30 Session Limit: 64
Node Limit: 200 S oftware: WWENG2
Service Groups: 42, 46, 66
Enabled Characteristics:
Announcements, Broadcast, Dump, Lock
2-6 Management Tools
Remote Console Port
Remote Console Port
Description
The remote console port is a logical port that enables you to configure the access server from a remote terminal on the network.
Features of the Remote Console Port
The following table lists the features that distinguish the remote console port from other ports:
Feature
Local switch character
Personal computer file transfers
SET/DEFINE/CHANGE
PORT characteristics
Number of sessions supported
Description
~ (Tilde)
Unsupported
Available for all ports except for the remote console port
1 at a time
Communications Utilities for Remote Console Sessions
The following table describes the four utilities you can use to connect to the remote console port on the access server:
Connection Utility
Network Control Program (NCP)
SET HOST/MOP
Telnet remote console
Console Carrier Request (CCR)
Access Server Manager
Host Type
OpenVMS Phase IV
OpenVMS DECnet/
OSI
Internet
ULTRIX DECnet
32-bit Microsoft
Windows, Windows
95, and Windows NT
Protocol
MOP
MOP
Telnet
MOP
Telnet
Management Tools 2-7
Remote Console Port
OpenVMS Utility — Terminal Server Manager
For OpenVMS systems, DIGITAL offers the Terminal Server manager (TSM) to facilitate managing the access server using the MOP remote console. TSM allows the user to store access information such as the maintenance password, Ethernet address, and login password for a server in a local database. The user can then establish a simple
USER SERVER command and TSM will retrieve the information and establish a remote connection to the MOP console of the targeted server. Since TSM supports command scripts a highly automated interface to the MOP remote console can be created.
Network Control Program (NCP)
NCP enables you to connect to the remote console port from an OpenVMS DECnet node that is on the same Ethernet as the access server. The node must be running
DECnet Phase IV software, but does not need to be a LAT service node or a load host for your access server.
Usage Considerations
Consider the following when using NCP:
•
Do not confuse the SERVICE PASSWORD that you enter in an NCP command with the access server SERVICE PASSWORD. They are unrelated.
•
If the access server requires that you specify the maintenance password and you omit it, NCP displays this error message:
Target does not respond
To disconnect from the access server, press Ctrl/D. To exit NCP, type EXIT or press Ctrl/Z.
For additional information about NCP, refer to the documentation provided with your system.
2-8 Management Tools
Remote Console Port
Example: Using NCP to Connect to an Access Server Remote Console Port from a Load Host
The following example shows a connection from an OpenVMS DECnet Phase IV load host to an access server that has the DECnet node name SHRIMP. The maintenance password is FEDCBA. The login password is the default, ACCESS.
$ MCR NCP
NCP> CONNECT NODE SHRIMP SERVICE PASSWORD FEDCBA
Console connected (press CTRL/D when finished)
# ACCESS (not echoed)
Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.x-x Uptime: 0
00:16:38
(c) Copyright 1993, Digital Equipment Corporation - All Rights
Reserved
Please type HELP if you need assistance
Enter username> MANAGER
Local>
Use of SET HOST/MOP from a DECnet/OSI OpenVMS Node
MOP enables you to connect to the remote console port from an DECnet/OSI
OpenVMS node that is on the same Ethernet as the access server.
To disconnect from the access server, enter C t r l/ \ . Refer to the appropriate DECnet/
OSI manual for information about how DECnet/OSI interprets passwords on the SET
HOST/MOP command line.
Management Tools 2-9
Remote Console Port
Example: Using MOP to Connect to an Access Server from a DECnet/OSI
OpenVMS Node
The following example shows a connection from a DECnet/OSI OpenVMS node to an access server remote console port. In this example:
•
The access server has a DECnet node name of DGD700.
•
The maintenance password is FEDCBA. On the SET HOST/MOP command line, however, the DECnet/OSI software transposes this password into the string
BADCFE.
•
The access server has a password of ACCESS.
$ SET HOST/MOP DGD700/VERIFICATION=%XBADCFE
%CCR-I-CONNEST, connection established to remote system
08-00-2B-26-AE-32 Press CTRL/ \ to disconnect, CTRL/] to send break
# ACCESS (not echoed)
Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.x-x
Uptime: 0 00:16:41
(c) Copyright 1993, Digital Equipment Corporation -
All Rights Reserved
Please type HELP if you need assistance
Enter username> SWINSTALLER
Local>
Use of CCR from an ULTRIX DECnet Node
Console Carrier Request (CCR) enables you to connect to the remote console port from an ULTRIX DECnet node that is on the same Ethernet as the access server. The node must be running ULTRIX MOP software, but does not need to be a LAT service node or load host for the access server.
To disconnect from the access server, press Ctrl/D. To exit CCR, type EXIT or press
Ctrl/Z. For more information about CCR, refer to the DECnet documentation provided with your system.
2-10 Management Tools
Remote Console Port
Example: Using CCR to Connect to an Access Server from an ULTRIX DECnet
Node
The following example shows a connection from an ULTRIX DECnet node to an access server remote console port. In this example:
•
The access server has the DECnet node name DRUMCORPS.
•
The maintenance password is FEDCBA.
•
The access server password is ACCESS.
/etc/ccr -n drumcorps -p FEDCBA ccr: Remote console reserved
ACCESS (not echoed)
Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.x-x
Uptime: 0 00:16:43
(c) Copyright 1993, Digital Equipment Corporation -
All Rights Reserved
Please type HELP if you need assistance
Enter username> MANAGER
Local>
Telnet Remote Console
If the access server has an Internet address, you can configure it to accept a Telnet remote console connection. Once you configure the Internet address and Telnet remote console port, the access server accepts and establishes a Telnet remote console connection to the remote console through one or more of the Telnet listeners specified by a TCP port on the access server. By default, TCP port 23 is the Telnet remote console port.
If you assign Telnet listener 23 to one or more physical ports, using the CLEAR/
PURGE TELNET LISTENER 23 command only reassigns TCP port 23 as a Telnet remote console port.
Management Tools 2-11
Remote Console Port
Characteristics of the Telnet Remote Console Port
The following table describes the characteristics for Telnet remote console connections on the access server:
Characteristic
Number of connections allowed on the remote console port at one time
Default TCP port number
Description
1
The port is shared with the MOP remote console port so it will not be accessible to Telnet if the remote console port is active.
23
By default, the remote console is accessed via TCP port number 23. You can make the Telnet remote console port available to any of the TCP ports used by the access server Telnet listener feature.
More than 1 allowed.
Number of TCP ports configured to function as a remote console port
Maintenance password
Access server login password
IP address of the Telnet client host
Privileged user logout.
Not required.
In environments where both MOP and
Telnet are used to access the remote console, setting a maintenance password for MOP does not affect Telnet.
Required.
Displayed in the Console User field of the SHOW SERVER STATUS display if a Telnet host is using the port. If the port is idle, this field displays the text
“None Available.”
Another privileged user on a local port can log out on the remote console using the LOGOUT PORT CONSOLE command.
2-12 Management Tools
Access Server Manager
Access Server Manager
Description
The Access Server Manager application is a management tool for DECserver access servers. It runs on 32-bit Windows-based operating systems. The Access Server
Manager has a graphical user interface that allows you to easily configure some
DECserver features. The Access Server Loader application is integrated with the
Access Server Manager.
Functions
Use the Access Server Manager to:
•
Download firmware from a PC load host to the access server.
•
Download IP address configuration information to the access server.
•
Configure the access server network protocols.
•
Configure ports for remote access and terminal server functions.
•
Configure modems attached to a DECserver port.
•
Configure access server security.
•
Configure access server dialer services.
•
Make a Telnet console connection to an access server and issue console commands.
Related Information
See the DECserver Network Access Software Installation guide for instructions about installing this application.
Read the Access Server’s online help for information about managing the access server.
Management Tools 2-13
Chapter 3
User Interface
Overview
Introduction
This chapter describes how to customize and manage the user interface to the access server. The access server provides two features to manage the user interface:
•
A command group defines a set of commands that a specified group of users can access and execute.
•
A menu provides a customized selection of commands that a specified group of users can select on the terminal screen.
Both command groups and menus can help the access server user avoid repetitive typing.
In This Chapter
This chapter contains the following topics:
•
Command Groups and Menus
•
Using Command Groups
•
Using Menus
•
Defining Menus
User Interface 3-1
Command Groups and Menus
Command Groups and Menus
Description
In addition to convenience, command groups and menus provide the access server with a security feature. Since command groups and menus both have an associated port list, you can control which users can access them.
Command groups and menus can also enable nonprivileged users to access a subset of privileged commands. Even if command groups and menus contain privileged commands, they are available to any nonprivileged user logged in to a port in the associated port list.
3-2 User Interface
Using Command Groups
Using Command Groups
Creating a Command Group
To create a command group, follow these steps:
Step Action
1 Use the CHANGE COMMAND GROUP command to specify a command group name and port list.
Example: The following defines the command group called
SERVICE_A that is available on ports 2, 3, and 5:
Local> CHANGE COMMAND GROUP SERVICE_A PORT 2, 3, 5
2 Enter the individual commands that define the command group.
Example: Defining a Command Group
The following example shows how to enter individual commands to define a typical command group. In this command group, the values %P1 and %P2 represent place holders for values that you specify when you execute the command group.
Local> CHANGE COMMAND GROUP SERVICE_A LINE 10 "CHANGE PORT %P1
LOCK ENABLE"
Local> CHANGE COMMAND GROUP SERVICE_A LINE 20 "CHANGE PORT %P1
DEFAULT PROTOCOL LAT"
Local> CHANGE COMMAND GROUP SERVICE_A LINE 30 "CONNECT LAT %P2"
The command group defined in this example does the following for the specified port:
1 Enables lock.
2 Sets the default protocol to LAT.
3 Connects to the LAT service specified.
User Interface 3-3
Using Command Groups
Executing a Command Group
To execute a command group, use the DO command.
Example: Executing a Command Group
The following example executes the command group SERVICE_A defined in the previous example. When this command executes, it substitutes the value 3 for the port place holder %P1 and SALES for the service place holder %P2.
Local> DO SERVICE_A 3 SALES
Displaying a Command Group
Use the SHOW COMMAND GROUP command to display a command group.
Example: Displaying a Command Group
The example below shows how to display the SERVICE_A command group.
Local> SHOW COMMAND GROUP SERVICE_A
Command Group: SERVICE_A
Enabled on Ports
2 3 5
Line 10:
CHANGE PORT %P1 LOCK ENABLE
Line 20:
CHANGE PORT %P1 DEFAULT PROTOCOL LAT
Line 30:
CONNECT LAT %P2
Purging a Command Group
Use the PURGE COMMAND GROUP command to purge a command group. Use this command to delete a line from a command group, delete an entire command group, or delete all command groups.
Example: Purging Command Groups
The following example shows how to use the PURGE command to delete the command groups SERVICE_A, SERVICE_B, and all existing command groups:
Local> PURGE COMMAND GROUP SERVICE_A
Local> PURGE COMMAND GROUP SERVICE_B
Local> PURGE COMMAND GROUP ALL
3-4 User Interface
Using Menus
Using Menus
Displaying a List of Enabled Menus
To display a list of the menus enabled on a port, use the SHOW MENU command. If you are a privileged user, the SHOW MENU command displays the names of all menus available on the access server.
To enable a menu on a port, you must use the CHANGE MENU command. See section
Defining Menu Choices in this chapter.
Example: SHOW MENU Command
The following example shows how to display a list of menus:
Local> SHOW MENU
MAIN
HOSTS
SERVICES
Entering Menu Mode
To use any menu enabled on the current port, use the nonprivileged ENTER MENU command. If you are a privileged user, the ENTER MENU command enables you to use any menu available on the access server.
Example: Entering Menu Mode
The following example shows how to enter the hosts menu:
Local> ENTER MENU HOSTS
User Interface 3-5
Using Menus
Assigning a Default Menu to a Port
To assign a default menu to a port, use the DEFINE PORT n DEFAULT MENU command. If a port has a default menu, it displays whenever you:
•
Log in to the port.
•
Press the Local Break key or enter the Local Switch character while in a host session.
•
Log out of a host session.
Example: Assigning a Default Menu
The following example show how to assign the default menu HOSTS to port 2:
Local> DEFINE PORT 2 DEFAULT MENU HOSTS
Menu Windows
Menus are divided into two windows:
•
The menu choices window appears in lines 1 through 20.
•
The directions and user input window appears in lines 22 through 24.
The current selection appears in reverse video. To make a selection, use the up- and down-arrow keys to highlight a selection and press the Return key. You can also make a selection by entering the item number to the left of the selection and pressing the
Return key.
3-6 User Interface
Figure: Windows on Access Server Menus
The following figure shows a typical access server menu:
Using Menus
User Interface 3-7
Defining Menus
Defining Menus
Introduction
This section describes how to define menus and provides examples.
Reference
For complete information about the commands mentioned in this section, refer to the
Network Access Server Command Reference.
Main Menu
Whenever the server has its factory-set default settings, it stores the main menu in
NVRAM. You can display and modify the default menu using the same commands that you use for any other menu.
You may find it convenient to use the main menu as a starting point and an example for creating new menus. For example, to create a new menu entitled SERVICES based on the main menu, enter the following command:
Local> CHANGE MENU SERVICES FROM MAIN
In effect, the command above copies the main menu and gives the copy the name
SERVICES. To modify the menu SERVICES, use the CHANGE MENU command as shown in the Example: Sample Definition of a Menu Selection in this chapter.
3-8 User Interface
Defining Menus
Main Menu Display
The following figure shows how the Main Menu displays on the screen:
Defining Menu Choices
For each menu choice line, you can define:
•
One line of display text
•
A server command, which can:
— Specify up to 8 optional input parameters
— Be a DO command
•
A prompt string for each specified input parameter
•
A default string for each specified input parameter
User Interface 3-9
Defining Menus
Example: Sample Definition of a Menu Selection
The following example shows one way to define the selection Open Telnet Session that appears on line 5 of the main menu:
Local> CHANGE MENU MAIN LINE 5 DISPLAY "OPEN TELNET SESSION"
Local> CHANGE MENU MAIN LINE 5 P1PROMPT "ENTER HOST NAME OR IP
ADDRESS"
Local> CHANGE MENU MAIN LINE 5 P1DEFAULT "16.195.1.1"
Local> CHANGE MENU MAIN LINE 5 EXECUTE "CONNECT TELNET%P1"
The menu selection defined in this example does the following:
1 The following text displays on line 5 of the menu choices window:
OPEN TELNET SESSION
2 When you press the Return key, the following prompt displays in the directions and user input window:
ENTER HOST NAME OR IP ADDRESS
3 The next step depends on whether you simply press the Return key or type a host name or address before pressing the Return key.
— If you press the Return key without typing a host name or address, the access server executes the CONNECT TELNET command with the default string:
CONNECT TELNET 16.195.1.1
— If you type a host name or IP address and then press the Return key, the access server executes the CONNECT TELNET command with the specified name or address.
Displaying a Selected Menu
The ENTER MENU command enables you to display any menu that is enabled on the port. If the port is privileged, you can enter a menu whether or not it is enabled on the port.
For example, if the menu HOSTS is enabled on the current port, you enter the following command to display this menu:
Local> ENTER MENU HOSTS
The menu display has item numbers for all menu lines that have display and execute strings. The item numbers are in order (1, 2, 3, etc.) and usually do not match the line numbers used in SET MENU LINE commands or SHOW MENU displays.
3-10 User Interface
Defining Menus
If the port is type ANSI, menu items can be selected by either using the up- and downarrow keys or by entering the item number. To use the arrow keys, press the up- or down-arrow key until the desired item is highlighted and press Return.
If the port is type SOFTCOPY or HARDCOPY, you can still enter a menu but the arrow keys are disabled. Enter the item number to select a menu item.
Exiting from a Menu
Unless the system manager wants to set up a captive menu (refer to the following section), all menus should have an executable line for LEAVE MENU. To exit from the menu, select this line (which has the display string “GOTO Command Line” on the default menu MAIN).
If the port is privileged, it is also possible to exit from the menu by entering Ctrl/C while the menu is displayed. This prevents you from being “trapped” if you accidentally create and enter a menu without a LEAVE MENU or LOGOUT command.
Using Menus to Set Up a Captive Port
A system manager can use the menus feature to set up a captive port such that users can execute commands from within the menus only. To do this, define a menu that has a LOGOUT command but no LEAVE MENU command, make this menu the default menu for the port, and define the port nonprivileged.
Displaying a Menu Definition
To display the definition for a given menu, use the SHOW MENU command.
Example: Displaying a Menu Definition
The following example shows how to display the definition for the HOSTS menu:
Local> SHOW MENU HOSTS
Menu:
Hosts
Enabled on ports:
2, 3, 5
Line 5 Execute:
CONNECT LAT HOST_1
Line 5 Display:
Use DEC Host
User Interface 3-11
Defining Menus
Line 7 Execute:
CONNECT TELNET 195.20.0.15
Line 7 Display:
TCP/IP Host
Line 9 Display
Logout
Line 9 Logout
LOGOUT
Purging Menu Lines and Entire Menus
Use the PURGE MENU command to delete a string from a menu line, an entire menu line, an entire menu, or all menus from the access server database.
Example: Commands to Purge Entire Menus and Menu Lines
The following example shows the commands to purge specific menu lines and entire menus:
Local> PURGE MENU MAIN LINE 5
Local> PURGE MENU HOSTS
3-12 User Interface
Chapter 4
Managing Load Hosts
Overview
Introduction
This chapter describes the command procedures that you use to manage hosts that load the access server software image on a LAT network.
In This Chapter
This chapter contains the following topics:
•
DSV$CONFIGURE
•
DSVCONFIG
•
Using a BOOTP/TFTP Server
•
Upline Dumping
•
Terminal Server Manager (TSM)
Managing Load Hosts 4-1
Load Host Procedures
Load Host Procedures
Description
The specific command procedure that you use to manage the load host depends on the network version, protocol, and operating system of the load host. The following table lists the available combinations, with a reference to the related section in this chapter:
Load Host
Command
Procedure
DSV$CONFIGURE
Network
DSV$CONFIG
DECnet
Phase IV
DECnet/
OSI
DECnet
Phase IV
DECnet/
OSI
/etc/add_DECserver TCP/IP
Protocol
MDS
MOP
BOOTP/
TFTP
/etc/list_DECserver TCP/IP
/etc/rem_DECserver TCP/IP
/etc/upd_DECserver TCP/IP
Access Server Loader and Access Server
Manager
TCP/IP
BOOTP/
TFTP
BOOTP/
TFTP
BOOTP/
TFTP
BOOTP/
TFTP
Operating
System
OpenVMS
ULTRIX
Refer to:
DSV$CONFIGURE
DSVCONFIG
UNIX/
DIGITAL
UNIX
Using a BOOTP/TFTP
Server
UNIX/ Using a BOOTP/TFTP
DIGITAL
UNIX
Server
UNIX/
DIGITAL
UNIX
Using a BOOTP/TFTP
Server
UNIX/
DIGITAL
UNIX
Using a BOOTP/TFTP
Server
Windows NT
/Windows 95
Access Server Manager online help and the
DECserver Network
Access Software
Installation guide
4-2 Managing Load Hosts
DSV$CONFIGURE
DSV$CONFIGURE
Introduction
DSV$CONFIGURE is a command procedure that runs on a DECnet Phase IV
OpenVMS load host or on a DECnet/OSI OpenVMS load host. This procedure enables you to:
•
Maintain configuration information about access servers.
•
Modify the local MOP (Maintenance Operation Protocol) client configuration.
•
Access the remote console port of the access server.
DIGITAL provides DSV$CONFIGURE as part of the access server software. For information about installing DSV$CONFIGURE, refer to the installation guide provided with the access server software.
Backward Compatibility of DSV$CONFIGURE
DSV$CONFIGURE supports both DECnet Phase IV and DECnet/OSI Phase V. Upon installation, DSV$CONFIGURE automatically converts databases created by
DSVCONFIG to the data format required by DSV$CONFIGURE.
Executing DSV$CONFIGURE
The procedure DSV$CONFIGURE.COM is located in the following directory:
SYS$COMMON:[DECSERVER]
Execute this procedure as follows:
$ @SYS$COMMON:[DECSERVER]DSV$CONFIGURE
Defining Symbols
You may find it useful to define a symbol for this procedure in your LOGIN.COM file.
For example:
$ DSV == "@SYS$COMMON:[DECSERVER]DSV$CONFIGURE"
Managing Load Hosts 4-3
DSV$CONFIGURE
Example: Starting DSV$CONFIGURE and Displaying Help
The following example shows how to use the symbol DSV to start
DSV$CONFIGURE. This example also shows how to use HELP to display a list of
DSV$CONFIGURE commands. The remainder of this section explains each command shown.
$ DSV
%DSV-I-IDENT, executing DSV$CONFIGURE version x.x.x-nnn -DSV-I-
HELP, type ? any time for help
DSV> HELP
ADD - Add a server to the system
MODIFY - Modify an existing server's information
SET - Synonym for MODIFY
DELETE - Remove a comm. server from the system
LIST - Display information about one or all servers
SHOW - Synonym for LIST
CONNECT - Connect to a server via remote console
USE - Synonym for connect
HELP - Displays summary of valid commands
EXIT - Exit this procedure
ADD Command
To add an access server to the system, use the following command format:
ADD [SERVER] [ server-name]
The following table describes the command syntax:
Command
Component
SERVER
Description server-name
An optional keyword as in all DSV$CONFIGURE commands.
An optional way to specify the name. If you do not specify the name on the command line, DSV$CONFIGURE prompts you for it.
After you enter the ADD command, DSV$CONFIGURE displays a series of prompts.
Some prompts display with defaults specified in square brackets. The values of the defaults are based on the running system.
4-4 Managing Load Hosts
DSV$CONFIGURE
Example: DSV$CONFIGURE ADD Command
This example shows the ADD command on a DECnet/OSI system. In this example, at the end of each line you must press return to continue.
DSV> ADD SERVER
_Server Name: DGD700
_Ethernet Address: 08-00-2B-26-AE-32
_Server Type: DS700
_Service Circuit [SVA-0]:
_Maintenance Password [none]: FEDCBA _Dump File
[MOP$DUMP:DS7DGD700.DMP]:
_Load Image [MOP$LOAD:WWENG2.SYS]:
After entering the ADD command, you can display information about the MOP client with the:
•
DSV$CONFIGURE LIST command
•
NCL SHOW command for DECnet/OSI
•
NCP SHOW NODE command for DECnet Phase IV
If you use DECnet Phase IV, the required DECnet address prompt has a default of the first unused address in area 13. You no longer need to enter an external SHOW NODE
13.* command prior to adding an access server.
MODIFY and SET Commands
The MODIFY and SET commands operate in a manner similar to the ADD command.
These commands provide defaults for each prompt. The defaults are the existing values for the server.
The syntax, prompts, and displays for the SET and MODIFY commands are similar to those for the ADD command.
DELETE Command
The DELETE command removes an access server. This command clears both the permanent configuration data stored on disk and the operational data stored in memory.
The syntax of the DELETE command is identical to that for the ADD command.
Managing Load Hosts 4-5
DSV$CONFIGURE
Example: DELETE Command for DSV$CONFIGURE
The following example shows the DELETE command. This example omits the optional SERVER keyword. In this example, NCL displays the message NODE 0
MOP Client DGD700 on a DECnet/OSI system. NCP displays a similar message on a
DECnet Phase IV system.
DSV> DELETE DGD700
Server: DGD700 Circuit: SVA-0
Address: 08-00-2B-26-AE-32 Maint. Password: FEDCBA
Type: DS700
Dump File: MOP$DUMP:DS7DGD700.DMP
Image File: MOP$LOAD:WWENG2.SYS
Are you SURE you want to delete this server??? [No]: YES
Node 0 MOP Client DGD700 at 1992-10-26-13:31:29.378-05:00I0.176
LIST and SHOW Commands
The LIST and SHOW commands display information about an access server. The syntax of the LIST command is identical to that for the ADD command with one exception: server-name can be a wildcard character.
Example: LIST Command for DSV$CONFIGURE
The following example shows the data that the LIST and SHOW commands display.
In this example, the DECnet address would also display if this were a DECnet Phase
IV node.
DSV> LIST SERVER
_Server Name: DGD700
Server: DGD700 Circuit: SVA-0
Address: 08-00-2B-26-AE-32 Maint. Password: FEDCBA
Type: DS700
Dump File: MOP$DUMP:DS7DGD700.DMP
Image File: MOP$LOAD:WWENG2.SYS
CONNECT and USE Commands
The CONNECT and USE commands enable you to communicate with the remote console port on the access server. DSV$CONFIGURE uses CCR to make the connection. Once DSV$CONFIGURE makes the connection, you can use most any access server command supported at any physical port.
4-6 Managing Load Hosts
DSV$CONFIGURE
Example: CONNECT Command for DSV$CONFIGURE on a DECnet/OSI
System
The following example shows how to use CCR and DSV$CONFIGURE to connect to a remote console port from a DECnet/OSI system:
DSV> USE DGD700
%CCR-I-CONNEST, connection established to remote system 08-00-
2B-26-AE-32 Press CTRL/ \ to disconnect, CTRL/] to send break
# ACCESS (not echoed)
Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.x-x Uptime: 0
00:16:47
(c) Copyright 1993, Digital Equipment Corporation - All Rights
Reserved
Please type HELP if you need assistance
Enter username> Dave
Local> SHOW USER
Port Username Status Service
3 Connected
10 User 10 Connected
11 TELNET Local Mode
Local> <Ctrl/\>
Example: CONNECT Command for DSV$CONFIGURE on a DECnet Phase IV
System
The following example shows how to use CCR and DSV$CONFIGURE to connect to a remote console port from a DECnet Phase IV system. From a user’s perspective, the only difference between DECnet/OSI and DECnet Phase IV is the disconnect character:
•
DECnet/OSI Phase V uses Ctrl/ \ (backslash).
•
DECnet Phase IV uses Ctrl/D.
DSV> USE DGD700
Console connected (press CTRL/D when finished) - ACCESS
Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.x-x
Uptime: 0 00:16:52
(c) Copyright 1993, Digital Equipment Corporation -
All Rights Reserved
Please type HELP if you need assistance
Enter username> Dave
Local> <CTRL/D>
Managing Load Hosts 4-7
DSV$CONFIGURE
Context-Sensitive Help for DSV$CONFIGURE
DSV$CONFIGURE provides context-sensitive help. At any prompt other than the
Local> prompt after a CONNECT/USE command, type a question mark (?) for an explanation.
4-8 Managing Load Hosts
DSVCONFIG
DSVCONFIG
Introduction
DSVCONFIG is a menu-driven command procedure that runs on DECnet Phase IV and DECnet/OSI ULTRIX load hosts. This procedure enables you to:
•
Store configuration data about the access server in the DECnet node databases.
•
Downline load the software image from the load host to the access server.
•
Upline dump memory contents from the access server to the load host.
DIGITAL provides DSVCONFIG as part of the access server software. For information about installing DSVCONFIG and adding a new access server, refer to the installation guide provided with the access server software.
DECserver Configuration Procedure
When the DSVCONFIG menu displays:
Step
1
2
Action
Type the selection that you want and press the Return key.
Enter the information at the prompts that appear on the screen.
DSVCONFIG Menu
The following figure shows the DSV$CONFIG menu:
Menu of Options
1 - List known DECservers
2 - Add a DECserver
3 - Swap an existing DECserver
4 - Delete an existing DECserver
5 - Restore existing DECservers
CTRL/Z - Exit from this procedure
Your selection?
Managing Load Hosts 4-9
Using a BOOTP/TFTP Server
Using a BOOTP/TFTP Server
Introduction
A BOOTP/TFTP server is a UNIX host that downloads the access server software using the BOOTP and TFTP protocols. The BOOTP/TFTP server stores the information necessary to downline load the access server software in the /etc/bootptab file.
Reference
For information about installing and configuring a BOOTP/TFTP server refer to the
DECserver Network Access Software Installation guide.
IP Address Configuration Via BOOTP
The DECserver Network Access Software contains enhanced BOOTP functionality.
The DECserver stores several important Internet parameters from the BOOTP server.
This ability to store data for future use may be used whether the DECserver operating software is loading from FLASH RAM, or via a load host using the MOP protocol. The factory default settings for this feature now send a BOOTP request on the network in order to obtain one if the DECserver unit does not have an IP address defined in
NVRAM. Customers who do not wish to run IP on their DECserver, and, therefore, may wish to disable this feature, may issue the DEFINE INTERNET DISABLE command to explicitly disable it.
The parameters that the DECserver unit can obtain from the BOOTP server include the
Internet (IP) address, subnet mask, default gateway address, and domain name server address. The BOOTP server stores the information for the default domain only; it will always store the IP address. The other parameters are BOOTP vendor extensions and may or may not be learned, depending on the capabilities of the BOOTP server used, and the configuration of data in the BOOTP server database.
4-10 Managing Load Hosts
Using a BOOTP/TFTP Server
Remote Connection Password
DNAS has a password feature for remote logins, similar to the main login password.
DNAS uses a single value for the remote password server-wide that is separate from the main login password. The factory default value is the same, however, for both the remote login password and the main login password.
Each port enabled for remote or dynamic access, may have its remote password feature individually enabled or disabled. This feature is useful for both reverse LAT services or Telnet listeners. DNAS uses the remote password, in addition to the LAT service password, when the LAT service is password-protected. When a host initiates a login to a remote password-protected port on the server, the server displays the '-' prompt.
The customer can use this feature in a variety of ways. For example, the customer can use this feature for creating password-protecting modem pools that can be accessed via a Telnet listener.
Managing Load Hosts 4-11
Upline Dumping
Upline Dumping
Introduction
The access server upline dumps its memory when:
•
An unexpected failure occurs.
•
You force a crash.
The access server always dumps to a load host with the protocol that was used for its download. After an upline dump, the access server automatically reinitializes.
Reference
To send a dump file to Digital Equipment Corporation for evaluation, follow the procedure described in the Network Access Server Problem Solving manual.
Upline Dumps with MOP Hosts
If the access server uses the MOP protocol, check the Dump Address field in the display for the SHOW SERVER STATUS command. This 12-digit hexadecimal number is the Ethernet address for the load host that received the most recent upline dump.
If the dump host is running DECnet software, you can convert the Ethernet address of the dump host to the DECnet node address of the dump host. A formula for this conversion appears in the DECnet documentation for the operating system of the dump host.
When you use the Add option of DSV$CONFIGURE or DSVCONFIG, the command procedure assigns a name for the access server dump file. When a dump occurs, MOP takes the data and creates the dump file. If the access server dumps more than once,
MOP creates new versions of the file.
Upline Dumps with BOOTP/TFTP Hosts
Load hosts that use BOOTP and TFTP protocols store upline dumps in the file that you created when you configured the load host.
Refer to the DECserver Network Access Software Installation (DIGITAL UNIX) guide.
4-12 Managing Load Hosts
Terminal Server Manager (TSM)
Terminal Server Manager (TSM)
Introduction
TSM is a utility that runs on OpenVMS load hosts. TSM enables you to configure and manage the access servers on the same extended LAN.
TSM is not included in the access server software and must be purchased separately.
Reference
For more information about TSM, refer to the Terminal Server Manager Installation
and Use manual.
For TSM Users
If you use TSM, do not use DSV$CONFIGURE or NCP to update the DECnet database. By not using DSV$CONFIGURE and NCP with TSM, you can avoid accidentally overwriting access server information from TSM.
Managing Load Hosts 4-13
Chapter 5
Initializing the Access Server
Overview
Introduction
This chapter describes how to initialize the access server. Initializing the access server reloads the software image.
Initializing the access server does not affect the configuration settings stored in
NVRAM. To reset the access server to the factory-set defaults, you need to reboot the access server and press the appropriate switch on the hardware unit. For details about this procedure, refer to the hardware documentation provided with the access server.
In This Chapter
This chapter contains the following topics:
•
Preparing LAT Services for Initialization
•
Preparing Telnet Listeners for Initialization
•
Initializing the Access Server
•
Using NCP to Initialize the Access Server
•
Booting from the Network
•
Booting Using Console Commands
Initializing the Access Server 5-1
Preparing LAT Services for Initialization
Preparing LAT Services for Initialization
Do This
If the access server offers LAT services, follow these steps before you initialize:
Step
1
2
3
Action
Enter the following command to disable queuing on the access server:
Local> SET SERVER QUEUE LIMIT 0
Disable additional connections to local services. For example, the following command disables the service LASER:
Local> SET SERVICE LASER CONNECTIONS DISABLED
Check that the queue is empty before starting the initialization procedure by entering one of the following commands:
Local> SHOW QUEUE ALL or
Local> SHOW SERVER STATUS
The time that it takes for the queue to empty depends upon the number of requests that it contains.
5-2 Initializing the Access Server
Preparing Telnet Listeners for Initialization
Preparing Telnet Listeners for Initialization
Do This
If the access server has Telnet listeners, follow these steps before you initialize:
Step
1
2
Action
Disable further Telnet connections. The network access server fails to execute the SET TELNET LISTENER CONNECTIONS DISABLED command if a session exists on the specified listener.
Example: The following command disables Telnet connections on
TCP port 2005:
Local> SET TELNET LISTENER 2005 CONNECTIONS
DISABLED
Log out the port.
Example: The following command logs out port 5:
Local> LOGOUT PORT 5
Initializing the Access Server 5-3
Initializing the Access Server
Initializing the Access Server
Using the INITIALIZE Command
To use the INITIALIZE command, log in to one of the following:
•
A terminal attached to the access server
•
The remote console port
Login Methods
You can use any of the following methods to log into the remote console port:
•
NCP
•
SET HOST/MOP
•
CCR
•
Telnet remote console
Refer to Remote Console Port section in Chapter 2 for additional information about the remote console port.
Default Mode for the INITIALIZE Command
To use the INITIALIZE command in its default mode of operation, enter the following:
Local> INITIALIZE
In this mode of operation, the following steps occur:
Step
1
2
Action
If the access server has Flash capabilities and the image name stored in NVRAM matches the image name stored in Flash, the access server loads the image from Flash RAM.
If there is no image in FLASH or the access server lacks FLASH capabilities, the access server loads the software image from a load host on the network.
5-4 Initializing the Access Server
Initializing the Access Server
Specifying Initialization from a Load Host
To specify initialization from a network load host, use the following command:
Local> INITIALIZE FROM ETHERNET
This command causes the access server to request the image name stored in its
NVRAM from a load host.
Specifying an Image Name When Initializing
You can specify the name of an image when initializing. For example, the following command causes the access server to request the image named WWENG2 from a load host:
Local> INITIALIZE FROM ETHERNET IMAGE WWENG2
Specifying Initialization from Flash RAM
If a access server has Flash capabilities, you can specify initialization from the image stored in Flash RAM by using the following command:
Local> INITIALIZE FROM FLASHRAM
Updating Flash RAM
If a access server has Flash capabilities, you can update the image stored in Flash RAM with an image from a network load host. Use the following command:
Local> INITIALIZE FROM ETHERNET UPDATE FLASHRAM
This command causes the access server to request the image name stored in NVRAM from a load host to update Flash RAM.
Specifying a Delay Value with INITIALIZE
When you enter the INITIALIZE command, you can specify a delay value as shown in the following example:
Local> INITIALIZE DELAY 10
This command causes the access server to wait 10 minutes before initializing.
The range for the delay value is from 0 to 1440 minutes. The default delay value is 1.
Initializing the Access Server 5-5
Initializing the Access Server
Using the DIAGNOSE Option with INITIALIZE
Using the DIAGNOSE option with INITIALIZE enables you to test the access server hardware. You can specify three types of tests as described in the INITIALIZE
DIAGNOSE Option Tests.
The following example shows the DIAGNOSE option with INITIALIZE:
Local> INITIALIZE DIAGNOSE FULL
This command initializes the access server in the default mode and performs an extended test.
INITIALIZE DIAGNOSE Option Tests
The following table shows the tests that are available as part of the INITIALIZE
DIAGNOSE option:
Test
Brief
Full
Normal (Default)
Performs
Internal self-test only.
Extended test including in-depth memory test.
Standard self-test.
Specifying the DISABLE OPTION with INITIALIZE
Using the DISABLE option with INITIALIZE loads the software image, but disables the use of the CONNECT command and the AUTOCONNECT function. The following command shows how to use this option:
Local> INITIALIZE DISABLE
5-6 Initializing the Access Server
Using NCP to Initialize the Access Server
Using NCP to Initialize the Access Server
NCP Initialization Commands
The following table shows the NCP commands used to initialize the access server if you are on a load host:
NCP Initialization
Commands
LOAD
Description
TRIGGER
Ensures that the host at which you issue the command is the node that performs the load.
Causes the access server to load the software image from any host on the network.
The NCP LOAD and TRIGGER commands do not have any automatic warning or delay options. However, you can warn users about an impending initialization by using the access server BROADCAST command.
NCP Reference
For more information about NCP, refer to the documentation provided with the host system.
Initializing the Access Server 5-7
Booting from the Network
Booting from the Network
Loading the Software Image
If your network server is configured with Flash RAM, but does not have the correct image, the access server performs a network load.
Determining Boot Protocols
During the network boot sequence, the access server searches for a load host. The access server tries both MOP and BOOTP protocols in a factory-defined order. The boot sequence includes a wait period after passing through all the boot protocols. Once the access server finds a load host, it records the protocol and load host in its permanent database. The software is then downline loaded from the load host.
Reference
For more information about installing the software, refer to the DECserver Network
Access Software Installation guide.
5-8 Initializing the Access Server
Booting Using Console Commands
Booting Using Console Commands
Introduction
Console functions require DECserver ROM Version 4.0 or greater.
If you program Flash RAM with a nonstandard boot image name and a load host is not available, pressing the reset-to-factory button may leave the access server unbootable.
Procedure
To allow booting of a nonstandard boot image name, perform the following steps:
Step
1
2
3
Action
During the boot sequence of the access server initialization process, press Ctrl/B two times consecutively on the port defined as the console port.
The boot process stops and the access server returns the following console prompt:
>>>
At the >>> prompt, you can enter H to invoke help.
Entering H provides help text to describe the interactive boot mode commands available. The Boot Command Options section in this chapter lists the boot mode commands and summarizes the help text that appears when you invoke H.
Choose one of the boot command options listed in the Boot Command
Options section in this chapter.
Initializing the Access Server 5-9
Booting Using Console Commands
Boot Command Options
The following table lists the command options you can select for the boot command:
Option
B
B name
B media:name
Definition
This command, without an argument, starts a new boot sequence to load the access server with an executable image using the default boot parameters.
This command and the argument
name specifies a nonstandard boot image. The access server looks for the software name; first from Flash
RAM, then from the network.
In this command, the media part of
media:name specifies which boot media to use.
Associated Options
–
B MNENG — This command instructs the access server to look for the
MNENG2 software image first in Flash
RAM, then from the network.
b /tftp/serversw — This command instructs the access server to look for image /TFTP/SERVERSW; first in
Flash RAM, then from the network. If you want lowercase letters, you have to use quotation marks. For example: b "/tftp/serversw"
B "" — This command and the quotation marks (explicit null name) instruct the access server to search for any image in
Flash RAM. If the access server is unable to find an image in Flash RAM, then it loads from the network. The network load host defines this software and is typically based on the Ethernet
MAC address of the access server.
FLA: — Use Flash RAM. For example:
B FLA:MNENG2
ETH: — Use the network to find a load host. For example:
B ETH:MNENG2
FLA:ETH: — Use Flash RAM first, and if that does not work, then use the network to find a load host. For example:
B FLA:ETH:MNENG2
5-10 Initializing the Access Server
H
I
Option
B/M
B/S
R
Booting Using Console Commands
Definition
This command boots the maintenance mode software for the access server. The network load host defines this software and is typically based on the Ethernet
MAC address of the access server.
This command boots the standard system software for the access server. The network load host defines this software and is typically based on the Ethernet MAC address of the access server.
This command displays the help text that describes the interactive boot mode commands.
This command initializes the access server using the default boot parameters. The access server performs all normal self-tests.
This command resets the factorysettings and initializes the access server. This command requires verification. Enter YES if you want to reset the access server to factory settings.
Associated Options
–
–
–
–
–
Initializing the Access Server 5-11
Chapter 6
Configuring LAT Characteristics
Overview
In This Chapter
This chapter describes how to configure the LAT characteristics for the access server.
This chapter contains the following topics:
•
LAT Characteristics
•
Displaying LAT Characteristics
•
ANNOUNCEMENTS Characteristic
•
CIRCUIT TIMER Characteristic
•
IDENTIFICATION Characteristic
•
KEEPALIVE TIMER Characteristic
•
MULTICAST TIMER Characteristic
•
ACCESS SERVER NAME Characteristic
•
NODE LIMIT Characteristic
•
Access SERVER NUMBER Characteristic
•
NODE LIMIT Characteristic
•
Access SERVER NUMBER Characteristic
•
PASSCHECK Characteristic
•
QUEUE LIMIT Characteristic
•
RETRANSMIT LIMIT Characteristic
•
RESPONDER Characteristic
•
Service Groups
Configuring LAT Characteristics 6-1
LAT Characteristics
LAT Characteristics
Preparing to Change LAT Characteristics
Before you change LAT characteristics, make sure to:
•
Install the latest software image on the access server and all load hosts.
•
Read the release notes.
•
Know what devices and cables are connected at the various ports.
•
Enter the SET PRIVILEGED command for the port.
•
Check if the current values or default values are appropriate.
LAT Characteristic Summary
To modify a LAT characteristic, use the SET/DEFINE/CHANGE command for the appropriate characteristic. The following table summarizes the access server LAT characteristics:
Characteristic
ANNOUNCEMENTS
CIRCUIT TIMER
IDENTIFICATION
KEEPALIVE TIMER
MULTICAST
TIMER
NAME
NODE LIMIT
NUMBER
Default
Enabled
80 milliseconds
None
20 seconds
30 seconds
LAT_ethernet- address
200
0
Range
–
30 to 200
–
–
10 to 180
–
1 to 1000
0 to
32,767
Refer to Section
ANNOUNCEMENTS
Characteristic
CIRCUIT TIMER
Characteristic
IDENTIFICATION
Characteristic
KEEPALIVE TIMER
Characteristic
MULTICAST
TIMER Characteristic
ACCESS SERVER
NAME Characteristic
NODE LIMIT
Characteristic
Access SERVER
NUMBER
Characteristic
6-2 Configuring LAT Characteristics
Characteristic
PASSCHECK
QUEUE LIMIT
RESPONDER
RETRANSMIT
LIMIT
SERVICE GROUPS
Default
200
100
Disabled
8
Range
0 to 200
0 to 200
–
4 to 120
0 ENABLED,
1 to 255
DISABLED
0 to 255
LAT Characteristics
Refer to Section
PASSCHECK
Characteristic
QUEUE LIMIT
Characteristic
RESPONDER
Characteristic
RETRANSMIT
LIMIT Characteristic
Service Groups
Configuring LAT Characteristics 6-3
Displaying LAT Characteristics
Displaying LAT Characteristics
Command To Use
To display the current LAT characteristics, use the SHOW/LIST/MONITOR
SERVER command as shown in the following example.
LAT Characteristics Display Example
The following example shows a typical display that appears when you use the SHOW
SERVER command:
Local> SHOW SERVER
Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.x-x Uptime: 0 00:44:34
Address: 08-00-2B-26-AA-99 Name: WWDOCMC Number: 0
Identification:
Circuit Timer: 80 Password Limit: 3
Console Port: 1 Prompt: Local>
Inactivity Timer: 30 Queue Limit: 100
Keepalive Timer: 20 Retransmit Limit: 8
Multicast Timer: 30 Session Limit: 64
Node Limit: 200 Software: WWENG1
Service Groups: 42, 46, 66
Enabled Characteristics:
Announcements, Broadcast, Dump, Lock, Server Responder
Local>
6-4 Configuring LAT Characteristics
ANNOUNCEMENTS Characteristic
ANNOUNCEMENTS Characteristic
Introduction
The ANNOUNCEMENTS characteristic determines if the access server sends LAT multicast messages about local services over the Ethernet. The access server does not send any announcements if no local services are defined.
Configure Announcements Example
The following example shows how to enable and disable the announcements characteristic:
Local> CHANGE ANNOUNCEMENTS ENABLED
Local> CHANGE ANNOUNCEMENTS DISABLED
Configuring LAT Characteristics 6-5
CIRCUIT TIMER Characteristic
CIRCUIT TIMER Characteristic
Introduction
The CIRCUIT TIMER characteristic defines the interval at which the access server sends virtual circuit messages to the LAT service node. This value is important for balancing fast response time and network utilization against optimal service node performance.
The circuit timer value ranges from 30 to 200 milliseconds. The default is 80 milliseconds, which is recommended for normal interactive functions.
Changing the CIRCUIT TIMER
To change the circuit timer, use the command shown in the following example:
Local> CHANGE SERVER CIRCUIT TIME milliseconds
Increasing the CIRCUIT TIMER
As you increase the circuit timer value, the LAT protocol overhead decreases on the access server, service node, and network. A slower terminal response time, however, is the trade-off for any increased circuit timer value.
Decreasing the CIRCUIT TIMER
If you reduce the circuit timer value, the access server port buffers are less likely to fill between virtual circuit messages. If you have a file transfer with no flow control between a port and a device, a lower circuit timer value can mean fewer data overrun errors at the port. Therefore, a reduced circuit timer value may enable file transfers to run at increased speeds.
6-6 Configuring LAT Characteristics
IDENTIFICATION Characteristic
IDENTIFICATION Characteristic
Introduction
The IDENTIFICATION characteristic is a string that can be up to 40 characters long.
This string displays:
•
Under the welcome banner during a login procedure
•
In the SHOW SERVER displays
The access server also uses the identification string when it multicasts messages about the availability of services.
Changing the Server Identification String
To change the server identification string, use the following command:
Local> CHANGE SERVER IDENTIFICATION " newID"
Removing an Identification String
To remove an identification string, specify a null string by using the following command:
Local> CHANGE SERVER IDENTIFICATION ""
The null string is the default identification string.
Identification String in a Login Procedure Display
The following example shows how the identification string Personnel Printers displays during a login procedure:
Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.x-x Uptime: 0
00:16:58 Personnel Printers
(c) Copyright 1996, Digital Equipment Corporation - All Rights
Reserved
Please type HELP if you need assistance
Enter username>
Configuring LAT Characteristics 6-7
KEEPALIVE TIMER Characteristic
KEEPALIVE TIMER Characteristic
Introduction
The KEEPALIVE TIMER characteristic maintains a virtual circuit between the access server and service node when no messages are exchanged over a period of time. If the keepalive timer expires, the access server sends a message to determine if the service node is still reachable. If the service node fails to respond, the access server can time out the virtual circuit.
Keepalive Timer Default Values
The keepalive timer value is a trade-off between fast circuit-down detection and unnecessary network traffic. The factory-set default value of 20 seconds represents a good compromise. For a heavily loaded Ethernet, use a value from 60 to 180. For applications that require quick notification of a service node failure, use 10 seconds.
Keepalive Timer Example
The following example shows how to change the keepalive timer to 10 seconds:
Local> CHANGE SERVER KEEPALIVE 10
6-8 Configuring LAT Characteristics
MULTICAST TIMER Characteristic
MULTICAST TIMER Characteristic
Introduction
The MULTICAST TIMER characteristic determines the interval at which a service node sends service announcements.
Multicast Timer Default Values
You can specify a value from 10 to 180 seconds. The default value is 30 seconds.
Changing Multicast Timer Values Example
The following example shows how to change the multicast timer value:
Local> CHANGE SERVER MULTICAST TIMER 50
Configuring LAT Characteristics 6-9
ACCESS SERVER NAME Characteristic
ACCESS SERVER NAME Characteristic
Introduction
The SERVER NAME characteristic is a string of 1 to 16 characters. This name must be unique on the LAT network. When the access server offers a service, it periodically multicasts the name over the local area network.
Default Access Server Name
The default access server name is LAT_ethernet-address. This value is the 12-digit hexadecimal Ethernet address of the access server. This address does not contain hyphens.
Changing the ACCESS SERVER NAME
Use the DEFINE/SET/CHANGE SERVER NAME command to change this characteristic. The following example shows how to change the access server name to
“Printing”:
Local> CHANGE SERVER NAME PRINTING
6-10 Configuring LAT Characteristics
NODE LIMIT Characteristic
NODE LIMIT Characteristic
Introduction
The NODE LIMIT characteristic specifies the maximum number of LAT service nodes that the access server maintains in its node database. The range is from 1 to 2000, and the default is 200.
You can also specify a node limit of NONE. This keyword indicates that the only limit is the available memory of the access server.
Changing the Access Server NODE LIMIT
Use the DEFINE/SET/CHANGE SERVER NODE LIMIT command to change this characteristic. The following example shows how to change the node limit to 300:
Local> CHANGE SERVER NODE LIMIT 300
Configuring LAT Characteristics 6-11
Access SERVER NUMBER Characteristic
Access SERVER NUMBER Characteristic
Introduction
Each access server has a number that uniquely identifies it.
Access SERVER NUMBER Values
This number is a value from 0 to 32,767. The default is 0.
When the access server offers a service, it periodically multicasts the number over the network.
Changing the Access SERVER NUMBER
Use the DEFINE/SET/CHANGE SERVER NUMBER command to change this characteristic. The following command shows how to change the access server number to 35:
Local> CHANGE SERVER NUMBER 35
6-12 Configuring LAT Characteristics
PASSCHECK Characteristic
PASSCHECK Characteristic
Introduction
The PASSCHECK characteristic determines whether a host is required to provide a password as part of a host initiated contact (HIC) request to a password-protected local service. With PASSCHECK disabled, HIC requests are not required to supply a password. With PASSCHECK enabled, HIC requests are required to supply a password.
Changing the PASSCHECK Characteristics
The factory default for the PASSCHECK characteristic is DISABLED. To change this characteristic, use the DEFINE/SET/CHANGE SERVER PASSCHECK command.
PASSCHECK Characteristic Example
The following example shows how to enable the PASSCHECK characteristic:
Local> CHANGE SERVER PASSCHECK ENABLED
Configuring LAT Characteristics 6-13
QUEUE LIMIT Characteristic
QUEUE LIMIT Characteristic
Introduction
The LAT QUEUE LIMIT characteristic specifies the maximum number of outstanding connection requests for remote access to access server ports. The range is from 0 to
200, and the default is 100.
Special QUEUE LIMIT Values
Two values have special meaning:
•
The value 0 disables the queue.
•
The keyword NONE places no limit on connection requests.
Changing the QUEUE LIMIT
To change queue limit characteristic, use the DEFINE/SET/CHANGE SERVER
QUEUE LIMIT command. The following example shows how to change the queue limit to NONE:
Local> CHANGE SERVER QUEUE LIMIT NONE
6-14 Configuring LAT Characteristics
RETRANSMIT LIMIT Characteristic
RETRANSMIT LIMIT Characteristic
Introduction
The RETRANSMIT LIMIT characteristic specifies the number of times that the access server resends a message without an acknowledgment. After the specified time limit, the access server times out the circuit. If other service nodes offer the same service that timed out, the access server attempts automatic failover.
RETRANSMIT LIMIT Values
The retransmit limit range is from 4 to 120. If traffic load is heavy or the network experiences noise problems, set the value higher than the default value of 8. On the other hand, if rapid error detection is important, you may want to specify a lower value.
Changing the RETRANSMIT LIMIT Characteristic
To change the RETRANSMIT LIMIT characteristic, use the DEFINE/SET/CHANGE
SERVER RETRANSMIT LIMIT command. The following example shows how to change the retransmit limit to 100:
Local> CHANGE SERVER RETRANSMIT LIMIT 100
Configuring LAT Characteristics 6-15
RESPONDER Characteristic
RESPONDER Characteristic
Access Server Mapping
In order to connect to other nodes on the LAN, the access server must be able to map node names, port names, and services to specific nodes.
Datagram Types
LAT provides the following specific types of datagrams that facilitate this mapping:
Datagram Name
Service Announcement
Solicit Information
Response Information
Description
A mulicasted datagram used by slave nodes to advertise services
A multicasted or physically addressed datagram used by any node to solicit service information from another node
A physically addressed datagram sent in response to a received Solicit Information message
LAT V5.2 nodes operating as LAT masters can address Solicit Information datagrams to V5.2 slave nodes and be almost assured of a direct response. However, nodes operating as V5.1 masters can only address Solicit Information datagrams to other
V5.1 masters since V5.1 slaves do not enable multicast addresses for the reception of directory service datagrams. Therefore, V5.1 and V5.2 nodes are allowed to respond to Solicit Information datagrams for slave nodes that cannot respond for themselves.
The RESPONDER characteristic determines whether the access server may act as an agent for other nodes. By configuring one or more access servers to act as responders, the other access servers can operate with a node limit of 1 and still be assured access to LAT services. This frees up the dynamic memory and reduces the overhead that would otherwise have been required to maintain the LAT node database.
6-16 Configuring LAT Characteristics
RESPONDER Characteristic
Changing the RESPONDER Characteristic
The factory default setting for the RESPONDER characteristic is disabled. To enable it, use the following command:
Local> CHANGE SERVER RESPONDER ENABLED
Use the SHOW SERVER command to determine the current setting. When the feature is enabled, “RESPONDER” is displayed as one of the enabled characteristics.
Along with enabling the RESPONDER characteristic, you must set the access server group codes so that they intersect those of all the nodes offering the service.
Enabling or disabling the RESPONDER characteristic has no affect on the access server ability to respond to Solicit Information messages for services it offers locally.
Configuring LAT Characteristics 6-17
Service Groups
Service Groups
Introduction
A service group defines the access that service nodes and port users have to the network. Each service group has an identifying number from 0 to 255.
Viewing Service Groups
To view service groups that have access to services on the access server, use the
SHOW SERVER command. (See the LAT Characteristics Display Example section in this chapter.)
Changing Access Server Service Groups
Use one of the following commands:
•
To enable service groups on the access server, use the following command:
Local> CHANGE SERVER SERVICE GROUPS group-list ENABLED
•
To assign ports to a service group, use the following command:
Local> CHANGE PORT port-list AUTHORIZED GROUPS group-list EN-
ABLED
Changing Service Groups Examples
•
The following example shows how to enable service groups 1, 16, and 18:
Local> CHANGE SERVER SERVICE GROUPS 1,16,18 ENABLED
•
The following example shows how to assign ports 2, 3, and 5 to service groups 1,
16, and 18:
Local> CHANGE PORT 2,3,5 AUTHORIZED GROUPS 1,16,18 ENABLED
6-18 Configuring LAT Characteristics
Chapter 7
TCP/IP Network Characteristics
Overview
Introduction
This chapter describes the configuration characteristics for a TCP/IP network. To enable the access server to operate on a TCP/IP network, you need to:
1) Configure the Internet address and subnet mask.
2) Configure the TCP/IP characteristics, for example:
•
List of commonly used Internet hosts
•
List of gateway addresses
•
List of ARP entries
•
TCP keepalive timer
3) Configure domain name characteristics.
In addition, you can configure the access server to automatically learn IP information from other types of servers on the network.
In This Chapter
This chapter contains the following topics:
•
Configuring the Internet Address and Subnet Mask
•
Configuring Domain Name System (DNS) Characteristics
•
Configuring a List of Internet Gateway Addresses
•
Configuring a List of Internet ARP Entries
•
Displaying the Internet Counters
•
Setting the TCP Keepalive Timer
•
Learning IP Information From a BOOTP Server
TCP/IP Network Characteristics 7-1
•
Learning IP Information From a DHCP Server
•
Assigning WINS Server Addresses
7-2 TCP/IP Network Characteristics
Configuring the Internet Address and Subnet Mask
Configuring the Internet Address and Subnet Mask
Tasks
You can perform the following tasks:
•
Set an Internet address.
•
Set a subnet mask.
•
Display the Internet address and subnet mask.
Alternative: Learning IP Information
You can configure the access server to learn IP configuration information from a
BOOTP server or a Dynamic Host Configuration Protocol (DHCP) server on the network instead of configuring all of the IP information on the access server manually.
See the following sections in this chapter:
•
Learning IP Information From a BOOTP Server
•
Learning IP Information From a DHCP Server
Setting the Internet Address
Before the access server can operate on a TCP/IP network, you must assign a Class A,
B, or C Internet address. To assign the address on the access server, use a command similar to the one shown in the following example:
Local> CHANGE INTERNET ADDRESS 195.1.1.60
Caution
If you do not intend to use the default subnet mask, you must set or change the subnet mask before you set or change the Internet address.
TCP/IP Network Characteristics 7-3
Configuring the Internet Address and Subnet Mask
Setting an Internet Subnet Mask
The Internet subnet mask is used to partition the host section of an Internet address into subnets. The default subnet mask depends on the class of the Internet address that you assigned.
The following table lists these defaults:
Internet Address Class
A
B
C
Default Subnet Mask
255.0.0.0
255.255.0.0
255.255.255.0
Do Not Define the Subnet Mask in the /etc/bootptab File
Although some BOOTP implementations allow you to define a subnet mask using the
/etc/bootptab file, the network access server does not support this feature. For more information, refer to the network access server software installation documentation for your load host.
Changing the Subnet Mask
To change the subnet mask, use the CHANGE INTERNET SUBNET MASK command. The following example shows how to change the subnet mask to
255.255.255.0:
Local> CHANGE INTERNET SUBNET MASK 255.255.255.0
Changing the Subnet Mask to the Default Value
To return the subnet mask to its default value after changing it, do the following:
Step
1
2
Action
Enter the following command:
Local> DEFINE INTERNET SUBNET MASK NONE
Reboot the access server.
Supernetted IP Addresses
The DNAS software supports the use of supernetted IP addresses. Supernetting allows you to configure the access server and its ports with a subnet mask shorter than the intrinsic subnet mask (for example, 255.255.255.0 for a Class C address). With
7-4 TCP/IP Network Characteristics
Configuring the Internet Address and Subnet Mask supernetting, you can give a Class C subnet mask a range of 255.255.0.0 to
255.255.255.254. This allows you to address a block of Class C IP addresses as a
“domain” or a single destination address with more than 254 hosts.
TCP/IP Network Characteristics 7-5
Configuring the Internet Address and Subnet Mask
Displaying the Internet Address and Subnet Mask
To display the Internet address and subnet mask, use the SHOW/LIST/MONITOR
INTERNET command.
Internet Address and Subnet Mask Display Example
The following example shows how to display the current Internet address and subnet mask for the access server:
Local> SHOW INTERNET
State Enabled
Internet Address: 195.1.1.1
Subnet Mask: 255.255.255.0
DHCP: Enabled
TCP Keepalive Timer: Disabled
TCP Keepalive Retry: 8
Local>
7-6 TCP/IP Network Characteristics
Configuring Domain Name System (DNS) Characteristics
Configuring Domain Name System (DNS) Characteristics
Tasks
This section describes how to display and set the access server characteristics for the
Internet domain name system (DNS) to resolve host names into Internet addresses.
You can perform the following tasks:
•
Display DNS characteristics.
•
Display DNS counters.
•
Configure the default name resolution domain.
•
Change the time limit.
•
Change the retry limit.
•
Change the name resolution mode.
•
Configure a list of commonly used Internet hosts.
•
Configure a list of Internet name servers.
Displaying DNS Characteristics
To display the access server characteristics for the DNS, use the SHOW/LIST
INTERNET NAME RESOLUTION command.
Internet DNS Character Display Example
The following example shows how to display the characteristics for the Internet DNS:
Local> SHOW INTERNET NAME RESOLUTION
NetBIOS (WINS) Name Resolution:
Primary WINS Server: 16.20.44.55
Secondary WINS Server wins-server-local (from DHCP)
Domain Name Resolution
Domain Name: finance.acme.com (from DHCP)
Resolution Host Limit: 32 Resolution Time Limit: 4
Resolution Mode: Ordered Resolution Retry Limit: 3
Nameservers (Locally configured):
99.99.99.99 Local name.acme.com (from DHCP)
TCP/IP Network Characteristics 7-7
Configuring Domain Name System (DNS) Characteristics
Nameservers (Learned):
99.99.99.99 Local name.acme.com
88.88.88.88 Local secondary.acme.com
DHCP server: 16.20.244.250
Local>
The following table describes the DNS characteristics that appear in the previous example. (See the Displaying WINS Characteristics section in this chapter for an explanation of the WINS characteristics in the display.)
Field
Domain Name
Resolution Host Limit
Resolution Mode
Resolution Time Limit
Resolution Retry Limit
Name Servers (Locally configured)
Name Servers (Learned)
Description
Name of the access server default domain. If a
DHCP server provides this information, the display includes “(from DHCP)” at the end of the line
Maximum number of host names that can be entered using the SET/DEFINE/CHANGE INTERNET
HOST command. Note that this parameter is currently not functional.
DNS data retrieval preference: LOCAL, REMOTE,
ORDERED, STUB or SLAVE. (See the Name
Resolution Modes table in this chapter.)
Minimum time in seconds between name server retries.
Maximum number of times DNS can retry the same name server when looking for a particular Internet host name.
The Internet address, type (local or root), and absolute domain name of name servers entered by a user. If a DHCP server provides this information, the display includes “(from DHCP)” at the end of the line.
The Internet address, type (local or root), and absolute domain name of name servers learned by
DNS.
If a DHCP server provides the Domain Name information, the display includes “(from
DHCP)” at the end of each line of information and the Internet address of the DHCP server.
7-8 TCP/IP Network Characteristics
Configuring Domain Name System (DNS) Characteristics
Displaying the DNS Counters
To display the DNS counters, use the SHOW/LIST INTERNET NAME
RESOLUTION COUNTERS command.
To reset the DNS counter, use the ZERO INTERNET NAME RESOLUTION
COUNTERS command.
DNS Counter Display Example
The following example shows how to display the various DNS counters:
Local> SHOW INTERNET NAME RESOLUTION COUNTERS
Input Packets: 5 Duplicate Responses: 0
Output Packets: 7 Bad Responses: 0
Total Responses: 5 Truncated Responses: 0
OK Answers: 3 Fail Answers: 0
Total Queries: 2 FORMERR Answers: 0
Duplicate Queries: 0
The following table describes the information in the previous example:
Field
Input Packets
Output Packets
Total Responses
OK Answers
Total Queries
Duplicate Responses
Description
Number of packets entering the access server from the DNS server.
Number of packets exiting the access server into the
DNS server.
Total number of responses received by the access server from the DNS server. This total includes the bad responses, truncated responses, and duplicate responses, along with good responses.
Number of valid answers received from the DNS server.
Number of DNS queries sent by the access server.
Number of identical responses to queries.
TCP/IP Network Characteristics 7-9
Configuring Domain Name System (DNS) Characteristics
Field
Bad Responses
Truncated Responses
Fail Answers
FORMERR Answers
Duplicate Queries
Description
Number of bad responses received. A bad response could be due to:
1) An unrecognizable response from the DNS server.
2) A fail response from the DNS server.
3) A response indicating that DNS could not understand the query from the access server.
Number of incomplete (truncated) responses from the DNS server. This is not necessarily an error condition.
Number of fail answers received. This condition could be caused by a number of events, including:
1) Unable to find a name server to send particular query.
2) Unable to find the Internet address of a particular name server.
3) Sent a query and received more than maximum amount of responses.
4) Query is trapped in a loop of name servers that refer to each other.
Number of answers received that were either not able to be decoded or states that DNS did not understand the query.
Number of duplicate queries sent where the original query is on a pending queue to be sent to its destination.
Configuring the Default Name Resolution Domain
Configuring the default domain name characteristic enables you to abbreviate Internet host names in commands. To configure the Default Name Resolution Domain, use the
DEFINE/SET/CHANGE INTERNET NAME RESOLUTION DOMAIN command.
Configuring and Using Default Name Resolution Domain Example
7-10 TCP/IP Network Characteristics
Configuring Domain Name System (DNS) Characteristics
The following example shows the procedure for and results of configuring the default name resolution to FINANCE.ACME.COM:
Step
1
2
3
4
Action
Define the default name resolution domain as follows:
Local> CHANGE INTERNET NAME RESOLUTION DOMAIN
FINANCE.ACME.COM
Enter the following connect command:
Local> CONNECT SALES
In this situation, the access server automatically appends the default name resolution domain to SALES. The access server behaves as if you had typed:
Local> CONNECT SALES.FINANCE.ACME.COM
Enter a command with a higher level domain name:
Local> CONNECT SALES.REVENUE
Result: The access server tries a sequence in the following order, using parts of the default domain name:
SALES.REVENUE.FINANCE.ACME.COM
SALES.REVENUE.ACME.COM
SALES.REVENUE
The name is likely to be resolved correctly as the access server tries
SALES.REVENUE.ACME.COM. The sequence terminates at that point.
Using Trailing Dots
The access server uses a sequence of name resolution attempts when you enter a host name without a trailing dot at the end of the domain name. If you end a name with a trailing dot, the access server does not use a sequence of name resolution attempts.
Instead it uses the domain name as you enter it.
For example, suppose that you enter:
Local> CONNECT SALES.REVENUE.
Because this domain name ends with a dot, the access server does not append the default name resolution domain or any part of that domain.
TCP/IP Network Characteristics 7-11
Configuring Domain Name System (DNS) Characteristics
Changing the Time Limit
The domain name resolution time limit specifies the time that the access server waits before it resends a query to a name server. The range is from 1 to 10 seconds, and the default is 4 seconds.
To change the time limit, enter the command shown in the following example:
Local> CHANGE INTERNET NAME RESOLUTION TIME LIMIT 5
Changing the Retry Limit
The domain name resolution retry limit indicates the number of times that the access server resends queries to the same name server when looking for an Internet host. The range is from 1 to 5, and the default is 3.
To change the retry limit, enter the command shown in the following example:
Local> CHANGE INTERNET NAME RESOLUTION RETRY LIMIT 2
Changing the Name Resolution Mode
The name resolution mode describes where the access server searches for host name and address information. To change the name resolution mode, use the command shown in the following example:
Local> CHANGE INTERNET NAME RESOLUTION MODE LOCAL
Name Resolution Modes
The following table lists and describes the name resolution modes:
Mode
Local
Remote
Ordered
(Default)
When the access server attempts to resolve a host name or address, it searches:
Local data, which is host name and address information that users previously entered with the SET/DEFINE/CHANGE
INTERNET HOST command. Use local data when no name servers are configured.
Learned data and remote name servers.
Learned data is name and address information that the access server receives from name servers and enters in its cache. If the access server fails to resolve the address with the learned data in its cache, it queries the network name servers for remote data.
Local data, then learned data and remote data from the network name servers. Local data takes precedence.
7-12 TCP/IP Network Characteristics
Configuring Domain Name System (DNS) Characteristics
Mode
Stub
Slave
When the access server attempts to resolve a host name or address, it searches:
Remote data only, using recursive name service. The access server performs no DNS caching.
Local data and remote data, using recursive name service. The access server performs no DNS caching. When conflicts occur, the local data takes precedence.
Configuring a List of Commonly Used Internet Hosts
You can optionally enter commonly used Internet host names and addresses in the access server cache.
The following command shows how to do this:
Local> CHANGE INTERNET HOST SALES ADDRESS 195.1.1.72
Two additional commands enable you to manage the list of commonly used Internet hosts:
•
SHOW/LIST/MONITOR INTERNET HOST
•
CLEAR/PURGE INTERNET HOST
If Using a Name Server
If you are using name servers—that is, if NAME RESOLUTION MODE is set to a value other than LOCAL—then you should define local host names and addresses only in exceptional cases. The names received from name servers reflect recent updates.
Also, they may include the hosts you are likely to define with CHANGE INTERNET
HOST. Undesirable conflicts may result.
Configuring a List of Internet Name Servers
This section describes how to configure a list of Internet local and root name servers that the access server commonly uses.
Configuring a Root Name Server
A root name server is a name server at the top level domain. To enter a root name server, you must provide an absolute domain name. The following example shows how to enter a root name server:
Local> CHANGE INTERNET NAMESERVER C.NYSER.NET ADDRESS
192.33.4.12 ROOT
Configuring a Local Name Server
TCP/IP Network Characteristics 7-13
Configuring Domain Name System (DNS) Characteristics
A local name server is any name server that is authoritative for the default domain of the access server. Before adding a local name server, you must first define the access server domain name. The following example shows how to enter a local Internet name server:
Local> CHANGE INTERNET NAMESERV NAMED.ACME.COM ADDRESS
99.99.99.99 LOCAL
You can use a relative domain name if you are defining a local name server for the default domain only.
Configuring a Name Server for a Different Domain
To enter a locally defined name server for a domain other than the access server default domain, follow these steps:
Step
1
2
3
Action
Use the SET INTERNET NAME RESOLUTION DOMAIN command to change the access server default domain name temporarily.
Note:
Temporarily changing the default name affects the ability of other users in resolving relative domain names.
Use the SET/DEFINE/CHANGE INTERNET NAMESERVER
domain-name ADDRESS n.n.n.n LOCAL command to add the name server.
Change the access server default domain name back to the original domain name.
Name Resolution and Gateways
The access server uses the learned name servers to perform name resolution when using REMOTE or ORDERED name resolution modes. The list of learned name servers for a given domain are, in general, a superset of those explicitly entered with the CHANGE INTERNET NAMESERVER command. The access server primes the cache for the server’s default domain by sending queries to the configured name servers. The queries request the names of all authoritative name servers for the default domain.
The access server may not be able to reach a learned name server because of subnet access restrictions on the access server itself. In this case, the access server flags the unreachable name server and stops using it for name resolution. The access server cannot reach a name server if it is not in the same subnet or there is no gateway to it.
7-14 TCP/IP Network Characteristics
Configuring Domain Name System (DNS) Characteristics
If the access server cannot reach a learned name server because of gateway restrictions outside the server, it does not flag the unreachable name server. This can often cause name resolution to time out and fail. In this configuration use either the STUB or
SLAVE name resolution mode.
Assigning DNS Server Addresses Automatically
The DNS autoconfigure feature on the access server allows dial-up clients to receive
DNS configuration information automatically from the access server when establishing a remote PPP connection.
The access server assigns a primary and secondary DNS server to the remote PPP client. The access server uses an algorithm to obtain the addresses of the DNS servers from its database.
The access server assigns only local name servers to PPP clients. It makes two passes through a list of local nameservers. The following table describes how the access server determines which name servers to assign to the PPP client:
Pass
1
2
Description a) The access server goes through a list of learned name servers and searches for name servers that are on its network (by using the access server’s subnet mask) and have a positive time to live
(ttl).
b) The access server goes through a list of locally-configured name servers and searches for name servers that are on its network (by using the access server’s subnet mask) and have a positive time to live (ttl).
c) The access server assigns the first valid name server as the
Primary Nameserver and the second valid name server as the
Secondary Nameserver.
If the access server does not find two valid name servers: a) The access server goes through the list of learned name servers and searches for name servers with a positive time to live (ttl).
b) The access server goes through the list of locally-configured name servers and searches for name servers with a positive time to live (ttl).
c) The access server assigns the first valid name server as the
Primary Nameserver and the second valid name server as the
Secondary Nameserver.
TCP/IP Network Characteristics 7-15
Configuring a List of Internet Gateway Addresses
Configuring a List of Internet Gateway Addresses
Introduction
If the access server users need to access hosts in different networks or subnets, you can define a database of Internet gateways. The access server uses gateways to route traffic to different networks and subnets.
Displaying a List of Gateway Addresses
To display a list of Internet gateway addresses, use the SHOW/LIST/MONITOR
INTERNET GATEWAY command.
Internet Gateway Addresses Display Example
The following example shows how to display a list of Internet gateway addresses available to the access server for routing network traffic:
Local> SHOW INTERNET GATEWAY
Gateway: 16.20.0.3 Host: 16.30.22.35
Gateway: 16.20.48.56 Network: 16.30.0.0 Mask: 255.255.0.0
Gateway: 16.20.98.245 Network: Any
Gateway: 16.20.48.48 Network: 17.0.0.0 Mask: 255.0.0.0
Configuring a Default Gateway
The access server uses a default gateway to route a packet when its destination address:
•
Is on a different subnet than the access server
•
Does not match any of the known gateway network addresses
Default Gateway Definition Example
The following example shows how to define a default gateway:
Local> CHANGE INTERNET GATEWAY 195.1.1.72
7-16 TCP/IP Network Characteristics
Configuring a List of Internet Gateway Addresses
Defining Networks Available Through a Specific Gateway
To indicate that the access server can reach a given network through a specific gateway, use the DEFINE/SET/CHANGE INTERNET GATEWAY command with the NETWORK parameter to do this.
Default Gateway Definition Example
The following example shows how to define the mapping of the default gateway to the network:
Local> CHANGE INTERNET GATEWAY 195.1.1.72 NETWORK 197.0.0.0
You can define multiple networks that can be reached through the same gateway with the same address. You must enter a separate command to each network with a gateway.
