Cabletron Systems CyberSWITCH CSX1000 User Manual

Other manuals for CyberSWITCH CSX1000: User Manual, Quick Start Manual

Manual is about: WORKGROUP REMOTE ACCESS SWITCH

Page of 644

Download

Print this page

Bookmark us

ORKGROUP

EMOTE

CCESS

WITCH

SER

’

UIDE

Release 7.2

Cabletron Systems

(603) 332-9400 phone

(603) 337-3075 fax

support@ctron.com

1 2 3 4 5 6 7 Next › »

Summary of CyberSWITCH CSX1000

Page 1
W orkgroup r emote a ccess s witch u ser ’ s g uide release 7.2 cabletron systems (603) 332-9400 phone (603) 337-3075 fax support@ctron.Com.
Page 2
User’s guide 2 cyberswitch notice you may post this document on a network server for public use as long as no modifications are made to the document. Cabletron systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The read...
Page 3
Workgroup remote access switch 3 trademarks cabletron systems, cyberswitch, mmac-plus, smartswitch, spectrum, and securefast virtual remote access manager are trademarks of cabletron systems, inc. All other product names mentioned in this manual are trademarks or registered trademarks of their respe...
Page 4
User’s guide 4 cyberswitch warning : changes or modifications made to this device which are not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. Doc notice this digital apparatus does not exceed the class a limits for radio noise em...
Page 5
Workgroup remote access switch 5 contents using this guide 23 documentation set 24 guide conventions 25 s ystem o verview 26 the cyberswitch 27 the cyberswitch network 27 unique system features 28 interoperability overview 30 interoperability protocols 30 interoperability devices 31 security overvie...
Page 6
User’s guide 6 cyberswitch s ystem i nstallation 54 ordering isdn service (us only) 56 overview 56 ordering ni-1 lines using ez-isdn codes 56 ordering ni-1 lines using ni-1 isdn ordering codes 56 ordering bri isdn lines using provisioning settings 56 provisioning settings for at&t 5ess switches 57 a...
Page 7
Workgroup remote access switch 7 b asic c onfiguration 82 configuration tools 83 overview 83 cfgedit 83 executing cfgedit 83 saving cfgedit changes 84 dynamic management 84 executing dynamic management 84 utility dynamic management commands 85 saving dynamic management changes 85 default configurati...
Page 8
User’s guide 8 cyberswitch ip network interfaces 105 configuring interfaces 105 network interface configuration elements 107 ip network interface background information 112 ip rip and the ip network interfaces 117 ip rip over dedicated connections 120 ip host operating mode and the ip network interf...
Page 9
Workgroup remote access switch 9 configuring system options and information 146 overview 146 system options 146 configuring system options 146 system options configuration elements 147 system options background information 149 system information 150 configuring system information 150 system informat...
Page 10
User’s guide 10 cyberswitch configuring off-node server information 178 overview 178 multiple administration login names 178 vra manager authentication server 179 configuring vra manager authentication server 179 vra manager authentication server configuration elements 180 vra manager authentication...
Page 11
Workgroup remote access switch 11 x.25 configuration elements 201 x.25 line configuration elements 201 lapb configuration elements 202 x.25 access configuration elements 203 pvc configuration elements 206 x.25 access background information 207 current x.25 restrictions 209 frame relay accesses 209 c...
Page 12
User’s guide 12 cyberswitch configuring advanced ip routing 237 overview 237 static arp table entries 238 configuring static arp table entries 238 static arp table entries configuration elements 238 static arp table entries background information 238 the isolated mode 239 configuring the isolated mo...
Page 13
Workgroup remote access switch 13 configuring ipx 269 overview 269 configuring ipx information 270 ipx routing option 271 enabling/disabling ipx 271 ipx option configuration element 271 ipx option background information 272 ipx internal network number 272 configuring the ipx internal network number ...
Page 14
User’s guide 14 cyberswitch ipx-specific information for devices 292 configuring ipx devices 292 wan devices 292 remote lan devices 295 ipx configuration elements for devices 296 ipx background information for devices 297 ipx triggered rip/sap device background 297 configuring snmp 298 overview 298 ...
Page 15
Workgroup remote access switch 15 call interval parameters 318 configuring the call interval parameters 318 call interval configuration elements 318 call interval background information 318 monthly call charge 319 configuring monthly call charge 319 monthly call charge configuration elements 319 mon...
Page 16
User’s guide 16 cyberswitch tftp 348 configuring tftp 348 tftp configuration elements 349 tftp background information 349 file attributes 350 configuring file attributes 350 file attributes configuration elements 350 file attributes background information 350 t roubleshooting 352 system verification...
Page 17
Workgroup remote access switch 17 verifying the appletalk routing feature 372 verifying appletalk routing is initialized 372 verifying appletalk routing is operational 373 verifying appletalk routing operational over the lan connection 374 verifying appletalk routing operation over a wan connection ...
Page 18
User’s guide 18 cyberswitch ip rip 397 ip rip initialization 397 ip rip output processing on a lan interface 398 ip rip input processing on a lan interface 398 ip rip output processing on a wan interface 399 ip rip input processing on a wan interface 399 ipx routing 400 ipx routing initialization 40...
Page 19
Workgroup remote access switch 19 system messages 426 overview 426 informational messages 426 boot messages 427 initialization messages 427 normal operation messages 427 status messages 427 spanning tree messages 428 warning messages 428 error messages 428 system message summary 428 trace messages 4...
Page 20
User’s guide 20 cyberswitch clearing operational information 522 configuration-related commands 522 restarting the cyberswitch 523 setting the date and time 523 file utility commands 523 terminating administration sessions 524 appletalk routing commands 525 bridge commands 530 call control commands ...
Page 21
Workgroup remote access switch 21 dhcp statistics 569 common dhcp statistics 569 dhcp relay agent statistics 570 dhcp proxy client statistics 571 frame relay statistics 572 access related statistics 572 pvc related statistics 574 lan statistics 575 ip statistics 576 ip group statistics 576 icmp grou...
Page 22
User’s guide 22 cyberswitch a ppendices 599 system worksheets 600 network topology 601 system details 602 resources 602 lines 602 accesses 603 device information 604 bridging and routing information 605 bridging 605 ip routing 605 ipx routing 606 appletalk routing 607 cfgedit map 608 overview 608 ma...
Page 23
U sing this g uide the user’s guide is divided into the following parts: s ystem o verview we begin with an overview of bridging, routing, and specific cyberswitch features. Next, we provide an overview for both the system software and hardware. S ystem i nstallation in this section of the user’s gu...
Page 24
User’s guide 24 cyberswitch a ppendices the user’s guide provides the following appendices: n etwork w orksheets these worksheets are provided to help you gather pertinent information for configuring your system. We recommend that you print copies of these blank forms and fill in the appropriate inf...
Page 25
Workgroup remote access switch 25 u sing this g uide guide conventions systems central database access for security authentication purposes. Instructions for obtaining this electronic document can be found in configuring off-node server information . If you have internet access, you may obtain this ...
Page 26
S ystem o verview we include the following chapters in the system overview segment of the user’s guide. • the cyberswitch provides the “big picture” view of a cyberswitch network. We include an overview of unique system features, interoperability, security, interfaces, system components, remote devi...
Page 27
T he c yber switch because of the strong personal computer presence in the business environment, a move to graphical user interfaces, and the need to make the best use of available resources, there is a growing demand for high speed lan access for remote devices. Pc users need to be part of a work- ...
Page 28
User’s guide 28 cyberswitch u nique s ystem f eatures the cyberswitch combines unique features that improve cost-effectiveness, reliability, and performance for wide area network connections to remote devices. These features include: • authentication servers provide a central database for networks w...
Page 29
Workgroup remote access switch 29 t he c yber switch unique system features automatically adjust the number of network connections. Thus, your network costs will reflect the actual bandwidth being used. • filtering allows you to control the flow of frames through the network. Filtering becomes neces...
Page 30
User’s guide 30 cyberswitch • protocol discrimination it is possible for multiple types of remote devices to use the same line. The system can determine the device type and the protocol encapsulation used by remote devices. • rs232 port: dual usage if your installation requires you to process ppp-as...
Page 31
Workgroup remote access switch 31 t he c yber switch interoperability overview the cyberswitch supports the following ppp protocols: • link control protocol (lcp) • multilink protocol (mlp) • authentication protocols challenge handshake authentication protocol (chap) password authentication protocol...
Page 32
User’s guide 32 cyberswitch s ecurity o verview the system provides several options for validating remote devices and for managing network security. The security options available are dependent on the remote device type, type of access, and the level of security required. Levels of security include ...
Page 33
Workgroup remote access switch 33 t he c yber switch system components the variety of network interfaces allows the installation of a wide range of devices at remote sites. As illustrated below, you can simultaneously choose bridges, routers, or host devices based on the specific remote site require...
Page 34
User’s guide 34 cyberswitch r emote isdn d evices the cyberswitch provides a centralized concentrator function for remote isdn devices. The devices can be separated into the following categories: • remote isdn bridge devices • pc based terminal adapters • isdn enabled workstations • other isdn route...
Page 35
Workgroup remote access switch 35 t he c yber switch switches supported s witches s upported switch types supported by the cyberswitch’s basic rate and primary rate isdn adapters: switch support may vary from country to country. Use the following as a guideline: type of switch basic rate primary rat...
Page 36
H ardware o verview the cyberswitchis an embedded communications platform. It uses a flash file system (instead of a hard disk) and a two-stage boot device to initialize the platform and download system software. System software is preconfigured to allow immediate connection via a local area network...
Page 37
Workgroup remote access switch 37 h ardware o verview system platforms s ystem p latforms t he csx1000 and ne l ink 1000 ( a n etwork e xpress p roduct ) the following table summarizes the csx1000 and ne link 1000 platform options. The platform shown below, the ne link 1000 b8 platform, supports fou...
Page 38
User’s guide 38 cyberswitch the csx1001, shown below, is equivalent to the ne link 1000 b2. P latform d escription the ne link 1000 and csx1000 platforms consists of two processors (the 80386 ex and the 80960 sa), system memory, and interface adapters. The front of theplatforms have a series of led ...
Page 39
Workgroup remote access switch 39 h ardware o verview system platforms the two connectors available for lan access are the aui ethernet and the 10base-t. Only one of the two ports may be activated at a time. If you attempt to use both, the system hardware automatically defaults to the 10base-t port....
Page 40
User’s guide 40 cyberswitch refer to the following figure, which illustrates a bri point-multipoint configuration. S ystem c haracteristics physical characteristics: height: 76.2 mm (3 in) width: 304.8 mm (12 in) depth: 228.6 mm (9 in) weight: approximately 3.2 kg (7 lb) environmental characteristic...
Page 41
Workgroup remote access switch 41 h ardware o verview system platforms regulatory compliance: meets or exceeds the following: safety: ul 1950, csa c22.2 no. 950, en 60950, iec 950, and 72/23/eec emi: fcc part 15, en 55022, csa 108.8, en 50082-1, vcci v-3, and 89/336/eec.
Page 42
User’s guide 42 cyberswitch t he csx1200 the following table summarizes the csx1200 platform options. The platform shown below is the pri version of the csx1200 (the csx1223). Note that all csx1200’s back panels have two slots for future add-on modules . Model # ports # connections csx1201 one bri p...
Page 43
Workgroup remote access switch 43 h ardware o verview system platforms below we illustrate the front panel of the csx1204 - the four port bri version of the csx1200. P latform d escription the csx1200 platform was designed to provide distributed network access for a branch office or small central si...
Page 44
User’s guide 44 cyberswitch electrical characteristics ac power input: voltage: 100-125 vac/200-240 vac frequency: 50/60 hz fuse: 1.0/0.5 amps, 250v power: 50 watts maximum note: main circuit card fuse labeled f1 is rated at 0.5a 63v. This fuse protects the 12v aui circuitry on the main board. This ...
Page 45
Workgroup remote access switch 45 h ardware o verview system platforms for informational purposes, here are the pin list and signal assignments for the 10base-t lan connector: note: the 10base-t connector and the wan connector are both rj45 connectors. However, they do have different electrical inte...
Page 46
User’s guide 46 cyberswitch wan a ccess since the cyberswitch is a factory-customized product, there is no need to install specific adapter boards in order to access the wan. Connections for the internal bri interface are made at the sys- tem’s back panel. On the b2, a basic rate line will connect t...
Page 47
Workgroup remote access switch 47 h ardware o verview system platforms a dministration c onsole a ccess the console connector is an rs232 connector which provides dedicated asynchronous connection. This async connection is available for administration console management or ppp-async data transfer. T...
Page 48
User’s guide 48 cyberswitch s ystem m odules t he csx1200-e11-mod the csx1200-e11-mod is an internal 11 port ethernet hub option card for the csx1200 family. The csx1200-e11-mod is available for both the bri (csx1201, csx1204) and pri (csx1223) models. The csx1223 is shown below. The internal hub ad...
Page 49
Workgroup remote access switch 49 h ardware o verview system modules the hub is equipped with lanview leds. These leds are comprised of three types: receive, link, and collision. Refer to the led indicators chapter for further information. For installation instructions refer to the hardware installa...
Page 50
User’s guide 50 cyberswitch t he csx1200-u4-mod the csx1200-u4-mod is a u-interface option card for the csx1200 family. This module is only relevant for applications in north america, since north american telephone companies typically do not provide the needed u-interface conversion. The csx1200-u4-...
Page 51
S oftware o verview o verview the cyberswitch software provides: • system software for the cyberswitch, lan and wan interfaces, and administration functions • system files containing configuration and operational information this chapter provides an overview for each of the above software categories...
Page 52
User’s guide 52 cyberswitch node.Nei this configuration file contains node-specific information like resources, lines, cyberswitch operating mode and security options, along with the throughput monitor configuration information. If enabled, snmp configuration information is also in this file. Lan.Ne...
Page 53
Workgroup remote access switch 53 s oftware o verview system files the system stores the tables in ascii format files on the system disk. When the system writes system messages to disk, it stores them in the following location: directory: \log file name: rprt_log.Nn where “nn” is an integer that is ...
Page 54
S ystem i nstallation we include the following chapters in thissegment of the user’s guide: • ordering isdn service provides guidelines for ordering isdn service in the united states. • hardware installation step-by-step instructions for installing hardware components. • accessing the cyberswitch pr...
Page 55
Workgroup remote access switch 55.
Page 56
O rdering isdn s ervice (us o nly ) o verview this chapter was designed to be a guideline for ordering isdn service in the united states. For bri isdn service: if you are using ni-1 lines, try using ez-isdn codes to order bri service. If your service provider does not support ez-isdn codes, try usin...
Page 57
Workgroup remote access switch 57 o rdering isdn s ervice (us o nly ) ordering bri isdn lines using provisioning settings if the at&t 5ess switch type is available, the isdn services available will be one of the following: • ni-1 • custom point-to-point if northern telecom dms-100 switch type is ava...
Page 58
User’s guide 58 cyberswitch at&t 5ess ni-1 s ervice note that some of the elements below are set per directory number. With ni-1 service, you will typically have two directory numbers. At&t # 5ess ni-1 service provisioning element setting term type a csv 1 csv aco unrestricted csv limit 2 csv nb lim...
Page 59
Workgroup remote access switch 59 o rdering isdn s ervice (us o nly ) ordering bri isdn lines using provisioning settings at&t 5ess c ustom p oint - to -p oint s ervice note that some of the elements below are set per directory number. With custom point-to-point service, you will have two directory ...
Page 60
User’s guide 60 cyberswitch p rovision s ettings for n orthern t elecom dms-100 s witches the isdn services supported by northern telecom dms-100 switches are as follows (in order of preference of usage): 1. Ni-1 2. Custom service the sections below provide the settings for each dms-100 service type...
Page 61
Workgroup remote access switch 61 o rdering isdn s ervice (us o nly ) ordering bri isdn lines using provisioning settings n orthern t elecom dms100 c ustom s ervice note that you must set either ekts or aco to yes. You may not set both of them to yes. B asic i nformation for o rdering pri isdn l ine...
Page 62
User’s guide 62 cyberswitch premise equipment. At the time that the line is ordered, the customer may be asked for the fcc registration number for the cyberswitch that is being used. The cabling between the wall jack and the cyberswitch is very important, and is also where most problems occur. The s...
Page 63
H ardware i nstallation p re -i nstallation r equirements before you begin the installation process, be sure to: • choose a suitable setup location make sure the location is dry, ventilated, dust free, static free, and free from corrosive chemicals • verify system power requirements the appropriate ...
Page 64
User’s guide 64 cyberswitch i nstalling the csx1200-e11-mod the csx1200-e11-mod (e11) is an internal 11 port ethernet hub option card for the csx1200 family. The csx1200-e11-mod can be installed in the bri (1201, 1204) and pri (1223) csx1200 models. To help eliminate any potential problems during or...
Page 65
Workgroup remote access switch 65 h ardware i nstallation installing the csx1200-u4-mod i nstalling the csx1200-u4-mod the csx1200-u4-mod (u4) is a u-interface option card for the csx1200 family. The csx1200-u4- mod can be installed in the bri (1201, 1204) csx1200 models. To help eliminate any poten...
Page 66
User’s guide 66 cyberswitch c abling note that the module consists of four pairs of numbered rj45 ports; you must properly connect the csx1200 bri ports to the corresponding u4 s/t interface ports of each pair on the module. We provide four 6-inch, category 5, twisted-pair cables (with rj45 connecto...
Page 67
A ccessing the c yber switch o verview this chapter describes accessing your cyberswitch, which includes: • making proper connections • establishing an administration session • powering on the system • accessing release notes m aking c onnections there are a number of ways to make a connection to th...
Page 68
User’s guide 68 cyberswitch using the provided rs232 null modem cable, attach an administration console to the system. The administration port is a 9-pin, male rs232 serial adapter as shown below: connect one end of a null modem cable to the console port on the cyberswitch, and the other end to the ...
Page 69
Workgroup remote access switch 69 a ccessing the c yber switch making connections r emote c onnection using t elnet you can access the cyberswitch with telnet. To do this, you must use telnet client software.The cyberswitch has default ip addresses configured to allow telnet access. The default lan ...
Page 70
User’s guide 70 cyberswitch e stablishing an a dministration s ession if a login prompt is displayed after the power-on initialization, the system software was preinstalled. Complete the login: 1. The login controls which class of commands the user can access. Each access level (guest or administrat...
Page 71
Workgroup remote access switch 71 a ccessing the c yber switch powering on 3. Plug the system’s power cord into a grounded electrical outlet. An appropriate standard power cord is supplied with the system for your specific country. 4. Turn on the administration console, and execute the communication...
Page 72
User’s guide 72 cyberswitch a ccessing the r elease n otes the release notes provide release highlights and important information related to this release that should be reviewed before you begin the system’s installation and configuration. The release notes are located on cd, and they are also locat...
Page 73
U pgrading s ystem s oftware o verview this chapter describes how to install system software onto the cyberswitch. Instructions are included for the following actions: • upgrading system software • changing defaults to secure system • returning configuration to factory defaults • accessing release n...
Page 74
User’s guide 74 cyberswitch for system upgrade, you will need to follow a specific upgrade path (\product name\country or switchtype\protocol or access package). This path not only depends upon product, but also the isdn standard you will be using, the software options you have purchased, and in man...
Page 75
Workgroup remote access switch 75 u pgrading s ystem s oftware upgrading software csx1204 usa csx1204\us\ipipx \ipipx.Fr \ipipx.X25 \ipipxat \ipipxat.Fr \ipipxat.Pkt \ipipx.Pkt \ipipxat.X25 csx1204 net3 csx1204\intnet3\ipipx \ipipx.Fr \ipipx.X25 \ipipxat \ipipxat.Fr \ipipxat.Pkt \ipipx.Pkt \ipipxat....
Page 76
User’s guide 76 cyberswitch if you choose to install this cd information onto your hard drive, it will be placed under the following base directory: ([drive]:\program files\cabletron systems, inc.\) note that these files will be specific to the configuration options you choose during installation. L...
Page 77
Workgroup remote access switch 77 u pgrading s ystem s oftware upgrading software l ocal u pgrade of the o perational s oftware (osw) to locally upgrade the operational software (osw) of your system, follow these steps: 1. Change the cyberswitch system’s baud rate to be the fastest baud rate support...
Page 78
User’s guide 78 cyberswitch to perform a remote upgrade, first upgrade to the latest ssb, if required, then upgrade the osw. The release notes will indicate whether or not the ssb needs to be upgraded. Note: if, during a remote upgrade, the compressed file set cannot be uncompressed into the flash f...
Page 79
Workgroup remote access switch 79 u pgrading s ystem s oftware upgrading software 5. After the recovery, delete the file by issuing the command: del \system\recover1 6. Recover lost space with the command: flash reclaim console messages during ssb upgrade: r emote u pgrade of the o perational s oftw...
Page 80
User’s guide 80 cyberswitch if you experience a problem transferring the file with tftp, wait about three minutes for the tftp to fail, delete the incomplete file, and try again. 4. Using telnet, reboot the system by issuing thecommand: restart it should take approximately 3 minutes for the systemto...
Page 81
Workgroup remote access switch 81 u pgrading s ystem s oftware return configuration to factory defaults 3. Change the admin and guest system passwords. If your system was previously accessed by your distributor, the preconfigured password will be admin (in lower case). Change this password to secure...
Page 82
