Cabletron Systems CyberSWITCH 5500 User Manual

Other manuals for CyberSWITCH 5500: Manual, Quick Start Manual

Manual is about: Central Site Remote Access Switch

Page of 729

Download

Print this page

Bookmark us

ENTRAL

ITE

EMOTE

CCESS

WITCH

SER

’

UIDE

Release 7.4

Cabletron Systems

(603) 332-9400 phone

(603) 337-3075 fax

support@ctron.com

1 2 3 4 5 6 7 Next › »

Summary of CyberSWITCH 5500

Page 1
C entral s ite r emote a ccess s witch u ser ’ s g uide release 7.4 cabletron systems (603) 332-9400 phone (603) 337-3075 fax support@ctron.Com.
Page 2
User’s guide 2 cyberswitch notice you may post this document on a network server for public use as long as no modifications are made to the document. Cabletron systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The read...
Page 3
Central site remote access switch 3 trademarks cabletron systems, cyberswitch, mmac-plus, smartswitch, spectrum, and securefast virtual remote access manager are trademarks of cabletron systems, inc. All other product names mentioned in this manual are trademarks or registered trademarks of their re...
Page 4
User’s guide 4 cyberswitch warning : changes or modifications made to this device which are not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. Doc notice this digital apparatus does not exceed the class a limits for radio noise em...
Page 5
Central site remote access switch 5 contents u sing this g uide 25 documentation set 26 guide conventions 27 s ystem o verview 29 the cyberswitch 30 unique system features 31 interoperability overview 34 interoperability protocols 34 interoperability devices 35 encryption overview 36 network layer 3...
Page 6
User’s guide 6 cyberswitch system adapters 58 ethernet adapters 58 ethernet-2 adapter 58 ethernet-1 adapter 58 hardware characteristics 59 lan connection 59 basic rate adapters 59 bri-4 basic rate adapter 59 bri-1 basic rate adapter 60 bri connection 60 primary rate adapters 61 the pri-8 61 the pri-...
Page 7
Central site remote access switch 7 hardware installation 83 overview 83 pre-installation requirements 83 selecting slots for the adapters 84 adapter settings 85 adapter interrupt and i/o address settings 86 wan adapters 86 dm-8 adapter i/o address settings 86 dm-24 adapter interrupt and i/o address...
Page 8
User’s guide 8 cyberswitch b asic c onfiguration 110 configuration tools 111 overview 111 cfgedit 111 executing cfgedit 112 saving cfgedit changes 112 dynamic management 112 executing dynamic management 112 utility dynamic management commands 113 saving dynamic management changes 113 using the netwo...
Page 9
Central site remote access switch 9 ip network interfaces 133 configuring interfaces 133 network interface configuration elements 135 ip network interface background information 140 ip rip and the ip network interfaces 145 ip rip over dedicated connections 148 ip host operating mode and the ip netwo...
Page 10
User’s guide 10 cyberswitch configuring system options and information 174 overview 174 system options 174 configuring system options 174 system options configuration elements 175 system options background information 177 system information 178 configuring system information 178 system information c...
Page 11
Central site remote access switch 11 configuring off-node server information 207 overview 207 multiple administration login names 207 csm authentication server 208 configuring csm authentication server 208 csm authentication server configuration elements 209 csm authentication server background info...
Page 12
User’s guide 12 cyberswitch configuring encryption 231 configuration 231 configuring an encryption adapter 231 configuring security associations and authentication (ip security only) 232 configuring link layer encryption (ppp encryption only) 233 encryption configuration elements 234 encryption back...
Page 13
Central site remote access switch 13 configuring advanced bridging 264 overview 264 bridge dial out 264 configuring the device list for bridge dial out 265 spanning tree protocol 266 configuring spanning tree protocol 266 spanning tree protocol configuration elements 267 spanning tree protocol backg...
Page 14
User’s guide 14 cyberswitch ip filters 291 initiating the ip filter configuration 292 configuring packet types 292 configuring the common ip portion 293 configuring tcp 294 configuring udp 294 configuring icmp 295 configuring forwarding filters 296 configuring connection filters 297 configuring exce...
Page 15
Central site remote access switch 15 ipx network interfaces 325 configuring ipx network interfaces 325 ipx network interface configuration elements 327 general ipx network interface configuration elements 327 rip ipx network interface configuration elements 327 sap ipx network interface configuratio...
Page 16
User’s guide 16 cyberswitch configuring snmp 350 overview 350 configuring snmp 350 snmp configuration elements 352 snmp background information 353 using cabletron nms systems 356 configuring appletalk routing 357 overview 357 appletalk routing option 357 enabling appletalk routing 357 appletalk rout...
Page 17
Central site remote access switch 17 call restrictions 372 configuring call restrictions 372 call restriction configuration elements 373 call restrictions background information 376 bandwidth reservation 376 configuring bandwidth reservation 376 bandwidth reservation configuration elements 378 bandw...
Page 18
User’s guide 18 cyberswitch default line protocol 399 configuring default line protocol 399 default line protocol configuration elements 400 default line protocol background information 400 log options 400 configuring log options 400 log options configuration elements 401 log options background info...
Page 19
Central site remote access switch 19 alternate accesses 429 dedicated connections 429 frame relay connections 430 ppp link failure detection 430 x.25 connections 431 x.25 and a terminal server menu 432 verifying routing protocols 433 overview 433 ip routing operational? 433 ip routing over a lan int...
Page 20
User’s guide 20 cyberswitch modem callback 470 verifying a semipermanent connection 471 proxy arp 472 t roubleshooting 474 lcd messages 475 overview 475 lcd message groups 475 initialization lcd message 475 normal operation lcd messages 475 error lcd messages 476 system messages 480 overview 480 inf...
Page 21
Central site remote access switch 21 tftp 568 installation and configuration 568 usage instructions 569 carbon copy 570 installation and configuration 570 changing carbon copy configuration parameters 570 carbon copy configuration parameters for modem usage 571 usage instructions 572 establishing a ...
Page 22
User’s guide 22 cyberswitch telnet commands 618 terminal commands 620 tftp commands 621 trace commands 622 udp commands 623 user level security commands 623 wan commands 624 x.25 commands 625 system statistics 627 overview 627 connectivity statistics 627 call restriction statistics 628 call statisti...
Page 23
Central site remote access switch 23 rip statistics 651 rip global statistics 651 rip interface statistics 651 serial interface statistics 652 snmp statistics 652 tcp statistics 655 tftp statistics 656 statistics for server or remote initiated tftp activity 656 statistics for local or client initiat...
Page 24
User’s guide 24 cyberswitch system worksheets 683 network topology 684 system details 685 resources 685 lines 685 accesses 686 device information 687 bridging and routing information 688 bridging 688 ip routing 688 ipx routing 689 appletalk routing 690 cfgedit map 691 overview 691 main menu 691 phys...
Page 25
U sing this g uide the user’s guide is divided into the following parts: s ystem o verview we begin with an overview of bridging, routing, and specific cyberswitch features. Next, we provide an overview for both the system software and hardware. S ystem i nstallation in this segment of the user’s gu...
Page 26
User’s guide 26 cyberswitch a ppendices the user’s guide provides the following appendices: n etwork w orksheets these worksheets are provided to help you gather pertinent information for configuring your system. We recommend that you print copies of these blank forms and fill in the appropriate inf...
Page 27
Central site remote access switch 27 guide conventions the quick start provides abbreviated installation and configuration instructions for experienced users. Specific instructions for setting up various types of remote devices are also included. The radius authentication user’s guide describes the ...
Page 28
User’s guide 28 cyberswitch d ocumentation t itles all references to cyberswitch documentation titles will use the same font as normal text, but will be italicized. For example, all references to the user’s guide will appear as: user’s guide.
Page 29
S ystem o verview we include the following chapters in the system overview segment of the user’s guide. • the cyberswitch provides the “big picture” view of a cyberswitch network. We include an overview of unique system features, interoperability, security, interfaces, system components, remote devi...
Page 30
T he c yber switch the cyberswitch family of products represents the latest in high-speed remote access hardware and software tools. These products allow customers to implement the connectivity solution ideally suited to the needs of their business - with support over a wide range of technologies co...
Page 31
Central site remote access switch 31 t he c yber switch unique system features u nique s ystem f eatures the cyberswitch combines unique features that improve cost-effectiveness, reliability, and performance for wide area network connections to remote devices. These features include: • bandwidth agi...
Page 32
User’s guide 32 cyberswitch • data encryption the cyberswitch encryption option provides data encryption through the data encryption standard (des) algorithm. Des provides data security for transmissions over the wan between encryption devices. Options are available for encrypting communications ove...
Page 33
Central site remote access switch 33 t he c yber switch unique system features • ip security the cyberswitch encryption option implements encapsulating security payload (esp) protocol. Esp allows you to use cyberswitch nodes to implement a secure wide area network using the internet as a backbone. E...
Page 34
User’s guide 34 cyberswitch • user name and password • calling line id (clid) • ethernet address • user authentication • device authentication • connection services manager (csm) • tacacs client with radius server • radius • security dynamic’s ace/securid • server support the cyberswitch supports bo...
Page 35
Central site remote access switch 35 t he c yber switch interoperability overview • authentication protocols challenge handshake authentication protocol (chap) password authentication protocol (pap) • network control protocols (ncp) internet protocol control protocol for tcp/ip (ipcp) internetwork p...
Page 36
User’s guide 36 cyberswitch e ncryption o verview cabletron’s encryption options provide two popular approaches for encrypting wan communications, each with distinct advantages in certain applications. These options are: network layer encryption and link layer encryption. N etwork l ayer cabletron’s...
Page 37
Central site remote access switch 37 t he c yber switch security overview link layer encryption is independent of any network layer protocols. Since ppp provides transport of ip, ipx, appletalk, and other protocols, link layer encryption based on ecp provides multi- protocol encryption by default. D...
Page 38
User’s guide 38 cyberswitch • wan ip network interface • wan (direct host) ip network interface • wan rlan ip network interface • wan rlan ipx network interface • wan (unnumbered) network interface the variety of network interfaces allows the installation of a wide range of devices at remote sites. ...
Page 39
Central site remote access switch 39 t he c yber switch remote isdn devices more detailed descriptions of system software and hardware are included in the next two chapters. The following section describes remote isdn devices. R emote isdn d evices the cyberswitch provides a centralized concentrator...
Page 40
User’s guide 40 cyberswitch s witches s upported switch types supported by the cyberswitch’s basic rate and primary rate isdn adapters: switch support may vary from country to country. Use the following as a guideline: type of switch basic rate primary rate at&t # 4ess na yes at&t # 5ess yes yes at&...
Page 41
H ardware o verview the product you have purchased is integrated on the following platforms: the csx5500, csx6000, and csx7000. Through the use of adapters, these platforms support remote routing and bridging of local area networks using isdn bri or pri services. Options also include v.35, rs232, en...
Page 42
User’s guide 42 cyberswitch t he csx5500 p latform d escription the csx5500 is a high capacity, central site communications platform. This platform is a lan/ wan bridge/router built to accommodate multiple wan technologies. It supports up to 16 isdn bri ports or 4 pri ports, 2 digital modem cards, v...
Page 43
Central site remote access switch 43 h ardware o verview system platforms the csx5500 is a rack-mountable platform. The front panel has an air-intake grill, an auxiliary keyboard jack, and a peripheral access door, which may be latched. The activity indicators for power-on and disk activity, diskett...
Page 44
User’s guide 44 cyberswitch to clean the air filter: 1. Power down the system and disconnect the system’s power cord from the power source. 2. Open the door located on the right side of the front chassis. 3. Once the door is opened, you can slide the air filter out from the left side of the chassis....
Page 45
Central site remote access switch 45 h ardware o verview system platforms c aution for dc-p owered csx5500 s • connect to a reliably-grounded selv source. • use branch circuit overcurrent protection rated at 15a only. • use 12 or 14 awg conductors only. • incorporate a readily-accessible disconnect ...
Page 46
User’s guide 46 cyberswitch t he csx6000 p latform d escription the csx6000 is a high density, modular, central-site communications platform. It utilizes a built in cpu with 90 mhz pentium processing. The csx6000 is a rack-mountable platform. The front panel has the activity indicators for power- on...
Page 47
Central site remote access switch 47 h ardware o verview system platforms c leaning the csx6000 a ir f ilter the csx6000 has a removable air filter. This filter is provided to ensure system cleanliness and stability in dusty operating environments. The filter is located just behind the chassis’ fron...
Page 48
User’s guide 48 cyberswitch environmental characteristics operating temp: 0 ° to 55 ° c (32 ° to 131 ° f) operating humidity: 5 to 95% non-condensing operating altitude: 3048 m maximum (10,000 ft maximum) non-operating shock: 40 g, 11 ms 1/2 sine wave storage temperature: 0 ° to 70 ° c (32 ° to 158 ...
Page 49
Central site remote access switch 49 h ardware o verview system platforms t he csx7000 p latform d escription the csx7000 is designed for large, central sites and internet service providers. It is a high availability, remote access switch that offers modularity and flexibility for these large sites....
Page 50
User’s guide 50 cyberswitch physical characteristics height: 218 mm (8.60 in) width: 483 mm (19.0 in) depth: 641 mm (25.25 in) weight: 36 kg max. (80 lb. Max.) power supply specifications 350 watt power supply; two versions with different input ac voltages: • version 1 ac input voltage: 90 to 135 v ...
Page 51
Central site remote access switch 51 h ardware o verview system platforms t he ne 2000-ii (a n etwork e xpress p latform ) p latform d escription the ne 2000-ii platform has three slots for adapters. This platform is small enough in size to be suitable for an office environment or to fit into a comm...
Page 52
User’s guide 52 cyberswitch p latform c haracteristics physical characteristics height: 107 mm (4.2 in) width: 437 mm (17.2 in) depth: 411 mm (16.2 in) weight: 9 kg (20 lb) environmental characteristics operating temp: 10 ° to 35 ° c (50 ° to 95 ° f) operating humidity: 20 - 80% non-condensing opera...
Page 53
Central site remote access switch 53 h ardware o verview system platforms t he ne 4000 (a n etwork e xpress p latform ) p latform d escription the ne 4000 platform has six slots for adapters. You can place the platform either on its feet or standing on a side. The front has a diskette drive, control...
Page 54
User’s guide 54 cyberswitch environmental characteristics operating temp: 10 ° to 35 ° c (50 ° to 95 ° f) operating humidity: 80% non-condensing operating altitude: 3,048 m maximum (10,000 ft maximum) non-operating shock: 30 g, 11 ms, 1/2 sinewave storage temperature: -40 ° to 65 ° c (-40 ° to 149 °...
Page 55
Central site remote access switch 55 h ardware o verview system platforms t he ne 5000 p latform (a n etwork e xpress p latform ) p latform d escription the ne 5000 is a rack-mountable platform which provides eight slots for adapters. The front panel has the activity indicators for power-on and disk...
Page 56
User’s guide 56 cyberswitch c leaning the ne 5000 a ir f ilter the ne 5000 has a removable air filter. This filter is provided to ensure system cleanliness and stability in dusty operating environments. The filter is located just behind the chassis’ front panel. For best performance (and as an alter...
Page 57
Central site remote access switch 57 h ardware o verview system platforms 6. Insert the clean and dry air filter back into its slot behind the chassis front. Tilt the filter forward into place until it is flush against the chassis front panel. 7. Reinstall the two retaining screws along the top lip ...
Page 58
User’s guide 58 cyberswitch s ystem a dapters this section describes the following adapters which are supported by central site cyberswitch platforms: • ethernet • basic rate • primary rate • expander • v.35 • rs232 • digital modem • encryption for adapter illustrations, refer to the system adapters...
Page 59
Central site remote access switch 59 h ardware o verview system adapters the ethernet-1 incorporates an intel i960 risc processor executing at 16mhz. When coupled with the integrated, high-performance ethernet controller, the adapter can operate at the maximum speed of the lan (10mbps). This is equi...
Page 60
User’s guide 60 cyberswitch hardware characteristics processor: intel 80c186 speed: 16 mhz number of ports: 4 connector: rj-45 interface: point-to-point, point-multipoint for single device mtbf: 75000hours mttr: 0.25hour bri-1 b asic r ate a dapter the bri-1 provides a single basic rate port with a ...
Page 61
Central site remote access switch 61 h ardware o verview system adapters p rimary r ate a dapters primary rate is a communications service that provides up to 23 b channels for data and a 64kbps signaling d channel (for north america and japan), or up to 30 b channels for data and a 64 kbps signalin...
Page 62
User’s guide 62 cyberswitch the pri-23 adapter is fully compatible with our other wan adapters and the digital modem. It has both a tdm and an mvip bus connector to accommodate connection to these adapters. Note: the pri-23 adapter was formerly called pri-23/30 in releases prior to 7.0. In release 7...
Page 63
Central site remote access switch 63 h ardware o verview system adapters hardware characteristics processor: intel 80c186 speed: 16 mhz number of ports: 1 connector: rj-45 interface: point-to-point pri-8, pri-23, and pri-23/30 c onnection the primary rate adapters use four wire s/t isdn interface. E...
Page 64
User’s guide 64 cyberswitch v.35 a dapter the v.35 adapter provides two v.35 ports. The card contains two female db26 connectors. A v.35 adapter cable converts the db26 connection to a standard v.35 connection. You can configure each port for dte (external clocking) or dce (internal clocking), and e...
Page 65
Central site remote access switch 65 h ardware o verview system adapters pin and signal assignments for the v.35 connection rs232 a dapter the rs232 adapter provides four rs232 ports. The card contains two female db26 connectors. An rs232 adapter cable converts the db26 connection to two standard rs...
Page 66
User’s guide 66 cyberswitch h ardware c haracteristics number of ports: 4 (using rs232 adapter cable) connectors: db26 interface: rs232 dte/dce (using rs232 adapter cable) mtbf: 75000hours mttr: 0.25hour rs232 c onnection the rs232 interface is provided by an adapter cable which converts the db26 co...
Page 67
Central site remote access switch 67 h ardware o verview system adapters d igital m odems the cyberswitch supports the dm-8, dm-24, dm-24+ and dm-30+ digital modem adapters. These adapters allow the cyberswitch to receive calls from asynchronous ppp remote devices connected by modem. They also provi...
Page 68
User’s guide 68 cyberswitch t he dm-8 hardware characteristics processor: lsi logic - lr33000risc speed: 25 mhz number of ports: 8 connector: mvip mtbf: 100,000 hours mttr: 0.25 hours t he dm-24 the dm-24 adapter consists of a mother board/daughter board combination. The user- configurable switches ...
Page 69
Central site remote access switch 69 h ardware o verview system adapters e ncryption a dapter the cyberswitch supports the des/rsa encryption adapter. This adapter is available in the united states and canada only. The des/rsa adapter includes a high-speed encryption processor that provides data enc...
Page 70
S oftware o verview o verview the system software fits into one of three categories: • system software for the system, adapter modules and administration functions • administration software that provides configuration, diagnostics and maintenance on the cyberswitch • system files containing configur...
Page 71
Central site remote access switch 71 s oftware o verview system files s ystem f iles the system files consist of the required configuration files, as well as the operational files that the cyberswitch maintains. All of these files may be accessed by using available administrative commands. (refer to...
Page 72
User’s guide 72 cyberswitch atalk.Nei this file contains configuration information used when appletalk routing is enabled. This file also contains information regarding ports and static routes. Information from this file is configured and used only when the appletalk routing is enabled. Platform.Nei...
Page 73
Central site remote access switch 73 s oftware o verview system files u ser l evel s ecurity f iles as administrator, you may create a welcome banner file as well as a message-of-the-day file to display at login with user level security. Neither file should exceed the limits of 80 characters in widt...
Page 74
S ystem i nstallation we include the following chapters in thissegment of the user’s guide: • ordering isdn service provides guidelines for ordering isdn service in the united states. • hardware installation step-by-step instructions for installing hardware components. • accessing the cyberswitch pr...
Page 75
O rdering isdn s ervice (us o nly ) o verview this chapter was designed to be a guideline for ordering isdn service in the united states. For bri isdn service: if you are using ni-1 lines, try using ez-isdn codes to order bri service. If your service provider does not support ez-isdn codes, try usin...
Page 76
User’s guide 76 cyberswitch if the at&t 5ess switch type is available, the isdn services available will be one of the following: • ni-1 • custom point-to-point if northern telecom dms-100 switch type is available, the isdn services available will be one of the following: • ni-1 • dms-100 custom 3. R...
Page 77
Central site remote access switch 77 o rdering isdn s ervice (us o nly ) ordering bri isdn lines using provisioning settings at&t 5ess ni-1 s ervice note that some of the elements below are set per directory number. With ni-1 service, you will typically have two directory numbers. At&t # 5ess ni-1 s...
Page 78
User’s guide 78 cyberswitch at&t 5ess c ustom p oint - to -p oint s ervice note that some of the elements below are set per directory number. With custom point-to-point service, you will have two directory numbers. P rovision s ettings for n orthern t elecom dms-100 s witches the isdn services suppo...
Page 79
Central site remote access switch 79 o rdering isdn s ervice (us o nly ) ordering bri isdn lines using provisioning settings n orthern t elecom dms100 ni-1 s ervice note that you must set either ekts or aco to yes. You may not set both of them to yes. Northern telecom dms100 ni-1 service provisionin...
Page 80
User’s guide 80 cyberswitch n orthern t elecom dms100 c ustom s ervice note that you must set either ekts or aco to yes. You may not set both of them to yes. B asic i nformation for o rdering pri isdn l ines isdn primary rate is a communications service that allows the system to make up to 23 connec...
Page 81
Central site remote access switch 81 o rdering isdn s ervice (us o nly ) ordering bri isdn lines using provisioning settings is ordered, the customer may be asked for the fcc registration number for the type of csu that is being used. The csu should support esf framing and b8zs line encoding. The ca...
Page 82
User’s guide 82 cyberswitch 3. What type of switch is the line connected to? 4. For # 4ess, what release of software is running on the switch? When the phone company installs the line, they assign it certain characteristics (sometimes called translations). These are different depending on the type o...
Page 83
H ardware i nstallation o verview this chapter provides a description of the hardware installation process. It includes: • pre-installation requirements • selecting slots for adapters • setting switches • inserting adapters into backplane • connecting inter-board cables your distributor may have alr...
Page 84
User’s guide 84 cyberswitch • verify administration console requirements you will need an administration console to install your system. (we do not provide this.) the system supports two administration console options: a local administration console in which a keyboard and monitor are directly conne...
Page 85
Central site remote access switch 85 h ardware i nstallation adapter settings c. If you are installing wan adapters and an encryption adapter: select slots for all wan adapters as described in step a, then select the next available slot for the encryption adapter. D. If you are installing wan and dm...
Page 86
User’s guide 86 cyberswitch a dapter i nterrupt and i/o a ddress s ettings wan a dapters the wan adapters (except for the rs-232 and v.35) use jumpers to set the interrupt and switches to set the i/o address. The following chart contains the wan adapter’s interrupt jumper and i/o address switch sett...
Page 87
Central site remote access switch 87 h ardware i nstallation adapter settings first dm-8 installed, 388 for the second, 390 for the third, and 398 for the fourth. Refer to the system adapter appendix for jumper locations; refer to the following chart for the required jumper settings. Note: when the ...
Page 88
User’s guide 88 cyberswitch dm-24+ and the dm-30+ a dapter a ddress s ettings the dm-24+ and the dm-30+ adapters both use switches to set the interrupt, i/o address, and mvip clock termination. Switch blocks sw1 and sw3 determine i/o address, sw2 and sw4 determine interrupts, and sw5 determines mvip...
Page 89
Central site remote access switch 89 h ardware i nstallation adapter settings e ncryption a dapter s ettings des/rsa adapter the des/rsa adapter is available in the united states and canada only. The adapter has a set of eight dip switches in a switch block labelled sw1. Set these dip switches to ma...
Page 90
User’s guide 90 cyberswitch a dditional a dapter s ettings on certain adapters, there are specific jumper settings which are independent of slot configuration. These adapters include the: • pri-8 • pri-23 • pri-23/30 refer to the system adapters appendix for the locations of various jumpers. Pri-8 l...
Page 91
Central site remote access switch 91 h ardware i nstallation adapter settings pri-23 clock settings in addition to the interrupt jumper and i/o address settings, the pri-23 requires clock settings (jp4 through jp7). Refer to the following table for the correct settings. Place the jumper on the pins ...