Defining Subnets Available Through a Specific Gateway
To indicate that the access server can reach a given subnet through a specific gateway, use the DEFINE/SET/CHANGE INTERNET GATEWAY command with the
NETWORK and MASK keywords.
Subnet Definition Through a Specific Gateway Example
The following example shows how to define a subnet through a specific gateway:
Local> CHANGE INTERNET GATE 195.1.1.72 NETWORK 197.5.7.0 MASK
255.255.255.0
You can define multiple subnets that can be reached through the same gateway address. You must enter a separate command to associate each subnet with a gateway.
Defining Hosts Available Through a Specific Gateway
To indicate that the access server can reach a given host through a specific gateway, use the DEFINE/SET/CHANGE INTERNET GATEWAY COMMAND and the
HOST parameter.
Host Defintion Through a Specific Gateway Example
The following example shows the command to define the host through a specific gateway:
Local> CHANGE INTERNET GATEWAY 195.1.1.72 HOST 52.53.21.10
You can define multiple hosts that can be reached through the same gateway with the same address. You must enter a separate command to define each host with a gateway.
TCP/IP Network Characteristics 7-17
Configuring a List of Internet ARP Entries
Configuring a List of Internet ARP Entries
Introduction
The list of address resolution protocol (ARP) entries maps Internet addresses to
Ethernet hardware addresses for devices on the same network as the access server. You only need to enter the network hosts that do not support ARP.
Displaying the List of Internet ARP Entries
To display a list of ARP entries, use the SHOW/LIST/MONITOR INTERNET ARP
ENTRY command.
Sample List of Internet ARP Entries
The following example shows a typical display list of ARP entries:
Local> SHOW INTERNET ARP ENTRY
Internet Address Ethernet Address Status
16.20.0.96 AA-00-04-00-21-10
16.20.0.173 08-00-2B-04-41-9B
16.20.0.96 AA-00-04-00-3B-11
6.20.48.48 AA-00-05-08-3B-20 No Purge
Defining an ARP Entry
To define an ARP entry in the list of entries, use the DEFINE/SET/CHANGE
INTERNET ARP ENTRY command with the ETHERNET parameter.
ARP Entry Definition Example
The following example shows how to enter a definition in the list of ARP entries:
Local> CHANGE INTERNET ARP ENTRY 195.1.1.72 ETHERNET
08-54-56-67-AC-89
This command maps the Internet address of 195.1.1.72 to the Ethernet hardware address 08-54-56-67-AC-89.
7-18 TCP/IP Network Characteristics
Setting the TCP Keepalive Timer
Setting the TCP Keepalive Timer
What the Timer Does
The TCP keepalive timer determines whether a TCP connection with a remote host is active and should remain open.
After the access server and a remote host establish a TCP connection, the access server waits a set amount of time and sends a keepalive probe to the remote host. If the access server receives a valid response from the remote host, it waits again and sends a new keepalive probe.
If the access server does not receive a response from the remote host, it continues to send keepalive probes until it reaches a set maximum. If the remote host does not respond after the access server sends the last keepalive probe, the access server drops the connection.
Setting the Timer
Use the SET/DEFINE/CHANGE INTERNET [TCP] KEEPALIVE TIMER command to set the amount of time (in minutes) the access server waits to send the first keepalive probe after establishing a TCP connection with an idle remote host. The range is from
1 to 1440 (one day) and the default is 120 (2 hours).
Timer Set Example
The following example shows how to set the TCP keepalive timer to wait one minute before sending the first keepalive timer:
Local> CHANGE INTERNET TCP KEEPALIVE TIMER 1
Disabling the Timer
By default, the TCP keepalive timer is enabled. Use the SET/DEFINE/CHANGE
INTERNET [TCP] KEEPALIVE TIMER DISABLED command to disable it.
Setting Timer Retries
Use the SET/DEFINE/CHANGE INTERNET [TCP] KEEPALIVE RETRY command to set the number of keepalive probe retries. The TCP keepalive timer retry number indicates the number of times that the access server sends keepalive probes to the remote host when it does not receive a valid response. The access server sends a keepalive probe every minute until the host responds or it reaches the retry count value.
The retry count value range is from 1 to 60 and the default value is 8. If the access server does not receive a valid response from the remote host after sending the last probe, the access server drops the connection.
TCP/IP Network Characteristics 7-19
Setting the TCP Keepalive Timer
Retry Set Example
The following example show how to set the maximum number of keepalive probes that the access server sends (10):
Local> CHANGE INTERNET TCP KEEPALIVE RETRY 10
Displaying Timer Characteristics
Use the SHOW/LIST INTERNET command to display the TCP keepalive timer characteristics.
Timer Characteristics Display
The following shows an example of the display. If you disable the timer, the value for the Keepalive Timer field is DISABLED.
Local> SHOW INTERNET
State Enabled
Internet Address: 195.1.1.1
Subnet Mask: 255.255.255.0
DHCP: Enabled
TCP Keepalive Timer: 60
TCP Keepalive Retry: 10
Local>
7-20 TCP/IP Network Characteristics
Displaying the Internet Counters
Displaying the Internet Counters
Using the SHOW Command
Use the SHOW/LIST/MONIITOR INTERNET command to display the Internet counters. To reset the Internet counters, use the ZERO INTERNET COUNTERS command.
To reset the Internet counters, use the ZERO INTERNET COUNTERS command.
Internet Counters Display Example
The following example shows a typical Internet counters display:
Local> SHOW INTERNET COUNTERS
TCP Segments: 146
Transmitted 58 Bytes Transmitted: 182
Data: 0 Bytes Data: 182
Data Retransmitted 0 Bytes Data Retransmitted 0
Other: 88 Bytes Received: 9894
Received 144
Segments Discarded: 0 Internet Connections: 0
IP Packets Transmitted: 146 Requested: 2
IP Packets Received: 144 Accepted: 0
IP Fragments Received: 0 Established: 2
IP Fragments Dropped: 0 Closed: 1
IP Error in Header: 0 Dropped: 0
ICMP Message UDP Datagrams
Transmitted: 0 Transmitted: 0
Received: 0 Received: 00
Dropped: 0 Dropped: 0
Destination Unreachable: 0
Local>
TCP/IP Network Characteristics 7-21
Displaying the Internet Counters
Internet Counter Display Fields
The following table describes the fields in a typical Internet counters display:
Field
TCP Segments
Description
The following counters contain statistics on TCP segments:
Transmitted: Total number of TCP segments transmitted by the access server. The following counters are a breakdown of this total:
Data: Number of transmitted segments that contained data.
Data Retransmitted: Number of transmitted segments that contained retransmitted data.
Other: Number of transmitted segments that contained no data.
Received: Total number of TCP segments received by the access server.
Segments Discarded: Number of received TCP segments that were discarded due to errors. These errors can include bad checksum and invalid length of TCP header.
Bytes Transmitted: Total number of bytes of data transmitted in TCP segments, including bytes retransmitted. The following counters are a breakdown of this total:
Bytes Data: Total number of bytes of data transmitted in TCP segments, not including bytes retransmitted.
Bytes Data Retransmitted: Total number of retransmitted bytes of data transmitted in TCP segments.
Bytes Received: Total number of bytes of data received in TCP segments.
IP Packets Transmitted: Total number of IP datagrams transmitted.
IP Packets Received: Total number of IP datagrams received.
IP Fragments Received: Total number of IP fragments received.
7-22 TCP/IP Network Characteristics
Displaying the Internet Counters
Field Description
IP Fragments Dropped: Total number of IP fragments dropped due to either a lack of memory to store the fragment or received a duplicate fragment.
IP Error in Header: Total number of IP datagrams received with errors in the header. These are discarded.
Internet Connections The following counters contain statistics on connections:
Requested: Number of outgoing Telnet connect attempts made by users.
Accepted: Number of incoming TCP connections accepted by
Telnet. This count includes those connections accepted by Telnet then dropped due to no physical port available.
Established: Number of connections established by TCP. This count includes those connections accepted by Telnet then dropped due to no physical port available.
Closed: Number of connections closed by a user or remote host.
Dropped: Number of connections dropped, because of a reset from the remote host, unsuccessful retransmission, keepalive timeout, protocol error, or aborted by Telnet due to lack of available physical ports.
ICMP Messages The following counters contain statistics on ICMP messages:
Transmitted: Total number of ICMP messages transmitted by the access server.
Received: Total number of ICMP messages received by the access server.
Dropped: Total number of ICMP messages dropped by the access server, because of an error in the ICMP message, such as incorrect code, checksum error, or incorrect length.
Destination
Unreachable:
Total number of ICMP Destination Unreachable messages received by the access server. Usually received when a connect attempt fails because either the
TCP or UDP port is unknown at the remote host, or the host (or the host’s network) is unreachable.
TCP/IP Network Characteristics 7-23
Displaying the Internet Counters
Field
UDP Datagrams
Description
The following counters contain statistics on connections:
Transmitted: Total number of UDP datagrams transmitted by the network access server.
Received: Total number of UDP datagrams received by the network access server.
Dropped: Total number of USDP datagrams dropped by the network access server, because of an error in the UDP header, checksum fails, or length is incorrect.
7-24 TCP/IP Network Characteristics
Learning IP Information From a BOOTP Server
Learning IP Information From a BOOTP Server
Introduction
Instead of manually configuring IP information, you can have the access server learn its IP address and other IP configuration information from a BOOTP server on the network. If you use the BOOTP server to load the DNAS software on the access server, it can also learn its IP configuration from the BOOTP server during the load operation.
BOOTP Server Configuration
Refer to the DNAS installation instructions for information about configuring a
BOOTP server.
Learning Operation
The following occurs when the access server learns IP configuration information from a BOOTP server:
•
If you use a BOOTP server to load the software image on your access server, the access server learns the IP configuration information during the boot operation.
•
If you use MOP to load the software image on your access server, the access server learns the IP configuration information after initialization.
•
If you disable INTERNET, the access server does not learn its IP address and no
IP functions work. You can enable INTERNET at any time to start the address learning process.
•
If you enable INTERNET, you cannot disable it operationally (that is, using a SET command) because the access server cannot easily ensure that an Internet function is not pending or occurring. You must use the DEFINE INTERNET DISABLE command and reboot the access server.
•
When the access server is learning an IP address, you can use the SHOW/
MONITOR INTERNET command to display the status of the learning operation.
If learning is occurring, the IP address displays as “(Learning)”.
TCP/IP Network Characteristics 7-25
Learning IP Information From a BOOTP Server
Setting Up IP Configuration Learning
Do the following to set up your access server to learn IP configuration information from a BOOTP server on the network:
Step
1
2
3
Action
Set up the BOOTP server: a) Add an entry for the access server’s Ethernet address.
b) Associate the Ethernet address with an IP address.
c) Optionally, associate the Ethernet address with a subnet mask and default gateway.
Reference: The DNAS installation instructions provide details about configuring a BOOTP server.
Ensure that the access server does not have an IP address stored in
NVRAM. Use the following command:
Local> LIST INTERNET
If the display shows an Internet address, clear it using the following command:
Local> DEFINE INTERNET ADDRESS NONE
Ensure that the Internet characteristic is enabled. Use the following command:
Local> LIST INTERNET
If the Internet characteristic is not enabled, enable it using the following command:
Local> DEFINE INTERNET ENABLED
7-26 TCP/IP Network Characteristics
Learning IP Information From a DHCP Server
Learning IP Information From a DHCP Server
Description
You can use the Dynamic Host Configuration Protocol (DHCP) to automatically configure TCP/IP characteristics on the access server and remote clients. DHCP provides dynamic assignment of IP addresses and discovery of IP configuration parameters (for example, subnet mask or default gateways). A DHCP client requests and receives this information from a DHCP server on the network.
Enabling DHCP on the access server allows it to learn some of its IP configuration information from a DHCP server. The access server does not receive its IP address from the DHCP server; you must manually configure it or use a BOOTP server.
Enabling DHCP on the access server also allows remote dial-up clients to receive dynamically assigned IP addresses and IP configuration parameters from the DHCP server. Depending on the situation, the access server acts as a DHCP client or proxy.
By default, the DHCP setting on the access server is ENABLED. If you do not have a
DHCP server on your network, disable DHCP. (See the Enabling and Disabling DHCP section in this chapter.)
BOOTP and DHCP Differences
DHCP is an extension of BOOTP; however, using a DHCP server to obtain IP information differs from using a BOOTP server in the following ways:
Using a BOOTP Server
The access server can learn its IP address from a BOOTP server
(or you can configure it directly on the access server).
You configure the IP information to be learned in the BOOTP server’s database and associate it with the access server’s hardware address.
Using a DHCP Server
The access server does not learn its IP address from a DHCP server. The access server can learn the following from a DHCP server:
• Domain name
• Default gateway
• Domain Name System (DNS) servers
• Windows Internet Naming Service (WINS) servers
You do not configure the DHCP server with any access server or client-specific information. You need only to configure the
DECserver with network information (for example, a domain name) and a pool of IP addresses available for assignment.
TCP/IP Network Characteristics 7-27
Learning IP Information From a DHCP Server
Using a BOOTP Server
The access server writes the information it learns from the
BOOTP server to NVRAM.
Using a DHCP Server
The access server does not write the information it learns from the DHCP server to
NVRAM. This ensures that the access server receives the most recent information from the
DHCP server.
DHCP Client Operation
During initialization, the access server acts as a DHCP client to obtain IP configuration parameters (excluding the IP address; use a BOOTP server or the DEFINE
INTERNET ADDRESS command to configure the IP address). The access server requests the following IP configuration parameters from a DHCP server:
•
Default gateway
•
Domain name
•
Domain Name System (DNS) servers
•
Windows Internet Naming Service (WINS) servers
The following occurs when the access server acts as a DHCP client:
7-28 TCP/IP Network Characteristics
Learning IP Information From a DHCP Server
DHCP Proxy Operation
The access server can act as a DHCP proxy to provide IP address assignment for most remote clients.
IP Address Assignment
When you enable DHCP, the access server sends requests for IP addresses to a DHCP server on behalf of the remote client if:
•
You do not configure an IP address on the ports configured for remote access.
•
You do not specify an IP address using RADIUS authentication.
•
The remote client is not configured with an IP address for its PPP session.
When the access server receives the IP address from the DHCP server, it assigns the address to the remote client.
The following occurs when the access server uses DHCP to assign IP addresses to remote clients:
TCP/IP Network Characteristics 7-29
Learning IP Information From a DHCP Server
IP Address Renewals
When the DHCP server assigns an IP address to a remote client, it “leases” the address to the remote client for a finite or infinite amount of time. If the lease is about to expire and the remote client still has a dial-up connection, the access server renews the lease on behalf of the remote client. The access server attempts to renew the lease as long as the remote client maintains a dial-up connection.
Enabling and Disabling DHCP
The default DHCP setting on the access server is DHCP ENABLED. The following table lists the commands that you use to enable and disable DHCP:
To Do This:
Enable DHCP.
Disable DHCP.
Use This Command:
DEFINE/SET/CHANGE INTERNET DHCP ENABLED
DEFINE INTERNET DHCP DISABLED
Displaying the DHCP Setting
Use the SHOW/LIST/MONITOR INTERNET command to display the current DHCP setting. The example in the Displaying the Internet Address and Subnet Mask section in this chapter shows a typical display.
Configuring Default Values
If you enable DHCP but also want the access server to function in the event that a
DCHP server is not available, you can define default values for some of the DHCPlearned IP information in NVRAM using DEFINE commands. Follow the procedures in this chapter for setting the IP address, subnet mask, DNS values, WINS values, and gateways. You can also use the Access Server Manager to set these values. See the
Access Server Manager’s online help for details.
When the access server initializes, it writes the default values from NVRAM to RAM.
If a DHCP server responds to the access server’s request for information, the DHCPlearned values overwrite the default values in RAM. If a DHCP server does not respond, the access server uses the default values.
Overriding DHCP-Learned Values
To override DHCP-learned values, use SET commands after initialization completes.
Follow the procedures in this chapter for setting the IP address, DNS values, WINS values, and gateways or use the Access Server Manager (see the Access Server
Manager online help for details).
7-30 TCP/IP Network Characteristics
Assigning WINS Server Addresses
Assigning WINS Server Addresses
What Does WINS Do?
Windows Internet Naming Service (WINS) performs NetBIOS name and IP address resolution, similar to the Domain Name Service (DNS). WINS allows systems that use
NetBIOS to communicate with each other over TCP/IP.
What Is WINS Autoconfigure?
The WINS autoconfigure feature on the access server allows dial-up clients to receive
WINS configuration information automatically from the access server when establishing a remote PPP connection.
The access server provides the remote client with the addresses of WINS primary and secondary servers that it finds in its RAM.
Operation
The access server receives WINS server addresses in one of the following ways:
•
From a DHCP server on the network, if the DHCP is enabled on the access server.
•
From access server commands that you enter at a local or remote console.
The following shows how the remote client receives WINS server information from the access server:
TCP/IP Network Characteristics 7-31
Assigning WINS Server Addresses
Assigning WINS Addresses
If you enable DHCP on the access server, it receives the WINS server addresses from a DHCP server on the network and writes the values to VRAM when you reinitialize the access server. When a remote client sends a request to the access server for WINS server addresses during PPP negotiation, the access server responds with the addresses it finds in VRAM.
If you disable DHCP, or need to change the WINS server addresses at a time when you do not want to reinitialize the access server, you can set the addresses manually. Use the SET/DEFINE/CHANGE INTERNET WINS [PRIMARY|SECONDARY] command for this purpose.
WINS Address Example
The following example shows how to set primary and secondary WINS server addresses on the access server:
Local> CHANGE INTERNET WINS PRIMARY 12.30.34.10
Local> CHANGE INTERNET WINS SECONDARY 12.150.25.5
Displaying WINS Characteristics
Use the SHOW/LIST INTERNET NAME RESOLUTION command to view the
WINS server addresses stored in the access server’s VRAM (or NVRAM).
WINS Display Example
The following shows a typical example of the WINS display:
Local> SHOW INTERNET NAME RESOLUTION
NetBIOS (WINS) Name Resolution:
Primary WINS server: 16.20.44.55
Secondary WINS server 16.125.14.235 (from DHCP)
Domain Name Resolution:
Domain Name: finance.acme.com (from DHCP)
Resolution Host Limit: 32 Resolution Time Limit: 4
Resolution Mode: Ordered Resolution Retry Limit: 3
Nameservers (Locally configured):
99.99.99.99 Local name.acme.com (from DHCP)
7-32 TCP/IP Network Characteristics
Assigning WINS Server Addresses
Nameservers (Learned):
99.99.99.99 Local name.acme.com
88.88.88.88 Local secondary.acme.com
DHCP server: 16.20.244.250
Local>
The following table lists the WINS characteristics displayed in the previous example.
(See the Displaying DNS Characteristics section in this chapter for a description of the
DNS characteristics shown in the example.)
Field
Primary
Secondary
Description
The Internet address or host name for the primary WINS server.
The Internet address or host name for the WINS server used when the primary WINS server is not available.
If a DHCP server provides the WINS servers and Domain Name information, the display includes “(from DHCP)” at the end of each line of information and the name of the DHCP server at the end of the display.
TCP/IP Network Characteristics 7-33
Chapter 8
Managing AppleTalk
Overview
Introduction
This chapter explains how to configure and manage the AppleTalk protocol suite on an access server.
In This Chapter
This chapter contains the following topics:
•
Configuring AppleTalk on an Access Server
•
Displaying AppleTalk Characteristics
•
Displaying AppleTalk Counters
•
Displaying AppleTalk Status
•
Displaying AppleTalk Routes
•
Displaying AppleTalk ARP Entries
Managing AppleTalk 8-1
Configuring AppleTalk on an Access Server
Configuring AppleTalk on an Access Server
Introduction
You can configure an access server to act as an AppleTalk node on the network and many different components can then be monitored. The configuration of the
AppleTalk characteristics can be done only in the NVRAM database. This means that the manager has to reinitialize the access server after making a change to any of the
AppleTalk characteristics before the changes take effect. This chapter does not address managing asynchronous connections. For information about ATCP, see Chapter 19.
This chapter assumes you have a basic understanding of the AppleTalk protocol suite.
AppleTalk Address Format
AppleTalk node addresses consist of two fields: a network number and a node number.
A network number can be in the range 1 to 65534. A node number can be in the range
1 to 254. The network and node numbers are separated by a period (.).
Enabling AppleTalk
By default, AppleTalk is not enabled on an access server. In order for the access server to act as an AppleTalk node on the network, a privileged user has to enable AppleTalk explicitly with the following DEFINE command:
Local> DEFINE APPLETALK ENABLED
Then the access server has to be reinitialized. Upon reinitialization, the access server functions as an AppleTalk node by doing the following:
•
Acquiring an AppleTalk address and zone
•
Registering its AppleTalk name
•
Acquiring and defending AppleTalk addresses for attached hosts
•
Forwarding AppleTalk DDP packets
•
Permitting hosts attached via asynchronous lines to participate in the AppleTalk protocol
•
Responding to SNMP requests for AppleTalk information
•
Responding to AppleTalk Echo packets
8-2 Managing AppleTalk
Configuring AppleTalk on an Access Server
Disabling AppleTalk
If you decide that your access server should no longer act as an AppleTalk node, all
AppleTalk capabilities can be turned off using the following privileged DEFINE command:
Local> DEFINE APPLETALK DISABLED
Reinitialize the access server to have this command take effect. Upon reinitialization, the access server no longer functions as an AppleTalk node. All of the SHOW
AppleTalk commands then give you the following message:
Local -527- AppleTalk is not enabled, no operational commands allowed
DIGITAL recommends that you disable AppleTalk when the access server is not used as an AppleTalk node. When you disable AppleTalk:
•
The access server no longer responds to or monitors AppleTalk traffic on the network, freeing up CPU time.
•
System resources are freed up since they are no longer allocated for AppleTalk operation.
•
The access server rejects all SNMP queries for AppleTalk information. It transmits a No Such Name error message.
Setting AppleTalk Address Cache Size
An access server with AppleTalk enabled tries to acquire unused AppleTalk addresses for any potential hosts attached to the access server with asynchronous lines. It saves these addresses in a cache and defends them if any other host on the network tries to use them. When a host attaches to the access server via an asynchronous port, the access server assigns one of the addresses from the cache to the attached host.
A privileged user on the access server specifies how many AppleTalk addresses the access server should acquire on initialization using the following DEFINE command:
Local> DEFINE APPLETALK [ address] CACHE [size] n
As with the command to enable or disable AppleTalk, this command affects only the
NVRAM database on the access server. The access server has to be reinitialized for the cache size to take effect operationally.
The supported range for n is 1 to the number of asynchronous ports. The access server always attempts to keep the number of available entries in the address cache equal to the smaller of either the cache size that you define or the number of ports that do not already have AppleTalk connections.
Managing AppleTalk 8-3
Configuring AppleTalk on an Access Server
The default value for n is the number of access server asynchronous ports divided by
8. For instance, the default cache size on a 16 port access server would be 2.
The DEFINE APPLETALK ADDRESS CACHE command lets the access server manager trade off address use versus the probability of simultaneous Appletalk session requests.
•
If the value of n is set too high, the access server can acquire too many addresses, exhausting the supply available for the rest of the network.
•
The access server serializes address acquisition attempts, which typically require about 2 seconds each. If the access server pre-acquires too few addresses (the value of n is too low), some client AppleTalk session initiation attempts may fail if too many arrive at once. When this happens, the access server may not have enough addresses to assign to all the new sessions.
8-4 Managing AppleTalk
Displaying AppleTalk Characteristics
Displaying AppleTalk Characteristics
Commands
Use the LIST APPLETALK CHARACTERISTICS command to display the
AppleTalk characteristics. This command is nonprivileged.
Use the SHOW/MONITOR APPLETALK STATUS command to see the values being used operationally.
Displaying AppleTalk Characteristics Example
The following example shows how to display the latest values configured by the
DEFINE APPLETALK commands:
Local> LIST APPLETALK CHARACTERISTICS
AppleTalk Characteristics Server: LAT_08002B24F24F
State: Enabled
Cache Size: 2
Fields in the AppleTalk Characteristics Display
The following table describes the fields in the AppleTalk Characteristics display:
Field
State
Cache
Description
Indicates whether AppleTalk is enabled the next time you initialize the access server.
Shows the number of AppleTalk addresses that the access server will acquire in cache memory the next time you initialize the access server.
Managing AppleTalk 8-5
Displaying AppleTalk Counters
Displaying AppleTalk Counters
Command
Use the SHOW/MONITOR APPLETALK COUNTERS command to display the
AppleTalk counters on an access server. The command is nonprivileged.
Displaying AppleTalk Counters Example
The following example shows a typical display when you enter the SHOW
APPLETALK COUNTERS command:
Local> SHOW APPLETALK COUNTERS
AppleTalk Counters Seconds Since Zeroed: 18207
AARP
Unsent Probes: 0 Unsent Responses: 0
DDP
In Receives: 5510 Out Requests: 19
In Local Datagrams: 1 Forwarded Requests: 0
Too Short Errors: 0 Out Shorts: 0
Too Long Errors: 0 Out Longs: 19
No Protocol Handlers: 0 Out No Routes: 0
Checksum Errors: 0 Hop Count Errors: 0
Short DDP Errors: 0 Broadcast Errors: 0
NBP
Lookups Received: 1850 Lookup Replies: 13
In Errors: 0
RTMP
Router Lost: 0 In Errors: 0
ZIP
In GetNetInfo Response: 1 Out GetNetInfo Requests: 6
In Errors: 0
Fields in the AppleTalk Counters Display
The following table describes the fields in the AppleTalk Counters display:
Field
AARP Unsent Probes
Description
The number of AARP probes that could not be sent due to insufficient access server resources.
8-6 Managing AppleTalk
Field
DDP
Unsent Responses
In Receives
Out Requests
In Local Datagrams
Forwarded Requests
Too Short Errors
Too Long Errors
No Protocol Handlers
Checksum Errors
Short DDP Errors
Displaying AppleTalk Counters
Description
The number of AARP responses that could not be sent due to insufficient access server resources.
The number of DDP datagrams the access server has received, including those received in error.
The number of DDP datagrams DDP sent out on behalf of access server
AppleTalk components.
The number of DDP datagrams the access server has received that were destined for the access server.
The number of DDP datagrams the access server received for which this was not their final destination. DDP made an attempt to forward these packets.
The number of DDP datagrams dropped because their data length was less than the length specified in the DDP header or because their length was less than that of a DDP header.
The number of DDP datagrams dropped because their data length exceeded the length specified in the DDP header or because their length was greater than the maximum DDP length.
The number of DDP datagrams the access server received that were addressed to an upper layer protocol that the access server does not support.
The number of input DDP datagrams dropped because of a checksum error.
The number of input DDP datagrams dropped because access server was not final destination and type was short
DDP.
Managing AppleTalk 8-7
Displaying AppleTalk Counters
Field
NBP
RTMP
ZIP
Broadcast Errors
Out Shorts
Out Longs
Out No Routes
Hop Count Errors
Lookups Received
Lookup Replies
In Errors
Router Lost
In Errors
In GetNetInfo Responses
Out GetNetInfo Requests
In Errors
Description
The number of input DDP datagrams dropped because the access server was not their final destination and they were addressed to the link level broadcast.
The number of short DDP datagrams transmitted.
The number of long DDP datagrams transmitted.
The number of DDP datagrams dropped because a route could not be found.
The number of input DDP datagrams dropped because the access server was not their final destination and their hop count would exceed 15 if forwarded.
The number of NBP Lookup Requests the access server has received.
The number of NBP Lookup Replies the access server has sent
The number of invalid NBP datagrams received.
The number of times the access server lost contact with every AppleTalk router on its Ethernet.
The number of invalid RTMP datagrams received.
The number of GetNetInfo responses the access server has received.
The number of GetNetInfo requests the access server has sent.
The number of invalid ZIP datagrams received.
8-8 Managing AppleTalk
Displaying AppleTalk Counters
AARP Values
Two important counter values are those for AARP. Unsent AARP probes or responses can indicate network problems. This happens when the access server is too overloaded to respond to AARP requests. When there are unsent probes, other AppleTalk nodes can acquire AppleTalk addresses used by the access server or its clients. There can be connectivity problems when there are unsent responses.
Managing AppleTalk 8-9
Displaying AppleTalk Status
Displaying AppleTalk Status
Command
Use the SHOW/MONITOR APPLETALK STATUS command to display the
AppleTalk status on the access server. The command is nonprivileged.
Displaying AppleTalk Status Example
The following example shows how to display the AppleTalk status on an access server:
Local> SHOW APPLETALK STATUS
AppleTalk Status Server: LAT_08002B24F24F
State: Up
Address: 401.78
Network: 401-401
Name:
Object: LAT_08002B24F24F
Type: DECserver 700-08
Zone: LKG Littleton MA
Cache: 2
Attached Hosts: 0
Last Error: <no error>
Fields in the AppleTalk Status Display
The following table describes the fields that appear in the AppleTalk Status display:
Field Value
State
Off
Acquiring
Learning
Reacquiring
Registering
Description
The status of the access server
AppleTalk implementation.
AppleTalk is not operating.
The access server is acquiring an
AppleTalk address.
The access server is learning its
AppleTalk zone.
The access server is getting itself a new
AppleTalk address.
The access server is registering its name.
8-10 Managing AppleTalk
Field Value
Up
Address
Network
Name
Cache
Attached Hosts
Last Error
Object
Type
Zone
Displaying AppleTalk Status
Description
AppleTalk is fully operational.
The AppleTalk address of the access server, learned from the EtherTalk network at initialization. Its value is 0.0 until the Learning state.
The AppleTalk network range the access server learned at initialization. If no
AppleTalk router is on the access server’s network, the value is 1-65534.
The value is 0-0 until the Learning state.
The full AppleTalk name of the access server consists of: object:type@zone.
The unique name of the access server
(for example, LAT 08002B24F24F).
You can configure this parameter with the SET/DEFINE/CHANGE SERVER
NAME command.
The type of device (for example,
DECserver 700-08). This parameter cannot be configured.
The zone to which the access server belongs. This is a learned parameter and cannot be configured.
The current address cache size.
The number of AppleTalk hosts attached to the access server via asynchronous lines.
The last AppleTalk error reported.
Managing AppleTalk 8-11
Displaying AppleTalk Routes
Displaying AppleTalk Routes
Command
Use the SHOW/MONITOR APPLETALK ROUTES command to display the available AppleTalk routes to an access server. The command is nonprivileged.
Displaying AppleTalk Routes Example
The following example shows how to use the SHOW APPLETALK ROUTES command to display available AppletTalk routes:
Local> SHOW APPLETALK ROUTES
AppleTalk Routes Server: LAT_08002B24F24F
Destination Next Hop Status Interface Seconds
since
Last
Validated
12344-12350 12346.132 Up Ethernet 159
<default> 12347.1 Up Ethernet 20
12349.223 12346.132 Up Asynch7 29
12348.144 12346.132 Up Asynch3 116
Fields in the AppleTalk Routes Display
The following table describes the fields in the AppleTalk routes display:
Field
Destination
Next Hop
Value Description
The route destination. This can be either an
AppleTalk network number range or an
AppleTalk host address. A host address indicates a route to a host attached to the access server by means of an asynchronous link. The destination <default> is distinguished from the others. If the server does not find an appropriate route for a DDP packet, it sends the packet to the route’s next hop.
The AppleTalk router that is the “next hop” to a particular network. For the <default> destination, the next hop corresponds to an
AppleTalk router. For all other destinations, the next hop is the access server’s own
AppleTalk address.
8-12 Managing AppleTalk
Field
Status
Interface
Seconds Since
Last Validated
Displaying AppleTalk Routes
Value
Up
Suspect
Bad
Down
Description
The current state of the route, as follows:
The route is known to be valid.
The route is thought valid, but has not been refreshed recently.
The route has not been refreshed recently enough to warrant further use.
The route exists in the routing table, but is not being used.
The interface the access server uses to route packets to the destination.
This will be the time since:
• The “first” RTMP data packet announcing the route arrived, for a network destination with a status of “Up”
• A connection was established, for a host destination with a status of “Up”
• The most recent RTMP data packet announcing it, for a network destination with a status of “Suspect,” “Bad,” or “Down”
Managing AppleTalk 8-13
Displaying AppleTalk ARP Entries
Displaying AppleTalk ARP Entries
Introduction
When an attached host sends a message to an unknown AppleTalk node on the access server network, the access server creates an entry in the AppleTalk ARP cache and transmits an ARP request for the node’s data link address. At this time, the access server does not know the address for the desired node. When it receives a reply, it fills in the node’s corresponding Ethernet address.
Command
Use the SHOW/MONITOR APPLETALK ARP ENTRIES command to display entries that the access server creates in the AppleTalk ARP cache.
Displaying AppleTalk ARP Entries Example
The following example shows how to display the entries in the AppleTalk ARP cache:
Local> SHOW APPLETALK ARP ENTRIES
AppleTalk ARP Entries Server:LAT_08002B26AE00
ATalk Address Ethernet Address Status Interface
12345.132 08-00-2B-26-AE-00 Local Ethernet
12345.28 08-00-2B-26-AE-00 Acquired Ethernet
12346.7 08-00-2B-26-AE-00 Local Asynch3
12347.18 08-00-2B-26-AE-00 Local Asynch12
12347.2 <resolving> Remote Ethernet
12344.3 AA-00-04-11-21-10 Remote Ethernet
Fields in the AppleTalk ARP Display
The following table describes the fields in the AppleTalk ARP Entries display:
Field
ATalk Address
Ethernet Address
Value
Status
Remote
Description
The AppleTalk address of a node.
The corresponding Ethernet address for the
AppleTalk node.
The status of the AppleTalk ARP Entry.
The entry designates an ARP entry for a remote host on the access server Ethernet.
Such an entry usually means the server recently forwarded a DDP packet to this host.
8-14 Managing AppleTalk
Field
Interface
Displaying AppleTalk ARP Entries
Value
Local
Acquired
Description
The entry designates either:
1 A host that is presently running AppleTalk over its asynchronous link to the access server or
2 The access server AppleTalk address
The entry has been pre-acquired for later use by an attached AppleTalk host. It is also possible that the address has already been used by one or more attached hosts, but has been returned to the address cache.
The interface with which the address is associated. The access server’s own
AppleTalk address, as well as any remote or acquired addresses, are always associated with the Ethernet. This field identifies the asynchronous line with which a local address might be associated.
Managing AppleTalk 8-15
Chapter 9
Configuring Basic Device Characteristics
Overview
Introduction
This chapter explains how to configure the basic characteristics for all types of devices that attach to the access server ports. These devices include:
•
Standard DIGITAL video terminals such as the VT100 and VT220
•
Printers
•
Modems
•
PCs
•
Computers
•
Nonstandard terminals
In This Chapter
This chapter contains the following topics:
•
Configuring Basic Device Characteristics
•
Displaying Basic Device Characteristics
•
Configuring the ACCESS Characteristic
•
Matching the Port and Device Characteristics
•
Configuring the FLOW CONTROL Characteristic
•
Specifying the Automatic Logout Characteristics
Configuring Basic Device Characteristics 9-1
Configuring Basic Device Characteristics
Configuring Basic Device Characteristics
Introduction
If you attach a standard DIGITAL video terminal to an access server port, the basic device characteristics described in this chapter are the only ones that you need to consider.
If you are configuring a port to communicate with a modem, PC, computer interface, or nonstandard terminal, refer to the signal characteristics described in Chapter 10 in addition to the characteristics described in this chapter.
Command
To configure or modify a basic device characteristic, use the SET/CHANGE/
MODIFY command for the appropriate characteristic.
Basic Device Characteristic Summary
The following table summarizes the basic device characteristics, and refers you to related information in this chapter:
Characteristic
ACCESS
AUTOBAUD Enabled
CHARACTER SIZE 8
DSRLOGOUT
FLOW CONTROL
INACTIVITY
LOGOUT
INPUT FLOW
CONTROL
Default
Local
Disabled
XON
Disabled
Enabled
Allowed
Values
Local, Remote,
Dynamic, None
Refer to
Section
Configuring the
ACCESS
Characteristic
Enabled, Disabled AUTOBAUD
7, 8 CHARACTER
SIZE
Enabled, Disabled Specifying
DSRLOGOUT
XON, DSR, CTS,
DISABLED
Flow Control
Types
Enabled, Disabled Specifying
INACTIVITY
LOGOUT
Enabled, Disabled FLOW
CONTROL
Direction
9-2 Configuring Basic Device Characteristics
Characteristic
LONGBREAK
LOGOUT
OUTPUT FLOW
CONTROL
PARITY
SPEED
STOP BITS
TYPE
Configuring Basic Device Characteristics
Default
Disabled
Enabled
None
9600
Allowed
Values
Refer to
Section
Enabled, Disabled Specifying
LONGBREAK
LOGOUT
Enabled, Disabled FLOW
CONTROL
Direction
Even, Odd, Mark,
None
PARITY
SPEED 75,110, 134, 150,
300, 600, 1200,
1800, 2000, 2400,
4800, 9600, 19200,
38400, 57600,
115200
1, 2 STOP BITS Dynamically set
ANSI Hardcopy,
Softcopy, ANSI
TYPE
Configuring Basic Device Characteristics 9-3
Displaying Basic Device Characteristics
Displaying Basic Device Characteristics
Command
To display basic device characteristics, use the SHOW PORT command.
Displaying Port Characteristics Example
The following example shows how to display the port characteristics for port 5:
Local> SHOW PORT 5
Port 5: Server: LAT_123456789ABC
Character Size: 8 Input Speed: 9600
Flow Control: XON Output Speed: 9600
Parity: None Signal Control: Disabled
Stop Bits: Dynamic Signal Select: CTS-DSR-RTS-DTR
Access: Local Local Switch: None
Backwards Switch: None Name: PORT_5
Break: Local Session Limit: 4
Forwards Switch: None Type: ANSI
Default Protocol: LAT Default Menu: None
Autolink Timer One:12 Two:10
Preferred Service: None
Authorized Groups: 25
(Current) Groups: 25
Enabled Characteristics:
Autobaud, Autoprompt, Broadcast, Failover, Input, Flow Control,
Lock, Loss Notification, Message Codes, Output Flow Control,
Verification
Local>
9-4 Configuring Basic Device Characteristics
Configuring the ACCESS Characteristic
Configuring the ACCESS Characteristic
Description
The ACCESS characteristic determines which types of devices can use a port. The following table lists and defines the possible values for the port ACCESS characteristic:
Characteristic
Local (default)
Remote
Dynamic
None
Device Type
Interactive
Noninteractive
Both interactive and noninteractive
–
Examples
Terminals
Computers, printers
Personal computers, printers with keyboards
Prohibits access to the port
Command
To set the ACCESS characteristic for a port, use the DEFINE/SET/CHANGE PORT command with the ACCESS keyword.
Defining the ACCESS Characteristic Example
The following example shows how to set the access characteristic for port 5 to remote:
Local> DEFINE PORT 5 ACCESS REMOTE
Configuring Basic Device Characteristics 9-5
Matching the Port and Device Characteristics
Matching the Port and Device Characteristics
Introduction
You must ensure that the physical characteristics of the access server port match the physical characteristics of the device as described in this section. If these characteristics do not match, the device does not operate correctly. The characteristics that must match are:
•
AUTOBAUD
•
CHARACTER SIZE
•
PARITY
•
STOP BITS
•
SPEED
•
TYPE
AUTOBAUD
The AUTOBAUD characteristic determines if a port automatically detects a device’s speed, parity, and character size when you log in.
AUTOBAUD Settings
The following table lists the AUTOBAUD settings and the types of devices associated with them:
Setting
Enabled
Disabled
For These Devices
Interactive (default)
Printers, modems, computers
9-6 Configuring Basic Device Characteristics
Matching the Port and Device Characteristics
CHARACTER SIZE and PARITY Settings
The AUTOBAUD characteristic functions only if the input and output speeds of the port device are the same and the character size and parity settings have the combinations listed in the following table:
Character Size
8
7
Parity
None
Even
Example: Disabling AUTOBAUD
The following example shows how to disable the autobaud characteristic:
Local> CHANGE PORT 5 AUTOBAUD DISABLED
CHARACTER SIZE
The CHARACTER SIZE characteristic indicates the number of bits in a data character.
The access server supports character sizes of 7 or 8 bits, and the default is 8 bits.
Refer to the operator’s guide for the port device to determine appropriate character size.
If you enable autobaud, the access server automatically adjusts the character size.
Example: Setting the CHARACTER SIZE
The following example shows how to set the character size:
Local> CHANGE PORT 5 CHARACTER SIZE 7
PARITY
The PARITY characteristic determines the type of parity checks that the access server performs. If you enable autobaud, the access server automatically adjusts the parity.
PARITY Settings
The following table lists the available parity checks:
Setting
Even
Odd
Mark
Check Performed Per Character
Even number of one bits
Odd number of one bits
A set parity bit
Configuring Basic Device Characteristics 9-7
Matching the Port and Device Characteristics
Setting
Space
None (default)
Check Performed Per Character
A cleared parity bit
No parity checking performed
Example: Changing the PARITY Settings
The following example shows how to change the parity:
Local> CHANGE PORT 5 PARITY ODD
SPEED
The SPEED characteristic enables you to configure the port for devices that operate at the following speeds: 75, 110, 134, 150, 300, 600, 1200, 1800, 2000, 2400, 4800,
9600, 19200, 38400, 57600, and 115200 bits per second (bits/s).
If you enable autobaud, the access server automatically adjusts the port speed.
Example: Changing the Port SPEED
The following example shows how to change the port speed:
Local> CHANGE PORT 5 SPEED 2400
Example: Configuring Different Input and Output Speeds for a Port
The following example shows how to specify different input and output speeds for a port:
Local> CHANGE PORT 5 INPUT SPEED 2400
Local> CHANGE PORT 5 OUTPUT SPEED 1200
STOP BITS
The STOP BITS characteristic indicates the number of bits that mark the end of a character transmission. By default, the access server dynamically sets up the STOP
BITS characteristic. The access server automatically uses 2 stop bits for port speeds up to and including 134 bits/s, and 1 stop bit for port speeds above 134 bits/s.
You can also specify 1 or 2 stop bits for each device.
Example: Setting the STOP BITS for a Device
The following example shows how to set the stop bits for a device:
Local> CHANGE PORT 5 STOP BITS 1
9-8 Configuring Basic Device Characteristics
TYPE
Matching the Port and Device Characteristics
The TYPE characteristic indicates the device attached to the port.
Device Types
The following table lists device types available for each port of the access server:
Device Type
Hardcopy
Softcopy
ANSI (default)
Applies to:
Printers
Non-ANSI video terminals
Most video terminals such as the VT100. This causes the screen to clear before each display and enables command-line recall.
Example: Changing the device TYPE
The following example shows how to change the device type:
Local> CHANGE PORT 5 TYPE HARDCOPY
Configuring Basic Device Characteristics 9-9
Configuring the FLOW CONTROL Characteristic
Configuring the FLOW CONTROL Characteristic
Introduction
The FLOW CONTROL characteristic allows the access server to start and stop data transfer between the port and the attached device. Flow control prevents data losses due to lack of buffering space.
The FLOW CONTROL characteristic does not apply to data transfer between the access server and a network resource. For a particular session, however, the network resource might manage FLOW CONTROL between the port and the host.
Flow Control Types
The types of FLOW CONTROL that you can configure are:
•
XON/XOFF
•
DSR
•
CTS
•
No Flow Control
•
Flow Control Direction
XON/XOFF
When the access server use XON/XOFF FLOW CONTROL on a port, it sends
•
An XON character to start the data transfer between the port and the attached device
•
An XOFF character to stop the data transfer between the port and the attached device
XON/XOFF is the type of FLOW CONTROL that Digital Equipment Corporation’s terminals, personal computers, printers, and modems use.
When to Use
You must use XON/XOFF FLOW CONTROL when you use:
•
DSR logout (See Specifying DSRLOGOUT in this chapter.)
•
Signal check (See Specifying SIGNAL CHECK in Chapter 10.)
9-10 Configuring Basic Device Characteristics
DSR
CTS
Configuring the FLOW CONTROL Characteristic
Example: Enabling XON/XOFF FLOW CONTROL
The following example shows how to enable XON/XOFF FLOW CONTROL:
Local> CHANGE PORT 5 FLOW CONTROL XON
DSR FLOW CONTROL operates as follows:
•
If the access server receives data too quickly from the port device, it turns off DTR until it can accept more data.
•
If the port device receives data too quickly from the access server, it turns off the
DSR signal until can accept more data.
Do not enable DSR FLOW CONTROL if modem control, signal control, DSR logout, or signal check is enabled. DSR FLOW CONTROL overrides these characteristics.
Example: Enabling DSR FLOW CONTROL
The following example shows how to enable DSR FLOW CONTROL on a port:
Local> CHANGE PORT 5 FLOW CONTROL DSR
CTS is a form of FLOW CONTROL used with null modem (DTE) devices. The access server only transmits data to an attached device when the device asserts DTS.
CTS FLOW CONTROL operates as follows:
•
If the access server receives data too quickly from the port device, the access server deasserts RTS until it can accept more data.
•
If an attached device receives data too quickly from the access server, it deasserts
CTS until it can accept more data.
You can enable CTS/RTS FLOW CONTROL for access servers with attached modems with a speed of 9600 bits/s or greater. This enables a faster response time from the access server hardware.
Example: Enabling CTS FLOW CONTROL
The following command shows how to enable CTS FLOW CONTROL on port 7 of an access server:
Local> CHANGE PORT 7 FLOW CONTROL CTS
Configuring Basic Device Characteristics 9-11
Configuring the FLOW CONTROL Characteristic
Example: Disabling FLOW CONTROL
The following command shows how to disable FLOW CONTROL on port 5 of an access server:
Local> CHANGE PORT 5 FLOW CONTROL DISABLED
FLOW CONTROL Direction
The access server software allows you to specify flow input and output FLOW
CONTROL:
•
Input FLOW CONTROL refers to the data flow from the attached device to the access server.
•
Output FLOW CONTROL refers to the data flow from the access server to the attached device.
By default, the access server enables FLOW CONTROL in both directions.
Example: Enabling Input FLOW CONTROL
The following command shows how to enable input FLOW CONTROL on port 5 of an access server:
Local> CHANGE PORT 5 INPUT FLOW CONTROL ENABLED
Example: Enabling output FLOW CONTROL
The following command shows how to disable output FLOW CONTROL on port 5 of an access server:
Local> CHANGE PORT 5 OUTPUT FLOW CONTROL DISABLED
9-12 Configuring Basic Device Characteristics
Specifying the Automatic Logout Characteristics
Specifying the Automatic Logout Characteristics
Introduction
This section describes the characteristics that you can use to log out a port automatically when the device attached to the port is turned off or when there is no activity for a specified period of time.
Specifying DSRLOGOUT
The DSRLOGOUT characteristic causes the access server to logout a port device when the device deasserts DSR. You cannot enable DSR logout if you enable DSR FLOW
CONTROL.
To use DSRLOGOUT, the device and cable must support DSR. For the wiring and cables that support DSR, refer to the hardware documentation for your terminal server.
For more information about DTR and DSR signals, refer to Configuring DTR and DSR
Signals in Chapter 10.
By default, for DSRLOGOUT is disabled.
Example: Enabling DSRLOGOUT
The following command shows how to enable DSRLOGOUT on port 5:
Local> CHANGE PORT 5 DSRLOGOUT ENABLED
Specifying LONGBREAK LOGOUT
The LONGBREAK LOGOUT characteristic causes access server to logout a port device when the device deasserts RxD for 2.5 to 3.5 seconds. You use this characteristic for devices that do not support the DSR signal.
Use the SHOW/LIST/MONITOR PORT STATUS command to determine if the RxD signal is valid. If the signal is valid, it appears in the Input Signals field.
By default, LONGBREAK LOGOUT is disabled.
Example: Enabling LONGBREAK LOGOUT
The following command shows how to enable LONGBREAK LOGOUT on port 5:
Local> CHANGE PORT 5 LONGBREAK LOGOUT ENABLED
Configuring Basic Device Characteristics 9-13
Specifying the Automatic Logout Characteristics
Specifying INACTIVITY LOGOUT
The INACTIVITY LOGOUT characteristic allows you to enable or to disable automatic log out for the port. If INACTIVITY LOGOUT is enabled, the access server automatically disconnects the session and logs out the port if there is no input or output activity for the time specified by the INACTIVITY TIMER characteristic.
Example: Enabling INACTIVITY LOGOUT
The following example shows how to enable INACTIVITY LOGOUT on port 5:
Local> CHANGE PORT 5 INACTIVITY LOGOUT ENABLED
Specifying the INACTIVITY TIMER
The INACTIVITY TIMER characteristic specifies the timeout period for all ports.
You use the INACTIVITY TIMER characteristic when you enable the INACTIVITY
LOGOUT characteristic.
The range for the timeout is from 1 to 120 minutes. The default is 30 minutes.
Example: Changing the INACTIVITY Timeout Period
The following command shows how to change the timeout period:
Local> CHANGE SERVER INACTIVITY TIMER 15
9-14 Configuring Basic Device Characteristics
Chapter 10
Configuring Modem Signals
Overview
Introduction
This chapter describes the various port characteristics that you can use to control the modem signals. You use modem signals to support devices that use these signals, such as modems, computers, and printers.
In This Chapter
This chapter contains the following topics:
•
DTE/DCE Device Configuration
•
Determining the Supported Modem Signals
•
Modem Signals Description
•
Specifying MODEM CONTROL and SIGNAL CONTROL
•
Specifying SIGNAL SELECT
•
Specifying SIGNAL CHECK
•
Specifying DTRWAIT
•
Specifying RING
•
Specifying ALTERNATE SPEED
•
Specifying DIALUP
•
Sample Modem Configurations
•
Configuring DTR and DSR Signals
Configuring Modem Signals 10-1
DTE/DCE Device Configuration
DTE/DCE Device Configuration
Port Configuration
The role of the access server in the communication is determined by the configuration of the port and the port device:
•
If the port access characteristic is set to local, the access server appears as a data terminal equipment (DTE) device to a dial-in modem connected as a port device, and as a data communication equipment (DCE) device to a personal computer or terminal.
•
If the port access characteristic is set to REMOTE, the access server appears as a
DCE device to the port device, such as a computer system interface.
•
If the port access characteristic is set to remote, the access server operates as a
DTE device to a dial-out modem connected as a port device.
10-2 Configuring Modem Signals
Determining the Supported Modem Signals
Determining the Supported Modem Signals
Access Servers and MODEM CONTROL
Not all access servers support all modem signals. There are three types of access servers:
•
Full MODEM CONTROL
•
MODEM CONTROL
Access servers that support MODEM CONTROL can use only one of two sets of modem signals.
•
DTR/DSR support
Access Server Types and Supported Modem Signals
The following table lists the types of access servers and the modem signals that each type supports. To determine the type of access server that you have, refer to the software product description (SPD) for your access server.
Network Access Server
Type
Full MODEM CONTROL
(Example: DECserver 700-08 access server)
Modem Signals Supported
MODEM CONTROL
(Example: DECserver 700-16 access server)
Request To Send (RTS)
Clear To Send (CTS)
Data Set Ready (DSR)
Data Terminal Ready (DTR)
Data Carrier Detect (DCD)
Speed Mode Indicator (SMI)
RING Indicator (RI)
Data Signal Rate Selector (DSRS)
Supports one of two sets of signals (software selectable):
• Set 1
— Request To Send (RTS)
— Clear To Send (CTS)
— Data Set Ready (DSR)
— Data Terminal Ready (DTR)
Configuring Modem Signals 10-3
Determining the Supported Modem Signals
Network Access Server
Type
Modem Signals Supported
DSR/DTR support (Example:
DECserver 90TL access server)
• Set 2
— Data Signal Rate Selector (DSRS)
— RING Indicator (RI)
— Data Carrier Detect (DCD)
— Data Terminal Ready (DTR)
Data Set Ready (DSR)
Data Terminal Ready (DTR)
10-4 Configuring Modem Signals
Modem Signals Description
Modem Signals Description
Types of Modem Signal
The following table describes the various modem signals:
Modem Signal
Request To Send (RTS)
Clear To Send (CTS)
Data Set Ready (DSR)
Data Terminal Ready (DTR)
Data Carrier Detect (DCD)
Speed Mode Indicator (SMI)
Ring Indicator (RI)
Description
Asserted by the access server to indicate to the port device that the access server is ready to exchange further control signals with the port device to initiate the exchange of data.
The RTS signal is the same state as the DTR signal unless CTS input flow control is enabled.
Monitored by the access server and asserted by the port device to indicate that the port device is ready to receive data.
Monitored by the access server and asserted by the port device to indicate that the port device is ready to exchange further control signals with the access server.
Asserted by the access server to indicate that the access server is ready to exchange further control signals with the port device to initiate the exchange of data. (DTR is accompanied by RTS and DSRS.)
Monitored by the access server and asserted by the port device to indicate that the received line signal is within acceptable limits.
Monitored by the access server to detect whether the modem at the access server port has selected the higher or lower speed in its range for exchanging data with a remote modem. SMI allows the use of a primary and alternate (or fallback) speed.
Monitored by the access server. This indicates that a calling signal is being received by the port device.
Configuring Modem Signals 10-5
Modem Signals Description
Modem Signal
Data Signal Rate Selector
(DSRS)
Description
Asserted by the access server to indicate the speed at which the modem should initiate communications. On a port configured for a multispeed modem (where both SPEED and
ALTERNATE SPEED are specified), DSRS indicates the higher of the two speeds.
10-6 Configuring Modem Signals
Specifying MODEM CONTROL and SIGNAL CONTROL
Specifying MODEM CONTROL and SIGNAL CONTROL
Introduction
The MODEM CONTROL and SIGNAL CONTROL characteristics are identical, except that MODEM CONTROL is only used with full MODEM CONTROL access servers, and SIGNAL CONTROL is used on all other access servers.
These characteristics enable or disable the use of MODEM CONTROL signals on a port. With MODEM CONTROL or SIGNAL CONTROL enabled, the access server automatically logs out the port whenever a loss of the DSR signal (if used) is detected or if the DCD signal (if used) is deasserted for more than 2 seconds. Furthermore, a user must log in to the access server successfully within 120 seconds, or the access server automatically disconnects the call. You should disable MODEM CONTROL or
SIGNAL CONTROL when a port is connected to a device that does not use modem signals, or if the device cable does not support modem signals.
Logging Out the Port with DSRLOGOUT or LONGBREAK LOGOUT
With MODEM CONTROL or SIGNAL CONTROL disabled, you can enable the access server to log out a port when the attached device is turned off by enabling port characteristic DSRLOGOUT (see Specifying DSRLOGOUT in Chapter 9) or
LONGBREAK LOGOUT (see Specifying LONGBREAK LOGOUT in Chapter 9).
Computer Interface
For computer interface connections, you need to enable MODEM CONTROL or
SIGNAL CONTROL and configure the host to use the modem signals. This ensures that session status is passed between the access server and the host system, which is important to maintain security.
When a user connected to the access server logs out from a system, the computer terminates the session and deasserts the DTR signal. The access server interprets this condition as a loss of DSR and terminates the session.
However, when the access server terminates a session, the access server deasserts the
DTR signal. The system interprets this condition as a loss of DSR and logs out the user.
This occurs when you enter a DISCONNECT command from the access server user interface or turn the power off.
The MODEM CONTROL or SIGNAL CONTROL characteristic can only be configured in the permanent database; therefore, you cannot use the SET or CHANGE command to configure MODEM CONTROL or SIGNAL CONTROL.
Configuring Modem Signals 10-7
Specifying MODEM CONTROL and SIGNAL CONTROL
Example: Enabling MODEM CONTROL
The following example shows how to enable MODEM CONTROL on port 5:
Local> DEFINE PORT 5 MODEM CONTROL ENABLED
Local> LOGOUT PORT 5
Example: Enabling SIGNAL CONTROL
The following example shows how to enable SIGNAL CONTROL on port 11:
Local> DEFINE PORT 11 SIGNAL CONTROL ENABLED
Local> LOGOUT PORT 11
Normally, you should disable SIGNAL CHECK when MODEM CONTROL or
SIGNAL CONTROL is enabled.
10-8 Configuring Modem Signals
Specifying SIGNAL SELECT
Specifying SIGNAL SELECT
Introduction
The SIGNAL SELECT characteristic is used only with MODEM CONTROL access servers. This characteristic determines which of two sets of signals that the access server uses:
•
CTS, DSR, RTS, and DTR or
•
RI, DCD, DSRS, and DTR
The port device must be cabled correctly to work with the set of signals that you choose.
Determining When to Use a Signal Set
The following shows when to use these signals:
•
If the modem speed is below 9600 baud, configure the port SIGNAL SELECT characteristic to RI-DCD-DSRS-DTR.
•
If the modem speed is 9600 baud or above, configure the port SIGNAL SELECT characteristic to CTS-DSR-RTS-DTR.
NOTE
A maximum supported baud rate of 9600 on a modem is a guideline for signal set selection. The signals used are a factor of modem technology, not the actual baud rate for data tranfer.
Enabling CTS/RTS flow control for access servers with attached modems with 9600 baud or greater enables a faster response time from the access server hardware.
In order to enable SIGNAL CONTROL, you must configure SIGNAL SELECT.
Example: Enabling SIGNAL SELECT
The following example shows to configure SIGNAL SELECT to CTS-DSR-RTS-
DTR on port 10:
Local> DEFINE PORT 10 SIGNAL SELECT CTS-DSR-RTS-DTR
Local> LOGOUT PORT 10
Configuring Modem Signals 10-9
Specifying SIGNAL CHECK
Specifying SIGNAL CHECK
Introduction
The SIGNAL CHECK characteristic allows the access server to check for any modem signal when a host requests a connection. If any one modem signal is present, the access server makes a connection; otherwise, a connection is denied. If all modem signals are dropped at the port once a connection is made, the access server disconnects the session and logs out the port. With SIGNAL CHECK disabled, the access server does not look for modem signals, and data might be lost. The factory-set default for
SIGNAL CHECK is disabled.
Example: Enabling SIGNAL CHECK
The following example shows how to enable SIGNAL CHECK on port 7:
Local> CHANGE PORT 7 SIGNAL CHECK ENABLED
You should enable SIGNAL CHECK for ports with printers attached. If SIGNAL
CHECK is disabled, data loss can occur when the device is turned off. However, you should not enable SIGNAL CHECK if you are using DSR or CTS flow control or if
MODEM CONTROL or SIGNAL CONTROL is enabled.
You should enable SIGNAL CHECK along with either DSRLOGOUT or
LONGBREAK LOGOUT and when the computer is turned off. This prevents users on the network from making a connection to the computer.
10-10 Configuring Modem Signals
Specifying DTRWAIT
Specifying DTRWAIT
Description
When functioning with modems and computer interfaces, the access server port normally asserts the DTR signal at all times except during a disconnect sequence.
However, there are instances when assertion of DTR is undesirable. For example, when a computer is offered as a service, the automatic reassertion of DTR after a disconnect sequence might cause the computer to act as if a session is in progress. If
DTRWAIT is disabled, which is the factory-set default, the DTR signal is asserted on an idle port.
•
When DTRWAIT is enabled, the access server can delay the assertion of DTR until a connection is detected from a modem when an interactive user logs in or when the access server receives a connection to the port from the network.
•
With DTRWAIT enabled, the access server supports autoanswering equipment on a modem-control port. Upon detecting the RI signal from the modem, the access server asserts DTR and RTS, which allows the modem to answer the call. Then, upon detection of DSR, DCD, and CTS from the modem, the access server enables data transfer.
•
DTRWAIT should be enabled for ports connected to computers and PCs. In order to enable DTRWAIT, you must enable MODEM CONTROL or SIGNAL
CONTROL.
Enabling DTRWAIT Example
The following command shows how to enable DTRWAIT on port 3:
Local> CHANGE PORT 3 DTRWAIT ENABLED
Configuring Modem Signals 10-11
Specifying RING
Specifying RING
Description
The RING characteristic is supported only on those access servers that support the
DSRS signal.
Certain terminal switches and computers need to detect a RING indicator signal (RI) before they activate. The access server can emulate the RI signal when the port is used with a BC22R or equivalent cable that crosses the DSRS signal of the access server over to the RI pin on the device. For information on this cable, refer to the access server hardware documentation.
When the port RING characteristic is set to enabled and MODEM CONTROL or
SIGNAL CONTROL is enabled, the access server asserts and deasserts DSRS once every 2 seconds. This continues until either the access server detects DSR or 30 seconds have elapsed. Upon receiving DCD, the access server establishes the connection. DTR and RTS are asserted unless DTRWAIT is enabled.
10-12 Configuring Modem Signals
Specifying ALTERNATE SPEED
Specifying ALTERNATE SPEED
Description
The ALTERNATE SPEED characteristic is only used with full MODEM CONTROL access servers.
Two speeds for a modem port can be defined in the access server database: primary and alternate (or fallback). The primary speed is defined with the speed characteristic; the ALTERNATE SPEED is defined with the ALTERNATE SPEED characteristic.
You normally set up the primary speed as the high speed and the ALTERNATE
SPEED as the low speed. For ALTERNATE SPEED to work, you must specify a single input/output speed for the speed characteristic.
If an ALTERNATE SPEED is specified, the access server asserts the DSRS signal along with DTR and RTS when receiving a connection. DSRS indicates that the higher primary speed should be used.
The access server monitors the SMI signal to determine whether to use the higher or lower speed. When SMI is asserted, the access server selects the higher speed; when
SMI is deasserted, the communications selects the lower speed. The modem connected to the access server must support the SMI signal in order for ALTERNATE SPEED to work; otherwise, erroneous data transmission can occur. To determine whether the modem supports the SMI signal, refer to your modem’s documentation.
The ALTERNATE SPEED feature can be used with dial-out (sends calls) modems.
For dial-in (receives calls) modems, you should enable autobaud and disable
ALTERNATE SPEED. This allows you to configure the dial-in modem to any speed supported by both the modem and the access server.
Configuring Modem Signals 10-13
Specifying DIALUP
Specifying DIALUP
Description
The DIALUP characteristic is used to notify LAT service nodes that a port user connected to the service through a dial-in modem. The service node can use this information to implement system security. With DIALUP enabled, the access server sends DIALUP notification to service nodes. With DIALUP disabled (the default), the access server does not notify the service nodes. If you do not enable DIALUP, the service node could treat the user’s service sessions as local connections at the service node itself. Ask the network manager and the service node system manager if they require this notification when there are dial-in modems at access server ports. The
DIALUP characteristic is not used for resources on the TCP/IP network.
10-14 Configuring Modem Signals
Sample Modem Configurations
Sample Modem Configurations
Introduction
This section provides sample modem configurations for access servers that support full
MODEM CONTROL.
Configuring a Dial-In Modem on a Full MODEM CONTROL Server
The following example provides a sample configuration for a dial-in modem operating at 57600 baud. Note that when the port password characteristic is enabled, you must have previously defined a server login password (refer to Specifying Passwords in
Chapter 22).
Local> DEFINE PORT 6 ACCESS LOCAL ALTERNATE SPEED NONE AUTOBAUD
ENABLED
Local> DEFINE PORT 6 INACTIVITY LOGOUT ENABLED MODEM CONTROL EN-
ABLED
Local>
Configuring a Dial-In Modem on a MODEM CONTROL Server
The following example provides a sample configuration for a dial-in modem operating at 9600 baud and configured for the RI-DCD-DSRS-DTR signals. Note that when the port password characteristic is enabled, you must have previously defined a server login password (refer to Specifying Passwords in Chapter 22).
Local> DEFINE PORT 6 ACCESS LOCAL AUTOBAUD ENABLED SPEED 9600
Local> DEFINE PORT 6 INACTIVITY LOGOUT ENABLED SIGNAL CONTROL EN-
ABLED
Local> DEFINE PORT 6 PASSWORD ENABLED SIGNAL SELECT RI-DCD-DSRS-
DTR
Local> DEFINE PORT 6 SPEED 9600
Configuring Modem Signals 10-15
Sample Modem Configurations
Configuring a Dial-Out Modem on a Full MODEM CONTROL Server
The following example provides a sample configuration for a dial-out modem operating at 1200 baud with an ALTERNATE SPEED of 300 baud:
Local> DEFINE PORT 3 ACCESS REMOTE AUTOBAUD DISABLED
Local> DEFINE PORT 3 AUTOPROMPT DISABLED BREAK DISABLED
Local> DEFINE PORT 3 DSRLOGOUT DISABLED DTRWAIT ENABLED
Local> DEFINE PORT 3 MODEM CONTROL ENABLED SIGNAL CHECK DISABLED
Local> DEFINE PORT 3 SPEED 1200 ALTERNATE SPEED 300
Local> LOGOUT PORT 3
Configuring a Dial-In and Dial-Out Modem on a Full MODEM CONTROL
Server
The following example provides a sample configuration for a dial-in and dial-out modem operating at 2400 baud:
Local> DEFINE PORT 4 ACCESS DYNAMIC AUTOBAUD DISABLED
Local> DEFINE PORT 4 DSRLOGOUT DISABLED FLOW CONTROL XON
Local> DEFINE PORT 4 INACTIVITY ENABLED MODEM CONTROL ENABLED
Local> DEFINE PORT 4 PASSWORD ENABLED SIGNAL CHECK DISABLED SPEED
2400
Local> LOGOUT PORT 4
10-16 Configuring Modem Signals
Sample Modem Configurations
Configuring a Dial-Out Modem on a MODEM CONTROL Server
The following example provides a sample configuration for a dial-out modem operating at 2400 baud and configured for the RI-DCD-DSRS-DTR signals:
Local> DEFINE PORT 3 ACCESS REMOTE AUTOBAUD DISABLED
Local> DEFINE PORT 3 AUTOPROMPT DISABLED BREAK DISABLED
Local> DEFINE PORT 3 DSRLOGOUT DISABLED DTRWAIT ENABLED
Local> DEFINE PORT 3 SIGNAL CONTROL ENABLED SIGNAL CHECK DISABLED
Local> DEFINE PORT 3 SIGNAL SELECT RI-DCD-DSRS-DTR
Local> DEFINE PORT 3 SPEED 2400
Local> LOGOUT PORT 3
Configuring a Dial-In and Dial-Out Modem on a MODEM CONTROL Server
The following example provides a sample configuration for a dial-in and dial-out modem operating at 115200 baud and configured for the CTS-DSR-RTS-DTR signals:
Local> DEFINE PORT 4 ACCESS DYNAMIC AUTOBAUD DISABLED
Local> DEFINE PORT 4 DSRLOGOUT DISABLED FLOW CONTROL XON
Local> DEFINE PORT 4 INACTIVITY ENABLED SIGNAL CONTROL ENABLED
Local> DEFINE PORT 4 PASSWORD ENABLED SIGNAL CHECK DISABLED
Local> DEFINE PORT 4 SIGNAL SELECT CTS-DSR-RTS-DTR
Local> DEFINE PORT 4 SPEED 115200
Local> LOGOUT PORT 4
Configuring Modem Signals 10-17
MODEM CONTROL Sequences
MODEM CONTROL Sequences
Introduction
Modem-controlled communication requires that the access server recognize what type of device is on a port and detect when this device is ready to communicate and when the device has ceased to communicate. The following section describes the general sequences of modem signals involved in establishing, in monitoring, and in ending communications.
Establishing a Connection
When a connection is initiated at a port, the access server follows the signaling sequence described in this section.
1 First, the access server examines the DTRWAIT characteristic to determine whether to assert data terminal-ready signal (DTR) and the request-to-send signal
(RTS) while the port is idle.
If DTRWAIT is DISABLED, the access server asserts DTR and RTS while the port is logged out.
If DTRWAIT is enabled, the access server delays assertion of DTR and RTS until either it detects any modem signal or a connection occurs. Then, the access server asserts DTR and RTS.
When asserting DTR and RTS, if conditions require the data-signal-rate-selector signal (DSRS), the access server asserts DSRS at the same time.
2 After asserting DTR and RTS, the access server waits 2 seconds and monitors the data-set-ready signal (DSR), which helps the access server identify the type of device on the port. The presence of DSR indicates a null modem device. A delay of DSR indicates a modem.
If DSR is delayed, the access server watches for one of the following situations:
— A clear-to-send signal (CTS), which indicates a V.25/bis compatible modem.
— The absence of a signal, which indicates a DIGITAL modem.
Note
For dial-out modems, the access server enables data communication before detecting DSR. Otherwise, the access server waits until detecting DSR to enable data communication.
10-18 Configuring Modem Signals
MODEM CONTROL Sequences
3 After first detecting DSR, the access server monitors the port for CTS and DCD.
If it detects CTS and DCD within 30 seconds, the access server enables data flow on the line. If it does not detect CTS and DCD within 30 seconds, the access server disconnects the line.
4 At this point, if an ALTERNATE SPEED is defined, the access server examines the state of the SMI signal. The modem asserts SMI if it has accepted the higher port speed. When it requires a fallback speed, the modem does not assert SMI, and the access server sets the port to the fallback (lower) speed.
5 For dial-in lines, the user must log in to the access server successfully within 120 seconds, or the access server automatically disconnects the call.
Response to Momentary Loss of CTS
If the port device drops CTS (but not DCD), the access server suspends data transmission on the line until the port device reasserts CTS.
Disconnecting
The access server disconnects the sessions on a port when any of the following events occur on the port: DCD is lost for more than 2 seconds, DSR is lost, or a LOGOUT command is received.
Disconnecting involves the following series of events:
1 The access server disables data exchanges on the port and waits 300 milliseconds for the stop bit of the last transmitted character to be given to the port device.
2 The access server logs out the port, thereby disconnecting all sessions.
3 The access server drops DTR, RTS, and DSRS for 5 seconds.
4 After 5 seconds, the access server resumes the port device interaction as described in step 1 of the Establishing a Connection sequence in this section.
Configuring Modem Signals 10-19
Configuring DTR and DSR Signals
Configuring DTR and DSR Signals
Introduction
This section describes how to configure DTR and DSR signals for those access servers that do not support the other modem signals. DSR flow control must be disabled when you are using the various port characteristics to control the DSR and DTR signals. DSR flow control can override the port characteristics.
Port Characteristic Effects on the DTR and DSR Signals
The following table shows the enabled port characteristic effect on DTR and DSR signals:
Enabled Characteristic
SIGNAL CONTROL
(SIGNAL CHECK and
DTRWAIT disabled)
DSRLOGOUT
(SIGNAL CONTROL and
SIGNAL CHECK disabled
SIGNAL CHECK
(SIGNAL CONTROL disabled)
DTR and DSR Actions
DTR is deasserted for 5 seconds as a consequence of a logout; otherwise, it is always asserted.
Solicited remote connection is established regardless of the state of DSR. Reception of asynchronous data is accepted once the connection is established.
Port is logged out if DSR is deasserted after initial assertion.
DTR is always asserted.
Solicited remote connection is accepted regardless of the state of DSR.
Port is logged out if DSR is deasserted after initial assertion.
Reception of asynchronous data is not be accepted unless DSR is asserted.
DTR is always asserted.
Solicited remote connection will not be accepted unless DSR is asserted.
Port is logged out if DSR is deasserted after initial assertion.
10-20 Configuring Modem Signals
Enabled Characteristic
DTRWAIT
SIGNAL CONTROL and
DTRWAIT
(SIGNAL CHECK disabled)
SIGNAL CONTROL and
SIGNAL CHECK
(DTRWAIT disabled)
SIGNAL CONTROL,
SIGNAL CHECK, and
DTRWAIT
Configuring DTR and DSR Signals
DTR and DSR Actions
Port status indicates “Signal Wait” if connections cannot be accepted because DSR is deasserted.
Has no affect unless SIGNAL CONTROL is enabled.
DTR is asserted only if there is a solicited remote connection.
Solicited remote connection is established regardless of the state of DSR. Reception of asynchronous data is accepted once the connection is established.
Port is logged out if DSR is deasserted after initial assertion.
DTR is deasserted for 5 seconds minimum as a consequence of a logout. DTR can only be reasserted when a connection is accepted.
Reception of asynchronous data is not accepted unless DSR and DTR are asserted.
DTR is deasserted for 5 seconds minimum as a consequence of a logout; otherwise, it is always asserted.
Port is logged out if DSR is deasserted after initial assertion.
Reception of asynchronous data is not accepted unless DSR and DTR are asserted.
Port status indicates “Signal Wait” if connections cannot be accepted because DSR is deasserted.
Solicited remote connection is not accepted unless DSR is asserted.
DTR will only be asserted if there is a solicited remote connection.
Port is logged out if DSR is not asserted within 60 seconds of connection acceptance.
Configuring Modem Signals 10-21
Configuring DTR and DSR Signals
Enabled Characteristic DTR and DSR Actions
Port is logged out if DSR is deasserted after initial assertion.
DTR is deasserted for 5 seconds minimum as a consequence of a logout. DTR can only be reasserted when a connection is accepted.