B asic c onfiguration we define basic configuration as the configuration needed by most users. Basic configuration will get your system up and running. Note that not all configuration steps in this part are required. For example, if you are only using bridging, you will have no need to complete the ...
Page 83
C onfiguration t ools o verview we provide the following configuration tools to set up and/or alter your configuration: • cfgedit, the configuration utility • manage mode, the dynamic management utility your cyberswitch is shipped with a default set of configuration files that are preinstalled. Thes...
Page 84
User’s guide 84 cyberswitch as long as there is no other “change” session active (cfgedit or manage mode), access is granted, and the following menu is displayed: from this screen you will begin the configuration process. Refer to basic configuration and succeeding chapters for details on using this...
Page 85
Workgroup remote access switch 85 c onfiguration t ools dynamic management once manage mode is entered, the prompt changes from [system name]> to [system name]: manage> . While operating in manage mode, only dynamic management commands are available. All other system commands are ignored until you e...
Page 86
User’s guide 86 cyberswitch d efault c onfiguration your cyberswitch is shipped with a default set of configuration files that are preinstalled. These configuration files provide basic functions which will allow you to perform initial installation tests with no additional configuration. The default ...
Page 87
Workgroup remote access switch 87 c onfiguration t ools using the configuration chapters these worksheets will be helpful in configuring and managing your system. They capture important network information. To see examples of completed worksheets, refer to the example networks guide. U sing the c on...
Page 88
C onfiguring r esources and l ines o verview resource refers to the computer resources that are part of the cyberswitch. A wan resource is the physical interface for the attachment of lines (i.E., connections) to your system. Lines are communication facilities from the carriers. These lines directly...
Page 89
Workgroup remote access switch 89 c onfiguring r esources and l ines resources united states : for the u.S. Resource configuration, switch type is configurable, but ethernet resource or commport is not. Select resources to display a screen similar to the following: to configure a different switch ty...
Page 90
User’s guide 90 cyberswitch u sing m anage m ode c ommands resource displays the current resource configuration. R esource c onfiguration e lements r esource t ype the type of adapter (resource) that plug into the system. Wan adapters are the physical interface for the attachment of lines (i.E., con...
Page 91
Workgroup remote access switch 91 c onfiguring r esources and l ines resources the t1-e1-pri can be used for any t1, e1, or pri resource, and directly terminates a standard usoc rj45 connector. It is supplied with a standard s/t interface and supports one port. It also provides support for the follo...
Page 92
User’s guide 92 cyberswitch l ines to parallel the preconfigured serial resource (commport), there is also a preconfigured serial line named asyndmport. This line may not be deleted from the cyberswitch configuration, but its values (including mode of operation) are changeable. A single wan line and...
Page 93
Workgroup remote access switch 93 c onfiguring r esources and l ines lines d. Parity value e. Flow control type f. Mode: • autosense (default): can be either terminal or ppp-async. Requires user interaction (four carriage returns) to get to terminal mode. • term: terminal mode only. Login prompt aut...
Page 94
User’s guide 94 cyberswitch datalink add allows you to add a data link. The following sample screen shows how a data link is added. Datalink change changes an existing data link. Datalink delete deletes an existing data link. Ampconf allows you to change the amp port configuration. L ine c onfigurat...
Page 95
Workgroup remote access switch 95 c onfiguring r esources and l ines lines c all s creening m ethods for basic rate lines only. If you select a line interface type of point-multipoint, choose one of the following call screening methods: none, subaddress, or telephone number. The paragraphs below def...
Page 96
User’s guide 96 cyberswitch channel). For dms and ni-1 switches, the bri line has two spids, and two phone numbers. Note that either spid can use either bearer channel. There is no one-to-one correspondence. You must enter the number of digits to verify (starting at the right-most digit), so that wh...
Page 97
Workgroup remote access switch 97 c onfiguring r esources and l ines lines d igits v erified the number of digits to verify (starting at the rightmost digit), so that when the system receives a phone call it can determine on which bearer to accept the phone call. The maximum number of digits should ...
Page 98
User’s guide 98 cyberswitch if you are not using an external csu, specify a value under long haul build out. On long hauls, your telephone company will provide you with a decibel attenuation value when they install the lines. The installers may specify option labels a, b, or c during installation. I...
Page 99
Workgroup remote access switch 99 c onfiguring r esources and l ines subaddresses s ubaddresses c onfiguring a s ubaddress u sing cfgedit 1. To configure a subaddress, select isdn subaddress from the physical resources menu. 2. Enter the subaddress. The subaddress is supplied by your carrier service...
Page 100
C onfiguring b asic b ridging o verview this chapter provides information for configuring basic bridging features. Basic bridging configuration includes: • enabling/disabling bridging a separate chapter, configuring advanced bridging , provides information for configuring advanced bridging features....
Page 101
Workgroup remote access switch 101 c onfiguring b asic b ridging mac layer bridging option mac l ayer b ridging b ackground i nformation you are given the option of either enabling or disabling the mac layer bridging feature. When bridging is enabled, the system bridges data packets to the proper de...
Page 102
C onfiguring b asic ip r outing o verview this chapter provides information for configuring basic ip routing features. Basic ip routing configuration includes: • enabling/disabling the internet protocol (ip) when you enable this option, the system operates as an ip router. If you also enable bridgin...
Page 103
Workgroup remote access switch 103 c onfiguring b asic ip r outing ip operating mode ip o ption c onfiguration e lements ip o perational s tatus you can enable or disable the internet protocol (ip) option. The default is disabled. Ip b ackground i nformation when ip is enabled, the system acts as a ...
Page 104
User’s guide 104 cyberswitch b. If you select the ip host operating mode, an abbreviated ip configuration is displayed: notes: static arp entries, isolated mode, static route lookup via radius, and ip address pool capabilities are not available in ip host operating mode. Ip operating mode can not be...
Page 105
Workgroup remote access switch 105 c onfiguring b asic ip r outing ip network interfaces off-node authentication servers are available when ip is enabled regardless of the operating mode. With ip host mode, all traffic is considered bridge traffic, so no ip-specific off-node server lookups are perfo...
Page 106
User’s guide 106 cyberswitch n. Ip rip v2 authentication key (required only if the ip rip v2 authentication control has been configured with a value other than “no authentication” note: with the secondary ip addressing feature, you may add more than one lan network interface. Upon adding a second la...
Page 107
Workgroup remote access switch 107 c onfiguring b asic ip r outing ip network interfaces if ip rip is enabled, enter the following additional information: h. Ip rip send control i. Ip rip respond control j. Ip rip receive control k. Ip rip v2 authentication control l. Ip rip v2 authentication key (r...
Page 108
User’s guide 108 cyberswitch s ubnet m ask the subnet mask value (the number of significant bits for the subnet mask) associated with the ip address specified for this interface. The subnet mask is specified by entering the number of contiguous bits that are set for the mask. The mask bits start at ...
Page 109
Workgroup remote access switch 109 c onfiguring b asic ip r outing ip network interfaces entered for the interface. For example, if the ip address of the interface is 199.120.211.98, the portion of the menu displaying the available transmit broadcast addresses would appear as: in almost all cases, t...
Page 110
User’s guide 110 cyberswitch ip rip s end c ontrol if ip rip is enabled for a specific interface (lan, wan rlan, and/or numbered wan interfaces), an ip rip send control must be selected. This element controls how ip rip update messages are sent on an ip rip interface. There is a different default va...
Page 111
Workgroup remote access switch 111 c onfiguring b asic ip r outing ip network interfaces the following table provides the possible choices for ip rip respond control. *the default switch. Ip rip r eceive c ontrol if ip rip is enabled for a specific interface, then this element is required. This cont...
Page 112
User’s guide 112 cyberswitch the following table provides the possible choices for ip rip v2 authentication control * this is the default switch. Ip rip v 2 a uthentication k ey if ip rip is enabled for a specific interface, this key is required if the following condition has been met: the “ip rip v...
Page 113
Workgroup remote access switch 113 c onfiguring b asic ip r outing ip network interfaces an ip host device has only one network interface that it uses for data transfer. This network interface is assigned an ip address and belongs to one subnet. A remote ip host typically uses an isdn line for this ...
Page 114
User’s guide 114 cyberswitch the wan ip network interface is used to define remote ip devices (hosts or routers) that require access to the central network. This network interface represents a different subnet than that connected to a lan network interface. The wan ip network interface is used for b...
Page 115
Workgroup remote access switch 115 c onfiguring b asic ip r outing ip network interfaces in example 1,we show three different types of network interfaces and the ip subnets that are used. It should be noted that even though the cyberswitch only has one physical connection to the wan, it has more tha...
Page 116
User’s guide 116 cyberswitch in example 2, the wan unnumbered interface is used to eliminate an unnecessary ip subnet. The rlan interface is unique in that it extends the ip network over the wan to remote devices which access the network using a bridge device. Thus it makes a simple bridge device ap...
Page 117
Workgroup remote access switch 117 c onfiguring b asic ip r outing ip network interfaces ip rip and the ip n etwork i nterfaces routing information protocol (rip) is a protocol used to exchange routing information among ip devices. Using ip rip can automate the maintenance of routing tables on ip de...
Page 118
User’s guide 118 cyberswitch see illustration, example 1. Because site1 is the only cyberswitch that is connected to the logical network, it is reasonable for site1 to advertise the ip rip information on network 3 as subnetwork routes, meaning that site1 will always advertise the remote ip devices’ ...
Page 119
Workgroup remote access switch 119 c onfiguring b asic ip r outing ip network interfaces for the wan interface to function properly with ip rip, additional wan interface information is configured. The additional information required involves selecting one of the following: disabling host routes prop...
Page 120
User’s guide 120 cyberswitch currently, ip rip is not supported across an unnumbered wan interface. For example, in the following network setup, site1 could not advertise ip rip information across the unnumbered wan ip interface to router 2 (r2). Therefore, site1 would know about networks 1 and 2, b...
Page 121
Workgroup remote access switch 121 c onfiguring b asic ip r outing ip network interfaces in the previous graphic, the wan network interface 1.1.1.1 on site1 is used to connect to a dedicated line and an isdn line. You need to specify to which remote device, either site2 or site3, site1 should exchan...
Page 122
User’s guide 122 cyberswitch ip h ost o perating m ode and the ip n etwork i nterfaces only one network interface can be configured when the ip operating mode is host. The network interface configuration is not much different from the others available in router mode except that the following configu...
Page 123
Workgroup remote access switch 123 c onfiguring b asic ip r outing ip network interfaces with a remote device on a different subnet, the local device will arp for the remote host’s mac address. Since routers do not forward arp requests across subnets, arps sent for hosts which are not on the same ph...
Page 124
User’s guide 124 cyberswitch when a local host arps for a remote host, the cyberswitch (with proxy arp enabled) determines if it provides the best route to the destination. If it does, it will reply to the arp request with its own mac address. • suppose host a wishes to contact host d. Since host a ...
Page 125
Workgroup remote access switch 125 c onfiguring b asic ip r outing static routes u sing m anage m ode c ommands iproute displays the current ip static routing configuration data. The meaning of each displayed field for a route entry is: d estination ip address for the destination network or host. S ...
Page 126
User’s guide 126 cyberswitch ip rip p ropagation c ontrol the ip rip propagation control determines how a static route is propagated via ip rip. The following table provides an explanation of how a ip rip propagation control flag is assigned to a static route. Iproute change allows an existing ip st...
Page 127
Workgroup remote access switch 127 c onfiguring b asic ip r outing static routes reachable directly and therefore no intermediate router will be used. The default metric value is 2. The range of metric values for static routes is from 0 to 15. You may manipulate the metric value to promote a certain...
Page 128
User’s guide 128 cyberswitch s tatic r oute b ackground i nformation you only need to configure static routing entries if you need to access a wan network that is not directly connected to the system, or if you need to access a lan network through a router that does not support ip rip. Static routes...
Page 129
Workgroup remote access switch 129 c onfiguring b asic ip r outing default routes d efault r outes c onfiguring d efault r outes the default route is a form of static route that is useful when there are a large number of networks that can be accessed through a gateway. However, care must be taken wh...
Page 130
User’s guide 130 cyberswitch connection is over a wan. You may want to assign this route a high number of hops to limit toll charges, in case there is a local route that could be used. Ip rip p ropagation c ontrol this controls how a default route is propagated via ip rip. The following table provid...
Page 131
Workgroup remote access switch 131 c onfiguring b asic ip r outing routing information protocol (rip) option u sing m anage m ode c ommands iprip this command tells you if ip rip is currently enabled or disabled. Iprip off if ip rip is enabled, this command allows you to disable ip rip. Iprip on if ...
Page 132
S ecurity the cyberswitch provides a great variety of security options. These options include device level security, user level security, a combination of the two, or if preferred, no security. There are different ways to authenticate, as well as different locations (both local and remote) to store ...
Page 133
S ecurity o verview o verview security is an important issue to consider when you are setting up a network. The cyberswitch provides several security options, and this chapter describes the “big picture” of how these options work and interoperate. This information will better equip you to proceed wi...
Page 134
User’s guide 134 cyberswitch multilevel security provides both user level security and device level security for local (on-node) database, radius, and sfvra. This provides added protection; first, a device will be authenticated, and then a particular user (on the device) will be authenticated. The f...
Page 135
Workgroup remote access switch 135 s ecurity o verview user level databases these environments include an on-node database and a variety of off-node, central authentication databases. The on-node database contains a list of valid devices that can access the network resources connected to the cybersw...
Page 136
C onfiguring s ecurity l evel o verview the cyberswitch offers the following levels of network security: no security, device level security, user level security, or device and user level security. The network security level determines the type of security you want activated on your network. As the n...
Page 137
Workgroup remote access switch 137 c onfiguring s ecurity l evel overview plan what level(s) of security you will use, and configure them now. You will later assign and configure authentication databases to the network security level you configure and to administration sessions. The table below iden...
Page 138
User’s guide 138 cyberswitch n o s ecurity c onfiguring n o s ecurity u sing cfgedit 1. To begin the configuration of an on-node database or any of the security database options, start at the main menu and progress through the screens as shown below: 2. Select security level from the security menu. ...
Page 139
Workgroup remote access switch 139 c onfiguring s ecurity l evel device level security d evice l evel s ecurity c onfiguring d evice l evel s ecurity u sing cfgedit 1. Select device level security from the security level menu. If you need guidance to find this menu, refer to the instructions provide...
Page 140
User’s guide 140 cyberswitch o verview of d evice a uthentication p rocess when a remote device connects, the cyberswitch negotiates the required authentication. It then collects the information which is used to identify and authenticate the remote device. The system compares this collected informat...
Page 141
Workgroup remote access switch 141 c onfiguring s ecurity l evel user level security the following sections provide information regarding authentication via securid cards, system requirements for user level security, and the authentication process with user level security. A uthentication u sing a s...
Page 142
User’s guide 142 cyberswitch s ystem r equirements when providing user level security for the cyberswitch, you must establish remote user-to- lan connectivity (like terminal servers). You may not establish lan-to-lan connectivity as routers usually do. There are two different ways of establishing re...
Page 143
Workgroup remote access switch 143 c onfiguring s ecurity l evel user level security a uthentication p rocess with u ser l evel s ecurity making a telnet connection in order to access user level security, you must first establish a telnet connection to the cyberswitch. Depending upon your applicatio...
Page 144
User’s guide 144 cyberswitch tacacs: with pinpad secureid card 1. Enter login id (remote machine). 2. Enter password onto securid card, which generates a dynamic password. 3. Enter dynamic password onto remote machine’s password prompt. 4. Press key when prompted for dynamic password. With non-pinpa...
Page 145
Workgroup remote access switch 145 c onfiguring s ecurity l evel device and user level security d evice and u ser l evel b ackground i nformation multi-level security (device and user level) provides you with increased security options for your network. This feature supports device level security fo...
Page 146
C onfiguring s ystem o ptions and i nformation o verview system options include security options for remote devices. The security required for the authentication of each device will depend on the information you have entered for that device. System information includes a system name, system password...
Page 147
Workgroup remote access switch 147 c onfiguring s ystem o ptions and i nformation system options notes: it is not necessary to disable a security option, even if you are not using the option. The security required for the authentication of each device will depend on the information you have entered ...
Page 148
User’s guide 148 cyberswitch note: if a system is brought on line with a device that has a required calling line id that is a duplicate of another device’s calling line id, and no other type of authentication is used, a warning message is logged at initialization. Every attempt to connect the device...
Page 149
Workgroup remote access switch 149 c onfiguring s ystem o ptions and i nformation system options the above process applies to the system’s authentication of the remote device. It is also possible that the remote device may wish to authenticate the system itself, a desire that is also negotiated duri...
Page 150
User’s guide 150 cyberswitch the following table summarizes the identifying and authenticating information used by each remote device type to connect to the system: s ystem i nformation c onfiguring s ystem i nformation u sing cfgedit 1. Select option (2), system information from the system options ...
Page 151
Workgroup remote access switch 151 c onfiguring s ystem o ptions and i nformation administrative session s ystem p assword the system password is a user-defined password that is only required if there are remote devices on the network that require this information for system validation. This is pass...
Page 152
User’s guide 152 cyberswitch 4. You may specify an authentication database location for administrative sessions that is different from the user authentication database location. Note: if you select radius, tacacs, or ace, you must be sure that the selected server is active before you initiate an adm...
Page 153
Workgroup remote access switch 153 c onfiguring s ystem o ptions and i nformation administrative session t imeout v alue allows you to terminate login sessions after the configured “time-out value” length in time. If “0” is entered, the value will be disabled. The time-out will be enabled by enterin...
Page 154
User’s guide 154 cyberswitch e mergency t elnet s erver p ort n umber b ackground i nformation there are some telnet client programs that do not clear telnet connections when terminating telnet sessions. Since they do not clear the telnet connections, those connections stay alive and soon all telnet...
Page 155
C onfiguring d evice l evel d atabases o verview devicelevel securityis an authentication process between internetworking devices, in which authentication takes place automatically. Both bridges and routers support this form of security.Devicelevel security is available to the network locally throug...
Page 156
User’s guide 156 cyberswitch 2. Select option (1) on-node device database from the device level databases menu. The following screen will be displayed. Follow the on-screen instructions to enable the on-node database device: o n - node d evice e ntries c onfiguring o n - node d evice e ntries 1. Sel...
Page 157
Workgroup remote access switch 157 c onfiguring d evice l evel d atabases on-node device entries 4. The device table menu will then be displayed similar to the example screen shown below: we suggest that you first enter the information pertaining to the device’s access type(s). Access types include:...
Page 158
User’s guide 158 cyberswitch 6. For frame relay devices: note: you must first configure the frame relay access. Instructions for configuring the access is found in the frame relay accesses section of the configuring alternate accesses chapter. Begin by selecting frame relay from the device table men...
Page 159
Workgroup remote access switch 159 c onfiguring d evice l evel d atabases on-node device entries if you select pvc, the list of available pvcs are displayed. The lcn of the selected pvc and the x.25 access name are stored in the device table to bind the device to a particular virtual circuit configu...
Page 160
User’s guide 160 cyberswitch for ppp, the ability to enable/disable outbound authentication (selection 3) is available. However, it is generally not necessary to enable outbound authentications on a point-to-point line. If the device is associated with a frame relay virtual circuit, and the pvc name...
Page 161
Workgroup remote access switch 161 c onfiguring d evice l evel d atabases on-node device entries a. Enable or disable ipx routing. B. If you enable ipx routing and want dial-out capabilities to this device, enable the make calls feature. C. If you enable ipx routing, you may enable or disable ipxwan...
Page 162