Page 92
User’s guide 92 cyberswitch pri-23/30 in addition to the interrupt jumper and i/o address settings, the pri-23/30 requires settings for: • channel selection (t1 or e1) • mvip bus termination • robbed bit signaling (rbs) • e1/r2 signaling refer to the following chart for correct settings. Place the j...
Page 93
Central site remote access switch 93 h ardware i nstallation inserting the adapters into the cyberswitch i nserting the a dapters into the c yber switch now that you’ve selected the slots and set all switches and jumpers, insert the cards in this way: 1. Remove any existing board hold-down bars/brac...
Page 94
User’s guide 94 cyberswitch c onnecting a dapter i nter -b oard c ables there are three possible cables used to connect adapters: flat, crossover, and lcd. Flat cables connect adapters with like connectors, and crossover cables connect the flat cables of adapters with differing connectors. Lcd cable...
Page 95
Central site remote access switch 95 h ardware i nstallation connecting adapter inter-board cables if you have pri-23/30 cards: use an mvip bus connection between cards whenever possible to achieve the best results. This applies to both: • multiple pri-23/30 configurations • pri-23/30 cards in combi...
Page 96
User’s guide 96 cyberswitch the following graphic illustrates a crossover cable application. The adapter with the tdm connector can be one of the following: bri-4, pri-8 or expander. For crossover cable applications, make absolutely sure that pin 1 (on all six connectors) is aligned so that it is cl...
Page 97
Central site remote access switch 97 h ardware i nstallation connecting adapter inter-board cables caution: failure to line up triangles on lcd cable and wan adapter’s “1” label may result in damage to the lcd. S ummary of g uidelines c abling g uidelines now that you have attached all the inter-boa...
Page 98
A ccessing the c yber switch o verview this chapter describes accessing your cyberswitch, which includes: • making proper connections • establishing an administration session • accessing release notes m aking c onnections there are a number of ways to make a connection to the system, which include: ...
Page 99
Central site remote access switch 99 a ccessing the c yber switch making connections 6. Turn on the cyberswitch by pressing the power-on button. 7. Turn on the monitor. 8. After a few seconds, power-on initialization will begin. Proceed to establishing an administrative session . N ull -m odem c onn...
Page 100
User’s guide 100 cyberswitch 4. Ensure that the administration console is properly connected to the administration port on the cyberswitch. 5. Plug the power cord into a grounded electrical outlet. 6. Power on the cyberswitch by pressing the power-on button. 7. Power on the administration console pc...
Page 101
Central site remote access switch 101 a ccessing the c yber switch making connections after you make a telnet connection, you will be presented with a login prompt. Proceed to establishing an administrative session . For more information on telnet, refer to the remote management chapter. R emote c o...
Page 102
User’s guide 102 cyberswitch initiating a call: 1. Execute carbon copy’s cchelp program which invokes carbon copy for guest operation. 2. Select call cc device from displayed menu. 3. Supply the telephone number to the modem connected to the cyberswitch. Press . 4. Supply password when prompted. The...
Page 103
Central site remote access switch 103 a ccessing the c yber switch establishing an administration session e stablishing an a dministration s ession if a login prompt is displayed after the power-on initialization, the system software was preinstalled. Complete the login: 1. The login controls which ...
Page 104
User’s guide 104 cyberswitch a ccessing the r elease n otes the release notes provide release highlights and important information related to this release that should be reviewed before you begin the system’s installation and configuration. Access these notes via your web browser: http://www.Cabletr...
Page 105
U pgrading s ystem s oftware o verview this chapter describes how to install system software onto the cyberswitch. Instructions are included for the following actions: • installing system software • upgrading system software • accessing release notes the following sections provide instructions to he...
Page 106
User’s guide 106 cyberswitch machine being installed. If you cannot determine the platform being used, temporarily configure the platform type as “csx series,” then call technical support to help you identify the platform type. If one of the following messages is displayed: couldn’t open the file c:...
Page 107
Central site remote access switch 107 u pgrading s ystem s oftware upgrading system software u pgrading s ystem s oftware l ocal u pgrade the system upgrade package consists of a set of 3.5" diskettes that contain the necessary upgrade software. These upgrade diskettes may be used on more than one c...
Page 108
User’s guide 108 cyberswitch error reading platform type: type was not converted to an int error reading platform type: there is no “plat name” field the diskettes you have are corrupted. Call your distributor or technical support for a new set of diskettes. 5. Follow the on screen prompts for inser...
Page 109
Central site remote access switch 109 u pgrading s ystem s oftware accessing the release notes • tftp feature is enabled • tftp server is enabled • tftp server is assigned admin file access rights • using the manage mode command fileattr , verify that: • admin has read/write access to config files •...
Page 110
B asic c onfiguration we define basic configuration as the configuration needed by most users. Basic configuration will get your system up and running. Note that not all configuration steps in this part are required. For example, if you are only using bridging, you will have no need to complete the ...
Page 111
C onfiguration t ools o verview we provide the following configuration tools to set up and/or alter your configuration: • cfgedit, the configuration utility • manage mode, the dynamic management utility cfgedit is the comprehensive utility you use to initially set up your system; you may use it late...
Page 112
User’s guide 112 cyberswitch e xecuting cfgedit after the system software has been loaded, you can start cfgedit by entering the following command at the system prompt as shown below: [product name]> cfgedit as long as there is no other “change” session active (cfgedit or manage mode), access is gra...
Page 113
Central site remote access switch 113 c onfiguration t ools dynamic management before using dynamic management commands, you must first enter the special manage mode by typing the following command at the system prompt: >manage once manage mode is entered, the prompt changes from [system name]> to [...
Page 114
User’s guide 114 cyberswitch u sing the n etwork w orksheets please take the time to fill out the requirements worksheets located in system worksheets . The requirements worksheets are: • network topology worksheet • system details worksheet • system device list worksheet(s) • bridging/routing works...
Page 115
C onfiguring r esources and l ines o verview this chapter describes the configuration of physical resources, lines and subaddresses. Resources refer to the hardware adapters that plug into the cyberswitch. For example, a wan resource is the physical component (i.E., interface) for the attachment of ...
Page 116
User’s guide 116 cyberswitch 4. For bri and pri resource types: select the proper bri/pri switch type for the lines you will be using. The table in the overview identifies which switch types are available; your carrier will identify which particular switch is used in your area. If you select the net...
Page 117
Central site remote access switch 117 c onfiguring r esources and l ines resources r egion for net3 and net5 switchtypes. When configuring switches, first identify the region of operation, and then the country. C ountry for the net3 and net5 switchtypes. The country in which the system is operating....
Page 118
User’s guide 118 cyberswitch • 1tr6 • ts0-14 the expander resource provides additional connections to the pri resource. It supports eight additional connections. The v.35 resource provides two standard v.35 connections when used with the v.35 adapter cable. The rs232 resource provides four standard ...
Page 119
Central site remote access switch 119 c onfiguring r esources and l ines lines a three card maximum for dm-24s or dm-30s. These cards may also be combined (for example, a dm-8 along with two dm-24s), as long as you adhere to the lower card maximum per system. L ines c onfiguring l ines note: there i...
Page 120
User’s guide 120 cyberswitch 3. Select following line characteristics: • framing type • line coding type • t1 signaling method if you are unsure of your line's characteristics, try the following defaults: 4. Select the correct t1 line build out value (us only). If you are using an external csu, spec...
Page 121
Central site remote access switch 121 c onfiguring r esources and l ines lines care that the idle character is set to a value that the receiving device will understand. For example, cisco devices require the flag data line idle character. C onfiguring c hanges for a commport r esource 1. Select chan...
Page 122
User’s guide 122 cyberswitch datalink delete deletes an existing data link. L ine c onfiguration e lements l ine n ame a 1 to 16 user-defined character string (using all non-blank characters) that identifies the line. Each line must have a unique name. L ine s lot the slot number assigned to the res...
Page 123
Central site remote access switch 123 c onfiguring r esources and l ines lines ni-1 and dms100 switch types, contact your service provider for the number of data links required. The table below summarizes the number of data links and spids that are required for each switch type. When adding a data l...
Page 124
User’s guide 124 cyberswitch the spid format for northern telecom dms-100 ni-1 service is: aaannnnnnnss where aaa is the 3 digit area code of the bri line nnnnnnn is the 7 digit phone number of the bri line ss is the spid suffix (optional, 01 can be used for one number, 02 for the other) the spid fo...
Page 125
Central site remote access switch 125 c onfiguring r esources and l ines lines l ine e ncoding for primary rate lines only. Line encoding specifies the nature of the signals that are used to represent binary one and zero at the physical layer. Two encoding methods are alternate mark inversion (ami) ...
Page 126
User’s guide 126 cyberswitch decibel value of 0.0 (meaning no attenuation). If the distance is much closer (for example, 1000 ft.), the decibel value may be -15.0 (i.E., the signal is strong enough that it needs a certain amount of attenuation). L ine t ype for v.35 and rs232 lines only. This parame...
Page 127
Central site remote access switch 127 c onfiguring r esources and l ines subaddresses r2 s ignaling r2 signaling is a particular framing type commonly found in korea and other locations outside of north america. With 7.3 software, this feature will be available for korean markets only. This feature ...
Page 128
C onfiguring b asic b ridging o verview this chapter provides information for configuring basic bridging features. Basic bridging configuration includes: • enabling/disabling bridging a separate chapter, configuring advanced bridging , provides information for configuring advanced bridging features....
Page 129
Central site remote access switch 129 c onfiguring b asic b ridging mac layer bridging option mac l ayer b ridging b ackground i nformation you are given the option of either enabling or disabling the mac layer bridging feature. When bridging is enabled, the system bridges data packets to the proper...
Page 130
C onfiguring b asic ip r outing o verview this chapter provides information for configuring basic ip routing features. Basic ip routing configuration includes: • enabling/disabling the internet protocol (ip) when you enable this option, the system operates as an ip router. If you also enable bridgin...
Page 131
Central site remote access switch 131 c onfiguring b asic ip r outing ip operating mode ip o ption c onfiguration e lements ip o perational s tatus you can enable or disable the internet protocol (ip) option. The default is disabled. Ip b ackground i nformation when ip is enabled, the system acts as...
Page 132
User’s guide 132 cyberswitch b. If you select the ip host operating mode, an abbreviated ip configuration is displayed: notes: static arp entries, isolated mode, static route lookup via radius, and ip address pool capabilities are not available in ip host operating mode. Ip operating mode can not be...
Page 133
Central site remote access switch 133 c onfiguring b asic ip r outing ip network interfaces internally, while all other traffic is bridged. With ip host mode, appletalk and/or ipx routing may also be enabled. Off-node authentication servers are available when ip is enabled regardless of the operatin...
Page 134
User’s guide 134 cyberswitch l. Ip rip receive control m. Ip rip v2 authentication control n. Ip rip v2 authentication key (required only if the ip rip v2 authentication control has been configured with a value other than “no authentication” note: with the secondary ip addressing feature, you may ad...
Page 135
Central site remote access switch 135 c onfiguring b asic ip r outing ip network interfaces if ip rip is enabled, enter the following additional information: h. Ip rip send control i. Ip rip respond control j. Ip rip receive control k. Ip rip v2 authentication control l. Ip rip v2 authentication key...
Page 136
User’s guide 136 cyberswitch s ubnet m ask the subnet mask value (the number of significant bits for the subnet mask) associated with the ip address specified for this interface. The subnet mask is specified by entering the number of contiguous bits that are set for the mask. The mask bits start at ...
Page 137
Central site remote access switch 137 c onfiguring b asic ip r outing ip network interfaces entered for the interface. For example, if the ip address of the interface is 199.120.211.98, the portion of the menu displaying the available transmit broadcast addresses would appear as: in almost all cases...
Page 138
User’s guide 138 cyberswitch ip rip s end c ontrol if ip rip is enabled for a specific interface (lan, wan rlan, and/or numbered wan interfaces), an ip rip send control must be selected. This element controls how ip rip update messages are sent on an ip rip interface. There is a different default va...
Page 139
Central site remote access switch 139 c onfiguring b asic ip r outing ip network interfaces the following table provides the possible choices for ip rip respond control. *the default switch. Ip rip r eceive c ontrol if ip rip is enabled for a specific interface, then this element is required. This c...
Page 140
User’s guide 140 cyberswitch the following table provides the possible choices for ip rip v2 authentication control * this is the default switch. Ip rip v 2 a uthentication k ey if ip rip is enabled for a specific interface, this key is required if the following condition has been met: the “ip rip v...
Page 141
Central site remote access switch 141 c onfiguring b asic ip r outing ip network interfaces an ip host device has only one network interface that it uses for data transfer. This network interface is assigned an ip address and belongs to one subnet. A remote ip host typically uses an isdn line for th...
Page 142
User’s guide 142 cyberswitch the wan ip network interface is used to define remote ip devices (hosts or routers) that require access to the central network. This network interface represents a different subnet than that connected to a lan network interface. The wan ip network interface is used for b...
Page 143
Central site remote access switch 143 c onfiguring b asic ip r outing ip network interfaces in example 1,we show three different types of network interfaces and the ip subnets that are used. It should be noted that even though the cyberswitch only has one physical connection to the wan, it has more ...
Page 144
User’s guide 144 cyberswitch in example 2, the wan unnumbered interface is used to eliminate an unnecessary ip subnet. The rlan interface is unique in that it extends the ip network over the wan to remote devices which access the network using a bridge device. Thus it makes a simple bridge device ap...
Page 145
Central site remote access switch 145 c onfiguring b asic ip r outing ip network interfaces ip rip and the ip n etwork i nterfaces routing information protocol (rip) is a protocol used to exchange routing information among ip devices. Using ip rip can automate the maintenance of routing tables on ip...
Page 146
User’s guide 146 cyberswitch see illustration, example 1. Because site1 is the only cyberswitch that is connected to the logical network, it is reasonable for site1 to advertise the ip rip information on network 3 as subnetwork routes, meaning that site1 will always advertise the remote ip devices’ ...
Page 147
Central site remote access switch 147 c onfiguring b asic ip r outing ip network interfaces for the wan interface to function properly with ip rip, additional wan interface information is configured. The additional information required involves selecting one of the following: disabling host routes p...
Page 148
User’s guide 148 cyberswitch currently, ip rip is not supported across an unnumbered wan interface. For example, in the following network setup, site1 could not advertise ip rip information across the unnumbered wan ip interface to router 2 (r2). Therefore, site1 would know about networks 1 and 2, b...
Page 149
Central site remote access switch 149 c onfiguring b asic ip r outing ip network interfaces because each ip wan network interface on the cyberswitch is configured for a logical ip network, various types of physical interfaces (such as v.35 and isdn bri) may belong to the same ip network interface. T...
Page 150
User’s guide 150 cyberswitch ip h ost o perating m ode and the ip n etwork i nterfaces only one network interface can be configured when the ip operating mode is host. The network interface configuration is not much different from the others available in router mode except that the following configu...
Page 151
Central site remote access switch 151 c onfiguring b asic ip r outing ip network interfaces with a remote device on a different subnet, the local device will arp for the remote host’s mac address. Since routers do not forward arp requests across subnets, arps sent for hosts which are not on the same...
Page 152
User’s guide 152 cyberswitch when a local host arps for a remote host, the cyberswitch (with proxy arp enabled) determines if it provides the best route to the destination. If it does, it will reply to the arp request with its own mac address. • suppose host a wishes to contact host d. Since host a ...
Page 153
Central site remote access switch 153 c onfiguring b asic ip r outing static routes u sing m anage m ode c ommands iproute displays the current ip static routing configuration data. The meaning of each displayed field for a route entry is: d estination ip address for the destination network or host....
Page 154
User’s guide 154 cyberswitch ip rip p ropagation c ontrol the ip rip propagation control determines how a static route is propagated via ip rip. The following table provides an explanation of how a ip rip propagation control flag is assigned to a static route. Iproute change allows an existing ip st...
Page 155
Central site remote access switch 155 c onfiguring b asic ip r outing static routes reachable directly and therefore no intermediate router will be used. The default metric value is 2. The range of metric values for static routes is from 0 to 15. You may manipulate the metric value to promote a cert...
Page 156
User’s guide 156 cyberswitch s tatic r oute b ackground i nformation you only need to configure static routing entries if you need to access a wan network that is not directly connected to the system, or if you need to access a lan network through a router that does not support ip rip. Static routes...
Page 157
Central site remote access switch 157 c onfiguring b asic ip r outing default routes d efault r outes c onfiguring d efault r outes the default route is a form of static route that is useful when there are a large number of networks that can be accessed through a gateway. However, care must be taken...
Page 158
User’s guide 158 cyberswitch connection is over a wan. You may want to assign this route a high number of hops to limit toll charges, in case there is a local route that could be used. Ip rip p ropagation c ontrol this controls how a default route is propagated via ip rip. The following table provid...
Page 159
Central site remote access switch 159 c onfiguring b asic ip r outing routing information protocol (rip) option u sing m anage m ode c ommands iprip this command tells you if ip rip is currently enabled or disabled. Iprip off if ip rip is enabled, this command allows you to disable ip rip. Iprip on ...
Page 160
S ecurity and e ncryption o ptions the cyberswitch product allows you to decide the extent and type of security for your network. This security may consist of standard security options, or it could include data encryption through the purchase of the cyberswitch encryption option. The cyberswitch sup...
Page 161
S ecurity o verview o verview security is an important issue to consider when you are setting up a network. The cyberswitch provides several security options, and this chapter describes the “big picture” of how these options work and interoperate. This information will better equip you to proceed wi...
Page 162
User’s guide 162 cyberswitch multilevel security provides both user level security and device level security for local (on-node) database, radius, and csm. This provides added protection; first, a device will be authenticated, and then a particular user (on the device) will be authenticated. The fea...
Page 163
Central site remote access switch 163 s ecurity o verview user level databases these environments include an on-node database and a variety of off-node, central authentication databases. The on-node database contains a list of valid devices that can access the network resources connected to the cybe...
Page 164
C onfiguring s ecurity l evel o verview the cyberswitch offers the following levels of network security: no security, device level security, user level security, or device and user level security. The network security level determines the type of security you want activated on your network. As the n...
Page 165
Central site remote access switch 165 c onfiguring s ecurity l evel overview plan what level(s) of security you will use, and configure them now. You will later assign and configure authentication databases to the network security level you configure and to administration sessions. The table below i...
Page 166
User’s guide 166 cyberswitch n o s ecurity c onfiguring n o s ecurity u sing cfgedit 1. To begin the configuration of an on-node database or any of the security database options, start at the main menu and progress through the screens as shown below: 2. Select security level from the security menu. ...
Page 167
Central site remote access switch 167 c onfiguring s ecurity l evel device level security d evice l evel s ecurity c onfiguring d evice l evel s ecurity u sing cfgedit 1. Select device level security from the security level menu. If you need guidance to find this menu, refer to the instructions prov...
Page 168
User’s guide 168 cyberswitch o verview of d evice a uthentication p rocess when a remote device connects, the cyberswitch negotiates the required authentication. It then collects the information which is used to identify and authenticate the remote device. The system compares this collected informat...
Page 169
Central site remote access switch 169 c onfiguring s ecurity l evel user level security the following sections provide information regarding authentication via securid cards, system requirements for user level security, and the authentication process with user level security. A uthentication u sing ...
Page 170
User’s guide 170 cyberswitch s ystem r equirements when providing user level security for the cyberswitch, you must establish remote user-to- lan connectivity (like terminal servers). You may not establish lan-to-lan connectivity as routers usually do. There are two different ways of establishing re...
Page 171
Central site remote access switch 171 c onfiguring s ecurity l evel user level security a uthentication p rocess with u ser l evel s ecurity making a telnet connection in order to access user level security, you must first establish a telnet connection to the cyberswitch. Depending upon your applica...
Page 172
User’s guide 172 cyberswitch tacacs: with pinpad secureid card 1. Enter login id (remote machine). 2. Enter password onto securid card, which generates a dynamic password. 3. Enter dynamic password onto remote machine’s password prompt. 4. Press key when prompted for dynamic password. With non-pinpa...
Page 173
Central site remote access switch 173 c onfiguring s ecurity l evel device and user level security d evice and u ser l evel b ackground i nformation multi-level security (device and user level) provides you with increased security options for your network. This feature supports device level security...
Page 174
C onfiguring s ystem o ptions and i nformation o verview system options include security options for remote devices. The security required for the authentication of each device will depend on the information you have entered for that device. System information includes a system name, system password...
Page 175
Central site remote access switch 175 c onfiguring s ystem o ptions and i nformation system options note: it is not necessary to disable a security option, even if you are not using the option. The security required for the authentication of each device will depend on the information you have entere...
Page 176
User’s guide 176 cyberswitch note: if a system is brought on line with a device that has a required calling line id that is a duplicate of another device’s calling line id, and no other type of authentication is used, a warning message is logged at initialization. Every attempt to connect the device...
Page 177
Central site remote access switch 177 c onfiguring s ystem o ptions and i nformation system options the above process applies to the system’s authentication of the remote device. It is also possible that the remote device may wish to authenticate the system itself, a desire that is also negotiated d...
Page 178
User’s guide 178 cyberswitch the following table summarizes the identifying and authenticating information used by each remote device type to connect to the system: s ystem i nformation c onfiguring s ystem i nformation u sing cfgedit 1. Select option (2), system information from the system options ...
Page 179
Central site remote access switch 179 c onfiguring s ystem o ptions and i nformation administrative session s ystem p assword the system password is a user-defined password that is only required if there are remote devices on the network that require this information for system validation. This is p...
Page 180
User’s guide 180 cyberswitch 4. You may specify an authentication database location for administrative sessions that is different from the user authentication database location. Note: if you select radius, tacacs, or ace, you must be sure that the selected server is active before you initiate an adm...
Page 181
Central site remote access switch 181 c onfiguring s ystem o ptions and i nformation administrative session t imeout v alue allows you to terminate login sessions after the configured “time-out value” length in time. If “0” is entered, the value will be disabled. The time-out will be enabled by ente...
Page 182
User’s guide 182 cyberswitch e mergency t elnet s erver p ort n umber b ackground i nformation there are some telnet client programs that do not clear telnet connections when terminating telnet sessions. Since they do not clear the telnet connections, those connections stay alive and soon all telnet...