Reception of asynchronous data is not accepted unless DSR and DTR are asserted.
Port status indicates “Signal Wait” if connections cannot be accepted because DSR is deasserted.
Solicited remote connection is not accepted unless DSR is asserted.
Same as SIGNAL CONTROL.
SIGNAL CONTROL and
DSRLOGOUT
SIGNAL CONTROL,
SIGNAL CHECK, and
DSRLOGOUT
SIGNAL CONTROL,
DTRWAIT, and
DSRLOGOUT
SIGNAL CONTROL,
SIGNAL CHECK, DTRWAIT, and DSRLOGOUT
SIGNAL CHECK and
DSRLOGOUT
Same as SIGNAL CONTROL and SIGNAL
CHECK.
Same as SIGNAL CONTROL and
DTRWAIT.
Same as SIGNAL CONTROL, SIGNAL
CHECK, and DTRWAIT.
Same as SIGNAL CHECK.
10-22 Configuring Modem Signals
Chapter 11
Configuring and Managing Interactive
Devices
Overview
Introduction
This chapter explains how to configure and manage interactive devices, such as terminals, terminal-like devices, and personal computers (PCs) in terminal emulation mode. Before you use the procedures in this chapter, you must:
•
Connect and test the devices.
•
Enable privileged status.
•
Configure the port and device characteristics to match.
For More Information
For information about connecting device cables, refer to your access server hardware documentation.
In This Chapter
This chapter contains the following topics:
•
Configuring an Interactive Device for LAT Sessions
•
Configuring an Interactive Device for Telnet Sessions
•
Configuring a Session Management (TD/SMP) Terminal
•
Configuring On-Demand Loading for Asian Terminals
•
Configuring for Block-Mode Terminals
•
Specifying the Telnet Client Session Profile
•
Configuring Individual Telnet Client Session Characteristics
•
Managing Access Server User Accounts
Configuring and Managing Interactive Devices 11-1
•
Managing Users
•
Managing Sessions
11-2 Configuring and Managing Interactive Devices
Configuring an Interactive Device for LAT Sessions
Configuring an Interactive Device for LAT Sessions
Configuring an Interactive Device for LAT Sessions
The following example shows a sample configuration of a device connected to LAT services:
Local> CHANGE PORT 6 ACCESS LOCAL AUTHORIZED GROUPS 10,24,46
Local> CHANGE PORT 6 AUTOBAUD ENABLED AUTOPROMPT ENABLED
Local> CHANGE PORT 6 BREAK LOCAL DEDICATED NONE DEFAULT
PROTOCOL LAT
Local> CHANGE PORT 6 DSRLOGOUT ENABLED FLOW CONTROL XON
Local> CHANGE PORT 6 INACTIVITY LOGOUT ENABLED INTERRUPTS
DISABLED
Local> CHANGE PORT 6 LIMITED VIEW DISABLED PASSWORD DISABLED
Local> CHANGE PORT 6 QUEUING ENABLED REMOTE MODIFICATION DISABLED
Local> SET PORT 6 GROUPS ALL ENABLED
Configuring and Managing Interactive Devices 11-3
Configuring an Interactive Device for LAT Sessions
Sample Network Configuration
The following figure show the sample network configuration for LAT and Telnet sessions:
Configuring LAT Group Codes for Interactive Devices
Group codes are subdivisions of a LAT network. Group codes are used to partition the network into combinations of service nodes, service-node services, and access server ports.
To configure group codes on an access server, perform the following steps:
Step
1
Action
Determine the group codes of the LAT services that a port user needs by entering the SHOW NODE STATUS command.
11-4 Configuring and Managing Interactive Devices
Configuring an Interactive Device for LAT Sessions
Step
2
3
Action
Enable the applicable groups on the port as illustrated by the following commands:
Local> CHANGE PORT 5 AUTHORIZED GROUPS 10,24,46
Local> SET PORT 5 GROUPS ALL ENABLED
If necessary, disable any unwanted group that was previously enabled. The following commands show how to disable group 0 on port 5:
Local> CHANGE PORT 5 AUTHORIZED GROUPS 0 DISABLED
Local> SET PORT 5 GROUPS ALL ENABLED
Specifying AUTOCONNECT
When you disable the AUTOCONNECT characteristic on a given port, the access server displays the local mode prompt after you log in. You can then enter the
CONNECT command to use a network resource.
When you enable the AUTOCONNECT characteristic on a given port and a dedicated or preferred service is enabled, the port automatically connects a port to that service at log in. The port also attempts to reestablish the current session if the connection fails.
You must enable AUTOCONNECT for a dedicated service port.
With preferred and dedicated service disabled, enabling AUTOCONNECT allows the access server to attempt to reestablish any service connection that terminates abnormally. If a service is not available when a connection attempt is made, the access server repeatedly retries to connect as specified by the CONNECT command. This feature is helpful when a user wants the access server to repeat connection attempts to a currently non-operational service node. When a session is established with the node, the access server notifies the user with a beep signal and a message.
Attempts to reconnect upon LAT session failure are made every 30 seconds. The attempts continue until the user enters local mode by using the Break key or the local switch key. Unless a dedicated service is in effect, a status message appears at the port device indicating that the access server is trying to restart a session. The new connection can be made to any service node that supplies the same service, unless a node or destination was supplied in the CONNECT command or when the preferred service was set up.
Example: Enabling AUTOCONNECT
The following example shows how to enable AUTOCONNECT on port 5:
Local> CHANGE PORT 5 AUTOCONNECT ENABLED
Configuring and Managing Interactive Devices 11-5
Configuring an Interactive Device for LAT Sessions
Specifying AUTOPROMPT
The AUTOPROMPT characteristic is only used with the LAT protocol. This characteristic controls the initiation of a login process on some service nodes when a session begins. The access server sends the status of the AUTOPROMPT characteristic whenever you establish a new LAT service session.
By default, AUTOPROMPT is enabled. If the service node supports AUTOPROMPT, the service node performs a system-specific login sequence, such as displaying a service announcement or login prompt.
If you disable AUTOPROMPT and the service node recognizes this, the service node does not perform any login sequence. Since devices without keyboards cannot respond to a login sequence, you should disable AUTOCONNECT for these devices.
Example: Disabling AUTOPROMPT
The following example shows how to disable AUTOPROMPT:
Local> CHANGE PORT 5 AUTOPROMPT DISABLED
Specifying the Default Protocol
The following options are available with the SET/DEFINE/CHANGE PORT
DEFAULT PROTOCOL command:
•
LAT — The access server defaults to the LAT protocol when the user does not specify a protocol in the CONNECT command.
•
SLIP — The access server defaults to the SLIP protocol when the user does not specify a protocol in the CONNECT command.
•
TELNET — The access server defaults to the Telnet protocol when the user does not specify a protocol in the CONNECT command.
•
ANY — The access server first searches the network resources on the LAT network when the user does not specify a protocol in the CONNECT command.
If unsuccessful, the access server then searches the network resources on the TCP/
IP network. The AUTOCONNECT characteristic must be disabled when the default protocol is set to ANY.
•
PPP — The access server defaults to the PPP protocol if the user does not specify a protocol with the CONNECT command.
•
AUTOLINK — The access server passively examines characters received from the attached device. If the access server detects a PPP or SLIP connection, it attempts to change the current session into the appropriate data link session type,
PPP or SLIP. If the access server cannot identify the data as PPP or SLIP, it starts and interactive session.
An adjunct to the AUTOLINK protocol is AUTOLINK authentication. See
Managing Dial-Up Access Security with AUTOLINK and AUTOLINK
11-6 Configuring and Managing Interactive Devices
Configuring an Interactive Device for LAT Sessions
Authentication in Chapter 21 for details.
Specifying Failover
If a LAT service node suddenly becomes unavailable during a session, the access server searches for another LAT service node that offers the same service. If the access server finds one or more suitable nodes, it attempts to connect to the service on the node with the highest service rating. This process is called failover.
When used with a VAXcluster computer network, failover provides a flexible terminal connection to the VAXcluster service.
This feature can be disabled on each port.
Example: Disabling Port Failover
The following example shows how to disable failover on port 2:
Local> CHANGE PORT 2 FAILOVER DISABLED
Configuring Port Queuing
When a user on the access server tries to connect to a busy service on an access server, the Port Queuing characteristic allows the connect request to be queued. The service must be on an access server, either the same one as the user’s or a different one.
The queuing of the connect request also depends on whether the access server offering the service has reached its queue limit or has queuing disabled. In this case, the connection is not queued and the user receives a message that indicates that service is not available.
If the access server offering the service has queuing enabled and has not reached its queue limit, the request is queued. If more than one access server offers the service, your access server will attempt to connect to the target access server that has the highest service rating. For access servers that offer queuing, service ratings are higher for access servers that have the greatest number of open positions in their connection queues.
If the port queuing characteristic is disabled, your access server cannot request a queue connection when a service is busy. Therefore, if the service is busy, your user receives a message that indicates that service is not available.
The factory-set default is disabled.
Example: Enabling Queuing on a Port
This example shows how to enable queuing on port 5:
Local> CHANGE PORT 5 QUEUING ENABLED
Configuring and Managing Interactive Devices 11-7
Configuring an Interactive Device for LAT Sessions
The Service Connections Characteristic
The service connections characteristic allows you to disable additions to the connection queue when a given service is busy. Changing this characteristic does not affect requests that are already in the queue.
Example: Disabling Port Queuing
The following example shows how to disable additional queued connections for the service LN03_PRINT:
Local> CHANGE SERVICE LN03_PRINT CONNECTIONS DISABLED
Server Queue Limit Characteristics
The server queue limit characteristic the maximum number of entries permitted at one time in the queue. The access server can queue up to 200 connection requests.
Example: Changing Queue Limit Characteristics
The following example shows how to change the queue limit to 150:
Local> CHANGE SERVER QUEUE LIMIT 150
Displaying Access Server Queue Entries
The SHOW/MONITOR QUEUE command displays the status of requests in the connection queue.
Options for the SHOW/MONITOR QUEUE Command
The following table lists the SHOW/MONITOR QUEUE commands:
Option
PORT port-number
NODE node-name
SERVICE service-name
ALL
Displays Entries For
A specific port
A specific node
A specific service
All types of requests
For example, to display information about the entries for the service LASER, enter the following command:
Local> SHOW QUEUE SERVICE LASER
The entry identification numbers in a SHOW/MONITOR QUEUE display can range from 1 to 9999. They are not related to the queue depth or the queue limit.
11-8 Configuring and Managing Interactive Devices
Configuring an Interactive Device for LAT Sessions
SHOW QUEUE ALL Display Example
The following example shows how to generate a queue display. For each queued request, the displays have one line of information arranged in columns under fixed headings.
Local> SHOW QUEUE ALL
Position Entry Source Node Service Port Name
1 128 ORANGE TIMESHARING4 2 PORT_NAME
2 130 BANANA SALES 4 PORT_NAME
3 131 PEACH ENGINEERING
Removing Entries from the Access Server Queue
Use the REMOVE QUEUE command to modify the connection queue by selectively removing entries from the queue. When you remove an entry from the access server queue, the access server notifies either the requesting service node (for a host-initiated request) or the terminal user (for a local-access request) that the request is being rejected.
No default entry exists for the REMOVE QUEUE command, and failure to specify what entry or entries are to be removed from the queue results in an error. The following sets of entries can be removed:
•
A specific entry by using the REMOVE QUEUE ENTRY entry-number command for each entry
•
The entries from a specific requesting node by using the REMOVE QUEUE
NODE node-name command
•
The entries for a specific requested service by using the REMOVE QUEUE
SERVICE service-name command
•
All queue entries by using the REMOVE QUEUE ALL command
Effect on the Queue
The REMOVE QUEUE ALL command deletes all queue entries, but it does not disable the queue; the next connection request takes position 1 in the queue.
Example: Remove Queue
The following example shows how you can remove entry number 10 by using the following privileged command:
Local> REMOVE QUEUE ENTRY 10
Configuring and Managing Interactive Devices 11-9
Configuring an Interactive Device for LAT Sessions
Configuring Port Characteristics
The port characteristic, remote modification, when enabled, allows a LAT node to modify particular access server port characteristics. These characteristics include speed, character size, parity, and LOSS NOTIFICATION. The LAT node must also support this feature. The factory-set default is disabled.
You should avoid enabling remote modification and security on the same port.
Enabling these characteristics allows a secure user to modify the port from the host; normally the secure user cannot modify the port.
Example: Configuring Remote Modification for Port Characteristics
The following example shows how to enable remote modification on port 5:
Local> CHANGE PORT 5 REMOTE MODIFICATION ENABLED
11-10 Configuring and Managing Interactive Devices
Configuring an Interactive Device for Telnet Sessions
Configuring an Interactive Device for Telnet Sessions
Introduction
User-oriented characteristics, such as forward switch and VERIFICATION and the various Telnet session characteristics (see Configuring Individual Telnet Client
Session Characteristics in this chapter), are not included in this example. Also, this example assumes that the port and device characteristics match. (See the Matching the
Port and Device Characteristics section in Chapter 9.)
The following are variables that you should substitute with the appropriate value:
•
Access server port number
•
FLOW CONTROL (you cannot enable DSR FLOW CONTROL when the
DSRLOGOUT characteristic is enabled, as described in FLOW CONTROL
Types)
Reference
For a description of each command, refer to the Network Access Server Command
Reference.
Note
Not all commands can be combined on one line.
Configuring a Device on Port 6 for Internet Hosts Example
The following example shows a sample configuration of a device connected to Internet hosts, which is illustrated in the Sample Network Configuration section in this chapter:
Local> CHANGE PORT 6 ACCESS LOCAL AUTOBAUD ENABLED
Local> CHANGE PORT 6 BREAK LOCAL DEDICATED NONE
Local> CHANGE PORT 6 DEFAULT PROTOCOL TELNET
Local> CHANGE PORT 6 DSRLOGOUT ENABLED FLOW CONTROL XON
Local> CHANGE PORT 6 INACTIVITY LOGOUT ENABLED INTERRUPTS
DISABLED
Local> CHANGE PORT 6 LIMITED VIEW DISABLED PASSWORD DISABLED
Local> CHANGE PORT 6 TELNET CLIENT PROFILE CHARACTER
To connect to any host available on the TCP/IP network, the user enters the
CONNECT, OPEN, or TELNET command.
Enable DSRLOGOUT or LONGBREAK LOGOUT (see Specifying DSRLOGOUT and Specifying LONGBREAK LOGOUT in Chapter 9) if you wish the access server to log out the port when the device is turned off. Note that the access server, device, and device cable must support the DSR signal if you use DSRLOGOUT.
Configuring and Managing Interactive Devices 11-11
Configuring an Interactive Device for Telnet Sessions
Reference
For a description of the default protocol characteristic, refer to Specifying the Default
Protocol in this chapter.
For a description of the Telnet client profiles, refer to Specifying the Telnet Client
Session Profile in this chapter.
11-12 Configuring and Managing Interactive Devices
Configuring a Session Management (TD/SMP) Terminal
Configuring a Session Management (TD/SMP) Terminal
Introduction
The MULTISESSION characteristic allows a session management terminal using the terminal device/session management protocol (TD/SMP) to manage each terminal session at the terminal itself, not at the access server. A terminal session is a single session on an access server port that is operating under session management control.
Session management terminals can have more than one terminal session with the access server, but each terminal session can have one service session. A service
session is a session between a network resource and the terminal session.
With session management terminals, TD/SMP maintains the context of a service session when the user switches to another terminal session. Session data from a service node continues even though the service session is currently inactive. You can visualize a session management terminal as two or more standard terminals using the same physical access server port. For terminals that do not implement TD/SMP, the access server suspends service session data until the user resumes the session.
How to Configure
Configure the session management terminal for a LAT session as described in the
Configuring an Interactive Device for LAT Sessions section in this chapter. Configure a Telnet session as described in the Configuring an Interactive Device for Telnet
Sessions section in this chapter. In addition you enable MULTISESSIONs on the port, as follows:
Local> CHANGE PORT 2 MULTISESSIONS ENABLED
Benefits and Restrictions Summary
The following is a summary of the benefits and restrictions for session management terminals:
•
Context preservation for terminal sessions and their corresponding service sessions.
•
Multiple local modes (one for each terminal session) to manage service sessions and port characteristics.
•
Simultaneous data exchange with multiple service sessions.
•
Management of terminal sessions using terminal commands.
•
Restrictions on some access server commands (see the table in the Local Mode
Command Restrictions During Session Management section in this chapter).
Configuring and Managing Interactive Devices 11-13
Configuring a Session Management (TD/SMP) Terminal
•
The dedicated service characteristic must be disabled. (See the User Account
Command Parameters section in this chapter.)
Local Mode Command Restrictions During Session Management
The following table list the restrictions on some of the access server commands:
Command
CONNECT
DISCONNECT DISCONNECT
ALL
LOGOUT
LOGOUT PORT
Descriptions
Establishes a service session for any terminal session. You cannot use it to establish an additional service session. To do this, you must open another terminal session.
Either command disconnects the current service session but does not disconnect the terminal session. When a service session is disconnected, the terminal session remains in local mode.
LOGOUT closes your current terminal session only and disconnects the service session associated with it (if there is one). You are not logged out of the access server. You can open or switch to another terminal session.
LOGOUT PORT does a full log out, logging you out of the access server, closing all terminal sessions and service sessions. It also ends session management.
SET PRIVILEGED Applies to the port and to all terminal sessions on the port.
SET/DEFINE/CHANGE PORT Changes the current characteristics for an access server port. Changes apply to all terminal sessions for that port. The preferred service characteristic behaves differently for terminal sessions. The preferred service is supported while you are in a terminal session when you use a CONNECT command without specifying a service. The preferred service also takes effect when you establish a terminal session if you do not specify a service name when the terminal prompts you for one. If you do not want to connect to the preferred service from your terminal session, enter the name
“local” when your terminal prompts you for a service name.
11-14 Configuring and Managing Interactive Devices
Configuring a Session Management (TD/SMP) Terminal
Logging In with Multisessions
The following is a typical procedure for logging in at a session management terminal with MULTISESSIONS enabled at the access server port:
Step
1
2
3
Action
Press the Return key once or twice to obtain the introductory banner and username prompt. After the user optionally enters a user name, the access server invokes session management, and the terminal prompts the user for a network resource name. The access server then uses that name to create a session for the terminal session. If a preferred service is defined and AUTOCONNECT is enabled, the access server starts a session with the preferred service. If you do not enter a network resource name for a terminal session, the access server places the port in local mode.
Request additional terminal sessions (and associated sessions) by entering a terminal command. The terminal prompts the user again for a network resource name for each terminal session. The access server creates a session for each terminal session.
Switch among your terminal sessions by using a switch session key on the terminal keyboard.
In local mode, you can enter access server commands at the access server prompt. (The
Local Mode Command Restrictions During Session Management table lists command restrictions that apply to session management terminals.) If you enter LOCAL as a service name for a terminal session, the access server places the port in local mode.
Configuring and Managing Interactive Devices 11-15
Configuring On-Demand Loading for Asian Terminals
Configuring On-Demand Loading for Asian Terminals
Introduction
Asian terminals implementing the On-Demand Loading (ODL) font protocol can communicate with an OpenVMS load host through an access server. The access server software has an on-demand loading characteristic that enables the ODL protocol.
When the on-demand loading characteristic is enabled on the access server, the ODL protocol overrides FLOW CONTROL during font loading to allow for Asian characters. This function is available only on a LAT network.
On-Demand Loading Configuration Example
The following shows how to enable on-demand loading on port 5:
Local> CHANGE PORT 5 ON-DEMAND LOADING ENABLED
Disable Switch Character
You should disable the access server switch characters to prevent interference with font requests from an Asian terminal.
Reference
See the following sections in this chapter: Specifying Keys to Switch Between
Sessions, Defining the Break Key, and Specifying a Key to Switch to Local Mode.
11-16 Configuring and Managing Interactive Devices
Configuring for Block-Mode Terminals
Configuring for Block-Mode Terminals
Description
Block-mode terminals do not require any special setup to communicate with a host through an access server. The access server software automatically allows terminals that support block mode to transmit large blocks of data without using FLOW
CONTROL.
Buffer Size
The maximum receive buffer size is 2048 bytes (512 bytes for DS700-16 access servers with less than 1 MB).
Configuring and Managing Interactive Devices 11-17
Specifying the Telnet Client Session Profile
Specifying the Telnet Client Session Profile
Introduction
You can set various features for a Telnet client session. You can either choose a profile that has many of the characteristics predefined or set the characteristics individually
(refer to Configuring Individual Telnet Client Session Characteristics in this chapter).
Many of the characteristics have factory-set defaults.
Profiles Types
Each profile is a set of predefined Telnet client session characteristics. There are two basic profiles:
•
CHARACTER — Typically used with interactive users at a terminal or similar device. All characters entered by the user are sent to the Internet host for handling.
The host edits, ECHOes, and processes the user data. This is the factory-set default.
•
BINARY — Used primarily with file transfers. All port and Telnet special characters, such as forward and backward switches and XON/XOFF FLOW
CONTROL characters, are ignored by the access server and sent to the Internet host.
Profile Characteristics
You can customize a profile by first selecting a profile, then changing specific characteristics. However, the profile itself is invalidated. For example, you could select the BINARY profile, then enable FLOW CONTROL in the receive direction.
To display the profile and client session characteristics, refer to Displaying Session
Characteristics in this chapter.
11-18 Configuring and Managing Interactive Devices
Specifying the Telnet Client Session Profile
Telnet Client Session Characteristics Predefined for Each Profile
The following table lists the Telnet client session characteristics that are predefined for each profile. Enabling a profile automatically sets all the characteristics to the value specified by the profile, except those listed as “use current value.” Those characteristics keep their existing value.
Character
Profiles
Binary Session
Characteristics
ECHO Remote Use current access server value
1
Duplex
8
BINARY
CHARACTER SIZE
(Transmit)
CHARACTER SIZE
(Receive)
SIGNAL REQUEST
AO, IP, AYT, SYNCH,
EOR, BRK
TOGGLE ECHO
QUOTE
AUTOFLUSH
AUTOSYNC
NEWLINE FROM
TERMINAL
Disabled
Use current value
Use current value
Enabled
Use current value
Not used
Use current value
Use current value
Use current value
Use current value
NEWLINE TO
TERMINAL
Use current value
NEWLINE FROM HOST Use current value
NEWLINE TO HOST Use current value
FLOW CONTROL
MESSAGE
VERIFICATION
Enabled
Enabled
8
Disabled
Not used
Not used
Not used
Not used
Not used
Not used
Not used
Not used
Not used
Disabled
Disabled
Configuring and Managing Interactive Devices 11-19
Specifying the Telnet Client Session Profile
Session
Characteristics
SWITCH
CHARACTERS
Character
Enabled
Profiles
Binary
Disabled
TERMINAL TYPE Use current access server value
Use current access server value
1.
If ECHO is in local mode, the ECHO characteristics are suppressed, and characters are not echoed.
11-20 Configuring and Managing Interactive Devices
Configuring Individual Telnet Client Session Characteristics
Configuring Individual Telnet Client Session
Characteristics
Modifying Telnet Session Characteristics
You can modify the Telnet client session characteristics in two ways: at the port level or for the individual session using the SET SESSION command. Modifying the characteristics at the port level enables those values for Telnet client sessions at that port when sessions are created. Also, you can save the characteristics in the permanent database. The values you set with the SET SESSION command are lost once you log out of the session.
Specifying ECHO Characteristics
The user can specify whether characters entered at the port device are echoed at the access server (LOCAL) or at the remote Internet host (REMOTE). The factory-set default is REMOTE. The Example: Specifying ECHO Characteristics shows how to set ECHO CONTROL to LOCAL on port 5.
Example: Specifying ECHO Characteristics
Local> CHANGE PORT 5 TELNET CLIENT ECHO LOCAL
You can suppress local echoing by either selecting ECHO LOCAL and then selecting the BINARY profile or by selecting ECHO LOCAL and then using the toggle ECHO character (See Specifying ECHO Characteristics in this chapter).
Specifying the BINARY Characteristic
The BINARY characteristic allows the user to enable BINARY communication in either one or both directions (to or from the Internet host). The TRANSMIT characteristic enables BINARY communication in the access server to the Internet host direction. The RECEIVE characteristic enables BINARY communication in the
Internet host to the access server direction. The DUPLEX characteristic enables
BINARY communication in both directions.
The following example shows how to enable BINARY communication in the transmit direction on port 5:
Example: Enabling BINARY Characteristics
Local> CHANGE PORT 5 TELNET CLIENT BINARY TRANSMIT
Enabling the BINARY characteristic does some, but not all, of what a user might require to send and receive BINARY files over the Telnet connection. For BINARY transfers, you should use the BINARY profile instead of the BINARY characteristic.
Configuring and Managing Interactive Devices 11-21
Configuring Individual Telnet Client Session Characteristics
The following example shows how to disable the BINARY characteristic:
Example: Disabling BINARY Characteristics
Local> CHANGE PORT 5 TELNET CLIENT BINARY DISABLE
Specifying CHARACTER SIZE
The CHARACTER SIZE characteristic allows the user to select the character size, 7- or 8-bit, that is used during a session with an Internet host. In addition, the character size can be specified in the transmit direction, receive direction, or both directions.
Example: Setting CHARACTER SIZE
The following example shows how to set CHARACTER SIZE to 7-bit in both directions for port 5:
Local> CHANGE PORT 5 TELNET CLIENT CHARACTER SIZE 7
Example: Setting CHARACTER SIZE for a Specific Direction
The following example shows how to set CHARACTER SIZE to 7 in the transmit direction. To set the character size in the receive direction, use RECEIVE instead of
TRANSMIT.
Local> CHANGE PORT 5 TELNET CLIENT TRANSMIT CHARACTER SIZE 7
Mapping Keyboard Characters to Telnet Functions
You can assign keyboard characters to various Telnet functions. The SIGNAL
REQUEST characteristic can enable or disable all these functions. The factory-set default is ENABLED.
Example: Disabling SIGNAL REQUEST
The following example shows how to disable SIGNAL REQUEST on port 5:
Local> CHANGE PORT 5 TELNET CLIENT SIGNAL REQUEST DISABLED
Example: Mapping Keyboard Characters
The following example shows how to map the AO function to the Delete key:
Local> CHANGE PORT 5 TELNET CLIENT AO <DEL>
You can use the SET SESSION command to map a Telnet function to a key for a particular session. This mapping only lasts for the duration of the specified session.
You cannot map a keyboard character to more than one function.
11-22 Configuring and Managing Interactive Devices
Configuring Individual Telnet Client Session Characteristics
Telnet Keymapping Functions
The following table shows key function definitions mapped to specific keys. You can disable any of the Telnet commands in this table by using the keyword NONE. For example, to disable AO for port 5, you enter the following:
Local> CHANGE PORT 5 TELNET CLIENT AO NONE
Function
Abort Output (AO)
Interrupt Process (IP)
Synch
Are You There (AYT)
Break (BRK)
End of Record (EOR)
Quote
Toggle Echo
Description
Aborts any output that is on its way to the user’s terminal. If an Internet host hangs after an AO is sent, use the SEND
RESUME OUTPUT command.
Aborts the process at the remote Internet host.
Default
Ctrl/O
Ctrl/Y
Drops input on its way to the remote
Internet host. This includes output queued by the access server and the host.
Verifies if the connection to the Telnet server is still active. You must resume the session to see the Telnet server’s response.
Ctrl/X
Ctrl/T
None Sends a Telnet Break command to the
Internet host. The way that this command is interpreted depends on the host.
Sends a Telnet End of Record command to the Internet host. This command is only sent if the EOR option is enabled through negotiation with the peer.
Causes the next character to be treated as ordinary data. To send a key mapped to a
Telnet command as ordinary data, you precede the key with the Quote command.
Defines a character to enable or disable the echoed input when the ECHO option is local. You can use this command to suppress a local echo when you type a password.
None
None
Ctrl/E
Configuring and Managing Interactive Devices 11-23
Configuring Individual Telnet Client Session Characteristics
Specifying AUTOFLUSH
The AUTOFLUSH characteristic automatically invokes the AO function whenever you enter the IP, SYNCH, AYT, EOR, or BRK characters. AUTOFLUSH aborts all output on its way to the user’s terminal
By default, AUTOFLUSH is enabled for IP, and is disabled for SYNCH and AYT.
Example: Disabling AUTOFLUSH
The following example shows how to disable AUTOFLUSH for the IP character on port 5:
Local> CHANGE PORT 5 TELNET CLIENT AUTOFLUSH IP DISABLED
When you enter a SHOW PORT CHARACTERISTICS command, the -f and +f symbols indicate if AUTOFLUSH is disabled or enabled for a given character.
Specifying AUTOSYNCH
The AUTOSYNCH characteristic automatically invokes SYNCH function whenever you enter the IP, AO, or AYT characters. (Refer to Mapping Keyboard Characters to
Telnet Functions in this chapter.) AUTOSYNCH causes all output on it way to the remote process to be dropped. This function allows IP, AO, or AYT to have a more immediate effect.
By default, AUTOSYNCH is enabled for IP, and disabled for AO and AYT.
Example: Specifying AUTOSYNCH
The following example shows how to disable AUTOSYNCH for IP and enable
AUTOSYNCH for AO on port 5:
Local> CHANGE PORT 5 TELNET CLIENT AUTOSYNCH IP DISABLED
Local> CHANGE PORT 5 TELNET CLIENT AUTOSYNCH AO ENABLED
When you enter a SHOW PORT CHARACTERISTICS command, the -s and +s symbols indicate if AUTOSYNCH is disabled or enabled for a given character.
Specifying Telnet Client Newline
The NEWLINE characteristics allow the user to define a 1- or 2-character sequence that will be interpreted as a new line. This characteristic is useful for devices that generate or recognize sequences for a new line other than CRLF or CR. There are four different directions as follows. In this case, terminal specifies the user at the access server and host specifies the Telnet server at the remote end of the connection.
•
NEWLINE FROM TERMINAL — When entered, the character sequence is interpreted as a new line. The factory-set default is <CR>.
11-24 Configuring and Managing Interactive Devices
Configuring Individual Telnet Client Session Characteristics
•
NEWLINE TO TERMINAL — When entered, the character sequence is sent to the user’s terminal whenever a NEWLINE FROM HOST sequence is received.
The factory-set default is <CRLF>.
•
NEWLINE FROM HOST — When received from the Internet host, the character sequence is interpreted as a new line. The factory-set default is <CRLF>. Note that the Telnet protocol specifies that the CRLF sequence should be sent.
•
NEWLINE TO HOST — When entered, the character sequence is sent to the
Internet host whenever a NEWLINE FROM TERMINAL sequence is received.
The factory-set default is <CRLF>. Note that the Telnet protocol specifies that the
CRLF sequence should be sent.
You can define NONE if you do not want a character to be defined.
Example: Specifying Telnet Client NEWLINE
The following example shows how to define no character for NEWLINE TO
TERMINAL and “AB” as a character string for Newline To Terminal on port 5:
Local> CHANGE PORT 5 TELNET CLIENT NEWLINE TO TERMINAL NONE
Local> CHANGE PORT 5 TELNET CLIENT NEWLINE TO TERMINAL AB
Specifying FLOW CONTROL
The FLOW CONTROL characteristic enables or disables the XON/XOFF FLOW
CONTROL characters for any Telnet client session created at the port.
The access server supports the remote FLOW CONTROL feature, where the remote
Telnet server can toggle on and off the XON and XOFF output FLOW CONTROL characters from the access server (client). This happens when an application on the
Telnet server uses the XON and XOFF characters for a function other than FLOW
CONTROL.
Example: Disabling FLOW CONTROL
The following example shows how to disable FLOW CONTROL on the Telnet client on port 5:
Local> CHANGE PORT 5 TELNET CLIENT FLOW CONTROL DISABLED
You can enable or disable FLOW CONTROL from the device to the access server
(input) or from the access server to the device (output). By not specifying the keywords
INPUT or OUTPUT, FLOW CONTROL is enabled in both directions.
Examples: Enabling FLOW CONTROL
The following example shows how to enable FLOW CONTROL from the device to port 5:
Local> CHANGE PORT 5 TELNET CLIENT INPUT FLOW CONTROL ENABLED
Configuring and Managing Interactive Devices 11-25
Configuring Individual Telnet Client Session Characteristics
The following shows how to enable FLOW CONTROL from port 5 to the device:
Local> CHANGE PORT 5 TELNET CLIENT OUTPUT FLOW CONTROL ENABLED
Specifying MESSAGE VERIFICATION
The MESSAGE VERIFICATION characteristic controls the display of session information when an existing Telnet client session is started, stopped, or resumed.
With VERIFICATION enabled (factory-set default), the access server displays the session number and the Internet address. With VERIFICATION disabled, no session information is displayed when a session is started, stopped, or resumed. This command does not affect existing sessions. To affect existing sessions, use the SET SESSION
TELNET CLIENT MESSAGE VERIFICATION command.
Example: Configuring MESSAGE VERIFICATION
The following example shows how to disable VERIFICATION on port 5:
Local> CHANGE PORT 5 TELNET CLIENT MESSAGE VERIFICATION DISABLED
Specifying the SWITCH CHARACTER
The SWITCH CHARACTER characteristic determines how the access server handles
SWITCH CHARACTERs. By default, if any SWITCH CHARACTER is defined on the port, it is recognized and intercepted by the access server during each session.
However, any user can change or disable the access server from recognizing these
SWITCH CHARACTERs for a specific Telnet session. (The sections Specifying Keys to Switch Between Sessions, Defining the Break Key, and Specifying a Key to Switch to Local Mode provide the procedures to define the SWITCH CHARACTERs.)
11-26 Configuring and Managing Interactive Devices
Configuring Individual Telnet Client Session Characteristics
Example: Configuring SWITCH CHARACTER
The following example shows how to disable the SWITCH CHARACTERs on port 5:
Local> CHANGE PORT 5 TELNET CLIENT SWITCH CHARACTER DISABLED
Local> CHANGE PORT 5 LIMITED VIEW ENABLED
The limited view characteristic does not apply when you set privileges on the port.
Specifying a Preferred Terminal Type
The TERMINAL characteristic allows the user to specify a terminal type to be sent to the Telnet host during session startup. The available types are ANSI, UNKNOWN, and
VT10 through VT999. This value is used as a starting point for terminal type subnegotiation between the access server and the host. The actual terminal type, as displayed by the SHOW PORT SESSION STATUS command, may be different if the
Telnet host can not support the specified type. The order of negotiation is VTXXX, followed by ANSI, followed by UNKNOWN. For example, if the TERMINAL characteristic is set to VT321, the access server will negotiate for the following terminal types in the order listed:
DEC-VT32, VT321, DEC-VT300, VT300, DEC-VT200, VT200, DEC-VT100,
VT100, ANSI, UNKNOWN
Example: Specifying Terminal Type
The following example shows the command for defining a terminal type for a VT321:
Local > CHANGE PORT TELENET CLIENT TERMINAL VT321
Configuring and Managing Interactive Devices 11-27
Managing Access Server User Accounts
Managing Access Server User Accounts
Minimal Setup for Local User Accounts
A limited amount of storage is available for defining user account records within the access server volatile and nonvolatile memory.
Note
Theoretically, all of NVRAM could be allocated for storage of user account data.
However, it is important to bear in mind that the total storage space available for user account information will be affected by the quotidian operations of the access server and the total amount of stored data in NVRAM. As a result, the total available storage space for user accounts will fluctuate.
Example: Setting the User Name
The following example establishes a user account named J_SMITH:
Local> SET USERACCOU J_SMITH
Example: Changing the User Password
The following example changes the password for the user account J_SMITH to the character string “SECRETSTUFF”. Quotes denote the password string in the command line.
Local> CHANGE USERACCOU J_SMITH PASSWORD "SECRETSTUFF"
Optional Setup for Local User Accounts
Example: Changing User Account Parameters
The following example shows how to change the user account parameters for the user
J_SMITH to FRAMED access, and set his permissions to PRIVILEGED:
Local> CHANGE USERACCOU J_SMITH ACCESS FRAMED
Local> CHANGE USERACCOU J_SMITH PERMISSIONS PRIV
When the SHOW USERACCOUNT command is used, the above settings result in the following display:
Local> SHOW USER ACCOUNT J_SMITH
Username: J_SMITH
Password: (Entered) User Status: ENABLED
Access: FRAMED Forced Callback: DISABLED
Max Connect Time: 0 02:00:00 Dialout Service: (NONE)
Dialback Number: (NONE)
Dialout Number: (NONE)
Permissions: DIALBACK, DIALOUT, LAT, TELNET, SLIP, PPP, PRIV
11-28 Configuring and Managing Interactive Devices
Managing Access Server User Accounts
SHOW/LIST/MONITOR USERACCOUNT Display
The following table defines the values in the SHOW USSERACCOUNT display:
Field
Username
Password
Access
Max Connect Time
Dialback Number
Dialout Number
Permissions
User Status
Forced Callback
Dialout Service
Description
Establishes a database for a user account for authentication/authorization.
Specifies that a password has been set for the user account
Specifies the default access mode this user is granted.
Indicates the maximum number of minutes the user can be logged in before being forcibly logged out.
Contains a phone number used on dial-back.
Contains a phone number used on dial-out.
Defines what the user is allowed to do.
ENABLE/DISABLE this account for authentication/ authorization.
Specifies whether a user must be called back after login.
Specifies the DIALER SERVICE to be used when attempting a dial-out.
Authorization Profile Information
The access server supports a variety of information in a user or realm default
authorization profile. The following table gives the service types and access levels of this information.
Configuring and Managing Interactive Devices 11-29
Managing Access Server User Accounts
Service Types and Access Levels
The following table defines the service type and access level:
Service Type
Login
Framed
LOCAL
NONE
Description
User will be connected to a dedicated host.
SLIP or PPP will be started on the session.
User may utilize the access server commands.
The configuration value of the port access parameter or realmwide access parameter determines user access to the realm.
Service Permissions Access
The following table shows the type of service permissions a user can have. A user can have more than one type of service permission. The user can also have more than one type of permission assigned at a time. There is no limit to the total number of permissions a user can have.
Service Type
Telnet
LAT
Dial-Out
Dial-Back
SLIP
PPP
Privileged-User
User Access
The user may make Telnet connections on the current session.
The user may make LAT connections on the current session.
The user may invoke a dial-out connection on the current session.
The user may invoke a dial-back on the current session.
The user may invoke a SLIP connection on the current session.
The user may invoke a PPP connection on the current session.
The user has a privilege level of PRIVILEGED.
11-30 Configuring and Managing Interactive Devices
Managing Access Server User Accounts
User Account Command Parameters
The commands in the following table allow the security manager to manage a small local database to be used for authentication and authorization. The table shows the command keywords associated with user account variables.
Command
Clause
CLEAR/PURGE
Description Variables Comments
SET/DEFINE/
CHANGE
PASSWORD
USERACCOUNT
DIALOUT
NUMBER
DIALBACK
NUMBER
DIALOUT
SERVICE
Allows local data base entries to be deleted.
Permits entry addition and modification.
ENABLED/
DISABLED
Allows modification of the password field for the specified entry.
Clear the
PASSWORD by setting it to null-string ("").
User name of account.
Max. length =
40 characters
Case-sensitive, depending on authentication service
(protocol).
Caseinsensitive only for the local access server user data base.
Max. length =
40 characters
Max. length =
120 characters
Contains a phone number used on dialout.
Contains a phone number used on dialback.
The DIAlER
SERVICE to be used when attempting a dial-out.
Standard modem-dial strings
Standard modem-dial strings
Values appear in uppercase.
Max. length =
120 characters
Max. length =
16 characters
Configuring and Managing Interactive Devices 11-31
Managing Access Server User Accounts
Command
Clause
MAX CONNECT
Description Variables Comments
Indicates the maximum number of minutes the user can be logged in before being forcibly logged out.
Specifies user status.
ENABLED/
DISABLED
Default = 0
USER STATUS
ACCESS Specifies the default access mode this user is granted.
LOCAL
FRAMED
NONE
Setting
DISABLED prevents any login using this user-name.
See the following table for a definition of the ACCESS clause variables.
Access Command Variables
The following table defines the ACCESS command parameter variables:
Variable
LOCAL
FRAMED
NONE
LOGIN
Definition
Local access (only) allowed.
Framed (PPP, SLIP) access (only) allowed.
No access specified; port characteristics or realm default access determine service.
Dedicated to a host.
11-32 Configuring and Managing Interactive Devices
Managing Users
Managing Users
This section describes various tasks for managing users.
Providing a Contact Name and Access Server Location
The SET/DEFINE/CHANGE SYSTEM command allows you to provide all access server users with a person’s name to contact in case of problems. This command also allows you to specify the location of the access server.
Example: Providing a Contact Name and Access Server Location
The following example shows how to identify Bob G as the access server contact, and
Building 2, Lab 3 as the location of the access server:
Local> CHANGE SYSTEM CONTACT "Bob G"
Local> CHANGE SYSTEM LOCATION "Building 2, Lab 3"
You can use the SHOW/LIST SYSTEM command to display this information.
Specifying Preferred Service for LAT or Telnet Resources
The following lists the results of enabling a preferred service on a port:
•
Without AUTOCONNECT enabled (refer to Specifying AUTOCONNECT in this chapter), the port user connects to a particular resource by entering only the
CONNECT command. With AUTOCONNECT enabled, the access server automatically connects the port to the preferred service at login.
•
The user can switch to local mode at any time and make connections to other available services.
When you specify any LAT or Telnet resource to be a preferred service, the host or service name, node name, and port name are limited to 16 characters each.
For the LAT protocol:
To set a LAT service as a preferred service, the port’s default protocol must be set to
LAT.
Example: Enabling a Preferred LAT Service
The following example shows how to enable the LAT service, FILES, as the preferred service on port 5:
Local> CHANGE PORT 5 PREFERRED FILES
You can specify that the connection be made to a particular node and/or port name of the LAT service.
Configuring and Managing Interactive Devices 11-33
Managing Users
Example: Enabling a Preferred LAT Service on a Specific Node and Port
The following example shows how to specify that port 5 connects to port JAMES on node MARKETING for service FILES:
Local> CHANGE PORT 5 PREFERRED FILES NODE MARKETING DESTINATION
JAMES
For the Telnet Protocol
To set an Internet host as a preferred service, the port’s default protocol must be set to
TELNET. You can use the host’s Internet address, domain name, or relative domain name if the host is defined in a name server; however, you cannot use the entire domain name if the name is more than 16 characters, including the dots.
Example: Enabling a Preferred Telnet Service
The following example shows how to enable a resource on the TCP/IP network,
SALE.MKT.DEC.COM, as a preferred service on port 5:
Local> CHANGE PORT 5 PREFERRED SALE.MKT.DEC.COM
Specifying the Port USERNAME
By factory-set default, the Enter username> prompt appears when a user logs in to the access server port. The access server uses the user name as the string the user enters in response to the Enter username> prompt. However, the access server uses the port’s name as the user name when the user enters Ctrl/Z instead of a user name.
You can use the USERNAME characteristic to establish a permanent user name (1 to
16 ASCII characters) for a port. In this case, the Enter username> prompt is not displayed when a user logs in to the access server. Always make an effort to specify a unique user name, since the access server does not prevent duplicate user names.
Examples: Configuring Port USERNAME
The following example sets the port 5 user name to “Barney”:
Local> CHANGE PORT 5 USERNAME "Barney"
If you do not use the quotation marks in the command, the user name will appear in uppercase (for example, BARNEY instead of Barney).
To clear USERNAME, enter empty quotation marks as follows:
Local> CHANGE PORT 5 USERNAME ""
USERNAME is designed to accommodate interactive terminals that have one permanent user. Terminals that are usually shared should not have a permanent user name assigned, and the Enter Username> prompt should be entered upon login.
If AUTHENTICATION is enabled on the port, the port user name may be set to the
Kerberos principal name of the port’s permanent user.
11-34 Configuring and Managing Interactive Devices
Managing Users
Specifying Keys to Switch Between Sessions
Access server users can define keys as switches. These keys can switch from one session to another without having to return to local mode. When the user presses the key, the access server interprets the character and does not pass it to the service node.
Pressing the BACKWARD SWITCH character activates the user’s previous session.
The FORWARD SWITCH character activates the next session. These switches can be pressed either at the local prompt or in a session.
If the user has only two sessions, both of these switch characters restart the inactive session. You can configure any keyboard character as the FORWARD or
BACKWARD SWITCH. Previously undefined control characters are recommended.
Do not select characters that the port user is likely to enter routinely while using a service; otherwise, the current session is interrupted when that switch is pressed. Avoid the tilde (~) character if you use function keys on the VT-series terminals or PCs.
Switch characters can be temporarily disabled for a particular session by using the SET
SESSION command for a LAT session or the Telnet client profile for a Telnet session.
(Refer to Specifying the Telnet Client Session Profile in this chapter.) However, they remain in effect outside such a session.
To define these keys as switches, select a different character for each switch.
Example: Defining Keys as Switches
The following example shows how to set Ctrl/F and Ctrl/B for the forward and backward switches on port 5:
Local> CHANGE PORT 5 FORWARD SWITCH ^F BACKWARD SWITCH ^B
To delete a switch character, use the NONE keyword instead of a character.
Note
If you are using a session management terminal and your port has MULTISESSIONS
ENABLED, switch sessions by using a terminal command rather than access server switch characters.
Configuring and Managing Interactive Devices 11-35
Managing Users
Defining the Break Key
The BREAK characteristic defines how the Break key is used. The Break key can be defined in three ways:
•
LOCAL — Pressing the Break key switches the user from service mode to local mode. This is the factory-set default. The following shows how to set the Break key to LOCAL on port 5:
Local> CHANGE PORT 5 BREAK LOCAL
•
REMOTE — The Break key is ignored by the access server and passed to the LAT service for the port’s current session. BREAK is not sent to any host on a TCP/IP network. To send BREAK to a host on the TCP/IP network, refer to Mapping
Keyboard Characters to Telnet Functions in this chapter. The following shows how to set the Break key to REMOTE on port 5:
Local> CHANGE PORT 5 BREAK REMOTE
•
DISABLED — The Break key is ignored by the access server and not passed to the host on the network. The following shows how to set the Break key to
DISABLED on port 5:
Local> CHANGE PORT 5 BREAK DISABLED
The Break key is ignored on a port with a dedicated service; however, you should disable BREAK along with all other switch characters. If you need to pass the break condition to the dedicated service for any application of the service, set BREAK to
REMOTE. In this case, the break signal is not ignored but is passed to the LAT service node.
Specifying a Key to Switch to Local Mode
The LOCAL SWITCH characteristic identifies a character that, when entered by the user, switches the port to local mode from session mode. This character, like the
FORWARD and BACKWARD SWITCH characters, is intercepted by the access server and is never transmitted to the network resource unless you set SET SESSION
PASSALL or PASTHRU for a LAT session, or you set the Telnet client profile for a
Telnet session. The Break key is also available for this function unless the BREAK
REMOTE or the BREAK DISABLED option has been chosen. When you define a local switch character, the character you choose can be used in place of the Break key, or you can continue to use the Break key.
11-36 Configuring and Managing Interactive Devices
Managing Users
Example: Configuring a Key as a Switch
The following example shows how to identify “-” as the local switch for port 3:
Local> CHANGE PORT 3 LOCAL SWITCH -
Example: Disabling a Local Switch
The following example shows how to disable the local switch, which is also the factory-set default:
Local> CHANGE PORT 5 LOCAL SWITCH NONE
Specifying BROADCAST
There are three types of BROADCAST characteristics:
•
BROADCAST — A port user uses this command to send messages.
•
Port broadcast — Defines whether a particular port can receive broadcast messages.
•
Access server broadcast — Defines whether all port users can send broadcast messages.
Disabling the port BROADCAST characteristic stops the port from receiving broadcast messages from other access server ports along with access server messages, such as shutdown. For this reason, you might want to recommend to users that they leave BROADCAST enabled on their ports.
Note
The port user can still send messages with the access server BROADCAST enabled and the port BROADCAST disabled.
Example: Disabling BROADCAST Messages
The following example shows how to disable port 5 from receiving broadcast messages:
Local> CHANGE PORT 5 BROADCAST DISABLED
If any user tries to broadcast to a broadcast-disabled port, the access server enters the following message, which identifies the port or ports by port number:
Local -111- Port(s) with broadcast disabled not notified
Broadcast disabled at port n
When BROADCAST is enabled for both the access server and a port, port users can send and receive broadcast messages, by using the BROADCAST PORT command.
When the access server BROADCAST is disabled, port users cannot send broadcast messages. Note that an individual port must have the port BROADCAST characteristic enabled to receive messages.
Configuring and Managing Interactive Devices 11-37
Managing Users
A user with privileges set can use the privileged BROADCAST ALL command to send a message to all interactive users.
Example: BROADCAST ALL
The following example shows a sample of a message broadcasted to all users:
Local> BROADCAST ALL "Server shut down at 12:15; back up at 1:00."
At a port with a session management terminal, broadcast messages are delivered to the current terminal session.
The factory-set default allows port users to send broadcast messages. Use the following command if you do not wish users to send broadcast messages:
Local> CHANGE SERVER BROADCAST DISABLED
Note
Messages warning that the access server is going to initialize are unaffected by the access server-wide BROADCAST characteristic.
Ask users to inform you if they receive excessive or annoying broadcasts from other ports. If you receive complaints about such broadcasts, you can ask the sender of those broadcasts to stop broadcasting unnecessary messages, or you can enable security on the sender’s port. This disables the BROADCAST command for the port.
Specifying LOSS NOTIFICATION
The LOSS NOTIFICATION characteristic signals a port user when characters entered by the user are lost, because of parity errors, framing errors, data overruns, or other reasons. The signal is a BEL character (an audible beeping sound), which the access server transmits to the port for each character that is lost. The factory-set default is enabled.
Example: Disabling LOSS NOTIFICATION
The following example shows how to disable LOSS NOTIFICATION on port 5:
Local> CHANGE PORT 5 LOSS NOTIFICATION DISABLED
11-38 Configuring and Managing Interactive Devices
Managing Users
Specifying Message Codes
Each access server message has a message code. In the following example, the number
750 is the message code:
Local -750- Another port has this name
With message codes disabled, the same message would look like:
Local - Another port has this name
The factory-set default shows the message codes. The following example shows how to disable reception of message codes on port 5:
Local> CHANGE PORT 5 MESSAGE CODES DISABLED
Specifying VERIFICATION
The VERIFICATION characteristic controls the display of session information when an existing session is started, stopped, or resumed. If you enable VERIFICATION
(factory-set default), the access server displays the session number and the service name of the service. If you disable VERIFICATION, no session information is displayed when a session is started, stopped, or resumed.
Example: Disabling VERIFICATION
The following example shows how to disable VERIFICATION on port 5:
Local> CHANGE PORT 5 VERIFICATION DISABLED
Specifying Lock
The LOCK characteristic enables or disables the LOCK command for selected or all ports. If the LOCK command is enabled on the access server at the port, a user can enter the LOCK command at the terminal to prevent unauthorized access to an unattended terminal. The command prevents any input until the unLOCK password is entered.
The factory-set default is LOCK ENABLED. You can disable the LOCK command for all users as follows:
Local> CHANGE SERVER LOCK DISABLED
Configuring and Managing Interactive Devices 11-39
Managing Users
Example: Configuring LOCK
The following example shows how to enable LOCK on the access server, while disabling LOCK on ports 5 through 7:
Local> CHANGE SERVER LOCK ENABLED
Local> CHANGE PORT 5-7 LOCK DISABLED
Since anyone can LOCK any terminal, the LOCK facility can cause inconvenience in a situation where there are irresponsible users. If a user forgets the LOCK password, you have to log out the port with the LOGOUT command before the port can be used again. However, the LOGOUT command disconnects all sessions on that port. In that case, it may be best to disable LOCK on that port and rely on users to protect their sessions by disconnecting them when they must leave the terminal unattended.
Displaying Information About the Users
You can use the SHOW/MONITOR USERS command to do the following:
•
Determine which ports are in use at any time.
•
Identify the port users.
•
Display information about active port users.
Example: SHOW USERS Display
The following example shows how to generate a users display. The display contains one line of information for each port that is logged in to the access server:
Local> SHOW USERS
Port Username Status Service
1 Rich Smith Connected DOCUMENT2
2 Jane Brown Locked TIMESHARING
3 giovanni Local Mode
4 (Remote) Connected PRINTER
5 card Connected SLIP
11-40 Configuring and Managing Interactive Devices
Managing Users
SHOW/LIST/MONITOR USERS Display Headings
The following table provides an explanation of the information in the display in the previous example:
Heading
Port
Username
Status
Service
Description
Number of the port.
Any user name or the name of the port established by the PORT
NAME characteristic.
Note: Any port having the user name “(Remote)” designates a remote-access session in progress.
Status of the port, which can be one of the following:
Connected Port is connected to a service.
Connecting
Disconnected
Port is attempting to connect to a service.
Session was terminated while dormant.
Disconnecting
Signal Wait
Session is disconnecting from a service.
The port failed to assert the DSR signal during a signal check controlled connection attempt.
Idle
Local Mode
Port is not is use.
Port is logged into the access server and is in local mode.
Locked The user has entered the LOCK command to LOCK the port.
Name of the user’s current session.
Specifying User Groups
Nonprivileged users can choose the groups they require for their ports by using the
SET PORT GROUPS command. Users must choose from the groups you authorized for their ports. The SET PORT GROUPS command limits user access to those services made available by the groups specified with the command. The command serves to shorten the node and service displays.
The SHOW PORT CHARACTERISTICS command displays the user-specified groups, listing them in the field labeled (Current) Groups. Current groups apply only to those ports with ACCESS set to LOCAL; current groups are ignored for those ports with ACCESS set to REMOTE.
Configuring and Managing Interactive Devices 11-41
Managing Users
Current groups (user-specified groups) are stored only in the operational database.
Therefore, users must use the SET PORT command to configure these groups; users cannot use the DEFINE PORT or CHANGE PORT command.
Current groups are always equal to or a subset of the AUTHORIZED GROUPS. If a user enters SET PORT GROUPS ALL, the current groups consist of all the enabled authorized groups.
The access server uses the current groups for these functions:
•
Checking authorization when the user enters a CONNECT command on the access server
•
Displaying information with the SHOW NODES and SHOW SERVICES commands
Example: Assigning User Groups
The following example shows the command for nonprivileged users to assign groups from among their authorized groups:
Local> SET PORT GROUPS 5
If the authorized groups for the port were groups 4 to 7, the user can only access group
5 after executing the command. In addition, the SHOW SERVICES command shows only the information for services and nodes in group 5, and the SHOW PORT
CHARACTERISTICS command shows the groups assigned to the port in the
(Current) Groups field.
11-42 Configuring and Managing Interactive Devices
Managing Sessions
Managing Sessions
This section shows how to initiate and terminate sessions and how to display session information.
Initiating a Session to a LAT Service
To initiate a session to a LAT service, use the CONNECT LAT command with the service name. If the default protocol (refer to Specifying the Default Protocol in this chapter) is set to LAT or ANY, you can ignore the LAT keyword.
Example: Initiating a Session to a LAT Service
The following example shows how to initiate a session with LAT service SALES:
Local> CONNECT LAT SALES
You can use the CONNECT command to connect to any available LAT node or service at a specific service node and port. For example, if it is important for you to connect to a particular system associated with a service named ACCOUNTING, you can specify the service node where that system is attached.
Example: Connecting to a LAT Service on a Specific Node or Server
The following shows how to connect to LAT service SALES at node SERVER2:
Local> CONNECT LAT SALES NODE SERVER2
The following shows how to connect to LAT service SALES at node SERVER2, port
1:
Local> CONNECT LAT SALES NODE SERVER2 DESTINATION 1
Initiating a Session to an Internet Host
To initiate a session to an Internet host, use the CONNECT TELNET command with the Internet host name or address. If the default protocol (refer to Specifying the
Default Protocol in this chapter) is set to TELNET, you can ignore the TELNET keyword. You can connect to the Internet host name or address. The host name can be either a relative or an absolute domain name.
Configuring and Managing Interactive Devices 11-43
Managing Sessions
Example: Initiating a Session with an Internet Host
The following three commands show how to initiate a session with the same host. The first command uses the relative domain name, SALES; the second command uses the absolute domain name SALES.MARKETING.DEC.COM; and the third command uses the Internet address, 129.122.30.11.
Local> CONNECT TELNET SALES
Local> CONNECT TELNET SALES.MARKETING.DEC.COM
Local> CONNECT TELNET 129.122.30.11
You can also use the OPEN or TELNET command instead of the CONNECT command to connect to an Internet host. The OPEN command does not accept the
TELNET keyword.
Local> OPEN SALES
Local> TELNET SALES
Sending Telnet Functions to a Remote Telnet Server
To send a Telnet function such as AO, AYT, BRK, EOR, or SYNCH, you use the
SEND TELNET command on a current session with a Telnet server. For example, the following command sends the Telnet abort output (AO) command:
Local> SEND TELNET AO
You can map Telnet functions to keyboard characters as described in Mapping
Keyboard Characters to Telnet Functions. For a complete list of Telnet commands, refer to Telnet Keymapping Functions in this chapter.
In addition to the functions listed in Mapping Event Indications to Keyboard
Characters in Chapter 13, you can also send the following:
•
Request Status — Requests that the peer Telnet implementation responds with the current status of all Telnet options for this session. You must resume the session to see the Telnet server’s response. The following shows how to send the
REQUEST STATUS function:
Local> SEND TELNET REQUEST STATUS
•
Resume Output — If the Internet host appears to be hung after the AO function is sent, you send RESUME OUTPUT to cancel the AO. You only use this command to cancel an AO. The following shows how to send the RESUME OUTPUT function:
Local> SEND TELNET RESUME OUTPUT
Local> SEND TELNET SYNCH
•
TEST INTERNET or PING - Sends an ECHO request message to the specified remote Internet host. You use this command to test for a valid connection. This
11-44 Configuring and Managing Interactive Devices
Managing Sessions command starts a PING session, which continues until the PING succeeds (and sends a VERIFICATION message) or until the timeout period of 30 seconds is exceeded. The following shows how to test the communication to an Internet host with an address of 22.46.72.167:
Local> TEST INTERNET 22.46.72.167 or
Local> PING 22.46.72.167
Controlling the Number of Sessions
You can control the number of sessions at the individual port and the total number of sessions allowed for the access server. The combined number of sessions for all ports must be equal to or less than the access server session limit.
A high limit allows users to have more sessions but results in increased memory requirements. A low limit decreases the memory requirements but decreases the number of sessions. If the access server session limit is reached by some of the port users, the remaining port users cannot establish subsequent additional sessions. In this case, you need to increase the access server session limit value or decrease the port session limit value for some or all of the ports.
You can set the SESSION LIMIT for the access server to a value of 0 to 128 or to
NONE. If you enter NONE, the access server maintains up to 128 sessions, potentially eight per port user. The factory-set default is 64 sessions.
Example: Changing the Server Session Limit
The following example shows how to change the access server session limit to 48:
Local> CHANGE SERVER SESSION LIMIT 48
The maximum number of sessions allowed on one port is eight. The factory-set default is four sessions. You can set the port session limit to a number from 0 to 8 or to NONE, where NONE allows eight sessions at the port. If you set a session limit to 0, the affected users cannot connect to any resources.
Example: Changing the Server Session Limit on a Specific Port
The following example shows the session limit being set to 6 on port 5:
Local> CHANGE PORT 5 SESSION LIMIT 6
Configuring and Managing Interactive Devices 11-45
Managing Sessions
For ports with session management terminals, the kind of terminal at the port further determines the port’s session limit, where the access server port can support up to eight terminal sessions. However, terminal devices typically support a maximum of less than eight terminal sessions. The documentation for the terminal device should tell you how many terminal sessions the device can have. Set the port session limit to a value in that range.
Displaying Session Information
You can display a line of information about the current status of a port or ports and a list of the sessions on the port or ports. To display a summary of session information, use the SHOW SESSIONS command. If you wish to display a continuous update of the sessions, use the MONITOR SESSIONS command.
Use the ALL keyword instead of a port number to receive equivalent information about the sessions for all access server ports. For ports set up as a LAT service or Telnet listener, the user name is displayed as “(Remote)”.
Example: SHOW SESSIONS Display
The following example shows how to generate a sessions display for ports 1 and 2. The first line of the sessions display begins with the port number and port user name. On the same line, the display shows the port mode (either Local Mode or Session Mode) and the current session number.
The next few lines in the display consist of active-session information. One line of information appears for each active session on the port. When a session is terminated, the information for the session is removed and replaced by the information below it in the display.
Local> SHOW SESSIONS PORT 1,2
Port 1: Rich Smith Local Mode Current Session: Session 2
- Session 1: Queued at 3 LAT TIMESHARE
- Session 2: Connected TELNET DEVELOP
- Session 3: Connecting TELNET BERGIL
- Session 4: Disconnected LAT DOCUMENT (PEAR)
- Session 5: Disconnecting LAT TEST
Port 2: card Session Mode
Current session: Session 1
- Session 1: Connected SLIP
11-46 Configuring and Managing Interactive Devices
Managing Sessions
SHOW/MONITOR SESSIONS Display Fields
The following table describes the information in the SHOW/MONITOR SESSIONS display:
Field Description
Session n Number of the session.
First column Status of a session, which can be one of the following:
Connected
Connecting
Disconnected
Disconnecting
Port is connected to the service.
Port is attempting to connect to a service
Session was terminated while dormant.
Signal Wait
Queued at n
Access serve is disconnecting the port from the service.
The port failed to assert the DSR signal during a signal check controlled connection attempt.
Position in the connection queue of the connection request for a service. The request at position 1 is the next one to be dequeued and connected.
Second column
Displays which protocol (LAT or Telnet) the session is using.
Third column Name of the LAT service or Internet host associated with the session, or SLIP for SLIP sessions. If the name of the LAT service differs from the name of the LAT service node supplying the service, the display includes the name of the LAT service node within parentheses. For a remote-access connection to the port, the
LAT service name is the LAT service sought by the requesting node and the name within parentheses is the requesting LAT service node.
Configuring and Managing Interactive Devices 11-47
Managing Sessions
Displaying Session Characteristics
You can display the characteristics of any current LAT or Telnet session.
Example: SHOW PORT SESSIONS CHARACTERISTICS Display for a LAT
Session
The following example displays the characteristics of LAT session 1 on port 4:
Local> SHOW PORT 4 SESSIONS 1 CHARACTERISTICS
Port 4, Session 1, Protocol LAT
Transparency Mode: Interactive
There are only two lines in this display. The first line displays the port number, session number, and protocol used by the session. The second line displays the transparency mode, which can be Interactive, Pasthru, or Passall.
For an explanation of the characteristics for Telnet and 3270 sessions, refer to
Specifying the Telnet Client Session Profile in this chapter and Chapter 18, respectively.
Displaying Session Status
You can display the status of any current Telnet session. If you have a LAT session, the SHOW/LIST/MONITOR PORT SESSION command displays the port number, session number, Protocol LAT, and the following message:
(no status information available for LAT sessions)
Example: SHOW PORT SESSIONS STATUS Display for a Telnet Session
The following example shows how to display the status of a Telnet session on port 14:
Local> SHOW PORT 14 SESSION 1 STATUS
Port 14, Session 1, Protocol TELNET
Do-BINARY Disabled
Will-BINARY Disabled
Do-ECHO Enabled
Will-ECHO Disabled
Do-SGA Enabled
Will-SGA Enabled
Do-Status Disabled
Will-Status Disabled
Do-End of Record Disabled
Will-End of Record Disabled
Do-Remote FLOW CONTROL Disabled
Will-Remote FLOW CONTROL Disabled
Will-Terminal Type Enabled DEC-VT300
11-48 Configuring and Managing Interactive Devices
Managing Sessions
SHOW/MONITOR PORT SESSIONS STATUS Display Fields
The following table provides a description of the SHOW/MONITOR PORT
SESSIONS STATUS display information:
Field
Do-Binary
Will-Binary
Do-ECHO
Will-Echo
Do-SGA
Will-SGA
Do-Status
Will-Status
Description
Enabled — Interpreting all data received as in a
BINARY access server format.
Disabled — Not interpreting all data received as in a BINARY format.
Enabled — Sending data in a BINARY format.
Disabled — Not sending data in a BINARY format.
Enabled — The remote peer will echo the output from the access server.
Disabled — The remote peer will not echo the output from the access server.
Enabled — The access server will echo the input from the remote peer.
Disabled — The access server will not echo the input from the remote peer.
Enabled — Receiving data in suppressed goahead (SGA) mode. This allows duplex communication.
Disabled — Not receiving data in SGA mode.
(The remote peer is sending go-aheads.)
Enabled — Sending data in SGA mode. This allows duplex communication.
Disabled — Not sending data in SGA mode.
Enabled — The access server has permission to send requests for the peer’s status.
Disabled — The access server does not have permission to send requests for the peer’s status.
Enabled — The access server will respond to remote requests for status.
Disabled — The access server will not respond to remote requests for status.
Configuring and Managing Interactive Devices 11-49
Managing Sessions
Field
Do-End of Record
Will-End of Record
Do-Remote FLOW
CONTROL
Will-Remote FLOW
CONTROL
Will-Terminal Type
Description
Enabled — The access server is enabled to receive EOR commands.
Disabled — The access server is not enabled to receive EOR commands.
Enabled — The access server has permission to transmit EOR commands to the remote peer.
Disabled — The access server does not have permission to transmit EOR commands to the remote peer.
Enabled — The access server will send remote
FLOW CONTROL commands to enable and disable the peer’s output FLOW CONTROL.
Disabled — The access server will not send remote FLOW CONTROL commands to enable and disable the peer’s output FLOW CONTROL.
Enabled — The network access server will accept remote FLOW CONTROL commands.
Disabled — The access server will not accept remote FLOW CONTROL commands.
Enabled — The network access server will respond to SEND TERMINAL TYPE commands.
Disabled — The network access server will not respond to SEND TERMINAL TYPE commands. The third column displays the terminal type negotiated between the access server and the host.
11-50 Configuring and Managing Interactive Devices
Managing Sessions
Terminating Sessions
There are two commands you can use to terminate a session on another port:
•
The privileged LOGOUT PORT command allows you to manually log out any port, and all sessions terminate at the specified port. If the port device supports session management, the LOGOUT PORT command disconnects all the terminal sessions (and the associated sessions) then logs out the port.
For example, to disconnect port 4 from all its sessions, enter the following command:
Local> LOGOUT PORT 4
The port that you specify can have local, remote, or dynamic access. Use caution when you log out a user’s port. When you log out a port, you abruptly stop all sessions, and data may be lost. The port characteristics are also reset to the permanent values.
•
The privileged DISCONNECT PORT command allows you to stop another port’s session with a dedicated service. (You cannot use this command for ports with session management terminals, because these ports cannot have a dedicated service.)
You can use the DISCONNECT PORT command to disconnect a nonkeyboard printer being used by a dedicated service that offers printers to the network. For example, to stop the session with a dedicated service at port 4, enter the following command:
Local> DISCONNECT PORT 4
Configuring and Managing Interactive Devices 11-51
Chapter 12
Configuring and Managing LAT Services
Overview
Introduction
This chapter explains how to configure devices attached to the access server ports as
LAT services. A LAT node can offer devices as LAT services to users on the port itself and other LAT nodes.
Prerequisites
Before you use the procedures in this chapter, you must:
•
Connect and test the devices.
•
Enable privileged status.
•
Configure the port and device characteristics to match.
Reference
For more information about LAT nodes, refer to the LAT Network Concepts manual.
For information about connecting device cables, refer to the appropriate access server hardware documentation.
In This Chapter
This chapter contains the following topics:
•
Configuring a Port to Offer a LAT Service
•
Configuring Access to a LAT Service
•
Configuration of Specific Types of Devices As LAT Services
•
Configuring a Printer with Unannounced Availability
•
Verifying the LAT Service
•
Managing Your Access Server As a LAT Node Offering a Service
Configuring and Managing LAT Services 12-1
Configuring a Port to Offer a LAT Service
Configuring a Port to Offer a LAT Service
Configuration Parameters
After you attach a device to a port and ensure that the port and device characteristics match, you need to specify certain configuration parameters to enable all devices as
LAT services.
The following table lists the configuration parameters. In addition to the parameters listed in the table, you need to configure certain parameters for specific types of devices as described in the Configuration of Specific Types of Devices As LAT
Services section in this chapter.
For This
Parameter:
Service groups
Authorized groups
Service name
Port name
ID string
Modem control
Signal control
Service
Password
Use This Command:
CHANGE SERVER
SERVICE GROUPS
ENABLED
CHANGE PORT
AUTHORIZED GROUPS
ENABLED
CHANGE SERVICE
NAME
CHARACTERISTIC[S]
And Refer to This
Section and Chapter:
Changing Access Server
Service Groups in Chapter 6
Configuring LAT Group
Codes for Interactive Devices in Chapter 11
Assigning a Service Name (in this chapter)
CHANGE PORT n NAME Assigning a Port Name (in this chapter)
CHANGE SERVICE
NAME
Assigning an Identification
String (in this chapter)
CHANGE PORT n
SIGNAL CONTROL
ENABLED
CHANGE PORT n
MODEM CONTROL
ENABLED
CHANGE SERVICE
NAME PASSWORD
WORD
Specifying MODEM
CONTROL and SIGNAL
CONTROL in Chapter 10
Specifying MODEM
CONTROL and SIGNAL
CONTROL in Chapter 10
Specifying the Service
Password (in this chapter)
12-2 Configuring and Managing LAT Services
Configuring Access to a LAT Service
Configuring Access to a LAT Service
Assigning a Service Name
A service name is a name you assign to the LAT service using the CHANGE
SERVICE NAME command. When you assign a service name, the access server periodically multicasts the service’s availability over the network. When you select a service name for a device, follow these guidelines:
•
Service names must be 1 to 16 characters long and cannot be abbreviated.
•
Allowable characters are A to Z, 0 to 9, $, - (hyphen), _ (underscore), and .
(period).
•
Ensure that the name is unique on the LAN.
•
If two or more service nodes offer the same service name, access servers assume that all the services with that name are identical and are interchangeable.
Enabling Announcements
By default, announcements for a LAT service are enabled. To change the announcements characteristic, use the CHANGE ANNOUNCEMENTS ENABLED/
DISABLED command as described in Chapter 4. You should also be aware of the multicast timer characteristic when announcements are enabled.
Configuring and Managing LAT Services 12-3
Configuring Access to a LAT Service
Assigning an Identification String
A service identification string helps users recognize and use the service. It can be up to 40 characters in length. The factory-set default is no identification string.
Example: Assigning the Service Name, to a Specific Port and Identification String
The following example shows how to assign a service name LN03_PRINT to the printers connected to ports 5, 6, 7, and 12. This example shows IDENTIFICATION abbreviated to ID and uses the identification string Production Printer.
Local> CHANGE SERVICE LN03_PRINT PORT 5-7,12 ID "Production
Printer"
Example: Clearing the Identification String
To clear a previously set service identification string, enter the ID qualifier with empty quotations marks, as shown in the following example:
Local> CHANGE SERVICE LN03_PRINT PORT 5-7,12 ID ""
Assigning a Port Name
Assigning a port name to a service limits the service’s availability. When you assign a port name to a service:
•
The service is not listed in the access server multicast message.
•
The service is available only to those users that know the port name.
Also, the access server transmits the port name to Telnet servers during Telnet sessions at the port.
Port Naming Guidelines
When you select a port name for a device, follow these guidelines:
•
The factory-set default port name is PORT_n, where n is the port number.
•
Port names must be a string of 1 to 16 characters long and cannot be abbreviated.
•
Allowable characters are A to Z, 0 to 9, $, - (hyphen), _ (underscore), and .
(period).
•
Each port name must be unique to the access server.
Example: Changing the Port Name
The following example shows how to change the port name to PERSONNEL_PRINT for a printer on port 5:
Local> CHANGE PORT 5 NAME PERSONNEL_PRINT
12-4 Configuring and Managing LAT Services
Configuring Access to a LAT Service
Specifying the Service Password
An optional service password restricts access to a service. When a service contains a password, the access server prompts you for the password before allowing you to use the service.
There are two characteristics that you need to specify: SERVICE PASSWORD and
PASSWORD LIMIT.
The service password can be up to 16 ASCII characters.
Example: Assigning a Service Password
The following example shows two ways to assign a password to the service
LN03_PRINT:
Local> DEFINE SERVICE LN03_PRINT PASSWORD
Password> BLIGH (not echoed)
Verification> BLIGH (not echoed)
Local> or
Local> DEFINE SERVICE LN03_PRINT PASSWORD "BLIGH"
Caution
Do not specify passwords for services such as printers that you set up for host-initiated requests.