User’s guide 162 cyberswitch for ip remote lan networks, you must explicitly configure the ip (sub)network number. For ipx remote lan networks, you may configure the ipx external network number, or you may leave the value at none. The ipx spoofing options for ipx remote lan devices are not available...
Page 163
Workgroup remote access switch 163 c onfiguring d evice l evel d atabases on-node device entries o n - node d evice d atabase c onfiguration e lements g eneral c onfiguration e lements d evice n ame a 1 to 17-character, user-defined case-sensitive name that uniquely identifies the device to the syst...
Page 164
User’s guide 164 cyberswitch calls. The system will not accept or make a call when the added bandwidth will exceed the configured maximum. The value is configured as a number from 2,400 bps to 3,072,000 bps. You may configure any value in this range. For example, if you have configured the base data...
Page 165
Workgroup remote access switch 165 c onfiguring d evice l evel d atabases on-node device entries f rame r elay a ccess c onfiguration e lements note: these elements are configured for frame relay devices only. Pvc c onfigured information of the already configured frame relay virtual circuit which wi...
Page 166
User’s guide 166 cyberswitch o utbound a uthentication this parameter allows you to enable or disable ppp outbound authentication procedures. When ppp outbound authentication is enabled, ppp (chap or pap) authentication is required at both ends of the connection. When ppp outbound authentication is ...
Page 167
Workgroup remote access switch 167 c onfiguring d evice l evel d atabases on-node device entries compare the incoming clid with the value configured in the on-node device table. If the numbers are identical the connection will be established. Otherwise, the system will reject the incoming call. When...
Page 168
User’s guide 168 cyberswitch wan p eer t ype specifies an active wan peer (receives and sends information at all times) or a passive wan peer (receives/sends information only when a connection is up). In order for an active peer type to work properly, the make calls field must also be enabled. S poo...
Page 169
Workgroup remote access switch 169 c onfiguring d evice l evel d atabases on-node device entries b ridge i nformation c onfiguration e lements ip (s ub ) n etwork n umber if the cyberswitch uses an ip rlan interface to connect to a remote bridge, you must provide this information. This address assoc...
Page 170
User’s guide 170 cyberswitch c ompression c onfiguration e lements d evice c ompression s tatus allows you to enable or disable compression for the individual device. If this option is enabled, then the cyberswitch will negotiate compression with this device. Otherwise, the system will not negotiate...
Page 171
Workgroup remote access switch 171 c onfiguring d evice l evel d atabases on-node device entries the following table identifies the configuration requirements for possible security options for remote bridge devices. *conditionally required means you must specify at least one of either the calling li...
Page 172
User’s guide 172 cyberswitch ip routing with ip host devices (rfc1294) to allow an ip host device to connect to the cyberswitch, you must have ip routing and ip host security enabled. For each ip host device using this type of connection, you may need to enter the device’s ip address, ip host id, an...
Page 173
Workgroup remote access switch 173 c onfiguring d evice l evel d atabases on-node device entries bridging with ppp bridge devices (using bcp) to allow a ppp bridge device to connect to the cyberswitch, you must have bridging enabled. For each ppp bridge device using this type of connection, you may ...
Page 174
User’s guide 174 cyberswitch the following table identifies the configuration requirements for possible security options for ip routing with ppp bridge devices. Note: if chap security is enabled, and outbound authentication has not been disabled, a chap secret must be entered for both the remote dev...
Page 175
Workgroup remote access switch 175 c onfiguring d evice l evel d atabases off-node device database location o ff - node d evice d atabase l ocation c onfiguration e lements d atabase l ocation the database location for devicelevel security. The choices for the off-node database location are none (us...
Page 176
C onfiguring u ser l evel d atabases o verview userlevel security is an authentication process between a specific user and a device. The authentication process is interactive; users connect to a terminal server and need to interact with it in order to communicate with other devices beyond the server...
Page 177
Workgroup remote access switch 177 c onfiguring u ser l evel d atabases user level authentication database location u ser l evel a uthentication d atabase l ocation c onfiguration e lements d atabase l ocation the database location for user level security. Choices are: radius server, tacacs server, ...
Page 178
C onfiguring o ff - node s erver i nformation o verview you can configure both local device entries and remote authentication databases for device authentication. When a device needs to be authenticated, the cyberswitch will first look the device up locally, and, if there is no device entry, will th...
Page 179
Workgroup remote access switch 179 c onfiguring o ff - node s erver i nformation vra manager authentication server vra m anager a uthentication s erver c onfiguring vra m anager a uthentication s erver notes: in order for the cyberswitch to reference vra manager for device authentication, the follow...
Page 180
User’s guide 180 cyberswitch vra m anager a uthentication s erver c onfiguration e lements tcp p ort n umber the tcp port number used by the vra manager. Note that you can assign a device-defined port number, but that the vra manager tcp port number must be entered identically on both the cyberswitc...
Page 181
Workgroup remote access switch 181 c onfiguring o ff - node s erver i nformation radius authentication server u sing cfgedit 1. Select option (2), radius from the off-node server information menu. If you need guidance to find this menu, refer to the instructions provided in the vra manager authentic...
Page 182
User’s guide 182 cyberswitch radius a uthentication s erver c onfiguration e lements ip a ddress the ip address in dotted decimal notation for the radius server. This information is required for the primary radius server, and also required if a secondary radius server is configured. If a secondary r...
Page 183
Workgroup remote access switch 183 c onfiguring o ff - node s erver i nformation tacacs authentication server information from the secondary server if one is configured. The connection will be released if neither server responds to the access requests. The section titled on-node device table securit...
Page 184
User’s guide 184 cyberswitch 3. Optional: configure a secondary tacacs server with selection (2). In the event that the primary server does not respond to system requests, the secondary server will be queried for device authentication information. The address and port number of the secondary server ...
Page 185
Workgroup remote access switch 185 c onfiguring o ff - node s erver i nformation ace authentication server system will send an access request retry if the primary server does not respond. After the configured number of retries, the system will request authentication information from the secondary se...
Page 186
User’s guide 186 cyberswitch 4. Select miscellaneous information to finish the configuration. A. Specify the number of access request retries that the system will send to the authentication server. B. Specify the time between retries. C. Choose between the des or sdi encryption method. The algorithm...
Page 187
Workgroup remote access switch 187 c onfiguring o ff - node s erver i nformation ace authentication server n umber of a ccess r equest r etries the number of access request retries that the system will send to the ace server. The initial default value is 3. The acceptable range is from 0 to 32,767. ...
Page 188
C onfiguring n etwork l ogin i nformation o verview the cyberswitch offers a number of configurable options to control the login process for this system and for off-node authentication servers. These options include: • general network login configuration • network login banners • login configuration...
Page 189
Workgroup remote access switch 189 c onfiguring n etwork l ogin i nformation network login general configuration concerning item (9), authentication timeout, note the following recommendation: if using the security dynamics ace server, modify the timeout value to be greater than the change frequency...
Page 190
User’s guide 190 cyberswitch n etwork l ogin b anners c onfiguring n etwork l ogin b anners u sing cfgedit 1. Select option (2), network login banners from the network login information menu. If you need guidance to find this menu, refer to the instructions provided in the network login general conf...
Page 191
Workgroup remote access switch 191 c onfiguring n etwork l ogin i nformation login configuration specific to radius server l ogin c onfiguration s pecific to radius s erver c onfiguring radius s erver l ogin i nformation u sing cfgedit 1. Select option (3), login configuration specific to radius ser...
Page 192
User’s guide 192 cyberswitch u sing m anage m ode netlogin displays the current network login configuration data. After entering the netlogin command, you will be prompted for the type of login configuration information you want. The prompt will resemble the cfgedit screen in which this information ...
Page 193
Workgroup remote access switch 193 c onfiguring n etwork l ogin i nformation login configuration specific to tacacs server 2. Selection (1) from the tacacs specific device login menu allows you to change the password control character: 3. Selection (2) from the tacacs specific device login menu allo...
Page 194
User’s guide 194 cyberswitch netlogin change allows you to change the current network login configuration data. After entering the netlogin change command, you will be prompted for the type of login configuration information you want to change. The prompt will resemble the cfgedit screen in which th...
Page 195
A dvanced c onfiguration we define advanced configuration as the configuration you may use to fine tune your system, or to configure options that are not necessarily needed by the majority of users. For example, if you would like to configure an alternate access (an alternate to isdn access); this w...
Page 196
C onfiguring a lternate a ccesses o verview an access defines the connection details the cyberswitch uses to reach the network. The default access is isdn access, a switched-network access. Configurable accesses are required for dedicated network connections, for packet-switched network connections ...
Page 197
Workgroup remote access switch 197 c onfiguring a lternate a ccesses dedicated accesses l ine p rotocol designates the type of line protocol that will be used on the dedicated connection. Ppp line protocol is the correct selection for most configurations. Hdlc protocol may work for devices that only...
Page 198
User’s guide 198 cyberswitch x.25 a ccesses c onfiguring an x.25 a ccess note the following: • x.25 accesses are available only if you have purchased the additional software module for packet switched accesses. • to establish virtual circuits over x.25, you must enable device level security ( page 1...
Page 199
Workgroup remote access switch 199 c onfiguring a lternate a ccesses x.25 accesses 7. Enter a list of bearers (a channel map). For pri lines, the range of channels is from 1 to 24. For bri lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/or list a range by using a...
Page 200
User’s guide 200 cyberswitch 3. Configure the x.25 reliability, windows, and acknowledgment facilities. A. Select the type of sequence numbers to be used for x.25: regular or extended. Extended sequence numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128), as opposed ...
Page 201
Workgroup remote access switch 201 c onfiguring a lternate a ccesses x.25 accesses p ermanent v irtual c ircuit i nformation note: svcs and pvcs are specified in the x.25 logical channel assignments section of the configuration. However, pvcs require additional configuration, which is done in this s...
Page 202
User’s guide 202 cyberswitch d ata r ate the data rate that applies to the line being used for this x.25 access. The configured data rate can be 56 or 64 kbps. B earer c hannels a list of bearers (a channel map) that will be used on the line associated with this x.25 access. For pri lines, the range...
Page 203
Workgroup remote access switch 203 c onfiguring a lternate a ccesses x.25 accesses x.25 a ccess c onfiguration e lements the x.25 access configuration elements are divided into seven different categories: • x.25 logical channel assignments • x.25 timer configuration • x.25 reliability, windows, and ...
Page 204
User’s guide 204 cyberswitch x.25 r eliability , w indows , and a cknowledgment x.25 s equence n umber r ange the type of sequence numbers to be used for x.25; regular or extended. Extended sequence numbering allows for packets to be assigned sequence numbers from 0-127 (modulo 128), as opposed to 0...
Page 205
Workgroup remote access switch 205 c onfiguring a lternate a ccesses x.25 accesses n onstandard d efault t ransmit w indow s ize the number of frames that a dte can send without receiving an acknowledgment. Using modulo 128, the dtes can send up to 127 frames without receiving an acknowledgment. Usi...
Page 206
User’s guide 206 cyberswitch x.25 r estriction f acilities these facilities are used to place restrictions upon incoming and outgoing x.25 calls. B arring i ncoming c alls allows to you bar x.25 calls coming in to the system. The default configuration is to not bar incoming x.25 calls. B arring o ut...
Page 207
Workgroup remote access switch 207 c onfiguring a lternate a ccesses x.25 accesses n onstandard d efault r eceive w indow s ize the number of frames that a dte can receive without receiving an acknowledgment. Using modulo 128, the dtes can send up to 127 frames without receiving an acknowledgment. U...
Page 208
User’s guide 208 cyberswitch a virtual path, although it appears that a real circuit exits, in reality, the network routes the device’s information packets to the designated designation. Any given path may be shared by several devices. When the virtual circuit is established, a logical channel numbe...
Page 209
Workgroup remote access switch 209 c onfiguring a lternate a ccesses frame relay accesses c urrent x.25 r estrictions • x.25 virtual circuits must be two-way logical channels; one-way incoming and one-way out- going channels are not currently supported. • each system can have only one x.25 access. T...
Page 210
User’s guide 210 cyberswitch 5. Enter a list of bearers (a channel map). For t1 lines, the range of channels is from 1 to 24. For bri lines, the range of channels is from 1 to 2. Separate bearer channels by commas, and/or list a range by using a dash (-). 6. Enter the maximum frame size supported by...
Page 211
Workgroup remote access switch 211 c onfiguring a lternate a ccesses frame relay accesses 7. Enter the rate measurement interval in msecs. Note: you must restart the cyberswitch in order to associate the pvc with a device. After all of the above pvc information is entered, an index number will be as...
Page 212
User’s guide 212 cyberswitch lmi indicates whether or not this frame relay access will support the local management interface (lmi). If this frame relay access supports lmi, lmi information can be displayed by entering the fr lmi command at the system console prompt. For further lmi information, ref...
Page 213
Workgroup remote access switch 213 c onfiguring a lternate a ccesses frame relay accesses pvc l ine p rotocol the pvc line protocol determines which type of data encapsulation will be used on the pvc. The options are ppp point to point protocol or fr_ietf. Ppp allows ppp authentication for the assoc...
Page 214
User’s guide 214 cyberswitch f rame r elay a ccess b ackground i nformation frame relay is a frame mode service in which data is switched on a per frame basis, as opposed to a circuit mode service that delivers packets on a call-by-call basis. This feature will allow the system to efficiently handle...
Page 215
Workgroup remote access switch 215 c onfiguring a lternate a ccesses frame relay accesses configured in the device table. It will find the pvc and the line protocol that corresponds to the pvc name and change its pvc name to match the corresponding device name. Notes: vra manager is currently the on...
Page 216
User’s guide 216 cyberswitch -- the rate at which data frames may be sent into the network without incurring congestion. This is generally accepted as the end-to-end available bandwidth at which frame relay service devices may enjoy sustained frame transmission. By definition this must be less than ...
Page 217
Workgroup remote access switch 217 c onfiguring a lternate a ccesses frame relay accesses however, under the above stated conditions, the network configuration shown below would not be allowed: switched connections can only be used as a backup to frame relay. As such, a switched connection would be ...
Page 218
C onfiguring a dvanced b ridging o verview when bridging is enabled, optional advanced features are available. Optional bridging features include: • bridge dial out • spanning tree protocol • mode of operation • bridging filters • known connect lists this chapter includes a section for each advanced...
Page 219
Workgroup remote access switch 219 c onfiguring a dvanced b ridging bridge dial out c onfiguring the d evice l ist for b ridge d ial o ut note: the configuring device level databases chapter contains the information needed to completely configure an on-node device entry. The following section provid...
Page 220
User’s guide 220 cyberswitch 9. Enable bridging. 10. Enable make calls for bridge data. You must have already configured the device’s phone number (step 6) before the system allows you to enable this feature. Return to the current device table. The system notifies you of proper configuration for you...
Page 221
Workgroup remote access switch 221 c onfiguring a dvanced b ridging bridge mode of operation b ridge m ode of o peration b ackground i nformation selecting the bridge mode of operation allows you to determine the forwarding method that the bridge will use to distribute lan packets to the remote site...
Page 222
User’s guide 222 cyberswitch b ridge f ilters c onfiguring b ridge f ilters note: bridge dial out calls can be initiated through the use of a known connect list or through the use of bridge filters. For a description of bridge dial out through bridge filters, refer to the section titled dial out usi...
Page 223
Workgroup remote access switch 223 c onfiguring a dvanced b ridging bridge filters protocol definition commands protdef displays the current protocol definition configuration data. Protdef add allows a protocol definition to be added to the current configuration. Refer to the using cfgedit section f...
Page 224
User’s guide 224 cyberswitch protfilt add allows a protocol filter to be added to the current configuration. Refer to the cfgedit section for required configuration elements ( page 222 ). Protfilt change allows the current protocol filter configuration to be changed. Protfilt delete allows a protoco...
Page 225
Workgroup remote access switch 225 c onfiguring a dvanced b ridging bridge filters d istribution l ist a distribution list is defined as the wan and/or lan ports to which the filter action will be applied. The distribution list is selected from a displayed list of possible choices (lan, wan, device ...
Page 226
User’s guide 226 cyberswitch mac address filters reference either the source or destination mac address fields in a packet. Protocol filters use the protocol id field in a packet. Packet data filters reference data outside the address and protocol fields in a packet. Each filter has a distribution l...
Page 227
Workgroup remote access switch 227 c onfiguring a dvanced b ridging bridge filters b ridge f ilter d efinitions this section provides the syntax for the bridge filters available for the unrestricted bridge mode and the restricted bridge mode. Unrestricted mode bridge filters 1. Source unicast-addres...
Page 228
User’s guide 228 cyberswitch 4. Destination mac-address connect this filter allows you to connect mac frames addressed to the specified mac address. When the specified mac address appears in the destination address field of the mac frame, the frame will be forwarded as specified in the distribution ...
Page 229
Workgroup remote access switch 229 c onfiguring a dvanced b ridging bridge filters the following charts summarize the filter actions available for unrestricted bridging: * device list may be the on-node device database, or it may be located on an off-node authentication server. Filter action distrib...
Page 230
User’s guide 230 cyberswitch restricted mode bridge filters 1. Source unicast-address forward this filter allows you to stipulate access privileges of a given device. When the specified unicast address appears in the source address field of a mac frame, the frame will be forwarded as specified in th...
Page 231
Workgroup remote access switch 231 c onfiguring a dvanced b ridging bridge filters 5. Protocol protocol-id forward this filter allows you to restrict packets based on the ethernet protocol id field or the corresponding 802.3 lsap field. You can specify the protocol id that is to be forwarded. The fi...
Page 232
User’s guide 232 cyberswitch the following chart summarizes the forward filter actions available for restricted bridging: it is possible to use a discard filter action to selectively discard packets that have been forwarded through the previous restricted bridging forwarding filters. The following c...
Page 233
Workgroup remote access switch 233 c onfiguring a dvanced b ridging bridge filters d ial o ut u sing b ridge f ilters each type of bridge filter for each operating mode supports a different set of “forwarding actions.” your particular set up and device configuration will determine which type of filt...
Page 234
User’s guide 234 cyberswitch if you choose connect as a forwarding action, the system will connect and forward the packet to the specified device list only. This eliminates the need for the packet to be broadcast to all connections. After specifying the “connect,” you are prompted for the device nam...
Page 235
Workgroup remote access switch 235 c onfiguring a dvanced b ridging known connect list your filter is now configured for this example. Remember, each type of filter for each operating mode supports a different set of “forwarding actions.” these are described in detail earlier in the bridge filters s...
Page 236
User’s guide 236 cyberswitch k nown c onnect l ist c onfiguration e lements d evice n ame the name of a bridge device that has been preconfigured in the on-node device database section of the configuring device level databases chapter. This is a device to which you want the system to connect and for...
Page 237
C onfiguring a dvanced ip r outing o verview by default, ip routing is disabled when you first install your system software. After ip routing is enabled, there are optional advanced features available. Optional advanced ip routing features include: • static arp table entries arp (address resolution ...
Page 238
User’s guide 238 cyberswitch s tatic arp t able e ntries c onfiguring s tatic arp t able e ntries u sing cfgedit once ip has been enabled, the full ip configuration menu will be displayed as shown below: the advanced ip routing options, including arp table entries, are configured through this menu. ...
Page 239
Workgroup remote access switch 239 c onfiguring a dvanced ip r outing the isolated mode t he i solated m ode c onfiguring the i solated m ode u sing cfgedit 1. Select isolated mode (enable/disable) from the ip menu. 2. Follow the onscreen instructions to either enable or disable the isolated mode. I...
Page 240
User’s guide 240 cyberswitch s tatic r oute via radius c onfiguration e lements s tatic r oute via radius s tatus you may enable or disable this option. S tatic r oute l ookup via radius b ackground i nformation the static routes lookup via radius option allows you to maintain static routes for devi...
Page 241
Workgroup remote access switch 241 c onfiguring a dvanced ip r outing ip filters ip a ddress p ool b ackground i nformation the ip address pool feature allows you to configure a list of ip addresses that can be dynamically assigned to remote ip devices as they connect to the system. This would occur...
Page 242
User’s guide 242 cyberswitch upon selecting ip filter information, the following sub-menu is displayed: the configuration of each of the listed functions is described in the following discussion. U sing m anage m ode ipfilt this command displays the ip filter configuration screen from which you can ...