Page 183
C onfiguring d evice l evel d atabases o verview devicelevel securityis an authentication process between internetworking devices, in which authentication takes place automatically. Both bridges and routers support this form of security.Devicelevel security is available to the network locally throug...
Page 184
User’s guide 184 cyberswitch 2. Select option (1) on-node device database from the device level databases menu. The following screen will be displayed. Follow the on-screen instructions to enable the on-node database device: o n - node d evice e ntries c onfiguring o n - node d evice e ntries 1. Sel...
Page 185
Central site remote access switch 185 c onfiguring d evice l evel d atabases on-node device entries 4. The device table menu will then be displayed similar to the example screen shown below: we suggest that you first enter the information pertaining to the device’s access type(s). Access types inclu...
Page 186
User’s guide 186 cyberswitch 6. For frame relay devices: note: you must first configure the frame relay access. Instructions for configuring the access is found in the frame relay accesses section of the configuring alternate accesses chapter. Begin by selecting frame relay from the device table men...
Page 187
Central site remote access switch 187 c onfiguring d evice l evel d atabases on-node device entries if you select pvc, the list of available pvcs are displayed. The lcn of the selected pvc and the x.25 access name are stored in the device table to bind the device to a particular virtual circuit conf...
Page 188
User’s guide 188 cyberswitch 9. Enter the authentication information needed. To begin entering the information, select authentication from the device table menu. The following menu will then be displayed: provide the necessary device authentication information for your selected line protocol. (refer...
Page 189
Central site remote access switch 189 c onfiguring d evice l evel d atabases on-node device entries if your device requires an ip address, enter it now. Options are: • none for direct host or wan links that plan to use dynamic address allocation • 0.0.0.0 for unnumbered wan links • ip address # for ...
Page 190
User’s guide 190 cyberswitch b. Press 2 at the above menu to enter the device’s appletalk address. If the device is over an unnumbered link, enter 0.0. If the device is over a mac dial-in port, you may either enter an address, or leave the value at “none”. C. Press 3 at the above menu, then follow t...
Page 191
Central site remote access switch 191 c onfiguring d evice l evel d atabases on-node device entries u sing m anage m ode c ommands device displays the current device table. Included in this display is each device’s id and name. After the list has been displayed, you may enter a specific device id to...
Page 192
User’s guide 192 cyberswitch • ip host (rfc 1294) rfc 1294 provides a simple security exchange at connection time, along with an encapsulation method for ip datagrams. B ase d ata r ate only used for dial-out. This value represents the throughput on a b-channel or pre-isdn link connecting the cybers...
Page 193
Central site remote access switch 193 c onfiguring d evice l evel d atabases on-node device entries d ial -o ut p hone n umber ( s ) this configuration element is required when the dial-out feature is used. The dial-out capability allows the cyberswitch to initiate connections to ppp or hdlc devices...
Page 194
User’s guide 194 cyberswitch x.121 address if you choose an svc for your virtual circuit, you must provide the x.121 address of the remote device you are currently adding to the device table. (the x.121 addresses for both local and remote devices are provided by your x.25 provider.) d igital m odem ...
Page 195
Central site remote access switch 195 c onfiguring d evice l evel d atabases on-node device entries o utbound a uthentication this parameter allows you to enable or disable ppp outbound authentication procedures. When ppp outbound authentication is enabled, ppp (chap or pap) authentication is requir...
Page 196
User’s guide 196 cyberswitch compare the incoming clid with the value configured in the on-node device table. If the numbers are identical the connection will be established. Otherwise, the system will reject the incoming call. When two remote devices share the same line (a single point-multipoint i...
Page 197
Central site remote access switch 197 c onfiguring d evice l evel d atabases on-node device entries ipx e xternal wan n etwork n umber specifies a user-configurable ipx external network number on the wan (necessary with csx200 and csx400 platforms only). This parameter can be a hexadecimal value fro...
Page 198
User’s guide 198 cyberswitch b ridge i nformation c onfiguration e lements ip (s ub ) n etwork n umber if the cyberswitch uses an ip rlan interface to connect to a remote bridge, you must provide this information. This address associates the bridge with the ip network to which it connects. Enter thi...
Page 199
Central site remote access switch 199 c onfiguring d evice l evel d atabases on-node device entries c ompression c onfiguration e lements d evice c ompression s tatus allows you to enable or disable compression for the individual device. If this option is enabled, then the cyberswitch will negotiate...
Page 200
User’s guide 200 cyberswitch the following table identifies the configuration requirements for possible security options for remote bridge devices. *conditionally required means you must specify at least one of either the calling line id or the ethernet address. You may specify both. Ip routing with...
Page 201
Central site remote access switch 201 c onfiguring d evice l evel d atabases on-node device entries ip routing with ip host devices (rfc1294) to allow an ip host device to connect to the cyberswitch, you must have ip routing and ip host security enabled. For each ip host device using this type of co...
Page 202
User’s guide 202 cyberswitch bridging with ppp bridge devices (using bcp) to allow a ppp bridge device to connect to the cyberswitch, you must have bridging enabled. For each ppp bridge device using this type of connection, you may need to enter a pap password or a chap secret, and a calling line id...
Page 203
Central site remote access switch 203 c onfiguring d evice l evel d atabases off-node device database location the following table identifies the configuration requirements for possible security options for ip routing with ppp bridge devices. Note: if chap security is enabled, and outbound authentic...
Page 204
User’s guide 204 cyberswitch o ff - node d evice d atabase l ocation c onfiguration e lements d atabase l ocation the database location for devicelevel security. The choices for the off-node database location are none (use on-node), csm, or radius. Choosing an off-node database location enables the ...
Page 205
C onfiguring u ser l evel d atabases o verview userlevel security is an authentication process between a specific user and a device. The authentication process is interactive; users connect to a terminal server and need to interact with it in order to communicate with other devices beyond the server...
Page 206
User’s guide 206 cyberswitch u ser l evel a uthentication d atabase l ocation c onfiguration e lements d atabase l ocation the database location for user level security. Choices are: radius server, tacacs server, or ace server. D atabase t elnet p ort n umber you must also specify the telnet port nu...
Page 207
C onfiguring o ff - node s erver i nformation o verview this chapter provides information on configuring the cyberswitch so that it will be able to communicate with an off-node server. This communication may be for authentication or accounting purposes. The off-node servers supported are: • connecti...
Page 208
User’s guide 208 cyberswitch csm a uthentication s erver c onfiguring csm a uthentication s erver notes: in order for the cyberswitch to reference csm for device authentication, the following configuration steps must first be completed: • ip routing must be enabled. If you try to enable csm before i...
Page 209
Central site remote access switch 209 c onfiguring o ff - node s erver i nformation radius server csm a uthentication s erver c onfiguration e lements tcp p ort n umber the tcp port number used by csm. Note that you can assign a device-defined port number, but that the csm tcp port number must be en...
Page 210
User’s guide 210 cyberswitch for device level security: • specify device level security (from main menu, security, security level) • select radius from off-node device database location (main menu, security, device level databases) for user level security: • select user level security (from main men...
Page 211
Central site remote access switch 211 c onfiguring o ff - node s erver i nformation radius server u sing m anage m ode c ommands radius displays the current radius server configuration data. Radius change allows you to change the current radius server configuration data. After entering the radius ch...
Page 212
User’s guide 212 cyberswitch the remote authentication dial-in user service (radius) is a central database supported by the cyberswitch. Radius operates using two components: an authentication server and client protocols. The radius server software is typically installed on a unix-based or nt-based ...
Page 213
Central site remote access switch 213 c onfiguring o ff - node s erver i nformation radius server 4. Select (1) primary server to enter the following information: a. Ip address of the accounting server b. Shared secret between the cyberswitch and accounting server c. Udp port number used by the acco...
Page 214
User’s guide 214 cyberswitch radius displays the current radius server configuration data. Radacc allows you to change the current radius accounting server configuration data. After entering the radacc command, you will be presented with a radius accounting menu similar to that in cfgedit. Radius a ...
Page 215
Central site remote access switch 215 c onfiguring o ff - node s erver i nformation radius rfc2138 v erification and d iagnosis after configuring the radius accounting server, connect via a dial-in client, and then disconnect. On the radius accounting server, verify that it has received the accounti...
Page 216
User’s guide 216 cyberswitch u sing m anage m ode offnode allows you to change current settings for off-node server options. You may use this command to enable the rfc2138 compliance feature. Radius t ype c onfiguration e lements radius t ype specify the type of radius implementation: cabletron impl...
Page 217
Central site remote access switch 217 c onfiguring o ff - node s erver i nformation dynamic device option u sing m anage m ode offnode allows you to change current settings for off-node server options. You may use this command to enable and configure the dynamic device option. D ynamic d evice c onf...
Page 218
User’s guide 218 cyberswitch if a specific set of parameters is required for a particular device, configure the specific device independently, either locally (through the on-node device list) or in csm. The cyberswitch will look at the configured device table first before proceeding to the dynamic d...
Page 219
Central site remote access switch 219 c onfiguring o ff - node s erver i nformation tacacs authentication server u sing m anage m ode c ommands tacacs displays the current tacacs off-node server configuration data. Tacacs change allows you to change the current tacacs off-node server configuration d...
Page 220
User’s guide 220 cyberswitch ace a uthentication s erver c onfiguring an ace a uthentication s erver note: in order for the cyberswitch to reference an ace server, the following configuration steps must first be completed: • basic ip routing information must be configured for ace • a lan network int...
Page 221
Central site remote access switch 221 c onfiguring o ff - node s erver i nformation ace authentication server b. Specify the time between retries. C. Choose between the des or sdi encryption method. The algorithm you select must be compatible with the ace server setup. D. You will also be prompted f...
Page 222
User’s guide 222 cyberswitch t ime between a ccess r equest r etries the time between access request retries sent from the system. The initial default value is 1 second. The acceptable range is from 1 to 10,000. E ncryption m ethod this option should always indicate sdi, and is not currently configu...
Page 223
C onfiguring n etwork l ogin i nformation o verview the cyberswitch offers a number of configurable options to control the login process for this system and for off-node authentication servers. These options include: • general network login configuration • network login banners • login configuration...
Page 224
User’s guide 224 cyberswitch telnet session for authentication. Item (11), terminal server security , allows you to specify type of security for this special connection. See following description. A uthentication t imeout note: if using the security dynamics ace server, modify the timeout value to b...
Page 225
Central site remote access switch 225 c onfiguring n etwork l ogin i nformation network login banners n etwork l ogin g eneral c onfiguration b ackground i nformation allows you to change the network login prompts. These include the prompts for: • login id • dynamic password • user password • old pa...
Page 226
User’s guide 226 cyberswitch netlogin change allows you to change the current network login configuration data. After entering the netlogin change command, you will be prompted for the type of login configuration information you want to change. The prompt will resemble the cfgedit screen in which th...
Page 227
Central site remote access switch 227 c onfiguring n etwork l ogin i nformation login configuration specific to radius server u sing m anage m ode netlogin displays the current network login configuration data. After entering the netlogin command, you will be prompted for the type of login configura...
Page 228
User’s guide 228 cyberswitch the password control character is a key sequence you specify to switch between the login mode and the change password mode. In order to enable this feature for the general user, you need to configure this password control character. L ogin c onfiguration s pecific to tac...
Page 229
Central site remote access switch 229 c onfiguring n etwork l ogin i nformation login configuration specific to tacacs server note: there is no customization of specific device login for the ace server. U sing m anage m ode netlogin displays the current network login configuration data. After enteri...
Page 230
User’s guide 230 cyberswitch tacacs may provide return code messages upon user login. You may customize these messages through cfgedit. The default messages are as follows: if the login process was successful, but the user password is about to expire, one of the following messages is displayed: • pa...
Page 231
C onfiguring e ncryption o verview the cyberswitch encryption option provides 56-bit data encryption through two different implementations: • ip (or network layer) security • ppp (or link layer) encryption these implementations use the data encryption standard (des) algorithm. Des provides data secu...
Page 232
User’s guide 232 cyberswitch c onfiguring s ecurity a ssociations and a uthentication (ip s ecurity o nly ) ip security encryption configuration consists of the following elements: • setting up security associations for encapsulating security payload (esp) • optionally specifying keys for authentica...
Page 233
Central site remote access switch 233 c onfiguring e ncryption configuration note: for the final destination and source ip addresses, you may enter the entire address (i.E., 197.1.2.2 vs. 197.1.0.0); however, the subnet mask will determine how many significant bits the system will actually consider....
Page 234
User’s guide 234 cyberswitch 7. Enable the decryption/encryption feature. (this selection is a toggle switch). 8. Configure encryption key implementation: • if you plan to use the cyberswitch’s automated key exchange, enable proprietary key ex- change. (this selection is a toggle switch.) then skip ...
Page 235
Central site remote access switch 235 c onfiguring e ncryption configuration associations for incoming and outgoing packets. The incoming packet security association on site “a” must match the outgoing packet security association on site “b” and vice versa. F inal d estination ip a ddress ip address...
Page 236
User’s guide 236 cyberswitch s ecurity p arameter i ndex (spi) a 32-bit number (eight hexadecimal digits) used to identify the security associations between cyberswitch nodes. The spi must be greater than or equal to 00000100hex. The spi is transmitted in the encapsulating security payload (esp) hea...
Page 237
Central site remote access switch 237 c onfiguring e ncryption encryption background information the peer must also have corresponding security associations. (note that the gateway address and the source/destination subnet addresses are switched to reflect the peer subnet.) security associations bet...
Page 238
User’s guide 238 cyberswitch on the cyberswitch, ah is added to a packet after esp application. When a remote node receives the encrypted packet, it first processes the authentication information in the ah. If the ah information is valid, the node proceeds to decrypt the packet. If authentication fa...
Page 239
Central site remote access switch 239 c onfiguring e ncryption encryption background information a utomated k ey e xchange the cyberswitch’s automated key exchange uses a proprietary protocol defined for use with cabletron remote access products. This proprietary protocol exchanges information durin...
Page 240
User’s guide 240 cyberswitch m ultiple mac/ip a ddresses for backup purposes, you may want to consider using the multiple mac or multiple ip address feature to set up redundant configurations to use in conjunction with encryption. In such configurations, you must be sure that all cyberswitch nodes h...
Page 241
A dvanced c onfiguration we define advanced configuration as the configuration you may use to fine tune your system, or to configure options that are not necessarily needed by the majority of users. For example, to configure an alternate access (an alternate to isdn access), this would be considered...
Page 242
C onfiguring a lternate a ccesses o verview an access defines the connection details the cyberswitch uses to reach the network. The default access is isdn access, a switched-network access. Configurable accesses are required for dedicated network connections , and for packet-switched network connect...
Page 243
Central site remote access switch 243 c onfiguring a lternate a ccesses dedicated accesses d edicated a ccess c onfiguration e lements l ines the line that will be used for the dedicated access. A dedicated access can be defined on either a bri, a pri, a network v.35, or a network rs232 line. B eare...
Page 244
User’s guide 244 cyberswitch to define a dedicated access, you must select a previously defined line. Then, input the details required to use the line. Notes: to achieve maximum bandwidth, you could theoretically dedicate two t1s to one remote device (3072 kbps). Any configuration above this maximum...
Page 245
Central site remote access switch 245 c onfiguring a lternate a ccesses x.25 accesses 4. Enter the x.121 address of the local dte (the cyberswitch). 5. Select the data rate for the line. 6. Enter a list of bearers (a channel map). For pri lines, the range of channels is from 1 to 24. For bri lines, ...
Page 246
User’s guide 246 cyberswitch 3. Configure the x.25 reliability, windows, and acknowledgment facilities. A. Select the type of sequence numbers to be used for x.25: regular or extended. Extended sequence numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128), as opposed ...
Page 247
Central site remote access switch 247 c onfiguring a lternate a ccesses x.25 accesses p ermanent v irtual c ircuit i nformation note: svcs and pvcs are specified in the x.25 logical channel assignments section of the configuration. However, pvcs require additional configuration, which is done in thi...
Page 248
User’s guide 248 cyberswitch b earer c hannels a list of bearers (a channel map) that will be used on the line associated with this x.25 access. For pri lines, the range of channels is from 1 to 24.For bri lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/or list a...
Page 249
Central site remote access switch 249 c onfiguring a lternate a ccesses x.25 accesses x.25 a ccess c onfiguration e lements the x.25 access configuration elements are divided into seven different categories: • x.25 logical channel assignments • x.25 timer configuration • x.25 reliability, windows, a...
Page 250
User’s guide 250 cyberswitch x.25 r eliability , w indows , and a cknowledgment x.25 s equence n umber r ange the type of sequence numbers to be used for x.25; regular or extended. Extended sequence numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128), as opposed to 0...
Page 251
Central site remote access switch 251 c onfiguring a lternate a ccesses x.25 accesses n onstandard d efault t ransmit w indow s ize the number of frames that a dte can send without receiving an acknowledgment. Using modulo 128, the dtes can send up to 127 frames without receiving an acknowledgment. ...
Page 252
User’s guide 252 cyberswitch x.25 r estriction f acilities these facilities are used to place restrictions upon incoming and outgoing x.25 calls. B arring i ncoming c alls allows to you bar x.25 calls coming in to the system. The default configuration is to not bar incoming x.25 calls. B arring o ut...
Page 253
Central site remote access switch 253 c onfiguring a lternate a ccesses x.25 accesses n onstandard d efault r eceive w indow s ize the number of frames that a dte can receive without receiving an acknowledgment. Using modulo 128, the dtes can send up to 127 frames without receiving an acknowledgment...
Page 254
User’s guide 254 cyberswitch a virtual path, although it appears that a real circuit exits, in reality, the network routes the device’s information packets to the designated designation. Any given path may be shared by several devices. When the virtual circuit is established, a logical channel numbe...
Page 255
Central site remote access switch 255 c onfiguring a lternate a ccesses frame relay accesses c urrent x.25 r estrictions • x.25 virtual circuits must be two-way logical channels; one-way incoming and one-way out- going channels are not currently supported. • each system can have only one x.25 access...
Page 256
User’s guide 256 cyberswitch 6. Enter a list of bearers (a channel map). For t1 or pri lines, the range of channels is from 1 to 24.For bri lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/ or list a range by using a dash (-). 7. Enter the maximum frame size suppo...
Page 257
Central site remote access switch 257 c onfiguring a lternate a ccesses frame relay accesses 8. Indicate whether or not congestion control should be enabled. 9. Enter the rate measurement interval in msecs. Note: you must restart the cyberswitch in order to associate the pvc with a device. After all...
Page 258
User’s guide 258 cyberswitch have a per packet charge, therefore, the administrator should be cautious when enabling this feature. Lmi indicates whether or not this frame relay access will support the local management interface (lmi). If this frame relay access supports lmi, lmi information can be d...
Page 259
Central site remote access switch 259 c onfiguring a lternate a ccesses frame relay accesses network, the one to which the access line is directly connected, routes the packet to the intended destination based on the dlci therein. Hence, each packet is routed independently through the network based ...
Page 260
User’s guide 260 cyberswitch f rame r elay a ccess b ackground i nformation frame relay is a frame mode service in which data is switched on a per frame basis, as opposed to a circuit mode service that delivers packets on a call-by-call basis. This feature will allow the system to efficiently handle...
Page 261
Central site remote access switch 261 c onfiguring a lternate a ccesses frame relay accesses configured in the device table. It will find the pvc and the line protocol that corresponds to the pvc name and change its pvc name to match the corresponding device name. Notes: connection services manager ...
Page 262
User’s guide 262 cyberswitch -- the rate at which data frames may be sent into the network without incurring congestion. This is generally accepted as the end-to-end available bandwidth at which frame relay service devices may enjoy sustained frame transmission. By definition this must be less than ...
Page 263
Central site remote access switch 263 c onfiguring a lternate a ccesses frame relay accesses however, under the above stated conditions, the network configuration shown below would not be allowed: switched connections can only be used as a backup to frame relay. As such, a switched connection would ...
Page 264
C onfiguring a dvanced b ridging o verview when bridging is enabled, optional advanced features are available. Optional bridging features include: • bridge dial out • spanning tree protocol • mode of operation • bridging filters • known connect lists this chapter includes a section for each advanced...
Page 265
Central site remote access switch 265 c onfiguring a dvanced b ridging bridge dial out c onfiguring the d evice l ist for b ridge d ial o ut note: the configuring device level databases chapter contains the information needed to completely configure an on-node device entry. The following section pro...
Page 266
User’s guide 266 cyberswitch 9. Enable bridging. 10. Enable make calls for bridge data. You must have already configured the device’s phone number (step 6) before the system allows you to enable this feature. Return to the current device table. The system notifies you of proper configuration for you...
Page 267
Central site remote access switch 267 c onfiguring a dvanced b ridging spanning tree protocol s panning t ree p rotocol c onfiguration e lements only the ethernet-2 adapter supports the spanning tree protocol in its entirety. Outlined below are the spanning tree configuration elements that the user ...
Page 268
User’s guide 268 cyberswitch b ridge m ode of o peration c onfiguring the b ridge m ode of o peration u sing cfgedit 1. Select mode of operation from the bridging menu. 2. Select the bridge mode of operation. The unrestricted bridge mode is the default. B ridge m ode of o peration c onfiguration e l...
Page 269
Central site remote access switch 269 c onfiguring a dvanced b ridging bridge filters r estricted b ridge m ode if the restricted bridge mode is selected, packets will be discarded unless overridden by a user- defined bridge filter. The bridge filters, therefore, allow you to transfer only the packe...
Page 270
User’s guide 270 cyberswitch 5. Configure protocol filters. A. Select to add a protocol filter. B. Select a protocol definition id. C. Select a distribution list. 6. Configure packet data filters. A. Select to add a packet data filter. B. Enter the off set value. C. Enter the mask in hex. D. Enter t...
Page 271
Central site remote access switch 271 c onfiguring a dvanced b ridging bridge filters destination mac filter commands destfilt displays the current destination address filter configuration data. Destfilt add allows a destination address filter to be added to the current configuration. Refer to the u...
Page 272
User’s guide 272 cyberswitch b ridge f ilter c onfiguration e lements p rotocol d efinition c onfiguration e lements p rotocol n ame a user-defined name for the protocol to be filtered. It can be from 1 to 17 alphanumeric characters in length. E thernet t ype in h ex a four digit hexadecimal number ...
Page 273
Central site remote access switch 273 c onfiguring a dvanced b ridging bridge filters b ridge f ilters b ackground i nformation user-defined bridge filters allow you to filter unwanted traffic out of the network. The following table lists the four different types of bridge filters and the maximum nu...