Example: Clearing the Service Password
To clear a previously set service password, use empty quotation marks as shown in the following example:
Local> CHANGE SERVICE LN03_PRINT PORT PASSWORD ""
The password limit characteristic determines the number of times that the access server prompts you for the correct password before it ends the connection requests. The password limit applies to all password-protected access server operations.
The range for the password limit characteristic is 0 to 10, and the factory-set default is
3. The following shows how to change the limit to 5:
Local> CHANGE SERVER PASSWORD LIMIT 5
Configuring and Managing LAT Services 12-5
Configuration of Specific Types of Devices As LAT Services
Configuration of Specific Types of Devices As LAT
Services
Introduction
This section provides examples of configuring the following types of devices as LAT services:
•
A personal computer (as both a LAT service and a terminal)
•
A computer
•
A modem
•
A printer
When you configure each type of device, you need to determine if the devices use
SIGNAL CONTROL or MODEM CONTROL. For additional information, refer to
Specifying MODEM CONTROL and SIGNAL CONTROL in Chapter 10.
Configuring a Personal Computer As a Terminal and LAT Service
The following example shows a sample configuration of a personal computer (PC) used as a terminal and a LAT service. With the port set to ACCESS DYNAMIC, the
PC can switch between terminal emulation mode and file transfer mode.
When a PC is configured as a terminal, you can use the connect command to use a printer service. To do this, the PC must have an application program that provides file transfer capabilities.
Example: Configuring a PC As a Terminal and LAT Service
Local> DEFINE PORT 2 ACCESS DYNAMIC AUTOBAUD DISABLED AUTOCONNECT
DISABLED
Local> DEFINE PORT 2 AUTOPROMPT ENABLED AUTHORIZED GROUPS
10,24,46
Local> DEFINE PORT 2 BREAK DISABLED DEDICATED NONE DEFAULT
PROTOCOL LAT
Local> DEFINE PORT 2 DSRLOGOUT ENABLED FAILOVER ENABLED
Local> DEFINE PORT 2 INACTIVITY LOGOUT ENABLED INTERRUPTS
DISABLED
12-6 Configuring and Managing LAT Services
Configuration of Specific Types of Devices As LAT Services
Local> DEFINE PORT 2 LOCAL SWITCH ^L PASSWORD DISABLED PREFERRED
NONE
Local> DEFINE PORT 2 SIGNAL CHECK ENABLED SIGNAL CONTROL DISABLED
Local> LOGOUT PORT 2
Local> CHANGE SERVER SERVICE GROUPS 10,24,46 ENABLED
Local> CHANGE SERVICE MICRO PORT 2 IDENTIFICATION "Personal computer 2"
Configuring a Computer As a LAT Service
By using multiple terminal interfaces and access server ports, you can use more than one access server port with a single computer system. Ensure that each access server port is assigned to a service.
Example: Configuring a Computer As a LAT Service on Port 2
The following example shows a sample configuration of a computer used as a LAT service:
Local> DEFINE PORT 2 ACCESS REMOTE AUTOBAUD DISABLED AUTOPROMPT
DISABLED
Local> DEFINE PORT 2 DEDICATED NONE DIALUP ENABLED DSRLOGOUT
DISABLED
Local> DEFINE PORT 2 DTRWAIT ENABLED INACTIVITY LOGOUT DISABLED
Local> DEFINE PORT 2 INTERRUPTS DISABLED LONGBREAK LOGOUT
DISABLED
Local> DEFINE PORT 2 MODEM CONTROL ENABLED SIGNAL CHECK DISABLED
Local> LOGOUT PORT 2
Local> CHANGE SERVER SERVICE GROUPS 10,24,46 ENABLED
Local> CHANGE SERVICE NONDEC PORT 2 IDENTIFICATION "XYZ minicomputer"
Configuring and Managing LAT Services 12-7
Configuration of Specific Types of Devices As LAT Services
Configuring a Modem As a LAT Service
The following example shows a sample configuration of a dial-out modem used as a
LAT service:
Local> DEFINE PORT 3 ACCESS REMOTE AUTOBAUD DISABLED
Local> DEFINE PORT 3 AUTOPROMPT DISABLED BREAK DISABLED
Local> DEFINE PORT 3 DSRLOGOUT DISABLED DTRWAIT ENABLED
Local> DEFINE PORT 3 MODEM CONTROL ENABLED SIGNAL CHECK DISABLED
Local> DEFINE PORT 3 SPEED 1200
Local> LOGOUT PORT 3
Local> CHANGE SERVER SERVICE GROUPS 10,24,46 ENABLED
Local> CHANGE SERVICE MODEM1 PORT 3 IDENTIFICATION "Modem
123-4567"
Example: Configuring a Dial-In and Dial-Out Modem
The following example shows a sample configuration of a dial-in/dial-out modem used as a LAT service:
Local> DEFINE PORT 4 ACCESS DYNAMIC AUTOBAUD DISABLED
Local> DEFINE PORT 4 DSRLOGOUT DISABLED FLOW CONTROL XON
Local> DEFINE PORT 4 INACTIVITY ENABLED MODEM CONTROL ENABLED
Local> DEFINE PORT 4 PASSWORD ENABLED SIGNAL CHECK DISABLED
Local> DEFINE PORT 4 SPEED 2400
Local> LOGOUT PORT 4
Local> CHANGE SERVER SERVICE GROUPS 10,24,46 ENABLED
Local> CHANGE SERVICE MODEM2 PORT 4 IDENTIFICATION "MODEM
890-1234"
12-8 Configuring and Managing LAT Services
Configuration of Specific Types of Devices As LAT Services
Configuring a Printer As a LAT Service
After you configure a printer as a LAT service, you need to set up the appropriate LAT remote print queue as described in the following sections of this chapter: Setting Up a LAT Remote Print Queue on an OpenVMS Host and Setting Up a LAT Remote Print
Queue on an ULTRIX System.
Example: Configuring a Printer As a LAT Service on Port 4
The following example shows a sample configuration of a printer as a LAT service:
Local> DEFINE PORT 4 ACCESS REMOTE AUTHORIZED GROUPS 10,24,46
Local> DEFINE PORT 4 AUTOBAUD DISABLED AUTOCONNECT DISABLED
DEDICATED NONE
Local> DEFINE PORT 4 DSRLOGOUT DISABLED INACTIVITY LOGOUT ENABLED
Local> DEFINE PORT 4 LONGBREAK LOGOUT DISABLED SIGNAL CHECK
ENABLED
Local> DEFINE PORT 4 SIGNAL CONTROL DISABLED
Local> LOGOUT PORT 4
Local> CHANGE SERVER SERVICE GROUPS 10,24,46 ENABLED
Local> CHANGE SERVICE LASER PORT 4 IDENTIFICATION "LN03 laser printer"
Setting Up a LAT Remote Print Queue on an OpenVMS Host
To set up a LAT remote print queue on an OpenVMS host, the host must be running
LAT software Version 5.1 or a later version. You use the LAT control program
(LATCP) to perform the setup procedure.
Privileges for Running LATCP
The privileges that you need to run LATCP depends on the version of the operating system as shown in the following table:
Operating System
OpenVMS Version 5.1 through OpenVMS Version
5.4
OpenVMS Version 5.4-1 and subsequent maintenance releases
Privileges Needed
CMKRNL
OPER
Configuring and Managing LAT Services 12-9
Configuration of Specific Types of Devices As LAT Services
Creating a Logical Device to Access a Printer Service
The following example shows how to run LATCP to create a logical device. This example configures the logical port LTA1925 to access the LAT service PRINT.
$RUN SYS$SYSTEM:LATCP
LCP> CREATE PORT LTA1925: /NOLOG
LCP> SET PORT LTA1925: /APPLICATION /NODE=LAT_08002B054DE0
/SERVICE=PRINT
LCP> EXIT
$COPY/LOG FILE.TXT LTA1925:
Configuring a Logical Device to Connect a Specific Port
You can configure a SET PORT /PORT = PORTNAME qualifier to connect to specific port as shown in the following example:
LCP> SET PORT LTA1925: /APPLICATION /NODE=LAT_08002B054DE0
/PORT=PORT 5
Using a Remote Printer Command File
The following example shows a remote printer command file,
REMOTE_PRINT.COM. This command file sets up a remote printer and remote print queue. You can use this file as a template to set up subsequent remote printers.
You should enter the remote printer command file name in the LTLOAD.COM file.
This ensures that remote printers and remote print queues are set up automatically at system startup.
Note
For OpenVMS Version 5.4-1 and later, use LAT$SYSTARTUP.COM instead of
LTLOAD.COM.
$! This command procedure sets up the local characteristics of the
$! applications devices for remote printers and sets up the print
$! queues for these remote printers. These devices should have been
$! set up previously by the LTLOAD.COM command file. NOTE: The queue
$! manager must be running before executing this file.
$!
$! Set up local characteristics for the applications devices.
$!
$SET TERM LTA1925: /PERM /DEVICE=LNO3 /WIDTH=60 /NOBROAD- /
SPEED=4800
$!
$! Set the protection on the devices so that only the symbiont can
$! access them. $! $SET PROT=(S:RWLP,O,G,W) /DEVICE LTA1925:
$!
$! Set the devices spooled
12-10 Configuring and Managing LAT Services
Configuration of Specific Types of Devices As LAT Services
$!
$SET DEVICE LTA1925: /SPOOLED=(LN03_QUE,SYS$SYSDEVICE:)
$!
$DEFINE/FORM LN_FORM 10 /WIDTH=60 /STOCK=DEFAULT /TRUNCATE
$!
$! Initialize and start the print queue
$!
$INIT/QUE /START /PROCESSOR=LATSYM /RETAIN=ERROR- /DE-
FAULT=(NOBURST,FLAG=ONE) /RECORD_BLOCKING LN03_QUE/ON=LTA1925:
$EXIT
On a VAXcluster system, you can configure the applications ports on the local node only. However, you should do so on at least two nodes so that a redundant path to the printer is available in the event of a cluster node failure.
To set up a remote-printer applications port on a cluster node, include the LAT control program CREATE PORT and SET PORT commands for that port in the node’s
LTLOAD.COM file in the SYS$MANAGER directory. For complete information about setting up remote printing on VAXcluster systems, refer to the VMS VAXcluster manual in the OpenVMS documentation set.
Setting Up a LAT Remote Print Queue on an ULTRIX System
To set up a LAT remote print queue on an ULTRIX host, specify the access server name and the port name by using one of the following:
•
An lcp command
•
An entry in the /etc/printcap file
After you specify the access server name and the port name, set up a spool directory and test the printer.
Example: Configuring a LAT Remote Print Queue on an ULTRIX System
The following example provides a sample procedure for setting up a remote print queue for a laser printer. This example identifies the access server and port names to the with the /etc/printcap file.
lps|ln03|laser printer on LAT:
:lp=/sdwv/tty42
:sd=/usr/spool/lpd:\
:ts=/LAT_08002B0540B7:\
:op=PORT_7:\
:br-19200:\
:fc-0177777:fs-023\
:xc-0177777:xs-040\
:of=/usr/lib/lpdfilters/ln03of:\
:if=/usr/lib/lpdfilters/ln03of:\
Configuring and Managing LAT Services 12-11
Configuration of Specific Types of Devices As LAT Services
:lf=/usr/lib/adm/lpd-errs:
# cd /usr/spool
# mkdir lpd
# chown daemon lps
# lpr -Plps test
12-12 Configuring and Managing LAT Services
Configuring a Printer with Unannounced Availability
Configuring a Printer with Unannounced Availability
Introduction
This section describes how to configure a printer with unannounced availability. The only users that know about the device’s availability are those users that you tell about the device. By defining a port name and not a service name, you can configure a device on the access server for access by users on a LAT network.
Configuring a Printer with Unannounced Availability
The example in this topic shows a sample configuration of a printer with unannounced availability on a LAT network. You must configure the device and port characteristics, as described in Chapter 9, before performing this procedure. The following are variables in the example that you should substitute with the appropriate values:
•
Access server port number
•
Authorized and service groups
•
Port name
You should change the port name to a descriptive term. This term should describe the resource provided (for example, printer or file transfer). The port name must be unique on the access server and follow the naming conventions described in the
Network Access Server Command Reference.
Substitute MODEM CONTROL for SIGNAL CONTROL if your access server supports MODEM CONTROL.
Reference
For a description of each command, refer to the Network Access Server Command
Reference.
Note
Not all commands can be combined on one line.
Configuring and Managing LAT Services 12-13
Configuring a Printer with Unannounced Availability
Example: Configuring a Printer with Unannounced Availability on a LAT
Network on Port 4
Local> DEFINE PORT 4 ACCESS REMOTE AUTHORIZED GROUPS 10,24,46
Local> DEFINE PORT 4 AUTOBAUD DISABLED AUTOCONNECT DISABLED
Local> DEFINE PORT 4 DEDICATED NONE DSRLOGOUT DISABLED
Local> DEFINE PORT 4 INACTIVITY LOGOUT ENABLED LONGBREAK LOGOUT
DISABLED
Local> DEFINE PORT 4 NAME PORT_4 SIGNAL CHECK ENABLED
Local> DEFINE PORT 4 SIGNAL CONTROL DISABLED
Local> LOGOUT PORT 4
For systems that need to access the printer, you must supply the system managers with the access server name, port name, and at least one group code that is enabled as an authorized group code on the port.
More Examples
The following sections in this chapter provide examples of setting up a remote print queue on OpenVMS and ULTRIX systems:
•
Setting Up a LAT Remote Print Queue on an OpenVMS Host
•
Setting Up a LAT Remote Print Queue on an ULTRIX System
12-14 Configuring and Managing LAT Services
Verifying the LAT Service
Verifying the LAT Service
Do This
To verify whether the service is functioning, try connecting to the new service.
Once connected, you can assess whether the device responds appropriately. The appropriate response depends on what device is attached to the access server port.
When you have adequate information, return to local mode (press the Break key or a local-switch character) and disconnect the service by typing DISCONNECT at the
Local> prompt.
For a computer, you may want to repeat this procedure to verify that your first session was disconnected by the host. You should receive the standard login procedure each time you connect to any computer offering a service.
Example: Verifying the LAT Service
The following example shows the command for verifying a previously defined LAT service A_DEVICE, and its port (port 5, named PORT_5):
Local> CONNECT LAT A_DEVICE DESTINATION PORT_5
Problem Solving
If you have any problem connecting to the service or using the device, use the following series of commands to review the service and port characteristics:
•
Verify whether the service is set up correctly by using the SHOW SERVICE
service-name CHARACTERISTICS command. For example, with the service
A_DEVICE, the command appears as follows:
Local> SHOW SERVICE A_DEVICE CHARACTERISTICS
The service characteristics display shows all the ports assigned to a local service and indicates its other characteristics. For a sample of the service characteristics display, refer to Displaying Information About a Service in this chapter.
•
Verify whether the port is properly configured by entering a SHOW PORT command and looking at the port characteristics display. For example, for port 5, the command is as follows:
Local> SHOW PORT 5
•
Verify the access server characteristics, for instance, that announcements are enabled and service groups are valid, by using the SHOW SERVER
CHARACTERISTICS command as follows:
Local> SHOW SERVER CHARACTERISTICS
Configuring and Managing LAT Services 12-15
Managing Your Access Server As a LAT Node Offering a Service
Managing Your Access Server As a LAT Node Offering a
Service
Introduction
By default, once there is a service, the access server functions as a service node by issuing multicast service announcements, which describe its available services to access servers on the network. These announcements contain information about the service node (such as its name and identification string) and about the available services. A single multicast service announcement is entered at the interval indicated by the multicast timer
Displaying Information About a Service
You can display information about services on the LAT network, including services on your access server, using the SHOW/MONITOR/LIST SERVICES command.
To display information on the services offered by your access server, use the SHOW/
LIST SERVICES LOCAL command. To display information about a particular service, use the SHOW/LIST SERVICE command followed by the service name. To display information about all services, use the SHOW/LIST SERVICE ALL command.
There are three types of information you can display about the service:
•
Characteristics
The characteristics display is useful when you are changing operational and permanent values with the SET/DEFINE/CHANGE SERVICE command.
•
Status
You can obtain data on the operation of services by using the status display.
•
Summary
The summary display gives you capsule data on the services offered on the network or the local access server.
Displaying Services Characteristics
The LIST/SHOW/MONITOR SERVICES CHARACTERISTICS command generates a display of information on values that you can modify with the SET/
DEFINE/CHANGE SERVICE command. With the LIST command, the characteristics display is the default display for the SERVICES and the SERVICES
LOCAL entity specifications.
12-16 Configuring and Managing LAT Services
Managing Your Access Server As a LAT Node Offering a Service
Example: SHOW SERVICE CHARACTERISTICS Display
The following example below shows how to generate a service characteristics display for the service named PRINTER:
Local> SHOW SERVICE PRINTER CHARACTERISTICS
Service: PRINTER
Identification: Printer Ports to PEACH
Ports: 1-3, 5, 7
Rating: 255
Enabled Characteristics:
Connections, Password, Queuing
Local>
SHOW/LIST/MONITOR SERVICE CHARACTERISTICS Display Fields
The following table describes the fields displayed in the service characteristics display:
Field
Service
Description
Name that identifies the network service.
Identification
The following fields are displayed only for services offered by the access server
(local services):
Ports
Service identification string. This string is usually a short description of the service or of how to use it.
Numbers of the ports at which the local service is offered.
Rating Rating at which the access server offers this service.
If any ports that offer the service are available, the rating is proportional to the number of available ports.
If no ports are available that offer the service and if queuing is enabled for the service, the rating is proportional to the number of unused positions in the connection queue.
Enabled characteristics Characteristics that can be enabled with the
CHANGE SERVICE command. The access server displays only those characteristics that are enabled for local services.
Connections Access server allows connections to this service.
Configuring and Managing LAT Services 12-17
Managing Your Access Server As a LAT Node Offering a Service
Field Description
Password
Queuing
Access server requires the requester of the service to supply a password before access to the service is allowed.
Access server places queued connection requests for this service in a queue if the request cannot be immediately satisfied.
Displaying Services Status
The SHOW/LIST/MONITOR SERVICE STATUS command displays information about the operational condition of the network and its services, including services offered by your access server. The display includes a list of the nodes that offer the selected service or services. Use the keyword LOCAL to restrict the information displayed to locally defined services. Without the keyword LOCAL or a particular service name, you get information on all network services, including local services.
The status display is the default display for the SHOW SERVICE service-name command.
For each selected service, an introductory line identifies the service for which status information is being displayed. The next line shows the headings for the status information. Under the headings, a line is displayed for each node offering the selected service.
The access server displays information about a service or services from data stored in its memory. If none of the ports can access a particular service, the access server does not retain any data about that service. Hence, no information about that service can be displayed.
12-18 Configuring and Managing LAT Services
Managing Your Access Server As a LAT Node Offering a Service
Example: SHOW SERVICE STATUS Display
The following example shows how to generate a service status display for a service named DEVELOP:
Local> SHOW SERVICE DEVELOP STATUS
Service DEVELOP - Available
Node Name Status Rating Identification
ORANGE Reachable 27 Terminals
Development System
PEACH Unreachable 255 Engineering
Development System
TEST Unknown 150 High-powered
Performance Testing
SHOW/LIST/MONITOR SERVICE STATUS Display Headings
The following table describes the fields and the headings in the display:
Heading
Service
Node Name
Status
Description
Name that identifies the network service.
Name of the service node, as stored in access server memory for each node that offers the service.
The accessibility of the service node as one of the following:
n Connected Service node is reachable and the access server has n active sessions on the node.
Unknown
Unreachable
No sessions are active, and the service node offering this service has not been heard from recently.
Active service session has timed out, or attempt to connect has timed out.
The node can also signal that it is unreachable.
Configuring and Managing LAT Services 12-19
Managing Your Access Server As a LAT Node Offering a Service
Heading
Rating
Identification
Description
Relative capability for a service node to process new sessions. The service rating is assigned by a service node for each service that it offers. With the higher rating, the capability of the service node to accept a new connection is greater. The access server uses service ratings to decide where to establish a service session when two or more service nodes offer the same service. The access server attempts to connect to the service on the node that advertises the highest rating for the service.
Service identification string for this service node.
This string may be different from the service node identification string.
Displaying Services Summary
The SHOW/MONITOR SERVICES SUMMARY command displays one line of information on each selected service or services. Use the keyword LOCAL to obtain information on locally defined services. Without the keyword LOCAL or a particular service name, you get information on all network services. For the SHOW/MONITOR commands, the summary display is the default display for the SERVICES, SERVICES
ALL, and SERVICES LOCAL entity specifications.
The display contains one line of headings and, for each service known to the access server, one line of information describing each service.
The access server displays information about a service or services from data stored in its memory. If none of the ports can access a particular service, the access server does not retain any data about that service. Hence, no information about that service can be displayed.
Note
Ports with the LIMITED VIEW command enabled cannot perform the SHOW
SERVICES command.
12-20 Configuring and Managing LAT Services
Managing Your Access Server As a LAT Node Offering a Service
Example: SHOW SERVICE SUMMARY Display
The following example shows how to generate a service summary display for all network services:
Local> SHOW SERVICES ALL SUMMARY
Service Name Status Identification
DEVELOP Connected Hardware Development System
DOCUMENT Available Documentation Timesharing
TEST Unavailable High-powered Performance Testing
TIMESHARING Unknown Accts. Payable Timesharing
SHOW/LIST/MONITOR SERVICE SUMMARY Display Headings
The following table describes the headings in the display:
Heading
Service Name
Status
Identification
Description
Name that identifies the network service.
Current availability of the service as one of the following:
Available One or more service nodes that offer the service are accessible.
n Connected
Unavailable
Service is available and n sessions are currently active with this service.
All service nodes that offer the service are not accessible.
Unknown None of the service nodes that offer the service are accessible, and one or more is unknown.
Service identification string, which may describe the service or how to use the service.
Configuring and Managing LAT Services 12-21
Chapter 13
Configuring and Managing Telnet Servers
Overview
Introduction
This chapter explains how to configure various types of devices as a Telnet or raw TCP server. A Telnet or raw TCP server is a resource on a TCP/IP network.
To use the procedures in this chapter, you must:
•
Connect and test the devices
•
Enable privileged status
•
Configure the port and device characteristics to match
Refer to your access server hardware documentation for information about connecting device cables.
In This Chapter
This chapter contains the following topics:
•
Sample Device Configurations
•
Configuring a Personal Computer As a Terminal and for Access through a Telnet
Listener
•
Configuring a Remote Print Queue
•
Configuring a Telnet Listener
•
Configuring Telnet Server Session Characteristics
•
Managing Your Access Server As a Telnet Listener Node
•
Supplying User Location Data to Telnet Servers
•
Configuring a Raw TCP Listener
Configuring and Managing Telnet Servers 13-1
Sample Device Configurations
Sample Device Configurations
Introduction
This section provides examples of configuring the following types of devices for access through a Telnet listener:
•
A printer
•
A computer
•
A modem
You must configure the device and port characteristics as described in Chapter 9 before performing the procedures described in this chapter.
The examples in this section do not include the various Telnet server characteristics.
Refer to Configuring Telnet Server Session Characteristics in this chapter to set up the
Telnet server characteristics.
The following lists the variables in this chapter that you should substitute with the appropriate values:
•
Access server port number
•
Flow control type (printer only)
•
Telnet listener-identifier (Must be 23 or between 2001 to 2032, inclusive.)
•
Identification string (up to 40 characters)
Configuring a Printer for Access Through a Telnet Listener
For systems that need to access the printer, you must supply the system managers with the TCP port number. The section Configuring a Remote Print Queue in this chapter provides an example of setting up a remote print queue on an ULTRIX or UNIX system.
The following example shows a sample configuration of a printer used for access through a Telnet listener on port 4.
Local> DEFINE PORT 4 ACCESS REMOTE AUTOBAUD DISABLED BREAK
DISABLED
Local> DEFINE PORT 4 DEDICATED NONE DSRLOGOUT DISABLED FLOW
CONTROL XON
Local> DEFINE PORT 4 INACTIVITY LOGOUT ENABLED LONGBREAK LOGOUT
DISABLED
Local> DEFINE PORT 4 SIGNAL CHECK ENABLED SIGNAL CONTROL DISABLED
Local> LOGOUT PORT 4
13-2 Configuring and Managing Telnet Servers
Sample Device Configurations
Local> CHANGE TELNET LISTENER 2010 PORTS 4 ENABLED
Local> CHANGE TELNET LISTENER 2010 IDENTIFICATION "PRINTER"
Local> CHANGE TELNET LISTENER 2010 CONNECTIONS ENABLED
Configuring a Computer for Access Through a Telnet Listener
The following example shows a sample configuration of a computer used for access through a Telnet listener on port 2:
Local> DEFINE PORT 2 ACCESS REMOTE AUTOBAUD DISABLED AUTOCONNECT
DISABLED
Local> DEFINE PORT 2 BREAK DISABLED DEDICATED NONE DSRLOGOUT
DISABLED
Local> DEFINE PORT 2 DTRWAIT ENABLED INACTIVITY LOGOUT DISABLED
Local> DEFINE PORT 2 INTERRUPTS DISABLED LONGBREAK LOGOUT
DISABLED
Local> DEFINE PORT 2 MODEM CONTROL ENABLED SIGNAL CHECK DISABLED
Local> LOGOUT PORT 2
Local> CHANGE TELNET LISTENER 2010 PORTS 2 ENABLED
Local> CHANGE TELNET LISTENER 2010 IDENTIFICATION "XYZ minicomputer"
Local> CHANGE TELNET LISTENER 2010 CONNECTIONS ENABLED
Configuring a Modem for Access Through a Telnet Listener
This section contains examples that show how to configure a dial-out modem and a dial-in/dial-out modem.
Example: Configuring a Dial-Out Modem
The following example shows a sample configuration of a dial-out modem used for access through a Telnet listener on port 3:
Local> DEFINE PORT 3 ACCESS REMOTE AUTOBAUD DISABLED
Local> DEFINE PORT 3 AUTOPROMPT DISABLED BREAK DISABLED
Local> DEFINE PORT 3 DSRLOGOUT DISABLED DTRWAIT ENABLED
Local> DEFINE PORT 3 LONGBREAK LOGOUT DISABLED MODEM CONTROL
ENABLED
Local> DEFINE PORT 3 SIGNAL CHECK ENABLED SPEED 1200 ALTERNATE
SPEED 300
Local> LOGOUT PORT 3
Local> CHANGE TELNET LISTENER 2004 PORTS 3 ENABLED
Local> CHANGE TELNET LISTENER 2004 IDENTIFICATION "Modem
123-4567"
Local> CHANGE TELNET LISTENER 2004 CONNECTIONS ENABLED
Configuring and Managing Telnet Servers 13-3
Sample Device Configurations
Example: Configuring a Dial-In and Dial-Out Modem
The following example shows a sample configuration of a dial-out modem used for access through a Telnet listener on port 4:
Local> DEFINE PORT 4 ACCESS DYNAMIC AUTOBAUD DISABLED
Local> DEFINE PORT 4 DSRLOGOUT DISABLED FLOW CONTROL XON
Local> DEFINE PORT 4 INACTIVITY ENABLED MODEM CONTROL ENABLED
Local> DEFINE PORT 4 PASSWORD ENABLED SIGNAL CHECK ENABLED
Local> DEFINE PORT 4 SPEED 2400 ALTERNATE SPEED 1200
Local> LOGOUT PORT 4
Local> CHANGE TELNET LISTENER 2008 PORTS 3 ENABLED
Local> CHANGE TELNET LISTENER 2008 IDENTIFICATION "Modem
890-1234"
Local> CHANGE TELNET LISTENER 2008 CONNECTIONS ENABLED
13-4 Configuring and Managing Telnet Servers
Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener
Configuring a Personal Computer As a Terminal and for
Access through a Telnet Listener
Sample Configuration
To configure a PC for access through a Telnet listener only, use the following example and:
•
Substitute MODEM CONTROL for SIGNAL CONTROL if your access server supports modem control.
•
Use LONGBREAK LOGOUT instead of DSRLOGOUT if your access server, device, or device cable does not support the DSR signal.
Local> DEFINE PORT 2 ACCESS DYNAMIC AUTOBAUD DISABLED BREAK
DISABLED
Local> DEFINE PORT 2 DEDICATED NONE SIGNAL CONTROL DISABLED
Local> DEFINE PORT 2 DEFAULT PROTOCOL TELNET
Local> DEFINE PORT 2 DSRLOGOUT ENABLED INACTIVITY LOGOUT ENABLED
Local> DEFINE PORT 2 INTERRUPTS DISABLED LOCAL SWITCH ^L PASSWORD
DISABLED
Local> DEFINE PORT 2 PREFERRED NONE SIGNAL CHECK ENABLED
Local> LOGOUT PORT 2
Local> CHANGE TELNET LISTENER 2010 PORTS 2 ENABLED
Local> CHANGE TELNET LISTENER 2010 IDENTIFICATION "Personal
Computer"
Local> CHANGE TELNET LISTENER 2010 CONNECTIONS ENABLED
Switching Modes
With the port set to ACCESS DYNAMIC, the PC can switch back and forth from terminal-emulation mode, which allows the PC to access Access Server services on the
LAT network, and file transfer mode, which allows the PC to transfer files with another computer as a transfer partner. Refer to Setting User Priority for Devices Using
Dynamic Access in this chapter for further information on switching between terminal-emulation mode and file transfer mode.
Configuring Personal Computer Access to a Printer
Personal computers configured as a terminal can connect to a printer offered as a resource when a user enters a CONNECT command. However, for the user to access the printer, the PC must have an applications program capable of sending files to the printer. The person in charge of the PC must supply the appropriate applications program. The access server does not queue connection requests to a printer.
Configuring and Managing Telnet Servers 13-5
Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener
Setting User Priority for Devices Using Dynamic Access
You can enable interrupts if you want the owner or main user of the device to have full control over it. For example, the main user of a personal computer may require priority over other users that want to copy files from the computer disk. You can provide this control by setting the port to INTERRUPTS ENABLED and the Break key to LOCAL.
Setting the BREAK to LOCAL allows the user to use the Break key to return from session mode to local mode. Use caution when enabling interrupts, because they inconvenience people using the device as a service. For printers with keyboards, which can also be used as interactive terminals, you should have the interrupts characteristic disabled on the port.
The INTERRUPTS characteristic is governed by the following rules:
•
With INTERRUPTS DISABLED, a potential user cannot interrupt an ongoing file transfer session between the PC and another system. The user can start a session only when all file transfer sessions have completed or are disconnected from the privileged port. The factory-set default is INTERRUPTS DISABLED.
•
With INTERRUPTS ENABLED, a potential user can press the Break key to interrupt an ongoing file transfer session and start a local session. The access server logs out the file transfer session and allows the interactive user to log in. In this situation, any queued connection requests for the port remain queued and are processed when the user logs out of the port.
•
A request from another system can never interrupt an ongoing local session.
•
If there is no ongoing session, a session using either type of access (user at the PC or system accessing the PC) can be started, and the above rules apply.
Example: Enabling Interrupts for Devices Using Dynamic Access
The following example shows how to enable interrupts and set BREAK to LOCAL on port 5:
Local> CHANGE PORT 5 INTERRUPTS ENABLED BREAK LOCAL
13-6 Configuring and Managing Telnet Servers
Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener
Configuring a File Transfer Partner
The access server supports the file transfer capability of a personal computer on an access server port. This allows a user of a personal computer to send and receive files over the LAN. For a particular session, the access server permits a user to control whether flow control and other special characters are intercepted by the access server.
Note that session nodes frequently control these characteristics for you.
To be available for file transfers, the PC must be logged out from the access server port.
When a connection is made to the port, the port shifts to remote-access mode.
To transfer files, you must set up the access server port and the personal computer
(local partner) to function as the initiator of a session with the remote partner in the transfer. The remote partner computer can be a session node or a personal computer that is available on the network. Once the initiator establishes a session to a partner, you can transfer files in either direction between the initiator and the partner. The computer serving as the file transfer partner might require some modifications before a file transfer. To learn what modifications are required, refer to the documentation for the computer and for the file transfer program.
Partner Guidelines
The following provides guidelines for setting up the partners:
•
Remote partner — You need to disable such characteristics as message verification, forward switch, backward switch, and local switch when using binary or ASCII file transfers. If needed, also disable flow control for binary file transfers.
Additionally for binary or ASCII file transfers, all Telnet indications should be set to none. Use the SET/DEFINE/CHANGE TELNET SERVER command.
•
Local partner — Flow control should always be enabled on the access server port and disabled on a session-by-session basis. The Telnet client binary profile disables flow control (refer to Specifying the Telnet Client Session Profile in
Chapter 11). If flow control is needed, you will need to use the SET SESSION
TELNET CLIENT FLOW CONTROL command. Note that this command affects only the client partner.
Configuring and Managing Telnet Servers 13-7
Configuring a Remote Print Queue
Configuring a Remote Print Queue
Introduction
The following sections explain how to configure a print queue on an ULTRIX or
UNIX system.
Configuring a TCP/IP Remote Print Queue on an ULTRIX System
An ULTRIX print spooler can be configured to access one or more access server ports through the access server Telnet listener. Thus, a file can be queued for printing using the host’s lpr command. If a host print spooler attempts a connection to a Telnet listener port that is busy, the queue entry request is dropped at the host and will have to be resubmitted.
Printer Port Telnet Server Characteristics
The following table lists the recommended Telnet server characteristics for the printer port to facilitate printing of files. (Refer to Configuring Telnet Server Session
Characteristics in this chapter.)
Characteristic
Xmit Char Size
Rcv Char Size
IP, AYT, AO, EOR, NOP, BRK, EC, EL
Newline From Terminal
Newline To Terminal
Newline From Host
Newline To Host
Setting
8
8
None
<LF>
None
None
<CRLF>
13-8 Configuring and Managing Telnet Servers
Configuring a Remote Print Queue
Procedure
Step
1
The following procedure describes how to configure an ULTRIX (Version 4.0 or subsequent maintenance release) host’s print system. The host will use the access server internet address and Telnet listener TCP port number to connect to the access server printer port.
It is assumed that you are familiar with configuring an ULTRIX print system. For more detailed description of the ULTRIX print system, refer to the ULTRIX Guide to System
Environment Setup.
Action
Use the lprsetup program to initially configure a remote access printer entry in the printcap file.
Example: The following example creates printer ds0 with spooling directory /usr/spool/ lpd1. Some of the questions are ignored by pressing the Return key.
# lprsetup
ULTRIX Printer Setup Program
Command <add modify delete exit view quit help>: add
Enter printer name to add []: ds0
Enter the FULL name of one of the following printer types: or press RETURN for [unknown]: remote
Enter printer synonym:
Set spooler directory 'sd' [] ? /usr/spool/lpd1
Set remote system name 'rm' [] ?
Set remote system printer name 'rp' []?
Enter the name of the printcap symbol you wish to modify.
Enter symbol name: q
Are these the final values for printer 1 ? [y] y
The lprsetup program creates the following printcap entry for ds0: ds0|lp1:\
:lp=:\
:rm=:\
:rp=:\
:sd=/usr/spool/lpd1:
Configuring and Managing Telnet Servers 13-9
Configuring a Remote Print Queue
Step
2
3
Action
Modify the printcap entry: ds0|lp1:\
:lp=@tsb0c3/prds3:\
:sd=/usr/spool/lpd1:
The tsb0c3 entry identifies the access server internet address and is an entry in /etc/hosts for the access server. The prds3 entry identifies the access server TCP port number and is an entry in /etc/services. For example:
16.20.48.43 tsb0c3.lkg.dec.com tsb0c3 prds3 2010/tcp
Print a file using the host’s lpr command. The lpr command queues and submits a job for printing. For example:
# lpr -P ds0 file
Configuring a TCP/IP Remote Print Queue on a UNIX System
System managers must provide an application that queues print jobs on a UNIX system. A sample print spooler program, DS7-UNIX-SPOOL.C, for UNIX systems is included with the software distribution kit. This program is written in the C language.
This file is loaded in the load host DECSERVER directory during installation.
13-10 Configuring and Managing Telnet Servers
Configuring a Telnet Listener
Configuring a Telnet Listener
Introduction
Perform the following steps to assign a Telnet listener to one or more devices attached to access server ports:
Step
1
2
3
4
5
Action
Assign a TCP port to the access server port. The access server uses 23, and 2001 to 2032 as TCP port numbers. The TCP port number is the number that users on the TCP/IP network use to connect to the device on the access server port.
Determine which access server port or ports are to be assigned to the
Telnet listener.
Provide an identification string that helps users recognize and use the resource. It can be up to 40 characters in length. The factory-set default is no identification string.
Enable the listener to receive connections. The factory-set default for
CONNECTIONS is DISABLED.
Specify the individual access server session characteristics, as described in the Configuring Telnet Server Session Characteristics section in this chapter.
Configuring and Managing Telnet Servers 13-11
Configuring Telnet Server Session Characteristics
Configuring Telnet Server Session Characteristics
Introduction
The following sections describe how to configure the various Telnet server session characteristics.
Mapping Event Indications to Keyboard Characters
You can map the event indications to keyboard characters. The factory-set default for each indication is that no character is sent to the device or application on the access server port set up as a Telnet server port.
In most cases, you would map an event indication to a character in order for the access server to forward that event indication to the application or device on the access server port. The mapped character is defined by the device or application. For example, if an application defines IP as Ctrl/G, then you need to map IP to Ctrl/G:
Local> CHANGE PORT 5 TELNET SERVER IP ^G
Event Indications
You can map the following event indications to keyboard characteristics:
Event Indication
Abort Output (AO)
Interrupt Process (IP)
Are You There (AYT)
Break (BRK)
End of Record (EOR)
Erase Previous Character (EC)
Description
Occurs when the remote user of this connection requests that any output currently en route to the user’s terminal be aborted.
Occurs when the remote user of this connection requests that the process at this access server be aborted.
Occurs when the remote user of this connection requests a response from the Telnet server to verify that the connection is active.
Occurs when the remote user of this connection sends a remote break.
Occurs when the remote user of this connection issues an EOR request.
Occurs when the remote user of this connection issues an EC request.
13-12 Configuring and Managing Telnet Servers
Configuring Telnet Server Session Characteristics
Event Indication
Erase Previous Line (EL)
No operation (NOP)
Description
Occurs when the remote user of this connection issues an EL request.
Occurs when the remote user of this connection issues a NOP command.
Specifying Newline Characteristics
The NEWLINE characteristics allow the person managing the access server to define a new line as a 1- or 2-character sequence. In this case, TERMINAL specifies the user at the remote end of the connection (Telnet client) and HOST specifies the device connected to the access server (Telnet server).
•
NEWLINE FROM TERMINAL — When entered by the remote user, the character sequence is interpreted as a new line. The factory-set default is CR. The following shows how to change the character sequence to @#:
Local> CHANGE PORT 5 TELNET SERVER NEWLINE FROM TERMINAL
@#
•
NEWLINE TO TERMINAL — The character sequence is sent to the user’s terminal whenever a NEWLINE FROM HOST sequence is received from the internet host. The factory-set default is CRLF.
•
NEWLINE FROM HOST — When received from the internet host, the character sequence is interpreted as a new line. The factory-set default is CRLF. Note that the Telnet protocol specifies that the CRLF sequence should be sent.
•
NEWLINE TO HOST — When entered by the remote user, the character sequence is sent to the internet host. The factory-set default is CRLF. Note that the
Telnet protocol specifies that the CRLF sequence should be sent.
Specifying Character Size
The CHARACTER SIZE characteristic allows you to select the character size, 7- or 8bit, that is used during a session. In addition, the character size can be specified in the transmit direction (server to Telnet client), receive direction (Telnet client to server), or both directions.
Example: Setting CHARACTER SIZE
The following example shows how to set CHARACTER SIZE to 7 in both directions for port 5:
Local> CHANGE PORT 5 TELNET SERVER CHARACTER 7
Configuring and Managing Telnet Servers 13-13
Configuring Telnet Server Session Characteristics
Example: Setting Character Size in a Specific Direction
The following example shows how to set CHARACTER SIZE to 7 in the TRANSMIT direction:
Local> CHANGE PORT 5 TELNET SERVER TRANSMIT CHARACTER SIZE 7
To set the character size in the receive direction, use RECEIVE instead of
TRANSMIT.
13-14 Configuring and Managing Telnet Servers
Managing Your Access Server As a Telnet Listener Node
Managing Your Access Server As a Telnet Listener Node
Introduction
This section contains the procedures to display and remove Telnet listeners.
Displaying Telnet Listeners
The SHOW/LIST/MONITOR TELNET LISTENER command displays the Telnet listener characteristics. The ALL characteristic displays all the Telnet listeners. You can specify a specific Telnet listener by its TCP port number.
Example: SHOW TELNET LISTENER Display
The following example shows how to display the Telnet listener characteristics on
TCP port 2010:
Local> SHOW TELNET LISTENER 2010
Listener TCP-port: 2010
Identification: Printer
Ports: 6,8
Connections: Enabled
The first line displays the TCP port number; the second line displays the identification string; the third line displays the listener’s access server port numbers; the last line displays whether connections to the listener are enabled or disabled.
Displaying Telnet Server Characteristics
The SHOW/LIST/MONITOR PORT TELNET SERVER CHARACTERISTICS command displays the Telnet server characteristics.
Example: SHOW PORT TELNET SERVER CHARACTERISTICS Display
The following example shows how to display the Telnet server characteristics on port
12:
Local> SHOW PORT 12 SESSIONS 1 CHARACTERISTICS
Xmit Char Size: 8 Newline From Term: <CRLF>
Rcv Char Size: 8 Newline From Host: <CRLF>
IP: None Newline To Term: <CRLF>
AYT: None Newline To Host: <CR>
AO: None EC: NONE
EOR: None EL: NONE
NOP: None BRK: None
Local>
Configuring and Managing Telnet Servers 13-15
Managing Your Access Server As a Telnet Listener Node
Removing a Telnet Listener
You can remove a Telnet listener that was defined in either the permanent or operational databases. Use the privileged CLEAR TELNET LISTEN command
(which acts on the operational database) or PURGE TELNET LISTEN command
(which acts on the permanent database) to remove a defined Telnet listener and its associated characteristics.
Example: Removing a Telnet Listener
The following example shows how to remove Telnet listener 2010 from the access server permanent database:
Local> PURGE TELNET LISTENER 2010
Removing One of Many Devices Assigned to a Telnet Listener
To remove a device that is one of many devices assigned to a Telnet listener, perform the following steps:
2
3
Step
1
4
Action
Use the SET TELNET LISTEN CONNECTIONS DISABLED command to stop any future connections. The SET TELNET LISTEN
CONNECTIONS DISABLED command is refused if a session exists.
Example: The following example shows how to disable future connections to internet port 2005:
Local> SET TELNET LISTEN 2005 CONNECTIONS DISABLED
If a session exists, use the LOGOUT command to log out the port.
Disable the port as follows (substitute your listener TCP port for 2005 and the listener physical port for 5):
Local> CHANGE TELNET LISTENER 2005 PORT 5 DISABLED
Enable the Telnet listener. The following shows how to enable connections to internet port 2005:
Local> SET TELNET LISTEN 2005 CONNECTIONS ENABLED
13-16 Configuring and Managing Telnet Servers
Managing Your Access Server As a Telnet Listener Node
Reassigning a Port
This process allows you to manage a failed access server port that is configured as a
Telnet listener. Use the following steps to reassign a port:
2
3
4
Step
1
5
Action
Use the LIST PORT n CHARACTERISTICS command to learn the values used in the existing configuration.
Disconnect the device from the port.
Select a new port and reattach the device at the new port.
Set the new port’s values to those of the existing port. If the values are unavailable, you need to configure the device as described in Chapter 4.
Enable the Telnet listener on this port and disable the Telnet listener on the original port.
Configuring and Managing Telnet Servers 13-17
Supplying User Location Data to Telnet Servers
Supplying User Location Data to Telnet Servers
Introduction
When the access server creates a Telnet client connection, it automatically negotiates with the Telnet server to send port user data. If the server responds with a “send” message, the access server transmits the session port name and port number.
Appropriate software on the server can then use the location data for each session to generate statistics about Telnet use. In these negotiations, the access server functions only as a Telnet client, not as the Telnet server.
Each time the Telnet server transmits IAC DO, the client sends the location data. In this way, the server can poll anytime for the user’s location. If the Telnet server does not respond with IAC DO, the session proceeds normally, but the client does not send the location data.
Example: TCP Messages to Poll Client User Location Data
The following example shows a series of TCP messages generated during negotiation between the Telnet client (the access server) and the Telnet server. The client starts the negotiation with IAC WILL SEND-LOCATION.
IAC WILL SEND-LOCATION
IAC DO SEND-LOCATION
IAC SB SEND-LOCATION ascii-location IAC SE
IAC DO SEND-LOCATION
IAC SB SEND-LOCATION ascii-location IAC SE
.
.
.
The ascii-location field comprises the Telnet user’s port name and port number. The port number is stored in the access server NVRAM. The port name is also stored in
NVRAM. It is the string specified by the DEFINE/CHANGE PORT NAME command, and it appears in the display for the LIST PORT command.
13-18 Configuring and Managing Telnet Servers
Configuring a Raw TCP Listener
Configuring a Raw TCP Listener
Introduction
When you configure a Telnet listener to use raw TCP, the associated port sends data to a device or a remote host without any data manipulation or interpretation of control characters. Because raw TCP sends the data it receives to a port without any interpretation, sending data this way is faster than using the Telnet protocol. The raw
TCP listener also allows an application program on a remote host to use single socket
I/O (input/output) calls and bypass the Telnet protocol layer.
When To Use Raw TCP
Using raw TCP is beneficial when you need to maintain the control character definitions in the data you send to and from a port on the access server or when you need to send data without any Telnet processing. For example, when sending data to a printer, you may need to preserve the control characters sent to the printer or you may need to run socket I/O calls. In these cases, you want to configure the raw TCP protocol on the Telnet listener.
Configuring Raw TCP
To configure raw TCP on an access server, configure a Telnet listener that has a type of RAW. Use the CHANGE TELNET LISTENER TYPE RAW command to configure the Telnet listener. Then use the CHANGE TCP LISTENER or CHANGE
TELNET LISTENER commands to define additional characteristics.
Example: Configuring Raw TCP
The following example shows how to a configure raw TCP listener on port 3:
L ocal> CHANGE TELNET LISTENER 2003 PORT 3
L ocal> CHANGE TELNET LISTENER 2003 TYPE RAW
Local> CHANGE TELNET LISTENER 2003 CONNECTIONS ENABLED
These commands:
•
Create a Telnet listener on access server port 3 and assign TCP port 2003 to the port.
•
Set the type for the Telnet listener to RAW.
•
Enable the raw TCP listener.
Configuring and Managing Telnet Servers 13-19
Configuring a Raw TCP Listener
Displaying Raw TCP Characteristics
Use the SHOW/LIST TELNET LISTENER command to view the raw TCP settings.
Example: Raw TCP Display
The following example shows a typical display for a Telnet listener configured for raw
TCP:
Local> SHOW TELNET LISTENER 2003
Listener TCP-port: 2003 Listener Type: RAW TCP
Identification:
Ports: 3
Connections: ENABLED
IP address: 12.22.22.22
13-20 Configuring and Managing Telnet Servers
Chapter 14
Configuring LPD Printers
Overview
Introduction
The Line Printer Daemon (LPD) handles remote networking printing. It listens for print requests from remote hosts on the Local Area Network (LAN) and responds to these requests. The LPD software that the access server implements is similar in function to the LPR/LPD (Line Printer Remote/Daemon) on UNIX systems.
In This Chapter
This chapter contains the following topics:
•
LPD Operation
•
Configuring LPD
Configuring LPD Printers 14-1
LPD Operation
LPD Operation
Supported File Types
The access server’s LPD implementation supports printing of ASCII text and
PostScript files. The access server does not convert files from one format to the other.
Users must be aware of the type of file they want to print and select the appropriate printer when submitting a print job.
Control and Data Files
During the printing operation, the access server receives control and data files from the remote host. The following table describes these files:
This File:
Control
Data file
Contains:
File format information and user information (for example, host and user name).
Total number of bytes in the file, the name of the data file, and the data.
Remote hosts can send control and data files in any order. The access server does the following:
•
If the control file arrives first, the access server stores the file, waits for the data file to arrive, and then prints the data. The access server sends the user data in the control file as the last page of the print job.
If the Control File
Arrives First and the:
Header is enabled.
Header is disabled.
Header is optional.
Trailer is enabled.
Trailer is disabled.
Trailer is optional.
Does the Header/
Trailer Print?
Yes
No
Yes
Yes
No
No
Does the User
Information Print?
Yes
No
Yes
Yes
No
No
•
If the data file arrives first, the access server sends the file to the printer according to the printer setup on the port. When the control file arrives, the access server
14-2 Configuring LPD Printers
LPD Operation sends the user data to the printer as the last page of the print job. In this situation, the access server cannot display or use user information from the control file while the file is printing.
If the Data File Arrives
First and the:
Header is enabled.
Header is disabled.
Header is optional.
Trailer is enabled.
Trailer is disabled.
Trailer is optional.
Does the Header/
Trailer Print?
Yes
No
No
Yes
No
Yes
Does the User
Information Print?
No
No
No
Yes
No
Yes
Configuring LPD Printers 14-3
LPD Operation
Operation
The access server receives print requests from remote hosts on TCP port 515. It uses
LPD to send the file to a local printer through the access server’s LAN interface and a serial port. The following occurs when a host on the LAN uses LPD to send a print job to the access server:
14-4 Configuring LPD Printers
Configuring LPD
Configuring LPD
Configuring Remote Hosts
Remote network printing using LPR/LPD requires that you set up the host system correctly. The following table describes the setup requirements for specific types of hosts:
If Printing From
This Host:
UNIX
Then:
Windows NT
VMS UCX
Create an entry in the /etc/printcap file that includes the name of the remote printer and the IP address of the access server (the LPD server). Refer to your system’s
LPR/LPD documentation for details.
Users must convert files to either ASCII text or PostScript format before printing files.
1) Install a TCP/IP printing service.
2) Install a printer (use the Control Panel).
3) Choose an appropriate print driver for the printer.
4) Assign the LPR port that the TCP/IP printing service creates to the printer. This causes the system to prompt the user to enter the LPD server’s IP address and remote printer name.
1) Install the UCX software.
2) Run UCX$LPRSETUP.EXE to set up the LPR printer.
3) Follow the prompts to set up the printer.
Associating a Printer With a Port
To allow remote network printing with LPD, associate a printer with one or more ports.
This is similar to defining a Telnet or TCP listener; however, instead of specifying a port number, you specify a printer name. The printer name must be unique on the network. You can associate the printer with a single port or you configure it to be shared across multiple ports. This allows you to assign a single name to a collection of similar printers.
Use the DEFINE/SET/CHANGE PRINTER command to associate a printer with a port and configure print characteristics.
Configuring LPD Printers 14-5
Configuring LPD
The following table lists the print characteristics that you can configure:
Characteristic
AUTOCR
CONNECTIONS
FLAGPAGE
HEADER
IDENTIFICATION
TRAILER
TYPE
Description
Automatically inserts a carriage return. When you enable this option, the access server inserts a carriage return after each line feed character if there is no existing carriage return. The AUTOCR option applies only to ASCII text files.
Specifies whether a user can queue a print job to a printer.
You use this option to disable access to a printer temporarily for reasons such as routine maintenance or adding paper.
Specifies a message that prints on the flag page that prints before the file data.
Specifies whether a header page prints before the file data.
You can set this option so that no header page prints if the access server does not know the user name at the start of the print job (for example, if the access server receives the data file before it receives the control file).
Specifies a text string (40 characters or less) that is associated with a printer.
Enables or disables printing of a trailer page after file data prints. You can set this option so that no trailer page prints if the access server does not know the user name at the start of the print job (for example, if the access server receives the data file before it receives the control file).
Specifies ASCII or PostScript. Use this option to determine the kind of flag page or pages to send to the printer.
Setting Port Characteristics
For LPD to communicate with your printers, you must set the following port characteristics:
•
ACCESS REMOTE
•
AUTOBAUD DISABLED
•
FLOW CONTROL, PARITY, SPEED and STOP BITS to match the printer’s settings
Use the DEFINE/SET/CHANGE PORT command to configure port characteristics.
14-6 Configuring LPD Printers
Configuring LPD
Printer Configuration Example
The following example shows how to configure the access server to use LPD for remote network printing:
Local> DEFINE PRINTER LPS32_PS CONNECTIONS ENABLED HEADER ENABLED
PORTS 4,5 TRAILER DISABLED AUTOCR DISABLED
In this example:
•
The name of the printer is LPS32_PS.
•
The printer is set to allow users to submit print jobs to it.
•
A header page prints at the start of each job.
•
The ports associated with the printer are 4 and 5.
•
No trailer page prints at the end of the job.
Displaying Printer Characteristics
Use the LIST/SHOW PRINTER command to display the printer characteristics. You can specify a printer name or display all of the configured printers.
Printer Display Example
The following shows a typical display when you enter the SHOW PRINTER ALL command:
Local> SHOW PRINTER ALL
Printer: LPS32_PS Header Page: Enabled
Connections: Enabled Trailer Page: Optional
Flag Page Type: Postscript Auto C/R: Disabled
Identification: The PostScript Printer
Flag Page Note:
Ports: 4,5
Printer: LPS32_ASCII Header Page: Enabled
Connections: Enabled Trailer Page: Optional
Flag Page Type: ASCII Auto C/R: Disabled
Identification The ASCII Text Printer
Flag Page Note:
Ports: 6
Local>SHOW PORT
Port 3: Server: LAT_08002BB767E3
Character Size: 8 Input Speed: 9600
Configuring LPD Printers 14-7
Configuring LPD
Flow Control: XON Output Speed: 9600
Parity: None Signal Control: Disabled
Stop Bits: Dynamic
Access: Remote Local Switch: None
Backwards Switch: None Name: PORT_3
Break: Local Session Limit: 4
Forwards Switch: None Type: Ansi
Default Protocol: LAT Default Menu: None
Dialer Script: None
Preferred Service: None
Authorized Groups: 0
(Current) Groups: 0
Enabled Characteristics:
Broadcast, Failover, Input Flow Control, Lock, Loss
Notification,
Message Codes, Output Flow Control, Verification
Local> SHOW PRINTER SPEEDY STATUS
Printer: SPEEDY
Identification: Fast Laser Printer
Print Jobs: 34 Total Bytes Sent:
459285
Printer Service Status:
Port User Status Bytes
4 Waiting for data file 3045
5 Waiting for LPD command 0
14-8 Configuring LPD Printers
Chapter 15
Configuring and Managing SLIP Ports
Overview
Introduction
This chapter explains how to configure and manage access server ports for use with
PCs and computers acting as serial line Internet protocol (SLIP) hosts. A SLIP host is an Internet host that uses SLIP as its data link over low-speed serial lines.
To use the procedures in this chapter, you must:
•
Ensure that the devices support SLIP.
•
Connect and test the devices.
•
Enable privileged status.
•
Configure the port and device characteristics to match.
This chapter provides information about configuring only the access server for SLIP communications. For information about configuring SLIP hosts, refer to the documentation provided with the host system.
In This Chapter
This chapter contains the following topics:
•
Packet Forwarding to and from SLIP Hosts
•
Displaying SLIP Characteristics
•
Managing Internet Addresses for SLIP Hosts
•
Managing the Maximum Transmission Unit
•
Configuring a Port So That a PC Can Function as a Terminal or SLIP Host
•
Configuring a Dedicated SLIP Port
•
Configuring a Dial-In Modem for Use with a SLIP Host
Configuring and Managing SLIP Ports 15-1
•
Establishing Terminal Sessions with a PC
•
Establishing a SLIP Session
•
Establishing a SLIP Session
•
Compressed SLIP
•
Displaying SLIP Counters
•
Disabling SLIP
15-2 Configuring and Managing SLIP Ports
Packet Forwarding to and from SLIP Hosts
Packet Forwarding to and from SLIP Hosts
Description
During SLIP sessions, the access server forwards packets from an attached SLIP host through the Ethernet interface to the Internet. When the access server receives a packet addressed to an attached SLIP host, it forwards the packet to that host. The access server also directly forwards packets from one attached SLIP host to another attached
SLIP host.
The access server acts like an ordinary IP router to an attached SLIP host. The access server appears like a multihomed IP host to the IP routers on the Internet. A multihomed host is an IP host with more than one IP address.
Network Configuration Containing SLIP Hosts
The following figure shows a sample network configuration that contains SLIP hosts:
Configuring and Managing SLIP Ports 15-3
Displaying SLIP Characteristics
Displaying SLIP Characteristics
Introduction
The LIST/SHOW/MONITOR SLIP CHARACTERISTICS command enables you to display the SLIP configuration for a given port. The characteristics that you manage are the host address, the Maximum Transmission Unit (MTU) and the compression.
If you change SLIP characteristics while a SLIP session is already established, the changes have no effect until you start a new SLIP session.
Command
Use the SHOW PORT n SLIP CHARACTERISTICS command to display SLIP characteristics.
Displaying SLIP Characteristics Example
The following example shows a typical SLIP characteristics display:
Local> SHOW PORT 5 SLIP CHARACTERISTICS
Port 5: Rick Server: Servername
Host Address: 17.20.19.7 MTU: 1006
Header Compression: Disabled Compression States: 16
15-4 Configuring and Managing SLIP Ports
Managing Internet Addresses for SLIP Hosts
Managing Internet Addresses for SLIP Hosts
Introduction
The Internet address for the SLIP host must be unique on the subnet and must have the same subnet identifier as the access server. A subnet identifier is the result of a logical
AND operation on the Internet address and the subnet mask.
For example, assume that you set:
1 The access server Internet address as follows:
Local> CHANGE INTERNET ADDRESS 83.62.18.101
2 The subnet mask as follows:
Local> CHANGE INTERNET SUBNET MASK 255.255.255.0
In this situation, the subnet identifier is 83.62.18.0.
In this example, the Internet address of the SLIP host must be 83.62.18.xx. The value
xx is any number between 1 and 254, except 101. The value 101 is the access server
Internet address.
How an Access Server Port Obtains the SLIP Host Internet Address
This section describes how an access server port obtains the SLIP host Internet address. The SLIP host port address must be contained in the access server subnet identifier. You can assign an address or you can allow the access server to automatically obtain the SLIP host address.
Assigning a Host Internet Address
To assign the Internet address to a port, use the SET/DEFINE/CHANGE PORT SLIP
HOST ADDRESS command as shown in the following example:
Local> CHANGE PORT SLIP HOST ADDRESS 195.1.1.101
After you assign the address, you can enter the SHOW PORT SLIP
CHARACTERISTICS command on the SLIP host to verify the change. You then need to assign the address to the attached host.
RADIUS Specified SLIP Host Address
If a user performs a RADIUS authentication, the SLIP host IP address may be specified in the user’s authorization data. A RADIUS specified address of 255.255.255.254 means the IP address of the port is used. An address of 255.255.255.255 means the PC client’s IP address is used (see below).
Configuring and Managing SLIP Ports 15-5
Managing Internet Addresses for SLIP Hosts
How a Port Automatically Obtains the SLIP Host Address
If you configure a port for SLIP communication and do not assign a host address, the access server does the following:
1 Reads the source address from the attached host’s first output IP packet.
2 Automatically assigns this address to the port if it is valid.
The access server clears this address when the SLIP host logs out from the port.
15-6 Configuring and Managing SLIP Ports
Managing the Maximum Transmission Unit
Managing the Maximum Transmission Unit
Introduction
The maximum transmission unit (MTU) value specifies the maximum size of the datagram that a given access server port accepts. The range is 64 to 1500 bytes. The default is 1500 bytes.
Changing the MTU
You can change the MTU value using the SET/DEFINE/CHAGE PORT n MTU command. If you use the SET or CHANGE command, the new value does not affect an existing SLIP connection.
MTU Change Example:
The following example makes the access server compatible with attached hosts that have fixed MTU values other than 1006 bytes:
Local> DEFINE PORT 4 SLIP MTU 500
Relationship of the TCP Maximum Segment Size and the MTU
An attached host announces the TCP maximum segment size (MSS) at connection time. The MSS specifies the largest fragment of a datagram that the attached host is willing to receive. The MSS is normally based on the MTU of the network connection as recommended by RFC 879.
The MSS should always be smaller than the MTU value. The TCP and IP headers account for the difference between the two values.
Fragmentation
When the TCP MSS announced by the SLIP host exceeds the MTU on the SLIP line,
IP fragmentation occurs. Therefore, an MSS value that greatly exceeds the MTU causes excessive fragmentation and downgrades performance.
Setting the MTU adjusts the point at which IP fragmentation occurs when sending datagrams. Setting the MTU also adjusts the maximum receive unit (MRU) packet size. Since the access server considers packets larger than the MTU as framing errors, it discards these packets.
Configuring and Managing SLIP Ports 15-7
Configuring a Port So That a PC Can Function as a Terminal or SLIP Host
Configuring a Port So That a PC Can Function as a
Terminal or SLIP Host
Introduction
This section describes how to configure an access server port so that you can use an attached PC as a both a terminal and a SLIP host. With this configuration, port users can switch between terminal emulation and SLIP mode.
To configure the port so that the PC acts only like a SLIP host, refer to the Configuring a Dedicated SLIP Port section in this chapter.
Before you configure a port for SLIP communications as shown in the following example, you must configure the device and port characteristics as described in
Chapter 9.
Example: Configuring a PC As a Terminal and SLIP Host
The following example shows a sample port configuration that enables a PC to act as both a terminal and a SLIP host:
Local> DEFINE PORT 2 ACCESS LOCAL AUTOBAUD ENABLED
Local> DEFINE PORT 2 BREAK LOCAL DEDICATED NONE
Local> DEFINE PORT 2 DEFAULT PROTOCOL SLIP DSRLOGOUT ENABLED
Local> DEFINE PORT 2 FLOW CONTROL CTS INACTIVITY LOGOUT ENABLED
Local> DEFINE PORT 2 INTERRUPTS DISABLED PASSWORD DISABLED
Local> DEFINE PORT 2 SIGNAL CHECK DISABLED SIGNAL CONTROL DIS-
ABLED
Local> DEFINE PORT 2 SLIP ENABLED
Local> DEFINE PORT 2 SLIP HOST 195.1.1.1
Local> DEFINE PORT 2 SLIP MTU 800 Local> LOGOUT PORT 2
15-8 Configuring and Managing SLIP Ports
Configuring a Dedicated SLIP Port
Configuring a Dedicated SLIP Port
Introduction
The dedicated SLIP port allows a single SLIP session.
Before you perform this procedure, you must configure the device and port characteristics as described in Chapter 9.
Configuring a Device As a Dedicated SLIP Host
The following example shows a sample configuration of a dedicated SLIP port:
Local> DEFINE PORT 4 ACCESS LOCAL AUTOBAUD DISABLED AUTOCONNECT
ENABLED
Local> DEFINE PORT 4 BREAK DISABLED DEDICATED SLIP
Local> DEFINE PORT 4 DEFAULT PROTOCOL SLIP
Local> DEFINE PORT 4 DSRLOGOUT DISABLED DTRWAIT DISABLED
Local> DEFINE PORT 4 FLOW CONTROL CTS INACTIVITY LOGOUT DISABLED
Local> DEFINE PORT 4 INTERRUPTS DISABLED PASSWORD DISABLED
PREFERRED NONE
Local> DEFINE PORT 4 SIGNAL CHECK DISABLED SIGNAL CONTROL ENABLED
Local> DEFINE PORT 4 SLIP ENABLED
Local> DEFINE PORT 4 SLIP HOST 195.1.2.1
Local> DEFINE PORT 4 SLIP MTU 800
Local> LOGOUT PORT 4
Configuring and Managing SLIP Ports 15-9
Configuring a Dial-In Modem for Use with a SLIP Host
Configuring a Dial-In Modem for Use with a SLIP Host
Introduction
Before you perform this procedure, you must configure the device and port characteristics as described in Chapter 9.
Configuring a Dial-In Modem on Port 6 for Use with a SLIP Host
The following example shows a sample configuration of a port using a dial-in modem for use with a SLIP host on a full modem control access server:
Local> DEFINE PORT 6 ACCESS LOCAL ALTERNATE SPEED NONE AUTOBAUD
ENABLED
Local> DEFINE PORT 6 DEFAULT PROTOCOL SLIP
Local> DEFINE PORT 6 DSRLOGOUT DISABLED DTRWAIT DISABLED
Local> DEFINE PORT 6 FLOW CONTROL CTS INACTIVITY LOGOUT DISABLED
Local> DEFINE PORT 6 INTERRUPTS DISABLED PASSWORD ENABLED
Local> DEFINE PORT 6 SIGNAL CHECK DISABLED SIGNAL CONTROL ENABLED
Local> DEFINE PORT 6 SLIP ENABLED SPEED 57600 SLIP HOST 195.1.3.1
Local> DEFINE PORT 6 SLIP HOST 195.1.3.1
Local> DEFINE PORT 6 SLIP MTU 800
Local> LOGOUT PORT 6
Local> DEFINE PORT 6 SPEED 51600
15-10 Configuring and Managing SLIP Ports
Establishing Terminal Sessions with a PC
Establishing Terminal Sessions with a PC
Prerequisites
Before you can use a PC to establish a terminal session with the access server, you must:
1 Configure the device and port characteristics as described in Chapter 9.
2 Enter the commands to set up SLIP operating characteristics as shown in the
Example: Configuring a PC As a Terminal and SLIP Host, in this chapter.
3 If you want to authenticate a user, make sure that a terminal emulation program is installed and running on the PC. The terminal emulation program needs to be invoked after a connection is established so that the user can respond to prompts for authentication.
Refer to Managing Dial-Up Access Security with AUTOLINK and AUTOLINK
Authentication in Chapter 22 for more information if you have enabled
AUTOLINK authentication.
Once the terminal emulation program is running and the user is authenticated, the PC can access hosts on the TCP/IP and LAT networks through the access server by using the CONNECT command.
Configuring and Managing SLIP Ports 15-11
Establishing a SLIP Session
Establishing a SLIP Session
Enabling a SLIP Session from the PC
The following example shows how a nonprivileged user could configure and start a
SLIP session. The example assumes that the port characteristics are configured as shown this example. The CHANGE PORT SLIP MTU command is optional.
Local> CHANGE PORT SLIP HOST 195.1.1.1 SLIP MTU 800
Local> CHANGE PORT SLIP MTU 800
Local> CONNECT SLIP
Local-561-Starting SLIP or PPP datalink session
If you previously configured the port with an Internet address and an MTU, then you only need to use the CONNECT SLIP command.
After Making a Connection
Once you enter the CONNECT SLIP command, the access server expects IP packets from the PC formatted as SLIP frames. Use the appropriate command to exit from terminal emulation mode on your PC and start the desired IP application program.
To transfer files, use any file transfer program that supports SLIP. You do not need to configure data transparency on the access server.
15-12 Configuring and Managing SLIP Ports
Compressed SLIP
Compressed SLIP
Introduction
The access server has the ability to enable compressed SLIP (CSLIP). Enabling CSLIP compresses the lengthy headers of IP datagrams on low-speed asynchronous serial lines. Therefore, enabling CSLIP can improve performance.
Enabling CSLIP
Use the SET/CHANGE PORT n SLIP COMPRESSION command to enable or disable
CSLIP. By default, compression is disabled. When you enable CSLIP, make sure that it is enabled at both ends of the communications link. If only one end of the link is running CSLIP, performance degrades.
Example: Enabling CSLIP
The following example shows how to enable CSLIP on port 5:
Local> CHANGE PORT 5 SLIP COMPRESSION ENABLED
Disabling CSLIP
The following example shows how to disable CSLIP on a port:
Local> CHANGE PORT 5 SLIP COMPRESSION DISABLED
Automatic CSLIP
You can enable a port to start CSLIP automatically if the port receives compressed data over an already existing SLIP session. The following example shows how to enable automatic CSLIP on a given port:
Local> CHANGE PORT 5 SLIP COMPRESSION AUTOCOMPRESS
Compression States
You can specify the number of connections that can be compressed over the data link at one time. The following example shows how to change the number of compression states on a port:
Local> CHANGE PORT COMPRESSION STATES 10
The default number of compression states is 16.
Configuring and Managing SLIP Ports 15-13
Displaying SLIP Counters
Displaying SLIP Counters
Commands
The SHOW/MONITOR PORT SLIP COUNTERS command displays the various
SLIP counters. To reset the counters, use the ZERO COUNTERS PORT SLIP command.
SHOW PORT SLIP COUNTERS Display
The following example shows a typical SLIP counters display:
Local> SHOW PORT 5 SLIP COUNTERS
Port 1: Rick Server: Servername
Connect Time: 0 00:00:00
Bytes Received: 0 Bytes Sent: 0
Packets Received: 0 Packets Sent: 0
Receive Packets Lost: 0 Send Packets Lost: 0
Send Packets Queued: 0
SLIP COUNTERS Display Fields
The following table describes the information in the SLIP Counters display:
Field
Connect Time
Bytes Received
Bytes Sent
Packets Received
Packets Sent
Receive Packets Lost
Send Packets Lost
Send Packets Queued
Description
Length of duration of the SLIP session. This is 0 if there is no SLIP session.
Number of bytes received by the access server from the
SLIP host on the port.
Number of bytes sent by the access server to the SLIP host on the port.
Number of IP packets received by the access server from the SLIP host on the port.
Number of IP packets sent by the access server to the
SLIP host on the port.
Number of receive IP packets lost due to framing errors.
Number of send IP packets lost due to lack of buffers.
Number of IP packets in a queue to be sent to the SLIP host on the port.
15-14 Configuring and Managing SLIP Ports
Disabling SLIP
Disabling SLIP
Command
Use the CHANGE PORT n SLIP DISABLED command to disable SLIP on a port.
Disable SLIP Example
The following example shows how to disable SLIP on port 2:
Local> CHANGE PORT 2 SLIP DISABLED
Configuring and Managing SLIP Ports 15-15
Chapter 16
Configuring for SNMP Access
Overview
Introduction
This chapter describes how to configure the access server simple network management protocol (SNMP) agent so that it can be controlled by a remote Network Management
Station (NMS).
Reference
For complete information about managing SNMP on the access server, refer to the file
snmp_survival.txt contained in the software installation kit. This file fully describes every SNMP-accessible variable and table in the access server. For example, the file describes:
•
What values variables can take
•
When and how variables and tables change
•
How the user interface can access variables and tables
In This Chapter
This chapter contains the following topics:
•
Supported SNMP Features
•
Configuring the Access Server for SNMP Access
•
Configuring the NMS
Configuring for SNMP Access 16-1
Supported SNMP Features
Supported SNMP Features
Supported Specifications
The access server supports the SNMP specifications listed in the following table:
Specification
RFC 1155
RFC 1157
Title
Structure for Management Information for TCP/IP-Based
Protocols
A Simple Network Management Protocol (SNMP)
SNMP Community Names
An SNMP community name is a character string that the NMS uses as a password to gain access to the access server. A community name contains a maximum of 32 characters.
Due to memory constraints, the access server can have only a limited number of community names.
Community Name Reference
For more information about using community names, refer to the Configuring the
Access Server for SNMP Access section in this chapter.
Supported SNMP Operations
The access server supports the SNMP operations listed in the following table:
Operation
GET
GETNEXT
SET
TRAP
Description
Fetches the value of a variable.
Fetches a value without knowing the variable’s exact name.
Enables you to modify access server parameters and create and delete table entries.
Indicates the occurrence of an event.
Default for All
Community Names
Enabled
Enabled
Disabled
Disabled
16-2 Configuring for SNMP Access
Supported SNMP Features
Supported MIBs
The access server supports the Management Information Bases (MIBs) listed in the following table. The release kit contains all supported MIBs. The network manager can enroll these MIBs in the appropriate NMS.
MIB
RFC 1213
RFC 1243
RFC 1284
RFC 1158
RFC 1316
RFC 1317
Description
Management Information Base (MIB II) for Internet protocol suite management. This makes RFC 1158 obsolete.
Definitions of Managed Objects for the AppleTalk MIB.
Definitions of Managed Objects for the Ethernet-like interface types.
Obsolete MIB II. Supported for backwards compatibility.
Definitions of Managed Objects for Character Stream Devices, the
Character MIB. The obsolete draft version dated March 19, 1991, is also supported for backwards compatibility.
Definitions of Managed Objects for RS232-like Hardware
Devices, the RS232-like MIB. The draft version dated March 19,
1991, is also supported for backwards compatibility.
Supported MIB Variables
The standard Internet MIB contains approximately 200 variables. The meanings of many of these objects are device-specific.
4 For more information about MIB variables, refer to the file snmp_survival.txt contained in the software installation kit. This file provides explanations of the various SNMP (MIB) objects implemented on the access server.
Configuring for SNMP Access 16-3
Supported SNMP Features
Supported Management Information Base Variables
The following figure illustrates the access server implementation of MIB-II, the
Character MIB, RS-232-like MIB, AppleTalk MIB, and Ethernet-like MIB variables.