Page 243
Workgroup remote access switch 243 c onfiguring a dvanced ip r outing ip filters the screen identifies the common portion of the packet type, which includes the ip addresses and protocol information. To modify these values, refer to the following section entitled configuring the common ip portion. T...
Page 244
User’s guide 244 cyberswitch c onfiguring tcp if you have selected tcp as your ip protocol, a screen similar to the following is displayed. Note that the following tcp defaults constitute a wild card match for any tcp packet: 1. Select tcp source port. Note that the ports are specified in terms of a...
Page 245
Workgroup remote access switch 245 c onfiguring a dvanced ip r outing ip filters 3. If you have chosen the comparison operator of “range”, you will be prompted for upper-range and lower-range values. If you have chosen a comparison operator other than “range”, you will be prompted for a specific udp...
Page 246
User’s guide 246 cyberswitch c onfiguring f orwarding f ilters the configuration of forwarding filters is a two-part process. First you must name the filter, and then you must create a list of conditions for the filter. To add a condition, you must name a previously-created packet type, and then nam...
Page 247
Workgroup remote access switch 247 c onfiguring a dvanced ip r outing ip filters c onfiguring c onnection f ilters the ip connection filter is used at the point when an ip packet attempts to establish an outbound connection in order to continue the forwarding process. Its configuration parallels tha...
Page 248
User’s guide 248 cyberswitch c onfiguring e xception f ilter the ip exception filter is intended for temporary, special conditions within an existing forwarding filter. When enabled, it is logically appended to the beginning of each forwarding filter in effect. U sing cfgedit 1. Select exception fil...
Page 249
Workgroup remote access switch 249 c onfiguring a dvanced ip r outing ip filters m odifying the f inal c ondition for a f ilter to change the final condition for a filter, select change default condition (currently selection (5) on the conditions for filter menu. A pplying f ilters once you have def...
Page 250
User’s guide 250 cyberswitch 5. Select the device to which you want to apply the forwarding filter. 6. Select ip information. 7. Select either ip input filter or ip output filter. 8. Provide the filter name. Ip f ilters c onfiguration e lements the following elements are described in terms of the in...
Page 251
Workgroup remote access switch 251 c onfiguring a dvanced ip r outing ip filters tcp and udp p orts these elements allow filtering based on the tcp source and destination port fields, which are treated as 16 bit unsigned quantities (0-65535). These can be used to trap applications that have well-kno...
Page 252
User’s guide 252 cyberswitch f ilter c omposition the ip filtering mechanism is composed of three fundamental building blocks: packet types the criteria for describing an ip datagram’s contents: ip source and destination addresses, protocol (tcp, udp, etc.), protocol-specific fields (tcp port, etc.)...
Page 253
Workgroup remote access switch 253 c onfiguring a dvanced ip r outing ip filters • through the output network interface: applies the filter only to packets which are transmitted on a specific attached network (i.E. After the routing process has determined the next-hop net- work for the datagram). • ...
Page 254
User’s guide 254 cyberswitch because the packet types within the conditions specify both source and destination address information, global application may often be sufficient to filter ip traffic across the entire system. However, the input, output and user-based application points are defined in c...
Page 255
Workgroup remote access switch 255 c onfiguring a dvanced ip r outing ip filters common portion: protocol-specific portion tcp: protocol-specific portion, udp: protocol-specific portion, icmp: l imitations system performance will be affected by the number of packets, conditions and filters configure...
Page 256
User’s guide 256 cyberswitch e xample of an ip f ilter c onfiguration this example provides a simple filtering scenario in which a corporate lan utilizes a cyberswitch to provide wan access to both dial-in devices as well as the global internet. A netserver resides on the lan to provide configuratio...
Page 257
Workgroup remote access switch 257 c onfiguring a dvanced ip r outing ip filters the corporate dial-in access is realized with a wan direct interface, using a pool of ip addresses from the corporate lan for dynamic assignment to the dial-in devices. These devices must first pass authentication proce...
Page 258
User’s guide 258 cyberswitch once the offsite maintenance is completed, the exception filter would be disabled. Configuration control over the exception filter is available both through cfgedit and manage mode (with manage mode being the most practical method due to its dynamic nature). Dhcp r elay ...
Page 259
Workgroup remote access switch 259 c onfiguring a dvanced ip r outing dhcp relay agent dhcp c onfiguration e lements dhcp/bootp r elay a gent e nable /d isable f lag a global flag that indicates whether the system is relaying the dhcp/bootp bootrequest messages or not. The relay agent is disabled by...
Page 260
User’s guide 260 cyberswitch bridge to bridge environment as shown in the picture above, when a remote lan is connected with bridge devices, the dhcp server and clients communicate with each other as if they were on the same lan. This is one example configuration of how dhcp can be used to accomplis...
Page 261
Workgroup remote access switch 261 c onfiguring a dvanced ip r outing dhcp relay agent e xample dhcp c onfigurations below we have included two of the more common dhcp scenarios. These may help you configure your own dhcp feature. Ip router to ip router (with relay agents on both) this configuration...
Page 262
User’s guide 262 cyberswitch routers shown in the diagram above. Sample configurations for the objects in the above network diagram are as follows: note: the dhcp server must have a route specified to get back to the dhcp-enabled router ruby, or use alex as its default gateway. Configuration for ip ...
Page 263
Workgroup remote access switch 263 c onfiguring a dvanced ip r outing dhcp relay agent remote bridge to ip router (w/relay agent) this configuration is useful when requests by a dhcp client must be “bridged” to an ip router that is also a dhcp/bootp relay agent. Our equipment is shown in this exampl...
Page 264
User’s guide 264 cyberswitch notes: the dhcp server must have a route specified to get back to the dhcp-enabled router alex, or use alex as its default gateway. When you are using a rlan interface, you are limited to one subnetwork. Configuration for ip router "alex" configuration for remote bridge ...
Page 265
Workgroup remote access switch 265 c onfiguring a dvanced ip r outing dhcp proxy client dhcp p roxy c lient c onfiguring the dhcp p roxy c lient in order to configure the dhcp proxy client, you must first enable the client, and then configure client information for a wan or a wan (direct host) type ...
Page 266
User’s guide 266 cyberswitch dhcp c onfiguration e lements dhcp p roxy c lient e nable /d isable f lag a global flag that indicates whether the dhcp proxy client feature is enabled or not. The proxy client is disabled by default. M aximum n umber of ip a ddresses refers to the maximum number of ip a...
Page 267
Workgroup remote access switch 267 c onfiguring a dvanced ip r outing dhcp proxy client the dhcp proxy client feature is not applicable for the cyberswitch running in ip host mode. Dhcp servers must support use of the broadcast bit in order to obtain ip addresses for wan (direct host) interfaces. S ...
Page 268
User’s guide 268 cyberswitch configuration for ip router “chloe” system information: system name = chloe system password =pets security level = device level (on-node device database, pap security) bridging disabled ip enabled (router mode) i/f = lan (192.168.1.168); lan port 1 i/f = wan explicit (19...
Page 269
C onfiguring ipx o verview ipx protocol accepts data from remote devices and formats the data for transmission onto the network, and conversely, accepts data from the lan and formats it so it can be understood by remote devices. In short, ipx allows remote devices and their servers to communicate. T...
Page 270
User’s guide 270 cyberswitch c onfiguring ipx i nformation note: ipx is available only if you have purchased the additional software module for our ipx feature. To help you configure your ipx information, we have included an illustration of a sample network. As we explain the steps, we provide sampl...
Page 271
Workgroup remote access switch 271 c onfiguring ipx ipx routing option ipx r outing o ption e nabling /d isabling ipx note: the cyberswitch does not currently provide ipx data transfer over x.25 links. U sing cfgedit 1. Select options from the main menu. 2. Select ipx routing from the options menu. ...
Page 272
User’s guide 272 cyberswitch ipx o ption b ackground i nformation the internetwork packet exchange (ipx) protocol is a datagram, connectionless protocol in the netware environment analogous to the internet protocol (ip) in the tcp/ip environment. With the help of routing information protocol (rip) a...
Page 273
Workgroup remote access switch 273 c onfiguring ipx ipx network interfaces ipx n etwork n umber b ackground i nformation novell netware networks use ipx external and internal network numbers. An ipx internal network number is a unique identification number assigned to a network server or router at t...
Page 274
User’s guide 274 cyberswitch 9. If ipx rip has been enabled for the system, enter the following: a. Rip send control (do not respond or respond) b. Frequency (in seconds) of sending rip updates c. Rip receive control (do not respond or respond) d. Time (in seconds) to age rip entries e. Rip respond ...
Page 275
Workgroup remote access switch 275 c onfiguring ipx ipx network interfaces ipx n etwork i nterface c onfiguration e lements g eneral ipx n etwork i nterface c onfiguration e lements i nterface t ype when configuring an ipx network interface, this parameter specifies the type of network segment to wh...
Page 276
User’s guide 276 cyberswitch s end f requency specifies the frequency at which the system will transmit rip packets, if the send control parameter is set to send for this interface. This parameter is a decimal value specified in seconds from 1 to 300. The default value is 60 seconds. R eceive c ontr...
Page 277
Workgroup remote access switch 277 c onfiguring ipx ipx network interfaces ipx n etwork i nterface b ackground i nformation traditional routing products ask you to define the network interfaces to which the router is directly connected: lan i nterfaces lan network interfaces are fixed broadcast medi...
Page 278
User’s guide 278 cyberswitch ipx r outing p rotocols c onfiguring ipx r outing p rotocols u sing cfgedit 1. Select routing protocols from the ipx menu. The following will be displayed: 2. To change the enable/disable status for any of the ipx protocols, simply enter the id number associated with the...
Page 279
Workgroup remote access switch 279 c onfiguring ipx ipx routing protocols rip/sap n umber of t able e ntries specifies the maximum number of routing entries which can be stored in the route or service table. You may select a number between 20 and 3072. The default value is 141 ipx r outing p rotocol...
Page 280
User’s guide 280 cyberswitch static services are configured locally on the system. Sap entries are learned from incoming sap packets. All services are stored, used internally and advertised to other routers. The same factors that affect the maximum number of routes stored also affect the maximum num...
Page 281
Workgroup remote access switch 281 c onfiguring ipx ipx static routes ipx s tatic r outes note: with the availability of triggered rip/sap ( page 292 ), the configuration of static routes is no longer necessary but still supported. Situations may arise in which a remote router does not support our i...
Page 282
User’s guide 282 cyberswitch u sing m anage m ode c ommands ipxroute displays the current ipx routes (both statically entered and "learned"). Ipxroute [add/change/delete] allows you to add/change/delete an ipx route. Ipx s tatic r outes c onfiguration e lements d estination n etwork the ipx network ...
Page 283
Workgroup remote access switch 283 c onfiguring ipx ipx netware static services ipx n et w are s tatic s ervices note: with the availability of triggered rip/sap ( page 292 ), the configuration of static services is no longer necessary but still supported. Situations may arise in which a remote rout...
Page 284
User’s guide 284 cyberswitch ipx n et w are s tatic s ervices c onfiguration e lements s ervice n ame specifies the netware service name that is the target of this static service definition. This parameter is a 48 character netware service name. S ervice t ype indicates the type of netware service t...
Page 285
Workgroup remote access switch 285 c onfiguring ipx ipx spoofing ipx n et w are s tatic s ervices b ackground i nformation this ipx feature allows you to configure service servers that are on networks across the wan. The ipx netware static services configuration tells the system which servers are av...
Page 286
User’s guide 286 cyberswitch b. Press 2 to select the system serialization packet handling level. The default values for all parameters will be displayed. Enter the id of any parameters you need to change. Follow the onscreen instructions for changing the default values. Return to the ipx spoofing m...
Page 287
Workgroup remote access switch 287 c onfiguring ipx ipx spoofing w atchdog p rotocol watchdog protocol is used by netware servers to detect “dead” clients. If no traffic has been seen by a server from an attached client for a configurable amount of time, the server sends a watchdog packet to the cli...
Page 288
User’s guide 288 cyberswitch without generating a keep-alive response. The duration timer t starts when a device is disconnected and is reset each time a new connection is established. Some of these packets are overloaded in that they are not just keep-alive packets but are control packets needed fo...
Page 289
Workgroup remote access switch 289 c onfiguring ipx ipx isolated mode ipx t ype 20 p acket h andling c onfiguration e lements ipx t ype 20 p acket h andling s tatus you may enable or disable ipx type 20 packet wan forwarding. When it is enabled, you may specify devices that can use this feature. Ipx...
Page 290
User’s guide 290 cyberswitch ipx i solated m ode b ackground i nformation when operating with isolated mode enabled, the cyberswitch does not relay ipx datagrams received from the wan to other ipx routers/hosts located on the wan. Ipx datagrams received from the wan will be discarded if they need to...
Page 291
Workgroup remote access switch 291 c onfiguring ipx ipx triggered rip/sap c onfiguring t riggered rip/sap g lobal t imers u sing cfgedit 1. Select triggered rip/sap from the ipx routing menu. 2. Select global triggered rip/sap timers. A menu similar to the following will be displayed: 3. Select the ...
Page 292
User’s guide 292 cyberswitch o ver - subscription t imer over subscription is the situation in which there are more next-hop routers on the wan that need updates than there are channels available. When a wan circuit goes down, a delay (per the over- subscription timer) is incorporated in marking the...
Page 293
Workgroup remote access switch 293 c onfiguring ipx ipx-specific information for devices 4. Press 1 to add a device. 5. Enter the device’s name and press . You should provide isdn and authentication information first. 6. Select ipx. A screen similar to the following will be displayed: 7. Enable ipx ...
Page 294
User’s guide 294 cyberswitch b. The screen includes default configuration values. If needed, make changes to the default values. C. Press to return to the ipx device spoofing menu. Press 2 to configure spx watchdog spoofing. The following menu will be displayed: d. The screen includes default config...
Page 295
Workgroup remote access switch 295 c onfiguring ipx ipx-specific information for devices r emote lan d evices remote lan devices are configured in a slightly different way than wan devices. Since the remote device is a bridge and not an ipx router, the ipx options for remote lan devices are configur...
Page 296
User’s guide 296 cyberswitch ipx c onfiguration e lements for d evices ipx r outing indicates that the remote device is an ipx router and that the system should route ipx datagrams to this device. The system will forward ipx datagrams to this device based on ipx network layer information if this par...
Page 297
Workgroup remote access switch 297 c onfiguring ipx ipx-specific information for devices b ridging defines the remote device as a bridge and not an ipx router. Since bridges operate at the mac layer, the system must provide mac layer emulation for remote bridge devices, while continuing to route the...
Page 298
C onfiguring snmp o verview a network management station (nms) is a device that contains snmp-specific software, giving it the ability to query snmpagents using various snmp commands. If you have purchased an nms (such as cabletron’s spectrum® management platform), you should enable and configure th...
Page 299
Workgroup remote access switch 299 c onfiguring snmp configuring snmp the steps to configure snmp are: 1. Enable ip routing if you have not already done so. 2. Select snmp from the options menu. 3. Follow the onscreen instructions to enable snmp. The following snmp menu will then be displayed: 4. En...
Page 300
User’s guide 300 cyberswitch u sing m anage m ode c ommands currently you cannot configure snmp using the manage mode, but the following command is available: snmp this manage mode command displays the current snmp configuration data. An example output screen is shown below: snmp c onfiguration e le...
Page 301
Workgroup remote access switch 301 c onfiguring snmp snmp background information ip a ddress the ip address assigned to the management station that should receive trap pdus. C ommunity n ame a list of configured community names will be displayed. Select the community name that should be inserted in ...
Page 302
User’s guide 302 cyberswitch the snmp agent will process all snmp protocol data units (pdus) which are received at a lan port or which are received at a wan port. (a pdu contains both data and control (protocol) information that allows the two processes to coordinate their interactions. The snmp fea...
Page 303
Workgroup remote access switch 303 c onfiguring snmp snmp background information currently, each object in the above mib-2 groups can be retrieved via an snmp getrequest or getnextrequest pdu. However, only the snmpenableauthentraps object in the snmp group can be changed via the snmp setrequest pdu...
Page 304
User’s guide 304 cyberswitch • authtimeout trap an snmp agent will generate an authtimeout trap pdu anytime an off-node server times out. • cliddisconnect trap an snmp agent will generate an cliddisconnect trap pdu anytime there is a configuration problem with a device’s calling line id. • cdroutofb...
Page 305
C onfiguring a pple t alk r outing o verview the appletalk routing feature allows the cyberswitch to efficiently route appletalk data as opposed to bridging all data relating to the protocol. With the addition of the appletalk remote lan feature, the cyberswitch can be configured to be a router, bri...
Page 306
User’s guide 306 cyberswitch a pple t alk r outing o ption c onfiguration e lement a pple t alk o perational s tatus you can enable or disable the appletalk routing option. When appletalk routing is enabled, the cyberswitch acts as an appletalk router, routing appletalk datagrams based on appletalk ...
Page 307
Workgroup remote access switch 307 c onfiguring a pple t alk r outing appletalk ports 8. If you are configuring your system in the nondiscovery mode (you entered numbers other than 0 or 0-0 for the network range/number), complete the following: a. Enter either the suggested appletalk address or the ...
Page 308
User’s guide 308 cyberswitch a pple t alk n etwork r ange /n umber the appletalk network range (for extended network) or the appletalk network number (for nonextended network) of the lan segment that the port is connected to. Specifying 0.0 (for extended) or 0 (for nonextended) places the port in di...
Page 309
Workgroup remote access switch 309 c onfiguring a pple t alk r outing appletalk ports t he z one c oncept a zone is a logical group of nodes on an internet, much like the concept of subnetting with the world of ip. Within the framework of phase 2 the logical assignment of zones is limited to 255 zon...
Page 310
User’s guide 310 cyberswitch correct network/range and begins using the learned network number/range. If the network number/range configured for the remote lan port differs from the network number/range that is being broadcasted in rtmp packets by other remote routers, the port becomes unusable. Con...
Page 311
Workgroup remote access switch 311 c onfiguring a pple t alk r outing appletalk capacities a pple t alk r outing s tatic r outes c onfiguration e lements a pple t alk n etwork t ype the appletalk network type used by the destination network of this static route. Type can be either extended network o...
Page 312
User’s guide 312 cyberswitch a pple t alk c apacities b ackground i nformation this option allows you to control the maximum number of table entries (routing and zone tables) for your network. A pple t alk i solated m ode c onfiguring the a pple t alk i solated m ode u sing cfgedit 1. Select isolate...
Page 313
C onfiguring c all c ontrol o verview the cyberswitch offers a number of configurable options to control how the system will make and accept calls. These options include: • configuring throughput monitor parameters • configuring call interval parameters • configuring monthly call charge parameters •...
Page 314
User’s guide 314 cyberswitch 3. Follow the onscreen instructions to keep the feature enabled. 4. Enter the sample rate in seconds. 5. Enter the overload trigger number. 6. Enter the overload window size. 7. Enter the overload percentage utilization. 8. Enter the underload trigger number. 9. Enter th...
Page 315
Workgroup remote access switch 315 c onfiguring c all c ontrol throughput monitor u nderload t rigger n umber the number of samples within the window that must be below the next lowest target capacity for the underload condition to occur. U nderload w indow s ize the number of sample periods (up to ...
Page 316
User’s guide 316 cyberswitch the throughput monitor feature constantly monitors the use of the connections and looks for the following conditions: • the overload condition, which indicates that demand exceeds the current aggregate capacity of the wan connections. The system can add more bandwidth wh...
Page 317
Workgroup remote access switch 317 c onfiguring c all c ontrol throughput monitor i dle c ondition m onitoring the cyberswitch monitors for the idle condition when only one connection to another site remains. The system detects when there is no longer a need to maintain connectivity with the other s...
Page 318
User’s guide 318 cyberswitch the average throughput is 40% for the third sample rate period. This is less than the configured utilization, so out of the last 3 samples (a sliding window is in use), 1 out of 3 samples have throughput that is greater than the configured utilization. The overload condi...
Page 319
Workgroup remote access switch 319 c onfiguring c all c ontrol monthly call charge more than 3 call attempts within 2 seconds. This prevents certain model switches from being overloaded. In areas where these low capacity switches are not installed, calls can be made more frequently. Before the syste...
Page 320
User’s guide 320 cyberswitch c all r estrictions c onfiguring c all r estrictions note: certain restrictions apply to the use of call restrictions and semipermanent connections . Refer to the background information discussion. U sing cfgedit 1. Select call restrictions from the call control options ...
Page 321
Workgroup remote access switch 321 c onfiguring c all c ontrol call restrictions the following chart provides the numbers you should use to represent the am and pm hours of the hours calls are allowed: the following chart provides example entries for hours calls are allowed: m aximum c alls per d ay...
Page 322
User’s guide 322 cyberswitch c all m inutes per d ay the limit of number of call minutes per day. The default value is 240 call minutes per day. Call minutes will be calculated periodically while calls are active (not when a call is disconnected). Statistics will be kept to track the total number of...
Page 323