Page 274
User’s guide 274 cyberswitch two of the more common protocols used today are: • the ip protocol id, which identifies dod internet protocol packets with ethernet type equal to hexadecimal 800, or 802.3 lsap equal to hexadecimal 6060. • the ipx protocol id, which identifies novell (old) netware ipx pa...
Page 275
Central site remote access switch 275 c onfiguring a dvanced b ridging bridge filters 3. Destination mac-address discard this filter allows you to discard mac frames addressed to the specified mac address. When the specified mac address appears in the destination address field of the mac frame, the ...
Page 276
User’s guide 276 cyberswitch the following charts summarize the filter actions available for unrestricted bridging: filter action distribution list result discard lan a packet matching this filter will not be forwarded on any lan port. The packet will be sent to remote sites connected over the wan a...
Page 277
Central site remote access switch 277 c onfiguring a dvanced b ridging bridge filters for unrestricted bridging, the following additional filter actions are available only on a system with an ethernet-2 adapter executing the local bridge option. * device list may be the on-node device database, or i...
Page 278
User’s guide 278 cyberswitch restricted mode bridge filters 1. Source unicast-address forward this filter allows you to stipulate access privileges of a given device. When the specified unicast address appears in the source address field of a mac frame, the frame will be forwarded as specified in th...
Page 279
Central site remote access switch 279 c onfiguring a dvanced b ridging bridge filters 5. Protocol protocol-id forward this filter allows you to restrict packets based on the ethernet protocol id field or the corresponding 802.3 lsap field. You can specify the protocol id that is to be forwarded. The...
Page 280
User’s guide 280 cyberswitch the following chart summarizes the forward and connect filter actions available for restricted bridging: filter action distribution list result forward lan a packet matching this filter will only be forward- ed on the lan ports. The packet will not be sent to any remote ...
Page 281
Central site remote access switch 281 c onfiguring a dvanced b ridging bridge filters for restricted bridging, the following additional filter actions are available only on a system with an ethernet-2 adapter executing the local bridge option: it is possible to use a discard filter action to selecti...
Page 282
User’s guide 282 cyberswitch * device list may be the on-node device database, or it may be located on an off-node authentication server. For restricted bridging, the following additional discard filter actions are available only on a system with an ethernet-2 adapter executing the local bridge opti...
Page 283
Central site remote access switch 283 c onfiguring a dvanced b ridging bridge filters d ial o ut u sing b ridge f ilters each type of bridge filter for each operating mode supports a different set of “forwarding actions.” your particular set up and device configuration will determine which type of f...
Page 284
User’s guide 284 cyberswitch 3. From the bridging menu, select bridge filters. The menus similar to the following will then be displayed. Follow the item selection process shown in the screens (the selections are in bold). If you choose connect as a forwarding action, the system will connect and for...
Page 285
Central site remote access switch 285 c onfiguring a dvanced b ridging known connect list your filter is now configured for this example. Remember, each type of filter for each operating mode supports a different set of “forwarding actions.” these are described in detail earlier in the bridge filter...
Page 286
User’s guide 286 cyberswitch k nown c onnect l ist c onfiguration e lements d evice n ame the name of a bridge device that has been preconfigured in the on-node device database section of the configuring device level databases chapter. This is a device to which you want the system to connect and for...
Page 287
C onfiguring a dvanced ip r outing o verview by default, ip routing is disabled when you first install your system software. After ip routing is enabled, there are optional advanced features available. Optional advanced ip routing features include: • static arp table entries arp (address resolution ...
Page 288
User’s guide 288 cyberswitch s tatic arp t able e ntries c onfiguring s tatic arp t able e ntries u sing cfgedit once ip has been enabled, the full ip configuration menu will be displayed as shown below: the advanced ip routing options, including arp table entries, are configured through this menu. ...
Page 289
Central site remote access switch 289 c onfiguring a dvanced ip r outing the isolated mode t he i solated m ode c onfiguring the i solated m ode u sing cfgedit 1. Select isolated mode (enable/disable) from the ip menu. 2. Follow the onscreen instructions to either enable or disable the isolated mode...
Page 290
User’s guide 290 cyberswitch s tatic r oute via radius c onfiguration e lements s tatic r oute via radius s tatus you may enable or disable this option. S tatic r oute l ookup via radius b ackground i nformation the static routes lookup via radius option allows you to maintain static routes for devi...
Page 291
Central site remote access switch 291 c onfiguring a dvanced ip r outing ip filters ip a ddress p ool b ackground i nformation the ip address pool feature allows you to configure a list of ip addresses that can be dynamically assigned to remote ip devices as they connect to the system. This would oc...
Page 292
User’s guide 292 cyberswitch i nitiating the ip f ilter c onfiguration u sing cfgedit to begin the configuration process, ip must be enabled. Access ip filter configuration through the extended ip routing menu: upon selecting ip filter information, the following sub-menu is displayed: the configurat...
Page 293
Central site remote access switch 293 c onfiguring a dvanced ip r outing ip filters the screen identifies the common portion of the packet type, which includes the ip addresses and protocol information. To modify these values, refer to the following section entitled configuring the common ip portion...
Page 294
User’s guide 294 cyberswitch 8. Select ip protocol. If you choose an upper-level protocol, refer to the three following configuration sections: configuring tcp, configuring udp, and configuring icmp. C onfiguring tcp if you have selected tcp as your ip protocol, a screen similar to the following is ...
Page 295
Central site remote access switch 295 c onfiguring a dvanced ip r outing ip filters 1. Select udp source port. Note that the ports are specified in terms of an operator. 2. Select a comparison operator. 3. If you have chosen the comparison operator of “range”, you will be prompted for upper-range an...
Page 296
User’s guide 296 cyberswitch c onfiguring f orwarding f ilters the configuration of forwarding filters is a two-part process. First you must name the filter, and then you must create a list of conditions for the filter. To add a condition, you must name a previously-created packet type, and then nam...
Page 297
Central site remote access switch 297 c onfiguring a dvanced ip r outing ip filters c onfiguring c onnection f ilters the ip connection filter is used at the point when an ip packet attempts to establish an outbound connection in order to continue the forwarding process. Its configuration parallels ...
Page 298
User’s guide 298 cyberswitch c onfiguring e xception f ilter the ip exception filter is intended for temporary, special conditions within an existing forwarding filter. When enabled, it is logically appended to the beginning of each forwarding filter in effect. U sing cfgedit 1. Select exception fil...
Page 299
Central site remote access switch 299 c onfiguring a dvanced ip r outing ip filters m odifying the f inal c ondition for a f ilter to change the final condition for a filter, select change default condition (currently selection (5) on the conditions for filter menu. A pplying f ilters once you have ...
Page 300
User’s guide 300 cyberswitch 6. Select ip information. 7. Select either ip input filter or ip output filter. 8. Provide the filter name. Ip f ilters c onfiguration e lements the following elements are described in terms of the individual comparisons which make up the packet types. When an ip packet ...
Page 301
Central site remote access switch 301 c onfiguring a dvanced ip r outing ip filters eq equal to neq not equal to lt less than gt greater than range inclusive range = examples: eq 23: tcp port for the telnet protocol. Range 0 65535:any tcp port (wild card and default). Tcp c ontrol this element acces...
Page 302
User’s guide 302 cyberswitch sample packet passing through a filter f ilter c omposition the ip filtering mechanism is composed of three fundamental building blocks: • packet types the criteria for describing an ip datagram’s contents: ip source and destination addresses, protocol (tcp, udp, etc.), ...
Page 303
Central site remote access switch 303 c onfiguring a dvanced ip r outing ip filters attached network. • through the output network interface: applies the filter only to packets which are transmitted on a specific attached network (i.E. After the routing process has determined the next-hop net- work ...
Page 304
User’s guide 304 cyberswitch because the packet types within the conditions specify both source and destination address information, global application may often be sufficient to filter ip traffic across the entire system. However, the input, output and user-based application points are defined in c...
Page 305
Central site remote access switch 305 c onfiguring a dvanced ip r outing ip filters common portion: protocol-specific portion tcp: protocol-specific portion, udp: protocol-specific portion, icmp: l imitations system performance will be affected by the number of packets, conditions and filters config...
Page 306
User’s guide 306 cyberswitch e xample of an ip f ilter c onfiguration this example provides a simple filtering scenario in which a corporate lan utilizes a cyberswitch to provide wan access to both dial-in devices as well as the global internet. A netserver resides on the lan to provide configuratio...
Page 307
Central site remote access switch 307 c onfiguring a dvanced ip r outing ip filters the corporate dial-in access is realized with a wan direct interface, using a pool of ip addresses from the corporate lan for dynamic assignment to the dial-in devices. These devices must first pass authentication pr...
Page 308
User’s guide 308 cyberswitch once the offsite maintenance is completed, the exception filter would be disabled. Configuration control over the exception filter is available both through cfgedit and manage mode (with manage mode being the most practical method due to its dynamic nature). Dhcp r elay ...
Page 309
Central site remote access switch 309 c onfiguring a dvanced ip r outing dhcp relay agent dhcp c onfiguration e lements dhcp/bootp r elay a gent e nable /d isable f lag a global flag that indicates whether the system is relaying the dhcp/bootp bootrequest messages or not. The relay agent is disabled...
Page 310
User’s guide 310 cyberswitch bridge to bridge environment as shown in the picture above, when a remote lan is connected with bridge devices, the dhcp server and clients communicate with each other as if they were on the same lan. This is one example configuration of how dhcp can be used to accomplis...
Page 311
Central site remote access switch 311 c onfiguring a dvanced ip r outing dhcp relay agent e xample dhcp c onfigurations below we have included two of the more common dhcp scenarios. These may help you configure your own dhcp feature. Ip router to ip router (with relay agents on both) this configurat...
Page 312
User’s guide 312 cyberswitch routers shown in the diagram above. Sample configurations for the objects in the above network diagram are as follows: note: the dhcp server must have a route specified to get back to the dhcp-enabled router ruby, or use alex as its default gateway. Configuration for ip ...
Page 313
Central site remote access switch 313 c onfiguring a dvanced ip r outing dhcp relay agent remote bridge to ip router (w/relay agent) this configuration is useful when requests by a dhcp client must be “bridged” to an ip router that is also a dhcp/bootp relay agent. Our equipment is shown in this exa...
Page 314
User’s guide 314 cyberswitch notes: the dhcp server must have a route specified to get back to the dhcp-enabled router alex, or use alex as its default gateway. When you are using a rlan interface, you are limited to one subnetwork. Configuration for ip router "alex" configuration for remote bridge ...
Page 315
Central site remote access switch 315 c onfiguring a dvanced ip r outing dhcp proxy client dhcp p roxy c lient c onfiguring the dhcp p roxy c lient in order to configure the dhcp proxy client, you must first enable the client, and then configure client information for a wan or a wan (direct host) ty...
Page 316
User’s guide 316 cyberswitch dhcp c onfiguration e lements dhcp p roxy c lient e nable /d isable f lag a global flag that indicates whether the dhcp proxy client feature is enabled or not. The proxy client is disabled by default. M aximum n umber of ip a ddresses refers to the maximum number of ip a...
Page 317
Central site remote access switch 317 c onfiguring a dvanced ip r outing dhcp proxy client the dhcp proxy client feature is not applicable for the cyberswitch running in ip host mode. Dhcp servers must support use of the broadcast bit in order to obtain ip addresses for wan (direct host) interfaces....
Page 318
User’s guide 318 cyberswitch s ecurity a ssociations the steps to configure security associations are merely listed here. For more detailed information, refer to configuring encryption . C onfiguring s ecurity a ssociations u sing cfgedit 1. Select security associations from the ip routing menu, and...
Page 319
Central site remote access switch 319 c onfiguring a dvanced ip r outing dns and netbios addresses dns and n et bios a ddresses c onfiguring dns and n et bios a ddresses u sing cfgedit 1. From the cfgedit main menu, select options. 2. Select ip routing. If ip routing is disabled, enable this now. 3....
Page 320
User’s guide 320 cyberswitch u sing m anage m ode ipnamesv this command displays the name servers menu from which you can enable, disable or change an ip address for a name server. Dns/nbns c onfiguration e lements ip a ddress the ip address(es) for the name server(s) you wish to configure. Your cho...
Page 321
C onfiguring ipx o verview ipx protocol accepts data from remote devices and formats the data for transmission onto the network, and conversely, accepts data from the lan and formats it so it can be understood by remote devices. In short, ipx allows remote devices and their servers to communicate. T...
Page 322
User’s guide 322 cyberswitch c onfiguring ipx i nformation note: ipx is available only if you have purchased the additional software module for our ipx feature. To help you configure your ipx information, we have included an illustration of a sample network. As we explain the steps, we provide sampl...
Page 323
Central site remote access switch 323 c onfiguring ipx ipx routing option ipx r outing o ption e nabling /d isabling ipx note: the cyberswitch does not currently provide ipx data transfer over x.25 links. U sing cfgedit 1. Select options from the main menu. 2. Select ipx routing from the options men...
Page 324
User’s guide 324 cyberswitch ipx o ption b ackground i nformation the internetwork packet exchange (ipx) protocol is a datagram, connectionless protocol in the netware environment analogous to the internet protocol (ip) in the tcp/ip environment. With the help of routing information protocol (rip) a...
Page 325
Central site remote access switch 325 c onfiguring ipx ipx network interfaces ipx n etwork n umber b ackground i nformation novell netware networks use ipx external and internal network numbers. An ipx internal network number is a unique identification number assigned to a network server or router a...
Page 326
User’s guide 326 cyberswitch 9. If ipx rip has been enabled for the system, enter the following: a. Rip send control (do not respond or respond) b. Frequency (in seconds) of sending rip updates c. Rip receive control (do not respond or respond) d. Time (in seconds) to age rip entries e. Rip respond ...
Page 327
Central site remote access switch 327 c onfiguring ipx ipx network interfaces ipx n etwork i nterface c onfiguration e lements g eneral ipx n etwork i nterface c onfiguration e lements i nterface t ype when configuring an ipx network interface, this parameter specifies the type of network segment to...
Page 328
User’s guide 328 cyberswitch s end f requency specifies the frequency at which the system will transmit rip packets, if the send control parameter is set to send for this interface. This parameter is a decimal value specified in seconds from 1 to 300. The default value is 60 seconds. R eceive c ontr...
Page 329
Central site remote access switch 329 c onfiguring ipx ipx network interfaces ipx n etwork i nterface b ackground i nformation traditional routing products ask you to define the network interfaces to which the router is directly connected: lan i nterfaces lan network interfaces are fixed broadcast m...
Page 330
User’s guide 330 cyberswitch ipx r outing p rotocols c onfiguring ipx r outing p rotocols u sing cfgedit 1. Select routing protocols from the ipx menu. The following will be displayed: 2. To change the enable/disable status for any of the ipx protocols, simply enter the id number associated with the...
Page 331
Central site remote access switch 331 c onfiguring ipx ipx routing protocols rip/sap n umber of t able e ntries specifies the maximum number of routing entries which can be stored in the route or service table. You may select a number between 20 and 3072. The default value is 282 (141 routes + 141 s...
Page 332
User’s guide 332 cyberswitch static services are configured locally on the system. Sap entries are learned from incoming sap packets. All services are stored, used internally and advertised to other routers. The same factors that affect the maximum number of routes stored also affect the maximum num...
Page 333
Central site remote access switch 333 c onfiguring ipx ipx static routes ipx s tatic r outes note: with the availability of triggered rip/sap ( page 343 ), the configuration of static routes is no longer necessary but still supported. Situations may arise in which a remote router does not support ou...
Page 334
User’s guide 334 cyberswitch u sing m anage m ode c ommands ipxroute displays the current ipx routes (both statically entered and "learned"). Ipxroute [add/change/delete] allows you to add/change/delete an ipx route. Ipx s tatic r outes c onfiguration e lements d estination n etwork the ipx network ...
Page 335
Central site remote access switch 335 c onfiguring ipx ipx netware static services ipx n et w are s tatic s ervices note: with the availability of triggered rip/sap ( page 343 ), the configuration of static services is no longer necessary but still supported. Situations may arise in which a remote r...
Page 336
User’s guide 336 cyberswitch ipx n et w are s tatic s ervices c onfiguration e lements s ervice n ame specifies the netware service name that is the target of this static service definition. This parameter is a 48 character netware service name. S ervice t ype indicates the type of netware service t...
Page 337
Central site remote access switch 337 c onfiguring ipx ipx spoofing ipx n et w are s tatic s ervices b ackground i nformation this ipx feature allows you to configure service servers that are on networks across the wan. The ipx netware static services configuration tells the system which servers are...
Page 338
User’s guide 338 cyberswitch b. Press 2 to select the system serialization packet handling level. The default values for all parameters will be displayed. Enter the id of any parameters you need to change. Follow the onscreen instructions for changing the default values. Return to the ipx spoofing m...
Page 339
Central site remote access switch 339 c onfiguring ipx ipx spoofing w atchdog p rotocol watchdog protocol is used by netware servers to detect “dead” clients. If no traffic has been seen by a server from an attached client for a configurable amount of time, the server sends a watchdog packet to the ...
Page 340
User’s guide 340 cyberswitch some of these packets are overloaded in that they are not just keep-alive packets but are control packets needed for the application to run successfully and hence have to be routed like regular spx data packets. If any netware application does not seem to work across wan...
Page 341
Central site remote access switch 341 c onfiguring ipx ipx isolated mode ipx t ype 20 p acket h andling d evice c onfiguration e lements once you enable the feature, you can then enter devices to use the feature. The following configuration elements are entered for each device. Ipx t ype 20 p acket ...
Page 342
User’s guide 342 cyberswitch ipx t riggered rip/sap ipx triggered rip/sap is a type of broadcast protocol used over wan circuits for router-to-router exchange of route and service information. Its broadcasts are “triggered” by events such as updates or changes to route and service tables. Triggered ...
Page 343
Central site remote access switch 343 c onfiguring ipx ipx triggered rip/sap c onfiguration e lements d ata b ase t imer this timer starts when an update response is received. While this timer is running, the routes learned from this router are still considered reachable, and advertised as such on o...
Page 344
User’s guide 344 cyberswitch specifically, triggered rip and sap updates are only transmitted on the wan: • when a specific request for a routing/service update has been received; • when the routing or service databases are modified by new information from another interface (in which case, only the ...
Page 345
Central site remote access switch 345 c onfiguring ipx ipx-specific information for devices 7. Enable ipx routing. Select ipx routing and follow on-screen instructions. 8. Enable make calls feature. Select make calls for ipx data and follow on-screen instructions only if the cyberswitch is to dial-o...
Page 346
User’s guide 346 cyberswitch c. Press to return to the ipx device spoofing menu. Press 2 to configure spx watchdog spoofing. The following menu will be displayed: d. The screen includes default configuration values. If needed, make changes to the default values. E. Press to return to the ipx device ...
Page 347
Central site remote access switch 347 c onfiguring ipx ipx-specific information for devices 3. Select on-node device entries from the device level databases menu. 4. Press 1 to add a device. 5. Enter the device’s name and press . You should provide isdn and authentication information first. 6. Selec...
Page 348
User’s guide 348 cyberswitch otherwise, a wan connection is not established. With triggered rip/sap, this field must also be enabled for an active wan peer type to function properly. Ipxwan protocol the ipxwan protocol option is not yet completely functional. In the future, it will provide interoper...
Page 349
Central site remote access switch 349 c onfiguring ipx ipx-specific information for devices this parameter is only necessary for ipx over frame relay when at least one of the cyberswitches in the frame relay connection is a csx200 or csx400. (csx200 and csx400 platforms do not support unnumbered con...
Page 350
C onfiguring snmp o verview a network management station (nms) is a device that contains snmp-specific software, giving it the ability to query snmpagents using various snmp commands. If you have purchased an nms (such as cabletron’s spectrum® management platform), you should enable and configure th...
Page 351
Central site remote access switch 351 c onfiguring snmp configuring snmp 1. Enable ip routing if you have not already done so. 2. Select snmp from the options menu. 3. Follow the onscreen instructions to enable snmp. The following snmp menu will then be displayed: 4. Enter the community name informa...
Page 352
User’s guide 352 cyberswitch u sing m anage m ode c ommands currently you cannot configure snmp using the manage mode, but the following command is available: snmp this manage mode command displays the current snmp configuration data. An example output screen is shown below: snmp c onfiguration e le...
Page 353
Central site remote access switch 353 c onfiguring snmp snmp background information ip a ddress the ip address assigned to the management station that should receive trap pdus. C ommunity n ame a list of configured community names will be displayed. Select the community name that should be inserted ...
Page 354
User’s guide 354 cyberswitch the snmp agent will process all snmp protocol data units (pdus) which are received at a lan port or which are received at a wan port. (a pdu contains both data and control (protocol) information that allows the two processes to coordinate their interactions. The snmp fea...
Page 355
Central site remote access switch 355 c onfiguring snmp snmp background information protocol (icmp) group, the user datagram protocol (udp) group, the transmission control protocol (tcp) group, and the simple network management protocol (snmp) group. Currently, each object in the above mib-2 groups ...
Page 356
User’s guide 356 cyberswitch • isdnusagenormal trap an snmp agent will generate an isdnusagenormal trap pdu when the agent detects that the number of b-channels in use has returned to a value below the configured threshold value. • authtimeout trap an snmp agent will generate an authtimeout trap pdu...
Page 357
C onfiguring a pple t alk r outing o verview the appletalk routing feature allows the cyberswitch to efficiently route appletalk data as opposed to bridging all data relating to the protocol. With the addition of the appletalk remote lan feature, the cyberswitch can be configured to be a router, bri...
Page 358
User’s guide 358 cyberswitch a pple t alk r outing o ption c onfiguration e lement a pple t alk o perational s tatus you can enable or disable the appletalk routing option. When appletalk routing is enabled, the cyberswitch acts as an appletalk router, routing appletalk datagrams based on appletalk ...
Page 359
Central site remote access switch 359 c onfiguring a pple t alk r outing appletalk ports 8. If you are configuring your system in the nondiscovery mode (you entered numbers other than 0 or 0-0 for the network range/number), complete the following: a. Enter either the suggested appletalk address or t...
Page 360
User’s guide 360 cyberswitch a pple t alk n etwork r ange /n umber the appletalk network range (for extended network) or the appletalk network number (for nonextended network) of the lan segment that the port is connected to. Specifying 0.0 (for extended) or 0 (for nonextended) places the port in di...
Page 361
Central site remote access switch 361 c onfiguring a pple t alk r outing appletalk ports t he z one c oncept a zone is a logical group of nodes on an internet, much like the concept of subnetting with the world of ip. Within the framework of phase 2 the logical assignment of zones is limited to 255 ...
Page 362
User’s guide 362 cyberswitch number/range configured for the remote lan port differs from the network number/range that is being broadcasted in rtmp packets by other remote routers, the port becomes unusable. Configuration in order to properly set up an appletalk remote lan, you must: • enable apple...
Page 363
Central site remote access switch 363 c onfiguring a pple t alk r outing appletalk capacities a pple t alk r outing s tatic r outes c onfiguration e lements a pple t alk n etwork t ype the appletalk network type used by the destination network of this static route. Type can be either extended networ...
Page 364
User’s guide 364 cyberswitch a pple t alk c apacities b ackground i nformation this option allows you to control the maximum number of table entries (routing and zone tables) for your network. A pple t alk i solated m ode c onfiguring the a pple t alk i solated m ode u sing cfgedit 1. Select isolate...