The objects described in this section are implemented as defined in RFCs 1213, 1243,
1284, 1316, and 1317.
16-4 Configuring for SNMP Access
Configuring the Access Server for SNMP Access
Configuring the Access Server for SNMP Access
Enabling and Disabling SNMP
The access server must have an Internet address to enable SNMP. To enable SNMP, enter:
Local> CHANGE SNMP ENABLED
To disable SNMP, enter:
Local> CHANGE SNMP DISABLED
Displaying Information About SNMP
Use the SHOW SNMP command to display the access server’s SNMP characteristics.
Example: Displaying SNMP Information
The following example shows how to display SNMP information on the access server:
Local> SHOW SNMP
SNMP State: ENABLED AUTHENTICATION FAILURES: ENABLED
Community Name Address GET GETNEXT SET TRAP
PUBLIC ANY ENA ENA DIS DIS
SNUGS ANY ENA ENA ENA DIS
BUGS 195.1.1.1 ENA ENA ENA DIS
SERVER 195.1.1.2 ENA ENA ENA ENA
Default Community Name PUBLIC
The CHANGE SNMP ENABLED command automatically configures the access server with the default community name PUBLIC. This community name follows the default behavior for the SNMP operations listed in the Supported SNMP Operations section in this chapter.
Configuring for SNMP Access 16-5
Configuring the Access Server for SNMP Access
Configuring a Community Name for Access by Any NMS
Use the CHANGE SNMP COMMUNITY community-name SET ENABLED command to create a community name.
When you create a community name without specifying an address the access server assigns the default address ANY. The address ANY enables any NMS that knows this community name to GET or SET information about the access server.
Example: Configuring Community Names for Access by Any NMS
The following example shows how to create the community name SNUGS without specifying an address:
Local> CHANGE SNMP COMMUNITY "SNUGS" SET ENABLED
Local> CHANGE SNMP ENABLED
Configuring a Community Name with an Address
You can configure a community name so that only an NMS with a given address can access the access server with SNMP commands. Use the CHANGE SNMP
COMMUNITY community-name ADDRESS command to configure the community name in this way.
Example: Configuring Community Names for Access from a Specific NMS
The following example shows how to create community name BUGS. Only the NMS with the address 195.1.1.1 can GET or SET information about the server:
Local> CHANGE SNMP COMMUNITY "BUGS" ADDRESS 195.1.1.1
Local> CHANGE SNMP COMMUNITY "BUGS" SET ENABLED
Local> CHANGE SNMP ENABLED
One IP Address for a Community Name
Each community name can have only one IP address assigned. The access server rejects the addresses 0.0.0.0 and 255.255.255.255. By default, GET and GETNEXT are enabled when you create a community name.
16-6 Configuring for SNMP Access
Configuring the Access Server for SNMP Access
Configuring Community Names to Send TRAP Messages
You can optionally configure the access server to send TRAP messages to a specific
NMS for each community name. The access server generates TRAP messages in response to the events listed in the following table:
This Event:
Cold start
Line up
Line down
Authentication
Occurs When:
The access server was reinitialized.
A network data link session was established on port n.
A network data link session was disconnected on port n.
Unauthorized SNMP access was attempted.
Example: Configuring SNMP TRAP Messages
The following example shows how to create the community name server. In this example, only NMS 195.1.1.2 can access community name SERVER. The access server sends TRAP messages to this NMS.
Local> CHANGE SNMP COMMUNITY "SERVER" ADDRESS 195.1.1.2
Local> CHANGE SNMP COMMUNITY "SERVER" SET ENABLED
Local> CHANGE SNMP COMMUNITY "SERVER" TRAP ENABLED
Local> CHANGE SNMP AUTHENTICATION ENABLED
Local> CHANGE SNMP ENABLED
Note
TRAPS cannot be enabled for communities with the IP address ANY.
Configuring for SNMP Access 16-7
Configuring the Access Server for SNMP Access
Sample SNMP Configuration
The following figure is a diagram of a network configuration that results from the commands in the Configuring a Community Name for Access by Any NMS,
Configuring a Community Name with an Address, and Configuring Community
Names to Send TRAP Messages sections:
Disabling TRAP Messages for a Community Name
To disable TRAP messages, use the CLEAR SNMP COMMUNITY community-name
TRAP DISABLED command. The following is an example of disabling TRAP messages for the SERVER community:
Local> CLEAR SNMP COMMUNITY "SERVER" TRAP DISABLED
Removing Community Names
The access server allocates 80 bytes of NVRAM to store information about community names. If you attempt to define or modify a community name and there is insufficient memory, you see a message in this format:
Local -654- Insufficient space: total unused community characters left is n
In this situation, use the CLEAR or PURGE SNMP COMMUNITY command to remove one or more unused community names. You can also remove the default community name PUBLIC.
16-8 Configuring for SNMP Access
Configuring the Access Server for SNMP Access
After you remove a community name, any NMS that used the community name is no longer able to communicate with the access server.
The following example shows how to remove community name BUGS:
Local> CLEAR SNMP COMMUNITY "BUGS"
Removing an Address from a Community Name
You can remove an NMS address from a community name by using the ANY keyword in the CHANGE SNMP COMMUNITY community-name ADDRESS command. This keyword allows any NMS that knows the community name to access the access server.
The access server, however, rejects an ADDRESS ANY command if TRAP access is enabled.
Example: Removing the Community Name Internet Address
The following example shows how to remove the Internet address from community name SERVER:
Local> CHANGE SNMP COMMUNITY "SERVER" ADDRESS ANY
Configuring for SNMP Access 16-9
Configuring the NMS
Configuring the NMS
Procedure
To configure an NMS to manage an access server using SNMP, do the following:
Step
1
2
3
Action
Enter the access server management information bases (MIBs) in the
NMS database (see Supported MIB Variables in this chapter). The software installation kit includes ASCII text files of these MIBs.
Enter the access server IP address, each appropriate community name, and desired access rights in the NMS database.
If the community name is associated with an IP address, the address must be the Internet address of this NMS. The network manager must also associate the IP address of the access server with each such name.
The exact procedure depends on the host-type of the NMS.
Configure the gateways to restrict unauthorized SNMP access by users from outside your network.
16-10 Configuring for SNMP Access
Chapter 17
Managing the Access Server
Overview
Introduction
The following lists the actions you perform to manage the access server. These actions should be done on an as-needed basis.
•
Manage the access server as part of the LAT network.
•
Manage the access server as part of the TCP/IP network.
•
Manage access server characteristics.
•
Check port status and counters.
•
Reassign a port device (in case of port failure).
In This Chapter
This chapter contains the following topics:
•
Managing Your Access Server As Part of the LAT Network
•
Displaying Information About the Access Server
•
Checking Port Status and Counters
Managing the Access Server 17-1
Managing Your Access Server As Part of the LAT Network
Managing Your Access Server As Part of the LAT Network
Introduction
The network manager should coordinate the activities of service nodes and access servers. This section describes a set of configuration guidelines that helps maximize performance from your LAT network. All the guidelines presented are optional; however, failure to follow these guidelines might result in unnecessary performance degradation.
Distributing Devices on Access Servers
With the LAT protocol, the network bandwidth use is optimized when a high number of terminals (or other devices) are placed on every access server. If only one or two terminals are in use on each access server, the LAT protocol accounts for a higher proportion of the total Ethernet usage.
Controlling the Number of Known Service Nodes
Minimize the number of service nodes that are accessed from any one access server by keeping a single access server from accessing many different service nodes for its users. Having every access server user connecting to a different service node uses more of the data link bandwidth than many access server users connecting to few service nodes. To reduce the number of service nodes accessed from a particular access server, assign users to the access server based on their need for common services and then assign the appropriate authorized groups for the access server ports.
Checking LAT Service Accessibility
The node limit characteristic specifies the number of service nodes that can be simultaneously stored in the database for the access server. When the node limit is reached, messages from additional nodes are discarded. The node limit must be in the range of 1 to 2000. If you specify a node limit of NONE, there is no limit to the number of nodes stored. In this case, the node limit is subject to memory constraints. The default is 200 nodes.
If a user on the access server is experiencing response time problems with accessing
LAT services, you can adjust the node limit characteristic. There is a faster connection when a user connects to a host that is defined in the access server database, as opposed to a host not in the database.
A higher node limit uses more of the access server memory. A lower node limit uses less memory. However, a lower node limit can potentially increase the time to make a connection to nodes that are not in the service database. You need to decide the optimal number for your needs.
17-2 Managing the Access Server
Managing Your Access Server As Part of the LAT Network
The following example shows how to decrease the node limit to 100:
Local> CHANGE SERVER NODE LIMIT 100
Reducing Memory Usage
Set the node limit characteristic to a lower value. The access server automatically reduces the number of nodes in the database. This reduces the amount of memory used by the node database.
Viewing LAT Node Status Information
The SHOW/MONITOR NODE STATUS command displays information about the status of the selected nodes. This includes a list of the services offered by the nodes and information on each service. This display can help you track the availability and use of services.
Example: SHOW NODE STATUS Display
The following example shows how to generate a status display for the service node called PEACH:
Local> SHOW NODE PEACH STATUS
Node: PEACH Address: 08-00-2B-00-2B-02
LAT Protocol: V5.2 Data Link Frame Size: 1500
Identification: Software Engineering Development
Node Groups: 20-50, 100-200
Service Name Status Rating Identification
DEVELOP 2Connected 255 Hardware Development System
TEST Available 150 High-powered Performance Testing
TIMESHARING Available 27 Accts.Payable Development System
Local>
Managing the Access Server 17-3
Managing Your Access Server As Part of the LAT Network
SHOW/LIST/MONITOR NODE STATUS Display Fields
The following table describes the information in the fields and headings of the node status display:
Field
Node
LAT Protocol Vx.x
Address
Data Link Frame Size
Identification
Node Groups
Service Name column
Status column
Identification column
Description
Name of the service node.
LAT protocol version number and update level of the service node software. LAT Version 5.2 protocol permits queued connection requests for printers connected to network access servers. LAT Version
5.2 protocol does not permit queued connection requests.
Ethernet address of the service node.
Maximum Ethernet data link frame size used by the service node to receive messages.
Node identification string.
Group codes enabled for this service node. For a port to access the service node, at least one of these groups must.
Name of each service offered on this node. The same service might be offered on other service nodes. Use the SHOW SERVICE STATUS command to find the names of all the nodes offering a particular service.
• Available — Service is available to access server users.
• n Connected — Service is available and n currently active sessions were requested with this service name. If the local access server is the service node specified in the display, sessions between two access server ports count as two sessions (one on the local port and one on the remote port).
• Unavailable — All service nodes offering the service are unreachable.
• Unknown.
Service identification string.
17-4 Managing the Access Server
Managing Your Access Server As Part of the LAT Network
Field
Rating column
Description
Value assigned to the service by the service node, indicating relative capacity to accept new connections or new queue connections. This value is the current load-balancing rating associated with the service. The rating varies from 0 to 255. With the higher value, the capacity of the service node to accept a new connection is greater.
Viewing LAT Node Counters Information
The SHOW/MONITOR NODE COUNTERS command displays the counters for messages transmitted between the access server and the selected LAT service nodes.
The counters apply only to the specified LAT service nodes. Some of these counters are also maintained for all the service nodes that the access server recognizes. When you enter a specific node name for the SHOW/MONITOR NODE node-name
COUNTERS command, the counter values for only that service node appear in the display. To see the combined counters for all service nodes, use the SHOW SERVER
COUNTER command.
Counters can help you estimate access server traffic on the network for specific time periods. For example, for information about daily access server usage, set the counters to zero at the start of each day.
You can also use counters data to calculate the average use of the Ethernet and the service nodes. By combining this data from the access server with the counters data from other access servers, you can calculate the network’s capacity to handle more traffic.
Managing the Access Server 17-5
Managing Your Access Server As Part of the LAT Network
Example: SHOW/LIST/MONITOR NODE COUNTERS Display
The following example shows how to generate a display of the counters for LAT messages between the access server and a service node named PEACH. Each counter displayed has a maximum value of 4,294,967,295. If a counter reaches that value, it remains at that value until either the counters are set to zero or the access server is initialized. Typically, the maximum values are not reached for several months.
Local> SHOW NODE PEACH COUNTERS
Node: PEACH
Seconds Since Zeroed: 961608 Multiple Node Addresses: 0
Messages Received: 687568 Duplicates Received: 21
Messages Transmitted: 558793 Messages Re-transmitted: 35
Slots Received: 509763 Illegal Messages Received: 0
Slots Transmitted: 532932 Illegal Slots Received: 0
Bytes Received: 13876620 Solicitations Accepted: 0
Bytes Transmitted: 475427 Solicitations Rejected: 0
TSHOW/LIST/MONITOR NODE COUNTERS Display Fields
The following table describes the information displayed in the previous example:
Field
Node
Seconds Since Zeroed
Messages Received
Messages Transmitted
Slots Received
Slots Transmitted
Bytes Received
Bytes Transmitted
Description
Name of the node.
Number of seconds since the counters were last set to zero (maximum time exceeds 134 years).
Number of LAT virtual circuit messages that the access server received from this node.
Number of LAT virtual circuit messages that the access server transmitted to this node.
Number of slots that the access server received from this node (slot represents a message segment for a particular session).
Number of slots that the access server transmitted to this node.
Number of data bytes that the access server received from this node.
Number of data bytes that the access server transmitted to this node.
17-6 Managing the Access Server
Managing Your Access Server As Part of the LAT Network
Field
Multiple Node Addresses
Duplicates Received
Messages Retransmitted
Illegal Messages Received
Illegal Slots Received
Solicitations Accepted
Description
Number of times that a node advertised itself with a physical address different from that in a previous advertisement.
Number of messages the access server received from this node that were not in the correct sequence. This value should be less then 1/1000 of the value for Messages Received. This count usually indicates that the service node is retransmitting a message. If this value is higher than the guideline, the access server might not be handling the message traffic from the service node, causing the service node to retransmit messages.
Number of messages the access server retransmitted to this node. This value should be less than 1/1000 of the value for Messages
Transmitted. If this value is higher than the guideline, the service node might not be handling the access server message load.
Number of illegally formatted messages the access server received from this node. This value should be zero. A count of nonzero indicates a possible software problem in either the access server or the service node.
Number of illegally formatted slots the access server received from this node. This value should be zero. A count of nonzero indicates a possible software problem in either the access server or the service node.
Number of queued connection requests that the access server has accepted, including queued requests and request that were immediately satisfied. The sum of the number of solicitations accepted and the number of solicitations rejected equals the number of queued connection requests that were received by the access server.
Managing the Access Server 17-7
Managing Your Access Server As Part of the LAT Network
Field
Solicitations Rejected
Description
Number of queued connection requests that the access server has rejected. The sum of the number of solicitations accepted and the number of solicitations rejected equals the number of queued connection requests that were received by the access server. A rejected request might indicate a configuration problem at the access server or service node; for example, the port names do not match or a port has the incorrect access type.
Viewing LAT Node Summary Information
The SHOW NODE SUMMARY command produces a line of information for each selected service node. This display is useful to determine if a service node is reachable.
The node summary is the default display class for the NODE and NODE ALL entity specifications.
Every service node name and access server name should be unique so as to allow other service nodes and users to distinguish among access servers. A unique access server name is necessary for an access server that is used for queued connection requests or for an access server to act as a service node.
The access server knows a service node by the node’s Ethernet address and node name.
If you use the SET/DEFINE/CHANGE SERVER NAME command and you specify an access server name that is already being used by another node, other LAT nodes may replace your access server name with a default LAT name to make your access server name unique. The default is in the following format:
LAT nnnnnnnnnnnn
The value nnnnnnnnnnnn is the unhyphenated, 12-digit Ethernet address of the second service node, which is used on the node summary displays.
Ports with LIMITED VIEW
Ports with LIMITED VIEW enabled cannot perform SHOW NODES.
17-8 Managing the Access Server
Managing Your Access Server As Part of the LAT Network
Example: NODE SUMMARY Display
The following example shows how to generate a node summary display:
Local> SHOW NODE ALL SUMMARY
Node Name Status Identification
BANANA 2 Connected Documentation System
ORANGE Reachable Terminals Development System
PEACH Unreachable Software Engineering Development
PEAR Requesting Printer Service
TEST Unknown High-powered Performance Testing
Local>
NODE SUMMARY Display Fields
The following table describes the information in the NODE SUMMARY display:
Heading
Node Name
Status
Identification
Description
The name of the service node as defined in the access server node database.
Reachability status of the service node shown as one of the following:
• n Connected — Node is reachable and n sessions are active with services offered by the service node.
• Reachable — No sessions are active, but the service node is accessible.
• Requesting — Node that does not presently offer services has made remote connection requests to the access server (for printer access or for local services offered).
• Unreachable — Active service session has timed out. The node can also signal that it is unreachable.
• Unknown — No sessions are active, and the node has not been heard from recently.
Brief description about the service node as entered by the system manager.
Managing the Access Server 17-9
Displaying Information About the Access Server
Displaying Information About the Access Server
Introduction
The LIST/MONITOR/SHOW SERVER command displays information about the access server or about data maintained by the access server. You can obtain characteristics, counter, status, and summary displays for the access server.
Specifying the Prompt
The factory-set default access server prompt is Local>. You can change this prompt to any ASCII character, with a restriction of 1 to 16 characters. The following shows how to change this prompt to Engineering>. You should include a space at the end of the prompt, to leave space between the prompt and user commands.
Local> CHANGE SERVER PROMPT "Engineering> "
To go back to the default Local> prompt, enter the following command:
Local> CHANGE SERVER PROMPT ""
This command specifies the access server prompt displayed to all port users when in local mode, with the exception of the RCF management port.
Displaying Access Server Counters
The LIST/MONITOR/SHOW SERVER COUNTERS command displays the values for the global counters maintained by the access server. The counters display is useful for detecting network problems.
The first line displays the access server software version number and base level, LAT software version number, ROM version number, and the time that the access server has been running since the last downline load, expressed as days hours:minutes:seconds.
The COUNTERS data appear in two blocks:
•
Ethernet data link counters — The upper block is for datagrams sent between the access server and all nodes on the Ethernet network. Some of the fields displayed are bit masks, the values of which tell the reasons for certain events.
•
LAT protocol counters — The lower block is for messages transmitted between the access server and all LAT service nodes. The access server maintains some of these counters for each service node with which it communicates. Refer to the node counters display descriptions in Viewing LAT Node Counters Information in this chapter.
17-10 Managing the Access Server
Displaying Information About the Access Server
Each counter has a maximum value of 4,294,967,295. If a counter reaches that value, it latches (remains) at that value until either the counters are set to zero or the access server is initialized.
Example: SHOW SERVER COUNTERS Display
The following example shows how to generate an access server counters display:
Local> SHOW SERVER COUNTERS
Network Access SW Vx.x for DSxxx-xx BLxx-xx ROMx.x-x Uptime: 0 17:02:20
Seconds Since Zeroed: 1183161 Frames Sent: 1Collision: 8377
Bytes Received: 811416880 Frames Sent,2+Collisions: 16344
Bytes Sent: 141519043 Send Failures: 1
Frames Received: 8087172 Send Failure Reasons: 00000010
Frames Sent: 1572199 Receive Failures: 47
Multicast Bytes Rcv'd: 1111005 Receive Failure Reasons: 000011
Multicast Bytes Sent: 215694 Unrecognized Destination: 193760
Multicast Frames Rcv'd: 66700 Data Overrun: 0
Multicast Frames Sent: 2179 User Buffer Unavailable: 0
Frames Sent, Deferred: 96516 System Buffer Unavailable: 0
Messages Received: 1886375 Duplicates Received: 106
Messages Transmitted: 1569667 Messages Re-transmitted: 485
Solicitations Accepted: 0 Illegal Messages Rcv'd: 6
Solicitations Rejected: 0 Illegal Slots Rcv'd: 0
Multiple Node Addresses: 23591 Illegal Multicasts Rcv'd: 1
Local>
SHOW/LIST/MONITOR SERVER COUNTERS Display Fields
The following table defines the fields in the SHOW/LIST/MONITOR SERVER
COUNTERS display:
Field
Ethernet Data Link
Counters:
Seconds Since Zeroed
Description
Bytes Received
Bytes Sent
Number of seconds since the counters were last set to zero.
Number of bytes contained in datagrams successfully received by the access server, excluding Ethernet header and CRC data.
Number of bytes contained in datagrams successfully transmitted by the access server, excluding Ethernet header and CRC data.
Managing the Access Server 17-11
Displaying Information About the Access Server
Field
Frames Received
Frames Sent
Multicast Bytes Rcv’d
Multicast Bytes Sent
Multicast Frames Rcv’d
Multicast Frames Sent
Frames Sent, Deferred
Frames Sent, 1 Collision
Frames Sent,2+ Collisions
Send Failures
Description
Number of datagram frames successfully received by the access server, including multicast frames.
Number of datagram frames successfully transmitted by the access server, including multicast frames.
Number of bytes received by the access server in multicast frames, excluding Ethernet header and CRC data.
Number of bytes transmitted by the access server in multicast frames, excluding Ethernet header and CRC data.
Number of multicast frames received by the access server.
Number of multicast frames sent by the access server.
Number of times the access server deferred a frame transmission because the data link was in use. This value should be less than 20% of the value for Frames Sent.
Number of times the access server successfully transmitted a frame on the second attempt after a collision during the first attempt. This value should be less than 5% of the value for Frames
Sent.
Number of times the access server successfully sent a frame after collisions during the first two or more attempts. This value should be less than 5% of the value for Frames Sent.
Number of times the Ethernet interface aborted a transmission request. If this count is nonzero, refer to the Send Failure Reasons field for more information. This counter should be 0 or a low value such as 1 or 2 daily.
17-12 Managing the Access Server
Field
Send Failure Reasons
Displaying Information About the Access Server
Description
Mask providing information about the type or types of send failure encountered if the Send
Failures counter is not zero. This is a cumulative mask.The following are the bits defined in the mask:
Receive Failures
1
4
5
Bit
0
8
9
If a reason for send failures is heartbeat errors and the access server characteristic
HEARTBEAT is enabled for a transceiver that supports heartbeat, you can usually expect up to about 200 such errors daily. This number does not indicate a network problem.
If a reason for send failures is heartbeat errors and the transceiver being used does not support heartbeat, check to see whether you have heartbeat enabled. The send failures count will reflect the heartbeat errors generated from the transceiver not responding to checks of its heartbeat circuitry. Disable the access server characteristic HEARTBEAT to eliminate the spurious generation of heartbeat errors.
Number of packets that were received with an error condition. For more information, refer to the Receive Failure Reasons field. This counter should be 0 or a low value such as 1 or 2 daily.
Managing the Access Server 17-13
Displaying Information About the Access Server
Field
Receive Failure Reasons
Unrecognized Destination
Data Overrun
User Buffer Unavailable
1
2
Bit
0
Description
Mask providing information about the type or types of receive failure encountered if the
Receive Failures counter is not zero. This is a cumulative mask. The following are the bits defined in the mask:
Number of times a frame was passed through the hardware, but the access server did not recognize the multicast address and discarded the message. This value reflects multicast traffic or other traffic addressed to the access server from protocols not supported by the access server. The count will be high if the access server does not have an IP address and is connected to a network with ARP traffic. If this count is extremely high (greater than 10 for each second of uptime), the access server performance could be adversely effected.
Number of times the access server hardware lost an incoming frame, because it was unable to keep up with the data rate. This value should be 0.
Number of times the access server did not have a user buffer available to store an incoming frame that passed through the system buffer.
This counter should accumulate at a rate of less than two counts per day. Note that the value of this counter could be high if there are a large number of LAT service multicast announcements on the network. Also, it is normal to experience some errors when nodes are added to the Ethernet.
17-14 Managing the Access Server
Displaying Information About the Access Server
Field
System Buffer
Unavailable
Description
Number of times a system buffer was not available in the access server for an incoming frame. This counter should accumulate at a rate of less than two counts per day. It is normal to experience some errors when nodes are added to the Ethernet.
LAT protocol Counters:
Messages Received
Messages Transmitted
Solicitations Accepted
Solicitations Rejected
Multiple Node Addresses
Duplicates Received
Messages Retransmitted
Number of LAT circuit messages successfully received by the access server.
Number of LAT circuit messages successfully transmitted by the access server.
Number of queued connection requests that the terminal server has accepted. This number includes requests that are queued and requests that were immediately satisfied without queuing. The sum of the number of solicitations accepted and the number of solicitations rejected equals the number of queued connection requests that the access server received.
Number of queued connection requests that the access server could not process and therefore rejected. The sum of the number of solicitations accepted and the number of solicitations rejected equals the number of queued connection requests that the access server received.
Number of times a service node became available with different Ethernet addresses.
Number of LAT messages that the access server received more than once. This value should be less than 1/1000 of the value for
Messages Received.
Number of LAT messages that the access server retransmitted, because they were not acknowledged by the service nodes. This value should be less than 1/1000 of the value for
Messages Transmitted.
Managing the Access Server 17-15
Displaying Information About the Access Server
Field
Illegal Messages Rcv’d
Illegal Slots Rcv’d
Illegal Multicasts Rcv’d
Description
Number of LAT messages with an illegal format received by the access server. This value should be 0. A service node transmitting such messages might have a software problem.
Number of LAT messages with an illegal slot format received by the access server. This value should be 0. A service node transmitting such messages might have a software problem.
Number of illegally formatted multicast messages received from service nodes. This value should be 0. A service node transmitting such messages might have a software problem.
Displaying Access Server Status
The SHOW/LIST/MONITOR SERVER STATUS command displays the status of the access server. The information tells you how well the access server is working under the current load and also warns you of network trouble or of problems with ports on the access server. The display also lists current, highest, and maximum values for software and hardware resources.
If the status is not normal, then the following appears:
Selftest Status: Server:00-00-00 Service:00000
Port:0000000000000000
Software Status: PC=01234567 SP=01234567 SR=2300 M=01234567
C=217
The first line displays the access server software version number and base level, LAT software version number, ROM version number, and the time that the access server has been running since the last downline load, expressed as days hours:minutes:seconds.
Example: SHOW SERVER STATUS Display
The following example shows how to generate an access server status display:
Local> SHOW SERVER STATUS
Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM x.x-x Uptime: 0 17:05:57
Address: 08-00-2B-02-F2-BB Name: T_LAT06 Number: 65535
Cur High Max
Active Ports 8 8 16 Minutes to Shutdown: N/A
Active Users: 8 8 16 Discarded Nodes: 0
17-16 Managing the Access Server
Displaying Information About the Access Server
Queue Entries: 0 0 100 Resource Errors: 0
Available Services: 89 92 N/A Port Framing Errors: 0
Local Services: 2 2 20 Port Parity Errors: 0
Reachable Nodes: 75 78 200 Port Overrun Errors: 0
Boot Device: Ethernet: 0
Active Circuits: 4 7 32 Primary Host: PEACH
Connected Nodes: 3 5 32 Load Address: AA-00-04-00-46-DC
Connected Sessions: 12 20 64 Dump Address: None Available
% CPU Used: 15 36 100 Console User: None Available
% Memory Used: 36 53 100 Boot Protocol: MOP
Selftest Status: Normal
Software Status: Normal
Local>
SHOW/LIST/MONITOR SERVER COUNTERS Display Fields
The following table describes the fields and column headings in the access server status display:
Field
Address
Name
Number
Cur column
High column
Max column
Description
Ethernet address of the access server.
Name of the access server. This string can be specified by using the SET/DEFINE/CHANGE
SERVER NAME command.
Number of the access server. This number can be specified by using the SET/DEFINE/CHANGE
SERVER NUMBER command.
Current running value of the resource. If the Max value is lowered during the Uptime, this value can exceed the Max value for counters.
Highest value the resource attained, since the access server was last initialized. The length of time is shown in the Uptime field. If the Max value is lowered during the Uptime, this value can exceed the Max value for certain counters.
Maximum value that the resource can reach, given the physical restraints or the value specified for a access server characteristic.
Managing the Access Server 17-17
Displaying Information About the Access Server
Field Description
Active Ports Ports that have either interactive sessions or remote access connections.
Active Users Ports that have interactive sessions.
Queue Entries Queued connection requests that are in the access server queue.
Available Services
(LAT protocol only)
Local Services (LAT protocol only)
Reachable Nodes (LAT protocol only)
Network services that the access server recognizes as being available to users on the access server. (The information about these services is stored in access server memory.)
Number of LAT services offered by the access server.
Computers or other access servers that offer services on the network and that are reachable for service connections.
Active Circuits
Connected Nodes
LAT virtual circuits on which the access server has active connections with service nodes.
Service nodes with which the access server has established LAT virtual circuits.
Connected Sessions
% CPU Used
% Memory Used
Minutes to Shutdown
Discarded Nodes
Total number of LAT, Telnet, and SLIP sessions on the access server.
Total number of LAT, Telnet, and SLIP sessions on the access server.
Percentage of processing time the access server used. This value is calculated every second.
Percentage of the general memory pool being used.
Number of minutes remaining on the initialize timer. If no INITIALIZE command is in effect, N/A is displayed to indicate not applicable.
Number of nodes that could not be entered into the access server database, because of the value set for the node limit characteristic or because of a lack of memory. If this count is nonzero, the access server might be experiencing resource problems.
17-18 Managing the Access Server
Field
Resource Errors
Port Framing Errors
Port Parity Errors
Port Overrun Errors
Primary Host
Displaying Information About the Access Server
Description
The memory used for storing service and node information is shared with that used for handling multiple sessions and queued connection requests. If the access server receives information on a greater number of nodes than specified in the node limit access server characteristic, it discards that information and increments the Discarded Nodes counter. However, if the node limit is not reached but the access server could not find memory to store the information, it discards the information and increments both the Resource Errors and the
Discarded Nodes counter.
You can either reduce the value of the SESSION
LIMIT access server characteristic, adjust the value of the node limit access server characteristic, or use
Authorized Groups to logically subdivide the network for use by a discrete set of users.
Number of times an internal data structure could not be created due to the lack of system memory.
Sum of bytes received at the access server ports with illegally formatted data characters. Values other than 0 might indicate a problem with one of the ports. Use the port counters display to isolate the port or ports generating the errors accumulated in this counter.
Sum of bytes received at the access server ports with parity errors. Values other than 0 might indicate a problem with one of the ports. Use the port counters display to isolate the port or ports generating the errors accumulated in this counter.
Sum of characters lost at the access server ports, because the access server input buffers were full.
Values other than 0 might indicate a problem with one of the ports. Use the port counters display to isolate the port or ports generating the errors accumulated in this counter.
Name or IP address of the host from which the access server was last loaded.
Managing the Access Server 17-19
Displaying Information About the Access Server
Field
Load Address
Dump Address
Console User
Boot Protocol
Selftest Status
Description
Ethernet address of the node or the gateway from which the access server was last loaded. Some access servers display all zeroes if a downline load occurs using BOOTP and TFTP.
Ethernet address of the node or gateway that received the last up-line dump. Some access servers display all zeroes if a dump is to an Internet host.
Address of the node at which the Remote Console
Facility (RCF) is being used to access the access server. The access server indicates “none available” if the RCF is not in use.
This is the protocol used to downline load the software.
2
4
8
20
Shows internal information if the result of self-test at the most recent access server initialization is other than:
Normal: Server: 00-00-00 Service: 00000 Port:
0000000000000000
If a nonfatal error occurs during self-test, the access server displays information about the error. The following describes the information that appears in the display: Selftest Status: 00-00-00: The leftmost two numbers are always 00. The third number is a hexadecimal representation of a bit map in which a bit set indicates status as follows:
Bit
1
40
80
17-20 Managing the Access Server
Field
Selftest Status
(continued)
Displaying Information About the Access Server
Description
Each number represents a bit map in which a bit set indicates a problem with the port.
Bit
1
80
100
200
400
8
10
20
40
800
1000
2000
4000
8000
2
4
Bit
1
2
4
Service:00000: This value is a hexadecimal representation of a bit map in which a bit set indicates which service or services contained a checksum error.
Managing the Access Server 17-21
Displaying Information About the Access Server
Field
Software Status
Description
10000
20000
40000
80000
Port: 0000000000000000: This value is a hexadecimal number that corresponds to ports 1 to
16 from left to right.
Note: If more than one bit is set in a bit map, the value shown is the sum of the values for each bit. For example, if the Service Status value is 18C
(hexadecimal), this is the sum of 100, 80, 8, and 4.
Display shows internal information if the status displayed is other than Normal, that is, if a fatal software error occurs. For example:
PC=01234567
SP=01234567
SR=2300
M=01234567
C=217
A status other than Normal indicates that a fatal bugcheck error has occurred. More information is found in the Network Access Server Problem
Solving manual.
Displaying Access Server Summary Information
The LIST/SHOW/MONITOR SERVER SUMMARY command displays the access server groups you defined.
The first line displays the access server software version number and base level, LAT software version number, ROM version number, and the time that the access server has been running since the last downline load, expressed as days hours:minutes:seconds.
Use this display to determine which group codes the access server recognizes when it processes service announcement messages from other nodes on the network. These group codes are the sum of the authorized group codes of the ports on the access server.
17-22 Managing the Access Server
Displaying Information About the Access Server
Example: SHOW SERVER SUMMARY Display
The following example shows how to generate an access server summary display:
Local> SHOW SERVER SUMMARY
Network Access SW Vx.x for DSxxx
Address: 08-00-2B-02-F2-BB Name: T_LAT06 Number: 6
Identification: Number 6 LAT Server
Server Groups: 0,4,10-20
Local>
SHOW/LIST/MONITOR SERVER SUMMARY Display Fields
The following describes the access server summary display fields:
Field
Address
Name
Number
Identification
Server Groups
Description
Ethernet address of the access server.
Name of the access server as defined with the SET/DEFINE/
CHANGE SERVER NAME command.
Number of the access server as defined with the SET/
DEFINE/CHANGE SERVER NUMBER command.
An ASCII string describing the access server supplied in multicast service node announcement messages and issued to interactive access server users at access server login.
List of assigned groups across all the access server ports. The group list includes the current groups for every port on the access server. A group is current for any port if it appears in this group list. The access server uses this information to filter incoming multicast messages from other nodes.
Managing the Access Server 17-23
Checking Port Status and Counters
Checking Port Status and Counters
Introduction
The LIST/MONITOR/SHOW PORT command displays information about one or more ports on the access server. You can obtain characteristics, counter, status, and summary displays for ports.
Displaying Port Characteristics
The LIST/MONITOR/SHOW PORT CHARACTERISTICS command displays the values of the characteristics of the selected ports. The bottom of the display lists all the enabled port characteristics. Use the characteristics display when you are changing settings.
The port number n in the display indicates that the port device is connected to connector JN on the hardware unit. The server name is configured with the SET/
DEFINE/CHANGE SERVER NAME command. The other values can be changed with the SET/DEFINE/CHANGE PORT command.
Reference
Refer to Network Access Server Command Reference for information on each command.
Note
Some access servers have Modem Control instead of Signal Control. Also, Signal
Select is not available on all access servers.
17-24 Managing the Access Server
Checking Port Status and Counters
Example: SHOW PORT CHARACTERISTICS Display
The following example shows how to generate a port characteristics display:
Local> SHOW PORT 1 CHARACTERISTICS
Port 1: Joe Smith Server: Servername
Character Size: 8 Input Speed: 9600
Flow Control: XON Output Speed: 9600
Parity: None Signal Control: Disabled
Stop Bits: Dynamic Signal Select: CTS-DSR-RTS-DTR
Access: Local Local Switch: None
Backwards Switch: None Name: PORT_1
Break: Local Session Limit: 4
Forwards Switch: None Type: Ansi
Default Protocol: LAT Default Menu: None
Dialer Script: None
Preferred Service: TEST Node: PEACH Destination: LTA15
Authorized Groups: 0-10, 20-50, 200-255
(Current) Groups: 0-10, 20-50, 200-255
Enabled Characteristics:
Autobaud, Autoconnect, Autoprompt, Broadcast, DSRlogout, Inactivity Logout, Input Flow Control, Interrupts, Limited View, Loss
Notification, Message Codes, Multisessions, Output Flow Control,
On-Demand Loading, Password, Queuing, Security, Signal Check,
Verification
Local>
Displaying Port Counters
The SHOW/MONITOR PORT COUNTERS command displays the counters associated with each of the selected ports. Use this command to discover the source of any problems between the port device and the port. Typically, network problems can be detected with errors recorded in the access server status display.
The maximum value possible for the port counters is 4, 294, 967, 295. If a counter reaches that value, it remains at that value until either the counters are set to zero or the access server is initialized.
Three counters in the port counters display can indicate possible problems. The access server status display gives values for port framing, parity, and overrun errors for the access server. Usually Framing Errors, Parity Errors, and Overrun Errors are zero. If the access server status display indicates nonzero values for any of these errors, you can use the port counters display to find the port or ports that are causing the errors.
Managing the Access Server 17-25
Checking Port Status and Counters
Example: SHOW PORT COUNTERS Display
The following example shows how to generate a port counters display:
Local> SHOW PORT 1 COUNTERS
Port 1: Joe Smith Server: Servername
Seconds Since Zeroed: 1182768 Local Accesses: 17
Framing Errors: 0 Remote Accesses: 0
Parity Errors: 0 Overrun Errors: 0
SHOW/MONITOR PORT COUNTERS Display Fields
The following table describes the information in the port counters display:
Field
Port n
Server
Seconds Since Zeroed
Framing Errors
Parity Errors
Description
Number n of the port. The text that follows the number of the port is any associated user name or the name of the port as established for the port characteristic
NAME, if no user name was supplied.
Specifies a 1- to 16-character name for the access server.
Number of seconds since the counters were last set to zero.
Number of bytes received at the port with illegally formatted frames. If this value accumulates to greater than about 20 errors per day on any one port, you might have port line problems. Refer to the troubleshooting procedures in the Network Access
Server Problem Solving manual.
Number of bytes received with parity errors at the port. If this value accumulates to greater than about 20 errors per day on any one port, you might have port line problems. Refer to the troubleshooting procedures in the Network Access Server Problem
Solving manual.
17-26 Managing the Access Server
Checking Port Status and Counters
Field
Overrun Errors
Local Accesses
Remote Accesses
Description
Number of characters lost because the access server input buffers were full. If this value accumulates more than 10 errors daily on any one port, you might have flow control problems. If the port device supports flow control, ensure that the access server flow control and the flow control in the hardware for that device are set the same way. To check the FLOW
CONTROL setting, use the SHOW PORT
CHARACTERISTICS command.
Number of times an access server login occurred on the port.
Number of times a remote access connection was established on the port.
Displaying Port Status
The SHOW/MONITOR PORT STATUS command displays information about the operational condition of the selected port.
Example: SHOW PORT STATUS Display
The following example shows how to generate a port status display:
Local> SHOW PORT 1 STATUS
Port 1: Joe Smith Server: SERVERNAME
Access: Remote Current Service: TEST
Status: Connected Current Node: PEACH
Sessions: 1 Current Port: LTA15
Input XOFFed: No Output Signals: DTR RTS
Input Signals: DSR RXD Output XOFFed: Yes
SHOW/MONITOR PORT STATUS Display Fields
The following table discusses information displayed by the PORT STATUS command:
Field
Port n
Server
Description
Number n of the port. The text that follows the number of the port is any associated user name or the name of the port established for the port characteristic NAME, if no user name was supplied.
Specifies a 1- to 16-character name for the access server.
Managing the Access Server 17-27
Checking Port Status and Counters
Field
Access
Status
Current Node
Description
Current setting of the ACCESS port characteristic.
Access determines how a port can access a service node or how a port can be accessed by other interactive users and service nodes. Access is shown as one of the following:
• Dynamic — Access server allows access on the port to alternate between local and remote.
• Local — Access server allows only interactive use of the port.
• None — Access server prevents any use of the port.
• Remote — Access server allows only remote connections on the port.
Port access is specified by using the SET/DEFINE/
CHANGE PORT command.
Current status of the port, which can be one of the following:
• Connected — Port is connected to a service.
• Connecting — Port is attempting a connection to a service.
• Disconnected — Session was terminated while dormant.
• Disconnecting — Session is disconnecting from a service.
• Idle — Port is not in use.
• Local Mode — Port is logged in to the access server and is not connected to or connecting to a service.
• Locked — LOCK command was executed on the port.
• Signal Wait — The port failed to assert the DSR signal during a signal check controlled connection attempt.
• Sessions — Number of active sessions at the port.
• Current Service — Active service session or the service session interrupted when the user last entered local mode.
Node to which the current session is connected. If the access is remote, this is the name of the node from which the connection originated.
17-28 Managing the Access Server
Checking Port Status and Counters
Field
Current Port
Input or Output
XOFFed
Input or Output
Signals
Description
Identification of the port at the service node or at the requesting node.
Status of the data flow for the specified direction for the port.
Modem signals either currently asserted by the access server or currently monitored by the access server.
Displaying Port Summary
The LIST/MONITOR/SHOW PORT SUMMARY command displays one line of general information for each selected port. The port summary display is useful for obtaining information about how the ports are being used. This is the default display for the PORTS ALL entity specification.
Example: SHOW PORT SUMMARY Display
The following example shows how to generate a port summary display:
Local> SHOW PORTS ALL SUMMARY
Port Access Status Services Offered
1 Local Connected
2 Remote Connected LA50, PRINTER
3 Dynamic Idle HARDCOPY
4 Local Local Mode
5 Remote Connected LA50, PRINTER
6 Local Connecting
7 Remote Disconnected TIMESHARING
8 Local Idle
9 Local Idle
10 Local Idle
11 Local Idle
12 Local Idle
13 Local Idle
14 Local Idle
15 Local Idle
16 Local Idle
Managing the Access Server 17-29
Checking Port Status and Counters
SHOW/LIST/MONITOR PORT SUMMARY Display Fields
The following table describes the information under the headings in the SHOW/LIST/
MONITOR PORT SUMMARY display:
Heading
Port
Access
Status
Services
Offered
Description
Number n of the port.
Current setting of the ACCESS port characteristic. Access determines how a port can access a service node or how a port can be accessed by other interactive users and by service nodes.
Access is shown by one of the following:
• Dynamic — Access server allows access to the port to alternate between local and remote.
• Local — Access server allows only interactive use of the port.
• None — Access server prevents any use of the port.
• Remote — Access server allows only remote connections on the port. Port access is specified by using the SET/DEFINE/
CHANGE PORT command.
Current status of the port, which can be one of the following:
• Connected — Port is connected to a service.
• Connecting — Port is attempting a connection to a service.
• Disconnected — Session was terminated while dormant.
• Disconnecting — Session is disconnecting from a service.
• Idle — Port is not in use.
• Local Mode — Port is logged in to the access server and is not connected to or connecting to a service.
• Locked — LOCK command was executed on the port.
• Permanent — Status that appears for the LIST command.
• Signal Wait — The port failed to assert the DSR signal during a signal check controlled connection attempt.
The local services that the access server offers on the port. Hostinitiated requests can be made for these services.
17-30 Managing the Access Server
Chapter 18
Configuring and Managing 3270 Terminal
Emulation (TN3270)
Overview
Introduction
This chapter explains how to configure and manage the 3270 Terminal Emulator
(TN3270) software for the access server. This software enables ASCII terminals and
PCs to access IBM applications.
The TN3270 software enables an ASCII terminal to emulate an IBM 3278 Display
Station Model 2. The display screen of this model has 80 columns and 24 rows.
The TN3270 software performs the following tasks:
•
Translates the ASCII terminal data stream into the 3270 data stream and transmits it to the IBM host.
•
Receives the 3270 data stream from the IBM host and translates it into the ASCII terminal data stream.
The access server uses Telnet over TCP/IP to access applications on IBM hosts.
This chapter assumes a basic understanding of applications for IBM 3270 Information
Display Systems and terminal emulation. This chapter also assumes that the system manager at the host site configures the appropriate TCP/IP software.
Configuring and Managing 3270 Terminal Emulation (TN3270) 18-1
Supported ASCII Terminals
Supported ASCII Terminals
Definition
TN3270 supports the following models of DIGITAL ASCII terminals:
•
VT100 with Advanced Video Option
•
VT102
•
VT220, VT240, and VT241
•
VT320, VT330, VT340, and VT341
•
VT420
In the remainder of this chapter, the term ASCII terminal refers to all the models listed above and any compatible terminal emulation package.
18-2 Configuring and Managing 3270 Terminal Emulation (TN3270)
Definition and Description of a Keyboard Map
Definition and Description of a Keyboard Map
3278 Keyboards
Because the IBM 3278 keyboard differs greatly from those on ASCII terminals,
TN3270 provides keyboard maps. A keyboard map assigns the functions on the IBM
3270 keyboards to keys or key sequences on the ASCII terminals. For example, Ctrl/
Z on an ASCII keyboard by default maps to the IBM 3270 EXIT function when you use the VT100 keyboard map.
Server-Specific Keyboard Maps
You can have server-wide keyboard maps that all server ports can access, or you can set them up on a port-by-port basis. For information on displaying and customizing keyboard maps, refer to Displaying and Customizing Keyboard Maps in this chapter.
Configuring and Managing 3270 Terminal Emulation (TN3270) 18-3
Configuring Basic 3270 Terminal Emulation
Configuring Basic 3270 Terminal Emulation
Once the IBM system administrator has configured the IBM host with TCP/IP, you need to do the following:
1 Set up the ASCII terminal.
2 Indicate the model number of the IBM 3270 Information Display Station that a terminal emulates.
3 Specify the type of ASCII terminal attached to the port.
Once you complete these tasks, you can connect to an IBM application as described in the Connecting to an IBM Host section in this chapter. These are the minimal tasks required to configure a port for 3270 emulation. This section describes these tasks.
Setting Up an ASCII Terminal
To enable an ASCII terminal for 3270 emulation, you need to change the setup parameters as described below. To change these parameters, use the setup procedure described in the documentation provided with the terminal.
When you connect to an IBM host or resume a 3270 session, TN3270 automatically:
•
Configures the terminal to:
— Designate the ASCII character set as GO graphics set/invoke GO in GL.
— Position the cursor in column 1 of row 24.
— Set autowrap enabled except for ANSI.
— Set application keypad except for ANSI and VT100.
— Set local echo off except for ANSI, VT100, VT220.
•
Detects if the cursor keys operate in normal or application mode.
•
Detects 7- or 8-bit controls.
18-4 Configuring and Managing 3270 Terminal Emulation (TN3270)
Configuring Basic 3270 Terminal Emulation
Terminal Setup Parameters
The following table provides information on terminal setup for the various DIGITAL terminal models:
Terminal Model
VT100
VT2xx, VT3xx, V4xx
Setup Parameters
ANSI mode
AUTO XON/XOFF = ON
General:
• VT100 through VT400 mode
• 7-bit or 8-bit controls
Communications:
• XOFF at 64 or 128
• No local echo
Indicating the 3270 Model Number
To enable 3270 emulation on a port, you must specify the 3270 model number as follows:
Local> CHANGE PORT 2 TN3270 MODEL 2
This command enables port 2 to emulate an IBM 3278 Model 2 display station.
When the access server establishes a session to an IBM host, the host negotiates for an
IBM 3278 display station. If the IBM host does not negotiate for an IBM 3278, then the access server defaults to a standard Telnet connection.
To disable 3270 emulation on port 2, enter the following:
Local> CHANGE PORT TN3270 NONE
By default, 3270 emulation is disabled on all ports.
Specifying the Type of ASCII Terminal Used for Emulation
After you indicate the 3270 model number, you need to specify the type of ASCII terminal. For example, to indicate that a VT220 is attached to port 2, you enter:
Local> CHANGE PORT 2 TN3270 TERMINAL VT220
To display the list of terminal types and their associated keyboard maps, enter the
SHOW TN3270 TERMINAL command. The default terminal device is VT100.
Configuring and Managing 3270 Terminal Emulation (TN3270) 18-5
IBM Host Communications
IBM Host Communications
Introduction
This section describes IBM host communications with a terminal attached to the access server.
Connecting to an IBM Host
After you complete the basic configuration of a port for 3270 emulation, you can use the CONNECT, OPEN, or TELNET commands to access an IBM host. The following example shows a connection to an IBM host that uses the host’s Internet address:
Local> CONNECT 195.20.0.15
When the access server connects, follow the prompts that appear on the screen to log onto the host system.
To display the keyboard map defined for a session, enter the 3270 HELP function.
Entering and Editing Data
TN3270 supports the following data entry and editing features:
•
Unformatted and formatted screens
•
Normal and insert modes
For information about IBM 3270 data entry and editing, refer to the documentation provided with your IBM application.
Status Line Indicator
The status line indicator is a reverse video strip that displays messages on the bottom line of the terminal screen during a 3270 session. This indicator emulates the status line that appears on the bottom line of an IBM 3270 Display Station.
To turn the status line indicator on and off, enter the 3270 STATUS function.
The status line is overwritten when:
•
The IBM application moves the cursor to the last line on the screen.
•
You enter data on the last line of the screen.
18-6 Configuring and Managing 3270 Terminal Emulation (TN3270)
IBM Host Communications
The status line is restored when:
•
You use the STATUS function.
•
You send data to the host.
•
The IBM application clears the screen.
Status Line Messages
The following table describes the messages that appear on the status line indicator:
Message
EXTEND
HIDDEN
INSERT
INHIB
O
ONLINE
X
7171
Description
You have pressed the EXT function.
The status line is covering some screen data that you have not yet seen. This indicator turns off when you enable the status display after viewing the hidden data.
The terminal is in insert mode.
The application has suspended input from the keyboard. This condition can occur when:
• You try to enter data in a protected field.
• You try to enter the wrong type of data.
You are using the numeric lock override function. This indicator turns off when you enter the NUM OVR function again.
You are successfully communicating with the IBM host.
The IBM system is unavailable for input. For example, the message X displays after your use the ENTER function to send data to the IBM host.
You are using 7171 mode to transmit embedded nulls as spaces.
Configuring and Managing 3270 Terminal Emulation (TN3270) 18-7
IBM Host Communications
Status Line Indicator Display
The following figure shows the position of the status line indicator on the screen:
18-8 Configuring and Managing 3270 Terminal Emulation (TN3270)
Displaying and Customizing Keyboard Maps
Displaying and Customizing Keyboard Maps
Introduction
Although the default TN3270 keyboard maps are sufficient for most users, some may want to customize keyboard maps for specific applications. This section describes the default keyboard maps and the options for displaying and customizing them.
There are two ways to manage customization of keyboard maps: on a server-wide basis and a port-by-port basis. Server-wide customization may be preferred because it addresses multiple users’ needs and makes more efficient use of the access server
NVRAM. The server-wide customization must be set up by the privileged user, while port-by-port customization can be done by the port user.
Server-Wide Keyboard Maps Customization
Server-wide customization of keyboard maps depends upon the fact that each keyboard map is associated with a terminal type. The privileged user can create a new terminal type and associate a new keyboard map with it. Then he or she can customize the new map, which changes the key assignments that go with IBM 3270 functions.
A port user can then associate a port with the new terminal type. This automatically sets up the port to use the new keyboard map (see the following figure).
Figure: Port Access to Server-Wide Keyboard Maps
Default Server-Wide Terminal Types and Keyboard Maps
This section discusses the default server-wide keyboard maps and then explains how to define and customize new keyboard maps. The Selecting and Customizing
Keyboard Maps for a Port section discusses keyboard maps for ports.
By default, the access server offers five different terminal types. Each terminal type is associated with one of two default keyboard maps, VT100 and VT220.
You can display the default terminal types and keyboard maps with the following command:
Local> SHOW TN3270 TERMINAL
Configuring and Managing 3270 Terminal Emulation (TN3270) 18-9
Displaying and Customizing Keyboard Maps
Default Server-Wide Terminal Type and Keyboard Maps
The following table shows the default keyboard map and the associated terminal type:
Predefined Terminal Type
ANSI
VT100
VT220
VT320
VT420
Default Keyboard Map
VT100
VT100
VT220
VT220
VT220
These particular associations between terminal types and keyboard maps are fixed.
You cannot reassign any of the five default terminal types to different keyboard maps.
You cannot customize any of the individual key assignments for either of the two default keyboard maps on an access server-wide basis. These default terminal types and keyboard maps are intended for users who do not need any customization.
You can display the key assignments for the default keyboard map (VT220, in this example) with this command:
Local> SHOW TN3270 KEYMAP VT220
Defining New Server-Wide Terminal Types and Keyboard Maps
The privileged user can set up new terminal types and keyboard maps; up to six of each. New terminal types can be associated with one of the default keyboard maps or with a new keyboard map that has customized individual key assignments.
The first of the following two commands below creates a new terminal type called
PC_100_DCA and associates it with the default VT100 keyboard map. You might want to do this, for example, if you have PCs that emulate VT100 terminals. The key assignments for the PC_100_DCA terminal type would look exactly like those for the
VT100 keyboard map.
The second command reassigns PC_100_DCA to an entirely new keyboard map, called NEW_KEYS. NEW_KEYS starts out looking like the default VT100 keyboard map until you customize the key assignments (if you choose to do so). Customizing
Server-Wide Keyboard Maps, in this chapter, discusses customization.
Note
You cannot customize the predefined VT100 keyboard map that you set up with the first command.
Local> CHANGE TN3270 TERMINAL PC_100_DCA KEYMAP VT100
18-10 Configuring and Managing 3270 Terminal Emulation (TN3270)
Displaying and Customizing Keyboard Maps
Local> CHANGE TN3270 TERMINAL PC_100_DCA KEYMAP NEW_KEYS
You can carry out a similar process for terminal devices that use the VT220 keyboard map—the other default map.
Local> CHANGE TN3270 TERMINAL PC_220_DCA KEYMAP VT220
Local> CHANGE TN3270 TERMINAL PC_220_DCA KEYMAP NEW_KEYS2
Customizing Server-Wide Keyboard Maps
After executing the CHANGE commands as shown in the Defining New Server-Wide
Terminal Types and Keyboard Maps section in this chapter, you can customize the individual keymapping assignments in the new keyboard map NEW_KEYS. The goal is to have key assignments that fit the needs of the port users who can select the terminal type that goes with a new keyboard map.
The following command changes the keymapping assignment for the TN3270 function
CLEAR. Instead of the default VT100 keymapping EXT ENTER, the manager assigns the CLEAR function to Ctrl/W.
Local> CHANGE TN3270 KEYMAP NEW_KEYS CLEAR <CTRL/W>
In a display, the customized keymapping assignment is marked with an asterisk (*).
The privileged user can show the new keymapping with this command:
Local> SHOW TN3270 KEYMAP NEW_KEYS
Rules for Customizing Keyboard Maps
The following rules apply to customizing keyboard maps:
•
You can assign each 3270 function to only one ASCII key sequence.
•
If you attempt to assign a 3720 function to an ASCII key sequence that is already in use, the access server:
— Issues a warning message.
— Assigns the requested key definition.
— Assigns the 3270 function previously assigned to this sequence to NONE.
•
You cannot assign an ASCII key sequence that is a subset of a key sequence already assigned to a 3270 function. For example, the assignment of “KPDOT” to a 3270 function is disallowed if “KPDOT F20” is already assigned to a 3270 function.
Configuring and Managing 3270 Terminal Emulation (TN3270) 18-11
Displaying and Customizing Keyboard Maps
Selecting a Server-Wide Terminal Type and Keyboard Map for a Port
A port user who wants to establish a TN3270 session using a server-wide keyboard map can do the following:
Step
1
Action
Check to see what terminal types (and associated keyboard maps) are available with the following command:
Local> SHOW TN3270 TERMINAL
Server: LAT_08002B26D0DE
2
3
4
Terminal Keymap
VT100 VT100
VT220 VT220
VT320 VT220
VT420 VT220
ANSI VT1000
PC_100_DCA NEW_KEYS
PC_220_DCA NEW_KEYS2
Choose a keyboard map for one of the terminal types (for example,
NEW_KEYS) and check its associated keymapping:
Local> SHOW TN3270 KEYMAP NEW_KEYS
If the keymapping is what the users require for TN3270 applications, they set up the port to use the access server-wide terminal type:
Local> SET PORT TN3270 TERMINAL PC_100_DCA
The user can now confirm what terminal type and key assignments
TN3270 sessions will use at the port:
Local> SHOW PORT TN3270 CHARACTERISTICS
Local> SHOW PORT TN3270 KEYMAP
The port user has set up the port to use an access server-wide customized set of keymapping assignments without any added memory or complexity.
Note
Port users cannot customize access server-wide keyboard maps. The port users can customize only the default keyboard maps. See the Customizing a Default Keyboard
Map for a Port section in this chapter.
18-12 Configuring and Managing 3270 Terminal Emulation (TN3270)
Displaying and Customizing Keyboard Maps
Selecting and Customizing Keyboard Maps for a Port
Server-wide keymapping is the recommended method for customizing users’ TN3270 keymapping assignments. It uses access server memory efficiently and provides a common customized environment across all TN3270 ports. Port-by-port keymapping is also possible, but uses additional access server resources.
A user can set up unique keymapping assignments for use only on his or her port.
Individual port users have the following choices for selecting the keyboard maps that are most appropriate for their TN3270 applications:
•
Select and use one of the predefined default terminal types and its associated keyboard map. The predefined terminal types are VT100, VT220, VT320, VT420, and ANSI.
•
Select one of the predefined default terminal types, and then customize its keyboard map. Customizing a Default Keyboard Map for a Port discusses this customization.
•
Select and use one of the server-wide customized terminal types and its keyboard map. These terminal types have been defined and customized for all ports by the server manager. The users cannot customize the keymaps associated with these terminal types on a port-by-port basis.
The following sections discuss these options.
Selecting a Default Terminal Type and Keyboard Map for a Port
A port user can forego access to any server-wide keymappings that may be available.
Instead the user can choose the default terminal types and keyboard maps.
Reference
For a printed copy of these keyboard maps, refer to the Network Access Server
Command Reference.
Keyboard Map and Terminal Type
The following table lists the two default keyboard maps and their associated terminal devices:
Predefined Terminal Device
VT100, ANSI
All ASCII terminals other than the VT100
Associated Keyboard Map
VT100
VT220
Configuring and Managing 3270 Terminal Emulation (TN3270) 18-13
Displaying and Customizing Keyboard Maps
You can list the defaults with this command:
Local> SHOW TN3270 KEYMAP "KEYMAPNAME"
The defaults are shown in the Default Server-Wide Terminal Type and Keyboard
Maps and the Keyboard Map and Terminal Type.
You can display the keyboard mappings associated with a default keyboard map
(VT220 in this example, for a VT420 port device) with this command:
Local> SHOW TN3270 KEYMAP VT220
If this keymapping is the best choice for the port user, you can set up the port to use the VT420 terminal type, which is associated with the VT220 keyboard map. Execute the following command to choose the VT220 keyboard map for port 2:
Local> CHANGE PORT 2 TN3270 TERMINAL VT420
The user can now confirm the terminal type and keyboard mapping assignments:
Local> SHOW PORT 2 TN3270 CHARACTERISTICS
Local> SHOW PORT 2 TN3270 KEYMAP
Customizing a Default Keyboard Map for a Port
As a port user, you can customize any of the key definitions on the default keyboard map to suit your keyboard. For example, the following command defines the ASCII code for the IBM 3270 NEWLINE function:
Local> CHANGE PORT TN3270 KEYMAP NEWLINE <Ctrl/J>
In this example, the ASCII sequence Ctrl/J maps to the NEWLINE function.
See the Rules for Customizing Keyboard Maps section in this chapter for rules about customizing keyboard maps.
To display a customized keyboard map for a port, use the SHOW PORT TN3270
KEYMAP command.
For each IBM 3270 function, a given keyboard map definition indicates:
•
The defined mnemonics for the ASCII codes that the access server associates with each IBM 3270 function
•
An optional text description of the keystrokes used to produce the ASCII codes
18-14 Configuring and Managing 3270 Terminal Emulation (TN3270)
Displaying and Customizing Keyboard Maps
Example: SHOW PORT TN3270 KEYMAP Command
The following example shows a partial display of a keymap:
Local> SHOW PORT 2 TN3270 KEYMAP
Port 1: john
3270 function ASCII
.
.
.
Keystroke mnemonic description
CLEAR F12 “Alt F2”
Configuring and Managing 3270 Terminal Emulation (TN3270) 18-15
ASCII-to-EBCDIC and EBCDIC-to-ASCII Translation Tables
ASCII-to-EBCDIC and EBCDIC-to-ASCII Translation Tables
Commands
The following table lists and describes the commands that enable you to display and modify the ASCII-to-EBCDIC and EBCDIC-to-ASCII translation tables. These tables use ASCII codes 0 to 255.
When you display or change a given translation, you must enter the codes in hexadecimal format. Any changes to the translation tables take effect in new sessions on the access server, but do not affect current sessions.
Command
SHOW/SET TN3270 ATOE
SHOW/SET TN3270 ETOA
Enables You to Display and Modify
The ASCII-to-EBCDIC translation table.
The EBCDIC-to-ASCII translation table.
18-16 Configuring and Managing 3270 Terminal Emulation (TN3270)
Guidelines for Managing the Use of NVRAM for TN3270
Guidelines for Managing the Use of NVRAM for TN3270
Introduction
There is a pool of approximately 2.5 KB of shared NVRAM for the customization of the following TN3270 characteristics:
•
Keyboard maps for the ports
•
ASCII-to-EBCDIC and EBCDIC-to-ASCII translation tables
This section provides guidelines on managing the available memory pool.
Storage Requirements for TN3270 Definitions in NVRAM
The following table lists the TN3270 storage requirements for TN3270 definitions in
NVRAM:
Definition Description
Keyboard map definition for a port
Optional description text for a port
Each ASCII-to-EBCDIC and
EBCDIC-to-ASCII customized translation
Storage Requirements
8 bytes
8 bytes for increments of 7 bytes of text
8 bytes
TN3270 Commands That Free NVRAM Space
The following table lists the commands used to free NVRAM space:
Command
DEFINE [PORT] TN3270
KEYMAP 3270-Function
DEFAULT
DEFINE [PORT] TN3270
KEYMAP ALL DEFAULT
DEFINE TN3270 ETOA E-
CODE A-CODE DEFAULT
DEFINE TN3270 ATOE A-
CODE E-CODE DEFAULT
Frees NVRAM Space Used By
The ASCII mnemonic and key sequence definition for the specified 3270 function.
All customized keyboard maps.
The specified EBCDIC-to-ASCII translation.
The specified ASCII-to-EBCDIC translation.
Configuring and Managing 3270 Terminal Emulation (TN3270) 18-17
Guidelines for Managing the Use of NVRAM for TN3270
Limiting NVRAM Usage
To limit the number of NVRAM keyboard maps that the port user can customize, use the command shown in the following example:
Local> DEFINE PORT TN3270 NVRAM LIMIT 5
The default limit is 0.
18-18 Configuring and Managing 3270 Terminal Emulation (TN3270)
Commands to Manage TN3270 Terminal Emulation
Commands to Manage TN3270 Terminal Emulation
Introduction
This section summarizes the commands to manage 3270 emulation.
Reference
For a complete description of these commands and the correct syntax, refer to the
Network Access Server Command Reference.
TN3270 Access Server Characteristics
The following table summarizes the TN3270 commands that configure access server characteristics:
Command
SET/DEFINE/
CHANGE TN3270
ATOE
SET/DEFINE/
CHANGE TN3270
ETOA
SET/DEFINE/
CHANGE TN3270
TERMINAL
CLEAR/PURGE
TN3270 TERMINAL
SET/DEFINE/
CHANGE TN3270
KEYMAP
Description
Changes the ASCIIto- EBCDIC translation for the code specified.
Changes the
EBCDIC-to-ASCII translation for the code specified.
Creates an access server-wide customized TN3270 terminal or renames an existing keymap for a terminal.
Clears dynamic or permanent memory of a customized 3270 terminal.
Customizes keymappings for an existing access serverwide keymap.
None
None
Default
For the default ASCIIto-EBCDIC translation table, refer to the
Network Access Server
Command Reference.
For the default
EBCDIC-to-ASCII translation table, refer to the Network Access
Server Commands
Reference.
For the default
KEYMAP, refer to the
Network Access Server
Command Reference.
Configuring and Managing 3270 Terminal Emulation (TN3270) 18-19
Commands to Manage TN3270 Terminal Emulation
TN3270 Port Characteristics
The following table provides information on port characteristics and their defaults:
SET/DEFINE/
CHANGE
PORT TN3270
MODEL
Description Default
TERMINAL
KEYMAP
KEYMAP
NVRAM LIMIT
NULLS
FLOW
CONTROL
SWITCH
CHARACTER
Verification
Specifies the model of IBM
3270 Information Display
Station the ASCII terminal emulates.
Indicates the type of ASCII terminal and associated keymap attached to the port.
Enables you to change a definition in the keyboard map.
Specifies the number of keyboard maps in NVRAM that the nonprivileged user is allowed to define.
Determines how TN3270 treats the transmission of null characters to the host.
Allows you to enable and disable input and output flow control for the port.
Controls whether the port detects port local, forward, or backward switch characters for a session.
Specifies whether the access server displays messages when you connect, disconnect, or switch sessions.
NONE
Nonprivileged
VT100
Nonprivileged
–
0
Privileged
3179
Nonprivileged
Enabled
Secure
Enabled
Secure
Enabled
Secure
18-20 Configuring and Managing 3270 Terminal Emulation (TN3270)
Commands to Manage TN3270 Terminal Emulation
SHOW Commands
The following table provides information on the SHOW Commands for port characteristics:
SHOW
PORT TN3270 KEYMAP
PORT TN3270
CHARACTERISTICS
TN3270 ATOE
TN3270 ETOA
TN3270 TERMINAL
TN3270 KEYMAP
PORT SESSION TN3270
KEYMAP
PORT SESSION
CHARACTERISTICS
PORT SESSION STATUS
Displays
The TN3270 keyboard map for a specified port.
The TN3270 port characteristics for a specified port.
The ASCII-to-EBCDIC translation table.
The EBCDIC-to-ASCII translation table.
The terminal types available on the access server and their associated keyboard maps.
The keymap assignments associated with a specified keymap.
All keyboard maps for all sessions on the specified port.
The TN3270 characteristics for all sessions on the specified port.
The status for all sessions on the specified port.
Configuring and Managing 3270 Terminal Emulation (TN3270) 18-21
Chapter 19
Configuring and Managing Point-to-Point
Protocol (PPP) Ports
Overview
Introduction
This chapter explains how to configure and manage access server ports for use with
PCs and computers acting as Point-to-Point Protocol (PPP) hosts. A PPP host uses PPP as its data link over low-speed asynchronous serial lines.
Prerequisites
Before you use the procedures in this chapter, you must:
•
Ensure that the devices support PPP.
•
Connect and test the devices.
•
Configure the port and device characteristics to match.
For information about device cables, refer to the access server hardware documentation.
In This Chapter
This chapter contains the following topics:
•
Enabling PPP on an Access Server Port
•
Establishing and Ending a PPP Session
•
Displaying PPP Characteristics
•
Displaying PPP Status
•
Displaying PPP Counters
Configuring and Managing Point-to-Point Protocol (PPP) Ports 19-1
Enabling PPP on an Access Server Port
Enabling PPP on an Access Server Port
Introduction
To check if PPP is enabled on a given port, use the SHOW PORT command. When enabled, the keyword PPP displays in the list of enabled characteristics at the bottom of the screen.
The section provides examples of enabling PPP on an access server port.
Enabling PPP for Mixed Traffic
For basic operation of PPP, the only required commands are:
•
DEFINE PORT MULTISESSIONS DISABLED
•
DEFINE PORT PPP ENABLED
Example: Enabling PPP for Mixed Traffic
The following example shows a series of commands used to configure a port to support mixed character-cell and PPP traffic.
Local> DEFINE PORT 3 ACCESS LOCAL AUTOBAUD ENABLED AUTOCONNECT
DISABLED
Local> DEFINE PORT 3 BREAK LOCAL DEFAULT PROTOCOL PPP DSRLOGOUT
ENABLED
Local> DEFINE PORT 3 INTERRUPTS DISABLED MULTISESSIONS DISABLED
Local> DEFINE PORT 3 PREFERRED NONE SIGNAL CHECK DISABLED
Local> DEFINE PORT 3 SIGNAL CONTROL DISABLED
Local> DEFINE PORT 3 PPP ENABLED
Local> DEFINE PORT 3 PPP IPCP HOST ADDRESS 1.2.3.4
Local> LOGOUT PORT 3
Local>
19-2 Configuring and Managing Point-to-Point Protocol (PPP) Ports
Enabling PPP on an Access Server Port
Enabling Dedicated PPP Traffic
The following example shows a series of commands used to dedicate a port to PPP.
Local> DEFINE PORT 5 ACCESS LOCAL AUTOBAUD DISABLED
Local> DEFINE PORT 5 AUTOCONNECT ENABLED BREAK DISABLED DEDICATED
PPP
Local> DEFINE PORT 5 DEFAULT PROTOCOL PPP DSRLOGOUT ENABLED
Local> DEFINE PORT 5 DTRWAIT ENABLED INACTIVITY LOGOUT DISABLED
Local> DEFINE PORT 5 INTERRUPTS DISABLED MULTISESSIONS DISABLED
Local> DEFINE PORT 5 PREFERRED NONE SIGNAL CHECK DISABLED
Local> DEFINE PORT 5 SIGNAL CONTROL DISABLED
Local> DEFINE PORT 5 PPP ENABLED
Local> DEFINE PORT 5 PPP IPCP HOST ADDRESS 1.2.3.4
Local> LOGOUT PORT 5
Enabling Ports with Modems for PPP
The following example shows a series of commands used to dedicate a port with an attached modem to PPP.
Local> DEFINE PORT 5 ACCESS LOCAL ALTERNATE SPEED NONE
Local> DEFINE PORT 5 AUTOBAUD ENABLED AUTOCONNECT DISABLED
Local> DEFINE PORT 5 BREAK DISABLED DEDICATED PPP DEFAULT
PROTOCOL PPP
Local> DEFINE PORT 5 DSRLOGOUT DISABLED DTRWAIT DISABLED
Local> DEFINE PORT 5 FLOW CONTROL CTS INACTIVITY LOGOUT DISABLED
Local> DEFINE PORT 5 INTERRUPTS DISABLED MULTISESSIONS DISABLED
Local> DEFINE PORT 5 PREFERRED NONE SIGNAL CHECK DISABLED
Local> DEFINE PORT 5 SIGNAL CONTROL ENABLED SPEED 2400
Local> DEFINE PORT 5 PPP IPCP HOST ADDRESS 1.2.3.4
Local> DEFINE PORT 5 PPP ENABLED
Local> LOGOUT PORT 5
Configuring and Managing Point-to-Point Protocol (PPP) Ports 19-3
Establishing and Ending a PPP Session
Establishing and Ending a PPP Session
Using the CONNECT PPP Command
If PPP is configured, you can start a PPP session on a port by entering the following secure command:
Local> CONNECT PPP
You can stop a PPP session by:
•
Logging out of the port
•
Generating a BREAK to the access server if the login is interactive, followed by the DISCONNECT command causing the peer to negotiate an end to the link
The exact mechanism for causing a peer to negotiate the end of a link depends on the
PPP package used on the access server peer.
19-4 Configuring and Managing Point-to-Point Protocol (PPP) Ports
Displaying PPP Characteristics
Displaying PPP Characteristics
Introduction
This section describes the commands used to display characteristics for LCP, IPCP, and ATCP.
Displaying LCP Characteristics
Use the SHOW PORT n PPP LCP CHARACTERISTICS command to display LCP characteristics for a port. This command is nonprivileged. The fields shown in the LCP display show the latest values configured by the SET PORT n PPP LCP characteristic commands. Use the SHOW/MONITOR PORT n PPP LCP STATUS command to see the values actually used on the link.
Example: Displaying LCP Characteristics
The following example shows the command to display the LCP configuration for port
5.
Local> SHOW PORT 5 PPP LCP CHARACTERISTICS
Port 5: Server: LAT_08002B26D0E7
LCP Characteristics:
LCP: Enabled Passive Open: Disabled
Restart Timer: 3 seconds
Max Configure: 10 transmissions
Max Terminate: 2 transmissions
Max Failure: 10 transmissions
LCP Options: Local:
MRU: 1500
Character Map: FFFFFFFF
Link Quality: Disabled
Magic Number: Disabled
PF Compress: Disabled
ACF Compress: Disabled
FCS Size: 16 Bit
Callback Disabled
Configuring and Managing Point-to-Point Protocol (PPP) Ports 19-5
Displaying PPP Characteristics
Fields in the LCP Characteristics Display
The following table explains the fields in the LCP characteristics display.
Field
LCP
Passive Open
Restart Timer
Max Configure
Max Terminate
Max Failure
MRU
Character Map
Authentication
Link Quality*
Description
Indicates if LCP is enabled.
When enabled, LCP negotiation does not begin until initiated by the attached device.