Workgroup remote access switch 323 c onfiguring c all c ontrol bandwidth reservation notes: it is important to note that the call restriction feature only applies to outbound calls from the system. When a condition occurs that triggers a warning to be written to the log, the message will be written ...
Page 324
User’s guide 324 cyberswitch the port number. This example shows that there is only one bri adapter, and it is installed in slot number one, and has four ports. There is a line for each port number. 4. Press 1 to add a device profile. 5. Enter a user-defined unique name to identify the profile. We w...
Page 325
Workgroup remote access switch 325 c onfiguring c all c ontrol bandwidth reservation 5. Under isdn information, enter the profile information. This is a profile name you configured in the previous section. Remember from the previous section that each configured profile reserves specific lines. By as...
Page 326
User’s guide 326 cyberswitch b andwidth r eservation b ackground i nformation this feature allows a portion of the possible connections to always be available to specific devices for both inbound and outbound calls. To increase flexibility, this feature may be configured to either allow or prevent b...
Page 327
Workgroup remote access switch 327 c onfiguring c all c ontrol semipermanent connections 6. Determine if the cyberswitch should always retry a call. If yes, then configuration for the device is done, the device is entered into the semipermanent device list, and appears as shown below. If no, continu...
Page 328
User’s guide 328 cyberswitch s emipermanent c onnections c onfiguration e lements d evice n ame specify the device name (from the device list) that you wish to make a semipermanent connection. Once specified, the semipermanent feature will (at least) keep the initial data rate active to the specifie...
Page 329
Workgroup remote access switch 329 c onfiguring c all c ontrol semipermanent connections call restrictions you may wish to disable call restrictions when using semipermanent connections. Call restrictions are mainly intended for use in areas where “per minute” isdn tariffs are in place. Typically, t...
Page 330
User’s guide 330 cyberswitch vra m anager as a c all c ontrol m anager this feature allows you to use the virtual remote access (vra) manager for call control management only. This feature allows you to continue to use other authentication servers (e.G., radius, ace) yet still gain the benefits of v...
Page 331
Workgroup remote access switch 331 c onfiguring c all c ontrol vra manager as a call control manager a uthentication t imeout t imer this timer represents the amount of time the cyberswitch will wait for the authentication agent to handle a login attempt before timing out. If vra is enabled as call ...
Page 332
User’s guide 332 cyberswitch • user level security if you use user level security for authentication: configure devices on the vra manager as well. This will provide access to the following vra call control management features: call restrictions, maximum bandwidth, and grouping (in addition to the c...
Page 333
C onfiguring o ther a dvanced o ptions o verview this chapter provides information for configuring advanced system options that are not covered in the previous chapters. These options include: • configuring ppp • configuring default line protocol • configuring log options • configuring system compre...
Page 334
User’s guide 334 cyberswitch ppp c onfiguration e lements m ax t erminate the number of terminate-request packets sent without receiving a terminate-ack before assuming that the peer is unable to respond. M ax c onfigure the number of configure-request packets sent without receiving a valid configur...
Page 335
Workgroup remote access switch 335 c onfiguring o ther a dvanced o ptions ppp configuration l ink f ailure d etection s tatus you can enable or disable the link failure detection feature. If enabled, there will be a periodic transmission of echo-request frames, a maintenance type frame provided by p...
Page 336
User’s guide 336 cyberswitch however, the ppp link exists on an end-to-end basis with the remote peer, a domain which exceeds that controlled by the signalling-type entities just cited. Thus, not every end-to-end failure will be detected. Some examples of such failures include: • an isdn peer’s d-ch...
Page 337
Workgroup remote access switch 337 c onfiguring o ther a dvanced o ptions default line protocol d efault l ine p rotocol the default values for this feature are adequate for most situations. Instructions are included for the rare instance that you need to alter the configuration. Note: this feature ...
Page 338
User’s guide 338 cyberswitch l og o ptions log options allow you to direct log reports to a specific location. Reports an be directed to a local log file, or to a unix-style syslogs server. Currently, only call detail recording (cdr) reports can be directed to a specific location. C onfiguring l og ...
Page 339
Workgroup remote access switch 339 c onfiguring o ther a dvanced o ptions log options one version of unix to the next, the system allows you to set the entire priority value as an integer. This integer will be prepended to all messages sent to this syslog server. Note: you do not have to configure a...
Page 340
User’s guide 340 cyberswitch files and devices depending upon its configuration. Refer to your unix system documentation for more information on syslogd. Each log message sent to a syslogd server has a priority tag associated with it. The priority tag is encoded as a combination: facility.Level. The...
Page 341
Workgroup remote access switch 341 c onfiguring o ther a dvanced o ptions log options .2, and so on up to .10. The file extension cycles through the values 1 through 10 with each write command, similar to the current report log file and status log file, so that the ten most recent versions of the cd...
Page 342
User’s guide 342 cyberswitch servers. The proper logging of the message can then be inspected to verify that cdr configuration is as desired. Event report contents a cdr event triggers a report which can consist of one or more records. Each record corresponds to a line in the log file. This alleviat...
Page 343
Workgroup remote access switch 343 c onfiguring o ther a dvanced o ptions log options c onnection id this field is used to correlate all records involving a particular isdn connection. The field is an unsigned long hexadecimal integer. It begins at zero when the system is loaded and increments by on...
Page 344
User’s guide 344 cyberswitch example 2: chicago-schaumburg 00000001 connect 1 of 3 monroecounty port 1/1/1 chicago-schaumburg 00000001 connect 2 of 3 out to 3135551212 chicago-schaumburg 00000001 connect 3 of 3 64kb 08/16/95 23:11:55 note: in most cases, a device is identified when a connect event o...
Page 345
Workgroup remote access switch 345 c onfiguring o ther a dvanced o ptions compression options verify event report contents on a verify event, only record 1 is used. The event type is cdr verify. No data is filled in for the remote device name field or the port field. The following is an example veri...
Page 346
User’s guide 346 cyberswitch configuration . If this option is disabled, the system will not negotiate compression with any remote device. The default value is enabled. Note that enable/disable applies to all protocols which support compression. D efault p er -d evice c ompression s etting you may e...
Page 347
Workgroup remote access switch 347 c onfiguring o ther a dvanced o ptions compression options effect is to increase effective interconnect bandwidth by decreasing transmission time. If negotiation for compression fails, data is transmitted uncompressed. The compression algorithm implemented is stac-...
Page 348
User’s guide 348 cyberswitch when using extended mode, a coherency count is checked to detect lost packets. If a packet loss is detected by the receiver, a reset-request is sent to the transmitter. The next compressed data packet transmitted will have a bit set to indicate that the history has been ...
Page 349
Workgroup remote access switch 349 c onfiguring o ther a dvanced o ptions tftp tftp change this command allows you to change the current tftp configuration. You can enable or disable the tftp feature, tftp client, and the tftp server. You can also change the file access rights for the tftp server. T...
Page 350
User’s guide 350 cyberswitch each device has pre-assigned configurable access rights to the tftp permissible file types. The access rights are configurable using the fileattr change manage mode command. Refer to file attributes for more information regarding configuring the file attributes. When a d...
Page 351
Workgroup remote access switch 351 c onfiguring o ther a dvanced o ptions file attributes where: • “r” is for read only file access • “w” is for write only file access • “rw” is for read and write access • “n” is for no access rights for the corresponding file type the file types that fall under the...
Page 352
T roubleshooting we include the following chapters in the troubleshooting segment of the user’s guide: • system verification after your cyberswitch has been configured, and before proceeding with normal system operations, you may want to verify that the system is functional. System verification prov...
Page 353
S ystem v erification o verview after your cyberswitch has been configured, and before proceeding with normal system operation, it is necessary to verify that the system is functional. This chapter provides instructions for verifying the system hardware and system configuration. You only need to per...
Page 354
User’s guide 354 cyberswitch v erifying wan l ines are a vailable for u se to verify the availability of wan lines, the wan resource must already be operational. Also, the wan lines must already be configured and connected to the cyberswitch. To verify the availability of wan lines: 1. Check the lin...
Page 355
Workgroup remote access switch 355 s ystem v erification verifying bridge is initialized 4. Transmit a test packet onto the ethernet lan. At the administration console type: lan test this command will display a message similar to the following: lan port 1 transmit was successful if the system displa...
Page 356
User’s guide 356 cyberswitch v erifying a d edicated c onnection to verify a dedicated connection to the cyberswitch, the wan lines that are connected to the system must be available for use, and the routing option must be properly initialized. To verify that you have a dedicated connection: 1. View...
Page 357
Workgroup remote access switch 357 s ystem v erification verifying an x.25 connection v erifying an x.25 c onnection to verify an x.25 to the cyberswitch, the wan lines that are connected to the system must be available for use, and the routing option must be properly initialized. Follow the steps b...
Page 358
User’s guide 358 cyberswitch below is an example of a configuration used to verify multi-level security over an ip wan unnumbered interface. It uses ip addresses specific to the example. Substitute the ip address of your network when you perform the multi-level security verification steps. It also u...
Page 359
Workgroup remote access switch 359 s ystem v erification verifying ip host mode is operational v erifying ip h ost m ode is o perational the follow sections provide methods of verifying that the ip host mode has properly initialized and that the feature is operational. V erifying ip h ost is i nitia...
Page 360
User’s guide 360 cyberswitch 2. If a message similar to the following is displayed, the ip host mode feature over the specified lan port is operational. Repeat this step for each lan port on your ethernet resource. 100.0.0.2 is alive 3. If this message is not displayed, then the ip host mode feature...
Page 361
Workgroup remote access switch 361 s ystem v erification verifying ip routing over interfaces to verify ip routing over a lan connection: 1. Determine if the cyberswitch can access the local ip host. On the administration console type: ip ping 100.0.0.2 issuing this command will result in a response...
Page 362
User’s guide 362 cyberswitch the steps to verify the operation of ip routing over a wan interface are: 1. Determine if a remote ip host can access the wan interface of the cyberswitch over the wan connection. On the remote ip host, type: ping 192.100.1.1 if the remote ip host successfully pings to t...
Page 363
Workgroup remote access switch 363 s ystem v erification verifying ip routing over interfaces v erifying ip r outing o ver a wan (d irect h ost ) i nterface to verify that ip routing is properly operational over a wan (direct host) interface, a remote ip host must be operational and available to ini...
Page 364
User’s guide 364 cyberswitch v erifying ip r outing o ver a wan r emote lan i nterface to verify that ip routing is properly operational over a wan remote lan interface, a remote ip host must be operational and connected to the remote lan. The remote bridge device must be operational and available t...
Page 365
Workgroup remote access switch 365 s ystem v erification verifying ip routing over interfaces if the remote ip host successfully pings to the local ip host, then ip routing over the wan remote lan interface is operational. Repeat the above steps for each wan remote lan interface through which you wi...
Page 366
User’s guide 366 cyberswitch v erifying ip f ilters to verify that ip filters are functioning, perform the following test: 1. Configure and apply at least one ip filter that contains at least one condition whose action is to discard the matching packet. 2. Perform a trace on discarded packets. On th...
Page 367
Workgroup remote access switch 367 s ystem v erification verifying ip rip v erifying ip rip o utput p rocessing on a lan i nterface to verify that ip rip output processing (routes advertisement) is properly operational on a lan interface, the ip rip processing must be successfully initialized. Also,...
Page 368
User’s guide 368 cyberswitch v erifying ip rip i nput p rocessing on a lan i nterface to verify that ip rip input processing (routes learning) is properly operational on a lan interface, ip rip processing must be successfully initialized. Also, a local ip router must be connected to the local lan po...
Page 369
Workgroup remote access switch 369 s ystem v erification verifying ip rip perform the verification steps. It also uses the show ip route command. The show ip route command is used by a specific router to display the ip routing table. Substitute the equivalent command for your ip router. The steps to...
Page 370
User’s guide 370 cyberswitch v erifying ipx r outer is i nitialized to verify that the ipx routing option has initialized properly. 1. Determine if ipx routing has been initialized on the cyberswitch by viewing the system messages. To display the messages enter the following console command: dr 2. L...
Page 371
Workgroup remote access switch 371 s ystem v erification verifying ipx routing is operational v erifying ipx r outing over a lan c onnection to verify the operation of ipx routing over a lan connection: 1. Determine if site1 can access the local netware server “local.” on site1’s administration cons...
Page 372
User’s guide 372 cyberswitch v erifying ipx r outing over a wan c onnection to verify the operation of ipx routing over a wan connection: 1. Determine if netware client a can see the remote netware server “remote.” to do this, activate netware client a’s desktop network neighborhood feature. Then ch...
Page 373
Workgroup remote access switch 373 s ystem v erification verifying the appletalk routing feature appletalk routing initialized successfully 3. For the appletalk port that has been configured, the following port initialization message should be displayed among the system messages: appletalk successfu...
Page 374
User’s guide 374 cyberswitch v erifying a pple t alk r outing o perational over the lan connection the steps to verify the operation of appletalk routing feature over a lan connection are: 1. Determine if the local macintosh can see all zones. Bring up the chooser on the local mac: 2. If a list of a...
Page 375
Workgroup remote access switch 375 s ystem v erification verifying snmp is operational 2. If remote mac appears in select a file server: box, then appletalk routing over the wan connection is operational. 3. If remote mac is not displayed, then appletalk routing feature over the wan connection is no...
Page 376
User’s guide 376 cyberswitch v erifying the d ial o ut f eature to perform the dial out verification for a remote device, you need to know the configured device name associated with the device’s device table entry. Note that the device name is case sensitive. If you already know the device name, ski...
Page 377
Workgroup remote access switch 377 s ystem v erification verifying compression is operational v erifying c ompression is o perational 1. Make sure compression is enabled on a system-wide basis. 2. Cause a call to be established with a device for which per-device compression is enabled. 3. To verify ...
Page 378
User’s guide 378 cyberswitch 1. Set up two systems in a back-to-back, dedicated, bri scenario where at least one of the systems is a pc-platform. Configure a dedicated access between the 2 systems. 2. The usage of a pc-platform exploits the fact that the layer 1 of a pc-based bri board stays active ...
Page 379
Workgroup remote access switch 379 s ystem v erification verifying dhcp relay agent v erifying the r elay a gent is e nabled if the relay agent has been enabled via configuration, it will attempt to open a udp port for use. A message describing the outcome of this operation will appear in the report...
Page 380
User’s guide 380 cyberswitch shortly after a dhcp client is powered on, it will attempt to get its ip address from a dhcp server. If it is successful, its ip-related features (e.G., ping, telnet, etc.) will become operational. If the client could not obtain its ip address, it will retry periodically...
Page 381
Workgroup remote access switch 381 s ystem v erification verifying dhcp: proxy client if you do not see this message in the report log, the dhcp proxy client has successfully performed its initialization processing. If this message is contained in the report log, refer to dhcp proxy client initializ...
Page 382
User’s guide 382 cyberswitch ip a ddress p ool as ip addresses are obtained from dhcp servers, they are placed into the system’s ip address pool. To verify the presence of these dhcp-obtained ip addresses, perform the following: 1. Examine the address pool. Type: ip addrpool 2. Look for addresses wi...
Page 383
Workgroup remote access switch 383 s ystem v erification verifying proxy arp is operational 3. If the communication between two ip devices across the wan is successfully established, then the proxy arp feature is properly working. 4. If the communication can not be established, display the arp cache...
Page 384
P roblem d iagnosis o verview this chapter, when used in conjunction with the system verification chapter, helps diagnose and correct problems encountered in the verification process. During some of the diagnosis procedures, we ask you to enter an administration console command. To enter these comma...
Page 385
Workgroup remote access switch 385 p roblem d iagnosis bridge initialization b ridge i nitialization problem: the system does not display the following bridge initialization messages: lan port is now in the listening state lan port is now in the learning state lan port is now in the forwarding state...
Page 386
User’s guide 386 cyberswitch problem: the system does not display the wan line availability messages. Instead, the system displays the following message after the status console command is issued: out svc 1 (slot #, port #) this means that layer 1 cannot be established, most likely due to wan cablin...
Page 387
Workgroup remote access switch 387 p roblem d iagnosis dedicated connections 6. If the above actions fail to correct the problem, then call your phone company (carrier) to check the status of the line. If it is determined that there is no problem with the line, contact customer support. Problem: a w...
Page 388
User’s guide 388 cyberswitch x.25 c onnections problem: an x.25 access is configured, but the x.25 stats command response is: no x.25 access configured action: verify that the proper line and port have been selected. 1. Enter the er command to erase the report log. 2. Enter the trace lapb on command...
Page 389
Workgroup remote access switch 389 p roblem d iagnosis remote device connectivity r emote d evice c onnectivity problem: a remote device is not able to connect to the cyberswitch. Set-up: the system software should be up and running. (at the administration console: if you are in the connection monit...
Page 390
User’s guide 390 cyberswitch ip security rejection - digit string wrong length ip security rejection - invalid security id review the system configuration for the device list. You can also refer to the system messages chapter for the message meanings and the appropriate actions to be taken. The firs...
Page 391
Workgroup remote access switch 391 p roblem d iagnosis ip host mode ip h ost m ode the following sections provide diagnostic procedures for the ip host mode. Ip h ost i nitialization problem: the system does not display the correct ip host initialization messages. Or, instead, it displays the follow...
Page 392
User’s guide 392 cyberswitch 7. Verify that the hardware address (mac address) for the ip host in the cyberswitch’s arp cache is correct. If it is not correct, verify the configuration in the ip host. Ip h ost m ode o peration over the wan connection problem: the remote ip host connected to a wan rl...
Page 393
Workgroup remote access switch 393 p roblem d iagnosis ip routing over interface connections encapsulations. Correct the ip host or system configuration (through cfgedit) for encapsulation type. 5. Try to ping the host from another device on the lan. If this is also unsuccessful, this may indicate a...
Page 394
User’s guide 394 cyberswitch host, the remote ip host may need a proper route entry for the local network where the cyberswitch is located. Make corrections to the remote ip host configuration. Problem: the remote ip host connected to a wan interface on the cyberswitch does not receive a ping respon...
Page 395
Workgroup remote access switch 395 p roblem d iagnosis ip routing over interface connections action: 1. Verify that the remote ip host can access the lan interface of the cyberswitch. If it can, continue with the next step. If the remote host is unable to access the lan interface, refer to the prece...
Page 396
User’s guide 396 cyberswitch 3. Verify that the remote bridge device is initiating a call to the cyberswitch. Since the cyberswitch lan interface has an ip address assigned with a different network number than the one for the remote ip host, the remote ip host may need a proper route entry for the l...
Page 397
Workgroup remote access switch 397 p roblem d iagnosis ip rip a. For packet types, it is important to verify that the contents of the packet in question are indeed correctly specified (ip addresses, protocol, tcp ports, etc.). B. For configured filters, keep in mind that component conditions are exe...
Page 398
User’s guide 398 cyberswitch ip rip o utput p rocessing on a lan i nterface problem: the local ip host does not display the correct route entry, for example, the ip host does not seem to be learning route information from the cyberswitch via rip. Action: 1. Using the ipnetif manage mode command, ver...
Page 399
Workgroup remote access switch 399 p roblem d iagnosis ip rip 3. Also look for the ifstatrcvbadpackets and ifstatrcvbadroutes counters . If these counters are not 0, there may be something wrong with the router. If these counters are 0, there is an unexpected condition present within the cyberswitch...
Page 400
User’s guide 400 cyberswitch 2. Enter the ip rip stats administration console command. Look for the ifstatrcvresponses counter for the interface. This statistics is the number of rip update messages received on the interface. If the total number of these counters is 0, check the router to verify tha...
Page 401
Workgroup remote access switch 401 p roblem d iagnosis ipx routing indicate if it is static (l- locally configured) or dynamically learned via rip (r). If it is learned via rip, then basic communication between the cyberswitch and the local netware server is operational, and it is uncertain why the ...
Page 402
User’s guide 402 cyberswitch 6. Verify device configuration on remote bridge. Bridge devices should be configured to make calls over the interface defined to go to the router. Problem: the router does not forward typical data (rip, sap, type 20 packets) to the remote bridge. Action: 1. Make sure a c...
Page 403