Page 365
C onfiguring c all c ontrol o verview the cyberswitch offers a number of configurable options to control how the system will make and accept calls. These options, each of which are described in this chapter, include: • configuring throughput monitor parameters • configuring call interval parameters ...
Page 366
User’s guide 366 cyberswitch t hroughput m onitor c onfiguring the t hroughput m onitor notes: throughput monitoring parameters do not apply to digital modems. Refer to the digital modem inactivity timeout feature for an alternative. Certain restrictions apply to the use of the throughput monitor an...
Page 367
Central site remote access switch 367 c onfiguring c all c ontrol throughput monitor t hroughput m onitor c onfiguration e lements s ample r ate a sample rate identifies the number of seconds for each sample period. The default setting for the sample rate is 5 seconds. During this period, the system...
Page 368
User’s guide 368 cyberswitch the default throughput monitor configuration will work for initial installation. These parameters can be changed to better match the bandwidth needs of your location. Correctly tuning these parameters is important in order to eliminate unnecessary data calls. The default...
Page 369
Central site remote access switch 369 c onfiguring c all c ontrol throughput monitor u nderload c ondition m onitoring the underload condition is monitored by comparing the samples with a lower threshold. The sample is marked as a true condition if both the transmit and the receive byte count fall b...
Page 370
User’s guide 370 cyberswitch after 5 seconds the sample is checked and the average utilization for the 5 seconds was 40 percent. This is less than the configured utilization percentage of 50%, so no action is taken. For the second sample rate period, the average throughput is 60%. This percentage is...
Page 371
Central site remote access switch 371 c onfiguring c all c ontrol call interval parameters c all i nterval p arameters c onfiguring the c all i nterval p arameters u sing cfgedit 1. Select call intervals from the call control options menu. 2. Enter the minimum time interval between call attempts. C ...
Page 372
User’s guide 372 cyberswitch m onthly c all c harge c onfiguration e lements s tatus allows you to enable or disable the monthly call charge option. M aximum m onthly c harge the maximum monthly charge value. The legal values are from 1 to 10,000,000. This value is specified according to the country...
Page 373
Central site remote access switch 373 c onfiguring c all c ontrol call restrictions u sing m anage m ode c ommands alarm displays the current status of the audible alarm. It is displayed as either enabled or disabled. If enabled, the audible alarm will sound when a call restriction condition has bee...
Page 374
User’s guide 374 cyberswitch the following chart provides example entries for hours calls are allowed: m aximum c alls per d ay allows you to limit the number of calls made per day by configuring a maximum number of calls. The default value is 300 calls per day. Statistics will be logged to track th...
Page 375
Central site remote access switch 375 c onfiguring c all c ontrol call restrictions two actions are available if this limit is exceeded. These actions are: 1. The call will not be allowed; a message will be displayed on the lcd, and written to the report log. 2. The call will be allowed; however, a ...
Page 376
User’s guide 376 cyberswitch c all r estrictions b ackground i nformation the call restriction feature provides the ability to place limits on the toll costs of operating the cyberswitch. Call restriction consists of a variety of features that can restrict the number of switched calls made to remote...
Page 377
Central site remote access switch 377 c onfiguring c all c ontrol bandwidth reservation note that there are four lines in the default profile: (1,1), (1,2), (1,3), and (1,4). The leading “1” in the pair of numbers represents the slot number. The second number in the pair represents the port number. ...
Page 378
User’s guide 378 cyberswitch 5. Under isdn information, enter the profile information. This is a profile name you configured in the previous section. Remember from the previous section that each configured profile reserves specific lines. By assigning this profile to the device, you are reserving sp...
Page 379
Central site remote access switch 379 c onfiguring c all c ontrol semipermanent connections b andwidth r eservation b ackground i nformation this feature allows a portion of the possible connections to always be available to specific devices for both inbound and outbound calls. To increase flexibili...
Page 380
User’s guide 380 cyberswitch 6. Determine if the cyberswitch should always retry a call. If yes, then configuration for the device is done, the device is entered into the semipermanent device list, and appears as shown below. If no, continue to step 7. 7. Enter the maximum number of times to retry a...
Page 381
Central site remote access switch 381 c onfiguring c all c ontrol semipermanent connections s emipermanent c onnections c onfiguration e lements d evice n ame specify the device name (from the device list) that you wish to make a semipermanent connection. Once specified, the semipermanent feature wi...
Page 382
User’s guide 382 cyberswitch call restrictions you may wish to disable call restrictions when using semipermanent connections. Call restrictions are mainly intended for use in areas where “per minute” isdn tariffs are in place. Typically, this in not the case if semipermanent connections are in use....
Page 383
Central site remote access switch 383 c onfiguring c all c ontrol csm as a call control manager csm as a c all c ontrol m anager this feature allows you to use the csm for call control management only. This feature allows you to continue to use other authentication servers (e.G., radius, ace) yet st...
Page 384
User’s guide 384 cyberswitch a uthentication t imeout t imer this timer represents the amount of time the cyberswitch will wait for the authentication agent to handle a login attempt before timing out. If csm is enabled as call control manager, this time- out value must then represent the amount of ...
Page 385
Central site remote access switch 385 c onfiguring c all c ontrol d channel callback if you use user level security for authentication: configure devices on csm as well. This will provide access to the following csm call control management features: call restrictions, maximum bandwidth, and grouping...
Page 386
User’s guide 386 cyberswitch 3. The current status d channel callback will be displayed. Select 1 to toggle from disabled to enabled (as shown by the following screen). Note: in addition to the cfgedit configuration changes, you must also do some configuration through csm for callback to work. You m...
Page 387
Central site remote access switch 387 c onfiguring c all c ontrol digital modem inactivity timeout d igital m odem i nactivity t imeout this feature allows the cyberswitch to disconnect inactive modem connections based on lack of activity for a specified amount of time. This feature does not affect ...
Page 388
User’s guide 388 cyberswitch m odem i nactivity t imeout b ackground i nformation the modem inactivity timeout feature allows the cyberswitch to terminate connections to digital modem devices based on a lack of data transfer for a specified amount of time. This feature applies to both incoming and o...
Page 389
C onfiguring o ther a dvanced o ptions o verview this chapter provides information for configuring advanced system options that are not covered in the previous chapters. These options include: • configuring for a digital modem • configuring default async protocol • configuring ppp • configuring defa...
Page 390
User’s guide 390 cyberswitch routing chapter). Note that digital modem does not support wan rlan or wan unnumbered interfaces. For ipx routing: a. Make sure ipx routing is enabled. B. Configure the lan interface to represent local ipx network that may receive and send datagrams ( configuring ipx cha...
Page 391
Central site remote access switch 391 c onfiguring o ther a dvanced o ptions the digital modem the digital modem software identifies, directs, and converts the data stream appropriately. For example, if an incoming call to the system is identified as coming from an analog modem, the associated isdn ...
Page 392
User’s guide 392 cyberswitch r elationships between d igital m odem and other f eatures note the following: • radius authentication: authentication is performed before the call is routed to the digital modem adapter. Once the call is validated, the call is routed to the digital modem adapter to esta...
Page 393
Central site remote access switch 393 c onfiguring o ther a dvanced o ptions default async protocol t erminal m ode u sing cfgedit 1. From options, select default async protocol. 2. Select action on data timeout. 3. Select use terminal mode. 4. Next, select data timeout value. Change value, in secon...
Page 394
User’s guide 394 cyberswitch if no data is received within the data timeout duration, the following events will occur: • if disconnect is configured, the cyberswitch will disconnect the call. • if use ppp protocol is configured, the cyberswitch will assign the call to a ppp subsystem. • if use termi...
Page 395
Central site remote access switch 395 c onfiguring o ther a dvanced o ptions default async protocol note: if the cyberswitch is configured for ppp mode, the caller at the remote device can override this through manual intervention. The caller must initiate four carriage returns upon call connection ...
Page 396
User’s guide 396 cyberswitch ppp c onfiguration c onfiguring ppp note: a thorough understanding of ppp protocol is required before you attempt to change the ppp configuration. By changing the ppp configuration, you are changing the ppp protocol negotiation parameters. These parameters only need to b...
Page 397
Central site remote access switch 397 c onfiguring o ther a dvanced o ptions ppp configuration r estart t imer times transmissions of configure-request and terminate-request packets. Expiration of the restart timer causes a timeout event, and retransmission of the corresponding configure-request or ...
Page 398
User’s guide 398 cyberswitch ppp b ackground i nformation point-to-point protocol (ppp) can provide standard interoperability for remote devices. Interoperability will allow remote devices made by different manufacturers to operate and exchange information on the same network. Ppp consists of three ...
Page 399
Central site remote access switch 399 c onfiguring o ther a dvanced o ptions default line protocol ppp link failure detection can be enabled or disabled within the ppp options configuration menu. When enabled, two other configurable parameters then control the mechanism. Upon entrance of a ppp link ...
Page 400
User’s guide 400 cyberswitch u sing m anage m ode lineprot displays the current default line protocol configuration. Lineprot change allows you to change the default line protocol configuration. For the configuration steps, refer to the previous cfgedit section. D efault l ine p rotocol c onfigurati...
Page 401
Central site remote access switch 401 c onfiguring o ther a dvanced o ptions log options 2. Configure a syslog server: a. Select log servers. (note that upon selection, no configuration is needed for a local log file. The local log file name is preconfigured.) b. Select add a syslog server. C. Enter...
Page 402
User’s guide 402 cyberswitch udp p ort the default port number is “514”, which should work for most installations. Consult your unix documentation if you are unsure of the udp port number. D ecimal unix p riority v alue the default priority value is “38”, which should work for most installations. (r...
Page 403
Central site remote access switch 403 c onfiguring o ther a dvanced o ptions log options • the ease of data retrieval • the management of a multi-node site; all nodes can send their log messages to a central log serv- er offnode log servers must be accessible via the system’s lan port; they cannot b...
Page 404
User’s guide 404 cyberswitch s ystem m essages the cyberswitch reports three different types of system messages: informational, warning, and error messages. These messages are always available on-node via the dr command. To send system message reports to an off-node server, however, you will need to...
Page 405
Central site remote access switch 405 c onfiguring o ther a dvanced o ptions log options must configure ip routing, a lan ip interface and an ip route to the log server. Then you must enable the cdr feature: • define and configure at least one log device for cdr • connect the syslog server via the l...
Page 406
User’s guide 406 cyberswitch call detail recording events for switched isdn services: there are five isdn cdr events: connect, disconnect, reject, system up, and verify. A connect event occurs when the system authenticates the remote device of an isdn connection. The time stamp for the connect event...
Page 407
Central site remote access switch 407 c onfiguring o ther a dvanced o ptions log options when multiple systems are logging to a shared, central log server, the combination of nas name, event and connection id allows all the records of a report to be processed without ambiguity. (it is crucial, in th...
Page 408
User’s guide 408 cyberswitch e vent t ype this field indicates what type of event the associated message is reporting. The possible values are ‘connect’, ‘disconnect’, ‘reject’,’term conn’,’term disc’,’term succ’,’term fail’, ‘system up’ and ‘cdr verify’. Nas n ame nas name (network access server na...
Page 409
Central site remote access switch 409 c onfiguring o ther a dvanced o ptions log options the duration is calculated by subtracting the connect event time from the disconnect time. Example: chicago-schaumburg 00000001 disconnect 1 of 4 monroecounty port 1/1/1 chicago-schaumburg 00000001 disconnect 2 ...
Page 410
User’s guide 410 cyberswitch example: chicago-schaumburg system up 1 of 1 verify event report contents on a verify event, only record 1 is used. The event type is cdr verify. No data is filled in for the remote device name field or the port field. Example: chicago-schaumburg cdr verify 1 of 1 c ompr...
Page 411
Central site remote access switch 411 c onfiguring o ther a dvanced o ptions compression options c ompression o ptions c onfiguration e lements c ompression s ubsystem s tatus you may enable or disable the compression subsystem status. This option provides enable/disable control over the entire comp...
Page 412
User’s guide 412 cyberswitch c ompression o ptions b ackground i nformation the system data compression capability allows the system to negotiate compression algorithms with a remote device. This compression can be done using some proprietary bridging protocols and also the ppp ccp protocol. After s...
Page 413
Central site remote access switch 413 c onfiguring o ther a dvanced o ptions compression options when using sequence number check mode and a non-zero number of histories, the stac-lzs algorithm requires that incoming data packets be decompressed in the order they were compressed. The sequence number...
Page 414
User’s guide 414 cyberswitch tftp c onfiguring tftp note: you cannot configure tftp through cfgedit. The configuration can only be done through manage mode commands. U sing m anage m ode c ommands tftp this command displays the current tftp configuration. The tftp configuration information includes ...
Page 415
Central site remote access switch 415 c onfiguring o ther a dvanced o ptions file attributes access to files on an system will be controlled by configuration through manage mode. File access attributes are associated with the existing system device id’s (guest and admin) to allow configuration of fi...
Page 416
User’s guide 416 cyberswitch f ile a ttributes b ackground i nformation the tftp change manage mode command allows you to assign the file access rights for the tftp server ( see tftp ). Using the fileattr change manage mode command, you can change the access rights for each access level, depending o...
Page 417
V erification and d iagnosis after configuring your cyberswitch and before proceeding with normal system operations, we suggest you verify that the system is functional. This segment of the user’s guide provides instructions for verifying system hardware and system configuration, and then diagnosing...
Page 418
V erifying the b ase s ystem o verview this chapter describes the verification process for the base system. It includes the verification process for: • hardware resources • wan lines • lan connections • bridge initialization • routing initialization • remote device connectivity • multi-level securit...
Page 419
Central site remote access switch 419 v erifying the b ase s ystem hardware resources operational? Error mapping wan adapter # into host memory map type mismatch of configured & installed adapter # error initializing wan card: # failure during static ram test on adapter # error downloading operation...
Page 420
User’s guide 420 cyberswitch to correct the problem, try the following: a. Verify the resource type and adapter configuration settings as described in the hardware overview and hardware installation chapter. B. Check the configuration for the lan adapter resource. The configuration must match the re...
Page 421
Central site remote access switch 421 v erifying the b ase s ystem wan lines available for use? A. If the system has been operational for longer than 2 minutes, verify that the line is correctly attached to the proper system resource and port. If not, wait for 2 minutes and check again for the wan l...
Page 422
User’s guide 422 cyberswitch 3. To correct the problem, try the following: error mapping adapter # into host memory map type mismatch of configured & installed adapter # a. Terminate the system software: type: quit check the configuration for the serial adapter resource. The configuration must match...
Page 423
Central site remote access switch 423 v erifying the b ase s ystem bridge initialized? This command will display a message similar to the following: lan port 1 transmit was successful if the system displays this message, then the test packet was transmitted correctly. 3. If you receive the message: ...
Page 424
User’s guide 424 cyberswitch 4. If you do not see the initialization message, check the configuration to verify that ip routing is enabled. 5. If ip routing is enabled, and you still do not receive a successful initialization message, it may be that you have either not configured a needed interface ...
Page 425
Central site remote access switch 425 v erifying the b ase s ystem remote device connectivity fix> connid= in - connect call id= slot= port= chans= ces= fix> connid= if the system reports these messages, then continue with the next step. If the system does not report these messages, the remote devic...
Page 426
User’s guide 426 cyberswitch m ulti -l evel s ecurity to verify device and user level security to the cyberswitch, the wan lines that are connected to the system must be available for use, and ip, appletalk, or bridging options must be properly initialized. The remote devices must be operational and...
Page 427
Central site remote access switch 427 v erifying the b ase s ystem ip host mode 3. Telnet from the client pc into the central site. For example, telnet to 100.0.0.1, port 7003. Follow the normal user level authentication process. 4. Once again, determine if the client pc can ping the service server....
Page 428
User’s guide 428 cyberswitch each section below uses example entries to verify ip host mode operation. Ip addresses are specific to the examples. Substitute the ip addresses of your network when you perform the ip host mode feature verification steps. Each section also uses the ip ping command. The ...
Page 429
Central site remote access switch 429 v erifying the b ase s ystem alternate accesses v erification over a wan connection 1. Determine if a remote ip host (host b) can access the system. On the remote ip host type: ping 100.0.0.1 2. If a message similar to the following is displayed, the ip host mod...
Page 430
User’s guide 430 cyberswitch f rame r elay c onnections to verify a frame relay connection to the cyberswitch, the wan lines that are connected to the system must be available for use, and the routing option must be properly initialized. To verify a frame relay connection, perform the following: 1. ...
Page 431
Central site remote access switch 431 v erifying the b ase s ystem alternate accesses 5. Display the system log ( dr command). If the feature is operational, some frames similar to the following will be displayed: (i) 16:28:49.71 #c021: conn=001 out-ppp:lcp echo req id=0x50 len=10 (i) 16:28:49.71 #0...
Page 432
User’s guide 432 cyberswitch c. Wait 20 seconds, then enter the dr command to display the report log. The status log should display a sequence of the following messages: (i) 17:33:35.38 #1067: out - lapb rr, rx sequence = 1 (i) 17:33:35.38 #0000: 01 31 00 2a (i) 17:33:35.38 #1067: in - lapb rr, rx s...
Page 433
V erifying r outing p rotocols o verview this chapter describes the verification process for the following cyberswitch routing protocols: • ip routing • ipx routing • appletalk routing to perform the verification procedures, wan lines must be available and ready to use. Lan attachment components mus...
Page 434
User’s guide 434 cyberswitch you should receive a response similar to the following: 100.000.000.002 is alive if the system displays this message, then ip routing over that lan port is operational. Repeat this step for each lan port on your ethernet resource. 2. If this message is not displayed, the...
Page 435
Central site remote access switch 435 v erifying r outing p rotocols ip routing operational? Below is an example of a configuration used to verify ip routing over a wan interface. It uses ip addresses specific to the example. Substitute the ip addresses of your network when you perform the verificat...
Page 436
User’s guide 436 cyberswitch 4. If the remote ip host cannot ping to the cyberswitch, try the following: a. Verify that the lan interface is properly configured by using the ipnetif command (a manage mode command). If the proper lan interface does not exist, use cfgedit to make corrections. B. Verif...
Page 437
Central site remote access switch 437 v erifying r outing p rotocols ip routing operational? 1. Determine if a remote ip host can access the cyberswitch over the wan connection. On the remote ip host type: ping 100.0.0.1 if the remote ip host successfully pings to the cyberswitch, continue with the ...
Page 438
User’s guide 438 cyberswitch ip r outing o ver a wan r emote lan i nterface to verify that ip routing is properly operational over a wan remote lan interface, a remote ip host must be operational and connected to the remote lan. The remote bridge device must be operational and available to initiate ...
Page 439
Central site remote access switch 439 v erifying r outing p rotocols ip routing operational? 3. Determine if a remote ip host can access the lan interface of the cyberswitch over the wan connection. On the remote ip host type: ping 100.0.0.1 if the remote ip host successfully pings to the cyberswitc...
Page 440
User’s guide 440 cyberswitch 1. Determine if site1 can access site2 over the wan connection. On system a type: ip ping 192.1.0.2 2. Determine if system b can access system a over the wan connection. On system b type: ip ping 100.0.0.1 3. If the systems cannot ping each other, try the following: a. H...
Page 441
Central site remote access switch 441 v erifying r outing p rotocols ip routing operational? 5. If no packets have been discarded, check to see if the filters are properly configured. Try the following: a. From manage mode, issue the ipfilt command. Check the configured packet types, as well as the ...
Page 442
User’s guide 442 cyberswitch if you see this ip rip initialization message, the ip rip has initialized successfully. 3. If the cyberswitch does not display the correct ip rip initialization message, and instead, displays one or more of the following messages: [ip rip] initialization failed, unable t...
Page 443
Central site remote access switch 443 v erifying r outing p rotocols ip routing operational? 3. Determine if a local ip host a has learned the route to 192.1.1.0 from system a. On ip host a type: netstat -r if the route to 192.1.10 is displayed, the ip rip output processing is operational. 4. If the...
Page 444
User’s guide 444 cyberswitch 1. Determine if the cyberswitch has learned the route to 131.1.0.0 from router 1. On the administration console type: ip route if the following route entry is displayed among other route entries, the ip rip input processing is operational. The ‘p’ (protocol) field should...
Page 445
Central site remote access switch 445 v erifying r outing p rotocols ip routing operational? Perform the verification steps. It also uses the show ip route command. The show ip route command is used by a specific router to display the ip routing table. Substitute the equivalent command for your ip r...
Page 446
User’s guide 446 cyberswitch the same example that is used in the previous section is used to verify ip rip input processing on a wan interface. 1. Make sure that a dedicated connection between system and router is up and operational. On the cyberswitch administration console: type: cs 2. Determine ...
Page 447
Central site remote access switch 447 v erifying r outing p rotocols ipx ipx r outing o perational ? To verify that ipx routing feature is properly operational, a local netware client, a local netware server and a remote netware server must be operational. The following graphic illustrates an exampl...
Page 448
User’s guide 448 cyberswitch rip. The output of an ipx route command contains a protocol (p) field for each route en- try, which indicate if it is static (l- locally configured) or dynamically learned via rip (r). If it is learned via rip, then basic communication between the cyberswitch and the loc...
Page 449
Central site remote access switch 449 v erifying r outing p rotocols ipx 4. From the remote bridge (site2), attempt to access the ipx router by issuing the following administration console command: ipx diag xxxx:yyyyyyyyyyyy where: xxxx is the ipx network number yyyyyyyyyyyy is the router’s mac addr...
Page 450
User’s guide 450 cyberswitch ipx r outing over a wan c onnection 1. Determine if netware client a can see the remote netware server “remote.” to do this, activate netware client a’s desktop network neighborhood feature. Then check to see if “remote” is included in client a’s network neighborhood. 2....
Page 451
Central site remote access switch 451 v erifying r outing p rotocols ipx 6. Create a change in the route (for example, shut down a server). Again examine statistics ( ipx trigrip stats) to verify the change is propagated to other side. 7. If statistics do not reflect change, try the following: a. Ve...
Page 452
User’s guide 452 cyberswitch constraints. We recommend this value be at least 10% more than what you predict to be needed (more than 10% with larger network topologies). To predict need, use the following formula: (# configured static services) + (# sap services) a. Determine number of needed entrie...
Page 453
Central site remote access switch 453 v erifying r outing p rotocols appletalk routing below is an example of a configuration used to verify appletalk routing operation. It uses appletalk addresses, zones and resource names specific to the example. Substitute those of your network when you perform t...
Page 454
User’s guide 454 cyberswitch a. Verify that the appletalk lan port that local mac is attached to is in up state by entering the following console command: atalk port b. If the command shows the port is not in up state, wait for a couple of minutes and repeat this step. C. Check to see if the lan con...
Page 455
Central site remote access switch 455 v erifying r outing p rotocols appletalk routing if the network range is correct and the appletalk address is not within that range, then try to close the appletalk control panel once, and then reopen it. If the appletalk address is still invalid, then try to as...