Indicates the amount of time between LCP configure- or terminaterequest retransmissions when there is no response.
The number of times that
LCP sends a configurerequest packet to the peer without receiving an acknowledgment.
The number of times that
LCP sends a terminaterequest packet to the peer without receiving an acknowledgment.
The number of times that
LCP sends a negative acknowledgment for the peer’s proposed options before deciding to reject the options.
The current MRU value.
The current character map.
The current authentication configuration.
The current link quality.
Values
Enabled
Disabled
Enabled
Disabled
1 to 5 attempts
1 to 15 attempts
1 to 15 attempts
Default
Enabled
Disabled
3
10
2
1 to 15 seconds 10
64 to 1500
0 to FFFFFFFF
Disabled, PAP,
CHAP
Disabled
1500
FFFFFFFF
Disabled
Disabled
19-6 Configuring and Managing Point-to-Point Protocol (PPP) Ports
Displaying PPP Characteristics
Field
Magic Number*
PF Compress
ACF Compress
Description
The current magic number.
Indicates if the access server negotiates to allow its peer to omit the extra protocol field byte from packets sent over the link.
Indicates if the access server negotiates to allow its peer to omit the
HDLC address and control fields from packets sent over the link.
Values
Disabled
Enabled
Disabled
Enabled
Disabled
Default
Disabled
Disabled
Disabled
FCS Size*
Callback**
The size of the FCS that the access sever is configured to negotiate.
Indicates that the access server negotiates to request a call-back.
16-bit
Enabled
Disabled
Note: *This field has a fixed value in this software release.
16-bit
Enabled
Note: ** If you enable PPP call-back negotiation on a port, it is strongly recommended you also enable some sort of authentication (PAP, CHAP, etc.) on the port. Without authentication, any user who happens to discover the phone number for that port’s modem could potentially request a call-back and run up unlimited phone charges. To enable authentication on a port, refer to Chapter 22.
Displaying IPCP Characteristics
The SHOW/LIST/MONITOR PPP IPCP CHARACTERISTICS command displays the IPCP configuration for a given port. The fields in the display show the latest values configured by the SET PORT n PPP IPCP characteristic commands. Use the SHOW/
MONITOR PORT n PPP IPCP STATUS command to see the values actually used on the link.
Configuring and Managing Point-to-Point Protocol (PPP) Ports 19-7
Displaying PPP Characteristics
Example: IPCP Characteristics Display
The following example shows a sample IPCP characteristics display.
Local> SHOW PORT 5 PPP IPCP CHARACTERISTICS
IPCP Characteristics:
IPCP: Disabled
Passive Open: Disabled
Restart Timer: 3 seconds
Max Configure: 10 transmissions
Max Terminate: 2 transmissions
Max Failure: 10 transmissions
IPCP Options: Local:
Negotiate Address: Disabled
Remote IP Address: 0.0.0.0
Compress Header: Disabled
Compress States: 16
IPCP Characteristics Display Fields
The following table explains the fields in the IPCP characteristics display.
Field
IPCP
Passive Open*
Restart Timer
Max Configure
Description
Indicates if IPCP is enabled.
When enabled, IPCP negotiation does not begin until initiated by the attached device.
Indicates the amount of time between IPCP configure- or terminaterequest retransmissions when there is no response.
The number of times that
IPCP sends a configurerequest packet to the peer without receiving an acknowledgment.
Values
Enabled
Disabled
Disabled
1 to 5 seconds
1 to 15 attempts
Default
Disabled
Disabled
3
10
19-8 Configuring and Managing Point-to-Point Protocol (PPP) Ports
Field
Max Terminate
Max Failure
Negotiate Address
Remote IP Address
Description
The number of times that
LCP sends a terminaterequest packet to the peer without receiving an acknowledgment.
Displaying PPP Characteristics
The number of times that
IPCP sends a negative acknowledgment for the peer’s proposed options before deciding to reject the options.
Indicates if IP address negotiation is enabled for this link.
Indicates the address that the access server should negotiate to use for the peer and the source of the port’s remote IP address.
Values
1 to 15 attempts
1 to 15 attempts
Enabled
Disabled
Compress Header
Compress States
Indicates that TCP/IP header compression is to be used.
Indicates the maximum number of TCP/IP sessions that can be compressed at any given time.
* This field has a fixed value in this software release.
Enabled
Disabled
4 to 16
Default
2
10
Disabled
0.0.0.0
Disabled
16
Configuring and Managing Point-to-Point Protocol (PPP) Ports 19-9
Displaying PPP Characteristics
ATCP Characteristics
The SHOW/LIST/MONITOR PPP ATCP CHARACTERISTICS command displays the ATCP configuration for a given port. The fields in the display show the latest values configured by the SET PORT n PPP ATCP characteristic commands. Use the
SHOW/MONITOR PORT n PPP ATCP STATUS command to see the values actually used on the link.
Example: ATCP Characteristics Display
The following example shows a sample ATCP characteristics display:
Local> SHOW PORT 5 PPP ATCP CHARACTERISTICS
Port 5: Server: LAT_08002B26AA94
ATCP Characteristics:
ATCP: Enabled Passive Open: Enabled
Restart Timer: 3 seconds
Max Configure: 10 transmissions
Max Terminate: 2 transmissions
Max Failure: 10 transmissions
ATCP Characteristics Display Field Values
The following table explains the fields in the ATCP characteristics display:
Default
Enabled
Field
ATCP
Passive Open
Restart Timer
1
Max Configure
Description
Indicates if ATCP is enabled.
Values
Enabled
Disabled
Enabled
Disabled
When enabled, ATCP negotiation does not begin until initiated by the attached device.
Indicates the amount of time between ATCP configure- or terminate-request retransmissions when there is no response.
The number of times that ATCP sends a configure-request packet to the peer without receiving an acknowledgment.
1 to 5 seconds
1 to 15 attempts
Enabled
3
10
19-10 Configuring and Managing Point-to-Point Protocol (PPP) Ports
Field
Max Terminate
Displaying PPP Characteristics
Description
The number of times that ATCP sends a terminate-request packet to the peer without receiving an acknowledgment.
Values
1 to 15 attempts
Max Failure The number of times that ATCP sends a negative acknowledgment for the peer’s proposed options before deciding to reject the options.
1.
This field has a fixed value in this software release.
1 to 15 attempts
Default
2
10
Configuring and Managing Point-to-Point Protocol (PPP) Ports 19-11
Displaying PPP Status
Displaying PPP Status
Introduction
This section describes how to display the PPP LCP and IPCP status.
Displaying LCP Status
Use the SHOW PORT n LCP STATUS command to display LCP characteristics. This command is nonprivileged. This command shows the actual state of the LCP implementation on the access server. Because of the nature of PPP negotiations, the display can differ from the configured characteristics shown on the SHOW PORT n
PPP LCP CHARACTERISTICS display.
The display fields fall into two categories:
•
General link status (LCP Status section)
•
Status of the LCP options (LCP Options section)
Example: LCP Status Display
The following example shows the LCP status display for port 5:
Local> SHOW PORT 5 PPP LCP STATUS
Port 5: Server: LAT_08002B26D0E7
LCP Status:
State: Initial
Negotiation Time: 0 00:00:00
Since Open: 0 00:00:00
Failure Reason: None
Authentication: Initial
LCP Options: Local: Remote:
MRU: 1500 1500
Character Map FFFFFFFF FFFFFFFF
Authentication: Disabled Disabled
Link Quality: Disabled Disabled
Magic Number: Disabled Disabled
PF Compress: Disabled Disabled
ACF Compress: Disabled Disabled
FCS Size: 16 Bit 16 Bit
Callback: Disabled Enabled
19-12 Configuring and Managing Point-to-Point Protocol (PPP) Ports
Displaying PPP Status
Fields in the LCP Status Display
The following table describes the fields in the LCP status display:
Field
State
Negotiation Time
Since Open
Failure Reason
MRU
Character Map
Authentication
Link Quality
Magic Number
PF Compress
ACF Compress
FCS Size
Callback
Description
The LCP state as defined in RFC 1331.
The number of seconds required by the PPP negotiation procedure the last time LCP renegotiated.
The number of seconds since LCP last attempted to negotiate the link.
Provides a brief reason if LCP cannot complete negotiations.
Maximum Receive Unit. Indicates the largest number of characters each peer would like to receive in a packet.
Specifies which characters require special encapsulation or
“byte stuffing.”
Indicates whether authentication is required. PAP is supported for this release.
The link quality is disabled in this release.
Local — Indicates if the access server has negotiated to respond to magic numbers from the peer. These numbers can be used to detect loopback. The local magic number is disabled in this release.
Remote — Indicates if the peer has negotiated to respond to magic numbers from the access server. The remote magic number is disabled in this release.
Indicates whether Protocol Field compression has been negotiated.
Indicates whether Address and Control Field compression has been negotiated.
Always 16-bit CRC.
Indicates that call-back has been negotiated.
Configuring and Managing Point-to-Point Protocol (PPP) Ports 19-13
Displaying PPP Status
Displaying IPCP Status
Use the SHOW PORT n PPP IPCP STATUS command to display IPCP status. This command shows the actual state of the IPCP implementation in the access server.
Because of the nature of PPP negotiations, this display can differ from the configured characteristics shown on the SHOW PORT n PPP IPCP CHARACTERISTICS display.
The display fields in fall into two categories:
•
General IP status over the link (IPCP Status section)
•
Status of each IPCP option (IPCP Options section)
Example: IPCP Status Display
The following example shows the IPCP status display for port 5:
Local> SHOW PORT 5 PPP IPCP STATUS
Port 5: Server: LAT_08002B26D0E7
IPCP Status:
State: Initial
Negotiation Time: 0 00:00:00
Since Open: 0 00:00:00
Failure Reason: None
IPCP Options: Local: Remote:
Negotiate Address: Disabled Disabled
IP Address: 0.0.0.0 0.0.0.0
Compress Header: Disabled Disabled
Compress States: 0 0
19-14 Configuring and Managing Point-to-Point Protocol (PPP) Ports
Displaying PPP Status
Fields in the IPCP Status Display
The following table explains the fields in the IPCP status display:
Field
State
Negotiation Time
Since Open
Failure Reason
Negotiate
Address
IP Address
Description
The IPCP state as defined in RFC 1331. The possible states are Initial, Starting, Closed, Stopped, Closing, Stopping,
Req Sent, Ack-Rcvd, Ack-Sent, Opened, and DHCP Req.
DHCP Req (which is not part of RFC 1331) indicates the negotiations are waiting for DHCP to assign an IP address.
The number of seconds required by the PPP negotiation procedure the last time IPCP negotiated.
The number of seconds since IPCP last attempted to negotiate IP over the link.
Provides a brief reason if IPCP cannot negotiate IP over the link.
Indicates if address negotiation should take place. This characteristic is disabled in this release.
Local — The IP address that the access server is using for itself on the link. This value is the address used with the access server’s own Ethernet.
Remote — The value that the access server is using to identify the peer on the link.
Indicates whether compression is turned on. Compress
Header
Compress States Indicates the maximum number of TCP/IP connections that can be compressed at any time.
Configuring and Managing Point-to-Point Protocol (PPP) Ports 19-15
Displaying PPP Status
Displaying ATCP Status
Use the SHOW PORT n PPP ATCP STATUS command to display ATCP status. The
This command shows the actual state of the ATCP implementation in the access server. Because of the nature of PPP negotiations, this display can differ from the configured characteristics shown on the SHOW PORT n PPP ATCP
CHARACTERISTICS display.
The display fields in fall into two categories:
•
General ATCP status over the link (ATCP Status section)
•
Status of each ATCP option (ATCP Options section)
Example: ATCP Status Display
The following example shows the ATCP status display on port 5:
Local> SHOW PORT 5 PPP ATCP STATUS
Port 5: Server: LAT_08002B26AA94
ATCP Status:
State: Opened
Negotiation Time: 0 00:00:10
Since Open: 0 00:08:10
Failure Reason: None
ATCP Options: Local: Remote:
Appletalk Address: 401.20 401.12
Routing Protocol: RTMP RTMP
Suppress B_Cast: Disabled Disabled
Compression: Disabled Disabled
Connect Time: Disabled Disabled
Server Info: Disabled Disabled
Default Router: 401.249 0.0
Zone Info: LKG Littleton MA
19-16 Configuring and Managing Point-to-Point Protocol (PPP) Ports
Displaying PPP Status
Fields in the ATCP Status Display
The following table explains the fields in the ATCP status display:
Field
State
Negotiation Time
Since Open
Failure Reason
ATCP Options:
AppleTalk Address
Routing Protocol
Suppress B_Cast
Compression
Connect Time
Server Info
Default Router
Zone Info
Description
The ATCP state as defined in RFC 1331. The possible states are Initial, Starting, Closed, Stopped, Closing,
Stopping, Req Sent, Ack-Rcvd, Ack-Sent, and Opened.
The number of seconds required by the PPP negotiation procedure the last time ATCP negotiated.
The number of seconds since ATCP last attempted to negotiate IP over the link.
Provides a brief reason if ATCP cannot negotiate IP over the link.
Local — Refers to the access server.
Remote — Refers to the attached PPP hosts.
The access server Appletalk address and the AppleTalk address that the access server has acquired and assigned to the attached host.
The type of routing protocol information that may be sent across the link.
Indicates whether broadcasts are suppressed.
Indicates whether compression is being used on
AppleTalk packets.
Indicates whether connect time information is passed.
Indicates whether server information is passed.
The current AppleTalk router that the access server and client are using.
The zone in which the access server and client reside.
Configuring and Managing Point-to-Point Protocol (PPP) Ports 19-17
Displaying PPP Counters
Displaying PPP Counters
Introduction
The section describes PPP counters.
Displaying LCP Counters
Use the SHOW PORT n LCP COUNTERS command to display LCP counters for a port. The display shows all the counters relevant to LCP protocol operation. Most of this information is useful as a diagnostic aid. The CONNECT or DISCONNECT command zeroes each of the counters.
Example: Commands to Display LCP Counters
The following example shows the command to display LCP counters for port 5:
Local> SHOW PORT 5 LCP COUNTERS
Port 5: Server: LAT_08002B26D0E7
LCP Counters:
Negotiation Successes: 0
Negotiation Failures: 0
Configures in: 0 Configures out: 0
Acks in: 0 Acks out: 0
Naks in: 0 Naks out: 0
Rejects in: 0 Rejects out: 0
Terminates in: 0 Terminates out: 0
Term Acks in: 0 Term Acks out: 0
Code Rejects in: 0 Code Rejects out: 0
Echo Reqs in: 0 Echo Reqs out: 0
Echo Resps in: 0 Echo Resps out: 0
Prot Rejects in: 0 Prot Rejects out: 0
Discards in: 0 Discards out: 0
19-18 Configuring and Managing Point-to-Point Protocol (PPP) Ports
Displaying PPP Counters
Fields in the LCP Counters Display
The following table describes the fields in the LCP counters display:
Field
Negotiation
Successes
Negotiation
Failures
Configures in
Configures out
Acks in
Acks out
Naks in
Naks out
Rejects in
Reject outs
Terminates in
Terminates out
Term Acks in
Term Acks out
Code Rejects in
Description
The number of times that LCP successfully entered a round of negotiations since the link was brought up. Ordinarily, this counter is 1. However, you can reconfigure LCP and then cause LCP to renegotiate This changes the performance characteristics for the link.
The number of times that LCP tried to negotiate the link, but failed.
The number of LCP configure-requests received from the peer.
The number of LCP configure-requests sent to the peer from the access server.
The number of LCP configure-acks received from the peer.
The number of LCP configure-acks sent to the peer from the access server.
The number of LCP configure-naks received from the peer.
The number of LCP configure-naks sent to the peer from the access server. This counter should always be zero in this release.
The number of LCP configure-rejects received from the peer.
The number of LCP configure-rejects sent to the peer from the access server.
The number of LCP terminate-requests received from the peer.
The number of LCP terminate-requests sent to the peer from the access server.
The number of LCP terminate-acks received from the peer.
The number of LCP terminate-acks sent to the peer from the access server.
The number of LCP code-rejects received from the peer.
Configuring and Managing Point-to-Point Protocol (PPP) Ports 19-19
Displaying PPP Counters
Field
Code Rejects out
Echo Reqs in
Echo Reqs out
Echo Resps in
Echo Resps out
Prot Rejects in
Prot Rejects out
Discards in
Discards out
Description
The number of LCP code-rejects sent to the peer from the access server.
The number of LCP echo-requests received from the peer.
The number of LCP echo-requests sent to the peer from the access server. This number should always be zero in this version.
The number of LCP echo-replies received from the peer.
The number of LCP echo-replies sent to the peer from the access server.
The number of LCP protocol-rejects received from the peer.
The number of LCP protocol-rejects sent to the peer from the access server.
The number of LCP discard packets received from the peer.
A discard packet is the PPP equivalent of a “no op” instruction.
The number of LCP discard packets sent to the peer from the access server. This number should always be zero in this version.
Displaying IPCP Counters
Use the SHOW PORT n IPCP command to display the IPCP counters for a port. This command requires no privileges. The display shows all the counters relevant to IPCP protocol operation. Most of this information is useful as a diagnostic aid. The
CONNECT or DISCONNECT command zeroes each of these counters.
19-20 Configuring and Managing Point-to-Point Protocol (PPP) Ports
Displaying PPP Counters
Example: Command to Display the IPCP Counters
The following example shows how to display the IPCP counters for port 5:
Local> SHOW PORT 5 IPCP COUNTERS
Port 5: Server: LAT_08002B26D0E7
IPCP Counters:
Negotiation Successes: 0
Negotiation Failures: 0
Configures in: 0 Configures out: 0
Acks in: 0 Acks out: 0
Naks in: 0 Naks out: 0
Rejects in: 0 Rejects out: 0
Terminates in: 0 Terminates out: 0
Term Acks in: 0 Term Acks out: 0
Fields in the IPCP Counters Display
The following table describes the fields in the IPCP counters display:
Field
Negotiation Successes
Negotiation Failures
Configures in
Configures out
Acks in
Acks out
Description
The number of times that IPCP has successfully entered a round of negotiations to bring up IP since the link was brought up.
Ordinarily the value of this counter is 1.
However, you can reconfigure IPCP and then cause IPCP to renegotiate. This changes the performance characteristics for the link.
The number of times that IPCP tried to negotiate the link, but failed.
This is the number of IPCP configurerequests received from the peer.
The number of IPCP configure-requests sent to the peer from the access server.
The number of IPCP configure-acks received from the peer.
The number of IPCP configure-acks sent to the peer from the access server.
Configuring and Managing Point-to-Point Protocol (PPP) Ports 19-21
Displaying PPP Counters
Field
Naks in
Naks out
Rejects in
Reject outs
Terminates in
Terminates out
Term Acks in
Term Acks out
Description
The number of IPCP configure-naks received from the peer.
The number of IPCP configure-naks sent to the peer from the access server. This counter should always be zero in this release.
The number of IPCP configure-rejects received from the peer.
The number of IPCP configure-rejects sent to the peer from the access server.
The number of IPCP terminate-requests received from the peer.
The number of IPCP terminate-requests sent to the peer from the access server.
The number of IPCP terminate-acks received from the peer.
The number of IPCP terminate-acks sent to the peer from the access server.
Displaying ATCP Counters
Use the SHOW PORT n ATCP Counters command to display ATCP counters for a port. This command requires no privileges. The counters display shows all the counters relevant to ATCP protocol operation. Most of this information is useful as a diagnostic aid. The CONNECT or DISCONNECT command zeroes each of these counters.
19-22 Configuring and Managing Point-to-Point Protocol (PPP) Ports
Displaying PPP Counters
Example: Command to Display the ATCP Counters
The following example shows how to display the ATCP counters:
Local> SHOW PORT 5 ATCP COUNTERS
Port 5: Server: LAT_08002B26AA94
ATCP Counters:
Negotiation Successes:
Negotiation Failures:
Configures in: 8
Acks in: 6
Naks in:
Rejects in:
Terminates in:
Term Acks in:
0
0
0
6
0
0
Configures out:
Acks out:
Naks out:
Rejects out:
Terminates out:
Term Acks out:
Fields in the ATCP Counters Display
The following table describes the fields in the ATCP counters display:
12
6
1
1
0
0
Field
Negotiation
Successes
Negotiation
Failures
Configures in
Configures out
Acks in
Acks out
Description
The number of times that ATCP has successfully entered a round of negotiations to bring up AppleTalk since the link was brought up. Ordinarily the value of this counter is 1.
However, you can reconfigure ATCP and then cause
ATCP to renegotiate. This changes the performance characteristics for the link.
The number of times that ATCP tried to negotiate the link, but failed.
This is the number of ATCP configure-requests received from the peer.
The number of ATCP configure-requests sent to the peer from the access server.
The number of ATCP configure-acks received from the peer.
The number of ATCP configure-acks sent to the peer from the access server.
Configuring and Managing Point-to-Point Protocol (PPP) Ports 19-23
Displaying PPP Counters
Field
Naks in
Naks out
Rejects in
Reject outs
Terminates in
Terminates out
Term Acks in
Term Acks out
Description
The number of ATCP configure-naks received from the peer.
The number of ATCP configure-naks sent to the peer from the access server. This counter should always be zero in this release.
The number of ATCP configure-rejects received from the peer.
The number of ATCP configure-rejects sent to the peer from the access server.
The number of ATCP terminate-requests received from the peer.
The number of ATCP terminate-requests sent to the peer from the access server.
The number of ATCP terminate-acks received from the peer.
The number of ATCP terminate-acks sent to the peer from the access server.
19-24 Configuring and Managing Point-to-Point Protocol (PPP) Ports
Chapter 20
Managing IPX
Overview
Introduction
This chapter describes how to configure and manage IPX on an access server.
In This Chapter
This chapter contains the following topics:
•
IPX Description
•
Getting Started
•
Hardware and Software Requirements
•
Setting Up Your PC
•
Setting Up the Network Access Server
•
Summary of DECserver IPX Management Commands
•
Modem Considerations
•
Novell Client/Server Operation
•
Operational Checkout and Diagnosis
•
Disabling IPX
•
Frame Types
•
Displaying IPX Characteristics
•
Displaying IPX Status
•
Displaying IPX Counters
•
Displaying IPX Routes
•
Resetting Counters
Managing IPX 20-1
IPX Description
IPX Description
Introduction
The purpose of IPX is to allow Novell NetWare clients to dial in to (or directly attach to) the network access server via asynchronous lines. Each remotely connected Novell client looks and acts as if it was directly connected to the LAN.
The network access software provides PPP/IPXCP as the underlying data link on the asynchronous lines. This allows multiprotocol support (IP/IPX/AppleTalk) over the same asynchronous lines simultaneously.
Access Server Configuration
The access server can be set up to provide access for remote PC users to dial in over standard telephone lines to establish an IPX connection to a Novell network. The remote PC can access network resources such as file servers, printers, and electronic mail. Once connected, the PC becomes a remote node on the network. The access server facilitates IPX client-server communications between PC and NetWare file servers over the standard telephone line.
The remote node service provides the same functions and features to remote PCs as locally connected LAN users. The main difference between the remote node connection and a local connection using Ethernet is the data transfer speed. However, dial-in connections that use high-speed modems provide excellent performance.
The PC gains access to the IPX network through the access server by using any thirdparty remote node access software that supports the point-to-point protocol (PPP) for
IPX. The remote access software must also facilitate the use of Novell NetWare workstation software, which is used to communicate with the Novell network over the dial-up connection.
By default, the access server will simultaneously communicate with all four frame types on the LAN: Ethernet II, 802.2 SAP, 802.2 SNAP, and Novell 802.3. When IPX is enabled on the access server, the network addresses for all four types will automatically be learned.
20-2 Managing IPX
IPX Description
Login Procedures
One or more serial ports of the access server can be configured for Novell dial-up access. Depending on your requirements, different login procedures for IPX can be configured including:
•
The remote PC user can choose to activate a connection to the Novell network after login to the access server local user interface. This allows the user to take advantage of other non-IPX services from the access server before connecting to the Novell network.
•
The remote PC user can automatically connect to the Novell network after login.
•
Login and/or PPP password authentication is configurable. For PPP password, the
PC client software must support PPP/PAP authentication.
Managing IPX 20-3
Getting Started
Getting Started
Checklist
The following is a checklist for using this chapter to perform the basic steps to perform remote node access to a Novell network through a network access server:
2
3
Step
1
4
Action
Determine your hardware/software requirements (Hardware and
Software Requirements).
Configure your PC (Setting Up the Network Access Server).
Configure your network access server (Setting Up the Network Access
Server).
Check your configuration (Operational Checkout and Diagnosis).
20-4 Managing IPX
Hardware and Software Requirements
Hardware and Software Requirements
Introduction
This section describes the hardware and software necessary to run IPX.
There must be at least one NetWare fileserver version 3.xx or greater on the network.
If a fileserver is not directly attached to the same LAN as the network access server, there must be a NetWare router on the LAN.
Software Requirements
The following software is required to run IPX:
•
Network Access Software version 1.4 or greater.
•
Remote node access software for the PC, which must support NetWare IPX using
Point-to-Point Protocol (PPP). (Can be acquired from a third-party network software communications vendor.)
•
Novell NetWare workstation software for the PC. (Can be acquired from your
Novell NetWare or third-party remote node access software kit.)
•
Novell NetWare utilities on the PC. (Can be acquired from your Novell NetWare or third-party remote node access software kit.)
Hardware Requirements
The following hardware is required to run IPX:
•
PC with a high-performance Universal Asynchronous Receiver/Transmitter
(UART) on the COM port. Either standard 16450 or 16550 UART or equivalent may be used.
•
Dial-out modem for PC; dial-in modem for network access server. Minimum 9600 baud recommended. Highest speed modem available preferred.
References
For a comprehensive list of the server hardware platforms necessary to run IPX, refer to the DECserver Network Access Software Release Notes.
Refer to Appendix A for the cable and adapter requirements.
Managing IPX 20-5
Setting Up Your PC
Setting Up Your PC
PC Remote Access Software
Ensure you know whether the network access server port you are dialing in to requires you to enter a login password or logs directly in to the local user interface. If this is the case, you will need to use terminal emulation to communicate with the access server following modem connection.
Ensure you know whether the network access server port requires a PPP/PAP password. If so, you will have to configure the password on your remote node access software.
Reference
Refer to the documentation included with your PC remote node access software for installation and setup procedures.
Novell Workstation Software
Novell NetWare workstation software (or equivalent) must be installed on your PC.
This makes it possible to establish and maintain IPX network connections.
Reference
Refer to your Novell Installation Guide for Workstations and the documentation included with your PC remote node access software for more information.
Novell Utilities for Local Execution
After a remote node access connection is made to a Novell fileserver, ensure that the
Novell utilities you need are stored locally on your PC. This is because activating large executables from a network disk can result in long load times due to the relatively slower speed of the serial line. See the Novell Operation section in this chapter for more information.
20-6 Managing IPX
Setting Up the Network Access Server
Setting Up the Network Access Server
Enabling IPX
By default, IPX is not enabled on the access server. A privileged user must enable IPX with the following commands:
Local> CHANGE IPX INTERNAL ipx-net
Local> CHANGE IPX ENABLED
Note
The ipx-net value must be a unique Novell network number on the network.
Configuring the Port for an Attached Device
To configure a port for PCs dialing in through a modem or directly connected to the network access server, use the following commands:
Local> CHANGE PORT n ACCESS DYNAMIC
Local> CHANGE PORT n ALTERNATE SPEED NONE
Local> CHANGE PORT n INACTIVITY LOGOUT ENABLED
Local> CHANGE PORT n FLOW CONTROL CTS
Local> DEFINE PORT n SIGNAL CONTROL ENABLED DSRLOGOUT ENABLED
Local> DEFINE PORT n SIGNAL SELECT CTS
Local> LOGOUT PORT n
Considerations
When configuring IPX, consider the following:
•
ALTERNATE SPEED is not applicable to the DECserver 90M and DECserver
90TL hardware (Ignore warning messages).
•
FLOW CONTROL should match the flow control configured for the attached device. For DECserver 700 (8 or 16 port) and DECserver 900TM (32 port), flow control can be configured either CTS/RTS or XON/XOFF. CTS is recommended.
For the DECserver 90M and DECserver 90TL, only XON/XOFF is supported. If the attached device does not support XON flow control, configure flow control
DISABLE. This means flow control is not used. Although operation is possible without flow control, poor performance or unexpected behavior with your Novell connection can result.
•
SIGNAL SELECT should match signals used by the attached device (for example, a modem) and is applicable for the DECserver 700 (16 port) and
DECserver 900TM hardware. SIGNAL SELECT is not applicable for DECserver
90M, DECserver 90TL, and DECserver 700 (8 port) hardware. SIGNAL SELECT
Managing IPX 20-7
Setting Up the Network Access Server can be configured either CTS (CTS-DSR-RTS-DTR) or RI (RI-DCD-DSRS-
DTR). Based on configuration, correct adapter must be chosen (see Appendix A).
Current high-speed modems (>9600 baud) typically use CTS.
Configuring the Port for the Login Method
You can configure a port to log in to a local user interface prompt or to be exclusively dedicated to PPP. To configure a port for login to a local user interface prompt, refer to the Configuring the Port for Login to the Local Prompt section in this chapter. To configure a port to be exclusively dedicated to PPP, refer to the Configuring the Port
Dedicated to PPP section in this chapter.
Configuring the Port for Login to the Local Prompt
Following modem connection, the PC user will log in to the local interface with or without password authentication. Then, the user will have the option to activate PPP using user interface commands.
Activating PPP
To configure the port with login password authentication required, use the following commands:
Local> CHANGE SERVER LOGIN PASSWORD xxxxxx
Local> CHANGE PORT n PASSWORD ENABLE
Local> CHANGE PORT n AUTOBAUD ENABLE SPEED 9600
Local> CHANGE PORT n DEDICATED NONE
Configuring the Port With No Login Password Authentication Required
To configure the port with no login password authentication required, use the following commands:
Local> CHANGE PORT n PASSWORD DISABLE
Local> CHANGE PORT n AUTOBAUD ENABLE SPEED 9600
Local> CHANGE PORT n DEDICATED NONE
Note
Both login password authentication and PPP/PAP password authentication use the same password. One or both can be enabled at the same time.
20-8 Managing IPX
Setting Up the Network Access Server
Configuring the Port Dedicated to PPP
Following modem connection, the PC user will log in with or without password authentication. Then, PPP will automatically be activated to pass IPX network packets.
Configuring the Port With Login Password Authentication Required
To configure a port with login password authentication required, use the following commands:
Local> CHANGE SERVER LOGIN PASSWORD xxxxxx
Local> CHANGE PORT n PASSWORD ENABLE
Local> CHANGE PORT n AUTOBAUD ENABLE SPEED 9600
Local> CHANGE PORT n DEDICATED PPP
Local> CHANGE PORT n DEFAULT PROTOCOL PPP
Configuring the Port With No Login Password Authentication Required
To configure a port with no login password authentication required, use the following commands:
Local> CHANGE PORT n PASSWORD DISABLE
Local> CHANGE PORT n AUTOBAUD DISABLE SPEED speed
Local> CHANGE PORT n DEDICATED PPP
Local> CHANGE PORT n DEFAULT PROTOCOL PPP
Note
With AUTOBAUD DISABLEd, serial port speed must be explicitly configured for both the modem and the DECserver port.
Configuring the Port for PPP/IPXCP Data Link
To configure a port for PPP/IXPCP data link, use the following commands:
Local> CHANGE PORT n LCP MAP A0000
Local> CHANGE PORT n LCP PASSIVE DISABLE
Local> CHANGE PORT n LCP ENABLE
Local> CHANGE PORT n IPXCP ENABLE
Local> CHANGE PORT n PPP ENABLE
Enabling PPP/PAP Password Authentication
To enable the optional PPP/PAP password authentication, use the following commands:
Local> CHANGE SERVER LOGIN PASSWORD xxxxxx
Local> CHANGE PORT n LCP AUTHENTICATION PAP
Managing IPX 20-9
Setting Up the Network Access Server
Disabling PPP/PAP Password Authentication
To disable the optional PPP/PAP password authentication, use the following command:
Local> CHANGE PORT n LCP AUTHENTICATION DISABLE
Passwords
Both login password authentication and PPP/PAP password authentication use the same password. One or both can be enabled at the same time. For PAP, verification of the password is case sensitive. If PAP is enabled, the password must also be supported and configured using your remote node access software on the PC.
20-10 Managing IPX
Summary of DECserver IPX Management Commands
Summary of DECserver IPX Management Commands
The following are the network access server commands you can use to manage IPX.
Port PPP IPX Commands for LCP
The following table explains the PORT PPP IPX commands for LCP.
SHOW/LIST/MONITOR
PORT n LCP
CHARACTERISTICS
Description
Display the current values for the LCP characteristics.
Description SHOW/MONITOR PORT n
LCP
COUNTERS
STATUS
Display the current values of the IPXCP counters.
Display the current values of the IPXCP counters and characteristics.
Description CHANGE/SET/DEFINE
PORT n LCP
ACFC
AUTHENTICATION
ENABLE
DISABLE
MAP
MAXFAILURE
MAXTERMINATE
MRU
PASSIVE
Address and Control Field Compression for
PPP datagram.
Password authentication is enabled.
Enable LCP.
Disable LCP.
Specifies characters that may not be sent in the clear.
Number of times LCP sends NAK before rejecting option.
Number of times LCP sends terminate request without ACK.
Maximum receive units.
When enabled, LCP must be initiated by attached device.
Managing IPX 20-11
Summary of DECserver IPX Management Commands
PFC Protocol Field Compression for PPP datagram.
Restart a suspended session.
RESTART
Port PPP IPX Commands for IPXCP
The following table explains the PORT PPP IPX commands for IPXCP:
SHOW/LIST/MONITOR
Port n IPXCP
CHARACTERISTICS
Description
Display the current values for the IPXCP characteristics.
Description SHOW/MONITOR PORT n
IPXCP
STATUS Display the values of the IPXCP counters and characteristics.
Display the values of the IPXCP counters.
Description
COUNTERS
CHANGE/SET/DEFINE
PORT n IPXCP
ENABLE
DISABLE
MAXCONFIGURE
MAXFAILURE
MAXTERMINATE
RESTART
Enable IPXCP.
Disable IPXCP.
Number of times IPXCP sends configure request without ACK.
Number of times IPXCP sends NAK before rejecting option.
Number of times IPXCP sends terminate request without ACK.
Restart a suspended session.
Port PPP Commands for PPP Negotiation Status
The following table defines the PORT PPP commands for PPP negotiation status:
Description SHOW/MONITOR PORT n
PPP
COUNTERS Display the values of the IPXCP counters.
20-12 Managing IPX
Summary of DECserver IPX Management Commands
SHOW/MONITOR PORT n
PPP
STATUS
Description
Display the values of the PPP counters and characteristics.
Server IPX Commands
The following table defines the server IPX commands:
SHOW/LIST/MONITOR IPX
CHARACTERISTICS
SHOW/MONITOR IPX
COUNTERS
RIP
ROUTES
STATUS
CLEAR IPX
RIP
SAP
ZERO
IPX COUNTERS
PORT n PPP COUNTERS
CHANGE/SET/DEFINE IPX
ENABLE
DISABLE
CHANGE/SET/DEFINE IPX
FRAME
ETHERNET
RAW802
Description
Display the current values for the characteristics.
Description
Display the values of the IPXCP counters.
Display the RIP entries known to the server.
Display the routes known by the server.
Display the counters, RIP entries, and routes.
Description
Clear all unique networks from the RIP database.
Clear all the SAP service entries known to the server.
Description
Zero all IPX counters.
Zero all PPP counters associated with port n.
Description
Enable IPX.
Disable IPX.
Description
Standard Ethernet V2.
Novell standard 802.3 RAW.
Managing IPX 20-13
Summary of DECserver IPX Management Commands
SAP802
SNAP802
CHANGE/SET/DEFINE IPX
FRAME frametype
NETWORK ipx-net
LEARN
DISABLED
CHANGE/SET/DEFINE IPX
INTERNAL NETWORK
ipx-net
NONE
IEEE 802.2 standard.
IEEE 802.2 with SNAP SAP format.
Description
Specify explicit internal network number.
Learn internal network number from LAN.
Internal network disabled.
Description
Specify ipx-net as the internal network number.
There is no IPX address for the internal network.
20-14 Managing IPX
Modem Considerations
Modem Considerations
Dial-In Modems
Keep the following in mind when using dial-in modems attached to the network access server:
•
Flow control for the dial-in modem and the access server port must match. CTS is recommended for DECserver 700 and DECserver 900TM. XON/XOFF is recommended for DECserver 90M and DECserver 90TL.
•
Serial speed for the modem can be configured as high as 115,200 bits/s for the
DECserver 700 and DECserver 900TM and as high as 57,600 bits/s for the
DECserver 90M and DECserver 90TL. The access server port will autobaud up to this speed when the port is configured for autobaud.
•
When autobaud is enabled, in most cases, typing a carriage return once per second is sufficient to autobaud into the access server when the modem dial-in connection is complete. In some cases (AppleTalk, for example), it may be necessary to type a series of three carriage returns at a faster rate for a successful autobaud.
•
Modem DSR must be configured to cycle on modem hang-up. The access server port is configured to log out the port when DSR cycles, making sure that the
Novell network connection goes away when the PC user is finished.
•
Use the fastest modem available. Error-correcting modems that are currently available provide up to 28,800 bits/s carrier speeds and serial port speeds to
115,200 bits/s. The access server serial ports will autobaud up to 115,200 bits/s.
Dial-Out PC Modems
Keep the following in mind when using dial-out modems attached to the PC:
•
The PC should have a high-performance UART chip capable of high speeds
(16450 or 16550). The serial port baud rate of the modem is dependent on the
UART and the type of modem used.
•
Normally, set the serial port baud rate of the modem to two to four times the speed of your modem. The 8250 and 16450 UART chips can be more susceptible to lower performance due to errors when run at higher speeds.
Managing IPX 20-15
Modem Considerations
Recommended Serial Port Baud Rate
The following table lists guidelines for setting the serial port baud rate:
UART Type
8250
16450
16450-A
16550
Maximum Modem
Speed
9600
9600 to 14400
9600 to 14400
Up to 28800
Maximum Recommended
Serial Port Baud Rate
Up to 9600
9600 to 19200
9600 to 19200
Up to 115200
20-16 Managing IPX
Novell Client/Server Operation
Novell Client/Server Operation
Establishing Remote Node Access Connection to Novell Network
Vendors of PC remote node access software for Novell may have different procedures for dialing in and establishing a remote access connection to a Novell LAN through the access server. However, the following are generally the expected steps:
Step
1
2
3
4
Action
Dial in to the network access server. Activate your remote node access software on your PC so that a phone call is made to the access server.
Log in to the DECserver. If the dial-in access server port requires login password authentication, type carriage returns until you see the # prompt, then type your password followed by another carriage return.
Activate the PPP connection. If the access server port is configured for dedicated PPP connection, your PC remote node access software will offer an indication that PPP has been negotiated with the access server dial-in port. If the access server port is configured for login to the access server local user interface, type several carriage returns and enter a user name to get the local prompt and type CONNECT PPP at the prompt. The PC remote node access software indicates that PPP has been negotiated.
Activate Novell workstation software. Refer to the documentation included with your PC remote node access software for instructions on loading and activating the Novell workstation software to establish a connection to a Novell fileserver.
Novell Operation
Refer to the documentation included with your PC remote node access software for a discussion of considerations associated with Novell operation from a remote dial-in node including:
•
Make sure to store and run Novell utilities locally. Large executables activated from a network disk can experience long load times due to the relatively slower speed of the serial line. If the desired executables are not local, copy them from the network disk after a Novell fileserver connection is established. They may also be available from your remote node access software kit.
Managing IPX 20-17
Novell Client/Server Operation
•
Use DOS batch files with all the commands necessary to load and activate the remote node access software and Novell software for establishing an IPX connection. Refer to the remote node access software installation guide for additional information.
•
Use local Novell login scripts to facilitate logging in to a Novell fileserver.
•
If Novell packet burst is used, specify a maximum of 3 for PB BUFFERS in
NET.CFG. Using PB BUFFERS > 3 may cause access server buffers to be depleted for PPP at the port causing poor performance. In some cases, it may be better to disable packet burst by defining PB BUFFERS=0 in NET.CFG. You can determine if packets are being dropped by the access server by using the SHOW
PORT n PPP COUNTERS command from a access server management port, where n is the port with the Novell connection.
20-18 Managing IPX
Operational Checkout and Diagnosis
Operational Checkout and Diagnosis
Verifying Configuration
To verify proper configuration, at a access server management port, type SHOW IPX at the local user interface prompt:
•
At least one LAN frame should have a corresponding network number.
•
IPX should be enabled and the internal network should be defined with a unique network number.
Reference
If you have problems with your dial-in connection, refer to the Network Access Server
Problem Solving book.
If your PC has a problem establishing a modem connection or negotiating PPP protocol to the access server, you can diagnose the problem from the access server side.
Managing IPX 20-19
Disabling IPX
Disabling IPX
Using the DEFINE Command
If you decide you no longer need IPX support, you can disable IPX by using the following privileged command:
Local> DEFINE IPX DISABLED
Reinitialize the access server to have this command take effect.
20-20 Managing IPX
Frame Types
Frame Types
Introduction
To support a broad base of network stations, the access server supports four different frame formats for encapsulating IPX packets on the LAN. The four frame types supported by the access server can be enabled simultaneously:
•
Ethernet
•
RAW802
•
SAP802
•
SNAP802
A LAN frame is enabled when a unique NetWare network number is associated with the frame. The network number can be automatically “learned” or explicitly configured. By default, all four frame types attempt to learn their network number by monitoring frames on the network.
Standard Ethernet
This packet format is the standard Ethernet V2 packet format (protocol type 8137).
RAW802
This mode uses IEEE 802.3 format frames without an IEEE 802.2 LLC header. This mode is often called “raw” 802.3.
SAP802
This mode encapsulates IPX frames using IEEE 802.2 LLC standard header formats.
The SSAP and DSAP for IPX is E0.
SNAP802
This mode uses the IEEE 802.2 LLC format with the SNAP SAP format. The SNAP protocol ID for IPX is 00-00-00-81-37.
Managing IPX 20-21
Displaying IPX Characteristics
Displaying IPX Characteristics
Using the SHOW command
Use the SHOW IPX CHARACTERISTICS command to display IPX characteristics, including IPX network and node numbers. The command is nonprivileged.
IPX Characteristics Display
The following example shows the command to display IPX characteristics on an access server:
Local> SHOW IPX CHARACTERISTICS
IPX Characteristics:
IPX: Enabled
LAN Node Address: 08002B24F2DD Internal Network: 2B24F2DD
LAN Frame: ETHERNET LAN Network: Learn
LAN Frame: RAW802 LAN Network: Disabled
LAN Frame: SAP802 LAN Network: Disabled
LAN Frame: SNAP802 LAN Network: Disabled
IPX Characteristics Display Fields
The following table describes the fields in the IPX characteristics display:
Field
IPX
LAN Node Address
Description
Enabled or Disabled. The default is Disabled.
Maximum of 12 hexadecimal numbers (no leading zeroes) representing the Ethernet interface’s hardware address.
20-22 Managing IPX
Field
Internal Network
LAN Frame
LAN Network
Displaying IPX Characteristics
Description
None or up to 8 hexadecimal numbers (no leading zeroes,
1 to FFFFFFFE). This entry configures the IPX internal network number for the access server. It is used by the serial ports for configuring a common network number for all PC client dial-ins when PPP/IPXCP is negotiated.
This occurs when the PC client requests the access server to configure the network through PPP. A higher network number offered by the PC client takes precedence over the internal network number. This number must also be unique. It is recommended that the internal network number be used to limit the number of unique networks in the IPX Routing Information Protocol (RIP) database of fileserver and routers.
LAN frame types: ETHERNET, RAW802, SAP802, or
SNAP802.
Learn, Disable, or up to 8 hexadecimal numbers (no leading zeroes, 1 to FFFFFFFE). “Learn” means that the access server will monitor the LAN to determine the network number of the corresponding frame.
Managing IPX 20-23
Displaying IPX Status
Displaying IPX Status
Using the SHOW IPX Command
Use the SHOW IPX command to display IPX status. The command is nonprivileged.
IPX Status Display
The following example shows the command to display IPX status on an access server:
Local> SHOW IPX STATUS
IPX Status:
Route entries: 6
RIP entries: 6
SAP entries: 5
LAN Frame: ETHERNET LAN Network: AAA1
LAN Frame: RAW802 LAN Network: Learning
LAN Frame: SAP802 LAN Network: BBB1
LAN Frame: SNAP802 LAN Network: Disabled
Fields in the IPX Status Display
The following table describes the fields in the IPX Status display:
Field
IPX Status
RIP entries
SAP entries
Route entries
LAN Frame
LAN Network
Description
Enabled or Disabled.
Number of current RIP networks known by the server.
Number of current SAP services known by the server.
Number of current routing table entries.
The frame type: Ethernet, RAW802, SAP802, or SNAP802.
Learning — The network number for the corresponding LAN frame has been configured to “learn.” The access server is currently attempting to learn the network number.
XXXXXXXX — Either the network number for the corresponding LAN frame has been configured to “learn” and the network number has been automatically learned, or an explicit network number has been configured. The number is up to 8 hexadecimal digits (no leading zeroes).
Disabled — The network number for the corresponding LAN frame has been configured as “disabled.”
20-24 Managing IPX
Displaying IPX Counters
Displaying IPX Counters
Use the SHOW IPX COUNTERS command
Use the SHOW IPX COUNTERS command to display the IPX counters. The command is nonprivileged.
IPX Counters Display
The following example shows the command to display IPX counters on an access server:
Local> SHOW IPX COUNTERS
IPX Counters Seconds Since Zeroed: 18207
IPX
Total Packets Transmitted: 0 Unknown Sockets: 0
Total Packets Received: 0 Receive Discards: 0
Local Transmits: 0 Transmit Discards: 0
Local Receives: 0 Hop Count Errors: 0
FORWARD CACHE
Packets Received: 0 Packets Transmitted: 0
Receive Discards: 0 Transmit Discards: 0
Overruns: 0 Timeouts: 0
RIP
Requests Transmitted: 0 Responses Transmitted: 0
Requests Received: 0 Responses Received: 0
Requests Discarded: 0 Responses Discarded: 0
Request Resource Errors: 0 Response Resource Errors: 0
SAP
Requests Transmitted: 0 Responses Transmitted: 0
Requests Received: 0 Responses Received: 0
Requests Discarded: 0 Responses Discarded: 0
Request Resource Errors: 0 Response Resource Errors: 0
IPX Counters Display Fields
The following table describes the fields in the IPX Counters display:
Field
Seconds Since Zeroed
IPX Total Packets Transmitted
Description
Time, in seconds, since the counters were last zeroed.
Total number of data packets transmitted.
Managing IPX 20-25
Displaying IPX Counters
Field
IPX Total Packets Received
IPX Local Transmits
IPX Local Receives
IPX Unknown Sockets
IPX Receive Discards
IPX Transmit Discards
IPX Hop Count Errors
FORWARD CACHE Packets
Received
FORWARD CACHE Receive
Discards
FORWARD CACHE Overruns
FORWARD CACHE Packets
Transmitted
FORWARD CACHE Transmit
Discards
FORWARD CACHE Timeouts
RIP/SAP Requests Transmitted
Description
Total number of data packets received.
Number of data packets transmitted, originating from the access server.
Number of data packets received that were destined for the access server.
Number of data packets with unknown socket addresses.
Number of data packets that were received and discarded.
Number of data packets discarded that were ready for transmission.
The number of input datagrams dropped because the access server was not their final destination and their hop count would exceed
15 if forwarded.
If there is no existing route to a destination network, the packet is cached and a routing information request is sent out for the network. This field shows how many such data packets have been received.
The field shows how many discarded data packets were received for the cache.
This field shows how many cached data packets were discarded.
This field shows how many packets were transmitted from forward cache after the route was learned.
This field shows how many packets were discarded that were ready for transmission from the cache.
This field shows how many packets were discarded because the route was not learned.
Number of RIP/SAP request packets transmitted.
20-26 Managing IPX
Displaying IPX Counters
Field
RIP/SAP Requests Received
RIP/SAP Requests Discarded
RIP/SAP Request Resource
Errors
RIP/SAP Responses
Transmitted
RIP/SAP Responses Received
RIP/SAP Responses Discarded
RIP/SAP Response Resource
Errors
Description
Number of RIP/SAP request packets received.
Number of RIP/SAP request packets discarded.
Number of RIP/SAP request packet resource errors.
Number of RIP/SAP response packets transmitted.
Number of RIP/SAP response packets received.
Number of RIP/SAP response packets discarded.
Number of RIP/SAP response packet resource errors.
Managing IPX 20-27
Displaying IPX Routes
Displaying IPX Routes
Using the SHOW IPX ROUTES Command
Use the SHOW IPX ROUTES command to display IPX Routes. This command is nonprivileged.
IPX Routes Display
The following example shows the command to display IPX routes:
Local> SHOW IPX ROUTES
IPX Routes
Destination Next Hop Interface Ticks Hops
2B24F2DD.020000000001 2B24F2DD.08002B24F2DD ASYNC4 134 0
911.000000000000 21000001.00608C114E4A ETHER0 2 1
21000001.FFFFFFFFFFFF 21000001.08002B24F2DD ETHER0 1 0
EEE8022.FFFFFFFFFFFF EEE8022.08002B24F2DD SAP0 1 0
EEE8023.FFFFFFFFFFFF EEE8023.08002B24F2DD RAW0 1 0
1BEAD017.000000000000 1BEAD017.08002B24F2DD ASYNC3 134 0
Local>
IPX Routes Display Fields
The following table describes the fields in the IPX routes display:
Field
Destination
Next Hop
Interface
Ticks
Hops
Description
NetWare address of final destination.
NetWare address of next hop in the transmission.
Interface type for next hop.
This field indicates how much time, in ticks, that the packet takes to reach the network number associated with this field entry. A tick is approximately 1/18 of a second.
This field indicates the number of routers that must be passed through to reach the network number associated with this field entry.
20-28 Managing IPX
Resetting Counters
Resetting Counters
Using the ZERO Command
Use the ZERO command to reset IPX counters.
ZERO Command Options
The following table contains the options that you can use on the command line to reset specific counters or sets of counters:
Option
ALL
IPX
PORT port-list PPP
Description
Zeroes server IPX counters
Zeroes server IPX counters
Zeroes PPP port counters for the specified port including LCP and IPXCP counters
Managing IPX 20-29
Chapter 21
Managing Dial Services
Overview
Introduction
Configuring dial services is similar in concept to configuring a LAT service or Telnet listener. You define a service with a specified configuration that dictates how the user can operate the dialer.
Before you begin any dialer management, be sure to:
•
Install the latest software image on the access server and all load hosts.
•
Read the release notes.
•
Know what devices and cables are connected at the various ports.
•
Enter the SET PRIVILEGED command for your port.
•
Check if the current values or default values are appropriate.
In This Chapter
This chapter contains the following topics:
•
Dial Services Command Groups
•
Checking the Current Server Settings
•
Defining a Dialer Script
•
Assigning the Dialer Script to a Port
•
Defining the Dialer Service
•
Configuring Interactive Dial Requests
•
Framed Dial Requests
Managing Dial Services 21-1
Dial Services Command Groups
Dial Services Command Groups
Command Groups
To configure and manage the dial services, use the SET/DEFINE/CHANGE DIALER and SHOW/LIST/MONITOR DIALER command groups.
Reference
For more detailed information about commands used in this chapter, refer to the
Network Access Server Command Reference.
Entering the SET PRIVILEGED command
Before changing any other parameter, make sure you have the authority to make such changes. The SET PRIVILEGED command allows you to make changes that require special access. At the password prompt, type the privileged password. (DNAS does not echo the password as you type it.)
Local> SET PRIVILEGED
Password> (hidden)
21-2 Managing Dial Services
Checking the Current Server Settings
Checking the Current Server Settings
Introduction
Before you configure dialer services, determine the current server configuration. Use the SHOW SERVER command to display the server configuration.
Server Configuration Display
The following example shows a typical access server configuration display:
Local> SHOW SERVER
Network Access SW Vx.x for DSxxx-xx BLxx-xx ROM Vx.x-x Uptime: 000:44:34
Address: 08-00-2B-26-AA-99 Name: WWDOCMC Number: 0
Identification:
Circuit Timer: 80 Password Limit: 3
Console Port: 1 Prompt: Local>
Inactivity Timer: 30 Queue Limit: 100
Keepalive Timer: 20 Retransmit Limit: 8
Multicast Timer: 30 Session Limit: 64
Node Limit: 200 Software WWENG2
Service Groups: 42, 46, 66
Enabled Characteristics:
Announcements, Broadcast, Dump, Lock, Server Responder
Local>
Managing Dial Services 21-3
Defining a Dialer Script
Defining a Dialer Script
Introduction
The first step in configuring a dial service is creating a dialer script. A dialer script tells the access server what text strings to use to control a modem on a specific port. These text strings are also known as “modem strings.”
Defining Dialer Script Strings
Use the SET, DEFINE, and CHANGE DIALER SCRIPT commands to define the modem strings that make up various modem commands in a dialer script. Each associated string can be up to 40 characters in length.
Characteristics that you set using the DEFINE command take effect after you initialize the access server. Characteristics that you set take effect immediately, but are replaced when the access server initializes. Characteristics that you set using the CHANGE command take effect immediately and when the access server initializes.
The size of the dialer script modem strings is restricted by the amount of remaining unallocated NVRAM for the modem pool (total of 256 bytes for 8 and 16 port servers, and 512 bytes for 32 port servers) and by the command line restrictions. The script name can be a maximum of 16 characters.
Dialer String Descriptions
The following table lists the dialer script strings you can define, their default values and usage:
String Type
COMMAND
INIT
PREFIX
CONNECTED
RESET
Default Value
"AT"
None
"DT"
"CONNECT"
"H0Z"
Usage
Appended to all other command strings.
Before initiating an outbound connection.
Before digits of phone number.
Verifies successful connection.
After session is disconnected.
21-4 Managing Dial Services
Defining a Dialer Script
Example: Set Dialer Script Name
The following example illustrates how to modify dialer script strings in a dialer script called “dickens” in order to set unique dialer characteristics:
Local > DEFINE DIALER SCRIPT dickens COMMAND "AT"
Local > SET DIALER SCRIPT dickens INIT NONE
Local > SET DIALER SCRIPT dickens RESET NONE
Local > CHANGE DIALER SCRIPT dickens PREFIX "DT"
Local > DEF DIALER SCRIPT dickens RESET NONE
Local > SET DIALER SCRIPT dickens TIMEOUT NONE
Managing Dial Services 21-5
Assigning the Dialer Script to a Port
Assigning the Dialer Script to a Port
Steps
After configuring the dialer strings in a dialer script, assign the script to a specific port.
Do the following:
Step
1
2
Action
Are you defining the dialer script to the port for the first time?
• If yes, go to step 2.
• If no, use the SHOW PORT n command to determine the current dialer script by showing the port (optional). If you assign a dialer script to a port that already has an assigned dialer script, the access server overwrites the first dialer script. When you change or set a dialer script, it is a good idea to check to see if one is in use.
Assign the new dialer script to the desired port using the DEFINE
PORT n DIALER SCRIPT command.
Determining the Current Dialer Script
Use the SHOW PORT n command to display information about specific ports and their current configuration. The SHOW PORT command helps you to determine how a port is configured before you begin making changes to that port.
21-6 Managing Dial Services
Assigning the Dialer Script to a Port
Example: The Show Port Command Display
The following example shows the resulting display for the SHOW PORT command.
In this example, the preferred dialer service is CALL_HOME and the dialer script name is Generic_14400.
Local> SHOW PORT 2
Port 2: Server: user10_DS700-16
Character Size: 8 Input Speed: 57600
Flow Control: XON Output Speed: 57600
Parity: None Signal Control: Enabled
Stop Bits: Dynamic Signal Select: CTS-DSR-RTS-DTR
Access: Dynamic Local Switch: None
Backwards Switch: None Name: PORT_2
Break: Local Session Limit: 4
Forwards Switch: None Type: Ansi
Default Protocol: DIAL Default Menu: None
Dialer Script: Generic_14400
Preferred Service: CALL_HOME
Authorized Groups: 0
(Current) Groups: 0
Enabled Characteristics:
Autoconnect, Autoprompt, Broadcast, DSRlogout, Failover, Inactivity Logout, Input Flow Control, Lock, Loss Notification, Message Codes, Output Flow Control, PPP, SLIP, Verification
Local>
Assigning a Dialer Script to a Port
Use the SET/DEFINE/CHANGE PORT n DIALER SCRIPT command to assign a dialer script to a port.
Example: Defining the Dialer Script
The following example shows how to assign the dialer script dickens to port 2. After you enter this command and initialize the access server, the SHOW PORT display for port 2 will reflect this change.
Local > DEFINE PORT 2 DIALER SCRIPT dickens
Managing Dial Services 21-7
Assigning the Dialer Script to a Port
Verifying Dialer Script Configuration
Use the SHOW PORT n command to verify any changes you make to dialer script assignments for a port. The change appears in the Dialer Script field of the display.
Example: Show New Port Configuration
The following example shows the display after using the CHANGE PORT n DIALER
SCRIPT command to change the dialer script from Generic_14400 to dickens:
Local> CHANGE PORT 2 DIALER SCRIPT dickens
Local> SHOW PORT 2
Port 2: Server: user10_DS700-16
Character Size: 8 Input Speed: 57600
Flow Control: XON Output Speed: 57600
Parity: None Signal Control: Enabled
Stop Bits: Dynamic Signal Select: CTS-DSR-RTS-DTR
Access: Dynamic Local Switch: None
Backwards Switch: None Name: PORT_2
Break: Local Session Limit: 4
Forwards Switch: None Type: Ansi
Default Protocol: DIAL Default Menu: None
Dialer Script: dickens
Preferred Service: CALL_HOME
Authorized Groups: 0
(Current) Groups: 0
Enabled Characteristics:
Autoconnect, Autoprompt, Broadcast, DSRlogout, Failover, Inactivity Logout, Input Flow Control, Lock, Loss Notification, Message Codes, Output Flow Control, PPP, SLIP, Verification
Local>
21-8 Managing Dial Services
Defining the Dialer Service
Defining the Dialer Service
Steps
After you define the dialer script and assign the dialer script to a port, define the dialer service. A dial service is used to establish a dial-back session. Do the following:
Step
1
2
Action
Display information (characteristics, status, and counters) about currently configured dialer services and system status.
Define or modify the dialer service using the SET/DEFINE/CHANGE
DIAL SCRIPT SERVICE command.
Showing the Current Dialer Service Characteristics
Use the SHOW/LIST/MONITOR DIALER SERVICE service-name
CHARACTERISTICS command to display dialer service characteristics. These commands are similar to the SHOW SERVICES LOCAL family of commands in usage and syntax.
The examples in this section show instances of using the SHOW command only. The use of the LIST and MONITOR commands is implied, since these commands produce similar results in the screen display. They differ in the effect that they have on storage of data in VRAM and NVRAM.
Reference
For more information on command line syntax, see the Commands to Display and
Change Configuration Settings section in Chapter 1.
Managing Dial Services 21-9
Defining the Dialer Service
Example: Show Dialer, Port Security Enabled
In this example, a user on a port with SECURITY enabled would not have access to the STATUS display since it might provide access to unlisted or sensitive phone numbers and other information received from the modem.
Local> SHOW DIALER AT_TRADESHOW CHARACTERISTICS
Dial Service: AT_TRADESHOW
Identification: Dial-back from tradeshow
Connections: Enabled
Ports: 1,2,9-14
Phone number: 555-6766
Delay (seconds): 15
Mode: PPP
Username: None
Password: None
Local>
Showing Dialer Service Status
Use the SHOW/LIST/MONITOR DIALER SERVICE service-name STATUS command to display dialer service status. These commands are similar to the SHOW
SERVICES LOCAL family of commands in usage and syntax.
Example: Show Dialer Status
In following example, port 10 is currently available; the last phone number it dialed was found to be busy. Ports 9 and 11 are presently in use. Port 13 is actually dialing a phone number, while port 14 is waiting for a response from the modem. When the dialer port is initialized prior to making a phone call, the Last Connection Status field is cleared.
21-10 Managing Dial Services
Defining the Dialer Service
Local> SHOW DIALER AT_TRADESHOW STATUS
Dial Service: AT_TRADESHOW - Available Identification: Dial-back from tradeshow
Port: User Status Last Connection Status
9 (remote) Connected CONNECTED 14400/LAPM
10 Available BUSY
11 Raymond Connect CONNECTED 9600
12 Available NO ANSWER
13 Jim Dialing No answer
14 Bob Waiting
Local>
SHOW DIALER STATUS Display Fields
The following table lists values for the status field in the SHOW DIALER display:
Status
Initializing
Dialing
Waiting
Connected
Available
Meaning
Sending dialer command and authorization strings.
Sending the phone number string.
Waiting for the expected response from mode.
Dialer call completed, port is in use.
Dialer is not in use.
Managing Dial Services 21-11
Defining the Dialer Service
Displaying Dialer Counters
Use the SHOW DIALER service-name COUNTERS command to display the counters for a dialer service.
Example: Show Dialer Counters
The following example shows the dialer service counters display for the dialer service
AT_TRADESHOW:
Local> SHOW DIALER AT_TRADESHOW COUNTERS
Dial Service: AT_TRADESHOW
Seconds Since Zeroed: 1989692 Failures: 17
Connections Attempted: 113 Busy: 10
Connections Completed: 96 No Answer: 0
No Dial Tone: 0 No Response: 0
No Carrier: 0 Authentication: 7
Unknown: 0
Local>
Modifying the Dialer Service
Use the SET/DEFINE/CHANGE DIALER SERVICE dialer-service-name command to define the dialer service. The dialer-service-name characteristic is a string of 1 to 16 characters.
The dialer service name must be unique to the server. Before you create a new dialer service, use the SHOW DIALER SERVICE command to verify that the new name does not conflict with that of an existing dialer service.
For a detailed explanation of command keywords used to mange dialer services, see the Command Definitions section in Chapter 2.
Example: Change Dialer Name
The following example uses many of the keyword options in the command line:
Local> CHANGE DIALER on_the_road PORT 4-9 IDENT "Dial-back"
Local> CHANGE DIALER on_the_road NUMBER "*" MODE *
21-12 Managing Dial Services
Defining the Dialer Service
Dialer Service Characteristics
The following table describes the dialer service characteristics:
Characteristic
IDENTIFICATION
CONNECTIONS
PORTS
NUMBER
Description
Allows an identifying string to be associated with a given service.
Specifies whether a user may connect to the current dial service.
One or more physical ports that are to offer this dial service.
Indicates the allowable phone number(s) for use with this service.
Comments
Maximum length = 40 characters
Variables: ENABLED/
DISABLED
–
Maximum length = 48 characters
Variables: "*"/ONLY
Default = "*"
• “*” — Means users may use any number within their security constraints, and are prompted to enter a phone number when initiating a dialer session.
• ONLY — Designates the sole phone number that may be dialed using this service.
User Account Characteristics
The following table explains the user account characteristics:
Characteristic
DELAY
Description
Indicates the delay in seconds before the dialer engine should attempt to initiate the dial-back.
Comments
Default = 30 seconds
Minimum = 15 seconds
Maximum = 3600 seconds
(1 hour)
Managing Dial Services 21-13
Defining the Dialer Service
Characteristic
USERNAME
PASSWORD
Description
Defines the user name to be supplied to a peer that requires the access server to be authenticated.
Indicates the password to be supplied to a peer that requires authentication from the access server.
Comments
Maximum length = 1 to 16 characters
MODE Indicates the type of session the dial service will create after successfully completing the modem connection.
MODE Command Variables
The following table explains the MODE command variables:
Maximum length = 1 to 16 characters
• May be entered either on the command line within quotes or at a prompt.
• If PASSWORD is the last word on the command line, the user is prompted for a password.
• DNAS masks the password string upon entry.
Variables: LOCAL/
LOGIN/PPP/SLIP/*
Variable
LOCAL
LOGIN
PPP
SLIP
*
Definition
Interactive nondedicated session.
Interactive dedicated session to a host.
Dedicated PPP session.
Dedicated SLIP session
Any mode allowed
21-14 Managing Dial Services
Configuring Interactive Dial Requests
Configuring Interactive Dial Requests
Configuring for Interactive Dial-Back
The following example sets the access server to a predefined phone number:
Local> CHANGE DIALER AT_HOME PORT 1-16 IDENT "DIALS YOU AT HOME"
The dialer service AT_HOME is set up to allow any phone number to be dialed, but the user’s security profile allows for a connection to be made using only one number.
The ports are all set up to be ACCESS DYNAMIC, so they can be used for dial-in and also dial-back.
The user dials in, enters his user name and password, and is successfully authenticated.
As a result, the security component creates and maintains an authorization profile for this user. This authorization profile, which is also known as the active user database, contains among other things the phone number(s) that the user is authorized to use on a dial-back request.
Security Profile Information
For more information about user security profiles, see the user accounts information in the Determining Security Configuration section in Chapter 22.
Interactive Dial-Back (Dial Service) Example
The following example shows how the user specifies a dialer service and how the service operates:
Local> DIAL AT_HOME
Local -019- Dial request queued, will be attempted in 30 seconds
Local> LOGOUT
Local -020- Logged out port 10 on server NAS700
In this example, the access server uses a security realm (RADIUS, or local profile) for authorization when the user logs in. The user’s RADIUS/local profile is maintained while the user is logged in. The profile is checked to see if the user is authorized for dial-back. In this particular example, the authorization database has but a single phone number that the access server would use when calling back this particular user.
Managing Dial Services 21-15
Framed Dial Requests
Framed Dial Requests
Introduction
Dial-back requests can also be queued from a client that connects to the server using
PPP. Unlike PPP, the SLIP protocol does not include a method of negotiating connection options including whether a call-back should be attempted and the phone number to which the call-back should be placed. Therefore, only PPP clients can request a call-back.
Changing PPP Characteristics Examples
In the following paragraphs, the default protocol for the access server’s port is assumed to be set to PPP.
Configuring Dynamic Access
If the modem on that port will be used for both the incoming and the outgoing calls, the port must allow dynamic access, as shown in the following example:
Local> CHANGE PORT n DEFAULT PROTOCOL PPP
Local> CHANGE PORT n ACCESS DYNAMIC
Configuring Call-Back
To request a call-back using a PPP client, the access server’s port must first allow the call-back negotiation to be started. This is done using the command:
Local> CHANGE PORT n LCP CALLBACK ENABLED
If the PPP client and the access server successfully negotiate the use of call-back, the access server will attempt to queue a dial request. The port must be set dedicated to the dialer service to be used in placing the return phone call.
Local> CHANGE PORT n DEDICATED SERVICE dialer-service-name
Guidelines
1 If you do not specify a service name, the port’s preferred service is used. If the preferred service contains "*" as the number specified in the dialer service, the access server prompts the user to enter a telephone number.
2 For a PPP connection, the port is usually set to have a dedicated service name of
PPP. However, as long as the port’s default protocol is set to PPP, you can specify any dedicated service name.
21-16 Managing Dial Services
Framed Dial Requests
3 If you enable PPP call-back negotiation on a port, DIGITAL strongly recommends that you also enable some sort of authentication (for example PAP or CHAP) on the port. Without authentication, any user who happens to discover the phone number for that port’s modem could potentially request a call-back and run up unlimited phone charges.
4 To enable authentication on a port, use the SET/DEFINE/CHANGE PORT LCP
AUTHENTICATION PAP/CHAP command.
5 If the PPP client specified a phone number to which the return call is to be placed, this phone number is also included in the dial request along with the name of the dialer service. If the PPP client did not specify a phone number, the phone number to be used is determined by the dialer service or the user’s authorization information.
6 If a service name is specified that does not match an existing dialer service, the call-back will fail and an accounting event will be generated.
7 Whether the phone number to be dialed comes from the PPP client or the dialer service definition, the user making the request must be authorized to dial that number. Likewise, the user must be allowed to create sessions of the mode defined by the dialer service, either interactive or framed. If the user is not authorized to either dial the selected phone number or create sessions of the mode specified by the dialer service, the call-back fails and an accounting event is generated.
8 Unlike interactive dial requests, which require the user to log off the server and hang up the client’s modem in anticipation of a return call from the server, successful PPP call-back negotiation results in the initial PPP session being automatically disconnected. This also breaks the modem’s connection and results in the PPP client hanging up the phone, making it available for the return call from the server.
Managing Dial Services 21-17
Chapter 22
Managing Access Server Security
Overview
Introduction
The DECserver Network Access Software (DNAS) supports the following authentication services:
•
RADIUS
•
SecurID
•
Local User Accounts
•
Kerberos V4
In This Chapter
This chapter contains the following topics:
•
Security Type Descriptions
•
Common Terminology Across Security Realms
•
Managing Kerberos
•
Managing RADIUS
•
Managing SecurID
•
Managing Local Access Server Security
•
Determining Security Configuration
•
Managing Dial-Up Access Security with AUTOLINK and AUTOLINK
Authentication
•
Specifying Other Security Features
Managing Access Server Security 22-1
Security Type Descriptions
Security Type Descriptions
Introduction
This section describes the types of security that the access server supports.
Kerberos
Kerberos is a user authentication system designed for open network computing environments. It provides for the authentication of a user name and password pair, by means of a host system accessible over the network. Once the user name and password pair is verified, the access server assigns any default authorization that identify the access server services allowed for that user’s session.
Realm Definition
Associated with a Kerberos login, a user specifies a realm. A realm is known by its realm name, a printable string of characters. The realm name identifies an administrative domain, and a set of realm parameters that are needed to administrate the logins for that realm. The administrator can also associate many other access server related parameters with a realm name.
The SHOW KERBEROS REALM realm-name command displays all the assignable parameters for all Kerberos realms. Realm definition and usage is the same for all other security methods supported by the access server, as are the characteristics that realms allow the administrator to define.
RADIUS
RADIUS (Remote Authentication Dial-In User Service) is a security method that provides authorization information during the authentication procedure. Authorization information is a means for tailoring most of the configurable features of the access server to a particular user name. The authorization characteristics are not stored on the access server, but are embedded in the database that exists on the security host serving as the RADIUS authenticator. This chapter describes the RADIUS authorization attributes that the access server supports. See the Managing RADIUS section in this chapter.
RADIUS Authorization
When a user attempts to log in using a realm, the user enters a string in the following format:
user-name@realm-name
22-2 Managing Access Server Security
Security Type Descriptions
The following occurs:
Stage
1
2
3
Description
The access server uses the realm name to determine the security method to use when authenticating the login.
If the realm name is for a RADIUS server, the access server sends the login information to a RADIUS authentication host.
Upon completing authentication successfully, the RADIUS authentication host sends a list of authorization parameters to the access server after authentication completes successfully. These parameters are the intended settings for the user’s session.
Since the set of attributes that the RADIUS authentication host sends to the access server can be incomplete, you can set default realm authorization parameters that provide missing values to complete the authorization set. If a parameter is missing from both the RADIUS authorization parameters and from the realm’s default parameters, and the parameter is defined within the port configuration information, the port supplies the value for the parameter. This resulting set of parameters is the
“authorization” information used for this session.
SecurID
SecurID is a system of authentication from Security Dynamics Technologies, Inc.
There is no authorization information at the SecurID authentication host. Like
Kerberos, the SecurID realm provides values for realm-defined parameters.
Once the password has been accepted, its processing is analogous to the Kerberos method. However, the resulting “authorization” parameters with SecurID, are the combination of the realm parameters and the port configuration parameters.
User Accounts
User accounts provide a method of defining user name and password pairs, and associated authorization parameters. User account information resides on the access server. This is convenient method for supporting multiple administrative roles that are fully self-contained on the access server.
Managing Access Server Security 22-3
Common Terminology Across Security Realms
Common Terminology Across Security Realms
Introduction
This section briefly defines the terms that are common to all of the security methods that the access server supports.
Accounting Host
A security server that accepts and records accounting information from the access server.
Authentication Host
A security server that provides authentication or authorization information to the access server.
Default Realm
One realm in the access server can be specified to be the default realm. The only advantage of the default realm is that, when logging in, the user can omit the @realm-
name portion of the login identification. There is no other special meaning to be the default realm. To change the default realm name, you must first set any current
(default) realm name to be NODEFAULT. Then assign another as DEFAULT.
Login Retries and Timeouts
The access server allows you to configure the number of times to retry contacting a server before timing out a login attempt.You can specify the maximum number of retries to potentially alternate authentication hosts. Hosts are tried round-robin fashion until the login attempt times out. Each realm can point to its own list of security hosts.