Workgroup remote access switch 403 p roblem d iagnosis ipx routing and service tables ipx r outing and s ervice t ables problem: the routing table on the cyberswitch is full. Action: the number of entries in the routing table is a configurable entity. This parameter may be between the values of 20 a...
Page 404
User’s guide 404 cyberswitch t riggered rip/sap s tart u p problem: the cyberswitch does not display a triggered rip/sap starting message for a wan peer. Action: verify that the wan peer is properly configured. Issue the device command in manage mode to display the current device list. Or, you may v...
Page 405
Workgroup remote access switch 405 p roblem d iagnosis appletalk routing a pple t alk r outing i nitialization problem: the cyberswitch does not display the correct appletalk routing initialization messages. Action: 1. Check the system configuration. Make sure that the appletalk feature is enabled f...
Page 406
User’s guide 406 cyberswitch if ethertalk is selected, and no zones are displayed, then contact your distributor or customer support. 4. If you are using open transport, verify that local mac has chosen a proper appletalk address within the valid network range (this would be 10-11 for the example ne...
Page 407
Workgroup remote access switch 407 p roblem d iagnosis appletalk routing if the appletalk address for the router is not same as the one displayed when issuing atalk port console command, then the local mac is getting the information from another router. Please refer to the document for the router. I...
Page 408
User’s guide 408 cyberswitch 4. If the remote resources can not be seen even when the connection is up, then make sure the appletalk address of the remote device is valid. If the remote device is on an unnumbered network, then appletalk an address of 0.0 must be configured for the remote device in t...
Page 409
Workgroup remote access switch 409 p roblem d iagnosis snmp problem: the cyberswitch does not generate snmp trap pdus. Action: 1. Enter the snmp stats command at the administrative console. If an “snmp is not enabled” message appears, you must first enable the snmp agent (using cfgedit). 2. If the s...
Page 410
User’s guide 410 cyberswitch d ial o ut problem: a dial out call was not completed successfully. Action: 1. If you issued the call device console command to initiate the call, check to see that you entered the device name correctly. Device names are case sensitive. 2. If you issued the call peer con...
Page 411
Workgroup remote access switch 411 p roblem d iagnosis call detail recording if there are no problems with actions 1 and 2, proceed to action 3. 3. Check for the following system messages: for bri resource: in - proceeding in - disconnect - for pri resource: in - accept in - disconnect - if the syst...
Page 412
User’s guide 412 cyberswitch c ompression problem: compression is not established for a device for which it is expected. Action: 1. Issue the cmp stats console command then issue the dr console command to check the message report log. A message will inform you if the compression failed due to memory...
Page 413
Workgroup remote access switch 413 p roblem d iagnosis dhcp: relay agent • the cyberswitch does not have compression enabled in this case, the cyberswitch will respond to all attempts by the peer to open ccp with a term-ack frame. The connection will operate uncompressed. (note: a device that suppor...
Page 414
User’s guide 414 cyberswitch 3. If desired, enter manage mode, and use the dhcp change command to enable the relay agent. (note: cfgedit can also be used to change the relay agent configuration; but the changes will not take effect until the system is restarted.) 4. When manage mode is exited, an at...
Page 415
Workgroup remote access switch 415 p roblem d iagnosis dhcp: proxy client e nabling the p roxy c lient problem: the following message appears in the report log (after system initialization, or after the dhcp/ bootp proxy client has been enabled from manage mode): [dhcp-p] failed to register with the...
Page 416
User’s guide 416 cyberswitch 2. Make sure that the maximum addresses to obtain for the interface is non-zero. 3. Make sure that the number of addresses to pre-fetch for the interface is non-zero. 4. The dhcp server must be configured to distribute addresses to clients on the dhcp client’s subnetwork...
Page 417
Workgroup remote access switch 417 p roblem d iagnosis proxy arp operation 3. On both platforms, issue the iproute manage mode command to make sure that each system knows about the ip subnet at the other ethernet segment. 4. If the two ip host devices still can not communicate with each other, conta...
Page 418
Led i ndicators o verview the front panel of the cyberswitch has several led indicators. The power indicator will remain lit while the unit is on. There is a series of three lan indicators: they will light to indicate transmissions, receptions, or good link integrity on the 10base-t port. The bank o...
Page 419
Workgroup remote access switch 419 led i ndicators wan led indicators * on dms-100 and ni-1 switches, more than one data link is possible. • the ch-1 and ch-2 indicators signify activity along their respective b channel: pri led i ndicators in the bank of pri led indicators, there is one indicator f...
Page 420
User’s guide 420 cyberswitch the sync indicator identifies whether or not the most basic level of the isdn connection (layer 1) is established. It verifies that the system is connected to the isdn network at this pri port. Lanview led s ( csx1200-e11-mod) the lanview leds are located on the hub port...
Page 421
Workgroup remote access switch 421 led i ndicators wan led indicators each ethernet port also has a link led. This led provides connectivity information for a specific ethernet port. It glows green when the link is up. There is one collision led for the hub module. It is located between the 7th and ...
Page 422
User’s guide 422 cyberswitch s ervice i ndicator the service indicator comes on normally during system power-up, and then goes off. If the service indicator remains lit or blinks after power-up, it is signaling that something needs attention in the system. Refer to the section below that pertains to...
Page 423
Workgroup remote access switch 423 led i ndicators service indicator the table below provides an error description corresponding to the number of consecutive led blinks: * fsb: first stage boot; ssb: second stage boot. S ervice i ndicator b links if the service indicator blinks at any time during sy...
Page 424
User’s guide 424 cyberswitch a larm led s (pri o nly ) if your cyberswitch is not functioning properly, check the l1 led on the front panel. This led, which indicates layer 1 capability, should be lit. If it is not lit, there is a problem with layer 1; now check to see which alarm leds are lit. Alar...
Page 425
Workgroup remote access switch 425 led i ndicators alarm leds (pri only) • lof (loss of frame) also known as a red alarm. Lights up when layer 1 has detected a qualified loss of frame condition (excluding ais). A loss of frame condition occurs when signals are still being received by the switch, but...
Page 426
S ystem m essages o verview system messages provide useful system information. They are listed in the system’s report log, a memory resident table. To manipulate the report log, use the following commands at the administrative console: dr or ds display reports or display statistics er or es erase cu...
Page 427
Workgroup remote access switch 427 s ystem m essages informational messages b oot m essages the system boot is accomplished in two stages: a first stage boot and a second stage boot (fsb and ssb). If the fsb or ssb detects an error, the system’s service led will light. The first bank of leds will bl...
Page 428
User’s guide 428 cyberswitch s panning t ree m essages the spanning tree protocol is only supported by the ethernet-2 interface card. Spanning tree protocol messages are prefaced with [stp]. During normal operation, when spanning tree protocol is enabled, the system may report informational messages...
Page 429
Workgroup remote access switch 429 s ystem m essages system message summary 1 port lan adapter, operating in remote mode only this is an initialization message. It identifies the ethernet adapter type (ethernet-1), and operating mode. Remote bridging is supported. 2 port lan adapter, operating in lo...
Page 430
User’s guide 430 cyberswitch appletalk routing rtmp initialization error, appletalk disabled appletalk is disabled because there is an initialization problem with the routing table maintenance protocol (rtmp). Contact your distributor or customer support. Appletalk routing zip initialization error, ...
Page 431
Workgroup remote access switch 431 s ystem m essages system message summary [auth] ace encryption configured for des: not supported. The ace server is configured for des encryption. Only sdi encryption is currently supported by the ace client. [auth] ace error receiving server log message acknowledg...
Page 432
User’s guide 432 cyberswitch [auth] radius ip host rejected ip host id: the remote authentication server rejected the ip host id. This indicates that one of the following has occurred: 1. The is not in the remote authentication server’s database. 2. The is entered incorrectly in the remote authentic...
Page 433
Workgroup remote access switch 433 s ystem m essages system message summary [auth] tacacs login rejected user: the remote authentication server rejected the named user. This indicates that one of the following has occurred: 1. The is not in the remote authentication server’s database. 2. The is ente...
Page 434
User’s guide 434 cyberswitch [auth] warning code: 0010 received unexpected authentication response code from server a message was received from an authentication server that contained an invalid response message identifier. [auth] warning code: 0011 an unexpected server responded to the access reque...
Page 435
Workgroup remote access switch 435 s ystem m essages system message summary bridge is operating in restricted mode bridge is operating in unrestricted mode one of the above messages will be displayed to indicate the configured bridge mode of operation. Calculating crc’s..... An x-modem transfer has ...
Page 436
User’s guide 436 cyberswitch call restriction statistics reset for new day call restriction device information. Call restriction statistics reset for new month call restriction device information. Call restrictions will allow calls to be made this hour call restriction device information. Call restr...
Page 437
Workgroup remote access switch 437 s ystem m essages system message summary capability description processing error - . System is in minimal configuration mode. A problem has occurred during system installation. The will further identify the problem: • file not found • could not open file • file alr...
Page 438
User’s guide 438 cyberswitch cause received for dlci a cllm message was received indicating that the pvc associated with the indicated dlci is subject to the event denoted by the indicated cause code. These events are listed below with their corresponding cause code: cb disconnect:(1) password incor...
Page 439
Workgroup remote access switch 439 s ystem m essages system message summary channel in use in host_call_request the system software sent a message to the rbs state machine that the state machine was unable to recognize or the information was incorrect. If this message is displayed in the log message...
Page 440
User’s guide 440 cyberswitch cntr-tmr:timed out waiting for tmr interrupt! The i386s specified timer did not respond during a post testing its interrupt capabilities. The boot process should continue; however, make note of the error message in the event of a future problem. Configured adapter # ’x’ ...
Page 441
Workgroup remote access switch 441 s ystem m essages system message summary dedicated connection down: the dedicated connection is down. Switched backup connections will be used, if available. This message will occur if the other system is down, or if the network interface line is not connected, or ...
Page 442
User’s guide 442 cyberswitch [dhcp-p] proxy client disabled this message indicates that the dhcp proxy client has been successfully disabled. This message will appear after the dhcp proxy client has been disabled from manage mode. [dhcp-p] proxy client enabled this message will appear whenever the d...
Page 443
Workgroup remote access switch 443 s ystem m essages system message summary [dhcp-r] relay agent enabled the dhcp relay agent has been successfully enabled. This could be during system initialization (if configuration values have enabled it), or after the dhcp relay agent has been enabled from manag...
Page 444
User’s guide 444 cyberswitch dm card in slot is not functional the system was unable to initialize the digital modem in the specified slot correctly. Check all switch and/or jumper settings on the board to ensure they match the values in cfgedit. If the board is configured properly, and this message...
Page 445
Workgroup remote access switch 445 s ystem m essages system message summary dm upgrade success. Board=, modem= the system has successfully updated the firmware of the specified modem on the digital modem card. Dm: timeslot driver circuit id already in use on create dm: no timeslot driver circuits av...
Page 446
User’s guide 446 cyberswitch eds-des board absent eds-feal board absent the encryption board is either physically not in the backplane, or the dip switches on the board are set incorrectly. Check for the board; verify the switch settings . Error closing file ’s’ the wan card initialization subsystem...
Page 447
Workgroup remote access switch 447 s ystem m essages system message summary error mapping wan adapter # ’x’ into host memory map the configured memory location of the indicated wan card conflicts with another wan card or device. Review the configuration for the indicated adapter. Error opening file ...
Page 448
User’s guide 448 cyberswitch error reading platform type: couldn’t open file c:\system\platform.Nei error reading platform type: error reading c:\system\platform.Nei error reading platform type: there is no “plat name” field error reading platform type: there was no “=” in the string error reading p...
Page 449
Workgroup remote access switch 449 s ystem m essages system message summary failed to obtain terminal info in smgr_proc_terminal_auth_sess 0 a session control block was not found for this authentication session. Contact your distributor or customer support. Failed to start a terminal auth session. D...
Page 450
User’s guide 450 cyberswitch dm rcvd the network will not allow establishment of the data link at this time. An attempt will be made to re-establish the data link after a switchtype dependent delay. Mdl_err_resp rcvd the network has not responded to tei requests - no data link was established. An at...
Page 451
Workgroup remote access switch 451 s ystem m essages system message summary l the network sent a layer 2 frame with a control field error. This is typically an unimplemented frame. M the network sent a layer 2 frame with an illegal info field. N the network sent a layer 2 frame with an incorrect len...
Page 452
User’s guide 452 cyberswitch frame relay pvc connection down: slot=, port= the frame relay pvc connection is down for the indicated slot and port number. Frame relay pvc connection up: slot=, port=, dlci= the frame relay pvc connection is up for the indicated slot, port, and dlci index. Frbuffree: e...
Page 453
Workgroup remote access switch 453 s ystem m essages system message summary invalid cllm received on access an invalid cllm message was received on the indicated frame relay access. The message had either missing elements or invalid contents. Invalid lan adapter identifier the system has detected in...
Page 454
User’s guide 454 cyberswitch [ipap] resmem returned invalid device maximum value (x) a memory allocation failure was encountered by the ip address pool manager during initialization processing. Contact your distributor or customer support. [ip] cannot get system memory for xxxx there is not enough s...
Page 455
Workgroup remote access switch 455 s ystem m essages system message summary [ip] invalid rlan ip address , rlan ip stream closed the connection from a hdlc bridge or a ppp device came up and the ip (sub-) network number configured for it is invalid; it does not belong to any of the wan (rlan) interf...
Page 456
User’s guide 456 cyberswitch [ip] wan (direct host) interface , invalid associated lan interface interface name> the wan (direct host) type interface could not come up; the associated lan network interface, specified by configuration, was not found. Use cfgedit to delete old wan (direct host) interf...
Page 457
Workgroup remote access switch 457 s ystem m essages system message summary [ip host] security rejection - invalid security id the system has received an ip host id, , from a remote device that is not configured in the device list. The system has rejected the incoming call. Verify that the ip host i...
Page 458
User’s guide 458 cyberswitch [ip rip] unable to open rip/udp port 520 the udp port for rip was unable to be opened. There are 63 possible udp ports, and none are available for use at this time. No rip information can be transmitted or received. Contact your distributor or customer support. [ip rip] ...
Page 459
Workgroup remote access switch 459 s ystem m essages system message summary [ipx rip] shutdown complete. The ipx rip protocol was successfully shutdown via dynamic management. No ipx rip routing information will be transmitted or received. Any routes learned via ipx rip will soon expire. [ipx rip] s...
Page 460
User’s guide 460 cyberswitch l3_callrefselect call reference wrapped status message indicating that layer 3’s call reference value has wrapped. If this message is posted frequently, report the problem. Lan adapter abort the ethernet adapter or subsystem is being interrupted as part of the error reco...
Page 461
Workgroup remote access switch 461 s ystem m essages system message summary lan adapter out of receive buffers for the wan port the lan adapter is temporarily out of the buffers it uses to receive packets from the wan port. This condition should clear itself. If the condition persists, contact your ...
Page 462
User’s guide 462 cyberswitch lan port detected shorted lan media the system detected a problem with the physical lan on the indicated port. The lan is not properly terminated or the lan is not fully connected to the system. Check for proper lan installation. Lan port is now in the forwarding state t...
Page 463
Workgroup remote access switch 463 s ystem m essages system message summary manage mode updates have been successfully committed the above message indicates that the dynamic management commit command was successfully completed. Manual intervention required: please replace lan card older versions of ...
Page 464
User’s guide 464 cyberswitch mismatch of configured and installed dm card in slot the switch and/or jumper settings on the specified digital modem card are not properly set to match how the card is configured in software. Check the hardware and software configuration and restart. Missing bearer_capa...
Page 465
Workgroup remote access switch 465 s ystem m essages system message summary network sent cause - spid not supported - the indicated line does not support spids; however, a spid is configured for use on the line. Is the spid configured incorrectly? Do you have the right switch type? Check the configu...
Page 466
User’s guide 466 cyberswitch not enough memory for security module not enough system memory available to operate security module. Contact your distributor or customer support. No ua seen in response to sabmes - slot= port= ces= layer 2 cannot be established between the system and the switch. This co...
Page 467
Workgroup remote access switch 467 s ystem m essages system message summary out svc # isdn line failure. The line connected to the indicated slot and port is out of service for the reason indicated by # . 1 = no layer 1 sync for 5 seconds this problem normally occurs due to wan cabling problems. Che...
Page 468
User’s guide 468 cyberswitch [pap] remote device rejected system information the system received the pap authenticate-nak packet with the error message against the previous pap authenticate-request sent by the system. The is from the remote device, and is device-specific. Contact the remote site for...
Page 469
Workgroup remote access switch 469 s ystem m essages system message summary pvc for dlci > not active a frame was received on the pvc associated with the indicated dlci which was not active. This is a temporary condition, and results from an asynchronous operation between the network and customer-pr...
Page 470
User’s guide 470 cyberswitch system to start dialing. Contact the telephone company and ensure that the line is configured for wink-start. Rbs: unexpected event chan = , state = an illegal signaling event occurred in the rbs task on the specified channel. Ensure that the line is configured correctly...
Page 471
Workgroup remote access switch 471 s ystem m essages system message summary resmem_gettotal: enabled size , greater than checksize for internal error that should be reported to customer support. Resmem_malloc failure for subsystem (size=, type=, class=, ra=) resmem_malloc size too large for subsyste...
Page 472
User’s guide 472 cyberswitch security rejection - no password given by caller a properly formed bridge security negotiation packet was received, and the bridge is registered in the system device table, but a password is required and none was provided by the calling bridge. Check configuration. If pr...
Page 473
Workgroup remote access switch 473 s ystem m essages system message summary semipermanent. Device "x" reconnected by admin. The administrator has issued the call device command after issuing the disc device command. This restarts the semipermanent feature for the indicated device. Severe congestion ...
Page 474
User’s guide 474 cyberswitch spid fsm got unidentifiable info msg - slot= port= ces= suffix> an unexpected information message was received from the network on the indicated line. If you are having trouble establishing calls on this line, the problem should be reported to your phone company. Ssb: ca...
Page 475
Workgroup remote access switch 475 s ystem m essages system message summary ssb: post 28 i960lan_82596sx failure the i960 failed its lan coprocessor test. The boot process should continue; however, make note of the error message in the event of a future problem. Ssb: post 29 i960lan_82503 failure th...
Page 476
User’s guide 476 cyberswitch [stp] a blan topology change has been detected the system has detected a topology change in the spanning tree environment. [stp] a new root bridge has been detected the system has detected a new root bridge for the spanning tree environment. [stp] lan port is now a desig...
Page 477
Workgroup remote access switch 477 s ystem m essages system message summary [tftp] data buffer allocated successfully all parts of the tftp feature (both server and client) were successfully initialized. Note: the following “[tftp] local error...” messages generated during client operations will be ...
Page 478
User’s guide 478 cyberswitch [tftp] local error # 13: received unexpected opcode the tftp protocol received a packet that was not expected. There may be a problem with the specified file; try replacing it. If this message appears consistently, contact your distributor or customer support. [tftp] loc...
Page 479
Workgroup remote access switch 479 s ystem m essages system message summary [tftp] remote error # 0: (text from remote host) undefined error. The accompanying text (if any) should describe the error. The file being transferred may be corrupted. [tftp] remote error # 1: (text from remote host) the re...
Page 480
User’s guide 480 cyberswitch the call is allowed to continue a call has been up longer than the amount of time configured, but it has not been taken down. The compression subsystem is not enabled check cfgedit; verify that compression is enabled. The conformance selection is prior to ccitt 1988 veri...
Page 481
Workgroup remote access switch 481 s ystem m essages system message summary transmit rate increased to : access , dlci the effective transmit rate has been increased to the indicated rate for the indicated dlci under the indicated access. Transmit rate reduced to cir : access , dlci the effective tr...
Page 482
User’s guide 482 cyberswitch unable to identify a remote device a device that was not identified by any active security measures (for example, pap or chap) was rejected. Unable to identify a remote device - a device that was not identified by any active security measures (for example, pap or chap) w...
Page 483
Workgroup remote access switch 483 s ystem m essages system message summary unexpected error during transmission of lmi frame a system error occurred during the actual transmit request for an lmi frame. Contact your distributor or customer support. Unknown calling bridge mac address security is enab...