Page 456
User’s guide 456 cyberswitch 2. If remote mac appears in select a file server: box, then appletalk routing over the wan connection is operational. 3. If remote mac is not displayed, then appletalk routing feature over the wan connection is not operational, try the following: a. Verify that appletalk...
Page 457
V erifying s ystem o ptions o verview this chapter describes the verification process for various system options. It includes the verification process for: • snmp • dial out • call detail recording • compression • reserved bandwidth • dhcp relay agent and proxy client • semipermanent connections • d...
Page 458
User’s guide 458 cyberswitch 4. However, if one of the following messages appears, there is an unexpected condition present within the cyberswitch software. Contact customer support. [snmp] snmp initialization failure - unable to allocate necessary memory [snmp] snmp initialization failure - unable ...
Page 459
Central site remote access switch 459 v erifying s ystem o ptions dial out c. Enter dr at the administrative console to display the current system messages. If one of the following messages appears, the snmp agent does not have enough memory to generate all of the trap pdus that need to be generated...
Page 460
User’s guide 460 cyberswitch 5. A message will be displayed indicating whether or not the call was made successfully. If the dial out call was not completed successfully, try the following: a. If you issued the call device console command to initiate the call, check to see that you entered the devic...
Page 461
Central site remote access switch 461 v erifying s ystem o ptions call detail recording • if there are no problems, check for the following system messages: for bri resource: in - proceeding in - disconnect - for pri resource: in - accept in - disconnect - if the system reports these messages, then ...
Page 462
User’s guide 462 cyberswitch e. If syslogd is running but does not receive any log messages, make sure cdr is configured for the udp port that syslogd is using. The typical port is 514, but some versions of syslogd may use a different port. F. Check that the priority value that you assigned in the c...
Page 463
Central site remote access switch 463 v erifying s ystem o ptions reserved bandwidth • peer protocol-rejects ccp if the peer does not actually support ppp compression, it will most likely protocol-reject the cyberswitch’s attempt to negotiate ccp. In this case, the cyberswitch will abandon its attem...
Page 464
User’s guide 464 cyberswitch dhcp r elay a gent the following sections provide instructions to verify that the dhcp/bootp relay agent is working properly. V erifying dhcp r elay a gent i nitialization regardless of whether or not the relay agent has been enabled via configuration, some initializatio...
Page 465
Central site remote access switch 465 v erifying s ystem o ptions dhcp relay agent 4. If an error occurred while trying to enable the relay agent, the following message may be displayed in the report log: [dhcp-r] failed to open udp port (67), erc= this indicates that an internal error occurred whil...
Page 466
User’s guide 466 cyberswitch in this configuration, the dhcp client is able to obtain its ip address from the dhcp server, using the relay agent contained in the ip router on the client’s lan (“ruby”). Shortly after a dhcp client is powered on, it will attempt to get its ip address from a dhcp serve...
Page 467
Central site remote access switch 467 v erifying s ystem o ptions dhcp: proxy client dhcp: p roxy c lient the following sections provide instructions to verify that the dhcp proxy client is working properly. V erifying dhcp p roxy c lient i nitialization regardless of whether or not the proxy client...
Page 468
User’s guide 468 cyberswitch c. If desired, enter manage mode, and use the dhcp change command to enable the proxy client. (note: cfgedit can also be used to change the proxy client configuration; but the changes will not take effect until the system is restarted.) d. When manage mode is exited, an ...
Page 469
Central site remote access switch 469 v erifying s ystem o ptions d channel callback v erification of ip a ddress p ool as ip addresses are obtained from dhcp servers, they are placed into the system’s ip address pool. To verify the presence of these dhcp-obtained ip addresses, perform the following...
Page 470
User’s guide 470 cyberswitch c. Configure a calling line id for the number the device will be using when calling into the cyberswitch (under the device’s telephone tab). D. Enable callback (under the device’s access/other tab). E. Enable outbound authentication if you want to make sure the device yo...
Page 471
Central site remote access switch 471 v erifying s ystem o ptions verifying a semipermanent connection 3. On the cyberswitch: a. Enable the call trace message option by issuing the trace on console command. B. Erase the current system messages (issue the er console command). C. Initiate a call from ...
Page 472
User’s guide 472 cyberswitch p roxy arp use the following graphic to help you in verifying that proxy arp is operational. When following the verification steps, substitute your addresses for the addresses used in the example. 1. Create two ethernet lans connected across the wan with a cyberswitch an...
Page 473
Central site remote access switch 473 v erifying s ystem o ptions proxy arp c. On both platforms, issue the iproute manage mode command to make sure that each system knows about the ip subnet at the other ethernet segment. D. If the two ip host devices still can not communicate with each other, cont...
Page 474
T roubleshooting we include the following chapters in the troubleshooting segment of the user’s guide: • lcd messages provides an explanation of the lcd messages. These messages can provide valuable information for troubleshooting. • system messages provides a listing of all system messages, their m...
Page 475
Lcd m essages o verview the cyberswitch has an lcddisplay on its front panel, which displays information in a two-line format. The first line displays initialization and current status information (which includes any errors that have been detected). The second line displays current connection inform...
Page 476
User’s guide 476 cyberswitch e rror lcd m essages the system keeps track of all active errors and displays/records them in a cycle. When the system detects an error, it displays the error on the first line of the lcd. (the “s” indicates slot, “p” indicates port, and “c” indicates bearer channel.) th...
Page 477
Central site remote access switch 477 lcd m essages lcd message groups system unable to access file. Check for one of the following log error messages: error opening file error reading file , section = error opening file , slot read 0 bytes from file for wan card in slot failure during read of file ...
Page 478
User’s guide 478 cyberswitch isdn line failure. The line connected to slot “s” port “p” is out of service for the reason indicated by # . 1 = no layer 1 sync for 5 seconds this problem normally occurs due to wan cabling problems. Check your cables to make sure they are connected correctly. If the pr...
Page 479
Central site remote access switch 479 lcd m essages lcd message groups monthly call charges exceeded. Monthly call charge tracking is enabled and the configured maximum has been exceeded. There is an problem with the semipermanent connection. A more detailed error message is displayed in the log mes...
Page 480
S ystem m essages o verview system messages provide useful system information. They are listed in the system’s report log, a memory resident table. To manipulate the report log, use the following commands at the administrative console: dr or ds display reports or display statistics er or es erase cu...
Page 481
Central site remote access switch 481 s ystem m essages informational messages i nformational m essages the system records informational messages. These are normal events that provide you with current system status. Informational messages include the following categories of messages: • initializatio...
Page 482
User’s guide 482 cyberswitch s ystem m essage s ummary the following pages list all the informational, warning and error messages alphabetically. The text describes the messages, and includes suggestions for problem resolution (if applicable). Note that the trace messages have been isolated for your...
Page 483
Central site remote access switch 483 s ystem m essages system message summary [acct] warning code: timeout this message is logged when there is no communication with the server. Either the accounting server is not up and running, or it cannot access the ip address. Verify the configuration of the s...
Page 484
User’s guide 484 cyberswitch appletalk successfully initialized on wan port with address . This message is posted when the specified appletalk wan port has initialized successfully. Attempted to start timer for inactive signaling session. Attempted to stop timer for inactive signaling session. Attem...
Page 485
Central site remote access switch 485 s ystem m essages system message summary [auth] ace error receiving server log message acknowledgment. A client syntax error occurred during an authentication attempt via ace. The server did not respond to the logging of the message. Make sure the ace server con...
Page 486
User’s guide 486 cyberswitch [auth] radius ip host rejected ip host id: the remote authentication server rejected the ip host id. This indicates that one of the following has occurred: 1. The is not in the remote authentication server’s database. 2. The is entered incorrectly in the remote authentic...
Page 487
Central site remote access switch 487 s ystem m essages system message summary [auth] tacacs login rejected user: the remote authentication server rejected the named user. This indicates that one of the following has occurred: 1. The is not in the remote authentication server’s database. 2. The is e...
Page 488
User’s guide 488 cyberswitch [auth] warning code: 0010 received unexpected authentication response code from server a message was received from an authentication server that contained an invalid response message identifier. [auth] warning code: 0011 an unexpected server responded to the access reque...
Page 489
Central site remote access switch 489 s ystem m essages system message summary bridge is operating in restricted mode bridge is operating in unrestricted mode one of the above messages will be displayed to indicate the configured bridge mode of operation. Calculating crc’s..... An x-modem transfer h...
Page 490
User’s guide 490 cyberswitch call restrictions have been enabled by user command the user has enabled call restrictions via the callrest on dynamic management command. Call restriction statistics reset for new day call restriction device information. Call restriction statistics reset for new month c...
Page 491
Central site remote access switch 491 s ystem m essages system message summary calls active xxx to bandwidth to each site. Capability description processing error - . System is in minimal configuration mode. A problem has occurred during system installation. The will further identify the problem: • ...
Page 492
User’s guide 492 cyberswitch cause received for dlci a cllm message was received indicating that the pvc associated with the indicated dlci is subject to the event denoted by the indicated cause code. These events are listed below with their corresponding cause code: cb disconnect:(1) password incor...
Page 493
Central site remote access switch 493 s ystem m essages system message summary channel in use in host_call_request an error has been detected in the r2 or rbs signaling procedure, and will typically result in a failed call. If problem persists, contact your distributor or customer support. [chap] au...
Page 494
User’s guide 494 cyberswitch configured adapter # ’x’ type does not exist the interface adapter indicated does not match the resource configuration in the system. Correct the configuration on the system. Connection disconnected for license violation a connection was disconnected because there were m...
Page 495
Central site remote access switch 495 s ystem m essages system message summary data link test successful: dsl , ces 1 this message applies for 1tr6 bri only. If layer 1 is established, a test will be done to determine if the data link can be established. This message indicates successful test result...
Page 496
User’s guide 496 cyberswitch [dhcp-p] ignoring offers from dhcp server x.X.X.X; the server must be on a primary lan interface, or ip addresses will not be obtained in order for the dhcp proxy client to successfully obtain ip addresses for multiple interfaces, the dhcp server must reside on a primary...
Page 497
Central site remote access switch 497 s ystem m essages system message summary [dhcp-r] failed to close udp port (67), erc = an error occurred while the device was trying to disable the dhcp relay agent from manage mode. Contact your distributor or customer support. [dhcp-r] failed to open udp port ...
Page 498
User’s guide 498 cyberswitch dm card failed flash download bad xx srec the digital modem card has failed the firmware update due to a corrupt file. Contact your distributor or customer support. Dm card in slot has bad flash the flash memory on the digital modem card has been identified as bad during...
Page 499
Central site remote access switch 499 s ystem m essages system message summary cfgedit. If the board is configured properly, and the message still appears, contact your distributor or customer support. Dm card in slot will not come out of reset there are problems initializing the board. Contact your...
Page 500
User’s guide 500 cyberswitch duplicate calling line id detected for devices and this message is logged at system initialization if any devices are found to share duplicate calling line ids, and have no other authentication method. This problem should be corrected by adding additional authentication ...
Page 501
Central site remote access switch 501 s ystem m essages system message summary error during channel initialization access an error has occurred during the initialization of the indicated frame relay access, or port. Likely causeof this entry is that the system has run out of memory. Contact your dis...
Page 502
User’s guide 502 cyberswitch (direct host) interface. Afterwards, configure a lan interface and then read the wan (direct host) interface. Error parsing wan (direct host) interface: no lan interface for specified name the lan network interface associated with this wan (direct host) interface is not ...
Page 503
Central site remote access switch 503 s ystem m essages system message summary facility not subscribed - slot= port= this probably indicates a spid configuration error on the indicated line. The configuration should be corrected on the system or the switch. Failed to allocate enough memory for xilin...
Page 504
User’s guide 504 cyberswitch failure during read of file for wan card in slot if seen repeatedly, the above message indicates a problem with your hard drive. Contact your distributor or customer support. Failure during read of file ’s’ the wan card initialization subsystem encountered an error readi...
Page 505
Central site remote access switch 505 s ystem m essages system message summary b, d the network sent a dm(f=1) or a ua and will not allow establishment of the data link at this time. An attempt will be made to re-establish the data link after a switchtype dependent delay. C the network sent an unsol...
Page 506
User’s guide 506 cyberswitch file access err system unable to access file. Check for one of the following log error messages: error opening file error reading file , section = error opening file , slot read 0 bytes from file for wan card in slot failure during read of file for wan card in slot error...
Page 507
Central site remote access switch 507 s ystem m essages system message summary iepvcstatus: received status report for unknown pvc # the indicated unknown dlci was indicated in a status message received from the network. This dlci number is entered in the “unknown dlci” list and can be displayed via...
Page 508
User’s guide 508 cyberswitch invalid return code from sig_get_rsc_inbound invalid return code from sig_get_rsc_outbound an error has been detected in the r2 signaling procedure, and will typically result in a failed call. The error was due to unrecognizable or incorrect information. If problem persi...
Page 509
Central site remote access switch 509 s ystem m essages system message summary [ip] cannot process incoming remote ip device , no rsc avail the ip software was unable to accept the incoming ip device to a wan (direct host) interface because it could not obtain necessary resource. The wan connection ...
Page 510
User’s guide 510 cyberswitch [ip] invalid peer ip address , wan ip stream closed a ppp or rfc 1294 (ip host) connection came up, and the ip address of the peer device (pre- configured or negotiated) belongs to a wan (rlan) interface. If the ip address is preconfigured, try changing the peer’s ip add...
Page 511
Central site remote access switch 511 s ystem m essages system message summary [ip] wan (direct host) interface for network on lan port initialized successfully this message is posted when wan (direct host) interface for the indicated network is initialized successfully. [ipcp] invalid pre-configure...
Page 512
User’s guide 512 cyberswitch [ip rip] all network interfaces used all rip interface data structures are in use. No rip information will be sent to any additional interfaces. Contact your distributor or customer support. [ip rip] buffers allocated the rip successfully allocated the udp buffers needed...
Page 513
Central site remote access switch 513 s ystem m essages system message summary [ip rip] unable to register with network interface maintenance the ip rip protocol was unable to register with the ip network interface notification system. Any dynamic changes of the network interface configuration will ...
Page 514
User’s guide 514 cyberswitch [ipx sap] buffers allocated the ipx sap successfully allocated the buffers needed to transmit ipx sap packets. [ipx sap] sap protocol initialization successful the ipx sap protocol was successfully initialized. [ipx sap] shutdown complete the ipx sap protocol was success...
Page 515
Central site remote access switch 515 s ystem m essages system message summary lan adapter command timeout the system expected a command from the lan adapter or subsystem that it did not receive. Check for proper lan adapter configuration and hardware installation. If it persists, report the event u...
Page 516
User’s guide 516 cyberswitch lan adapter reset this is an initialization message. The ethernet adapter has been reset as part of the adapter initialization sequence. Lan adapter response timeout the system expected a command response from the adapter that it did not receive. Check for proper hardwar...
Page 517
Central site remote access switch 517 s ystem m essages system message summary lan port is now in the listening state the bridge lan port is entering the specified state. Lan port is now in the state the bridge lan port indicated is entering the specified new state. Lan xmit error lan connection fai...
Page 518
User’s guide 518 cyberswitch manual restart initiated on dm board in slot there was an attempt to restart the specified digital modem with the modem restart command. Check subsequent log messages to verify the command was successful. Max ati3 retries exceeded on modem of slot modem in slot did not r...
Page 519
Central site remote access switch 519 s ystem m essages system message summary missing bearer_capability in host_call_request missing called_number_ie in host_call_request missing channel in host_call_request missing channel_id_ie in host_call_request missing tn in host_call_request an error has bee...
Page 520
User’s guide 520 cyberswitch network sent cause - spid not supported - the indicated line does not support spids; however, a spid is configured for use on the line. Is the spid configured incorrectly? Do you have the right switch type? Check the configuration. If the message persists, contact your b...
Page 521
Central site remote access switch 521 s ystem m essages system message summary no sites connected currently, no sites are connected to the system. Not enough memory for security module not enough system memory available to operate security module. Contact your distributor or customer support. No ua ...
Page 522
User’s guide 522 cyberswitch out svc # isdn line failure. The line connected to the indicated slot and port is out of service for the reason indicated by # . 1 = no layer 1 sync for 5 seconds this problem normally occurs due to wan cabling problems. Check your cables to make sure they are connected ...
Page 523
Central site remote access switch 523 s ystem m essages system message summary not be working properly. Check the configuration of the remote device and reboot. If the problem recurs, contact your distributor or customer support. [pap] remote device rejected system information the system received th...
Page 524
User’s guide 524 cyberswitch pvc for dlci > not active a frame was received on the pvc associated with the indicated dlci which was not active. This is a temporary condition, and results from an asynchronous operation between the network and customer-premise equipment regarding the state of the indi...
Page 525
Central site remote access switch 525 s ystem m essages system message summary rbs: encountered unknown source id. Rbs_out_sm: no dial digits supplied. Rbs: received unknown primitive from cc. Rbs: received unknown primitive from l1. Rbs: received unknown primitive from me. Rbs: received unknown pri...
Page 526
User’s guide 526 cyberswitch received charge amount - the system has received an advice of charge from the network for the call just disconnected. The charge for this call is indicated in the charge amount parameter. Received cllm while pvc for dlci in unexpected state a cllm message was received in...
Page 527
Central site remote access switch 527 s ystem m essages system message summary security rejection - bridge address security cannot use authentication server both options (bridge address security and off-node user authentication) are not supported simultaneously. Security rejection - caller did not n...
Page 528
User’s guide 528 cyberswitch semipermanent. Device "x" disconnected by admin the administrator has issued a disc device command. Therefore, the system will not attempt to call the indicated device again. Issuing the call device command will make device “x” semipermanent again. Semipermanent. Device ...
Page 529
Central site remote access switch 529 s ystem m essages system message summary [snmp] authentication failure, improper access rights there are two possible causes for this message: • the snmp agent received a setrequest pdu that contained a community name with an mib access level of mib guest or mib...
Page 530
User’s guide 530 cyberswitch ssb: i960 i/o memory copy differs from flash image at after loading the i960 post tests into the i/o memory, a value unexpectedly changed at the address given. Ssb: i960 memory read error at , expected , read while testing the shared memory area (i/o memory and the perip...
Page 531
Central site remote access switch 531 s ystem m essages system message summary ssb: post 32 i960hdlc_1 failure the i960 failed its 80532 test using the first hdlc controller. The boot process should continue; however, make note of the error message in the event of a future problem. Ssb: post 33 i960...
Page 532
User’s guide 532 cyberswitch successfully loaded release issue the specified release of system software was successfully loaded into memory. Switch could not recognize phone number nnnnnnn the switch did not accept the phone number dialed as a complete number. Check the correctness of the phone numb...
Page 533
Central site remote access switch 533 s ystem m essages system message summary [tftp] local error # 2: feature not initialized the tftp feature was not initialized properly. No file transfer will be attempted. Check the configuration, and then contact your distributor or customer support. [tftp] loc...
Page 534
User’s guide 534 cyberswitch [tftp] local error # 14: bad file name the local file (as defined from a remote host) was not recognized as a valid file name. No file transfer will be attempted. [tftp] local error # 15: bad mode string the tftp mode string was not netascii nor octet. No file transfer w...
Page 535
Central site remote access switch 535 s ystem m essages system message summary [tftp] remote error # 1: (text from remote host) the remote host could not find the file specified on its system. No file transfer will be attempted. [tftp] remote error # 2: (text from remote host) the remote host is rep...
Page 536
User’s guide 536 cyberswitch the conformance selection is prior to ccitt 1988 verify that the facilities provided by the service provider are ccitt 1988. The radiac feature is no longer supported. The radiac feature has been replaced by the tacacs feature. The tacacs feature configuration must be co...
Page 537
Central site remote access switch 537 s ystem m essages system message summary too many digits in tn in host_call_request (r2 signaling) this illegal event typically results in a failed call. Contact your distributor or customer support. Tried to free unallocated buffer , size= internal error that s...
Page 538
User’s guide 538 cyberswitch unable to get digital modem resource to place call a digital modem dial-out call was attempted, and the system was unable to open a resource to place the call. Using the modem status command, check to ensure that there are usable modems available. If there are, and the p...
Page 539
Central site remote access switch 539 s ystem m essages system message summary unable to send device information request to csm after a terminal authentication. Unable to send information to csm. Verify proper configuration of csm and call control options. Unable to send dl config request unable to ...
Page 540
User’s guide 540 cyberswitch user level authentication flag is enabled for terminal user xxx. Setting flag to disabled. The device definition for xxx should have user level authentication disabled. These two messages are displayed together. In device entries for terminal server connections, user- le...
Page 541
Central site remote access switch 541 s ystem m essages system message summary x25 facilities error, bad facility length the facilities length is missing. Contact your distributor or customer support. X25 facilities error, invalid facilities length the length of the facilities packet is invalid. Con...
Page 542
User’s guide 542 cyberswitch x25 facilities error, facility not available a facility was requested which is not enabled. Verify that the specific facility is enabled by both dte’s and the service provider. X25 facilities error, packet length negotiation not allowed the dte packet length does not mat...
Page 543
Central site remote access switch 543 s ystem m essages system message summary zone allocation failed, maximum capacity already configured the maximum number of appletalk zones have been surpassed. Contact your distributor or customer support..
Page 544
T race m essages o verview trace messages include the following categories of messages: 1. Call trace messages 2. Ip filter trace messages 3. Ppp packet trace messages 4. Wan fr_ietf trace messages 5. X.25 trace messages 6. X.25 (lapb) trace messages before trace messages can be logged to the system...
Page 545
Central site remote access switch 545 t race m essages call trace messages c all t race m essages a feature of the cyberswitch console is the ability to save and display a record of the high level isdn calls between the system and the local telephone switch. If calls are unable to be completed, this...
Page 546
User’s guide 546 cyberswitch c all t race m essage s ummary access information discarded cause call trace message. This message is used to indicate additional details on the received in the “call progress” information message. Alerting off informational call trace message. The alerting signal inform...