Secrets
A text string or value that ensures that the data exchanged between the access server and the security host is valid. You must configure a secret on the access server for
RADIUS. You can also configure one for Kerberos. The secret for SecurID will automatically be assigned by the SecurID authentication host.
Once configured, the secret is never displayed on the access server. There are privileged access server commands to erase and to reenter secrets. The secret is assigned as a realm parameter, and applies to all security hosts in the realm.
22-4 Managing Access Server Security
Common Terminology Across Security Realms
Security Server
The remote host with which the access server communicates in order to request authentication clearance during the login process. Each security method (other than user accounts) defines one or more host processors that can support the authentication procedure.
RADIUS Accounting
The RADIUS security method supports logging of accounting information. The accounting information is sent to what is called the accounting host by means of the accounting service port.
UDP Ports
Each security method has a well-known port (or two) that must be specified to the access server in order for the UDP connection to be established. When you create a new realm, it is not usable until you define a secret (and at least one authentication host) for it. However, the realm will be created with default values (the well-known ports) for the UDP ports.
Managing Access Server Security 22-5
Managing Kerberos
Managing Kerberos
Introduction
This section describes Kerberos security features and explains how to configure and manage these features on the access server.
To use the procedures in this section, you must:
•
Ensure that the access server can communicate with a host running Kerberos V4 software.
•
Connect and test the devices.
•
Enable privileged status.
•
Configure the port and device characteristics to match.
Reference
Refer to the access server hardware documentation for information about connecting device cables. This section assumes that you have a basic understanding of Kerberos.
Refer to Digital's Guide to Kerberos for more information.
Configuration Prerequisites
This section describes the prerequisites for configuring the Kerberos security features on an access server.
Kerberos Host Requirements
•
To use Kerberos authentication, the access server must be able to communicate over the network with a host that functions as a Kerberos V4 key distribution center (KDC). The key distribution center is an ULTRIX or UNIX host that runs
Kerberos software and contains a database of valid user names and passwords.
The access server does not authenticate using the Kerberos V5 protocol.
•
To operate with the highest level of security, the access server must be registered with all KDCs within the Kerberos realms in which user authentication will take place. A realm refers to a group of hosts that share a common administrative domain for purposes of user authentication.
•
Each realm has one master KDC that contains a write-enabled database. The master KDC propagates its database to any slave KDCs in the same realm.
A basic mode of operation is also available in which the access server does not need to be registered in any of the realms. This mode of operation is less secure, but easier to configure.
22-6 Managing Access Server Security
Managing Kerberos
Network Access Server Requirements
Before configuring security-specific parameters, make sure that:
•
You have entered the correct Internet address and subnet mask. (See the
Configuring the Internet Address and Subnet Mask section in Chapter 7.)
•
There is an Internet gateway to the KDC if the KDC is not on the access server subnet. (See the Defining Networks Available Through a Specific Gateway section in Chapter 7.)
•
The DNS parameters are set correctly if Internet hosts are not explicitly configured on the access server. (See the Displaying the DNS Counters section in
Chapter 7.)
Configuration of User Authentication
The configuration of user authentication on the access server involves entering several commands shown in the examples in this section. For details about command syntax, refer to the Network Access Server Command Reference.
Case Sensitivity
Kerberos user names, instances, realms, and passwords are case sensitive.
Configuring Kerberos Settings
When you set up the access server for user authentication, you need to complete the following steps:
Step
1
2
3
Action
Specify a realm and a KDC.
If the default is incompatible with the KDCs in your realm, specify the
TCP port numbers on the KDC to which the access server sends messages for password changes and ticket requests.
Change the default timeout if you want to do so.
Managing Access Server Security 22-7
Managing Kerberos
Example: Definition of Kerberos Settings
The following example shows a sample of the commands used to change these settings:
Local> CHANGE KERBEROS DEFAULT REALM finance.acme.com SECRET
Secret> (not echoed)
Verification> (not echoed)
Local> CHANGE KERBEROS REALM finance.acme.com MASTER HOST
security.acme.com
Local> CHANGE KERBEROS REALM finance.acme.com HOST
atlas.acme.com
Local> CHANGE KERBEROS PASSWORD SERVICE PORT 89
Local> CHANGE KERBEROS TICKET PORT SERVICE PORT 88
Local> CHANGE KERBEROS TIMEOUT 20
This example shows the more secure Kerberos configuration. The access server itself is registered in the realm: finance.acme.com
The access server user name is always “rcmd” while its instance is the same as its server name. In previous example, if the server name is LAT_08002B010203, then the
Kerberos principal name is: [email protected]
The access server Kerberos password is the value of SECRET: thisiswhereallthemoneyis
To perform authentication, the Kerberos system administrator must register the access server Kerberos user name, instance, and password in the master KDC for each of the realms. If the administrator does not specify a SECRET value in the access server database, then the access server can perform user authentication without being registered in the realm.
22-8 Managing Access Server Security
Managing Kerberos
Displaying Kerberos Settings
The following example shows a sample display of Kerberos settings:
Local> show kerb characteristics
Retransmit Interval: Retransmit Timeout: 0 00:00:08
Ticket service port: 750 Password service port: 751
Realm: mfg.acme.com
Secret: (None)
Authorization Defaults:
Access: (None) Forced Callback: DISABLED
Max Connect: (None) Dialout Service: (None)
Dialback Number: 6111
Dialout Number: (None)
Permissions: DIALBACK, DIALOUT, LAT, TELNET, SLIP, PPP, NOPRIV
Port Configuration
You need to configure user authentication on the access server on a port-by-port basis.
To enable the authentication on a given port, you enter a command such as:
LOCAL> DEFINE PORT 2 AUTHENTICATION ENABLED
Example: Sample SHOW PORT Command
After enabling authentication on a port, you can then display the port settings to verify that user authentication is enabled as shown in the following example:
Local> SHOW PORT 1
.
.
Port 1: smith Server: TSM700
.
Enabled Characteristics:
Authentication, Autoconnect, Autoprompt, Broadcast, Failover,
Input Flow Control, Lock, Loss Notification, Message Codes,
Output Flow Control, Lock Notification, Verification
Managing Access Server Security 22-9
Managing Kerberos
User Authentication Procedure
When the system administrator configures Kerberos security features for a given access server port, you need to enter a valid user name and password when you log on to the access server. A complete Kerberos principal name has the following format: user-name[.instance]@realm-name
To abort the authentication process, press the Break key or the Local Switch key.
By default, Kerberos allows you three attempts to enter a valid user name and password. After three unsuccessful attempts to enter a user name and password, the access server disables the authentication procedure on the port for a period of 1 minute.
To change the default number of invalid authentication attempts, use the SET
PASSWORD LIMIT command.
Example: Authentication with a Complete User Name
The following example shows a typical user authentication that uses the complete form of the Kerberos principal name. This session assumes that the Kerberos administrator has entered your user name and password in the Kerberos database.
Username> [email protected]
Password> (not echoed)
Local - 450 - Attempting to authenticate user:[email protected]
Local - 451 - Authentication successful
Local>
Example: Authentication Using the First Portion of the User Name
If a default realm is configured, you have to enter only the first portion of the user name as shown in the following example:
Username> smith
Password> (not echoed)
Local - 450 - Attempting to authenticate user: [email protected]
Local - 451 - Authentication successful
Local>
22-10 Managing Access Server Security
Managing Kerberos
Changing a User Name and Password
Once the network manager has set up the access server, users can change their own passwords on the master KDC for their realm.
Example: Sample Kerberos User Authentication Session
The following example shows a sample session for changing a password. The way that message 468 wraps may appear differently on your terminal screen.
Local> kpasswd
Username> smith
Old password> oldpassword (not echoed)
New password> newpassword (not echoed)
Verification> newpassword (not echoed)
Local -468- Attempting to change Kerberos password for user [email protected]
Local -469- Kerberos password has been changed
Local>
Alternative Password Command
Instead of the KPASSWD command, you can also use the DEFINE KERBEROS
PASSWORD COMMAND as described in the Network Access Server Command
Reference.
User Authentication Counters
This section describes the user authentication counters. These counters display information that is useful for detecting problems.
Network Access Server User Authentication Counters
The following example shows how to display the user authentication counters for the access server:
Local> SHOW SERVER AUTHENTICATION COUNTERS
Total Total
attempts failures
User authentication (all realms): 16 0
Total Valid Error
Packets Packets Packets
Sent Received Received
Realm: mfg.acme.com 8 8 0
Realm: sales.acme.com 7 6 1
Realm: finance.acme.com 1 1 0
Time since counters last zeroed: 1 01:55:14
Managing Access Server Security 22-11
Managing Kerberos
Port User Authentication Counters
The following example shows how to display the authentication counters for a given port:
Local> SHOW PORT 1 AUTHENTICATION COUNTERS
Port 1: j_smith Server: Finance_server
Cur. login Cur. login Total Total
attempts: failures: attempts: failures:
User authentication: 1 0 4 0
Time since last user authentication success: 0 00:52:32
Time since last user authentication failure: never
Time since counters last zeroed: 1 01:50:28
Setting the User Authentication Counters to Zero
The user authentication counters add up until you explicitly reset them. To reset user authentication counters for the server to 0, use the following command:
Local> ZERO SERVER AUTHENTICATION COUNTERS
You can reset the user authentication counters for an individual port, a group of ports, or all ports. For example, the following command resets the user authentications counters to 0 for ports 2, 3, and 5:
Local> ZERO PORT 2,3,5 AUTHENTICATION COUNTERS
22-12 Managing Access Server Security
Managing RADIUS
Managing RADIUS
Introduction
A RADIUS server must be operational on the network. The RADIUS server can include accounting capability, but the RADIUS accounting can be in a separate server, on a different node. In addition, there can be multiple RADIUS servers on the network, and RADIUS provides a method for using a second server should the attempt with the first server result in no response.
A node that has the RADIUS server is considered an authentication host. A node that has a RADIUS accounting server is considered an accounting host.
RADIUS security involves the definition on the access server of one or more RADIUS realms. A realm is an administrative domain for the purpose of authentication which can supply default values for many attributes associated with RADIUS access and usage. Each RADIUS realm points to its own associated RADIUS authenticating host and accounting host.
Minimal Setup for RADIUS
The minimal configuration requires the following commands to set up the remote ports used for communication with the RADIUS server(s). These features must be assigned in order for any communication with a RADIUS server or a RADIUS accounting server to take place.
•
The following example shows the commands used to set up RADIUS security:
LOCAL> CHANGE RADIUS REALM JONAS.COM
•
This command defines/initializes a new RADIUS realm:
LOCAL> CHANGE RADIUS REALM JONAS.COM AUTHEN HOST ip-addr
•
This command defines RADIUS server authentication node:
LOCAL> CHANGE RADIUS REALM JONAS.COM SECRET " secret_string"
Variables
Words in examples in italics indicate user-supplied variables. In this case, the variable
JONAS.COM
is the name of the specific realm on which you want to perform this action.
Managing Access Server Security 22-13
Managing RADIUS
Optional Setup for RADIUS
You can use the commands in the following examples to configure additional security parameters for RADIUS servers. The commands in these examples define a RADIUS server accounting node, the maximum timeout period for RADIUS server reply, and the interval between retries of an authentication request.
•
The following command defines a RADIUS server accounting node:
LOCAL> CHANGE RADIUS REALM JONAS.COM ACCOUNTING HOST ip-addr
•
This command defines the maximum timeout for RADIUS server reply:
LOCAL> CHANGE RADIUS TIMEOUT seconds
•
This command defines how much time elapses before using an alternate server:
LOCAL> CHANGE RADIUS INTERVAL seconds
Setting the INTERVAL variable defines the time period (in seconds) that the system is to wait before repeating an authentication request to an alternate authentication server.
•
This command causes the realm name to be included as part of a user name sent to the RADIUS server:
Local> CHANGE RADIUS REALM JONAS.COM INCLUDE
Realm name inclusion is used for RADIUS proxy authentication service.
Reference
See the Network Access Server Command Reference for more information on these commands.
Example: Including the Realm Name
If your realm name has to be included when the access server sends messages to the
RADIUS server, issue the command shown in the following example:
LOCAL> CHANGE RADIUS REALM JONAS.COM INCLUDE
For most usage, you will not want to include the realm name. If you do, each entry in the RADIUS server’s users file will have to appear as “user-name@realm-name” instead of simply “user-name”.
If a user has to be called back, this value is derived from User-Service-Type when specified. If it is not specified, then realm defaults/port defaults can apply:
22-14 Managing Access Server Security
Managing RADIUS
Example: Defining Realm Default Authorization Attributes
LOCAL> CHANGE RADIUS REALM JONAS.COM PERMISSIONS (DIALBACK)
LOCAL> CHANGE RADIUS REALM JONAS.COM CALLBACK ENABLED DIALBACK
NUMBER "1-800-555-1111"
Example: Defining Password Authentication Type
LOCAL> CHANGE RADIUS REALM JONAS.COM ACCESS FRAMED
Note
The value NONE should be read as unspecified. This allows the port configuration to determine the access whenever the RADIUS server’s user entry does not specify one or more authorization attribute.
RADIUS User Authorizations
The ultimate value for an authorization attribute may come from one of three sources: the RADIUS server, the realm defaults, or port characteristics, in that order of precedence. The choices for such features are:
1 For each RADIUS realm name you define, you can set various authorization attributes for that realm. These values serve as defaults at the realm level. This means, that when a RADIUS user tries to login to the access server, these values will be assigned to authorization attributes if the user entry in the RADIUS server’s users file does not assign a value for the corresponding attribute. If the user does not provide the attribute default in the realm, and the corresponding attribute is not provided in the RADIUS server’s users file, then the access server’s port characteristics are used if they have been previously defined.
2 One of the legal settings of the attributes in the realm is NONE. This special value connotes unspecified. In this case, when a user attempts to log in, if the value is not specified in the RADIUS server’s entry for the user name, and has the value
NONE in the REALM, then the PORT configuration parameter assigns the corresponding value.
The resulting value may still be unspecified, if the corresponding port characteristic is unspecified or does not exist. Only a portion of the RADIUS authorization attributes have a corresponding realm default or corresponding port attribute.
Managing Access Server Security 22-15
Managing RADIUS
User Access to the Access Server
The primary way to define a user’s type of access is to use the RADIUS server attribute called “User-Service-Type”. The following table shows User-Service-Type values that the access server supports:
Value
Login
Framed
Callback-Login
Callback-Framed
Administrative-User
NAS-Prompt
Callback-NAS-Prompt
Description
LAT/TELNET, depending on the Login-Service attribute or DEFAULT PROTOCOL value in PORT.
PPP/SLIP, depending on the Framed-Protocol attribute or DEFAULT PROTOCOL value in PORT.
User is first called back, then gets login.
PPP/SLIP user is first called back.
NAS prompt with automatic privilege.
Access server’s command or menu prompt.
Callback first, then NAS prompt.
Setting User Permissions
Permissions are explicitly given by the authorizations that were in the user-name entry in the RADIUS server’s authentication entry. When any attributes that may be appropriate are missing, an attempt is made to find a specified value in the realm defaults. When these are still missing, the port configuration can supply its specified values (for attributes having a corresponding representation in the port).
Permissions are from a DIGITAL vendor-specific RADIUS attribute. The following is a list of RADUIS permissions:
DIALOUT
LAT
TELNET
SLIP
PPP
PRIVILEGED
NODIALOUT
NOLAT
NOTELNET
NOSLIP
NOPPP
NOPRIVILEGED (level of DECSERVER command
For each of the these attributes, the default is NOxxx or DISABLED.
22-16 Managing Access Server Security
Managing RADIUS
Additional RADIUS Attributes
The tables in this section contain lists of additional RADIUS attributes that the access server supports.
General Session Attributes
The following table defines the general session RADIUS attributes:
General Session
Attributes
Service-Type
Definition
Session-Timeout
Idle-Timeout
Type of link requested, or change in type of link. Used in both Access-Request and Access-Accept packets.
• Login — Delivers a dedicated connection to the specified host, using the specified protocol (Telnet, rlogin, LAT).
• Framed — Delivers a network (framed) protocol connection (PPP, SLIP).
• Callback-Login.
• Callback-Framed.
• Administrative User — Delivers a NAS prompt with automatic privilege status.
• NAS-Prompt — Delivers the NAS user interface.
• Callback-NAS-Prompt.
Indicates the maximum number of seconds of service to be provided to the user, before (mandatory) termination of the session. Used in Access-Accept packets.
Indicates the maximum number of consecutive seconds of idle connection allowed to the user before
(mandatory) termination of the session. Used in Access-
Accept packets. The DECserver does not currently support per-port idle timeout for interactive sessions.
Managing Access Server Security 22-17
Managing RADIUS
Framed Session Attributes
The following table defines the framed session attributes:
Framed Session Attributes
Framed-Protocol
Framed-IP-Address
Callback-Number
Definition
Type of framed protocol used for session.
Used in Access-Accept packets.
Values:
• PPP
• SLIP
IP address to be configured for the user (in lieu of DHCP, or similar). Used in Access-
Accept packets.
Note: Two values of this address require special action:
• The value 255.255.255.255 means that the
PPP client should be allowed to negotiate the use of its local IP address via IPCP, subject to the DECserver's subnet containment rules.
• The value 255.255.255.254 means that PPP or SLIP client should be assigned the port's
PPP address, if one exists.
Nonspecial cases would equate to:
SET PORT SLIP HOST ADDRESS ip-addr
SET PORT IPCP HOST ADDRESS ip-addr
Indicates the phone number to be called, after the user has been disconnected. This attribute is formatted as a printable ASCII string, typically containing the characters that would follow the “ATDT” modem command.
22-18 Managing Access Server Security
Managing RADIUS
Interactive Session Attributes
The following table defines the interactive session attributes:
Definition Interactive session attributes
Login-IP-Host
Login-Service
Login-Port
Login-LAT-Service
Login-LAT-Node
Login-LAT-Groups
The IP address of the host system with which the user is to be automatically connected.
Used in Access-Accept packets.
The type of service to which the user is to be automatically connected. Used in Access-
Accept packets.
Values:
• Telnet
• LAT
Indicates the TCP (or LAT) port number to which the user is to be automatically connected. Used in Access-Accept packets.
Indicates the LAT service name to which the user is to be automatically connected, via
LAT. Used in Access-Accept packets, when the Login-Service type is LAT.
Indicates the node, within the specified service, to which the user is to be automatically connected, via LAT. Used in
Access-Accept packets, when the Login-
Service type is LAT, and a Login-LAT-
Service is specified.
Indicates the LAT group codes which the user is authorized to use. Used in Access-
Accept packets, when the Login-Service type is LAT.
Managing Access Server Security 22-19
Managing RADIUS
RADIUS General Non-Session Attributes
The following table defines the RADIUS general non-session attributes:
RADIUS Overhead
Attributes
NAS-IP-Address
Definition
NAS-Port
Reply-Message
State
Class
Vendor-Specific
IP address of the NAS. Used in Access-
Request packets.
NAS Port Number. Used in Access-Request packets.
ASCII text, that the NAS may optionally display. Used in Access-Accept, Access-
Reject, or Access-Challenge packets.
Opaque data sent from the server to the client in an Access-Challenge packet, to be sent back to the server by the client in a new
Access-Request packet. Needed to support challenge/response forms of authentication.
Opaque data sent from the server to the client in a Access-Accept packet, to be sent to the accounting server by the client in a
Accounting-Request packet. Needed to support RADIUS accounting.
Vendor-specific data, prefixed by the assigned vendor OID. Used in all but Access-
Reject packets. Please refer to the following table for a list of the vendor-specific attributes.
DIGITAL Vendor-Specific Attributes
The following table defines the DIGITAL vendor-specific attributes:
DIGITAL Vendor-Specific Attributes
Service Permissions (1) V-Type — 1 for service permissions.
V-Length >= 3
Integer — The value field is 4 octets. The value is formatted as a bit map.
22-20 Managing Access Server Security
Managing RADIUS
DIGITAL Vendor-Specific Attributes
Dialout Number (2) V-Type — 2 for dialout number.
V-Length >= 3
String — Any printable ASCII characters.
Dialback Number (3)
Dialout Service (4)
V-Type — 3 for dialback number.
V-Length >= 3
String — Any printable ASCII characters.
V-Type — 4 for dialout service name.
V-Length >= 3
String — Uppercase ASCII printable characters, starting with a letter.
RADIUS Accounting Attributes
The following table defines the RADIUS accounting attributes:
RADIUS Accounting
Attributes
Acct-Status-Type
Definition
Acct-Delay-Time
Acct-Input-Octets
Acct-Output-Octets
Acct-Session-Id
One of the following types of accounting information:
• Start
• Stop
• Accounting-On
• Accounting-Off
• Checkpoint
The amount of relative time from the origination of the accounting information until the transmission (or retransmission) of the accounting packet.
The number of bytes received on the port during the delivery of service.
The number of bytes transmitted on the port during the delivery of service.
A unique accounting session ID, preferably related to the DECserver accounting log.
Managing Access Server Security 22-21
Managing RADIUS
RADIUS Accounting
Attributes
Acct-Authentic
Definition
Acct-Session-Time
An indication of the means of authentication for this user:
• RADIUS
• Local (the DECserver User Data Base)
• Remote (the DECserver Kerberos or
SecurID client)
The number of seconds for which the service was delivered to the user.
Optional RADIUS User Attributes
The RADIUS attributes that the access server supports are as follows:
Session-Timeout
Idle-Timeout
Framed-Protocol
Framed-IP-Address
Callback-Number
Login-IP-Host
Login-Service (Telnet, LAT)
Login-Port
Login-LAT-Service
Login-LAT-Node
Login-LAT-Groups
NAS-IP-Address
NAS-Port
Vendor-Specific
Note
Other RADIUS attributes (particularly accounting attributes) are utilized internally between the RADIUS server or accounting server and the access server, which are independent of authorization attributes.
22-22 Managing Access Server Security
Managing SecurID
Managing SecurID
Introduction
The Security Dynamics ACE/Server software performs dynamic two-factor SecurID authentication. Dynamic two-factor authentication combines something the user knows—a memorized personal identification number (PIN)—with something the user possesses—a randomly generated access code that changes every 60 seconds. The second factor is the tokencode generated by the SecurID token. This combination of
PIN and tokencode represents a one-time passcode and is transmitted to the ACE/
Server software for verification.
The ACE/Server security environment is composed of four components. These are:
1 ACE/Server software running on a UNIX platform
2 (Optional) slave ACE/Server software running on a UNIX platform
3 Access server running DNAS V2.0 or greater
4 SecurID tokens utilized by users when they attempt to access the ACE/Server protected ACE/Clients
SecurID utilizes two types of hosts: master and slave. When setting up a SecurID realm, specify the master host by using the command SET PRIMARY host-name. You can specify the slave host using the command SET HOST host-name. Although the access server does allow you to configure multiple slave hosts, you should not do this.
Using the SECRET Keyword
The SECRET in the SecurID REALM is not specified by the user, but rather is filled in the first time the realm is used to authenticate a user. After that, you can clear it by using the NOSECRET qualifier in the CHANGE SECURID REALM command. If you clear it or if you delete the realm and then re-create it, you must reset the client on the authentication server side using the SecurID server administrator program.
SecurID Prompts
The default prompt for SecurID is ENTER PASSCODE>. This default is set when you create a new realm. This is the standard SecurID prompt.
SecurID Ports
Normally, you do not need to change the SecurID master and slave SERVICE PORT.
If the default values do not match with those assigned on your hosts, then change the values in the access server to match those on the hosts.
Managing Access Server Security 22-23
Managing SecurID
SecurID Realms
SecurID servers do not provide any authorization data; therefore, any authorization information comes from the SecurID realm or the port characteristics.
If a SecurID card is in a new PIN mode and the new PIN is coming from the access server, the new pin is displayed for 10 seconds and then erased.
Minimal Setup for SecurID
The minimal configuration requires the following commands to set up the remote ports used for communication with SecurID. These features must be assigned in order for any communication with SecurID or SecurID accounting to take place.
•
The following example shows the command used to set up SecurID security:
LOCAL> CHANGE SECURID REALM realm-name
•
This command defines and initializes a new SecurID realm:
LOCAL> CHANGE SECURID REALM JONAS.COM AUTHEN HOST ip-addr
Optional Setup for SecurID
The commands in the following example can be used to configure additional security parameters for SecurID. The commands in these examples will define a SecurID accounting node, define the maximum timeout period for SecurID reply, and define the interval between retries of an authentication request.
Local> CHANGE SECURID TIMEOUT seconds
This command defines the maximum timeout for SecurID reply.
Local> CHANGE SECURID INTERVAL seconds
Local> CHANGE SECURID REALM realm-name INCLUDE
This command causes the realm name to be included as part of a user name sent to
SecurID. Realm name inclusion is used for SecurID proxy authentication service. See the Network Access Server Command Reference for more information on this command.
22-24 Managing Access Server Security
Managing SecurID
Example: Including the Realm Name
If your realm name has to be included when the access server sends messages to
SecurID, issue the command shown in the following example:
LOCAL> CHANGE SECURID REALM realm-name INCLUDE
For most usage, you will not want to include the realm name. If you do, each entry in the SecurID users file will have to appear as “user-name@realm-name” instead of simply “user-name”.
If a user has to be called back, this value is derived from User-Service-Type when specified. If it is not specified, then realm defaults/port defaults can apply:
Example: Defining Realm Default Authorization Attributes
LOCAL> CHANGE SECURID REALM JONAS.COM PERMISSIONS (DIALBACK)
LOCAL> CHANGE SECURID REALM JONAS.COM CALLBACK ENABLED DIALBACK
NUMBER "1-800-555-1111"
Example: Defining Password Authentication Type
LOCAL> CHANGE SECURID REALM JONAS.COM ACCESS FRAMED
Note
The value NONE should be read as unspecified. This allows the port configuration to determine the access whenever the SecurID realm default does not specify one or more authorization attribute.
SecurID User Authorizations
Optional authorizations can come from the SecurID user description which is defined specifically for a particular SecurID implementation. It is possible to define realm defaults, within the access server. The ultimate value for an authorization attribute may come from one of three sources: the SecurID, the realm defaults, or port characteristics, in that order of precedence. The choices for such features are:
•
For each SecurID realm name you define, you can set various authorization attributes for that realm. These values serve as defaults at the realm level. This means, that when a SecurID user tries to login to the access server, these values will be assigned to authorization attributes. If the user does not provide the attribute default in the realm, then the access server’s port characteristics are used if they have been previously defined.
•
One of the legal settings of the attributes in the realm is NONE. This special value connotes unspecified. In this case, when a user attempts to log in, if the value is not specified in the SecurID entry for the user name, and has the value NONE in the REALM, then the PORT configuration parameter assigns the corresponding value.
Managing Access Server Security 22-25
Managing SecurID
Setting User Permissions
Permissions are explicitly given by the value in the realm defaults. When these are still missing, the port configuration can supply its specified values (for attributes having a corresponding representation in the port).
Permissions are DIGITAL vendor-specific. The following is a list of SecurID permissions:
DIALOUT
LAT
TELNET
SLIP
PPP
PRIVILEGED
NODIALOUT
NOLAT
NOTELNET
NOSLIP
NOPPP
NOPRIVILEGED (level of DECSERVER command
For each of the above attributes, the default is NOxxx or DISABLED.
22-26 Managing Access Server Security
Managing Local Access Server Security
Managing Local Access Server Security
Introduction
The tasks described in this section cover the configuration of the local access server realm and setup of local user accounts.
Configuration of server security involves:
•
Access server realm configuration
•
Local user account configuration parameter
Defining the Realm
Realm names must be unique within a given type of authentication.
In the case of the server realm, the realm name indicates local (or NAS) authentication.
The SET/DEFINE/CHANGE CLEAR/PURGE REALM realm-name command family sets up and tears down the various realms used to identify particular administrative domains.
Example: Setting the Server Realm
In the following example, the command defines a new server realm. The keyword
realm-name is the proper name of the newly defined realm. Before using this new realm, you must assign additional realm parameters to it.
Local> SET SERVER REALM JONAS.COM
Managing Access Server Security 22-27
Determining Security Configuration
Determining Security Configuration
Displaying RADIUS, SECURID, and KERBEROS Characteristics
The SHOW {RADIUS | SECURID | KERBEROS} CHARACTERISTICS command displays all configured realm names, along with any pertinent configuration parameters. This command is privileged. It shows the various RADIUS and SecurID servers that are configured for the access server as well as the Kerberos KDCs. It also shows the existing local server security database.
Example: Showing RADIUS Characteristics
The following example shows the resulting display for the SHOW RADIUS
CHARACTERISTICS command:
LOCAL> SHOW RADIUS
Retransmit Interval: 00:00:01 Retransmit TimeOut: 00:00:20
Authentication Service Port: 1645 Account Service Port: 1646
Realm: XXX.YYY.XXX.COM
Realm Inclusion: EXCLUDE
Prompt: Password>
Secret: (Entered)
Accounting Host: 16.20.55.66
Authentication Host: 16.20.55.77
Authorization Defaults:
Access: None Forced Callback: ENABLED
Max Connect: 00 08:00:00 DialOut Service: DIAL14400
DialBack Number: 555-1234
DialOut Number: (Any)
Permissions: DIALBACK, DIALOUT, LAT, TELNET, SLIP, PPP,
NOPRIVILEGE
22-28 Managing Access Server Security
Determining Security Configuration
Example: Showing SecurID
The following example shows the resulting display for the SHOW SECURID
CHARACTERISTICS command:
LOCAL> SHOW SECURID
Retransmit Interval: 00:00:02 Retransmit TimeOut: 00.00.20
Service Port: 755
Realm: AAA.BBB.CCC.COM
Realm Inclusion: EXCLUDE Encoding Format: DES
Prompt: Enter Passcode>
Secret: (Entered)
Primary Host: 16.20.55.66
Authorization Defaults:
Access: INTERACTIVE Forced Callback: DISABLED
Max Connect: 00 08:00:00 DialOut Service: DIAL28800
DialBack Number: 555-1234
DialOut Number: (Any)
Permissions: DIALBACK, DIALOUT, LAT, TELNET, SLIP, PPP,
NONPRIVILEGED, NOPRIVILEGED
Example: Showing the Server Realm
LOCAL> SHOW SERVER REALM
Realm: local.NAS
Max Fails: 3
Authorization Defaults:
Access: INTERACTIVE Forced Callback: DISABLE
Max Connect: 00 08:00:00 DialOut Service: DIAL9600
DialBack Number: 555-1234
DialOut Number: (Any)
Permissions: DIALBACK, DIALOUT, LAT, TELNET, SLIP,
PPP, NONPRIVILEGED, NOPRIVILEGED
Managing Access Server Security 22-29
Determining Security Configuration
Example: Displaying Kerberos Characteristics
The following example shows the resulting display for the SHOW KERBEROS
CHARACTERISTICS command:
LOCAL> SHOW KERBEROS
Retransmit Interval: 00:00:01 Retransmit TimeOut: 00:00:20
Ticket service port: 750 Password service port: 751
Default Realm: 33H.LKG.DEC.COM
Secret: (None)
Primary Host: prowlr.lkg.dec.com
Master Host: ds900.lkg.dec.com
Host: foo.bar.dec.com
Authorization Defaults:
Access: INTERACTIVE Forced Callback: DISABLED
Max Connect: 00 08:00:00 DialOut Service: DIAL14400
DialBack Number: 555-1234
DialOut Number: (Any)
Permissions: LAT, TELNET, SLIP, PPP, DIALBACK, DIALOUT
Displaying Security Summary
To show the security summary, use the SHOW SECURITY SUMMARY command.
This command displays all of the currently configured security realms. It provides a subset of the data produced by the SHOW SECURITY command.
Example: Showing the Security Summary
LOCAL> SHOW SECURITY SUMMARY
Logout Warning ------------------------------------------------
Interval 0 Times 0
Kerberos ------------------------------------------------------
Default Realm: 33H.LKG.DEC.COM
Realm: kerberos.realm.somewhere
RADIUS --------------------------------------------------------
Realm: realmname1
SecurID -------------------------------------------------------
Realm: realmnam2
Server --------------------------------------------------------
Realm: realmname3
22-30 Managing Access Server Security
Determining Security Configuration
Showing the Authentication Counters
This access server can display the counters for all realms (local, RADIUS,
KERBEROS). Any session authenticated by RADIUS attempts to send accounting data to the RADIUS Server. Sessions authenticated by other methods may be configured to send accounting packets to a RADIUS accounting server as well (if one exists).
Reference
See SHOW AUTHENTICATION COUNTERS in the Network Access Server
Command Reference for a sample of this display.
Showing the User Port Authorization Profile
The SHOW AUTHORIZATION command shows the user profile being used for the specified port(s).
Example: Showing the User Port Authorization Profile
The following example shows the resulting display for this command for a port that was authenticated:
LOCAL> SHOW PORT 7 AUTHORIZATION
Port 7: user1 Server: DECSERVER1
Username: user1@finance_realm
Access: LOCAL Forced CallBack: DISABLED
Max Connect: 00 08:00:00 DialOut Service: DIAL14400
Remaining Time: 00 00:33:24 Framed IP Address: 16.22.33.44
Login IP Host: 16.20.22.33 Login LAT Service: LATSERVICE
Login Service Type: LAT Login Port: 15
Authenticated By: 16.129.42.15 Authentication Type: RADIUS
Login LAT Node: MONEY
DialOut Number: (Any)
DialBack Number: 1-802-767-8345
Login LAT Groups: 1,2,5,66-68,133,135,139,172,206,230-250
Permissions: LAT, TELNET, SLIP, PPP, DIALACK,
DIALOUT,NONPRIVILEGED
Showing Security Counters
The SHOW/LIST/MONITOR SECURITY COUNTERS command displays all portrelated security counters. This display is very similar to results from the SHOW PORT
AUTHENTICATION COUNT command shown in the previous example.
Example: Showing Security Counters
Local> SHOW PORT 8 SECURITY COUNTERS
Managing Access Server Security 22-31
Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication
Managing Dial-Up Access Security with AUTOLINK and
AUTOLINK Authentication
Introduction
AUTOLINK lets PC clients log in using SLIP,PPP, and character cell terminal mode.
AUTOLINK AUTHENTICATION provides a flexible and secure method for clients to authenticate when using AUTOLINK. A single port can support authenticated logins from different types of PPP clients, which may have different LCP authentication capabilities. For SLIP or PPP clients that do not support PAP or CHAP authentication, and interactive or script-based login will be used. When you enable
AUTOLINK AUTHENTICATION, only one form of authentication is required during any port login.
When you use AUTOLINK authentication, a successful user login requires a user name/password authentication. The user name/password authentication requirement is independent of how you configure port characteristics (PORT AUTHENTICATION and LCP AUTHENTICATION).
To use AUTOLINK authentication, you need to set the DEFAULT PROTOCOL and
DEDICATED SERVICE for the port to use the AUTOLINK protocol, and then enable the AUTOLINK AUTHENTICATION port characteristic.
Activating AUTOLINK
The port begins the AUTOLINK search protocol when the modem has established a connection. AUTOLINK examines the characters arriving on the port and determines if a PC is using PPP, SLIP, or a character-cell terminal emulation (which may be a login script).
If AUTOLINK does not detect a PPP or SLIP start frame character within a user-set timeout, it chooses character-cell emulation. Note that a user or the login script can expedite the choice of character-cell emulation by entering a carriage return character.
Example: Configuring the Port
The following example shows how to set the port’s default protocol and dedicated service to AUTOLINK:
Local> DEFINE PORT DEFAULT PROTOCOL AUTOLINK
Local> DEFINE PORT DEDICATED SERVICE AUTOLINK
22-32 Managing Access Server Security
Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication
Enabling AUTOLINK Authentication
If you want authenticated logins, you must separately configure the port to require
AUTOLINK AUTHENTICATION. The authentication can be by PPP PAP, PPP
CHAP, or interactively by terminal emulation (which could be a script). The PC client is required to provide one authentication. SLIP users are treated as if they are character-cell users.
Once authentication is successful, the protocol identified by AUTOLINK (PPP, SLIP, or local login) starts.
Example: Enabling AUTOLINK Authentication
The following example shows how to enable AUTOLINK authentication:
Local> DEFINE PORT AUTOLINK AUTHENTICATION ENABLE
The SHOW PORT CHARACTERISTICS command shows AUTOLINK authentication enabled in the ENABLED CHARACTERISTICS section.
Specifying an Authentication Method
The following table describes the authentication method used when you enable
AUTOLINK AUTHENTICATION and specify an LCP authentication method, and an interactive authentication was not already performed prior to LCP negotiation.
LCP
Authentication
PAP USERNAME
Results
Disabled
PC clients that connect immediately using PPP will be authenticated using PPP PAP authentication.
This setting is required when you use Kerberos or
SecurID authentication. For Kerberos authentication, you must set the Kerberos realm default ACCESS to
NONE.
For other forms of authentication, such as RADIUS,
CHAP USERNAME may be used.
If you user the PAP NOUSERNAME options with the
PORT LCP AUTHENTICATION command, the login fails.
PC clients that connect immediately using PPP will be authenticated using either CHAP or PAP authentication. If the LCP negotiation for CHAP is not acknowledged, the DECserver requires PPP PAP authentication.
Managing Access Server Security 22-33
Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication
LCP
Authentication
CHAP USERNAME
Results
PC clients that connect immediately to PPP will be authenticated using PPP CHAP authentication.
If you user the CHAP NOUSERNAME options with the PORT LCP AUTHENTICATION command, the login fails.
If you use either the PAP NOUSERNAME or CHAP NOUSERNAME options with the PORT LCP AUTHENTICATION command when you enable AUTOLINK authentication, the login fails.
Note if you configure the default protocol and dedicated service for the port as
AUTOLINK and you disable AUTOLINK authentication, SLIP and character-cell users may be connected without authentication. This will occur even if PPP users are authenticated because of the port’s LCP AUTHENTICATION characteristics.
Setting AUTOLINK Timers
You can set an AUTOLINK timer to specify how long the port waits to detect the protocol of the user session. If the port does not detect a valid PPP frame, a valid SLIP frame, or a single carriage return character, the session defaults to character cell terminal.
AUTOLINK makes two passes to determine the authentication style and the protocol of the user session:
1 If authentication is required, the first pass determines the authentication style.
Either PPP authentication or character-cell authentication can be used. You can set the timer for the first pass to be between 10 and 60 seconds.
If no authentication is required, AUTOLINK determines the session style.
2 If there has been an authentication pass, the second pass determines the protocol of the user session. The protocol can be SLIP, PPP, or character-cell terminal.
You can set the timer for the second pass to be between 0 and 60 seconds.
If the timer expires, AUTOLINK assumes a character-cell terminal.
Example: Setting AUTOLINK Timers
The following example shows how to set AUTOLINK timers:
Local> DEFINE PORT AUTOLINK TIMER PASS ONE 30
Local> DEFINE PORT AUTOLINK TIMER PASS TWO 50
22-34 Managing Access Server Security
Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication
Timeouts
The following are the properties of AUTOLINK timeouts:
•
A user has one minute to complete an interactive login successfully. The clock starts from the time the USERNAME> prompt is displayed. This includes the time for the user name/password request to be processed by the authentication server.
After one minute elapses, the port is logged out and the modem is disconnected.
•
When a terminal emulation window first appears, it is blank. Entering a carriage return produces a USERNAME > prompt. If you do not enter a carriage return, the prompt is displayed after a user-set timeout (AUTOLINK PASS ONE). At this point the one minute time limit is initiated.
•
If a user authenticates successfully in a terminal window (or a script), a single carriage return or a lapse of a user-set timeout (AUTOLINK PASS TWO) produces a local prompt. The user or the script can enter C PPP or C SLIP to begin framed operation.
Using a Login Script
If you use a login script on the remote client, your script must include the following:
Stage
1
2
3
4
5
Description
The script must send a carriage return character. Alternatively, the script can send no characters for [AUTOLINK TIMER PASS ONE] seconds (note that this is not the preferred method).
The script searches for Username> and responds with the user’s user name and a carriage return.
The script searches for Password> and responds with the user’s password and a carriage return.
The script searches for:
Local -451- Authentication successful
The script exits and allows the framed protocol to run. Note that the key phrase to search for is “Authentication successful”.
Managing Access Server Security 22-35
Specifying Other Security Features
Specifying Other Security Features
Introduction
This section describes various security features on interactive ports.
Specifying Dedicated Service for LAT or Telnet Resources
The results of specifying a dedicated service on a port are as follows:
•
The device on the port appears hard-wired to a specific resource.
•
The access server establishes only one session for the port.
•
Local mode cannot be entered on that port, although login and service passwords can still be defined for the user on that port.
•
The access server automatically enables AUTOCONNECT for that port.
AUTOCONNECT is not cleared when the dedicated service is cleared.
Kerberos Requirement
For Kerberos, the server name must be unique.
When you specify any LAT or Telnet resource to be a dedicated service, the host or service name, node name, and port name are limited to 16 characters each.
LAT Protocol Requirement
To set a LAT service as a dedicated service, the default protocol must be set to LAT.
The following shows how to enable the LAT service, FILES, as the dedicated service on port 5:
Local> CHANGE PORT 5 DEDICATED FILES
You can specify that the connection be made to a particular node and/or port name of the LAT service. The following shows how to specify that port 5 connects to port
JAMES on node MARKETING for service FILES:
Local> CHANGE PORT 5 DEDICATED FILES NODE MARKETING DESTINATION
JAMES
22-36 Managing Access Server Security
Specifying Other Security Features
Telnet Requirement
To set an Internet host as a dedicated service, the default protocol must be set to
TELNET. You can use the host’s Internet address, domain name, or relative domain name if the host is defined in a name server; however, you cannot use the entire domain name if the name is more than 16 characters, including the dots. The following shows how to enable a host on the TCP/IP network, SALE.MKT.DEC.COM, as a dedicated service on port 5:
Local> CHANGE PORT 5 DEDICATED SALE.MKT.DEC.COM
Normally, the user must press the Return key to connect to the LAT or Internet host.
However, if SIGNAL CONTROL or MODEM CONTROL is enabled, the port automatically connects to the host. The following shows how to enable SIGNAL
CONTROL on port 5:
Local> CHANGE PORT 5 SIGNAL CONTROL ENABLED
Specifying Passwords
There are two password characteristics that you need to set: SERVER LOGIN
PASSWORD and PORT PASSWORD. SERVER LOGIN PASSWORD defines the password for the access server. PORT PASSWORD enables the login password on a particular port.
A single login password is used for the whole access server although the password is enabled on a port-by-port basis. This password is most likely to be useful when you wish to reserve access to a terminal located in a public place. For example, in a widely used computer center, you want to keep a terminal open for your computer-services staff. Enabling the login password would prevent your general user population from using that terminal.
You can enable the login password for a port with a session management terminal.The terminal user must enter the password when initially logging in to the access server.
If you plan to enable the login password at one or more ports, you should take care in selecting with whom you share the password. In addition, you should change the password on a regular basis and inform those selected users of the new password.
The login password can be 1 to 16 ASCII characters. The factory-set default login password is ACCESS.
Managing Access Server Security 22-37
Specifying Other Security Features
Login Password Definition Example
The following example shows how to define TOTAL as the login password:
Local> CHANGE SERVER LOGIN PASSWORD "TOTAL" or
Local> CHANGE SERVER LOGIN PASSWORD
Password> TOTAL (not echoed)
VERIFICATION> TOTAL (not echoed)
Local>
You must enable the PASSWORD characteristic at the port level. The following shows how to enable PASSWORD at ports 5, 6, and 7:
Local> CHANGE PORT 5,6,7 PASSWORD ENABLED
Once the PASSWORD characteristic is enabled at a port, the login prompt (#) appears at the port device accompanied by a beep signal when the user logs in to the port. The user must enter the login password to gain access to the port.
You can change the login password, but you cannot clear the password. If you specify
NONE or type a null string ("") on the command line, you receive an error message.
To reset the default ACCESS, specify "ACCESS" on the command line or ACCESS at the Password> prompt.
Specifying PASSWORD LIMIT
The PASSWORD LIMIT characteristic specifies the following:
•
The number of times that a port user with the PASSWORD and/or
AUTHENTICATION port characteristic enabled can incorrectly enter the login password before the port is automatically logged out. If the port user fails to type the correct password within the number of allowed attempts, that user is not allowed to complete the login sequence for 1 minute. After 1 minute, the user can attempt to log in again.
•
The number of times that a port user can incorrectly enter the privileged password before the port is automatically logged out by the access sever.
•
For services that are password protected, the number of times that a user is prompted for the correct password before a connection request is denied.
The value must be in the range of 0 to 10 attempts. If you specify 0, no attempts are allowed. The factory-set default is 3.
22-38 Managing Access Server Security
Specifying Other Security Features
Example: Changing the Server Password Attempt Limit
The following example shows how to change the password limit to 6:
Local> CHANGE SERVER PASSWORD LIMIT 6
Managing Access Server Security 22-39
Chapter 23 7
Accounting
Overview
Introduction
This chapter describes the network access server accounting component. The basis of an accounting facility is the logging of events related to user access. These events can be useful to support audit trails, billing, capacity planning, and connection troubleshooting.
In This Chapter
This chapter contains the following topics:
•
Accounting Description
•
What Events Are Logged?
•
When Events Are Logged
•
Managing Accounting
•
Using the Accounting Console Logging Feature
Accounting 23-1
Accounting Description
Accounting Description
Introduction
The configuration of the accounting feature is supported using SNMP and the user interface. The accounting log itself is also accessible by both mechanisms. There is also a facility for sending accounting events to the access server console port as they occur.
Accounting Log File
The accounting component stores information about significant user events (for example, logins) in an accounting log file. The size of the log file is defined by the administrator (see the Defining the Accounting Log Size section in this chapter) and if set to zero, no logging will occur. The log file can be viewed as a circular buffer with entries added in chronological order. When the end of the buffer is reached, a newly created entry will overwrite the oldest existing entry.
Since the access server offers limited mass storage, preserving the accounting information requires the use of the console logging feature (see the Using the
Accounting Console Logging Feature section in this chapter) or a “harvester” application running on a management station. To facilitate this harvest application, the accounting component can be configured to send notifications when checkpoints
(thresholds) have been crossed in the log file. These notifications are in the form of
SNMP traps.
23-2 Accounting
What Events Are Logged?
What Events Are Logged?
Contents of Log Entry Types
The following table shows the fields that are logged in each accounting log entry type:
Session
Disconnect
Kerberos
Password Fail
Privilege
Password Fail
Maintenance
Password Fail
Log
Entry
Type
Port
Login
Port
Logout
Session
Connect
Attempt
Login
Password Fail
Remote
Password Fail
SNMP
Community Fail
Event Time Port ID Port Acc ess
Peer Rea son
Tx Rx User
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X X
X
X
X
X
X
X
X
X
X
X
X
X
X
Accounting 23-3
What Events Are Logged?
User
Privilege
Level
Modified
SNMP
Community Modified
Remote
Password
Modified
Log
Entry
Type
Privilege
Password
Modified
Maintenance
Password
Modified
Login
Password
Modified
Event Time
X
X
X
X
X
X
X
X
X
X
X
X
Port ID
X
X
X
X
X
X
Port Acc ess
Peer Rea son
Tx
Event Field Descriptions
The following table describes the fields in the accounting log entries:
Rx User
X
X
X
X
X
X
Field
Event
Time
Description
Provides the ability to distinguish the event type. The valid event types are listed in the previous table.
Current server system uptime when entry was created.
23-4 Accounting
Field
Port
ID
What Events Are Logged?
Description
• For session connect/disconnect events:
— Local Access: The port the session connect or disconnect occurred on. If the connection is initiated from a physical port, this field will have the physical port number. If the connection is initiated from an existing remote console connection, the port number will be one higher than the maximum physical port number.
— Remote Access: For a remote console connection (MOP or
Telnet), the port will be one higher than the maximum physical port number. For a connection to a LAT service or Telnet listener (other than listener 23), the port will be the destination physical port the connection is made to. If no port is available, the port field will be zero.
Note: If a connection is created from a physical or remote console port to a Telnet listener or LAT service on the same server, two session connect events will be logged: one for the local access from the source port and one for the remote access to the destination port.
Two disconnect events will also be logged when the session is torn down. In each log entry, the port number will follow the rules stated above.
• For nonsession events, the port that the event occurred on.
The internal ID associated with an active session (not those that are displayed in the SHOW SESSION displays). The session IDs are always unique across the server at any given time (though they may be reused after a session is disconnected).
Accounting 23-5
What Events Are Logged?
Field
Port
Access
Description
• Session connect/disconnect: The protocol associated with the session attempt or disconnect. These values can be:
— LAT
— TELNET
— MOP
— TN3270
— SLIP
— PPP
— AUTOLINK
— PING
Note: For a TN3270 session, the protocol type may appear as
TELNET for the connect event and TN3270 for the disconnect event.
For an AUTOLINK session, the protocol may appear as AUTOLINK for the connect event and either AUTOLINK, SLIP, or PPP in the disconnect event, depending on what protocol was used last.
• SNMP Community Fail: SNMP_IP (representing SNMP over IP).
The access type, either Local or Remote.
23-6 Accounting
What Events Are Logged?
Field
Peer
Reason
Description
The value of this field varies depending on the protocol field, as follows:
• LAT
— Local Access: For nondedicated/preferred case, whatever you type following the CONNECT [LAT] command. For example,
C CLUSTER1 (peer is CLUSTER1); C CLUSTER1 NODE
NODE1 (peer is CLUSTER1 NODE1). If dedicated/preferred service is defined, the peer field will contain the service name.
— Remote Access: The local service name followed by the remote node name.
• Telnet
— Local Access: For nondedicated/preferred case, whatever you type following the CONNECT/Telnet command. For example,
TELNET NODE1 (peer is NODE1); TELNET
NODE1.finance.acme.com (peer is
NODE1.finance.acme.com). If dedicated/preferred service is defined, the peer field will be the service name.
— Remote Access: The remote node's IP address followed by the remote TCP port number.
• PING: Whatever you type following the PING command. For example, PING NODE1 (peer is NODE1); PING
NODE1.finance.acme.com (peer is NODE1.finance.acme.com).
• MOP (maintenance password fail event): The Ethernet address of the remotely connected device.
• SLIP: The peer field is SLIP.
• PPP: The peer field is PPP.
• AUTOLINK: The peer field is AUTOLINK.
• SNMP_IP (SNMP community fail event): The IP address of the
SNMP management station.
The reason for the disconnect, either Normal or Error. Normal represents the session being brought down by user action (you log out of the session or do a DISCONNECT SESSION at the local prompt).
Error refers to cases where the session is refused by the protocol for some reason (insufficient resources, not authorized for group code in case of LAT, or couldn’t resolve name in case of Telnet).
Accounting 23-7
What Events Are Logged?
Field
Tx
Description
• Session Disconnect Event: The number of bytes of successfully transmitted user data on this session at the time of session termination. This field will always be zero for MOP remote console connections.
• Logout Event: The number of bytes output to the port during the life of the associated login.
User received user data on this session at the time of session termination.
This field will always be zero for MOP remote console connections.
• Logout Event: The number of bytes input to the port during the life of the associated login.
Subtracting the sum of all the session disconnect Tx/Rx fields during the life of a login from the Tx/Rx values in the logout event will yield the Tx/Rx count of bytes sent and received while the user was in local mode.
This field is a variable length string as follows:
• Login Events: When authentication is enabled on the port, this field will contain the entire Kerberos user name string (for example, [email protected]).
• All Other Events: This field will contain the user name string associated with the port (the string in the first field of the SHOW
PORT display).
The SET PORT USERNAME command may change a port’s user name from the string stored at login. This can cause entries associated with a particular login to have different user name fields. The login entry, when Kerberos is enabled, is the only trusted source for the user name.
23-8 Accounting
When Events Are Logged
When Events Are Logged
Introduction
This section describes when each specific event type is logged.
Login Events
Login events are logged at the time of the successful login (just before the user gets the
Local> prompt). Unsuccessful login attempts are handled by Kerberos Password Fail,
Login Password Fail, or Remote Password Fail events.
Logout Events
Logout events are stored when the port is logged out. There is always an associated login event.
Session Connect Attempt Events
Session connect attempt events are stored when a session connect is being attempted
(either user-initiated or dedicated). All attempts are logged whether they are successful or not.
Session Disconnect Events
Session disconnect events are logged when a session connect attempt fails or when an existing session is terminated. There is always an associated session connect attempt event. Use the disconnect reason or bytes Tx/Rx to determine whether the connection attempt was successful.
Password Fail Events
Password fail (Kerberos, Privilege, Maintenance, Login, Remote) events are logged for every attempt to enter the associated password.
SNMP Community Fail Events
SNMP community fail events are logged whenever an SNMP access attempt is made with a community name and/or source IP address that is not enabled on the access server.
Accounting 23-9
When Events Are Logged
Password Modified Events
Password modified events (Privilege, Maintenance, Login, Remote) are logged whenever the associated password is modified with a SET/DEFINE/CHANGE command. A single event is logged for each UI command (only one event is logged for a CHANGE command). SET commands cannot be distinguished from DEFINE commands. If a user sets the password to the existing value, an event is still logged.
User Privilege Level Modified Events
User privilege level modified events are logged whenever a user does a SET PRIV command and successfully provides the privilege password at the Password> prompt.
If the user is already privileged, the event is still logged.
SNMP Community Modified Events
SNMP community modified events are logged whenever a user adds or deletes an
SNMP community string on the access server. They are also logged if an existing community’s access capabilities are modified (SET SNMP COMMUNITY PUBLIC
SET ENABLE). If the user sets the community to existing values, an event is still logged. A single event is logged for each UI command (only one event will be logged for a CHANGE command). SET commands cannot be distinguished from DEFINE commands. If a user does a CLEAR/PURGE SNMP COMMUNITY ALL, a single event will be logged.
23-10 Accounting
Managing Accounting
Managing Accounting
Introduction
You can manage the accounting feature fully by using SNMP or the user interface. You can access the accounting log itself using both mechanisms. This section describes the user interface commands you can use to manage the accounting feature.
Reference
Refer to SNMP Survival Guide (located with the software) for instructions on managing the accounting component with SNMP.
Defining the Accounting Log Size
Use the DEFINE ACCOUNTING LOGSIZE command to control the amount of memory allocated at initialization to create the log file. Valid values for the LOGSIZE variable are 0, 4, 8, 16, 32, 64, 128, 256, and 512 (units are kilobytes). If the accounting component cannot allocate the specified amount of memory at the time of initialization, the value displayed for LOGSIZE in the SHOW ACCOUNTING
CHARACTERISTICS display will be set to zero.
If this occurs, define a smaller value for LOGSIZE. This characteristic can only be modified with a DEFINE command. Note that a newly defined value will not take effect until the next time the server is reinitialized.
Note
An access server configured with 2 megabytes of memory may not have sufficient resources to allow for the creation of an accounting log.
Example: Defining the Accounting Log Size
The following shows how to set the size of allocated memory to 512 KB:
Local> DEFINE ACCOUNTING LOGSIZE 512
Accounting 23-11
Managing Accounting
Changing the Accounting Threshold
Use the ACCOUNTING THRESHOLD command to specify the point in the building of a log when the accounting component sends out a threshold notification.Valid values for the ACCOUNTING THRESHOLD variable are:
•
NONE: No notification.
•
HALF: Notify when each half of the log file is reached.
•
QUARTER: Notify when each quarter of the log file is reached.
•
EIGHTH: Notify when each eighth of the log file is reached.
•
END: Notify when the end of the log file is reached.
Entries are inserted in the log file progressively (with wrapping) and when the specified points in the buffer are reached, notifications are sent. These notifications are in the form of SNMP traps.
Example: Changing the Accounting Threshold
The following example shows the use of the DEFINE ACCOUNTING THRESHOLD command:
Local> DEFINE ACCOUNTING THRESHOLD EIGHTH
Changing the Accounting Console
Use the DEFINE ACCOUNTING CONSOLE command to display accounting events on the server console. If ENABLED, the accounting component displays accounting events on the server console port as they occur. Be sure to set the server console port to the desired value (CHANGE SERVER CONSOLE n).
Example: Changing the Accounting Console
The following example shows the use of the DEFINE ACCOUNTING CONSOLE command:
Local> DEFINE ACCOUNTING CONSOLE ENABLED
23-12 Accounting
Managing Accounting
Displaying Accounting Characteristics
Use the SHOW ACCOUNTING CHARACTERISTICS command to display the current values of the accounting variables.
Example: Displaying Accounting Characteristics
The following example shows the display that appears when you use the SHOW
ACCOUNTING CHARACTERISTICS command:
Local> SHOW ACCOUNTING CHARACTERISTICS
Accounting Characteristics:
Threshold: None Log Size: 128K
Console Logging: Disabled
Accounting 23-13
Managing Accounting
Displaying the Accounting Log
Use the SHOW ACCOUNTING LOG command to view the log.
Example: Displaying the Accounting Log
The following example shows a sample accounting log:
Local> SHOW ACCOUNTING LOG
Accounting Log:
Event: Login Time: 026:10:33
Port: 3 Access: Local
Username: smith
Event: Privilege Password Fail Time: 0 26:12:13
Port: 3
Username: smith
Event: User Privilege Level Modified Time: 0 26:12:44
Port: 3
Username: smith
Event: Session Connect Attempt Time: 0 26:15:04
Port: 3 Sessid: 1 Protocol: LAT Access: Local
Username: smith
Peer: CLUSTER1
Event: Session Disconnect Time: 0 26:15:50
Port: 3 Sessid: 1 Protocol: LAT
Reason: NORMAL TX: 345 bytes RX: 216 bytes
Username: smith
Event: Login Password Modified Time: 0 27:13:51
Port: 3 Username: smith
Event: SNMP Community Modified Time: 0 27:14:14
Port: 3 Username: smith
Event: Logout Time: 0 27:15:06
Port: 3 Tx: 1285 bytes Rx: 526 bytes
Username: smith
23-14 Accounting
Using the Accounting Console Logging Feature
Using the Accounting Console Logging Feature
Description
When console logging is enabled, the accounting component displays the accounting events on the server console as they occur. This can be useful for viewing events on a console terminal or printer. It is also possible to view (and log to a file) the console events remotely. If you place a loopback connector on the access server console port and associate a LAT service or Telnet listener with this port, you can connect to the port and view the console messages remotely.
LAT Remote View of the Accounting Log
The following example shows the commands necessary to remotely view the accounting log messages with a LAT service and loopback connector on port 16 of the access server:
Local> CHANGE PORT 16 ACCESS REMOTE
Local> CHANGE PORT 16 AUTOBAUD DISABLED SPEED 57600
Local> CHANGE SERVICE ACCTREMOTE PORT 16 CONNECTION ENABLED
Local> CHANGE SERVER CONSOLE 16
Local> CHANGE SERVER SERVICE GROUP 255
From a remote OpenVMS system, type:
$ MCT LATCP SET NODE/GROUP=(ENABLE=255)
$ SET HOST/LAT/AUTOCONNECT/LOG=ACCT.LOG ACCTREMOTE
This causes the accounting events to be displayed on the remote screen and logged to the file ACCT.LOG.
Accounting 23-15
Using the Accounting Console Logging Feature
Example: Telnet Remote View of the Accounting Log
The following example shows the commands necessary to remotely view the accounting log via Telnet with a loopback connector on port 16:
Local> CHANGE PORT 16 ACCESS REMOTE
Local> CHANGE TELNET LISTENER 2001 PORT 16
Local> CHANGE TELNET LISTENER 2001 CONNECTION ENABLE
Local> CHANGE SERVER CONSOLE 16
Local> CHANGE PORT 16 AUTOBAUD DISABLED SPEED 57600
From a remote UNIX system, the command is (replace x.x.x.x with your server’s IP address):
# TELNET x.x.x.x 2001
This will cause the accounting events to be displayed on the remote screen. To log the events to a file, type the following command (replace x.x.x.x with your server’s IP address):
# TELNET x.x.x.x 2001 > ACCT.LOG
23-16 Accounting
Appendix A
Cable and Adapter Recommendations
Cable and Adapter Hardware
Cable and Adapter Table
The following table lists the cable and adapter hardware you need to connect devices to specific DECserver models:
To Connect This
Device:
To This DECserver Model:
90M or 90TL (8 Port)
900TM (32 Port)
700 (16 Port)
700 (8 Port)
Terminal/printer with MMJ port
Terminal/printer with DB25 male port
Terminal/printer with DB9 male port
Use This Cable and Adapter Hardware:
BN24H-xx cable H8575-A adapter and
BC16E-xx cable
H8575-A adapter and
BN24H-xx cable
BC17D-xx (10-wire) cable or
BC22D-xx (6-wire) cable
H8575-B adapter and
BN24H-xx cable
H8575-A adapter and
H8571-J adapter and
BC16E-xx cable
Cable and Adapter Recommendations A-1
To Connect This
Device:
To This DECserver Model:
90M or 90TL (8 Port)
900TM (32 Port)
700 (16 Port)
700 (8 Port)
PC communication interface with DB9 male port
Use This Cable and Adapter Hardware:
H8585-AA adapter and
BN25G-xx cable
H8575-A adapter and
H8571-J adapter and
BC16E-xx cable
H8585-AB adapter and
BN25G-xx cable
BC22E-xx (10-wire) cable or
BC22F-xx (25-wire) cable
Modems using RI-
DCD-DSRS-DTR signals (typically
<9600 baud) with
DB25 female port
Modem using CTS-
DSR-RTS-DTR signals (typically
=>9600 baud) with
DB25 female port
H8585-AC adapter and
BN25G-xx cable
BC22E-xx (10-wire) cable or
BC22F-xx (25-wire) cable
Non-DIGITAL systems with DB25 male ports (reverse-
LAT configuration)
– BC22R-xx cable
Note: The -xx denotes the length of the cable in meters.
Reference
Refer to the Site Preparation Guide or User’s Guide shipped with your access server hardware for further information.
To help plan and install networking systems using the DEC OPEN DECconnect system, refer to the documentation listed in the preface to this manual.
A-2 Cable and Adapter Recommendations
Glossary
access server
A generic name for a family of Digital Equipment Corporation access servers.
access server configuration database
A load host database that contains the DECnet characteristics and the access server type, the load file name, and the dump file name for each access server.
access server image
A file in the access server directory on the load host that contains executable code.
Address Resolution Protocol
See ARP .
American National Standards Institute
See ANSI.
ANSI
American National Standards Institute. This organization compiles and publishes computer industry standards.
ARP
Address Resolution Protocol. The Internet protocol that enables a host or a gateway to dynamically map, or translate, an Internet address into the correct physical hardware address so as to send a packet to a target computer on the same physical network.
Glossary -1
Glossary-2
American Standard Code for Information Interchange
See ASCII .
AppleTalk
An Apple Computer, Inc., trademark for their network protocol suite.
ASCII
American Standard Code for Information Interchange. A set of 8-bit binary numbers representing the alphabet, punctuation, numerals, and other special symbols used in text representation and communications protocols.
asynchronous
Pertaining to a communication method in which each event occurs with no relation to a timing signal.
atomics
Refers to nontabular objects in a group of objects in a MIB.
authentication
Utilizes Kerberos to verify a user’s identity by validating a Kerberos user name and password on a remote Kerberos host (KDC).
authentication trap
An SNMP trap message that is sent to each community with TRAPS enabled whenever an unauthorized Internet host tries to access the access server, or when an Internet host uses an unauthorized SNMP GET or GETNEXT message.
autobaud
The process by which the access server automatically determines the line speed and other characteristics of a terminal attached to one of its ports.
autoconnect
A feature whereby the access server automatically attempts to reconnect a port to a network resource in the following situations: the port becomes disconnected from a resource, the user enters a CONNECT command and the specified resource is unavailable, or the user logs in to a port that has a preferred service defined.
automatic failover
See failover .
bootptab file
This is the file that BOOTP uses to store information necessary to downline load software. The bootptab file is normally shown as /etc/bootptab .
BOOTP
Internet Bootstrap Protocol. This Internet protocol is used to configure the communications software on a load host.
BOOTP/TFTP Server
This is a load host that uses the BOOTP and TFTP Internet protocols to configure the load host and downline load the software.
broadcast
A access server port characteristic that allows one port to send a single message to one or more ports simultaneously.
CCR
Console Carrier Request. An ULTRIX host function that allows connections to the access server remote console port .
Clear To Send
See CTS .
circuit timer
LAT. The LAT protocol timer that determines the minimum interval at which a access server transmits virtual circuit messages.
client-server
Internet. The model of interaction in a distributed system in which a program at one site sends a request to a program at another site and awaits a response. The requesting program is called a client; the program satisfying the request is called the server.
command line recall and edit
A feature that allows the user to recall and edit previously entered commands.
community name
A character string that is used as a password that the Internet host must know in order to access the access server through SNMP .
connection queue
LAT. The queue on a access server that stores connection requests for a printer or a service.
Console Carrier Request
See CCR .
console port
Any access server port assigned to receive the access server 900 series of messages and to which an interactive device can be connected.
Glossary-3
Glossary-4
CRC
Cyclic Redundancy Check. An error detection scheme in which a receiver checks each block of data for errors.
CTS
Clear To Send. A signal sent from the port device to the access server to indicate that the port device is ready to receive data.
Cyclic Redundancy Check
See CRC .
datagram
See IP datagram .
Data Set Ready
See DSR .
Data Terminal Ready
See Data Terminal Ready .
data transparency
During a session, the access server normally intercepts and interprets switch characters and flow control characters. Users can enable data transparency, causing these characters to become transparent to the access server. The access server will not intercept them while they are being exchanged in the user’s current session, such as during a file transfer or during a block-mode transfer (where the terminal sends a screen of data to the host application).
DECnet
The DIGITAL networking software that uses the DIGITAL Network Architecture
(DNA) on both local area networks (LANs) and wide area networks (WANs) .
DECnet node address
A unique numeric identification required for each DECnet node, assigned by the network manager. The address is in the form aa.nnnn, where aa is an optional area number (from 2 to 63), and nnnn is the node address (from 1 to 1023).
DECnet node name
A unique 1to 6-character alphanumeric identification (including at least one alphabetic character) required for each DECnet node assigned by the network manager.
dedicated service
A network resource to which a port is permanently assigned and to which the port is always connected at login, thus emulating a hardwired connection.
dequeue
To remove the first entry in a queue and to attempt the function for which the entry was queued.
DNS
Domain Name System. An Internet naming system that maps, or translates, domain names to addresses. See domain names.
domain names
Internet. The domain name consists of a sequence of subnames separated by a period.
The individual sections of the name might represent sites, groups, or computers, but the domain system simply calls each section a label.
For example, the domain name super.dec.com
, contains three labels: super, dec, and com. Any suffix of labels in a domain name is called a domain. Thus, the lowest level domain is super.dec.com
, an abbreviation for the computer named super. The second level domain is dec.com
(for Digital Equipment Corporation); and the top level domain is com (for commercial institution). As the example shows, domain names are written with the most local label first and the topmost domain last.
Domain Name System
See DNS .
downline loading
The process of sending the access server image from a load host to a access server.
DSR
Data Set Ready. A control signal that is used to inform whether or not a communications device is ready to transmit and receive data.
DSVCONFIG
The configuration procedure used on a load host to configure the load host’s node database.
DTR
Data Terminal Ready. A control signal that is used to inform whether or not a data terminal is ready to transmit and receive data.
dump file
A file containing a copy of the access server memory. The load host creates this file when it receives an upline dump from the access server. The file is stored on the load host in the access server directory.
Ethernet
A type of local area network based on carrier-sense multiple-access/collision detection
(CSMA/CD).
Glossary-5
Glossary-6 event logging
This is a process of recording significant occurrences on the network.
failover
LAT. A failure-recovery function provided by LAT software. Failover occurs when a user’s current LAT session is disrupted by the failure of the service node. Failover attempts to connect the user to the same service on an alternative service node . Failover is attempted only if the service is offered by two or more service nodes (as with a
VAXcluster service).
flow control
The set of rules used by a communications protocol to ensure that access server ports and port devices do not lose data during data transfers. Flow control prevents the sending network node (or transmitting process) from sending more data than the receiving node (or receiving process) can handle.
gateway
See Internet gateway .
group codes
LAT. Group codes are integers ranging from 0 to 255. They are assigned to LAT services , access servers, and access server ports.
heartbeat
A signal generated by certain Ethernet transceivers. The signal verifies that the collision detection circuitry is operational.
host
A multiuser computer.
host-initiated request
LAT. A connection request from a computer asking a access server to initiate a session.
The session connects an applications device such as a printer on a access server port to an application such as a print queue on the computer.
ICMP
Internet Control Message Protocol. A protocol that is the part of the Internet Protocol that gateways and hosts use to communicate control and error information. If for any reason a gateway cannot forward or deliver a datagram , or if the gateway detects unusual conditions that may affect the host, the gateway uses this protocol to communicate with the host so that the host can take corrective action.
ID
This is an abbreviation for identification.
image
See access server image .
initialization
The process of running the access server diagnostic self-test program and, optionally, downline loading the access server with the access server image .
Installation Verification Procedure
See IVP .
Internet
Internet (written in all lowercase letters) is a collection of packet switching networks that use TCP/IP protocols and are interconnected by gateways. Software enables the networks to function logically as a single, large, virtual network.
3 Internet (written with the first letter capitalized) refers specifically to a collection of networks and gateways, including the ARPANET, MILNET, and NSFnet, that use the TCP/IP protocol suite and function as a single, cooperative virtual network.
Internet address
The 32-bit address assigned to computers that participate on an Internet using the TCP/
IP protocols.
Internet Bootstrap Protocol
See BOOTP .
Internet Control Message Protocol
See ICMP .
Internet gateway
A computer that connects two or more networks and passes packets between them. In
Internet, computers called gateways provide all interconnections among physical networks. Gateways route packets based on the destination network, not on the destination host.
Internet host
A resource on the TCP/IP network.
Internet name server
An Internet server program that performs name-to-address translation, or mapping, from domain names to Internet addresses. It enables users to assign common names that are easy to remember to computers and then address the computers by name, rather than Internet addresses. When the server program operates on a dedicated computer, the computer itself is usually called a name server. See also local name server and root name server .
Glossary-7
Glossary-8
Internet Protocol
See TCP/IP .
IP
Internet Protocol. See TCP/IP .
IP datagram
Internet. A basic unit of information transferred over the Internet.
IVP
Installation Verification Procedure. This procedure verifies that the access server software was successfully installed on a OpenVMS load host .
KDC
Key Distribution Center. A Kerberos host that serves to validate a user’s identity with a Kerberos user name and password.
keepalive timer
LAT. Because access servers are responsible for monitoring its balanced virtual circuits, each access server maintains a keepalive timer. This timer determines the length of time that a balanced circuit remains inactive.
Kerberos
An authentication service that enhances security in an open network. It was developed as part of Project Athena at Massachusetts Institute of Technology. Project Athena is a software development project that facilitates communication among file servers and workstations in a distributed network environment.
Key Distribution Center
See KDC .
keyword
A word in a command string that further defines the command.
LAN
local area network. A network in which communications are limited to a moderately sized geographic area such as an office building or a campus.
LAT
local area transport. DIGITAL name for the Ethernet protocol used by the DECserver for terminal connections.
LAT architecture
A layered networking model that identifies LAT communications functions, assigns specific functions to distinct layers, and specifies general rules for communication between LAT nodes .
LAT Control Program
A control program that provides a command interface that allows system and network managers to set up and manage an operating system as a LAT service .
LAT network
All the computer systems, or nodes, on a LAN that support the LAT protocol constitute a LAT network.
LAT node
A computer on a LAN that contains LAT software. There are two types of LAT nodes: nodes that access services and nodes that offer services; some nodes perform both functions.
LAT protocol
An integral part of the LAT architectural model that consists of rules that specify the actual format and sequence of the messages used for communication between LAT nodes .
LAT service
A resource on the LAT network .
learned data
Data entered into a access server database by DNS . Contrast with local data .
load host
A computer on the same LAN as the access server that is used to downline load the access server image to the access server. A load host can also receive upline dumps of access server memory.
load host database
A database that contains information about access servers and that allows the load host to perform downline load and upline dump operations. This database contains three databases on the load host: the DECnet operational database, the DECnet permanent database, and the access server configuration database (that is, DSVCONFIG.DAT).
local area network
See LAN .
local data
Data entered into a access server database by a user. Contrast with learned data .
Glossary-9
Glossary-10 local name server
A name server that is authorized for the domain where the access server is located.
local service
Network resource offered by your access server.
loopback test
A access server asynchronous port test during which data is looped to the module.
There are two types of loopback tests: internal and external. The external loopback test requires a loopback connector.
Maintenance Operation Protocol
See MOP .
Management Information Base
See MIB .
Maximum Transmission Unit
See MTU .
MIB
Management Information Base. A listing of variables that can be accessed by SNMP .
MOP
Maintenance Operation Protocol. A maintenance protocol specified in the DIGITAL
Network Architecture (DNA) that is used to implement the Remote Console Facility and to perform downline loads, upline dumps, and loopback tests .