Page 484
User’s guide 484 cyberswitch wan: rbs not available on this card. A rbs debugging command was attempted on a pri card that is not configured for rbs. Check the card configuration and ensure you have the proper type of card. Watchdog timeout detected on dm board in slot the digital modem card in the ...
Page 485
Workgroup remote access switch 485 s ystem m essages system message summary x25 facilities error, reverse charging not accepted the reverse charging facility was selected by the dte. Verify that reverse charging is enabled by both dte’s and the service provider. X25 facilities error, fast select not...
Page 486
User’s guide 486 cyberswitch x25 facilities warning, nui not available network device identification not available. No action required. X25 permanent virtual circuit down: access=, pvc=, lcn= the indicated x.25 virtual circuit is down. Switched backup connections will be used, if available. This mes...
Page 487
T race m essages o verview trace messages include the following categories of messages: 1. Call trace messages 2. Ip filter trace messages 3. Ppp packet trace messages 4. Wan fr_ietf trace messages 5. X.25 trace messages 6. X.25 (lapb) trace messages before trace messages can be logged to the system...
Page 488
User’s guide 488 cyberswitch c all t race m essages a feature of the cyberswitch console is the ability to save and display a record of the high level isdn calls between the system and the local telephone switch. If calls are unable to be completed, this is normally the first area to look. Call trac...
Page 489
Workgroup remote access switch 489 t race m essages call trace messages c all t race m essage s ummary access information discarded cause call trace message. This message is used to indicate additional details on the received in the “call progress” information message. Alerting off informational cal...
Page 490
User’s guide 490 cyberswitch in - abnormal rpt call id= slot= port= connid= ces= the system has detected an internal error condition. The are included for your distributor or cabletron customer support. An error message describing the problem should be reported following this trace message. In - abn...
Page 491
Workgroup remote access switch 491 t race m essages call trace messages in - disconnect call id= slot= port= loc= cause= ces= connid= the system has received a disconnect message from the network. The call id and ces values are for your distributor or cabletron customer support. The remaining parame...
Page 492
User’s guide 492 cyberswitch in - progress call id= slot= port= chans= causeloc= cause= signal= progloc= prog= ces= connid= the system has received a call progress message from the network. This is usually received in response to sending a call request. The are included for your distributor or cable...
Page 493
Workgroup remote access switch 493 t race m essages call trace messages out - dl cfg slot= port= ces= the system is initializing the indicated data link. Out - dsl cfg slot= port= the system is initializing the indicated line. Out - init data link the system is sending a message to the network to in...
Page 494
User’s guide 494 cyberswitch ip f ilters t race m essages you can trace packets that are discarded as a result of ip filters. Enable this feature by using the ip filter trace discard command, and disable it with ip filter trace off . Note that when you enable this feature, the report log has the pot...
Page 495
Workgroup remote access switch 495 t race m essages ppp packet trace messages ppp p acket t race m essages ppp packet trace allows you to display the ppp protocol negotiation that takes place when a link is established. This information is useful when diagnosing mismatches in configuration between t...
Page 496
User’s guide 496 cyberswitch • configure request the configure request is used to indicate the options that are supported by this sending device. The request contains an option list and the desired values if they are different from the default value. • configure ack the configure ack is transmitted ...
Page 497
Workgroup remote access switch 497 t race m essages x.25 trace messages • echo reply the echo reply is transmitted in response to an echo request. The echo reply packet contains the magic number of the sending device. Until the magic number option has been negotiated the value must be set to zero. •...
Page 498
User’s guide 498 cyberswitch in - x25 connection confirmation connid= access= remdteaddr= the system has received a connect message from the network. This indicates that a new call is now established. In - x25 connection indication connid= access= remdteaddr= the system has received an incoming call...
Page 499
Workgroup remote access switch 499 t race m essages x.25 trace messages out - x25 call accept lcn , bytes the dte is accepting an svc call. Out - x25 call request lcn , bytes the dte is attempting to place an svc call. Out - x25 clear ind lcn , bytes the dce is clearing the x.25 virtual circuit on t...
Page 500
User’s guide 500 cyberswitch out - x25 dte rr lcn , bytes the dte is acknowledging 1 or more data packets received from the dce. Out - x25 reset ind lcn , bytes the dce is resetting a virtual circuit. Out - x25 reset request lcn , bytes the dte is resetting a virtual circuit. Out - x25 restart ind l...
Page 501
Workgroup remote access switch 501 t race m essages x.25 (lapb) trace messages in - lapb sabme the dce is resetting the link layer. In - lapb ua the dce is acknowledging a sabm or sabme from the dte. Out - lapb disc the dte link layer is going off-line. Out - lapb dm the dte is going off-line. Out -...
Page 502
S ystem m aintenance this grouping of information provides information to help you maintain your cyberswitch once it is operating. Note that the included system statistics information may also prove valuable in troubleshooting. We include the following chapters in the system maintenance segment of t...
Page 503
R emote m anagement o verview once your system is initially configured (and thus assigned an ip address), you may use a variety of methods to remotely access and manage your system. This chapter describes many of these methods. For information on first-time access (either local or remote), refer to ...
Page 504
User’s guide 504 cyberswitch snmp snmp: the nms gathers information (including problem reports) from any cyberswitch snmp (simple network management protocol) is a standard way of monitoring communication devices in ip networks. With snmp, you purchase and then set up a network management station (s...
Page 505
Workgroup remote access switch 505 r emote m anagement snmp section will describe how to install and configure the snmp agent. Refer to the specific nms documentation for its installation instructions. Snmp must be configured through cfgedit. Before configuring the snmp agent, you must have the foll...
Page 506
User’s guide 506 cyberswitch t elnet telnet is the standard way of providing remote login service. With telnet, any user on the lan or wan executing a standard telnet client program can remotely login to the cyberswitch and get an cyberswitch console session. When you have an active console session,...
Page 507
Workgroup remote access switch 507 r emote m anagement telnet administrator forgot to configure a static route on the remote site, system 2. Because system 2 is not on the same subnetwork as the telnet client on system 1’s lan, a static route is needed to allow system 2 to communicate with devices o...
Page 508
User’s guide 508 cyberswitch u sage i nstructions to access the cyberswitch using telnet, you must have a telnet client software package. A telnet client software package is built into the cyberswitch. With the cyberswitch acting as the telnet client, simply enter the telnet command to telnet into t...
Page 509
Workgroup remote access switch 509 r emote m anagement tftp tftp tftp (trivial file transfer protocol) is the standard way of providing file transfers between devices. With tftp any wan or lan user executing a standard tftp client program can transfer files to and from the cyberswitch. You can contr...
Page 510
User’s guide 510 cyberswitch the default file access for the guest user is “read” access to all files. The default file access for the admin user is “read” access to the report and statistics files, and “read and write” access to all other files. The default for the tftp server is admin file access ...
Page 511
Workgroup remote access switch 511 r emote m anagement remote installation with user2 r emote i nstallation with user2 the cyberswitch is delivered with a default configuration. This default configuration includes a configured device, user2. Advanced users may use the default configuration to perfor...
Page 512
User’s guide 512 cyberswitch if you are using an cyberswitch as your local isdn device, you can either configure an outbound phone number for the cyberswitch site or use the call peer command to call the cyberswitch without configuring the phone number for the device explicitly. Modify the switch ty...
Page 513
S ystem c ommands o verview two classes of system administration commands are available on the cyberswitch: guest commands and administrator commands. Guest commands provide current operational information only, and are available to all security levels. Administrator commands allows access to the co...
Page 514
User’s guide 514 cyberswitch logout terminates the administration session by logging-out the current administrator. You can start another session by using one of the two log-in commands outlined above. Pswd changes the password for the current access level (administrator or guest). Your password mus...
Page 515
Workgroup remote access switch 515 s ystem c ommands accessing dynamic management autobaud this command notifies the boot device to check the baud rate. It prepares the boot device to recognize an imminent change. At this time, you should be prepared to set or change the baud rate in your communicat...
Page 516
User’s guide 516 cyberswitch cs displays the list of connected devices along with the data rate for each device. The output for this command contains the connection time for each device along with a detailed breakdown (per connection type) of channel usage and available data rates. If there is at le...
Page 517
Workgroup remote access switch 517 s ystem c ommands viewing operational information number, and the operational status of each interface (up or down). This information can help to determine system problems by identifying those physical interfaces that are not operating as expected. Refer to the fol...
Page 518
User’s guide 518 cyberswitch sp this command pertains to semipermanent connections. This command will list each semipermanent device, as well as the connection status, initial data rate and current data rate for each semipermanent device. The connection status will be one of the following: c onnecte...
Page 519
Workgroup remote access switch 519 s ystem c ommands viewing operational information the ver command also displays a connections table. It displays the connection lines for features that are loaded only. Consider the following example of a connections table: capacities potential actual physical conn...
Page 520
User’s guide 520 cyberswitch v iewing t hroughput i nformation the throughput monitor screen displays the system throughput monitoring feature in action. To enter this screen: 1. Issue the mc command to display the connection monitor screen. 2. Use the to move the cursor down to the specific site fo...
Page 521
Workgroup remote access switch 521 s ystem c ommands saving operational information note: if data compression is being used, an extra line will be displayed on the connection monitor screen that will provide the compression and decompression ratios, and the estimated throughput. The estimated throug...
Page 522
User’s guide 522 cyberswitch ws writes the current system statistics to disk file. Note: for details on these disk files, refer to the chapter titled software overview . C learing o perational i nformation the following commands are used to clear current system operational information: er erases the...
Page 523
Workgroup remote access switch 523 s ystem c ommands restarting the cyberswitch r estarting the c yber switch restart generally used from a remote site (when using telnet or tftp), although it is functional from a local console as well. The restart command reboots the system and automatically starts...
Page 524
User’s guide 524 cyberswitch flash recover specific to the remote upgrade of the second stage boot or when recommended by the release notes. The ssb update should be performed only upon recommendation of customer support personnel. In the event that it is necessary to upgrade the ssb, this command s...
Page 525
Workgroup remote access switch 525 s ystem c ommands appletalk routing commands sess-id the session id number associated with the session. Date/time the date and time the session was initiated idle (sec) the number of seconds the connection has been idle. Command how the administration session was i...
Page 526
User’s guide 526 cyberswitch dnet required parameter. The destination network number. Dnode required parameter. The destination node id. Timeout optional parameter. The number of seconds to wait for a reply message. The valid range is from 1 to 60 seconds. The default value is 10 seconds. Nnnn optio...
Page 527
Workgroup remote access switch 527 s ystem c ommands appletalk routing commands get_zones - the port s obtaining a complete zone list for the network. Get_routes - the port is requesting routes from another router on the network (if another router is present). Up - the port is ready for use. Down - ...
Page 528
User’s guide 528 cyberswitch atalk port stats [clear] this command will display or clear current appletalk port statistics. Refer to appletalk port statistics , for a list of available atalk port statistics and their definitions. Atalk route this command will display appletalk static route informati...
Page 529
Workgroup remote access switch 529 s ystem c ommands appletalk routing commands atalk stats rtmp displays the appletalk routing table maintenance protocol (rtmp) statistics. Atalk stats zip displays the appletalk zone information protocol (zip) statistics. Atalk stats nbp displays the appletalk name...
Page 530
User’s guide 530 cyberswitch b ridge c ommands the following commands are used to display bridging information and statistics. Pkt mac enables the mac address monitor display. The mac address monitor screen displays information contained in the lan frames that are sent over the isdn connections. The...
Page 531
Workgroup remote access switch 531 s ystem c ommands call control commands c all c ontrol c ommands the following commands are used to initiate and disconnect calls to devices. Call device initiates a call to the specified device. The entire device name does not need to be entered; only enough lette...
Page 532
User’s guide 532 cyberswitch is not callable each ppp device in the device database can have one or two phone numbers at which they can be called. This message is displayed if the device has no phone number specified. Re-enter the name, or to cancel the device name must be re-entered. Unable to prom...
Page 533
Workgroup remote access switch 533 s ystem c ommands call control commands 4. Display the system log messages by entering the dr command at the system prompt. 5. Check the log report for connect messages relating to the remote device you are testing. In response to the call peer command, you will se...
Page 534
User’s guide 534 cyberswitch with the name schultz, and a device configured with the name schmidt, this message would be displayed. You would then need to enter at least call device schu to successfully initiate a call to the device schultz. Re-enter the name, or to cancel the device name must be re...
Page 535
Workgroup remote access switch 535 s ystem c ommands compression information commands c ompression i nformation c ommands compression statistics are only available for connections that are using a compression protocol. The following commands are used to display current compression information: cmp s...
Page 536
User’s guide 536 cyberswitch note that this command may be used in conjunction with all other fr commands. For example, fr a 1 lmi would be a valid command, changing the frame relay access to 1 before displaying information relating to the lmi link. Fr d sets an internal variable. Will be the defaul...
Page 537
Workgroup remote access switch 537 s ystem c ommands ip routing commands lmi error state current lmi alarm condition. When this item is true, the lmi alarm is on, and all associated pvcs are unavailable. When this item is false, the alarm condition is clear. Lmi dlci dlci value associated with the l...
Page 538
User’s guide 538 cyberswitch • origin: specifies how the ip address has come to be placed into the ip address pool. If the origin is dhcp, the ip address was obtained from a dhcp server. If the origin is static, the ip address was manually configured via cfgedit. • in use: specifies whether or not t...
Page 539
Workgroup remote access switch 539 s ystem c ommands ip routing commands /dnnnn optional parameter that indicates the data size in bytes for the icmp echo message. The valid range for the data size value is 0 to 2020. The default value is 0. Possible results and their meanings: ddd.Ddd.Ddd.Ddd is al...
Page 540
User’s guide 540 cyberswitch destination the route destination. This destination may be a network number, a subnet address, or a host address. Subnet-mask the mask used for the destination. Next hop the ip address or interface name (for unnumbered interfaces) of the router that is the gateway for th...
Page 541
Workgroup remote access switch 541 s ystem c ommands ip routing commands ip rip send used to send the ip rip update messages to a particular interface on demand. The example screen below demonstrates how you use this command. Ip rip stats displays global rip statistics and also statistics for each c...
Page 542
User’s guide 542 cyberswitch ip stats displays the current ip related statistics. Refer to ip statistics , for a list of available statistics and their definitions. Ipx r outing c ommands ipx routing must be enabled before these commands can be used. The following commands are used to display ipx ro...
Page 543
Workgroup remote access switch 543 s ystem c ommands ipx routing commands note: the ipx diag and the ipx ping commands both test device connectivity (although both send back different types of responses). However, due to the variety of vendors and equipment available to networks, one command may wor...
Page 544
User’s guide 544 cyberswitch ipx trigreq [device] generates a triggered rip/sap update request to the specified device. You may use this command to initiate an update request to synchronize with the routing database of a particular wan device. Ipx trigrip stats displays the triggered rip statistics....
Page 545
Workgroup remote access switch 545 s ystem c ommands lan commands lan c ommands the following commands are used to display current system lan diagnostic information: lan stats displays the current lan packet forwarding statistics, including the number of frames received and transmitted from lan and ...
Page 546
User’s guide 546 cyberswitch pkt capture [all/idle/reqd/pend/actv/none] specifies which packets will be captured by the packet capture feature. A definition of each possible parameter follows. All all packets will be captured. None no packets will be captured. Reqd only packets causing a connection ...
Page 547
Workgroup remote access switch 547 s ystem c ommands packet capture commands the following is an example pkt display screen: it is possible to display packet details for a specific packet. To do so, use the keyboard’s arrow keys to move the cursor to the desired packet number (on the “pkt display” s...
Page 548
User’s guide 548 cyberswitch banyan vines packet detail screen (bridged packet) ip datagram detail screen (routed datagram) while the “pkt display” is displayed on your monitor, you can display the following help screen by entering “?”: the time menu that is displayed when “t” is entered will enable...
Page 549
Workgroup remote access switch 549 s ystem c ommands radius commands radius c ommands the following console commands may be used to diagnose problems with: • connections to the off-node radius authentication server • cyberswitch configuration • authentication server device database entries radius ch...
Page 550
User’s guide 550 cyberswitch radius ipres attempts an authentication session using the ip resolution. The following is an example display of the screen. Radius macres attempts an authentication session using the mac resolution. The following is an example display of the screen. Radius pap attempts a...
Page 551
Workgroup remote access switch 551 s ystem c ommands snmp commands snmp c ommands when the snmp agent is enabled on the cyberswitch, the following command is available: snmp stats displays the current snmp related statistics. Refer to snmp statistics , for a list of available statistics and their de...
Page 552
User’s guide 552 cyberswitch telnet ? Displays the help screen for the telnet command. The help screen provides the syntax for the command described below. Telnet [port number] begins a telnet session for the telnet host at the indicated ip address. The port number is an optional parameter that can ...
Page 553
Workgroup remote access switch 553 s ystem c ommands telnet commands the possible send parameters are defined as follows: send ayt the send ayt command sends the telnet command function for “are you there?” to the target host. This can be used to determine whether or not the target host is still res...
Page 554
User’s guide 554 cyberswitch • , where is in the range of ascii 'a' to ascii '_' • , where is in the range of ascii 'a' to ascii 'z' (note that lower case letters are converted to upper case before they are used) • , where is in the range of ascii '!' to ascii '~' to specify the key in the set escap...
Page 555
Workgroup remote access switch 555 s ystem c ommands tftp commands tftp c ommands the tftp feature and its commands are only available when ip routing is enabled. The tftp feature and file access are enabled by default when the system software is installed. Using the manage mode, configuration chang...
Page 556
User’s guide 556 cyberswitch session information for a tftp session that has terminated. The screen below illustrates the use of this command. Tftp stats displays the current tftp related statistics. Refer to tftp statistics , for a list of available statistics and their definitions. T race c ommand...
Page 557
Workgroup remote access switch 557 s ystem c ommands udp commands trace x25 [on/off] enables or disables the x.25 packet tracing option. This feature displays up to 15 octets of the packet. To display the log file, issue the dr console command. This option is initially disabled. Wan fr-ietf trace [o...
Page 558
User’s guide 558 cyberswitch sentry ace attempts an authentication session using ace. The system will report whether the authentication attempted was successful or rejected. Wan c ommands the following commands are used to display current system wan diagnostic information: wan fr-ietf stats [device/...
Page 559
Workgroup remote access switch 559 s ystem c ommands x.25 commands x25 a the “a” option will set the access name specified by as the default access for subsequent commands entered without an explicit access specifier. This access name will remain the current access, until it is changed through issui...
Page 560
S ystem s tatistics o verview statistics can either be generated by issuing the ds command to display the set of statistics known as the system statistics, or by issuing a specific command to display statistics in a specific category. In addition to using the ds command to display the system statist...
Page 561
Workgroup remote access switch 561 s ystem s tatistics call statistics call minutes (month) the total call minutes that have been logged for the month. Calls (day) the total number of calls that have been made for the day. Calls (month) the total number of calls that have been made for the month. C ...
Page 562
User’s guide 562 cyberswitch a pple t alk s tatistics you may display appletalk protocol statistics (subdivided into six subgroups) and appletalk port statistics. You can display all six subgroups of the appletalk protocol statistics by issuing the atalk stats command, or you can display the individ...
Page 563
Workgroup remote access switch 563 s ystem s tatistics appletalk statistics ddptooshorterrors the total number of input ddp datagrams dropped because the received data length was less than the data length specified in the ddp header or the received data length was less than the length of the expecte...
Page 564