Page 547
Central site remote access switch 547 t race m essages call trace messages in - abnormal rpt call id= slot= port= connid= ces= the system has detected an internal error condition. The are included for your distributor or cabletron customer support. An error message describing the problem should be r...
Page 548
User’s guide 548 cyberswitch in - disconnect call id= slot= port= loc= cause= ces= connid= the system has received a disconnect message from the network. The call id and ces values are for your distributor or cabletron customer support. The remaining parameters are used to report line details. Refer...
Page 549
Central site remote access switch 549 t race m essages call trace messages in - progress call id= slot= port= chans= causeloc= cause= signal= progloc= prog= ces= connid= the system has received a call progress message from the network. This is usually received in response to sending a call request. ...
Page 550
User’s guide 550 cyberswitch out - dl cfg slot= port= ces= the system is initializing the indicated data link. Out - dsl cfg slot= port= the system is initializing the indicated line. Out - init data link the system is sending a message to the network to initialize a data link on an isdn line. The a...
Page 551
Central site remote access switch 551 t race m essages ip filters trace messages ip f ilters t race m essages you can trace packets that are discarded as a result of ip filters. Enable this feature by using the ip filter trace discard command, and disable it with ip filter trace off . Note that when...
Page 552
User’s guide 552 cyberswitch ppp p acket t race m essages ppp packet trace allows you to display the ppp protocol negotiation that takes place when a link is established. This information is useful when diagnosing mismatches in configuration between two systems. Ppp packet trace puts ppp packet info...
Page 553
Central site remote access switch 553 t race m essages ppp packet trace messages • configure request the configure request is used to indicate the options that are supported by this sending device. The request contains an option list and the desired values if they are different from the default valu...
Page 554
User’s guide 554 cyberswitch • echo reply the echo reply is transmitted in response to an echo request. The echo reply packet contains the magic number of the sending device. Until the magic number option has been negotiated the value must be set to zero. • discard request the discard request packet...
Page 555
Central site remote access switch 555 t race m essages x.25 trace messages in - x25 connection confirmation connid= access= remdteaddr= the system has received a connect message from the network. This indicates that a new call is now established. In - x25 connection indication connid= access= remdte...
Page 556
User’s guide 556 cyberswitch out - x25 call accept lcn , bytes the dte is accepting an svc call. Out - x25 call request lcn , bytes the dte is attempting to place an svc call. Out - x25 clear ind lcn , bytes the dce is clearing the x.25 virtual circuit on the indicated lcn. Out - x25 clear request l...
Page 557
Central site remote access switch 557 t race m essages x.25 (lapb) trace messages out - x25 dte rr lcn , bytes the dte is acknowledging 1 or more data packets received from the dce. Out - x25 reset ind lcn , bytes the dce is resetting a virtual circuit. Out - x25 reset request lcn , bytes the dte is...
Page 558
User’s guide 558 cyberswitch in - lapb sabme the dce is resetting the link layer. In - lapb ua the dce is acknowledging a sabm or sabme from the dte. Out - lapb disc the dte link layer is going off-line. Out - lapb dm the dte is going off-line. Out - lapb frmr the dte has received an invalid frame. ...
Page 559
S ystem m aintenance this grouping of information provides information to help you maintain your cyberswitch once it is operating. Note that the included system statistics information may also prove valuable in troubleshooting. We include the following chapters in the system maintenance segment of t...
Page 560
R emote m anagement o verview once your system is initially configured (and thus assigned an ip address), you may use a variety of methods to remotely access and manage your system. This chapter describes many of these methods. For information on first-time access (either local or remote), refer to ...
Page 561
Central site remote access switch 561 r emote m anagement snmp snmp snmp: the nms gathers information (including problem reports) from any cyberswitch snmp (simple network management protocol) is a standard way of monitoring communication devices in ip networks. With snmp, you purchase and then set ...
Page 562
User’s guide 562 cyberswitch i nstallation and c onfiguration snmp has two basic components: the snmp agent, which is executed on the cyberswitch, and the network management station (nms), which you purchase separately for the environment. This section will describe how to install and configure the ...
Page 563
Central site remote access switch 563 r emote m anagement telnet t elnet telnet is the standard way of providing remote login service. With telnet, any user on the lan or wan executing a standard telnet client program can remotely login to the cyberswitch and get an cyberswitch console session. When...
Page 564
User’s guide 564 cyberswitch on the same subnetwork as the telnet client on system 1’s lan, a static route is needed to allow system 2 to communicate with devices on network 1. Because the cyberswitch had no telnet client capabilities in previous releases, the only way to fix the problem was to phys...
Page 565
Central site remote access switch 565 r emote m anagement telnet ip address of the cyberswitch. You will then be presented with the “ enter login id: ” prompt. Now enter commands as if directly connected to the cyberswitch. When finished with the session, enter the exit command at the system prompt ...
Page 566
User’s guide 566 cyberswitch win95 d ial -u p n etworking many dial-up client software packages support a terminal type of connection. One such popular package is win95 dial-up networking. The cyberswitch can handle these terminal-type connections through its digital modem feature, thus providing ye...
Page 567
Central site remote access switch 567 r emote m anagement win95 dial-up networking d ialing o ut 1. Double click on your new dialing icon to bring up the connect to screen. 2. Enter your user name and password. You may change options by clicking the box labelled dialing properties, but this isn’t ne...
Page 568
User’s guide 568 cyberswitch tftp tftp (trivial file transfer protocol) is the standard way of providing file transfers between devices. With tftp any wan or lan user executing a standard tftp client program can transfer files to and from the cyberswitch. You can control access to the different file...
Page 569
Central site remote access switch 569 r emote m anagement tftp the default file access for the guest user is “read” access to all files. The default file access for the admin user is “read” access to the report and statistics files, and “read and write” access to all other files. The default for the...
Page 570
User’s guide 570 cyberswitch c arbon c opy the carbon copy feature gives you complete remote management. Any command that you can issue on a local console session can be issued with carbon copy. Files can also be transferred between the manager pc and the cyberswitch. The disadvantage of using carbo...
Page 571
Central site remote access switch 571 r emote m anagement carbon copy enter the following command to start up the ccinstal program: c:\admin>ccinstal the carbon copy system parameters screen will appear. Follow the directions on the screen to change parameter settings. After you make all parameter c...
Page 572
User’s guide 572 cyberswitch baud rate if you wish to enter a new baud rate, enter a menu selection of “b “(for baud rate). Continue to press b until the baud rate you desire is displayed. When you have finished making carbon copy configuration parameter changes, enter a menu selection of “x” to sav...
Page 573
Central site remote access switch 573 r emote m anagement carbon copy the system will prompt you for a password. The default password set on each cyberswitch is “cc”. We recommend that you change this password on each cyberswitch using the ccinstal program. 7. Type: cc (or if the password has been c...
Page 574
User’s guide 574 cyberswitch to initiate the file transfer program, press the function key . The file transfer facility will display a one page tutorial. The administration console pc is considered the local pc. The cyberswitch is considered the host. To copy files, you issue a command similar to a ...
Page 575
Central site remote access switch 575 r emote m anagement carbon copy note: the above graph represents the guaranteed throughput without crc errors. The actual throughput may be higher. R emoving c arbon c opy to remove carbon copy from your system: 1. Quit from the cyberswitch. 2. At the dos prompt...
Page 576
S ystem c ommands o verview two classes of system administration commands are available on the cyberswitch: guest commands and administrator commands. Guest commands provide current operational information only, and are available to all security levels. Administrator commands allows access to the co...
Page 577
Central site remote access switch 577 s ystem c ommands setting the ip address exit terminates the administration session by logging-out the current administrator. You can start another session by using one of the two log-in commands outlined above. Logout terminates the administration session by lo...
Page 578
User’s guide 578 cyberswitch v iewing o perational i nformation the following commands are used to view system operational information: ? Displays a help screen outlining all of the commands that are available. Br stats displays the current system packet statistics. Refer to bridge statistics , for ...
Page 579
Central site remote access switch 579 s ystem c ommands viewing operational information system prompt after the entire file has been displayed. If you are viewing the release notes, press the key to exit the release notes and continue with the installation. If the file name is incorrect, the followi...
Page 580
User’s guide 580 cyberswitch primary rate (d-channel) each primary rate line which contains at least one data link is considered a primary rate (d-channel) interface. A primary rate (d-channel) interface is “up” if at least one data link associated with the interface is “up.” a primary rate interfac...
Page 581
Central site remote access switch 581 s ystem c ommands viewing operational information t rying the system is attempting to call the device. Some connections may be up, but not at the initial data rate. Status displays initialization, current status, and connection information, as well as any errors...
Page 582
User’s guide 582 cyberswitch if there was enough memory for all connections, the connection table would reflect both potential and actual connections as the same number. Wan stats displays the current system wan connection statistics. Refer to wan statistics , for a list of available statistics and ...
Page 583
Central site remote access switch 583 s ystem c ommands viewing throughput information note: if data compression is being used, an extra line will be displayed on the connection monitor screen that will provide the compression and decompression ratios, and the estimated throughput. The estimated thr...
Page 584
User’s guide 584 cyberswitch # 4. Example of three samples where actual bandwidth utilization was around 70% and underload was being monitored at around 25% utilization of current bandwidth. In this example, overload is occurring on all three samples. # 5. Example of three samples where actual bandw...
Page 585
Central site remote access switch 585 s ystem c ommands terminating and restarting the cyberswitch c onfiguration -r elated c ommands the following commands provide configuration file information, and restore backup configuration files: cfg provides information on the status of system configuration ...
Page 586
User’s guide 586 cyberswitch effect, you would need to issue the restart command from the telnet session of your remote terminal. Note: if you lose your telnet connection within 10 seconds of entering the restart command, the command will not be executed. S etting the d ate and t ime the following c...
Page 587
Central site remote access switch 587 s ystem c ommands appletalk routing commands sess-id the session id number associated with the session. Date/time the date and time the session was initiated idle (sec) the number of seconds the connection has been idle. Command how the administration session wa...
Page 588
User’s guide 588 cyberswitch dnet required parameter. The destination network number. Dnode required parameter. The destination node id. Timeout optional parameter. The number of seconds to wait for a reply message. The valid range is from 1 to 60 seconds. The default value is 10 seconds. Nnnn optio...
Page 589
Central site remote access switch 589 s ystem c ommands appletalk routing commands get_info - the port is verifying network information and obtaining the default zone. Get_zones - the port s obtaining a complete zone list for the network. Get_routes - the port is requesting routes from another route...
Page 590
User’s guide 590 cyberswitch atalk port stats [clear] this command will display or clear current appletalk port statistics. Refer to appletalk port statistics , for a list of available atalk port statistics and their definitions. Atalk route this command will display appletalk static route informati...
Page 591
Central site remote access switch 591 s ystem c ommands bridge commands atalk stats rtmp displays the appletalk routing table maintenance protocol (rtmp) statistics. Atalk stats zip displays the appletalk zone information protocol (zip) statistics. Atalk stats nbp displays the appletalk name binding...
Page 592
User’s guide 592 cyberswitch in the above example, the dest field is the destination mac address field of the lan frame. The source field is the source mac address of the lan frame. Next to the source mac address field is the location of that source address. An “l” next to the source address indicat...
Page 593
Central site remote access switch 593 s ystem c ommands call control commands to use this command for troubleshooting, you must use the system call trace feature to capture any connect and disconnect messages that are generated by issuing the call device command. To do this: 1. Erase the current rep...
Page 594
User’s guide 594 cyberswitch unable to prompt for device name at this time indicates that the call command would prompt you for a device name, but the necessary resources are not available. The recommended actions are as follows: 1. If possible, enter the device name on the command line. 2. If the d...
Page 595
Central site remote access switch 595 s ystem c ommands call control commands calling at , device ppp the phone number will show what is sent to the switch. Any imbedded dashes will have been removed. The data rate that is used is displayed. If an invalid data rate is entered, the default of 56 kbps...
Page 596
User’s guide 596 cyberswitch unable to prompt for device name at this time indicates that the call command would prompt you for a device name, but the necessary resources are not available. The recommended actions are as follows: 1. If possible, enter the device name on the command line. 2. If the d...
Page 597
Central site remote access switch 597 s ystem c ommands compression information commands c ompression i nformation c ommands compression statistics are only available for connections that are using a compression protocol. The following commands are used to display current compression information: cm...
Page 598
User’s guide 598 cyberswitch dhcp stats clear clears the dhcp statistics. Ip addrpool displays the current ip address pool. Refer to the ip addrpool command description under ip routing commands . D igital m odem c ommands these commands allow you to display active connections, display or erase digi...
Page 599
Central site remote access switch 599 s ystem c ommands frame relay commands slot number refers to the slot in which the digital modem card resides, and all refers to all modems on the card. Example: modem upgrade 2 all upgrades all modems on the dm card in slot 2. We recommend you monitor the upgra...
Page 600
User’s guide 600 cyberswitch fr clear clears the statistics counters associated with the fr stat command for the currently selected access and dlci. Fr clearall clears all statistics associated with the fr stat command. Fr lmi displays information relating to the lmi link on the currently-selected f...
Page 601
Central site remote access switch 601 s ystem c ommands ip routing commands access. In particular, the dlci list is maintained within the code to identify all dlcis for which the network has knowledge, but which are not currently configured. This list is updated when unknown dlcis are noted through ...
Page 602
User’s guide 602 cyberswitch the first line indicates: • the number of the condition within that filter which matched the packet and consequently caused a discard action, • the point at which the filter was applied, or a designation of global. For an ip network in- terface, this will be the configur...
Page 603
Central site remote access switch 603 s ystem c ommands ip routing commands ip rip routes displays information pertaining to the routing table(s) that are maintained by the ip rip protocol. The following example screen illustrates the output from this command. Following the table is an explanation o...
Page 604
User’s guide 604 cyberswitch p the propagation flag, where a = always propagate n = do not propagate h = propagate when next hop device connected 1/2 rip version 1/version 2 visibility flags determine whether or not this route is visible when send the route using rip 1 or rip 2, where 0 = invisible ...
Page 605
Central site remote access switch 605 s ystem c ommands ipx routing commands t/p (type/protocol) type the destination type is “r” for a remote network or host, and “l” for a locally connected network or host. Protocol the mechanism used to determine the route. “l” is for local, “i” is icmp, and “r” ...
Page 606
User’s guide 606 cyberswitch displays negotiation parameters when device name specified and connected: ipx diag [timeout] tests device connectivity to specified ipx host by sending out a diag packet. If connection is up, host sends a message in response to this packet to confirm receipt. The paramet...
Page 607
Central site remote access switch 607 s ystem c ommands isdn usage commands ipx route displays the current routing table for the system, including static and learned routes. Ipx route stats displays routing table statistics, including maximum number of routes configured, and number of currently-avai...
Page 608
User’s guide 608 cyberswitch this information can help you determine if additional lines and/or systems are necessary. For example, the high water mark could be compared to the number of isdn b channels available, taking into consideration the elapsed time. An example output from this command follow...
Page 609
Central site remote access switch 609 s ystem c ommands packet capture commands p acket c apture c ommands in many applications, it is often desirable to monitor incoming lan data. The pkt commands will allow you to capture, display, save, and load bridged or routed data packets. You must configure ...
Page 610
User’s guide 610 cyberswitch pkt display displays captured packets that have been collected via pkt on or via pkt load . Note that this command is not supported for a telnet session. The following is an example pkt display screen: it is possible to display packet details for a specific packet. To do...
Page 611
Central site remote access switch 611 s ystem c ommands packet capture commands banyan vines packet detail screen (bridged packet) ip datagram detail screen (routed datagram) while the “pkt display” is displayed on your monitor, you can display the following help screen by entering “?”: the time men...
Page 612
User’s guide 612 cyberswitch radius c ommands the following console commands may be used to diagnose problems with: • connections to the off-node radius authentication server • cyberswitch configuration • authentication server device database entries radius chap attempts an authentication session us...
Page 613
Central site remote access switch 613 s ystem c ommands radius commands radius ipres attempts an authentication session using the ip resolution. The following is an example display of the screen. Radius macres attempts an authentication session using the mac resolution. The following is an example d...
Page 614
User’s guide 614 cyberswitch s erial i nterface c ommands these commands are available only when you have a serial interface card (v.35 or rs232) properly installed: ser stats displays the current serial interface statistics for each line (v.35 or rs232) attached to the card in the specified slot # ...
Page 615
Central site remote access switch 615 s ystem c ommands spanning tree commands state the current state of the port. Possible values are; disabled, blocking, listening, learning, and forwarding. Path cost the configured path cost for this port. Designated cost the path cost to the root bridge for thi...
Page 616
User’s guide 616 cyberswitch root priority the bridge priority of the root bridge. Root path cost the path cost to the root bridge. Root port num the port number on the cyberswitch that offers the lowest cost path to the root bridge. This is set to 0 if the system is the root bridge. Root port prior...
Page 617
Central site remote access switch 617 s ystem c ommands tcp commands stp enabled a flag that is set to “1” if the spanning tree protocol is enabled. Tcp c ommands tcp (transmit control protocol) provides a connection-oriented reliable communication for delivery of packets to a remote or on-node devi...
Page 618
User’s guide 618 cyberswitch t elnet c ommands these commands are telnet client console commands. These commands provide tools for you when you are using the system as a telnet client. As a telnet client, the cyberswitch can then be used to telnet into another cyberswitch to perform system maintenan...
Page 619
Central site remote access switch 619 s ystem c ommands telnet commands the possible send parameters are defined as follows: send ayt the send ayt command sends the telnet command function for “are you there?” to the target host. This can be used to determine whether or not the target host is still ...
Page 620
User’s guide 620 cyberswitch the set escape command can be used to change the “escape” character for the current telnet session. This command may be useful when a device is connected to a target host, using several different telnet connections. By changing the escape character to a value other than ...
Page 621
Central site remote access switch 621 s ystem c ommands tftp commands the following commands are used to display the terminal type currently in use or to set the terminal type. Term displays the terminal type name. Term set allows you to set the terminal type. You may set the terminal type to either...
Page 622
User’s guide 622 cyberswitch tftp session displays the tftp session information of active tftp sessions. To get detailed information on a specific session, enter the session’s id number when prompted. You can not display the session information for a tftp session that has terminated. The following s...
Page 623
Central site remote access switch 623 s ystem c ommands udp commands trace ipxwan [on/off] enables or disables the ipxwan tracing option, which tracks all packets which are received or sent out using ipxwan protocol, and places this information in the system log. To display the log file, issue the d...
Page 624
User’s guide 624 cyberswitch sentry log this command acts as a toggle switch, enabling or disabling user authentication rejection messages. If enabled, authentication rejection messages (identifying users who generated the messages) are written to the log file. To display the log file, issue the dr ...
Page 625
Central site remote access switch 625 s ystem c ommands x.25 commands wan l1p error [display or clear] when display is used, this command displays the pri layer 1 error counters. Refer to layer 1 pri error statistics for a list of available statistics and their definitions. Wan l1p loopback status d...
Page 626
User’s guide 626 cyberswitch trace x25 [on/off] enables or disables the x.25 packet tracing option. This feature displays up to 15 octets of the packet. To display the log file, issue the dr console command. This option is initially disabled. X25 clear clears the statistics counters associated with ...
Page 627
S ystem s tatistics o verview statistics can either be generated by issuing the ds command to display the set of statistics known as the system statistics, or by issuing a specific command to display statistics in a specific category. In addition to using the ds command to display the system statist...
Page 628
User’s guide 628 cyberswitch c all r estriction s tatistics the system keeps a tally of the following call restriction statistics. These statistics can be compared to the limits you have configured. These statistics can be displayed by issuing the cr stats or the ds command at the administration con...
Page 629
Central site remote access switch 629 s ystem s tatistics appletalk statistics a pple t alk s tatistics you may display appletalk protocol statistics (subdivided into six subgroups) and appletalk port statistics. You can display all six subgroups of the appletalk protocol statistics by issuing the a...
Page 630
User’s guide 630 cyberswitch ddptooshorterrors the total number of input ddp datagrams dropped because the received data length was less than the data length specified in the ddp header or the received data length was less than the length of the expected ddp header. Ddptoolongerrors the total number...
Page 631
Central site remote access switch 631 s ystem s tatistics appletalk statistics atechoinreplies the count of appletalk echo replies received. A pple t alk r outing t able m aintenance p rotocol (rtmp) s tatistics you can display this subgroup of appletalk statistics by issuing the atalk stats rtmp co...
Page 632
User’s guide 632 cyberswitch zip zoneconflcterrors the number of times a conflict has been detected between this entity’s zone information and another system’s zone information. Zipinobsoletes the number of zip takedown or zip bringup packets received by this system. Note that as the zip takedown an...
Page 633
Central site remote access switch 633 s ystem s tatistics appletalk statistics atpretrycntexceeds the number of times the retry count was exceeded, and an error was returned to the client of atp. A pple t alk p ort s tatistics you can display the appletalk port statistics by issuing the atalk port s...
Page 634
User’s guide 634 cyberswitch b ridge s tatistics the system collects bridge statistics for each lan port and for wan connections. These bridge statistics include information on the number of frames received, forwarded, discarded or transmitted. If the system is configured for two lan ports, there is...
Page 635
Central site remote access switch 635 s ystem s tatistics compression statistics c ompression s tatistics the system collects the following compression statistics for each active compression connection. These statistics can be displayed by issuing the cmp stats or the cmp stats command at the admini...
Page 636
User’s guide 636 cyberswitch peer sent resets the number of decompression resets sent from peer devices. System sent resets the number of decompression resets sent from the system. Dropped pkts the number of dropped packets that could not be queued. Fcs errors the number of frame checksum errors. Dh...
Page 637