MTU
Maximum Transmission Unit. This specifies the IP datagram size in bytes.
multicast
A process whereby a message sent to one address can be transmitted to a number of nodes affiliated with that address. See also broadcast .
multicast timer
A LAT service characteristic that determines the time interval between each multicast message.
multihomed host
An IP host that has more than one IP address.
name resolution
Internet. Refers to the process of translating a name into a corresponding Internet address. The Internet domain name system provides a mechanism for naming computers in which programs use remote name servers to resolve computer names into
Internet addresses for those computers.
name server
See Internet name server .
NCP
Network Control Program. The DECnet command interface used to configure, control, monitor, and test DECnet networks.
network access server
See access server .
Network Control Program
See NCP .
Network Management Station
See NMS .
network resource
A device (such as a computer or printer) or software application on a network that performs certain functions and can be accessed by devices, such as access servers and computers.
NMS
Network Management Station. Host computer system with software which allows manager to monitor and control networked devices (including access servers) from one location. Typically refers to system which uses SNMP to communicate but may use other protocols.
node
A network system consisting of a computer system and associated network software.
nonprivileged status
The default status for all interactive access server ports. Users at nonprivileged ports can use a subset of the privileged command set to: change some local port characteristics; display information about the access server, its ports, and service nodes; and execute commands required to connect to services. However, nonprivileged users cannot access commands that change the state of the access server or other ports.
Glossary-11
Glossary-12
Nonvolatile Random Access Memory
See NVRAM .
NVRAM
Nonvolatile Random Access Memory. This is a RAM that retains its memory upon power loss.
ODL Font Protocol
On-Demand Loading Font Protocol. A protocol that enables Asian terminals connected to the access server to use the LAT protocol to access Japanese and Chinese
OpenVMS systems on the LAN.
On-Demand Loading Font Protocol
See ODL Font Protocol .
OpenVMS
An operating system for DIGITAL VAX computers.
operational database
The access server database that contains the values that determine the current operating characteristics of the access server. The values are not preserved through initializations , power losses, and port logouts. Contrast with permanent database .
OSF/1
An Open Software Foundation trade mark operating system for DIGITAL VAX computers.
packet
The basic Ethernet network message unit transmitted by the data link layer, which is made up of a preamble and a data stream.
permanent database
The access server database that contains the values that define the permanent operating characteristics of the access server. These values are preserved through initializations , power losses, and port logouts. Contrast with operational database .
port
A physical access point on the access server to which a device can connect. preferred service
A predefined network resource to which the access server attempts to connect a specific port whenever a user at that port enters a CONNECT command without a service name.
print spooler
A program that enables many users to share the printing devices of a system, such as a access server.
privileged status
A port status that can only be set by a user that knows the access server privileged password. Users at privileged ports can execute all communications server commands.
qualifier
A parameter in a command string that modifies the command.
queuing
LAT. The process of putting LAT connection requests for a busy printer or service on a waiting list (queue). Requests are dequeued and processed in the order in which they were entered into the queue-first-in/first-out (FIFO).
RAM
Random Access Memory. This is a read and write memory integrated circuit (IC).
Random Access Memory
See RAM .
RCF
Remote Console Facility. A OpenVMS host function that allows connections to the access server remote console port .
realm
An administrative domain within Kerberos in which users are registered and within which they can be authenticated by passwords.
release notes
A text file that can include any of the following: special instructions for installation, information specific to the current release of the product, and any information omitted from the printed documentation. Release notes can be read on line or printed.
Remote Console Facility
See RCF .
remote console port
A logical port with fixed port characteristics values used by the access server software when communicating using the MOP or Telnet protocol. Users can enter most of the access server commands at the remote console port.
Glossary-13
Glossary-14 remote print queue
A queue on a service node. The queue holds connection requests made from the service node requesting use of a printer (remote printer) on a access server. See host-initiated request .
Request To Send
See RTS .
retransmit limit
The number of times a LAT virtual circuit message is retransmitted to a service node without an acknowledgment message.
root name server
A name serve r that is at the top level in a domain.
RTS
Request To Send. A signal sent by the access server to the port device to indicate that the access server is ready to exchange control signals or data.
secure port
A port set up so that the port user only has access to a limited subset of the nonprivileged user command set.
secure status
A restrictive status that can be imposed on a port to limit the execution of commands on that port to a subset of the nonprivileged command set.
server
A hardware and/or software device which provides many users with access to a system.
service
A network resource offered by a LAT or Internet host.
service circuit-ID
A load host characteristic that identifies which load host Ethernet controller is used to access a specific access server for maintenance functions.
service node
A LAT node that provides a service on the LAN. The access server can be a service node.
service rating
A value assigned to a network resource by the service node to indicate its relative capability to accept new sessions. The rating is scaled from 0 to 255, where 255 is the greatest capacity. Access servers use this rating to choose a service node when a user attempts to connect to a service that is offered by multiple service nodes.
service session
A session between a network resource and a terminal session on a session management terminal.
session
A two-way network communications path between a network resource and either a access server user, a multiuser computer user, or an application program.
session management
A facility provided by some access servers that uses TD/SMP to communicate with a access server device so that the device can process simultaneous, independent, multiple terminal sessions . On the device, the data exchange of multiple sessions can be processed simultaneously regardless of which session is current.
Simple Network Management Protocol
See SNMP .
SLIP
Serial Line Internet Protocol. This protocol uses a simple framing technique to transmit IP datagrams over serial lines.
SLIP host
An Internet host that uses SLIP as its data link.
SNMP
Simple Network Management Protocol. An Internet protocol that is used to manage systems from one or more Internet hosts.
subnet addressing
An addressing technique that allows a site to share a single Internet network address among multiple logical networks, as long as all the hosts and gateways on those networks cooperate. It is a form of hierarchical routing in which the top level of the routing hierarchy, the core gateway system, uses the network portion of the Internet address (when routing packets) to identify the local gateway. The next level, the local gateway, uses part of the host portion of the Internet address to identify the subnet and route packets to it. And finally, the lowest level, the specific host computer, uses the remainder of the host portion of the address to identify and accept packets addressed to it.
Glossary-15
Glossary-16 subnet identifier
This is the part of the network address that is unique to the subnet. It can be determined by logically ANDing the Internet address with the subnet mask.
subnet mask
A 32-bit quantity that enables gateways and host computers to know which bits in the
Internet address correspond to their subnet address and which correspond to their host addresses.
switch characters
Characters interpreted by the access server that cause the access server to switch between sessions or between local and service modes.
synchronous
Pertaining to a communication method in which each event occurs in relation to a timing signal.
TCP/IP
Transport Control Protocol/Internet Protocol. A suite of Internetworking communication protocols of which TCP and IP are the two most fundamental.
TCP port
This is a protocol port number used by TCP/IP. For access servers, this number is mapped to a physical access server port number.
TD/SMP
Terminal Device/Session Management Protocol. An asynchronous, coded syntax used by the access server and a terminal to manage independent multiple terminal sessions simultaneously over a single physical circuit. See session management .
Telnet
Internet. The Internet standard protocol for remote terminal connection service.
Telnet client
See client-server .
Telnet listener
A service that allows resources to be accessible to a TCP /IP network. The service is provided over Telnet, hence the service is commonly referred to as a Telnet listener.
Typically, printers connect to access server ports associated with a listener. However, personal computers and host computers can also connect to such ports and through them access the TCP/IP network.
Telnet server
See client-server .
Terminal Device/Session Management Protocol
See TD/SMP .
Terminal Server Manager
See TSM .
terminal session
A single session on a access server port that is operating under session management control.
Time To Live
See TTL .
TFTP
Trivial File Transfer Protocol. For access servers, this Internet protocol is used to downline load software from a load host to the access server.
transceiver
Hardware equipment that provides an electrical connection to a network cable for a network node .
Transport Control Protocol/Internet Protocol
See TCP/IP .
TRAP message
An SNMP message sent by the agent (in this case, the access server) to one or more designated Internet hosts.
TSM
Terminal Server Manager. Software that runs on a OpenVMS host system. TSM allows a manager to monitor and control multiple access servers from one location.
The access servers must be connected to the same Ethernet LAN as the OpenVMS host system.
TTL
Time To Live. This is a value that shows the time that an Internet host entry in the access server database has left to be refreshed or removed. This value appears in the
SHOW INTERNET HOST STATUS display.
upline dumping
The process of sending a copy of the access server memory to a responding load host , usually following a fatal error. The data is dumped into the unique access server dump file in the access server directory.
Glossary-17
Glossary-18
UDP
User Datagram Protocol. A protocol that is the part of the Internet Protocol that provides datagram service. It distinguishes between multiple destinations on a host, allowing multiple application programs executing on a host to independently exchange
(send and receive) datagrams with multiple application programs on another host.
User Datagram Protocol
See UDP .
virtual circuit
A logical communications path between a access server and a service node . A virtual circuit provides a bidirectional, sequential, timer-based, error-free stream of data.
WAN
Wide Area Network. A network composed of computers connected by communications links that cover distances up to many thousands of miles. Contrast
with LAN .
Wide Area Network
See WAN .
XON/XOFF characters
These characters are used with a form of in-band flow control and are transmitted as
TxD and RxD data.
Symbols
* 4-6
/etc/add_DECserver procedure 4-2
/etc/list_DECserver procedure 4-2
/etc/rem_DECserver procedure 4-2
>>> 5-9
Numbers
3270 emulation 1-2 , 18-1 , 18-19 configuring 18-4 terminal 18-1
A
AARP 8-6
,
8-9
Abort Output (AO) 11-23
,
13-12
ACCESS
Device characteristic 9-2
ACCESS characteristic 9-5
Dynamic 9-5
Local 9-5
None 9-5
Remote 9-5
ACCESS DYNAMIC 21-15
Access field 23-6
Access levels 2-2 limited view 2-2 nonprivileged 2-2 privileged 2-2 secure 2-2
Access server
3270 emulation configuration 1-2 authentication services 22-1 commands 2-1
,
4-6 syntax 2-2 configuration
SLIP ports 1-2
SNMP access 16-5 contact name 11-33 disconnecting from 2-10 displaying 17-10
Index
counters 17-10 to 17-11 status 17-16 summary 17-22 initialization 5-1 , 5-4
Internet address 15-5
LAT network 17-2 location 11-33 managing 17-1 as a LAT node 12-16 mapping 6-16 memory 2-3 , 17-3 modem signals 10-3 network configuration 1-2
NUMBER characteristic 6-12 port configuration 1-2
PPP protocol 19-2 realms 22-27 removing queue entries 11-9 security 22-1 , 22-27
SLIP configuration 1-3 user privilege levels 2-2 username 22-8
Access Server Manager 2-1 , 2-7 , 4-2
ACCESS SERVER NAME characteristic 6-10
Accounting events types 23-3
Accounting host 22-5
Accounting Service Port 22-5
Acquired
AppleTalk ARP display 8-15
Acquiring
AppleTalk status display 8-10
ADD command 4-4
Address
AppleTalk status display 8-11
Address resolution protocol (ARP) 7-18
ALTERNATE SPEED 10-6 , 10-19 , 20-7 characteristic 10-13
ANNOUNCEMENTS characteristic 2-6 , 6-2 , 6-5
ANY protocol 11-6
AppleTalk
Index-1
address 8-2 cache size 8-3 characteristics 8-5 configuring 8-2
DDP packets 8-2 diaplaying routes 8-12 disabling 8-3 displaying counters 8-6 displaying status 8-10 echo packets 8-2 enabling 8-2 managing 8-1 network number 8-2 node number 8-2
Are You There (AYT) 11-23 , 13-12
ARP entries 7-1 , 7-18
ATalk Address
AppleTalk ARP display 8-14
ATCP 8-2 , 19-5 , 19-10
Attached Hosts
AppleTalk status display 8-11
Authentication 16-7
Authentication Host 22-4 , 22-13
AUTOBAUD 9-2
Autoconfigure feature
Domain Name System (DNS) 7-15
AUTOCONNECT 11-33 characteristic 11-15
AUTOCONNECT command 5-6 , 11-5
AUTOCONNECT commands 22-36
AUTOFLUSH characteristic 11-24
AUTOLINK 11-6 , 23-6 to 23-7
AUTOPROMPT characteristic 11-6
AUTOSYNCH characteristic 11-24
AYT 11-23
B
BACKWARD SWITCH character 11-35
Bad
AppleTalk routes display 8-13
Bad Responses 7-10
Bandwidth 17-2
BINARY characteristics 11-21
BOOTP protocol 4-12
Index-2
BOOTP server 7-25
BOOTP/TFTP protocols 4-2
Break (BRK) 11-23 , 13-12
BREAK characteristic 11-36
BROADCAST characteristic 2-6 , 11-37 to 11-38 command 5-7
ALL 11-38
Broadcast errors 8-8
Bytes received 7-22 , 15-14 sent 15-14 transmitted 7-22
C
Cache
AppleTalk status display 8-11
CCR 2-7 , 2-10 , 4-6 to 4-7 , 5-4
CHANGE commands 1-6 , 2-3
INTERNET NAME RESOLUTION DO-
MAIN
SERVER BROADCAST DISABLED 11-38
CHARACTER SIZE
Device characteristic 9-2
CHARACTER SIZE characteristic 11-22 , 13-13
Characteristics announcement 2-6 displaying 2-6
SET/DEFINE/CHANGE
Remote Console port 2-7
Telnet remote console port 2-12
Checksum Errors 8-7
Circuit timer 2-6 characteristic 6-2 , 6-6
Clear To Send (CTS) 10-3 , 10-5
CLEAR/PURGE commands 2-3 , 2-11
INTERNET HOST 7-13
TELNET LISTENER 2-11
Cold start 16-7
Command descriptions 2-3
Command groups 3-2 , 3-4 creating 3-3 dial services 21-2
executing 3-4
Commands
CHANGE 1-6 , 2-3
CLEAR 2-3
CLEAR/PURGE
TELNET LISTENER 2-11
CONNECT 4-6 , 11-11
DEFINE 1-6 , 2-3 definitions 2-3
DELETE 4-5
DSV$CONFIGURE 4-4 , 4-6
LIST 4-6
SERVER 4-4
SHOW 4-6
USE 4-6
HELP TUTORIAL 2-5
LIST 2-3 load hosts 4-4 logout 2-12
MODIFY 4-5
MONITOR 2-3
OPEN 11-11 privileged 2-4
PURGE 2-3
REMOVE QUEUE 11-9
SET 1-6 , 2-3 , 4-5
SHOW 2-3 syntax 2-2
TELNET 11-11
Communications 18-6 network
LAT 1-3
Compressed SLIP (CSLIP) 15-13
Configuration
3270 emulation 1-2 ports 1-2
SLIP 1-3 system administrator tasks 1-2 user interface 1-3
CONNECT command 4-6 , 5-6 , 11-5 to 11-6 ,
11-11 , 11-14 , 15-11
PPP 19-4
SLIP 15-12
Connect time 15-14
Connections number allowed
Telnet remote console port 2-12
Console Carrier Request (CCR) 2-10
Console port 2-1 , 2-6 changing 2-6 remote 2-12 , 4-3
CSLIP automatic 15-13
CTS 10-3 , 10-5 , 10-9 to 10-10 , 10-18 to 10-19 ,
20-8
CTS FLOW CONTROL 9-11 enabling 9-11
D
Data Carrier Detect (DCD) 10-3 to 10-5
Data communication equipment (DCE) 10-2
Data set ready (DSR) 10-3 to 10-5
Data signal rate selector (DSRS) 10-4 , 10-6
Data terminal equipment (DTE) 10-2
Data Terminal Ready (DTR) 10-3 to 10-5
Datagrams 6-16 , 15-7
DCD 10-3 to 10-5 , 10-7 , 10-9 , 10-12 , 10-19
DCE 10-2
DDP 8-7
DECnet 2-10
DECnet node 2-10
DECnet Phase IV 2-8 , 4-2 , 4-5 to 4-7
DECnet Phase IV OpenVMS 4-3
DECnet/OSI 4-2 , 4-5 , 4-7
DECnet/OSI OpenVMS node 2-9 example 2-10
DEFINE command 1-6 , 2-3
DELETE command 4-5
Destination
AppleTalk routes display 8-12
Destination Unreachable 7-23
Device characteristics 9-1 displaying 9-4 port characteristic matching 9-6
DHCP. See Dynamic Host Configuration Protocol 7-27
Dial services 21-1
Index-3
management 1-3
Dialback 21-15 to 21-16
Dialer 21-1 displaying status 21-10 scripts 21-6 defining 21-4 names 21-5 services changing 21-12 characteristics 21-13 defining 21-9
DIALUP characteristic 10-14
DISCONNECT commands 11-14 , 12-15 , 19-4
ALL 11-14
PORT 11-51
DNS 22-7
Do-Binary 11-49
Do-ECHO 11-49
Do-End of Record 11-50
Domain Name 7-8
Domain Name System (DNS) 7-7 autoconfigure utility 7-15 displaying counters 7-9
Domains
Internet 7-7 name characteristic 7-8 name resolution 7-10 modes 7-12 retry limit 7-12 time limit 7-12
Do-Remote FLOW CONTROL 11-50
Do-SGA 11-49
Do-Status 11-49
Down
AppleTalk routes display 8-13
DSR 10-3 to 10-5 , 10-7 , 10-9 to 10-10 , 10-20 ,
11-11
DSR FLOW CONTROL 9-11 , 11-11 enabling 9-11
DSR logout 9-10
DSR/DTR support 10-4
DSRLOGOUT 9-13 , 10-7 , 10-10 , 11-11
Device characteristic 9-2
Enabling 9-13
DSRS 10-4 , 10-6 , 10-9 , 10-12 to 10-13
DSV$CONFIG 4-2
DSV$CONFIGURE 4-2 to 4-3 , 4-7 compatibility 4-3 executing 4-3
DSV$CONFIGURE LIST command 4-5
DSV$CONFIGURE.COM
location 4-3
DTE 10-2
DTR 10-3 to 10-5 , 10-7 , 10-9 , 10-11 to 10-12 ,
10-18 , 10-20
DTR/DSR support 10-3
DTRWAIT 10-11 , 10-18 enabling 10-11
Dump characteristic 2-6
DUPLEX characteristic 11-21
Duplicate Queries 7-10
Duplicate Responses 7-9
Dynamic
ACCESS characteristic 9-5
Dynamic access 13-5 to 13-6
Dynamic Host Configuration Protocol 7-27 display 7-30 setting 7-30
E
EBCDIC 18-16
ECHO characteristic 11-21
Emulation 18-1
3270 1-2 , 18-1 terminal 15-11
TN3270 18-4
End of Record (EOR) 11-23 , 13-12
ENTER PASSCODE> prompt 22-23
Enter username> prompt 11-34
Erase Previous Character (EC) 13-12
Erase Previous Line (EL) 13-13
Error messages broadcast 8-8
DDP 8-7
Hop count 8-8
In Errors 8-8
Index-4
Last Error
Appletalk status display 8-11
NCP 2-8
No Such Name 8-3
Errors framing 15-7 , 17-25 overrun 17-25 parity 17-25
Ethernet 2-8 , 8-14 , 15-3 , 17-2 , 17-10 counters data link 17-10
Ethernet Address
AppleTalk ARP display 8-14
Event field 23-4
F
Fail Answers 7-10
Failover 11-7 disabling 11-7
File transfers 13-7
Flash RAM initialization 5-5 updating 5-5
FLOW CONTROL 11-11
,
11-17
,
20-7 characteristic 11-25 device characteristic 9-2 direction 9-12 disabling 9-12 enabling 9-12
,
11-25
FORMERR Answers 7-10
FORWARD SWITCH character 11-35
Forwarded Requests 8-7
Full MODEM CONTROL 10-3
,
10-13
,
10-15
to
10-16
G
Gateways 7-1 , 22-7 configuring 7-16 defining available hosts 7-17 defining available subnets 7-17
Internet configuring 7-16
GET 16-2
GETNEXT 16-2
Group codes 11-4
H
Help 2-1 , 2-5 , 4-8 command 2-5
HELP TUTORIAL command 1-4 , 2-5
On-line accessing 1-4 example 2-5
Hop Count Errors 8-8
Hosts 2-7 gateway access 7-17
IBM
Terminal emulation 18-4
Internet configuring 7-13 load commands 4-4 configuring 4-4
DECnet Phase IV OpenVMS 4-3
DECnet/OSI OpenVMS 4-3 procedures 4-2
PPP management 1-3 security accounting hosts 22-5
SLIP 15-1 , 15-3 , 15-5
Telnet client 2-12
I
IBM 3270 Information Display Station 18-4
IBM host 18-4
ICMP Messages 7-23
ID field 23-5
IDENTIFICATION characteristic 6-2 , 6-7
In Errors 8-8
In GetNetInfo Responses 8-8
In Local Datagrams 8-7
In Receives 8-7
INACTIVITY LOGOUT characteristic
Enabling 9-14
Inactivity timer
Index-5
characteristic
Changing the timeout period 9-14
SHOW SERVER display 2-6
Initialization access server 5-1 from Flash RAM image 5-5 specifying the software image name 5-5 using NCP 5-7
INITIALIZE command 5-4
DIAGNOSE option 5-6
Tests 5-6
DISABLE option 5-6 specifying the delay value 5-5
INPUT FLOW CONTROL device characteristic 9-2
Input Packets 7-9
Interactive devices 11-1
Interface
AppleTalk ARP display 8-15
AppleTalk routes display 8-13
Internet 2-7 , 11-43 address 2-11 , 22-7 setting 7-3
SLIP hosts 15-5
AND operation 15-5 configuring gateway addresses 7-16 connections 7-23 databases limited view 2-2 displaying counters 7-21 domain name resolution 7-7 hosts 7-13 name servers configuring 7-13
Interrupt Process (IP) 11-23 , 13-12
INTERRUPTS characteristic 13-6
INTERVAL command 22-14
IP address 2-12 , 15-3
IP characteristics autoconfiguration 7-27
IP Error in Header 7-23
IP fragmentation 15-7
IP Fragments Dropped 7-23
Index-6
IP Fragments Received 7-22
IP Packets Received 7-22
IP Packets Transmitted 7-22
IPCP 19-5 , 19-7
IPX 1-3 , 20-1 , 20-5 counters 20-25 setting 20-29 routes 20-28
IPXCP 20-2
K
KDC 22-6 , 22-8 , 22-11
Keepalive timer 7-1 , 7-19 characteristic 6-8
SHOW SERVER display 2-6
Kerberos 22-1 to 22-3 , 22-6 , 22-8 , 22-10 , 23-8 authentication 22-10 configuring 22-6 counters port authentication 22-12 defining passwords 22-11 displaying characteristics 22-9 counters 22-11 realms 22-6
Key distribution center (KDC) 22-6
Keyboard maps 18-3 , 18-11 , 18-13 to 18-14
Keywords
DSV$CONFIGURE
SERVER 4-4 server 4-4 secret 22-23
KPASSWD command 22-11
L
Last Error
AppleTalk status display 8-11
LAT 22-16 , 23-7 characteristics 6-1 to 6-2 displaying services 17-8 displaying charcateristics 6-4
network communications 1-3 , 17-2 networks 4-1 , 11-16 , 12-13 , 15-11 protocol 17-2 counters 17-10 protocols 11-6 service 21-1 service node 2-8 , 11-10 , 12-16
Services limited view 2-2 services 1-2 , 11-43 , 11-46 , 17-2 access configuration 12-3 configuring a computer as 12-7 configuring a modem as 12-8 configuring ports 12-2 counters 17-5 displaying characteristics 12-16 initialization 5-2 node status 17-3 preferred 11-33 enabling 11-33 printers configuring as 12-9 remote print queue 12-9 verifying 12-15 sessions 11-3
LAT control program (LCP) 12-9
LAT protocol 23-6
LATCP 12-9
LCP 19-12
Learning
Appletalk status display 8-10
Learning IP characteristics 7-25
Limited view 2-2 , 17-8 command 12-20
Line down 16-7
Line up 16-7
LIST command 2-3
APPLETALK CHARACTERISTICS 8-5
DSV$CONFIGURE 4-6 example 4-6
Load hosts 21-1 commands 4-4
DECnet/OSI OpenVMS 4-3
Initialization 5-5 management 1-3 procedures 4-2
Local
ACCESS characteristic 9-5
Local access 23-5 , 23-7
Local Area Transport (LAT) 1-3
LOCAL SWITCH characteristic 11-36
LOCAL> prompt 4-8
LOCK characteristic 2-6 , 11-39
Login events 23-8 to 23-9
RADIUS attributes 22-16 retries 22-4
LOGOUT commands 10-19 , 11-14 , 11-40
PORT 11-14 , 11-51
PORT CONSOLE 2-12
Logout events 23-8 to 23-9
LONGBREAK LOGOUT 10-7 , 10-10 , 11-11 ,
13-5
Device characteristic 9-3 enabling 9-13
Lookup Replies 8-8
Lookups Received 8-8
LOSS NOTIFICATION characteristic 11-38
LTLOAD.COM file 12-10
M
Management system administrator tasks 1-3
Management Information Bases (MIBs) 16-3
Master host 22-23
Maximum receive unit (MRU) 15-7
Maximum segment size (MSS) 15-7
Maximum transmission unit (MTU) 15-7
MDS protocol 4-2
Memory 1-5 , 2-3 , 17-2 to 17-3
Menus 3-2 , 3-5 , 3-11 defining 3-8 displaying 3-5
MESSAGE VERIFICATION characteristic
MIBs
11-26
Index-7
MODE command 21-14
MODEM CONTROL 10-3 , 10-9 to 10-10 ,
10-12 , , , , characteristic enabling
Modem signals 10-1 , 10-3
Access server type 10-3 access server type 10-3 description 10-5
Full MODEM CONTROL 10-3
MODEM CONTROL 10-3
Modems 19-3 configuring 10-15 , 12-6
Configuring as Telnet listener 13-3 dial-in 10-15
SLIP protocol 15-10 dial-out 10-16 strings 21-4
MODIFY command 4-5
MONITOR command 2-3
MOP protocol 2-7 , 4-3 , 4-5 , 5-4 , 23-6 to 23-7
MRU value 15-7
MSS 15-7
MTU value 15-7 , 15-12 changing 15-7
Multicast timer characteristic 6-2 , 6-9
SHOW SERVER display 2-6
MULTISESSION characteristic 11-13
Multisessions logging in 11-15
N
Name
AppleTalk status display 8-11
NAME characteristic 6-2
Name servers characteristic learned 7-8 local 7-8
NBP 8-8
NCL 4-6
NCL SHOW command 4-5
NCP 2-7 to 2-8 , 5-4
NCP SHOW NODE 4-5
Network
AppleTalk status display 8-11
Network communications
LAT 1-3 , 17-2
TCP/IP 1-3
Network configuration 11-4
Network Control Program (NCP) 2-8
Network Management Station (NMS) 16-1
NEWLINE characteristics 11-24 , 13-13
Next Hop
AppleTalk routes display 8-12
NMS 16-1 to 16-2 , 16-9 configuring 16-10
No operation (NOP) 13-13
No Protocol Handlers 8-7
Node limit 2-6 characteristic 6-2 , 6-11
None
Access characteristic 9-5
Nonprivileged 2-2
Non-volatile random access memory (NVRAM)
2-3
NOP 13-13
Novell/NetWare 20-6
NUMBER characteristic 6-12
NVRAM 1-5 , 2-3 , 3-8 , 5-1 , 8-3 , 16-8 , 18-9 ,
18-17 to 18-18 , 21-4
O
Object
AppleTalk status display 8-11
Off
AppleTalk status display 8-10
OK Answers 7-9
OPEN command 11-11
OpenVMS 4-2
DECnet 2-8
DECnet/OSI 2-7
Phase IV 2-7
Out GetNetInfo Requests 8-8
Out Longs 8-8
Out No Routes 8-8
Out Requests 8-7
Out Shorts 8-8
Index-8
OUTPUT FLOW CONTROL device characteristic 9-3
Output Packets 7-9
P
Packet forwarding 15-3
Packets received 15-14
Packets sent 15-14
PAP 20-8
PARITY
Device characteristic 9-3
Parity errors 17-25
PASSALL 11-36
PASSCHECK characteristic 6-13
Password authentication type defining 22-25
Password fail 23-9
Password limit 2-6 characteristic 22-38
SHOW SERVER display 2-6
Password modified events 23-10
Passwords 2-12 , 20-6 , 22-2 , 22-37 changing 22-11
Kerberos 22-8 maintenance 2-8 , 2-12 resetting 2-4 service 12-5
SERVICE PASSWORD, use in command line 2-8
PASTHRU 11-36
Peer field 23-7
Personal computer (PC) configuring 13-5
Personal identification number (PIN) 22-23
PIN code 22-24
PING 11-44 , 23-6 to 23-7
Point-to-point protocol (PPP) 1-3
Port characteristics character size 11-10 device characteristic matching 9-6 displaying 17-24 to 17-25
LOSS NOTIFICATION 11-10 parity 11-10 remote modification 11-10 speed 11-10
TN3270 18-20 to 18-21
Port Failover disabling 11-7
Port field 23-5
Port name assigning 12-4
Port queuing characteristic 11-7 disabling 11-8 enabling 11-7
Ports
ACCESS DYNAMIC 13-5 captive 3-11 configuration 1-2 , 15-8 to 15-9 , 20-8 , 22-9 ,
22-16 number allowed 2-12 security authorizations 22-3 displaying authorization 22-31 counters 17-25 to 17-26 status 17-27 summary 17-29
SLIP hosts 15-5
Power loss 1-5
PPP characteristics 19-5 changing 21-16
PPP protocol 1-2 , 11-6 , 19-1 , 19-3 , 23-6 to 23-7
Counters 19-18
Hosts 19-1 management 1-3
Protocols
PPP 22-16
Status
Displaying 19-12
Printers
Configuring 13-2 configuring 12-13 , 13-5 configuring as a LAT service 12-9
Privileged command 2-2 enabling 2-4
Index-9
Privileged password changing 2-4
Prompts 4-4
>>> 5-9 changing 17-10
ENTER PASSCODE> 22-23
Enter username> 11-34
LOCAL> 2-6 , 4-8
Local> 2-2
SecurID 22-23
Prot field 23-6
Protocols
ANY 11-6
BOOTP 4-12
BOOTP/TFTP 4-2
MDS 4-2
MOP 2-7 , 23-7
PPP 1-2 to 1-3 , 11-6 , 23-7
SLIP 1-3 , 11-6 , 22-16 , 23-7
Telnet 22-37
TFTP 4-12
Protocols Telnet 11-6
PURGE command 2-3
Q
Queue limit characteristic 6-14
SHOW SERVER display 2-6
Quote 11-23
R
RADIUS 21-15 security 22-2 servers 22-1 , 22-13 , 22-15
Attributes
Login 22-16 attributes 22-17 to 22-22
Administrative-User 22-16
Callback-Framed 22-16
Callback-Login 22-16
Callback-NAS-Prompt 22-16 framed 22-16
Index-10
NAS-Prompt 22-16 authorization 22-2 configuring 22-13 realms 22-13 user authorizations 22-14 user permissions 22-16
User-Service-Type attribute 22-16
Reacquiring
AppleTalk status display 8-10
Realms defining SecurID 22-25
Kerberos 22-6 local setting 22-27
SecurID 22-24 to 22-25
Reason field 23-7
Receive Packets Lost 15-14
Received 7-22
Registering
AppleTalk status display 8-10
Remote
ACCESS characteristic 9-5
AppleTalk ARP display 8-14
Remote access 23-5 , 23-7
REMOTE characteristic 10-2
Remote console port 2-1 , 2-7 , 4-3 features 2-7 local switch character 2-7 sessions limit 2-7
Telnet 2-12
Remote console sessions communications 2-7
REMOTE_PRINT.COM file 12-10
REMOVE QUEUE commands 11-9
ALL 11-9
SERVICE 11-9
Request Status 11-44
Request To Send (RTS) 10-3 , 10-5
Resolution Host Limit characteristic 7-8
Resolution Mode characteristic 7-8
Resolution Retry Limit characteristic 7-8
Resolution Time Limit characteristic 7-8
RESPONDER characteristic 6-16
Response Information 6-16
Resume Output 11-44
Retransmit limit characteristic 6-15
SHOW SERVER display 2-6
RI 10-3 to 10-5 , 10-9
RING characteristic 10-12
RING Indicator (RI) 10-3 to 10-4
Ring Indicator (RI) 10-5
Router Lost 8-8
RTMP 8-8
RTS 10-3 , 10-5 , 10-9 , 10-12 to 10-13 , 10-18
Rx Field 23-8
S
Seconds Since Last Validated
AppleTalk routes display 8-13
Secrets 22-4
SecurID 22-23
Secure access level 2-2
SecurID 22-1 , 22-3 , 22-24 attributes 22-25 vendor-specific 22-26 configuring ports 22-24 hosts 22-23 realms 22-3 , 22-25 secrets 22-23 tokencodes 22-23 user authorizations 22-25 user permissions 22-26
Security accounting host 22-5 authentication services 22-1 configuring Kerberos 22-6 default realms 22-4 displaying characteristics 22-28 configuration 22-28 counters 22-31
Kerberos 22-2 , 22-6
Kerberos authentication 22-10
RADIUS 22-2 attributes 22-16 servers 22-13 realms secret 22-4
Security server 22-5
Segments Discarded 7-22
Send Packets Lost 15-14
Send Packets Queued 15-14
Serial line internet protocol (SLIP) 15-1
SERVER keyword 4-4
Server name 4-4
Server queue limit characteristic 11-8
Server-name keyword 4-4
Service Announcement 6-16
Service connections characteristic 11-8
Service groups 2-6
Service name 12-3
SERVICE PASSWORD 2-8
Session characteristics
Displaying 11-48
Session connect attempt events 23-9
Session disconnect events 23-8 to 23-9
Session limit setting 11-45
SHOW SERVER display 2-6
Sessions displaying 11-46
Internet host 11-43 managing 11-43 terminating 11-51
Sessions, terminal 15-11
SET command 2-3
SET commands 1-6 , 4-5
Device characteristics 9-2
HOST/MOP 2-7 , 2-9 , 5-4
PASSWORD LIMIT 22-10
PRIVILEGED 2-4 , 6-2 , 11-14 , 21-1 example 2-4
SERVER PRIVILEGED PASSWORD
Example 2-4
SESSION 11-21
SET PRIVILEGED command 21-2
SET/DEFINE/CHANGE commands 2-3
INTERNET TCP KEEPALIVE RETRY
7-19
Index-11
INTERNET TCP KEEPALIVE TIMER 7-19
PORT 11-14
PORT characteristics 2-7
Short DDP Errors 8-7
SHOW command
INTERNET COUNTERS 7-21
SHOW commands 2-3 , 8-6 , 8-10
APPLETALK ROUTES 8-12
DSV$CONFIGURE 4-6
INTERNET NAME RESOLUTION 7-7
INTERNET NAME RESOLUTION
COUNTERS
NODE
PORT
PORT CHARACTERISTICS 11-24 port characteristics 18-21
PORT SESSION STATUS 11-27
QUEUE ALL 11-9
SERVER 2-6 , 6-4 example 2-6
SERVER STATUS 2-12
SHOW/LIST/MONITOR commands 2-3
INTERNET HOST 7-13
SHOW/MONITOR commands
APPLETALK STATUS 8-5
QUEUE 11-8
Signal Check characteristic enabling 10-10
Signal check 9-10 characteristic 10-10
SIGNAL CONTROL 10-10 , 10-12
Signal control 12-13 , 13-5 characteristic 10-7 enabling 10-8
SIGNAL REQUEST characteristic 11-22
SIGNAL SELECT characteristic 10-9 enabling 10-9
Simple network management protocol (SNMP)
16-1
Slave host 22-23
SLIP protocol 11-6 , 15-1 , 22-16 , 23-6 to 23-7 communications 15-1 compressed 15-13 connecting 15-12
CSLIP 15-13 dedicated ports configuring 15-9 displaying characteristics 15-4 hosts 15-1 , 15-3 , 15-8
Internet address 15-5 modems 15-10 packet forwarding 15-3 ports 1-2 configuration 1-3
SLIP hosts
Internet address 15-5
SMI 10-3 , 10-5 , 10-13
SNMP 1-3
SNMP Community Fail 23-6
SNMP community fail events 23-7 , 23-9
SNMP community modified events 23-10
SNMP protocol 16-1 community name 16-9 community names 16-2
PUBLIC 16-5 removing 16-8 disabling 16-5 displaying 16-5 enabling 16-5 operations 16-2
Protocols
SNMP 23-2
SET command 16-2
SNMP requests 8-2
SNMP_IP 23-7
Software image 4-1 , 5-5 , 21-1
Loading 5-8
SHOW SERVER display 2-6
Software product description (SPD) 10-3
Solicit Information 6-16
SPD 10-3
SPEED characteristic 9-3 , 10-6
Speed Mode Indicator (SMI) 10-3 , 10-5
State
AppleTalk status display 8-10
State characteristic 8-5
Status
Index-12
AppleTalk ARP display 8-14
AppleTalk routes display 8-13
STOP BITS
Device characteristic 9-3
Subnet mask 22-7 defaults 7-4
Subnets 15-5 routing 7-17
Suspect
AppleTalk routes display 8-13
SWITCH CHARACTER characteristic 11-26
Configuring 11-27
Synch 11-23
T
TCP keepalive timer 7-1 , 7-19
TCP Segments 7-22
TCP/IP 4-2
TCP/IP network 10-14 , 11-6 , 11-11 characteristics 7-1
TCP/IP protocol 15-11 network communications 1-3
TD/SMP 11-13
Telent protocol 23-6
Telnet 2-7 , 11-44 , 22-16 , 23-7
Telnet client configuring session characteristics 11-21
IP address 2-12 session characteristics 11-18 to 11-19
TELNET command 11-11
Telnet listener 1-2 , 2-11 , 11-46 , 13-2 , 21-1
Computer, configuring as 13-3
Configuring 13-11 initialization 5-3
Modems, configuring as 13-3
Printers, configuring as 13-2
Telnet protocol 11-6 , 22-37
Telnet remote console 2-7 , 2-11 , 5-4 initialization 5-4 port connections, number allowed 2-12
Telnet remote console port characteristics 2-12
Telnet sessions 11-4 interactive devices configuring 11-11
Terminal device/session management protocol
(TD/SMP)
Terminal Server Manager (TSM) 2-8
Terminal sessions 15-11
TERMINAL type characteristic 11-27
TEST INTERNET 11-44
TFTP protocol 4-12
Time field 23-4
Timeouts 22-4
Timers circuit 2-6 inactivity 2-6 keepalive 2-6 multicast 2-6
TN3270 18-1 , 18-17 , 23-6
TN3270 ATOE 18-16
TN3270 ETOA 18-16
Toggle Echo 11-23
Tokencodes 22-23
Too Long Errors 8-7
Too Short Errors 8-7
Tools, management 2-1
Access server commands 2-1 console port 2-1
Help 2-1
Total Queries 7-9
Total Response 7-9
TRANSMIT characteristic 11-21
Transmitted 7-22
TRAP 16-2 messages disabling 16-8
Truncated Responses 7-10
Tx field 23-8
TYPE
Device characteristic 9-3
Type
AppleTalk status display 8-11
U
UART chip 20-15
to
20-16
UDP Datagrams 7-24
UDP ports 22-5
Index-13
ULTRIX 4-2 , 22-6
DECnet 2-7
UNIX 22-6
UNIX/OSF 4-2
UNIX/OSF/1 4-2
Unsent probes 8-6
Unsent responses 8-7
Up
AppleTalk routes display 8-13
AppleTalk status display 8-11
USE command 4-6
User accounts 22-1 , 22-3 changing usernames 22-11
User authentication 1-2
User field 23-8
User groups 2-3 , 11-41 assigning 11-42
CLEAR/PURGE commands 2-3 command definitions 2-3 command descriptions 2-3 remote console port 2-7
SET/DEFINE/CHANGE commands 2-3
SHOW/LIST/MONITOR commands 2-3
User interface 1-2 , 3-1 configuration 1-3
User privilege level modified events 23-10
V
VERIFICATION characteristic 11-39
Disabling 11-39
Volatile Random Access Memory (VRAM) 2-3
VRAM 1-5 , 2-3
W
Wildcards, using in command line 4-6
Will-Binary 11-49
Will-Echo 11-49
Will-End of Record 11-50
Will-Remote FLOW CONTROL 11-50
Will-SGA 11-49
Will-Status 11-49
Will-Terminal Type 11-50
Windows Internet Naming Service (WINS) autoconfigure feature 7-31
Index-14
X
XON/XOFF 9-10 , 20-7
FLOW CONTROL 9-10 characters 11-25 enabling 9-11
Z
ZERO INTERNET NAME RESOLUTION
COUNTERS command 7-9
ZIP 8-8
Zone
AppleTalk status display 8-11
advertisement
Related manuals
advertisement
Table of contents
- 38 Overview
- 38 Introduction
- 38 In This Chapter
- 38 Configuration Tasks for System Administrators
- 38 Configuration Tasks
- 38 Management Tasks for System Administrators
- 38 System Management Tasks
- 38 User Tasks
- 38 Introduction
- 38 Accessing Online Help
- 38 Storage of Configuration Settings and Changes in Memory
- 38 Memory Types
- 38 Power Loss
- 38 Commands to Display and Change Configuration Settings
- 38 Introduction
- 38 Types of Commands That Operate on Configuration Settings
- 39 Overview
- 39 Introduction
- 39 In This Chapter
- 39 Access Server Commands
- 39 Introduction
- 39 Levels of Access Server Commands
- 39 User Groups
- 39 Command Definitions
- 39 Privileged Commands
- 51 Introduction
- 51 HELP TUTORIAL Command
- 51 HELP Command
- 51 Console Port
- 51 Displaying Port Parameters
- 51 Example: SHOW SERVER Command
- 51 Remote Console Port
- 51 Description
- 51 Features of the Remote Console Port
- 51 Communications Utilities for Remote Console Sessions
- 51 Network Control Program (NCP)
- 51 Use of SET HOST/MOP from a DECnet/OSI OpenVMS Node
- 51 Use of CCR from an ULTRIX DECnet Node
- 51 Telnet Remote Console
- 51 Characteristics of the Telnet Remote Console Port
- 51 Access Server Manager
- 51 Description
- 51 Functions
- 51 Related Information
- 52 Overview
- 52 Introduction
- 52 In This Chapter
- 52 Command Groups and Menus
- 52 Description
- 52 Using Command Groups
- 52 Creating a Command Group
- 52 Executing a Command Group
- 52 Displaying a Command Group
- 52 Purging a Command Group
- 52 Using Menus
- 52 Displaying a List of Enabled Menus
- 52 Entering Menu Mode
- 52 Assigning a Default Menu to a Port
- 52 Menu Windows
- 52 Defining Menus
- 52 Introduction
- 52 Main Menu
- 52 Main Menu Display
- 52 Defining Menu Choices
- 52 Displaying a Selected Menu
- 75 Exiting from a Menu
- 75 Using Menus to Set Up a Captive Port
- 75 Displaying a Menu Definition
- 75 Purging Menu Lines and Entire Menus
- 76 Overview
- 76 Introduction
- 76 In This Chapter
- 76 Load Host Procedures
- 76 Description
- 76 DSV$CONFIGURE
- 76 Introduction
- 76 Backward Compatibility of DSV$CONFIGURE
- 76 Executing DSV$CONFIGURE
- 76 ADD Command
- 76 MODIFY and SET Commands
- 76 DELETE Command
- 76 LIST and SHOW Commands
- 76 CONNECT and USE Commands
- 76 DSVCONFIG
- 76 Introduction
- 76 DECserver Configuration Procedure
- 76 DSVCONFIG Menu
- 76 Using a BOOTP/TFTP Server
- 76 Introduction
- 76 IP Address Configuration Via BOOTP
- 76 Remote Connection Password
- 76 Upline Dumping
- 76 Introduction
- 76 Upline Dumps with MOP Hosts
- 76 Upline Dumps with BOOTP/TFTP Hosts
- 76 Terminal Server Manager (TSM)
- 76 Introduction
- 77 Overview
- 77 Introduction
- 77 In This Chapter
- 77 Preparing LAT Services for Initialization
- 77 Do This
- 96 Preparing Telnet Listeners for Initialization
- 96 Do This
- 96 Initializing the Access Server
- 96 Using the INITIALIZE Command
- 96 Default Mode for the INITIALIZE Command
- 96 Specifying Initialization from a Load Host
- 96 Specifying an Image Name When Initializing
- 96 Updating Flash RAM
- 96 Specifying a Delay Value with INITIALIZE
- 96 Using the DIAGNOSE Option with INITIALIZE
- 96 INITIALIZE DIAGNOSE Option Tests
- 96 Specifying the DISABLE OPTION with INITIALIZE
- 96 Using NCP to Initialize the Access Server
- 96 NCP Initialization Commands
- 96 NCP Reference
- 96 Booting from the Network
- 96 Loading the Software Image
- 96 Determining Boot Protocols
- 96 Reference
- 96 Booting Using Console Commands
- 96 Introduction
- 96 Procedure
- 96 Boot Command Options
- 97 Overview
- 97 In This Chapter
- 97 LAT Characteristics
- 97 Preparing to Change LAT Characteristics
- 97 LAT Characteristic Summary
- 97 Displaying LAT Characteristics
- 97 Command To Use
- 97 LAT Characteristics Display Example
- 97 ANNOUNCEMENTS Characteristic
- 97 Introduction
- 97 Configure Announcements Example
- 97 CIRCUIT TIMER Characteristic
- 97 Introduction
- 97 Changing the CIRCUIT TIMER
- 97 IDENTIFICATION Characteristic
- 97 Introduction
- 97 Changing the Server Identification String
- 97 Removing an Identification String
- 108 Identification String in a Login Procedure Display
- 108 KEEPALIVE TIMER Characteristic
- 108 Introduction
- 108 Keepalive Timer Default Values
- 108 Keepalive Timer Example
- 108 MULTICAST TIMER Characteristic
- 108 Introduction
- 108 Multicast Timer Default Values
- 108 Changing Multicast Timer Values Example
- 108 ACCESS SERVER NAME Characteristic
- 108 Introduction
- 108 Default Access Server Name
- 108 Changing the ACCESS SERVER NAME
- 108 NODE LIMIT Characteristic
- 108 Introduction
- 108 Changing the Access Server NODE LIMIT
- 108 Access SERVER NUMBER Characteristic
- 108 Introduction
- 108 Access SERVER NUMBER Values
- 108 Changing the Access SERVER NUMBER
- 108 PASSCHECK Characteristic
- 108 Introduction
- 108 Changing the PASSCHECK Characteristics
- 108 PASSCHECK Characteristic Example
- 108 QUEUE LIMIT Characteristic
- 108 Introduction
- 108 Special QUEUE LIMIT Values
- 108 Changing the QUEUE LIMIT
- 108 RETRANSMIT LIMIT Characteristic
- 108 Introduction
- 108 RETRANSMIT LIMIT Values
- 108 Changing the RETRANSMIT LIMIT Characteristic
- 108 RESPONDER Characteristic
- 108 Access Server Mapping
- 108 Datagram Types
- 108 Changing the RESPONDER Characteristic
- 108 Service Groups
- 108 Introduction
- 108 Viewing Service Groups
- 108 Changing Access Server Service Groups
- 108 Changing Service Groups Examples
- 127 Overview
- 127 Introduction
- 127 In This Chapter
- 127 Configuring the Internet Address and Subnet Mask
- 127 Tasks
- 127 Alternative: Learning IP Information
- 127 Setting the Internet Address
- 127 Setting an Internet Subnet Mask
- 127 Displaying the Internet Address and Subnet Mask
- 127 Configuring Domain Name System (DNS) Characteristics
- 127 Tasks
- 127 Displaying DNS Characteristics
- 127 Displaying the DNS Counters
- 127 Configuring the Default Name Resolution Domain
- 127 Changing the Time Limit
- 127 Changing the Retry Limit
- 127 Changing the Name Resolution Mode
- 127 Configuring a List of Commonly Used Internet Hosts
- 127 Configuring a List of Internet Name Servers
- 127 Assigning DNS Server Addresses Automatically
- 127 Configuring a List of Internet Gateway Addresses
- 127 Introduction
- 127 Displaying a List of Gateway Addresses
- 127 Configuring a Default Gateway
- 127 Defining Networks Available Through a Specific Gateway
- 127 Defining Subnets Available Through a Specific Gateway
- 127 Defining Hosts Available Through a Specific Gateway
- 127 Configuring a List of Internet ARP Entries
- 127 Introduction
- 127 Displaying the List of Internet ARP Entries
- 127 Defining an ARP Entry
- 127 Setting the TCP Keepalive Timer
- 127 What the Timer Does
- 127 Setting the Timer
- 127 Disabling the Timer
- 127 Setting Timer Retries
- 127 Displaying Timer Characteristics
- 127 Displaying the Internet Counters
- 127 Using the SHOW Command
- 127 Internet Counters Display Example
- 127 Internet Counter Display Fields
- 127 Learning IP Information From a BOOTP Server
- 151 Introduction
- 151 BOOTP Server Configuration
- 151 Learning Operation
- 151 Setting Up IP Configuration Learning
- 151 Learning IP Information From a DHCP Server
- 151 Description
- 151 BOOTP and DHCP Differences
- 151 DHCP Client Operation
- 151 DHCP Proxy Operation
- 151 Enabling and Disabling DHCP
- 151 Displaying the DHCP Setting
- 151 Configuring Default Values
- 151 Overriding DHCP-Learned Values
- 151 Assigning WINS Server Addresses
- 151 What Does WINS Do?
- 151 What Is WINS Autoconfigure?
- 151 Operation
- 151 Assigning WINS Addresses
- 151 Displaying WINS Characteristics
- 152 Overview
- 152 Introduction
- 152 In This Chapter
- 152 Configuring AppleTalk on an Access Server
- 152 Introduction
- 152 AppleTalk Address Format
- 152 Enabling AppleTalk
- 152 Disabling AppleTalk
- 152 Setting AppleTalk Address Cache Size
- 152 Displaying AppleTalk Characteristics
- 152 Commands
- 152 Displaying AppleTalk Characteristics Example
- 152 Fields in the AppleTalk Characteristics Display
- 152 Displaying AppleTalk Counters
- 152 Command
- 152 Displaying AppleTalk Counters Example
- 152 Fields in the AppleTalk Counters Display
- 152 AARP Values
- 152 Displaying AppleTalk Status
- 152 Command
- 152 Displaying AppleTalk Status Example
- 152 Fields in the AppleTalk Status Display
- 156 Displaying AppleTalk Routes
- 156 Command
- 156 Displaying AppleTalk Routes Example
- 156 Fields in the AppleTalk Routes Display
- 156 Displaying AppleTalk ARP Entries
- 156 Introduction
- 156 Command
- 156 Displaying AppleTalk ARP Entries Example
- 156 Fields in the AppleTalk ARP Display
- 157 Overview
- 157 Introduction
- 157 In This Chapter
- 157 Configuring Basic Device Characteristics
- 157 Introduction
- 157 Command
- 157 Basic Device Characteristic Summary
- 157 Displaying Basic Device Characteristics
- 157 Command
- 157 Displaying Port Characteristics Example
- 157 Configuring the ACCESS Characteristic
- 157 Description
- 157 Command
- 157 Defining the ACCESS Characteristic Example
- 157 Matching the Port and Device Characteristics
- 157 Introduction
- 157 AUTOBAUD
- 157 CHARACTER SIZE
- 157 PARITY
- 157 SPEED
- 157 STOP BITS
- 157 Configuring the FLOW CONTROL Characteristic
- 157 Introduction
- 157 Flow Control Types
- 157 XON/XOFF
- 157 FLOW CONTROL Direction
- 157 Specifying the Automatic Logout Characteristics
- 157 Introduction
- 157 Specifying DSRLOGOUT
- 172 Specifying LONGBREAK LOGOUT
- 172 Specifying INACTIVITY LOGOUT
- 172 Specifying the INACTIVITY TIMER
- 173 Overview
- 173 Introduction
- 173 In This Chapter
- 173 DTE/DCE Device Configuration
- 173 Port Configuration
- 173 Determining the Supported Modem Signals
- 173 Access Servers and MODEM CONTROL
- 173 Access Server Types and Supported Modem Signals
- 173 Modem Signals Description
- 173 Types of Modem Signal
- 173 Specifying MODEM CONTROL and SIGNAL CONTROL
- 173 Introduction
- 173 Logging Out the Port with DSRLOGOUT or LONGBREAK LOGOUT
- 173 Computer Interface
- 173 Specifying SIGNAL SELECT
- 173 Introduction
- 173 Determining When to Use a Signal Set
- 173 Specifying SIGNAL CHECK
- 173 Introduction
- 173 Specifying DTRWAIT
- 173 Description
- 173 Enabling DTRWAIT Example
- 173 Specifying RING
- 173 Description
- 173 Specifying ALTERNATE SPEED
- 173 Description
- 173 Specifying DIALUP
- 173 Description
- 173 Sample Modem Configurations
- 173 Introduction
- 173 Configuring a Dial-In Modem on a Full MODEM CONTROL Server
- 173 Configuring a Dial-In Modem on a MODEM CONTROL Server
- 173 Configuring a Dial-Out Modem on a Full MODEM CONTROL Server
- 173 Configuring a Dial-In and Dial-Out Modem on a Full MODEM CONTROL Server
- 173 Configuring a Dial-Out Modem on a MODEM CONTROL Server
- 173 Configuring a Dial-In and Dial-Out Modem on a MODEM CONTROL Server
- 173 MODEM CONTROL Sequences
- 173 Introduction
- 209 Establishing a Connection
- 209 Response to Momentary Loss of CTS
- 209 Disconnecting
- 209 Configuring DTR and DSR Signals
- 209 Introduction
- 209 Port Characteristic Effects on the DTR and DSR Signals
- 210 Overview
- 210 Introduction
- 210 In This Chapter
- 210 Configuring an Interactive Device for LAT Sessions
- 210 Sample Network Configuration
- 210 Configuring LAT Group Codes for Interactive Devices
- 210 Specifying AUTOCONNECT
- 210 Specifying AUTOPROMPT
- 210 Specifying the Default Protocol
- 210 Specifying Failover
- 210 Configuring Port Queuing
- 210 Displaying Access Server Queue Entries
- 210 SHOW QUEUE ALL Display Example
- 210 Removing Entries from the Access Server Queue
- 210 Configuring Port Characteristics
- 210 Configuring an Interactive Device for Telnet Sessions
- 210 Introduction
- 210 Configuring a Device on Port 6 for Internet Hosts Example
- 210 Reference
- 210 Configuring a Session Management (TD/SMP) Terminal
- 210 Introduction
- 210 How to Configure
- 210 Benefits and Restrictions Summary
- 210 Local Mode Command Restrictions During Session Management
- 210 Logging In with Multisessions
- 210 Configuring On-Demand Loading for Asian Terminals
- 210 Introduction
- 210 On-Demand Loading Configuration Example
- 210 Disable Switch Character
- 210 Configuring for Block-Mode Terminals
- 210 Description
- 210 Buffer Size
- 210 Specifying the Telnet Client Session Profile
- 210 Introduction
- 215 Profiles Types
- 215 Profile Characteristics
- 215 Telnet Client Session Characteristics Predefined for Each Profile
- 215 Configuring Individual Telnet Client Session Characteristics
- 215 Modifying Telnet Session Characteristics
- 215 Specifying ECHO Characteristics
- 215 Specifying the BINARY Characteristic
- 215 Specifying CHARACTER SIZE
- 215 Mapping Keyboard Characters to Telnet Functions
- 215 Telnet Keymapping Functions
- 215 Specifying AUTOFLUSH
- 215 Specifying AUTOSYNCH
- 215 Specifying Telnet Client Newline
- 215 Specifying FLOW CONTROL
- 215 Specifying MESSAGE VERIFICATION
- 215 Specifying the SWITCH CHARACTER
- 215 Specifying a Preferred Terminal Type
- 215 Managing Access Server User Accounts
- 215 Minimal Setup for Local User Accounts
- 215 Optional Setup for Local User Accounts
- 215 SHOW/LIST/MONITOR USERACCOUNT Display
- 215 Service Permissions Access
- 215 User Account Command Parameters
- 215 Access Command Variables
- 215 Managing Users
- 215 Providing a Contact Name and Access Server Location
- 215 Specifying Preferred Service for LAT or Telnet Resources
- 215 Specifying the Port USERNAME
- 215 Specifying Keys to Switch Between Sessions
- 215 Defining the Break Key
- 215 Specifying a Key to Switch to Local Mode
- 215 Specifying BROADCAST
- 215 Specifying LOSS NOTIFICATION
- 215 Specifying Message Codes
- 215 Specifying VERIFICATION
- 215 Specifying Lock
- 215 Displaying Information About the Users
- 215 Specifying User Groups
- 215 Managing Sessions
- 215 Initiating a Session to a LAT Service
- 215 Initiating a Session to an Internet Host
- 215 Sending Telnet Functions to a Remote Telnet Server
- 215 Controlling the Number of Sessions
- 215 Displaying Session Information
- 215 Displaying Session Characteristics
- 261 Displaying Session Status
- 261 Terminating Sessions
- 262 Overview
- 262 Introduction
- 262 In This Chapter
- 262 Configuring a Port to Offer a LAT Service
- 262 Configuration Parameters
- 262 Configuring Access to a LAT Service
- 262 Assigning a Service Name
- 262 Enabling Announcements
- 262 Assigning an Identification String
- 262 Assigning a Port Name
- 262 Specifying the Service Password
- 262 Configuration of Specific Types of Devices As LAT Services
- 262 Introduction
- 262 Configuring a Personal Computer As a Terminal and LAT Service
- 262 Configuring a Computer As a LAT Service
- 262 Configuring a Modem As a LAT Service
- 262 Configuring a Printer As a LAT Service
- 262 Setting Up a LAT Remote Print Queue on an OpenVMS Host
- 262 Setting Up a LAT Remote Print Queue on an ULTRIX System
- 262 Configuring a Printer with Unannounced Availability
- 262 Introduction
- 262 Configuring a Printer with Unannounced Availability
- 262 Verifying the LAT Service
- 262 Do This
- 262 Problem Solving
- 262 Managing Your Access Server As a LAT Node Offering a Service
- 262 Introduction
- 262 Displaying Information About a Service
- 262 Displaying Services Characteristics
- 262 Displaying Services Status
- 262 Displaying Services Summary
- 263 Overview
- 263 Introduction
- 263 In This Chapter
- 263 Sample Device Configurations
- 288 Introduction
- 288 Configuring a Printer for Access Through a Telnet Listener
- 288 Configuring a Computer for Access Through a Telnet Listener
- 288 Configuring a Modem for Access Through a Telnet Listener
- 288 Configuring a Personal Computer As a Terminal and for Access through a Telnet Listener
- 288 Sample Configuration
- 288 Configuring Personal Computer Access to a Printer
- 288 Setting User Priority for Devices Using Dynamic Access
- 288 Configuring a File Transfer Partner
- 288 Configuring a Remote Print Queue
- 288 Introduction
- 288 Configuring a TCP/IP Remote Print Queue on an ULTRIX System
- 288 Printer Port Telnet Server Characteristics
- 288 Procedure
- 288 Configuring a TCP/IP Remote Print Queue on a UNIX System
- 288 Configuring a Telnet Listener
- 288 Introduction
- 288 Configuring Telnet Server Session Characteristics
- 288 Introduction
- 288 Mapping Event Indications to Keyboard Characters
- 288 Specifying Newline Characteristics
- 288 Specifying Character Size
- 288 Managing Your Access Server As a Telnet Listener Node
- 288 Introduction
- 288 Displaying Telnet Listeners
- 288 Displaying Telnet Server Characteristics
- 288 Removing a Telnet Listener
- 288 Removing One of Many Devices Assigned to a Telnet Listener
- 288 Reassigning a Port
- 288 Supplying User Location Data to Telnet Servers
- 288 Introduction
- 288 Configuring a Raw TCP Listener
- 288 Introduction
- 288 When To Use Raw TCP
- 288 Configuring Raw TCP
- 288 Displaying Raw TCP Characteristics
- 289 Overview
- 289 Introduction
- 289 In This Chapter
- 289 LPD Operation
- 289 Supported File Types
- 302 Control and Data Files
- 302 Operation
- 302 Configuring LPD
- 302 Configuring Remote Hosts
- 302 Associating a Printer With a Port
- 302 Setting Port Characteristics
- 302 Printer Configuration Example
- 302 Displaying Printer Characteristics
- 303 Overview
- 303 Introduction
- 303 In This Chapter
- 303 Packet Forwarding to and from SLIP Hosts
- 303 Description
- 303 Network Configuration Containing SLIP Hosts
- 303 Displaying SLIP Characteristics
- 303 Introduction
- 303 Command
- 303 Displaying SLIP Characteristics Example
- 303 Managing Internet Addresses for SLIP Hosts
- 303 Introduction
- 303 How an Access Server Port Obtains the SLIP Host Internet Address
- 303 Managing the Maximum Transmission Unit
- 303 Introduction
- 303 Changing the MTU
- 303 Relationship of the TCP Maximum Segment Size and the MTU
- 303 Fragmentation
- 303 Configuring a Port So That a PC Can Function as a Terminal or SLIP Host
- 303 Introduction
- 303 Configuring a Dedicated SLIP Port
- 303 Introduction
- 303 Configuring a Device As a Dedicated SLIP Host
- 303 Configuring a Dial-In Modem for Use with a SLIP Host
- 303 Introduction
- 303 Configuring a Dial-In Modem on Port 6 for Use with a SLIP Host
- 303 Establishing Terminal Sessions with a PC
- 303 Prerequisites
- 303 Establishing a SLIP Session
- 303 Enabling a SLIP Session from the PC
- 303 After Making a Connection
- 303 Compressed SLIP
- 303 Introduction
- 321 Enabling CSLIP
- 321 Disabling CSLIP
- 321 Automatic CSLIP
- 321 Compression States
- 321 Displaying SLIP Counters
- 321 Commands
- 321 SHOW PORT SLIP COUNTERS Display
- 321 SLIP COUNTERS Display Fields
- 321 Disabling SLIP
- 321 Command
- 321 Disable SLIP Example
- 322 Overview
- 322 Introduction
- 322 In This Chapter
- 322 Supported SNMP Features
- 322 Supported Specifications
- 322 SNMP Community Names
- 322 Supported SNMP Operations
- 322 Supported MIBs
- 322 Supported MIB Variables
- 322 Configuring the Access Server for SNMP Access
- 322 Enabling and Disabling SNMP
- 322 Displaying Information About SNMP
- 322 Default Community Name PUBLIC
- 322 Configuring a Community Name for Access by Any NMS
- 322 Configuring a Community Name with an Address
- 322 Configuring Community Names to Send TRAP Messages
- 322 Sample SNMP Configuration
- 322 Disabling TRAP Messages for a Community Name
- 322 Removing Community Names
- 322 Removing an Address from a Community Name
- 322 Configuring the NMS
- 322 Procedure
- 323 Overview
- 323 Introduction
- 323 In This Chapter
- 323 Managing Your Access Server As Part of the LAT Network
- 357 Introduction
- 357 Distributing Devices on Access Servers
- 357 Controlling the Number of Known Service Nodes
- 357 Checking LAT Service Accessibility
- 357 Reducing Memory Usage
- 357 Viewing LAT Node Status Information
- 357 Viewing LAT Node Counters Information
- 357 Viewing LAT Node Summary Information
- 357 Displaying Information About the Access Server
- 357 Introduction
- 357 Specifying the Prompt
- 357 Displaying Access Server Counters
- 357 Displaying Access Server Status
- 357 Displaying Access Server Summary Information
- 357 Checking Port Status and Counters
- 357 Introduction
- 357 Displaying Port Characteristics
- 357 Displaying Port Counters
- 357 Displaying Port Status
- 357 Displaying Port Summary
- 357 SHOW/LIST/MONITOR PORT SUMMARY Display Fields
- 358 Overview
- 358 Introduction
- 358 Supported ASCII Terminals
- 358 Definition
- 358 Definition and Description of a Keyboard Map
- 358 3278 Keyboards
- 358 Server-Specific Keyboard Maps
- 358 Configuring Basic 3270 Terminal Emulation
- 358 Setting Up an ASCII Terminal
- 358 Terminal Setup Parameters
- 358 Indicating the 3270 Model Number
- 358 Specifying the Type of ASCII Terminal Used for Emulation
- 358 IBM Host Communications
- 358 Introduction
- 358 Connecting to an IBM Host
- 358 Entering and Editing Data
- 358 Status Line Indicator
- 358 Status Line Indicator Display
- 374 Displaying and Customizing Keyboard Maps
- 374 Introduction
- 374 Server-Wide Keyboard Maps Customization
- 374 Default Server-Wide Terminal Types and Keyboard Maps
- 374 Defining New Server-Wide Terminal Types and Keyboard Maps
- 374 Customizing Server-Wide Keyboard Maps
- 374 Selecting and Customizing Keyboard Maps for a Port
- 374 Keyboard Map and Terminal Type
- 374 Customizing a Default Keyboard Map for a Port
- 374 ASCII-to-EBCDIC and EBCDIC-to-ASCII Translation Tables
- 374 Commands
- 374 Guidelines for Managing the Use of NVRAM for TN
- 374 Introduction
- 374 Storage Requirements for TN3270 Definitions in NVRAM
- 374 TN3270 Commands That Free NVRAM Space
- 374 Limiting NVRAM Usage
- 374 Commands to Manage TN3270 Terminal Emulation
- 374 Introduction
- 374 TN3270 Access Server Characteristics
- 374 TN3270 Port Characteristics
- 374 SHOW Commands
- 375 Overview
- 375 Introduction
- 375 Prerequisites
- 375 In This Chapter
- 375 Enabling PPP on an Access Server Port
- 375 Introduction
- 375 Enabling PPP for Mixed Traffic
- 375 Enabling Dedicated PPP Traffic
- 375 Enabling Ports with Modems for PPP
- 375 Establishing and Ending a PPP Session
- 375 Using the CONNECT PPP Command
- 375 Displaying PPP Characteristics
- 375 Introduction
- 375 Displaying LCP Characteristics
- 375 Displaying IPCP Characteristics
- 375 ATCP Characteristics
- 375 Displaying PPP Status
- 375 Introduction
- 403 Displaying LCP Status
- 403 Displaying IPCP Status
- 403 Displaying ATCP Status
- 403 Displaying PPP Counters
- 403 Introduction
- 403 Displaying LCP Counters
- 403 Displaying IPCP Counters
- 403 Displaying ATCP Counters
- 404 Overview
- 404 Introduction
- 404 In This Chapter
- 404 IPX Description
- 404 Introduction
- 404 Access Server Configuration
- 404 Getting Started
- 404 Checklist
- 404 Hardware and Software Requirements
- 404 Introduction
- 404 Software Requirements
- 404 Hardware Requirements
- 404 Setting Up Your PC
- 404 PC Remote Access Software
- 404 Novell Workstation Software
- 404 Novell Utilities for Local Execution
- 404 Setting Up the Network Access Server
- 404 Enabling IPX
- 404 Configuring the Port for an Attached Device
- 404 Configuring the Port for the Login Method
- 404 Configuring the Port for Login to the Local Prompt
- 404 Configuring the Port Dedicated to PPP
- 404 Configuring the Port for PPP/IPXCP Data Link
- 404 Summary of DECserver IPX Management Commands
- 404 Port PPP IPX Commands for LCP
- 404 Port PPP IPX Commands for IPXCP
- 404 Port PPP Commands for PPP Negotiation Status
- 404 Server IPX Commands
- 404 Modem Considerations
- 404 Dial-In Modems
- 404 Dial-Out PC Modems
- 404 Novell Client/Server Operation
- 404 Establishing Remote Node Access Connection to Novell Network
- 426 Novell Operation
- 426 Operational Checkout and Diagnosis
- 426 Verifying Configuration
- 426 Disabling IPX
- 426 Using the DEFINE Command
- 426 Frame Types
- 426 Introduction
- 426 Standard Ethernet
- 426 Displaying IPX Characteristics
- 426 Using the SHOW command
- 426 IPX Characteristics Display
- 426 IPX Characteristics Display Fields
- 426 Displaying IPX Status
- 426 Using the SHOW IPX Command
- 426 IPX Status Display
- 426 Fields in the IPX Status Display
- 426 Displaying IPX Counters
- 426 Use the SHOW IPX COUNTERS command
- 426 IPX Counters Display
- 426 IPX Counters Display Fields
- 426 Displaying IPX Routes
- 426 Using the SHOW IPX ROUTES Command
- 426 IPX Routes Display
- 426 IPX Routes Display Fields
- 426 Resetting Counters
- 426 Using the ZERO Command
- 426 ZERO Command Options
- 427 Overview
- 427 Introduction
- 427 In This Chapter
- 427 Dial Services Command Groups
- 427 Command Groups
- 427 Entering the SET PRIVILEGED command
- 427 Checking the Current Server Settings
- 427 Introduction
- 427 Server Configuration Display
- 427 Defining a Dialer Script
- 427 Introduction
- 449 Defining Dialer Script Strings
- 449 Assigning the Dialer Script to a Port
- 449 Steps
- 449 Determining the Current Dialer Script
- 449 Assigning a Dialer Script to a Port
- 449 Verifying Dialer Script Configuration
- 449 Defining the Dialer Service
- 449 Steps
- 449 Showing the Current Dialer Service Characteristics
- 449 Showing Dialer Service Status
- 449 Displaying Dialer Counters
- 449 Modifying the Dialer Service
- 449 Configuring Interactive Dial Requests
- 449 Configuring for Interactive Dial-Back
- 449 Interactive Dial-Back (Dial Service) Example
- 449 Framed Dial Requests
- 449 Introduction
- 449 Changing PPP Characteristics Examples
- 449 Guidelines
- 450 Overview
- 450 Introduction
- 450 In This Chapter
- 450 Security Type Descriptions
- 450 Introduction
- 450 Kerberos
- 450 RADIUS
- 450 SecurID
- 450 User Accounts
- 450 Common Terminology Across Security Realms
- 450 Introduction
- 450 Accounting Host
- 450 Authentication Host
- 450 Default Realm
- 450 Login Retries and Timeouts
- 450 Secrets
- 450 Security Server
- 450 UDP Ports
- 450 Managing Kerberos
- 450 Introduction
- 450 Configuration Prerequisites
- 450 Configuration of User Authentication
- 482 User Authentication Procedure
- 482 Changing a User Name and Password
- 482 User Authentication Counters
- 482 Managing RADIUS
- 482 Introduction
- 482 Minimal Setup for RADIUS
- 482 Optional Setup for RADIUS
- 482 RADIUS User Authorizations
- 482 User Access to the Access Server
- 482 Setting User Permissions
- 482 Additional RADIUS Attributes
- 482 Optional RADIUS User Attributes
- 482 Managing SecurID
- 482 Introduction
- 482 Minimal Setup for SecurID
- 482 Optional Setup for SecurID
- 482 SecurID User Authorizations
- 482 Setting User Permissions
- 482 Managing Local Access Server Security
- 482 Introduction
- 482 Defining the Realm
- 482 Determining Security Configuration
- 482 Displaying RADIUS, SECURID, and KERBEROS Characteristics
- 482 Displaying Security Summary
- 482 Showing the Authentication Counters
- 482 Showing the User Port Authorization Profile
- 482 Showing Security Counters
- 482 Managing Dial-Up Access Security with AUTOLINK and AUTOLINK Authentication
- 482 Introduction
- 482 Activating AUTOLINK
- 482 Enabling AUTOLINK Authentication
- 482 Specifying an Authentication Method
- 482 Setting AUTOLINK Timers
- 482 Timeouts
- 482 Using a Login Script
- 482 Specifying Other Security Features
- 482 Introduction
- 482 Specifying Dedicated Service for LAT or Telnet Resources
- 482 Specifying Passwords
- 482 Specifying PASSWORD LIMIT
- 495 Overview
- 495 Introduction
- 495 In This Chapter
- 495 Accounting Description
- 495 Introduction
- 495 Accounting Log File
- 495 What Events Are Logged?
- 495 Contents of Log Entry Types
- 495 Event Field Descriptions
- 495 When Events Are Logged
- 495 Introduction
- 495 Login Events
- 495 Logout Events
- 495 Session Connect Attempt Events
- 495 Session Disconnect Events
- 495 Password Fail Events
- 495 SNMP Community Fail Events
- 495 Password Modified Events
- 495 User Privilege Level Modified Events
- 495 SNMP Community Modified Events
- 495 Managing Accounting
- 495 Introduction
- 495 Defining the Accounting Log Size
- 495 Changing the Accounting Threshold
- 495 Changing the Accounting Console
- 495 Displaying Accounting Characteristics
- 495 Displaying the Accounting Log
- 495 Using the Accounting Console Logging Feature
- 495 Description
- 495 LAT Remote View of the Accounting Log