User’s guide 564 cyberswitch atechoinreplies the count of appletalk echo replies received. A pple t alk r outing t able m aintenance p rotocol (rtmp) s tatistics you can display this subgroup of appletalk statistics by issuing the atalk stats rtmp console command. Rtmpindatapkts a count of the numbe...
Page 565
Workgroup remote access switch 565 s ystem s tatistics appletalk statistics zip zoneconflcterrors the number of times a conflict has been detected between this entity’s zone information and another system’s zone information. Zipinobsoletes the number of zip takedown or zip bringup packets received b...
Page 566
User’s guide 566 cyberswitch atpretrycntexceeds the number of times the retry count was exceeded, and an error was returned to the client of atp. A pple t alk p ort s tatistics you can display the appletalk port statistics by issuing the atalk port stats console command. Portinpackets the number of ...
Page 567
Workgroup remote access switch 567 s ystem s tatistics bridge statistics b ridge s tatistics the system collects bridge statistics for each lan port and for wan connections. These bridge statistics include information on the number of frames received, forwarded, discarded or transmitted. If the syst...
Page 568
User’s guide 568 cyberswitch c ompression s tatistics the system collects the following compression statistics for each active compression connection. These statistics can be displayed by issuing the cmp stats or the cmp stats command at the administration console. The cmp stats command will display...
Page 569
Workgroup remote access switch 569 s ystem s tatistics dhcp statistics total dmp reset count the total number of decompressed resets (peer and system sent resets). Peer sent resets the number of decompression resets sent from peer devices. System sent resets the number of decompression resets sent f...
Page 570
User’s guide 570 cyberswitch dhcp/bootp invalid’op’ stat incremented whenever a dhcp/bootp message is received with an’op’ field that is not equal to either bootrequest or bootreply. These messages are discarded. Dhcp r elay a gent s tatistics bootrequest msgs rcvd incremented whenever the system id...
Page 571
Workgroup remote access switch 571 s ystem s tatistics dhcp statistics bootreply msgs rlyd number of bootreply messages that were successfully relayed to dhcp/bootp clients. Bootreply bad ’giaddr’: number of dhcp/bootp bootreply messages that were discarded by the dhcp relay agent because the ’giadd...
Page 572
User’s guide 572 cyberswitch dhcpacks rcvd incremented whenever the dhcp proxy client has received a dhcpack message from a dhcp server. Dhcpnaks rcvd incremented whenever the dhcp proxy client has received a dhcpnak message from a dhcp server. Invalid dhcp pkts rcvd incremented whenever the dhcp pr...
Page 573
Workgroup remote access switch 573 s ystem s tatistics frame relay statistics # line ready count the number of times the physical link underlying the frame relay access has become “ready” for use. # line not ready count the number of times the physical link underlying the frame relay access has beco...
Page 574
User’s guide 574 cyberswitch # no control block not currently supported. # new & existing pvc the number of times a new pvc was indicated by a lmi status message—but the frame relay software believed the pvc already existed. # pvc not configured the number of times a frame was received containing an...
Page 575
Workgroup remote access switch 575 s ystem s tatistics lan statistics # frames received the total number of frames received on the pvc. # bytes received the total number of bytes received on the pvc. # frames sent the total number of frames sent on the pvc. # bytes sent the total number of bytes sen...
Page 576
User’s guide 576 cyberswitch ip s tatistics you can access ip statistics by using the ip stats console command. These statistics are parts of the ip group and the icmp group mib variables that are defined in rfc-1213:mib-ii. Ip g roup s tatistics ipforwarding the indication of whether the system is ...
Page 577
Workgroup remote access switch 577 s ystem s tatistics ip statistics ipoutrequests the total number of ip datagrams which local ip device-protocols (including icmp) supplied to ip in requests for transmission. Ipoutdiscards the number of output ip datagrams for which no problem was encountered that ...
Page 578
User’s guide 578 cyberswitch icmpindestunreachs the number of icmp destination unreachable messages received. Icmpintimeexcds the number of icmp time exceeded messages received. Icmpinparmprobs the number of icmp parameter problem messages received. Icmpinsrcquenchs the number of icmp source quench ...
Page 579
Workgroup remote access switch 579 s ystem s tatistics ipx statistics icmpoutsrcquenchs the number of icmp source quench messages sent. Icmpoutredirects the number of icmp redirect messages sent. For a host, this will always be zero, since hosts do not send redirects. Icmpoutechos the number of icmp...
Page 580
User’s guide 580 cyberswitch ipxbasicsysinhdrerrors the number of ipx packets discarded due to errors in their headers, including any ipx packet with a size less than the minimum of 30 bytes. Ipxbasicsysinunknownsockets the number of ipx packets discarded because the destination socket was not open....
Page 581
Workgroup remote access switch 581 s ystem s tatistics ipx statistics ipxadvsysintoomanyhops the number of ipx packets discarded due to exceeding the maximum hop count. Ipxadvsysinfiltered the number of incoming ipx packets discarded due to filtering. Ipxadvsysincompressdiscards the number of incomi...
Page 582
User’s guide 582 cyberswitch ipx t riggered rip s tatistics you can access ipx triggered rip statistics by using the ipx trigrip stats command. Trigripupdaterequestssent number of triggered rip update requests sent. Trigripupdaterequestsrcvd number of triggered rip update requests received. Trigripu...
Page 583
Workgroup remote access switch 583 s ystem s tatistics ipx statistics ipx sap s tatistics you can access ipx sap statistics by using the ipx sap stats console command. Sapinstance with the cyberswitch, the value of this statistic is always 1. With other products, this statistic is useful. Currently,...
Page 584
User’s guide 584 cyberswitch maximum services maximum number of services this router is configured to handle. Available services number of services currently available on this router. High water mark peak number of services this router has used. Rip s tatistics you can access rip statistics by using...
Page 585
Workgroup remote access switch 585 s ystem s tatistics snmp statistics ifstatsentresponses the number of rip messages with ‘response’ command code sent on this interface. Ifstatsentupdates the number of triggered rip updates actually sent on this interface. This explicitly does not include full upda...
Page 586
User’s guide 586 cyberswitch snmpinreadonlys the total number of valid snmp pdus that were delivered to the snmp agent and for which the value of the error-status field is “readonly”. It should be noted that it is a protocol error to generate an snmp pdu that contains the value “readonly” in the err...
Page 587
Workgroup remote access switch 587 s ystem s tatistics tcp statistics snmpoutgetrequests the total number of snmp get-request pdus that have been generated by the snmp agent. Snmpoutgetnexts the total number of snmp get-next pdus that have been generated by the snmp agent. Snmpoutsetrequests the tot...
Page 588
User’s guide 588 cyberswitch tcpattemptfails the number of times tcp connections have made a direct transition to the closed state from either the syn-sent state or the syn-rcvd state, plus the number of times tcp connections have made a direct transition to the listen state from the syn-rcvd state....
Page 589
Workgroup remote access switch 589 s ystem s tatistics tftp statistics failed file gets displays the count of failed gets. (remote host failed to download a file from the local system.) total bytes put displays the total number of bytes successfully put. (number of bytes uploaded to the local system...
Page 590
User’s guide 590 cyberswitch data packets sent displays the total number of data packets sent. Data packets received displays the total number of data packets received. Error packets sent displays the total number of error packets sent. Error packets received displays the total number of error packe...
Page 591
Workgroup remote access switch 591 s ystem s tatistics wan fr_ietf statistics wan fr_ietf s tatistics you can access fr_ietf statistics by issuing the wan fr-ietf stats [device/ fr_accessname_dlci] [prot] console command. Protocol the line protocol of the packets transmitted or received. Frames sent...
Page 592
User’s guide 592 cyberswitch ais (blue) the number of times layer 1 has detected a qualified unframed all ones signal. Rai (yellow) the number of times layer 1 has detected a qualified rai (remote alarm indication) signal. L ayer 1 pri e rror s tatistics note: layer 1 pri error statistics apply to t...
Page 593
Workgroup remote access switch 593 s ystem s tatistics wan statistics unknown events if this counter is ever non-zero, call customer support personnel. Unused events if this counter is ever non-zero, call customer support personnel. Unknown mail if this counter is ever non-zero, call customer suppor...
Page 594
User’s guide 594 cyberswitch call minutes (month) the total call minutes that have been logged for the month. Calls (day) the total number of calls that have been made for the day. Calls (month) the total number of calls that have been made for the month. X.25 s tatistics there are two sets of stati...
Page 595
Workgroup remote access switch 595 s ystem s tatistics x.25 statistics # resets received the number of resets received. # rr sent count the number of receive ready packets sent. # rr received the number of receive ready packets received. # rnr sent count the number of receive not ready packets sent....
Page 596
User’s guide 596 cyberswitch permanent virtual circuit or switched virtual circuit identifies the type of vc in use. Local address the local dte x.121 address. Remote address the remote dte x.121 address. # packets sent count the number of x.25 data packets sent. # packets received the number of x.2...
Page 597
R outine m aintenance o verview the information in this chapter provides instructions for performing routing maintenance on the cyberswitch. The information falls into the following categories: • installing/upgrading system software • executing configuration changes • performing a configuration back...
Page 598
User’s guide 598 cyberswitch changes are not dynamic. The changes are saved in a temporary copy of configuration data, and will not affect the current run-time operation of the system in any way. To terminate the session, return to the main cfgedit menu. Select the save changes option. Then press to...
Page 599
A ppendices the user’s guide includes the following appendices: • system worksheets we have designed a set of worksheets you can fill out before you begin your cyberswitch configuration. Once filled out, they will contain information you will need for the configuration process. • cfgedit map a cfged...
Page 600
S ystem w orksheets the worksheets included in this appendix will be helpful in configuring and managing your system. They capture important network information. To see examples of completed worksheets, refer to the example networks guide. Worksheets included in this appendix are: 1. Network topolog...
Page 601
Workgroup remote access switch 601 s ystem w orksheets network topology n etwork t opology.
Page 602
User’s guide 602 cyberswitch system name: _____________________ pap password:_______________ chap secret:___________________ r esources l ines bri lines pri lines type slot switch type synchronization type name slot port line type call screen tei spid directory number name slot port framing type lin...
Page 603
Workgroup remote access switch 603 s ystem w orksheets system details a ccesses dedicated accesses over isdn: over serial connection : x.25 accesses over isdn : over serial connection : frame relay accesses over isdn : over serial connection : line name data rate bearer channels line protocol device...
Page 604
User’s guide 604 cyberswitch device name: _____________________________ calling (isdn, fr, etc.) information x.25 information authentication information : frame relay information * hdlc bridge only protocol for this particular device? Bridge ip ipx appletalk line protocol pvc base data rate svc init...
Page 605
Workgroup remote access switch 605 s ystem w orksheets bridging and routing information b ridging ip r outing network interface information bridging ❒ enabled ❒ disabled mode of operation ❒ restricted ❒ unrestricted bridge filters bridge dial out/ known connect list ip routing ❒ enabled ❒ disabled m...
Page 606
User’s guide 606 cyberswitch ip r outing , continued static routes ipx r outing routing information network interface information static routes netware static services destination network address mask next hop ❒ default? ❒ default? ❒ default? ❒ default? Ipx routing ❒ enabled ❒ disabled internal netw...
Page 607
Workgroup remote access switch 607 s ystem w orksheets bridging and routing information a pple t alk r outing appletalk routing/port information appletalk port static routes appletalk routing ❒ enabled ❒ disabled lan name port number network type ❒ extended ❒ nonextended netwk range/ number appletal...
Page 608
Cfgedit m ap o verview the following pages provide an outline of the cyberswitch cfgedit configuration utility. As you configure your system, you may find it helpful to use this outline as a map to help you navigate through cfgedit. M ain m enu note: all options listed may not be available on your p...
Page 609
Workgroup remote access switch 609 cfgedit m ap physical resources menu p hysical r esources m enu r esources • basic rate switch type • t1/e1/pri switch type synchronization • des, feal d ata l ines • name/slot/port/framing/line coding/signalling/line build out • datalinks ppp: tei negotiation pmp:...
Page 610
User’s guide 610 cyberswitch o ptions m enu b ridging • enable/disable • spanning tree • mode of operation unrestricted, restricted • bridge filters protocol definition filters (source, destination, protocol, packet data) • known connect list ip r outing • enable/disable • ip operating mode (host/ro...
Page 611
Workgroup remote access switch 611 cfgedit m ap options menu • routing protocols ipx rip, ipx sap number table entries • ipx static routes rip info number of ticks, hops next hop destination ipx number • netware static services sap info number of hops to service service ipx socket number service ipx...
Page 612
User’s guide 612 cyberswitch c all c ontrol • throughput monitor • call interval • monthly call charges • call restrictions • device profile • bandwidth reservation • semipermanent connection • vra manager for call control enable/disable tcp port number d efault l ine p rotocol • action timeout • ti...
Page 613
Workgroup remote access switch 613 cfgedit m ap security menu s ecurity m enu s ecurity l evel • no security • device level security • user level security • device and user level security s ystem o ptions and i nformation • system options pap password chap challenge bridge mac address ip host id cal...
Page 614
User’s guide 614 cyberswitch authentication pap password chap secret outbound authentication user level authentication ip host id bridge ethernet calling line id ip information ip address ip enable/disable make calls for ip data ipx enable/disable calls for ipx data ipxwan ipx routing none rip/sap t...
Page 615
Workgroup remote access switch 615 cfgedit m ap security menu o ff - node s erver i nformation • vra manager tcp port • radius primary server secondary server miscellaneous info number of retries time between retries • tacacs primary server secondary server miscellaneous info number of retries time ...
Page 616
G etting a ssistance r eporting p roblems for a fast response, please take the time to fill out the system problem report to inform us of any difficulties you have with our products. A copy of this report can be found at the end of this chapter. This report provides us with important information to ...
Page 617
Date: ______________ number of pages including this page: ______ to: customer service from: ______________________________________ cabletron systems company:_______________________________________ (603) 332-9400 phone address: ______________________________________ (603) 337-3075 fax _______________...
Page 618
A dministrative c onsole c ommands t able the following table lists all system administration commands. Guest commands are identified in the command column. Command use ? (guest) displays help screen autobaud notifies boot device to check baud rate atalk arp displays the aarp cache atalk ping . {tim...
Page 619
Workgroup remote access switch 619 a dministrative c onsole c ommands t able cdr stats clear (guest) clears current call detail recording statistics cdr verify (guest) verifies call detail recording servers are configured cfg provides information on changes to configuration files cfgedit starts the ...
Page 620
User’s guide 620 cyberswitch fr clear clears the statistics counters for the selected frame relay access and dlci fr clearall clears all statistics for the selected frame relay access and dlci fr cong displays congestion control information for the selected frame relay access and dlci fr d sets dlci...
Page 621
Workgroup remote access switch 621 a dministrative c onsole c ommands t able ipx ping sends an icmp echo message to the specified host ipx rip stats displays ipx rip statistics ipx route displays the current ipx routing table ipx route stats displays ipx routing table statistics ipx sap stats displa...
Page 622
User’s guide 622 cyberswitch neif displays the interface table pkt capture specifies which packets will be captured by the packet capture feature (all, reqd, pend, actv, idle, or none) pkt mac enables the mac address monitor display pkt [on/off] enables or disables the packet capture feature pkt dis...
Page 623
Workgroup remote access switch 623 a dministrative c onsole c ommands t able telnet puts you in the telnet command mode see telnet mode commands for available commands telnet [port # ] begins a telnet session for the indicated telnet host telnet mode commands: close exit open [target host][port # ] ...
Page 624
User’s guide 624 cyberswitch wan fr-ietf trace [on/off] [in/out] [device/fr_accessname_dlci] [prot] enables or disables the tracing for wan fr_ietf packets wan stats displays current wan connection information wr writes current system messages to disk ws writes current system statistics to disk x25 ...
Page 625
M anage m ode c ommands t able the following table displays the available dynamic management commands: command use ace displays ace off-node server configuration ace change allows changes to the ace off-node server configuration ace reinit reinitializes the cyberswitch ace client admlogin [change] d...
Page 626
User’s guide 626 cyberswitch fileattr displays the current user file access rights (guest or admin) fileattr change allows the current file access rights configuration data to be changed help displays a list of the valid manage mode commands ipfilt updates the ip filter configuration ipnetif display...
Page 627
Workgroup remote access switch 627 m anage m ode c ommands t able ipxt20 allows you to configure ipx type 20 information line displays the current line configuration data lineprot displays the current default line protocol configuration lineprot change allows changes to default line protocol configu...
Page 628
User’s guide 628 cyberswitch tftp displays the current tftp configuration tftp change allows the current tftp configuration to be changed thruput displays the current throughput monitor configuration data thruput change allows the current throughput monitor configuration data to be changed vra displ...
Page 629
C ause c odes t able the following table provides q.931 cause codes and their corresponding meanings. Cause codes may appear in call trace messages. Dec value hex value q.931 cause 0 0 valid cause code not yet received 1 1 unallocated (unassigned number) indicates that, although the isdn number was ...
Page 630
User’s guide 630 cyberswitch 19 13 no answer from device (device alerted) indicates that the destination has responded to the connection request but has failed to complete the connection within the prescribed time. Problem at remote end. 21 15 call rejected indicates that the destination was capable...
Page 631
Workgroup remote access switch 631 c ause c odes t able 34 22 no circuit/channel available indicates that the connection could not be established because there was no appropriate channel available to handle the call. 35 23 destination unattainable 37 25 degraded service 38 26 network (wan) out of or...
Page 632
User’s guide 632 cyberswitch 52 34 outgoing calls barred 53 35 outgoing calls barred within cug 54 36 incoming calls barred 55 37 incoming calls barred within cug 56 38 call waiting not subscribed 57 39 bearer capability not authorized indicates that the device has requested a bearer capability that...
Page 633
Workgroup remote access switch 633 c ause c odes t able 81 51 invalid call reference value indicates that the remote equipment has received a call with a call reference that is not currently in use by the device-network interface. 82 52 identified channel does not exist indicates that the receiving ...
Page 634
User’s guide 634 cyberswitch 97 61 message type non-existent or not implemented indicates that the receiving equipment received a message that was not recognized either because the message type was invalid, or because the message type was valid but not supported. This is either a problem with the re...
Page 635
Workgroup remote access switch 635 c ause c odes t able unknown indicates that an event occurrent but that the network does not provide causes for the actions that it takes, therefore the precise nature of the event cannot be ascertained. This may, or may not, indicate the occurrence of an error. De...
Page 636
User’s guide 636 cyberswitch i ndex a access request retries 184, 187 accesses alternate accesses 196 x.25 198 accessing the cyberswitch 67 ace 186 ace authentication server alternate method of configuring 186 configuring 185 active wan peer 296 adapters configuring adapters 88 overview 90 admin 70,...
Page 637
Workgroup remote access switch 637 cfgedit 83, 597 map 608 cfgedit 83 chap secret 165 clid 166 cls 85, 515 cmp 535 commands administration services 513 appletalk 525 call control 531 call detail recording 534 call restriction 534 compression 535 dynamic management 625 frame relay 535 ip routing 537 ...
Page 638
User’s guide 638 cyberswitch device 162, 295 device add 162 device level databases 155 device level security 133, 139 device profile 323, 325 dhcp commands 535 diagnosis 413 example configurations 261 in a bridge to bridge environment 260 in a router to bridge environment 260 proxy client 265 proxy ...
Page 639
Workgroup remote access switch 639 interfaces 102, 105 lan 105 wan 106 wan direct host 106 wan ip unnumbered 107 wan rlan 106 internal network number 273 ip 538 ip addresses 105, 107, 514 ip filters 250 ip addrpool 535, 537 ip filters 241, 251 applying filters 249 configuration elements 250 connecti...
Page 640
User’s guide 640 cyberswitch isdn 27 configuration elements 163 ordering 56 profile information 325 provisioning settings 56 isdn 544 isolated mode 239 k known connect list 235 l lan 545 lan adapter problem diagnosis 384 verification messages 355 lan connection operation verification 354 lan ip inte...
Page 641
Workgroup remote access switch 641 network security configuring device and user level security 144 configuring device level security 139 configuring no security 138 configuring user level security 140 network topology worksheet 601 next hop 125, 126, 129 ni-1 95 normal operation messages 427 nt1 sta...
Page 642
User’s guide 642 cyberswitch remote lan 114, 273, 277, 295 problem diagnosis 401 verification 371 remote management 503 snmp 504 telnet 506 tftp 509 reporting problems 616 requirements verification procedures 353 resource 90 resources 88, 90, 91 see also adapters restart 523 restore 522 restoring co...
Page 643
Workgroup remote access switch 643 static routes 102 appletalk routing 310 statistics appletalk routing 562 bridging 567 call detail recording 567 call restriction 560 call statistics 561 compression 568 connectivity 560 dhcp 569 ip 576 ipx 579 ipx route 582 lan 575 snmp 585 tcp 587 tftp 588 through...
Page 644
User’s guide 644 cyberswitch underload condition 316 unrestricted bridge mode 221 update 515 upgrade path directories 74 upgrading software 597 user level authentication 166 user level databases 176 user level security 133, 140 configuration 140, 177 configuration specific to ipx 292, 295 device and...