Central site remote access switch 637 s ystem s tatistics dhcp statistics dhcp r elay a gent s tatistics bootrequest msgs rcvd incremented whenever the system identifies a udp datagram as a dhcp/bootp bootrequest message. This datagram has passed the initial consistency checks. Bootrequest msgs rlyd...
Page 638
User’s guide 638 cyberswitch bootreply bad ’giaddr’: number of dhcp/bootp bootreply messages that were discarded by the dhcp relay agent because the ’giaddr’ (gateway ip address) field could not be mapped to one of the system’s ip network interfaces. Bootreply arp_add0 fail number of times that the ...
Page 639
Central site remote access switch 639 s ystem s tatistics digital modem statistics dhcpnaks rcvd incremented whenever the dhcp proxy client has received a dhcpnak message from a dhcp server. Invalid dhcp pkts rcvd incremented whenever the dhcp proxy client encounters a dhcp message that is invalid d...
Page 640
User’s guide 640 cyberswitch init the access state entered when the access is first initialized. The access has entered the lmi dialogue phase, but has not yet received an appropriate lmi status message response. Up the access state entered when the access either has no lmi, or the lmi message excha...
Page 641
Central site remote access switch 641 s ystem s tatistics frame relay statistics # lost rx frame related to the “# lost rx seq” counter in that it represents the number of actual lost frames, not just the number of times a frame (or frames) was lost. # invalid frame size the number of times a frame ...
Page 642
User’s guide 642 cyberswitch not ready the pvc state entered when the pvc has been marked unavailable by the network via a status message, an alarm condition, or failure of the lmi link. Network outage the pvc state entered when the pvc has been marked unavailable. This follows the receipt of a cllm...
Page 643
Central site remote access switch 643 s ystem s tatistics ip statistics crc errors the number of aligned frames discarded because of a crc error. Align errors the number of frames that are both misaligned and contain a crc error. Resource errors the number of good frames discarded because there were...
Page 644
User’s guide 644 cyberswitch ipinunknownprotos the number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol. Ipindiscards the number of input ip datagrams for which no problems were encountered that would prevent their continued processi...
Page 645
Central site remote access switch 645 s ystem s tatistics ip statistics ipfragcreates the number of ip datagram fragments that have been generated as a result of fragmentation at this system. Icmp g roup s tatistics icmpinmsgs the total number of icmp messages that the system received. Note that thi...
Page 646
User’s guide 646 cyberswitch icmpouterrors the number of icmp messages that this system did not send due to problems discovered within icmp, such as a lack of buffers. This value should not include errors discovered outside the icmp layer such as the inability of ip to route the resultant datagram. ...
Page 647
Central site remote access switch 647 s ystem s tatistics ipx statistics ipx b asic s ystem t able s tatistics ipxbasicsysexiststate the validity of this entry in the ipx system table. Setting this field to off indicates that this entry may be deleted from the system table at the ipx implementation’...
Page 648
User’s guide 648 cyberswitch ipxbasicsysopensocketfails the number of ipx socket open calls which failed. Ipx a dvanced s ystem t able s tatistics ipxadvsysmaxpathsplits the maximum number of paths with equal routing metric value which this instance of the ipx may split between when forwarding packe...
Page 649
Central site remote access switch 649 s ystem s tatistics ipx statistics ripincorrectpackets the number of times incorrect rip packets were received. Ripstate represents the status of the ipx rip feature: 1 = disabled, 2 = enabled. Ipx t riggered rip s tatistics you can access ipx triggered rip stat...
Page 650
User’s guide 650 cyberswitch available routes number of routes currently available on this router. High water mark peak number of routes this router has used. Ipx sap s tatistics you can access ipx sap statistics by using the ipx sap stats console command. Sapinstance with the cyberswitch, the value...
Page 651
Central site remote access switch 651 s ystem s tatistics rip statistics ipx s ervice s tatistics you can access ipx service statistics by using the ipx service stats console command. Static services number of static services configured on this router. Sap services number of services learned through...
Page 652
User’s guide 652 cyberswitch ifstatrcvbadroutes the number of routes, in valid rip packets, which were ignored for any reason. Example reasons include: an unknown address family, or an invalid metric. Ifstatrcvrequests the number of rip messages with ‘request’ command code received on this interface...
Page 653
Central site remote access switch 653 s ystem s tatistics snmp statistics snmpinbadversions the total number of snmp messages that were delivered to the snmp agent and were for an unsupported snmp version. Snmpinbadcommunitynames the total number of snmp messages delivered to the snmp agent that use...
Page 654
User’s guide 654 cyberswitch snmpingetnexts the total number of snmp get-next pdus that have been accepted and processed by the snmp agent. Snmpinsetrequests the total number of snmp set-request pdus that have been accepted and processed by the snmp agent. Snmpingetresponses the total number of snmp...
Page 655
Central site remote access switch 655 s ystem s tatistics tcp statistics tcp s tatistics you can access these statistics by issuing the tcp stats console command. Tcprtoalgorithm the algorithm used to determine the timeout value used for retransmitting unacknowledged octets. This value is always equ...
Page 656
User’s guide 656 cyberswitch tcpinerrs the total number of segments received in error (for example, bad tcp checksums). Tcpoutrsts the number of tcp segments sent containing the rst flag. Tftp s tatistics you can access these statistics by issuing the tftp stats console command. S tatistics for s er...
Page 657
Central site remote access switch 657 s ystem s tatistics tftp statistics failed file gets displays the count of failed gets. (local system failed to download a file from a remote host.) total bytes put displays the total number of bytes successfully put. (number of bytes uploaded from the local sys...
Page 658
User’s guide 658 cyberswitch udp s tatistics if the ip operating mode is enabled, you can access the following udp statistics by using the udp stats command: udpindatagrams the total number of udp datagrams delivered to udp devices. Udpinerrors the number of received udp datagrams that could not be ...
Page 659
Central site remote access switch 659 s ystem s tatistics wan l1p statistics wan l1p s tatistics you can access wan l1p statistics by issuing the wan l1p stats display console command. These statistics are divided into the following groups of statistics: pri s/t (t1/e1) interface statistics, error s...
Page 660
User’s guide 660 cyberswitch recv positive slips the number of pri frames lost due to timing problems in the positive direction. Recv parity errors the number of receive parity errors. Xmit slips the number of times an error has occurred in the host clock system. If the wander of the transmit route ...
Page 661
Central site remote access switch 661 s ystem s tatistics x.25 statistics switched call completed a counter that is incremented each time a switched call successfully completes and passes identification. Switched call retry a counter that is incremented for each retry of an original switched call at...
Page 662
User’s guide 662 cyberswitch # max connections the maximum number of active vcs allowed at any time. # active conn the number of currently active vcs. # max conn active the maximum number of vcs that can be active at any time. # conn failed the number of vcs that have failed. # normal disconnect the...
Page 663
Central site remote access switch 663 s ystem s tatistics x.25 statistics # restarts received the number of times the x.25 network has been restarted by a remote dte or the network. # diag pkt sent the number of diagnostic packets sent. # diag pkt received the number of diagnostic packets received. ...
Page 664
User’s guide 664 cyberswitch # rnr sent count the number of receive not ready packets sent. # rnr received the number of receive not ready packets received. # bytes sent count the total number of data bytes sent since the last reset or restart. # bytes received the total number of bytes received sin...
Page 665
R outine m aintenance o verview the information in this chapter provides instructions for performing routing maintenance on the cyberswitch. The information falls into the following categories: • installing/upgrading system software • executing configuration changes • performing a configuration back...
Page 666
User’s guide 666 cyberswitch changes are not dynamic. The changes are saved in a temporary copy of configuration data, and will not affect the current run-time operation of the system in any way. To terminate the session, return to the main cfgedit menu. Select the save changes option. Then press to...
Page 667
A ppendices the user’s guide includes the following appendices: • system worksheets we have designed a set of worksheets you can fill out before you begin your cyberswitch configuration. Once filled out, they will contain information you will need for the configuration process. • cfgedit map a cfged...
Page 668
S ystem a dapters this appendix includes the following illustrations of available cyberswitch adapters: • ethernet • basic rate • primary rate: pri-8 pri-23 pri-23/30 • expander • v.35 • rs232 • digital modem dm-8 dm-24 dm-24+/dm-30+ • encryption: des (usa) generally, adapter switch settings are pre...
Page 669
Central site remote access switch 669 s ystem a dapters e thernet a dapter dram (2 simms) i960 risc cpu aui connectors interrupt block (jp1) i/o address (jp2) ethernet adapter side view front view.
Page 670
User’s guide 670 cyberswitch b asic r ate a dapter this adapter is set for slot 3: rj-45 connectors tdm bus connector pin 1 bri-4 adapter side view front view i/o switch basic rate interface lcd connector interrupt block 3 4 5 6 7 9 10 11 12 14 15 on s1 on s2 off s3 on s4 off s5 on s6 off s7 off s8 ...
Page 671
Central site remote access switch 671 s ystem a dapters p rimary r ate a dapters t he pri-8 this adapter is set for slot 5: j12 (jumper on bottom) j11 (jumper on right) j20 (jumper on bottom) j13 j15 j14 rj-45 connector tdm bus connector pin 1 pri-8 adapter side view front view primary rate interfac...
Page 672
User’s guide 672 cyberswitch t he pri-23 7klvdgdswhulvvhwiruvorw tdm bus connector mvip bus connector lcd connector pri-23 adapter pin 1 rj-45 connector mvip end-of-bus termination interrupt block 15 14 12 11 10 9 7 6 5 4 3 i/o switch s1 s8 off on 3 4 1 2 pin 1 pin 1 j13 jp4 j11 j14 j10 1 2 3 1 2 3 ...
Page 673
Central site remote access switch 673 s ystem a dapters t he pri-23/30 7klvdgdswhulvvhwiruvorw1rwhwkdw6rqwkh,26zlwfklvqrwxvhg7kherdugvkrxogixqfwlrq surshuo\zlwkwkhvzlwfklqhlwkhuwkh21ru2))srvlwlrq tdm bus connector mvip termination jp9 jp3 jp4 jp1 jp8 jp7 jp6 i/o switch interrupt block rj-45 connecto...
Page 674
User’s guide 674 cyberswitch e xpander a dapter this adapter is set for slot 5: tdm bus connector pin 1 pri-8 expander adapter side view front view interrupt block 3 4 5 6 7 9 10 11 12 14 15 i/o switch s1 on s2 on s3 off s4 off s5 on s6 off s7 off s8 off.
Page 675
Central site remote access switch 675 s ystem a dapters v.35 a dapter this adapter is set for slot 5: note: switch label “open” is the same as off on i/o switch. V.35 adapter side view front view i/o switch lcd connector db26 connectors interrupt block 3 4 5 6 7 9 10 11 12 14 15 1 2 3 4 5 6 7 8 .......
Page 676
User’s guide 676 cyberswitch rs232 a dapter this adapter is set for slot 5: note: switch label “open” is the same as off on i/o switch. Rs232 adapter side view front view i/o switch lcd connector db26 connectors interrupt block 3 4 5 6 7 9 10 11 12 14 15 1 2 3 4 5 6 7 8 ............ ............ Ope...
Page 677
Central site remote access switch 677 s ystem a dapters d igital m odems t he dm-8 this card is configured as the second dm-8 in the system as well as the last card on the mvip bus: pin 1 mvip bus connector mvip termination jumpers (both jumpers installed; bus terminated) i/o jumpers (jumpers 3 & 4 ...
Page 678
User’s guide 678 cyberswitch t he dm-24 the dm-24 adapter consists of a mother board/daughter board combination; daughter board sets on top of larger mother board. Front of board: mvip bus connector pin 1 dm-24 adapter (front view).
Page 679
Central site remote access switch 679 s ystem a dapters dm-24, back view ( illustration does not depict switches set for any particular slot): note: in rare cases, there may be some variation with silk screening from card to card. “on” and “1”/”2” may be labeled on opposite sides of the switch, but ...
Page 680
User’s guide 680 cyberswitch t he dm-24+/dm-30+ the dm-24+ and the dm-30+ adapters consist of a mother board/daughter board combination. The two adapters closely resemble each other, but are distinguishable by the number of modems each supports. There are 30 modem chips on the dm-30+; and 24 modem c...
Page 681
Central site remote access switch 681 s ystem a dapters pertinent switches are located on the back side of the mother board. The following illustrates switch settings for a dm-24+ board in slot 6: interrupt switches i/o address switches 1 2 3 4 5 6 7 8 on 1 2 3 4 on 1 2 3 4 5 6 7 8 on 1 2 3 4 on 1 2...
Page 682
User’s guide 682 cyberswitch e ncryption a dapter des a dapter (us v ersion ) note: jumper j1 must be installed for the board to be operational. Battery rsa/des adapter (usa) j1 ld1 ld2 ld3 on off 1 2 3 4 5 6 7 8 sw1 pqr512 chips on rsa board only + + +.
Page 683
S ystem w orksheets the worksheets included in this appendix will be helpful in configuring and managing your system. They capture important network information. To see examples of completed worksheets, refer to the example networks guide. Worksheets included in this appendix are: 1. Network topolog...
Page 684
User’s guide 684 cyberswitch n etwork t opology.
Page 685
Central site remote access switch 685 s ystem w orksheets system details system name: _____________________ pap password:_______________ chap secret:___________________ r esources l ines bri lines pri lines v.35 and rs232 lines type slot switch type synchronization type name slot port line type call...
Page 686
User’s guide 686 cyberswitch a ccesses dedicated accesses over isdn: over serial connection : x.25 accesses over isdn : over serial connection : frame relay accesses over isdn : over serial connection : line name data rate bearer channels line protocol device tied to this access ❒ 56 kbps ❒ 64 kbps ...
Page 687
Central site remote access switch 687 s ystem w orksheets device information device name: _____________________________ calling (isdn, fr, etc.) information x.25 information authentication information : frame relay information * hdlc bridge only protocol for this particular device? Bridge ip ipx app...
Page 688
User’s guide 688 cyberswitch b ridging ip r outing network interface information bridging ❒ enabled ❒ disabled mode of operation ❒ restricted ❒ unrestricted bridge filters bridge dial out/ known connect list ip routing ❒ enabled ❒ disabled mode of operation ❒ router ❒ ip host lan name ip address mas...
Page 689
Central site remote access switch 689 s ystem w orksheets bridging and routing information ip r outing , continued static routes ipx r outing routing information network interface information static routes netware static services destination network address mask next hop ❒ default? ❒ default? ❒ defa...
Page 690
User’s guide 690 cyberswitch a pple t alk r outing appletalk routing/port information appletalk port static routes appletalk routing ❒ enabled ❒ disabled lan name port number network type ❒ extended ❒ nonextended netwk range/ number appletalk address zone name(s) wan name network type ❒ extended ❒ n...
Page 691
Cfgedit m ap o verview the following pages provide an outline of the cyberswitch cfgedit configuration utility. As you configure your system, you may find it helpful to use this outline as a map to help you navigate through cfgedit. M ain m enu note: all options listed may not be available on your p...
Page 692
User’s guide 692 cyberswitch p hysical r esources m enu r esources • commport • basic rate switch type • t1/e1/pri switch type synchronization • expander • v.35 • rs232 • ethernet 1, 2 • digital modem 8, 24, 30 mu law a-law • des-rsa d ata l ines • asyndmport • name/slot/port/framing/line coding/sig...
Page 693
Central site remote access switch 693 cfgedit m ap options menu o ptions m enu b ridging • enable/disable • spanning tree • mode of operation unrestricted, restricted • bridge filters protocol definition filters (source, destination, protocol, packet data) • known connect list ip r outing • enable/d...
Page 694
User’s guide 694 cyberswitch ipx r outing • enable/disable • ipx network number • ipx interfaces lan remote lan • routing protocols ipx rip, ipx sap number table entries • ipx static routes rip info number of ticks, hops next hop destination ipx number • netware static services sap info number of ho...
Page 695
Central site remote access switch 695 cfgedit m ap options menu ppp • global options • lcp options • ipcp options • link failure options c all c ontrol • throughput monitor • call interval • monthly call charges • call restrictions • device profile • bandwidth reservation • semipermanent connection ...
Page 696
User’s guide 696 cyberswitch s ecurity m enu s ecurity l evel • no security • device level security • user level security • device and user level security s ystem o ptions and i nformation • system options pap password chap challenge bridge mac address ip host id calling line id • system information...
Page 697
Central site remote access switch 697 cfgedit m ap security menu authentication pap password chap secret outbound authentication user level authentication ip host id bridge ethernet calling line id ip information ip address ip enable/disable make calls for ip data ipx enable/disable calls for ipx da...
Page 698
User’s guide 698 cyberswitch o ff - node s erver i nformation • csm tcp port • radius primary server secondary server miscellaneous info number of retries time between retries • tacacs primary server ip address shared secret udp port number secondary server miscellaneous info number of retries time ...
Page 699
G etting a ssistance r eporting p roblems for a fast response, please take the time to fill out the system problem report to inform us of any difficulties you have with our products. A copy of this report can be found at the end of this chapter. This report provides us with important information to ...
Page 700
Date: ______________ number of pages including this page: ______ to: customer service from: ______________________________________ cabletron systems company:_______________________________________ (603) 332-9400 phone address: ______________________________________ (603) 337-3075 fax _______________...
Page 701
A dministrative c onsole c ommands t able the following table lists all system administration commands. Guest commands are identified in the command column. Command use ? (guest) displays help screen atalk arp displays the aarp cache atalk ping . {timeout/dnnn] example: atalk ping 1.3 30 /d200 pings...
Page 702
User’s guide 702 cyberswitch cdr verify (guest) verifies call detail recording servers are configured cfg provides information on changes to configuration files cfgedit starts the cfgedit configuration utility cls (guest) clears administration screen cmp stats displays the compression connection sta...
Page 703
Central site remote access switch 703 a dministrative c onsole c ommands t able fr dbg level displays the current debug level for frame relay fr dbg level sets the current debug level for frame relay fr display displays the configuration information for the selected frame relay access fr lmi display...
Page 704
User’s guide 704 cyberswitch ipx sap stats displays ipx sap statistics ipx spoof stats displays ipx spoofing statistics ipx stats displays ipx statistics ipx trigreq generates a triggered rip/sap update request to the specified device. Ipx trigrip stats displays the triggered rip statistics ipx trig...
Page 705
Central site remote access switch 705 a dministrative c onsole c ommands t able modem upgrade modem# > installs new modem firmware onto specified modem modem devices displays active modem connections neif displays the interface table pkt capture specifies which packets will be captured by the packet...
Page 706
User’s guide 706 cyberswitch ser signal displays current state of input signals for each serial line attached to card in specified slot. “0” indicates inactive; “1” indicates active. Session displays the current active administration sessions session kill terminates the active session specified by t...
Page 707
Central site remote access switch 707 a dministrative c onsole c ommands t able trace lapb[on/off] enables or disables the packet tracing option for lapb data link information trace ppp [on/off] enables or disables the tracing of ppp packets trace x25 [on/off] enables or disables the packet tracing ...
Page 708
M anage m ode c ommands t able the following table displays the available dynamic management commands: command use ace displays ace off-node server configuration ace change allows changes to the ace off-node server configuration ace reinit reinitializes the cyberswitch ace client admlogin [change] d...
Page 709
Central site remote access switch 709 m anage m ode c ommands t able exit exits from manage mode and returns to the normal system command mode fileattr displays the current user file access rights (guest or admin) fileattr change allows you to change current file access rights configuration data hel...
Page 710
User’s guide 710 cyberswitch ipxsvc [add/change/delete] adds/changes/deletes an ipx service ipxspoof allows you to configure system level spoofing data ipxt20 allows you to configure ipx type 20 information line displays the current line configuration data lineprot displays the current default line ...
Page 711
Central site remote access switch 711 m anage m ode c ommands t able srcfilt [add/change/delete] adds/changes/deletes the a source address filter tacacs displays tacacs off-node server configuration tacacs change allows changes to the tacacs off-node server configuration termopt allows you to change...
Page 712
C ause c odes t able the following table provides q.931 cause codes and their corresponding meanings. Cause codes may appear in call trace messages. Dec value hex value q.931 cause 0 0 valid cause code not yet received 1 1 unallocated (unassigned number) indicates that, although the isdn number was ...
Page 713
Central site remote access switch 713 c ause c odes t able 19 13 no answer from device (device alerted) indicates that the destination has responded to the connection request but has failed to complete the connection within the prescribed time. Problem at remote end. 21 15 call rejected indicates th...
Page 714
User’s guide 714 cyberswitch 34 22 no circuit/channel available indicates that the connection could not be established because there was no appropriate channel available to handle the call. 35 23 destination unattainable 37 25 degraded service 38 26 network (wan) out of order indicates that the dest...
Page 715
Central site remote access switch 715 c ause c odes t able 52 34 outgoing calls barred 53 35 outgoing calls barred within cug 54 36 incoming calls barred 55 37 incoming calls barred within cug 56 38 call waiting not subscribed 57 39 bearer capability not authorized indicates that the device has requ...
Page 716
User’s guide 716 cyberswitch 81 51 invalid call reference value indicates that the remote equipment has received a call with a call reference that is not currently in use by the device-network interface. 82 52 identified channel does not exist indicates that the receiving equipment has been requeste...
Page 717
Central site remote access switch 717 c ause c odes t able 97 61 message type non-existent or not implemented indicates that the receiving equipment received a message that was not recognized either because the message type was invalid, or because the message type was valid but not supported. This i...
Page 718
User’s guide 718 cyberswitch unknown indicates that an event occurrent but that the network does not provide causes for the actions that it takes, therefore the precise nature of the event cannot be ascertained. This may, or may not, indicate the occurrence of an error. Dec value hex value q.931 cau...
Page 719
Central site remote access switch 719 i ndex a access request retries 219, 221 accesses alternate accesses 242, 429 dedicated 242 frame relay 255 isdn access 242 x.25 244 accessing the cyberswitch 98 ace 221 ace authentication server alternate method of configuring 221 configuring 220 action on data...
Page 720
User’s guide 720 cyberswitch bridging bridge password 195 configuration 268 dial out 264 device list configuration 265 using bridge filters 283 using known connect list 285 filters 269 operation verification 423 overview 268 problem diagnosis (initialization) 462 statistics 634 bus cable 95 c cablin...
Page 721
Central site remote access switch 721 configuration files 71, 665 packet types 292 restoring 666 tools cfgedit 111 dynamic management 112 congestion control 259 connection filters 297, 303 connection services manager. See csm. Connections table 581 connectivity statistics 627 console connections dig...
Page 722
User’s guide 722 cyberswitch dynamic device option 216 dynamic management 577 command summary 708 e e1/r2 signaling 127 ems 49 encapsulating security payload (esp) 33 encapsulation 136, 327 encryption 32, 160, 236 configuration 231 link layer 238 network level 236 encryption adapters 69, 89, 231, 68...
Page 723
Central site remote access switch 723 ip filters, continued packet type configuration 292 per-device 299 tcp configuration 294 trace messages 551 udp configuration 294 verification 440 ip host devices 201 ip host mode host identifier 195 interface 132, 135 verifying 427 ip operating mode 131 ip rip ...
Page 724
User’s guide 724 cyberswitch l lan adapter initialization messages 419 problem diagnosis 423 verification messages 422, 423 lan commands 608 lan ip interface 133 lan statistics 642 lan test 422 lapb 248 lcd cables 96 lcd messages 475 line 121 line build out 125 line encoding 125 lineprot 400 lines 1...
Page 725
Central site remote access switch 725 network number 327 network security configuring device and user level security 172 configuring device level security 167 configuring no security 166 configuring user level security 168 network service provider cyberswitch as nsp 320 network topology worksheet 68...
Page 726
User’s guide 726 cyberswitch radius server configuring 211, 214 configuring a radius accounting server 212 configuring login information 226 configuring user-level security 205 digital modem 392 rfc2138 215 static route lookup 289 rate measurement interval 259 readme 113 region 117 regulatory compli...
Page 727
Central site remote access switch 727 semipermanent connections 379, 381 and call device commands 381 and call restrictions 382 and throughput monitor 382 commands 580 configuring 379, 381 verification 471 sentry commands 624 ser commands 614 service tables (ipx) 451 session 586 shared secret (radiu...
Page 728
User’s guide 728 cyberswitch tcp 294, 300, 305 statistics 655 tcp commands 617 tdm 94, 124 bus connections 95 teleos simulator 116 telnet 100, 563 remote management 563 telnet commands 618 term commands 621 term set 424 terminal mode 33, 102, 392, 393, 394 authentication 395 cdr information 406 limi...
Page 729
Central site remote access switch 729 verifying the installation, continued ip host mode 427 ip router initialized 423 ip routing over interfaces 433 ipx routing 446 lan 422 multi-level security 426 ppp link detection failure 430 proxy arp 472 remote device connectivity 424 reserved bandwidth 463 ri...